Online Banking System Research Articles

CAPTCHA in Security ECIS: Depress Phishing by CAPTCHA with OTP

In this project, a cost saving CAPTCHA authentication application is designed to address recent online banking threats, and is focused on enabling safe online banking authentication for a security unconscious user. The prime challenges of a secure online banking system are to enable safe online banking on a compromised host, and to solve the general ignorance of security warning. There are costly hardware solutions proposed, however most of them may not be practical for home users. Extended CAPTCHA Input System (ECIS) (Leung, 2009a) which offers a low cost software solution is proposed in this paper. Building on previous works (Leung, 2009b,a), the ECIS firstly extended the CAPTCHA idea to defend against Real-Time Man-In-The-Middle (RT-MITM) attack (Schneier, 2005). The trick is to employ a moving CAPTCHA for the input of One Time Password (OTP) with a time restriction, which can depress MITM auto-relaying of information as well as human assisted MITM attack. As ECIS and its session secret are designed to...

Designing Internet-Based Payment Systems: Guidelines and Empirical Basis

ABSTRACT This article describes research into online electronic payment systems, focusing on the aspects of payment systems that are critical for their acceptance by end users. Based on our earlier research and a diary study of payments with an online payment system and with online banking systems of a reputable bank, we proposed a set of 12 interaction design guidelines. The guidelines have been applied during the implementation and redesign of a new payment system. An extensive experimental comparison of the original version of the system with the one designed according to the design guidelines has provided confirmation of the relevance and adequacy of these guidelines for designing online payment systems.

User acceptance of internet banking: an extension of the UTAUT model with trust and quality constructs

The financial sector is one of the business areas that has been most affected by the spread of the internet. Although millions of dollars have been spent in building online banking systems, reports have shown that potential users may not use the systems for various reasons. So there is a need to identify the factors that determine customer acceptance of internet banking services. Based on the UTAUT model, IS quality constructs, and the concept of trust, a comprehensive research model was developed and empirically examined. Results of the data analysis strongly support the model as well as 11 of the 14 proposed hypotheses.

Anti-keylogging measures for secure Internet login: An example of the law of unintended consequences

Traditional authentication systems used to protect access to online services (such as passwords) are vulnerable to compromise via the introduction of a keystroke logger to the service user's computer. This has become a particular problem now that many malicious programs have keystroke logging capabilities. When banks first introduced Online Banking services they realised this, and added features to protect users against keystroke logging. In this paper we show, using a real Online Banking system as an example, that if these features are incorrectly implemented they can allow an attacker to bypass them completely and gain access to a user's bank account within a small number of attempts. The vulnerability was initially noticed in a particular Online Banking service, but any system implemented in the way we describe is equally vulnerable.

EXPERIENCES OF ELECTRONIC BANKING SERVICES IN HUNGARY

Internet- technology is nowadays commonly used in the financial sector, mainly in the field of customerrelations. Electronic finance covers the full system of the customer relationship management, a.k.a. phone, fax, e-mail, mobile and web-channels. This study covers only the usage, advantages and disadvantages of internet-based channels. Transferring information and carrying out transactions via the electronic channels is beneficial for the financial institutions as well as the clients. The role of the traditional infrastructure, the branch-system has to be adapted to the needs of the future. This study summarizes the experiences of the Hungarian digital banking industry based on personal interviews and public statistical and academic resources. It covers the description of solutions, services and clientele in the modern on-line banking systems and shows a perspective of how the financial institutions should step forward towards the maximal fulfillment of the digital needs.

Using FDAF to bridge the gap between enterprise and software architectures for security

The vision, strategies, and goals of enterprises involve numerous security issues; these stem from legal and business concerns. In turn, these goals are realized by the enterprise, organized into business groups, departments, divisions, etc. For example, a financial organization, such as a bank, needs to provide a range of services to their customers including private banking, commercial banking, international banking, and investment services. These services are provided by sub-organizations in the enterprise (i.e., the enterprise architecture); the sub-organizations are often partitioned along the business lines. For example, one sub-organization is responsible for private banking, another for commercial banking, etc. When providing financial services, there is a need to ensure that customer and account data are kept private, not corrupted, and safely backed up. Some of these needs may be realized in a collection of software applications. The problem of effectively designing secure software systems to meet an organization’s needs is a critical part of their success. This paper focuses on the problem of how to bridge the gap between enterprise and software architectures for security using a set of UML based notations: the Business Modeling Extension for UML, standard UML use case diagrams, and the Formal Design Analysis Framework (FDAF). The Business Modeling Extension and standard UML are established approaches we adopt in this work. FDAF is an aspect-oriented approach that supports the design and analysis of non-functional properties for distributed, real-time systems at the software architecture level. An empirical study for an online banking system is used to illustrate the approach.

