CYBER SECURITY

Enhancing Security for Online Banking and Financial Transactions

Summary
The online banking environment has grown tremendously over the past several years and will continue to grow as financial institutions continue to strive to allow customers to complete money transfers, pay bills, and access critical information online. During this same time, online banking has been plagued by hackers and fraudsters attempting to steal customer information. As a result, authenticating customers logging onto their online banking service has become a crucial concern of financial institutions. It is of utmost importance to properly understand the main security concerns and criminal activities that are driving the need for stronger authentication, as well as showing the growth of the online channel that is being driven by consumers and financial institutions. Some of the known cyber threats are Man-in-the-browser, Man in the Middle, Key Logging, Session Hijacking, Pharming, Phishing, Site Cloaking, Cross-Site Scripting, OS command injection, SQL Injection, Cookie tampering, Form Tampering (read-only and hidden fields), Outbound Data Theft, Application Denial of Service. Fraudsters and hackers have utilized their expertise to con consumers into giving up critical information, allowing them to gain access to online banking accounts. To further complicate matters, the many data compromises that have occurred in the past few years are making consumers wary about how unsafe their information and money is. Apart from developing tools and technology for enhanced security, there is a need for spreading awareness. We cannot overemphasize the importance of awareness in making the online banking more secure. Awareness can be much more effective than the usual methodologies adopted by the bank. We propose that when the customers/ account holders should be given a proper course regarding the risks in the online banking, and security measures that are to be followed. They should also be made aware about the methods to identify and avoid the potential threats in online banking.

References
1. RSA (2012) Cybercrime Trends Report-The Current State of Cybercrime. http://www.rsa.com/products/consumer/whitepapers/11634_CYBRC12_ WP_0112.pdf 2. A. Kemshall and P Underwood, Options for Two Factor Authentication SecurEnvoy White Paper, July 2007 http://www.securenvoy.com/whitepapers/white_paper_two_factor_authen tication.pdf 3. X. Huang, Y. Xiang, A. Chonka, J. Zhou and R. H. Deng A Generic Framework for Three-Factor Authentication: Preserving Security and Privacy in Distributed Systems, IEEE Transactions on Parallel and Distributed Systems, Vol. 22, Issue 8, pp. 1390-1397, 4. P. Ghring, Concepts against Man-in-the-Browser Attacks, CACERT, Sep. 2006. 5. Safenet Security Guide: Man in the Browser, http://www.safenetinc.pt/uploadedFiles/About_SafeNet/Resource_Librar y/Resource_Items/White_Papers__SFDC_Protected_EDP/Man%20in%2 0the%20Browser%20Security%20Guide.pdf. 6. K. Jung, K. Kim, and A. K. Jain Text information extraction in images and video: a survey Pattern Recognition, Vol. 37, No. 5. (May 2004), pp. 977-997 7. R. Chandrasekaran, R. M. Chandrasekaran, Morphology based Text Extraction in Images - International Journal on Computer Science and Technology, Vol. 2 , Issue 4, Dec. 2011. 8. Telling Humans and Computers Apart Automatically http://www.captcha.net/captcha_cacm.pdf 9. O. Dandash, P. Dung Le, and B. Srinivasan, Internet banking payment protocol with fraud prevention, 2007 22nd International International Symposium on Computer and Information Sciences,Nov. 2007, pp. 1-6. 10.YAHALOM, R.; Klein, B. ; Beth, T. Trust Relationships in Secure Systems-A Distributed Authentication Perspective. IEEE Symposium on Security and Privacy. Washington, DC : IEEE Computer Society, May 24-26, 1993. 11.http://www.nytimes.com/2012/10/01/business/cyberattacks-on-6american-banks-frustrate-customers.html?_r=1& 12.http://www.businessweek.com/news/2012-09-27/cyber-attacks-on-u-dots-dot-banks-expose-computer-vulnerability

13.http://securitywatch.pcmag.com/none/308915-turbotax-phishing-emailsdelivering-zeus-trojan 14.http://www.rbi.org.in/scripts/BS_PressReleaseDisplay.aspx?prid=27405