Abstract
ICT security in the banking area is going through rapid changes. It is ten years since we covered the state of e-banking security, and both authentication schemes and legislation has evolved. With the Payment Services Directive (PSD2) for European Union coming into force, we believe it is a good time to update our findings. PSD2 brings new requirements for multi-factor authentication, thus it is necessary to revise compliance of currently used schemes. This work’s main contribution is an overview of current authentication methods, their properties with respect to international standards, and their resistance against attacks. We further discuss the multi-factor authentication schemes composed of those methods and their compliance with the PSD2 requirements. In order to present the overview, we introduced the e-banking attacks taxonomy, which is compatible with authenticator threats from NIST Digital Identity Guidelines but has an increased level of detail with respect to the e-banking area. The available sources in this area are usually either very broad, targeted on the business executive, or focus on one particular issue or attack in greater detail. We believe our article can bridge such diverse sources by providing a comprehensive and complex tool to help with orientation in the area.
Highlights
T EN years ago, we published a comparative study focused on the security of e-banking [1], where we summarised basic forms of electronic banking and widely used authentication and authorisation methods
Secure Hardware in Smartphones Because modern banking trends focus on smartphones and mobile banking, we describe the possibilities of smartphones in detail
Our paper suggests a taxonomy for attacks on ebanking compatible with general authentication taxonomy by NIST [45] and a comprehensive overview of authentication schemes and their resistance against those attack classes
Summary
T EN years ago, we published a comparative study focused on the security of e-banking [1], where we summarised basic forms of electronic banking and widely used authentication and authorisation methods. Given the drastic evolution of the situation over the years, shift to mobile banking and the emergence of new European directives that affect this area, we believe it is an ideal time to update our findings. The goal of this paper is to present an overview of current authentication methods, their relation to the most common attacks on electronic banking and the level of protection they can provide. With new requirements on two-factor authentication brought by the new European directive PSD2, we discuss possible combinations of authentication methods and evaluate their usability and security properties
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
