Call for Paper - November 2018 Edition
IJCA solicits original research papers for the November 2018 Edition. Last date of manuscript submission is October 22, 2018. Read More

Challenges in Privacy and Security in Banking Sector and Related Countermeasures

Print
PDF
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2016
Authors:
Zarka Zahoor, Moin Ud-din, Karuna Sunami
10.5120/ijca2016910173

Zarka Zahoor, Moin Ud-din and Karuna Sunami. Challenges in Privacy and Security in Banking Sector and Related Countermeasures. International Journal of Computer Applications 144(3):24-35, June 2016. BibTeX

@article{10.5120/ijca2016910173,
	author = {Zarka Zahoor and Moin Ud-din and Karuna Sunami},
	title = {Challenges in Privacy and Security in Banking Sector and Related Countermeasures},
	journal = {International Journal of Computer Applications},
	issue_date = {June 2016},
	volume = {144},
	number = {3},
	month = {Jun},
	year = {2016},
	issn = {0975-8887},
	pages = {24-35},
	numpages = {12},
	url = {http://www.ijcaonline.org/archives/volume144/number3/25161-2016910173},
	doi = {10.5120/ijca2016910173},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}
}

Abstract

With the extensive use of technology particularly internet by users, banking is becoming more dependent on technology. Unfortunately, with this the cyber-crimes related to banks are also increasing stupendously. The tendency of cyber security attacks aimed at financial sector is much high than any other sector. Some of the common cyber security attacks aimed at banks include Phishing, Cross site scripting, Cyber-squatting, Botnets, Spoofing, etc. This causes a tremendous loss of money to the customer and bank, declines bank’s reputation and decreases the trust that users place in a bank.

Banks are obligated to provide a safe online banking environment to its users. Although banks have taken a lot of steps for safety and security of their assets, yet these conventional security mechanisms are no longer optimum as still attackers are able to bypass these security mechanisms. Thus banks should tighten their security mechanisms and take appropriate countermeasures to ensure safety and privacy to bank’s most valuable assets.

In this paper, the emerging challenges in security and privacy faced by banks are analyzed. The security mechanisms used by banks have been identified. The security and privacy issues in financial sector have been recognized particularly the cyber security attacks aimed at banks. Lastly, the countermeasures that should be adopted by banks to provide protection against these attacks and ensure a safe banking environment to users have been suggested.

