Abstract
All major banks in the USA and around the world offer remote check deposit services. Consumers can use their smart phones to deposit checks remotely. This new online check truncation system is vulnerable to a wide range of attacks, including digital check forgery. Shifting trust from a human teller or an automated teller machine (ATM) to a smart device (cell phone) provides new attack surfaces. This paper exploits security vulnerabilities in the existing remote check deposit system and presents an attack vector for existing remote check truncation systems. The proposed attack vector exploits vulnerabilities in the untrusted client-side check-deposit system that enables an attacker to instrument the check deposit application library. The instrumented library allows the attacker to induce digital check forgery with minimized tampering artifacts. It has been observed through this investigation that digital check forgery-based attacks are more powerful than conventional paper-based check forgery attacks. The effectiveness of these attacks is evaluated by targeting three leading banks in United States, finding that all three of the targeted banks are vulnerable to the proposed attacks. A set of countermeasures based on digital check verification is also proposed to combat digital check forgery attacks on existing remote check deposit systems. The proposed countermeasures rely on tamper detection in digital images and expert-system based decision fusion. The effectiveness of the proposed framework is evaluated using tampered check images. The tampered images used for performance evaluation also include set of tampered images used for successfully attacking the remote check deposit systems(being using by leading banks around the world today). Experimental results show that the proposed expert system-based framework is capable of detecting digital check forgery attacks.
Highlights
Today, all major banks in the USA and around the world offer remote check deposit services using smartphones and scanning-equipped computing devices connected to the internet
This paper investigates the attack surfaces associated with mobile remote check deposit systems and proposes attack vectors to exploit them
To leverage the strength of different techniques, we propose an expert system-based forgery detection system consisting of N independent agents, where N is the number of forgery types that the proposed system can detect and agenti is designed to detect forgery type i
Summary
All major banks in the USA and around the world offer remote check deposit services using smartphones and scanning-equipped computing devices connected to the internet. It consists of check scanning, digital image analysis, and check deposit and clearing subsystems. Truncation system (e.g., remote check deposit App) shown in Figure 1 is capable of: 1) Digital Image Acquisition—a device capable of scanning and/or acquiring digital images of both sides of the paper check. It consists of check scanner or a smartphone. 4) Advances in digital image processing and machine learning methods have enabled attackers to craft sophisticated digital check forgeries with unprecedented precision Based on these observations, a wide array of attacks is proposed to exploit vulnerabilities in the existing remote check deposit system. The motivation behind delayed submission of the conference version [11] was to give the targeted vulnerable banks sufficient time to develop and deploy appropriate countermeasures
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
