Online Banking Security threats

Categories: Bank Computer security Technology

Essay, Pages 9 (2210 words)

Views

237

Phishing – this is the case where cyber criminals attempt to steal the details of the clients that are very sensitive to his/her banking by pretending that they are trustworthy organizations or individuals. Information such as passwords, personal identification numbers, usernames, and credit card details are susceptible to phishing fraudsters (Middkleton, 2005). This problem can be overcome by having people changing their habits of browsing so that they are more careful with the sites they visit and especially those that request them for specific yet confidential information.

Don't use plagiarized sources. Get your custom essay on

“ Online Banking Security threats ”

Get custom paper

NEW! smart matching with writer

Phishing can also be overcome by use of specialized software such as the Social Engineering Toolkit (SET) which greatly helps online bankers to identify possible security threats (Asoke, 2008). Malware - Second threat security and how might we control it. Digital certificates are also issued in some instances so that genuine users can be identified more easily. 1. 3. 1. 2. Pharming – this is the attempted forgery or theft of critical information like passwords by cyber criminals by redirecting the traffic destined for a particular genuine website (that of the bank or credit union) to another bogus site.

This is done by hacking into the victim’s computer, or by capitalizing on the malfunctions that occur some times in the DNS servers (Surhone, 2009). When this happens, the DNS server resolves an internet name into a wrong real name, directing the victim to a false site where they can be deceived to leave the confidential details without their suspecting anything fishy. It can be resolved by having users seeking to verify the authenticity of the bank website before leaving any confidential information there (Surhone, 2009).

Anti-sparming software can also be used. They include DNS protection and Server-side software. 1. 3. 1. 3.

Key Logging – this is a fraudulent way used by fraudsters to monitor the keyboard keys that a person is striking ay any given time before being able to exactly tell the code or name the victim is writing or keying in. this way, they manage to steal sensitive information from the customer (Williams, 2007). It can be controlled by installing effective and appropriate anti-keylogging software. 1. 3. 2. Communication 1. 3. 2. 1. ARP Spoofing - this is the ability of fraudsters and criminals to totally hinder the communication between a bank and a client by doing a set of closely related activities which result in this break of information.

It may be a redirection of the traffic to a sire or a total blockage of the flow. A solution can be the use DHCP snooping or ArpON (Williams, 2007). 1. 3. 2. 2. DNS threat – a threat to the DNS server can mean that the information that was aimed to flow from the client to the bank and vice versa is hijacked and instead redirected to a different website by changing the decoding systems of the serve. This way, there can be miscommunication between the two parties as the target party never gets the information (Williams, 2007).

It can be resolved by having in place effective DNS protection systems and alternative communication channels to serve as backups for the bank and the client. 1. 3. 2. 3. SSL/TLS – this is where either Transport Layer Security (TLS) or Secure Socket Layer (SSL) is penetrated by fraudulent people in a number of ways, including the issuance of fake online certificates. This way, a fraudster is able to break the otherwise reliable link between the bank and the client, thereby hindering their communication (Nobert, 2007).

It can be over cone by having more reliable Certificate Authorities (CAs) that are difficult to be copied; and a closer cooperation between the bank and the client. 1. 3. 3. Server side. 1. 3. 3. 1. Malfunctioning- in the event that an internet service provider is not able to offer the services that are required by a client or a bank, there is a security threat in that either party can be tempted to be less cautious of security concerns and might easily fall culprit to cyber criminals. The solution is to ensure that the servers are always up and working through constant servicing and motoring of the local networks (Amini, 2006).

1. 3. 3. 2. Unpatched services – serve applications that are not thoroughly tested and repaired are at the risk of attack from bugs of all nature. This problem can be overcome by having administrators and software developers constantly testing their software for bugs. 1. 3. 3. 3. Open ports and unused services - failure to beware of the programs that are being installed in a computer can cause some of the programs to be idle and so the services they offer be a threat to the security of the users. This problem can be overcome by having users installing lonely the programs they need for their applications (Tipton, 2006).

1. 4. Linux 1. 4. 1. Live CD 1. 4. 1. 1. Terms The terms for use of live CDs are dependent on the system for which it is going to be used and might be varied from time to time (Oxer, 2006). The commonest one is that the user must ne ready to have one’s operating system altered because a live CD might alter the operating system of the host computer. The other condition of use is that it might cause changes in the host computer’s security features as it usually comes with its own (Negus, 2006). Usage, therefore, means that one is able to accept these and other terms of use. 1.

4. 1. 2. Uses Live CDs have many uses, some of which are the installation of Linux distribution to had drives, clustering of computers in the most effective way, playing games, provision of server platforms that are secure and reliable, and hardware testing (Bauer, 2006). They are also used for testing newer software versions, repairing and restoring systems, and testing the security of networks (Petersen, 2009). 1. 4. 1. 3. Cheat code The live CD can be changed as far as its booting characteristics are concerned so that it is made the security of the user can be enhanced.

This is done by having the user applying the use of either one or a multiple number of cheat codes during the initialization of the live CD (Blum, 2007). 1. 5. Related research 1. 5. 1. The need for security More than at any other time in the history of the banking sector, every bank is trying as best it can to ensure that its not only gets to improve its ability to handle its baking services online but more so to do it safely (Balkin, 2007). It has been established that the greatest threat to online banking is the security scares associated with it.

With computer hackers and cyber criminals increasing in quantity, banks are not taking it any lightly any longer. Rather than frown upon such criminal, banks have been seeking to hire a large number of them so that they can help in bringing to the fore the sophisticated skills used in the other side of the law – hacking (Surhone, 2009). Every bank manager needs to have more customers making the switch from ordinary banking to online or internet banking but this is difficult as security concerns soar (Surhone, 2009).