Evolutionary trends in bank customer-targeted malware

Vast sums are spent by banks on their defences – besides, they have the money. Measures have been applied such as multi-stage anti-virus, host and email hardening, as well as patch distribution and control. Yet attackers have been training efforts on a weak link: the countless devices used by customers to connect to online banking services. Technologies which can be used to check the malware and update status of client machines are immature, invasive and may not work reliably across corporate firewalls. Customer education is neither fully reliable nor comprehensive. This is obviously compounded by the lack of sanctions which can be used against customers. But attacks are being commissioned and executed for a purpose with high motivation: to make money. Banks are at the sharp end of malware protection, so how do they react? We hear from a security practitioner in a large European bank. Banks, like most other organizations, have been dealing with internal infections of malware since they became mainstream. As a result, copious expenditure has been devoted to various protective measures: multi-stage anti-virus; host and email hardening measures; patch distribution and control measures – not to mention end-user education. These have been, more or less, effective. Certainly the damage that has occurred has been largely to service availability, rather than to information release or the introduction of fraud enabling ‘services’ or vulnerabilities. During the last couple of years, the attackers have begun to pick on the weak under-belly of the online banking system: the myriad of devices used by our customers to connect to bank services.

Online banking and identity theft: who carries the risk?

Today, Identity theft is a reality. It entails devastating effects for organizations, such as banks, as well as their clients, resulting in a continuous nightmare for all parties concerned. Conducting banking transactions over the Internet frequently highlights problems experienced by clients regarding unauthorized transactions. With regard to the criminal and civil liability of the bank and that of the clients; the role of regulatory controls such as contractual obligations, legal issues and policies needs to be well understood. Organizations and their clients should clearly understand the binding force of these regulatory controls. Developing countries most often experience a lack of regulatory controls such as legal instruments. Societies at large in developing countries have an inadequate level of literacy when using online banking systems. It is clear that unless the organization takes all the necessary and reasonable steps to educate its clients in developing countries, it stands a risk of paying hefty damages for the loss of money online. The focus in this paper is on the impact of identity theft in developing countries. However, the contribution made by the paper is equally important for developed countries.

Object Oriented Software Development <i>Using A Use-Cases Approach</i>

This paper presents a systematic approach to the analysis and design of an online banking system using the Use-Cases method of Jacobson. This analysis and design method will support the development of highly effective reuseable code, thus bringing the benefits of object orientation into important software projects. Journal of Applied Sciences and Environmental Management Vol. 7(2) 2003: 78-88

Online banking in transition economies: the implementation and development of online banking systems in Romania

Internet banking is one of the newest Internet technology applications, which promises multiple benefits both for the financial institutions and for clients. In the last five years a large number of banks have launched Web sites, offering online banking services. While the implementation and the functioning of these digital systems seem to be relatively smooth in the developed economies, the situation may be different in countries with economies in transition. The present paper investigates and analyses the present situation of online banking in Romania, and the appropriate strategies for the successful implementation and development of online banking services in the Romanian context.

Online strategy analysis in the Chinese banking sector

Online systems have been affecting the banking sector dramatically worldwide for the past 20 years. A summary of recent developments of online banking systems in China is provided. After a brief description of the previous three generations of online systems, the authors argue that the next generation online systems in banking lies in the intelligence network with full integration of management support, operating services, information services and customer services. This paper also summarizes dominant characteristics of the Chinese banking system and its recent online developments, and evaluates different online strategies practised by some major Chinese banks. The authors suggest that it is important for Chinese banks to consider four factors in their online strategy formation.

DYMOS

Programs are frequently modified during their lifetime. Furthermore, modifications to some systems have to be made on the fly; that is, without stopping their execution. For example, changes to airline reservation systems, telephone switching systems, and on-line banking systems have to performed dynamically. Other continuously running systems, such as operating systems, may be modified on the fly to increase their availability. DYMOS is a programming system that supports a programmer modifying a StarMod program dynamically. StarMod [2] is an extension of Modula [3]. To modify procedures dynamically, the programmer modifies and recompiles the source code of the procedures to be replaced and then requests the system to change the current core image to incorporate new code and data.

DYMOS

Programs are frequently modified during their lifetime. Furthermore, modifications to some systems have to be made on the fly; that is, without stopping their execution. For example, changes to airline reservation systems, telephone switching systems, and on-line banking systems have to performed dynamically. Other continuously running systems, such as operating systems, may be modified on the fly to increase their availability. DYMOS is a programming system that supports a programmer modifying a StarMod program dynamically. StarMod [2] is an extension of Modula [3]. To modify procedures dynamically, the programmer modifies and recompiles the source code of the procedures to be replaced and then requests the system to change the current core image to incorporate new code and data.

A Mini-Based Banking System

In Japan, on-line banking systems were the first systems to offer computerized services on a full scale. Indeed, together with seat reservation systems, banking systems led the technological development of on-line data processing systems in this country. The reasons for this were much the same as those that prompted the same phenomenon in the US: