Secure architecture for internet banking system frauds

Abstract

Internet banking has become popular for wired and wireless users. However, the existing Internet banking systems still have some serious security issues such as fraud and identity misuse. Since Internet banking users want to be able to do their banking anytime anywhere and banking employees need to perform and share their financial tasks, it is difficult to find a secure Internet banking architecture which can provide early fraud detection and prevent external and internal attacks on transactions. Previous research for Internet banking fraud detection and prevention has limitations including the employment of weak cryptographic operations or long term shared keys and public keys. Currently, there is no secure architecture that facilitates fraud detection and prevention in Internet banking system with efficient record tracing mechanism. Preventing external fraudsters and detecting internal fraud attacks remain a challenge for the protection of financial transactions in Internet banking system. This thesis proposes a secure Internet banking architecture and a new Internet banking protocol for fraud detection and prevention with efficient record tracing. The architecture mainly consists of detection and prevention engines which work with the proposed protocol. The detection and prevention engines are supported by our proposed dynamic key and group key schemes to facilitate fraud detection and prevention. This allows the employment of advanced biometric measures and smart cards to reduce identity misuse. The dynamic key generation scheme is proposed to generate unique sequence of dynamic keys that will be used only once to strengthen users’ authentication and identification for external Internet banking users. The group key management scheme is proposed to enforce strong access control, policy management, and record tracing for internal bank employees. The proposed Internet banking protocol applies the dynamic key and group key schemes to perform authentication verification for individuals and groups of users and secure communications between the engaged parties. The architecture can also be used to assess other security architectures, and thus makes a valuable contribution to the field of Internet banking systems security. Security analysis and evaluation is presented in this thesis to evaluate the security of the proposed Internet banking architecture. The evaluations show that using dynamic key and group key schemes with our proposed architecture and protocol can offer strong authentication for individuals and groups of users. This evaluation indicates that the security architecture is balanced with the two fraud prevention and detection engines. It also shows that the security architecture overcomes the security issues and limitations of the existing fraud prevention and detection measures as well as secure financial transactions in Internet banking system. It also satisfies the security goals including authentication, authorization, record tracing, and it facilitates fraud prevention and detection in Internet banking system. The architecture is also adaptable to any new biometric and smart card technologies.