Therefore, using the rather unethical approach of working together their worst enemies – the hackers and other cyber criminals – is one of the alternatives they have. And it is bearing fruits in certain cases (Turban, 2007). It is a confirmation of the age-old adage that Send a thief to catch another thief. Through this approach, many otherwise hidden kills used for hacking into computer systems have been unraveled. It has become rather easier for banks to know where to watch and how to do the watching because they have some deeper insight into the goings on there.

That aside, banks are also increasingly becoming more ICT-intensive, vastly expanding their ICT teams as opposed to those other bank departments. This is aimed at having on board the people who best understand what it actually takes to keep things moving in the right direction (Turban, 2007). 1. 5. 1. 1. Web security Nowadays, the first nothing a bank manager will ask a client who visits the bank will not be which branch one belongs to but which browser size one has.

This is because the 128-bit browser is being lauded as being key in enhancing the security of the information exchanged over the internet. As more customers join the online banking system, the need there is for more targeted security measures grows (Beaver, 2010). Browser size is just one of the many other approaches to security. In fact it is most likely that most if not all banks will soon require that their clients must have a 128-bit browser so that they can beat the hackers at their own game.

Other security measures that can be applied range from the need to change the internet use culture to being very responsible bankers (Balkin, 2007). About the first issue, changing habits of use of internet includes a deliberate refusal to engage in acts that expose one to cyber criminals (Beaver, 2010). Such activities include signing out of sites that have been visited so that it becomes difficult for anyone else to access the sire unless one is legally authorized. Secondly, it is critical that passwords and personal identification numbers are dealt with as they require.

Before one can give a password to a certain site, one has to be pretty sure that the site s authentic and that nothing sinister appears to be in the offing. Any signs of malice ought to be carefully sought for (Turban, 2007). 1. 5. 1. 2. The place of public policy The absence if appropriate policy on the issue of banking and cyber fraud has in a way curtailed the efforts to deal with threats to the security of the internet (Beaver, 2010). For as long as this is going to remain the case, a lot of economic losses are going to be incurred by nations.

Instead, the best way to go about the issue to for the government, both at the local and national level, to step in and come up with appropriate policy frameworks to deal with cyber crime (Beaver, 2010). This is a rapidly changing world where every new day a totally new way of doing things comes about. The law also ought ton be able to change in step with the changes in technology because technology has brought about many crimes that were unheard of in the past. Cyber crime, for instance, is a relatively new development that just became a nagging problem in the recent past.

Yet very no real legislations have been enacted to specifically address the problem (Wall, 2007). Although banks are trying to do their level best to curb cyber crime, it is true that they cannot succeed on their own. Instead, there has to be a legal framework that ensures that the suspects that are apprehended are dealt with according to the provisions of the law. So far, only a limited number of such criminals have received the sentences they actually deserve. In other cases, however, the sentences are too lenient to deter tem culprits from recommitting the crime once they are out.

1. 5. 2. The Role of Banks That there has been an admission by many banks that they are working in conjunction with cyber criminals to help fight the internet insecurity especially in the area of banking has been met with mixed reactions. While the law enforcers are mad and want this trend changed, the clients are more supportive of it as they are of any other measure that can help make their money safer. But ought banks to really do what they are doing or are there better ways through which they can help fight internet insecurity? There are multiple answers to this question.

First of all, the actions by banks have been largely out of frustration and desperation. With the government playing a lesser role in fighting cyber crime even though it is a great beneficiary of the proceeds from internet use, the banks had little choice but to collaborate. Collaboration has been proven to work well enough but it leaves issues of ethics at stake (Beaver, 2010). This is because it defeats logic for a criminal who has directly or indirectly caused the loss of lots of money belonging to innocent people to be allowed to go unpunished just by claiming that one is helping with investigations.

Even the law forbids that. Instead, such people, after helping with such investigations, ought to be taken to court to answer to charges of fraudulent dealings and engaging in unlawful activities (Balkin, 2007). Word count: 2,597 References Amini, R. (2006). How to Cheat at Designing Security for a Windows Server 2003 Network. Syngress Asoke, K. (2008). Architecting Secure Software Systems. CRC Press Balkin, J. (2007). Cybercrime: digital cops in a networked environment. NYU Press Bauer, M. (2006). Linux server security. O'Reilly Media, Inc. Beaver, K.

(2010). Hacking For Dummies. For Dummies Blum, R. (2007). Linux For Dummies. For Dummies Botha, J. (2008). Managing E-Commerce in Business. Juta and Company Ltd, 2008 Middkleton, B. (2005). Cybercrime investigator's field guide. CRC Press Minir, A. (2004). Internet banking: law and practice. LexisNexis Negus, C. (2006). Live Linux CDs: building and customizing bootables. Prentice Hall PTR Nobert, P. (2007). ISSE/SECURE 2007: securing electronic business processes : highlights of the Information Security Solutions Europe/SECURE 2007 Conference.

Springer Oxer, J. (2006). Ubuntu hacks. O'Reilly Media, Inc. Oyungerel, P. (2008). Online Banking: The Effect of Prior Experience on Online Banking Acceptance in Mongolia. VDM Verlag Petersen, R. (2009). Fedora 10 Linux Administration, Networking, and Security. Surfing Turtle Press SCN Education B. V. (2001). Electronic banking: the ultimate guide to business and technology of online banking. Birkhauser, 2001 Surhone, L. (2009). Online Banking: Direct Bank, EBPP, Electronic Billing, Savings Account, Account Aggregation, Accounti