Banking and Modern Payments System Security Analysis (original) (raw)
Related papers
E-Banking Security Study—10 Years Later
IEEE Access
ICT security in the banking area is going through rapid changes. It is ten years since we covered the state of e-banking security, and both authentication schemes and legislation has evolved. With the Payment Services Directive (PSD2) for European Union coming into force, we believe it is a good time to update our findings. PSD2 brings new requirements for multi-factor authentication, thus it is necessary to revise compliance of currently used schemes. This work's main contribution is an overview of current authentication methods, their properties with respect to international standards, and their resistance against attacks. We further discuss the multi-factor authentication schemes composed of those methods and their compliance with the PSD2 requirements. In order to present the overview, we introduced the e-banking attacks taxonomy, which is compatible with authenticator threats from NIST Digital Identity Guidelines but has an increased level of detail with respect to the e-banking area. The available sources in this area are usually either very broad, targeted on the business executive, or focus on one particular issue or attack in greater detail. We believe our article can bridge such diverse sources by providing a comprehensive and complex tool to help with orientation in the area.
Online Authentication Methods Used in Banks and Attacks Against These Methods
Procedia Computer Science, 2019
Growing threats and attacks to online banking security (e.g. phishing, identity theft) motivates most banks to look for and use stronger authentication methods instead of using a normal username and password authentication. The main objective of the research is to identify the most common online authentication methods used widely in international banks and compare it with the methods used in six banks operating in UAE. In addition, this research will cover the current authentication threats and attacks against these methods. Two well-defined comparison matrices [15], one based on characteristics and second one on attack vectors, will be used to examine and assess the authentication methods of those six banks. This paper is different than other studies and works since it will help to identify the common authentication methods used in banks operating in UAE. Moreover, the comparison matrices will help to examine those authentication methods, define their weaknesses, and evaluate them.
Security in Next Generation Mobile Payment Systems: A Comprehensive Survey
IEEE Access
Cash payment is still king in several markets, accounting for more than 90% of the payments in almost all the developing countries. The usage of mobile phones is pretty ordinary in this present era. Mobile phones have become an inseparable friend for many users, serving much more than just communication tools. Every subsequent person is heavily relying on them due to multifaceted usage and affordability. Every person wants to manage his/her daily transactions and related issues by using his/her mobile phone. With the rise and advancements of mobile-specific security, threats are evolving as well. In this paper, we provide a survey of various security models for mobile phones. We explore multiple proposed models of the mobile payment system (MPS), their technologies and comparisons, payment methods, different security mechanisms involved in MPS, and provide analysis of the encryption technologies, authentication methods, and firewall in MPS. We also identify current challenges and future directions of mobile phone security.
CYBER ATTACKS IN THE BANKING INDUSTRY
Cyber Attacks In Bank, 2020
The integral activity of our early twenty-first century was revolutionized in the era of globalization by Internet banking or online banking. Man has built various means of contact that are of great importance to him as a social being for exchanging information, thoughts, and knowledge. The advancement of e-banking technology makes the job very simple; with a click, banking transactions are very fast. Internet banking and mobile banking make banking fast and convenient daily. Online and mobile banking, however, is never 100 percent secure. This study paper seeks to investigate the most current scenario of online banking and cyber-attack. We focus on cyber-crimes connected to online banking in this paper and new methods employed by hackers. This paper also identifies the emerging online banking-related cybercrime from various journals and news articles. The report largely focuses on information available from the secondary source of data. When dealing with online financial systems, this paper thoroughly analyses and explores the consequences of cyberattacks. The study concludes that there is a need to raise consciousness among consumers about the presence of cybercrime in the handling of online banking and confidential financial data and how to defend themselves against these external challenges.
2016
In this paper, enhanced security of online banking transactions against man in the middle is presented basing on two factor authentications by use of one time password and single password. Online banking is a system allowing individuals to perform banking activities at home via the internet. Online banking through traditional banks enable customers to perform all routine transactions, such as account transfers, balance inquiries, bill payments, Account information can be accessed anytime, day or night, and can be done from anywhere. Online transactions are considered most sensitive. Doing such online transactions via a public network consequently introduces new challenges for security and trustworthiness, They are two types of common attacks in online banking which are offline credential stealing attacks and online channel breaking attacks. This paper provide a solution to the problem encountered in online channel-breaking attacks. The intruder unnoticeably interrupts messages betwe...
A Survey on Multi-Factor Authentication for Online Banking in the Wild
Computers & Security
In recent years, the usage of online banking services has considerably increased. To protect the sensitive resources managed by these services against attackers, banks have started adopting Multi-Factor Authentication (MFA). To date, a variety of MFA solutions have been implemented by banks, leveraging different designs and features and providing a non-homogeneous level of security and user experience. Public and private authorities have defined laws and guidelines to guide the design of more secure and usable MFA solutions, but their influence on existing MFA implementations remains unclear. In this work, we present a latitudinal study on the adoption of MFA and the design choices made by banks operating in different countries. In particular, we evaluate the MFA solutions currently adopted in the banking sector in terms of (i) compliance with laws and best practices, (ii) robustness against attacks and (iii) complexity. We also investigate possible correlations between these criteria. Based on this study, we identify a number of lessons learned and open challenges.
Security Issues on Banking Systems
ijcsit.com
Abstract-Bank is one of the example of institute that using Information Technology (IT) in its daily task to fulfill the organization's and customers' need. Business transaction, money transfer, ATM, credit card, and loan are some tasks that were done every day. Customers' personal ...
Analysis of Security Issues in Electronic Payment Systems
International Journal of Computer Applications, 2014
The emergence of e-commerce has created new financial needs that in many cases cannot be effectively fulfilled by the traditional payment systems. Recognizing this, virtually all interested parties are exploring various types of electronic payment systems, issues surrounding electronic payment system and digital currency. Broadly, electronic payment systems can be classified into four categories: online electronic cash system, electronic cheque system, online credit card payment system, and smart cards based electronic payment system. Each payment system has its advantages and disadvantages for the customers and merchants. We highlight the analysis of the security levels in relationship with fraud vulnerability, and determine how this relationship affects or boosts the confidence of the users.
A Survey of Authentication and Communications Security in Online Banking
ACM Computing Surveys, 2017
A survey was conducted to provide a state of the art of online banking authentication and communications security implementations. Between global regions the applied (single or multifactor) authentication schemes differ greatly, as well as the security of SSL/TLS implementations. Three phases for online banking development are identified. It is predicted that mobile banking will enter a third phase, characterized by the use of standard web technologies to develop mobile banking applications for different platforms. This has the potential to make mobile banking a target for attacks in a similar manner that home banking currently is.
A Survey on Mobile Payment Systems Security
Research Journal of Applied Sciences, Engineering and Technology, 2012
In recent years, increasing use of mobile devices and the emergence of new technologies have changed mobile commerce and mobile payment in all over the world. Although many attempts have been made to implement secure mobile payment systems and services, growing forgery, fraud and other related electronic crimes as well as security attacks and threats prove the necessity of paying special attention to security issues for development and extension of such systems. In this paper, we investigate classification of security threats and attacks in mobile payment and discuss security issues in three related areas of mobile payment; including network security, transmission security and mobile device security. Network security includes WLAN and WWAN security; transmission security includes WAP, SMS, wave channel and USSD security; and mobile device security includes hardware and software platforms and operating system security.