References

  1. G.Gopalakrishna “Report of the Working Group on information security, electronic banking, technology risk management, and tackling cyber frauds”, RBI, Mumbai, Maharashtra, January 2011 Available: https://rbi.org.in/ scripts/ NotificationUser.aspx?Mode=0&Id=6366
  2. Maria Korolov. (Jun 23, 2015). Banks get attacked four times more than other industries [Online]. Available: http://www.csoonline.com/article/2938767/advanced-persistent-threats/report-banks-get-attacked-four-times-more-than-other-industries.html
  3. Dr. Manisha M.More, Meenakshi P.Jadhav and Dr. K.M.Nalawade, “Online Banking and Cyber Attacks: The current Scenario”, International Journal of Advanced Research in Computer Science and Software Engineering, vol. 5, no. 12, pp. 743-749, 2015 ISSN: 2277 128X
  4. Soni R.R and Soni Neena, “An Investigative Study of Banking Cyber Frauds with Special Reference to Private and Public Sector Banks”, Research Journal Of management Sciences, vol. 2,no.7,pp. 22-27, 2013 ISSN 2319–1171
  5. Mohd Khairul Ahmad, Rayvieana Vera Rosalim, Leau YU Beng and Tan Soo Fun, “Security issues on Banking Systems”, International Journal of Computer Science and Information Technologies, vol. 1, no.4, pp. 268-272, 2010 ISSN: 0975-9646
  6. “Online Banking: Threats and Countermeasures”, Ahnlab Online Security Available: https://sqnetworks.com/ downloads/AhnLab_AOS_WhitePaper.pdf
  7. Navjeet Kaur, “A Survey on Online Banking System Attacks and its Countermeasures”, International Journal of Computer Science and Network Security, vol.15, no.3, pp. 57-61, 2015
  8. Andreea Bendovschi, “Cyber-Attacks – Trends, Patterns and Security Countermeasures”, Procedia Economics and Finance, vol. 28, pp. 24-31, 2015
  9. Changsok Yoo, Byung-Tak Kang and Huy Kang Kim, “Case study of the vulnerability of OTP implemented in internet banking systems of South Korea”, Multimed Tools Appl ,vol. 74, pp. 3289–3303, 2015
  10. Georgios Angelakopoulos and Athanassios Mihiotis “E-banking: challenges and opportunities in the Greek banking sector”, Electron Commer Res, vol. 11, pp. 297–319, 2011
  11. Susheel Chandra Bhatt and Durgesh Pant, “Study of Indian Banks Websites for Cyber Crime Safety Mechanism”, International Journal of Advanced Computer Science and Applications, vol. 2, no.10,pp. 87-90, 2011
  12. “Executive Leadership of Cybersecurity”, CSBS [Online] Available: https://www.csbs.org/CyberSecurity/Documents/ CSBS%20Cybersecurity%20101%20Resource%20Guide%20FINAL.pdf
  13. “What Is SSL (Secure Sockets Layer) and What AreSSL Certificates?”, Digi cert Available:https://www.digicert. com /ssl.htm
  14. “Technical Guide to Information Security Testing and Assessment”, NIST Available: http://csrc.nist.gov/ publications/nistpubs/800-115/SP800-115.pdf
  15. Vibhore K Jain, “Database Encryption”, Banking Security Magazine, vol.1, no.1, 2011
  16. “Guidelines on Firewalls and Firewall Policy”, NIST Available: http://csrc.nist.gov/publications/ nistpubs/800-41-Rev1/sp800-41-rev1.pdf
  17. “SMS Banking”, Wikipedia Available: https://en.wikipedia.org/wiki/SMS_banking
  18. “Privacy and Banking: Do Indian Banking Standards Provide Enough Privacy Protection?”, The Centre for Internet and society Available:http://cis-india.org/internet-governance/blog/privacy/privacy-banking
  19. Jason Milletary, “Technical Trends in Phishing Attacks”, US-CERT
  20. R.P.Kaur, “Statistics Of Cyber Crime In India: An Overview”, International Journal of Engineering and Computer Science, vol.2, no. 8, pp. 2555-2559,2013
  21. John La Cour (April 29, 2014) Vishing campaign steals card data from customers of dozens of banks [Online] Available: http://blog.phishlabs.com/vishing-campaign-steals-card-data-from-customers-of-dozens-of-banks
  22. Top Ten Cyber Squatter Cases Available: http://www.computerweekly.com/photostory /2240107807/Photos-Top-ten-cybersquatter-cases/1/ Cybersquatting-cases-Number-10-Dell
  23. “Pharming”,Wikipedia Available: https://en.wikipedia.org / wiki/Pharming#cite_note-3
  24. Ellen Messmer (Jan 22, 2008). “First case of drive-by pharming identified in the wild” [Online] Available: http://www.networkworld.com/article/2282527/lan-wan/first-case-of--drive-by pharming--identified-in-the-wild.html
  25. “Defeating Man in the browser Malware” Available: https://www.entrust.com/wp-content/uploads/2014/03/WP_Entrust-MITB_March2014.pdf
  26. “SSL/TLS Session-Aware User Authentication—Or How to Effectively Thwart the Man-in-the-Middle” Available: http://people.inf.ethz.ch/basin/pubs/mitm-cc.pdf
  27. Klaus Plossl, Hannes Federrath and Thomas Nowey,“Protection Mechanisms against Phishing Attacks”in Proc. 2nd International Conference on Trust, Privacy and Security in Digital Business (TrustBus '05). LNCS 3592, Springer-Verlag, Heidelberg, 2005, pp.20-29.
  28. “Preventing XSS Attacks” Available: http://www.acunetix.com/blog/articles/preventing-xss-attacks
  29. “Proactive Botnet Countermeasures an Offensive Approach”, NATO Available: https://ccdcoe.org /publications/ virtualbattlefield/15_LEDER_Proactive_Coutnermeasures.pdf
  30. Rajkumar, Manisha Jitendra Nene, “A Survey on Latest DoS Attacks: Classification and Defence Mechanisms”, International Journal of Innovative Research in Computer and Communication Engineering,vol. 1,no. 8, pp. 1847-1860,2013
  31. ietf: tcp syn flooding attacks and common mitigations Available:http://tools.ietf.org/html/rfc4987
  32. “VoIP Defender: Highly Scalable SIP-based Security Architecture”,Iptel Available: http://www.iptel.org/~dor/papers/Fied0707_voip.pdf
  33. “Protecting SIP against Very Large Flooding DoS Attacks”, NEC Europe Ltd. Available: http://startrinity.com/VoIP/Resources/sip362.pdf
  34. John Ioannidis, Steven M. Bellovin, “Implementing Pushback: Router-Based Defense Against DDoS Attacks”, In Proc. of Network and Distributed System Security Symposium, 2002 Available: http://citeseer.ist.psu.edu/viewdoc/ download?doi=10.1.1.16.2012 &rep=rep1&type=pdf
  35. Tao Peng, Christopher Leckie and Kotagiri Ramamohana rao, “Defending Against Distributed Denial of Service Attacks Using Selective Pushback”, In Proc. of the Ninth IEEE International Conference on Telecommunications (ICT), 2002 Available: http://citeseerx.ist.psu.edu /viewdoc /download?doi=10.1.1.11.8639&rep=rep1&type=pdf
  36. Lei Zhang, Shui Yu, Di Wu and Paul Watters, “A Survey on Latest Botnet Attack and Defense”, International Joint Conference of IEEE TrustCom-11/IEEE ICESS-11/FCST-11,2011 Available: https://pdfs.semanticscholar.org/e4fa/1e3c305ce738da86bc43458e19faf62323d5.pdf
  37. Supranamaya Ranjan, Ram Swaminathan, Mustafa Uysal and Edward Knightly, “DDoS-Resilient Scheduling to Counter Application Layer Attacks under Imperfect Detection”, In Proc. Of IEEE Infocom,2006, pp.23-29 Available: http://citeseerx.ist.psu.edu/viewdoc/versions ?doi=10.1.1.68.8279
  38. Huey-Ing Liu and Kuo-Chao Chang, “Defending Systems Against Tilt DDoS Attacks”, The 6th International Conference on Telecommunication Systems, Services, and Applications, Bali, 2011, pp.22-27

Keywords

Phishing, Botnets, Spoofing, Key-logging, Cyber squatting MITM-Man In The Middle, MITB- Man In The Browser, MITPC- Man In The Personal Computer, OTP-One Time Password, ATM-Automated Teller Machine, DDOS-Distributed Denial Of service, SSL-Secure Sockets Layer, XSS-Cross Site Scripting, IDS-Intrusion Detection System, IPS-Intrusion Prevention System, DNS-Domain Name Server