CFP last date
22 April 2024
Reseach Article

Challenges in Privacy and Security in Banking Sector and Related Countermeasures

by Zarka Zahoor, Moin Ud-din, Karuna Sunami
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 144 - Number 3
Year of Publication: 2016
Authors: Zarka Zahoor, Moin Ud-din, Karuna Sunami
10.5120/ijca2016910173

Zarka Zahoor, Moin Ud-din, Karuna Sunami . Challenges in Privacy and Security in Banking Sector and Related Countermeasures. International Journal of Computer Applications. 144, 3 ( Jun 2016), 24-35. DOI=10.5120/ijca2016910173

@article{ 10.5120/ijca2016910173,
author = { Zarka Zahoor, Moin Ud-din, Karuna Sunami },
title = { Challenges in Privacy and Security in Banking Sector and Related Countermeasures },
journal = { International Journal of Computer Applications },
issue_date = { Jun 2016 },
volume = { 144 },
number = { 3 },
month = { Jun },
year = { 2016 },
issn = { 0975-8887 },
pages = { 24-35 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume144/number3/25161-2016910173/ },
doi = { 10.5120/ijca2016910173 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:46:38.886830+05:30
%A Zarka Zahoor
%A Moin Ud-din
%A Karuna Sunami
%T Challenges in Privacy and Security in Banking Sector and Related Countermeasures
%J International Journal of Computer Applications
%@ 0975-8887
%V 144
%N 3
%P 24-35
%D 2016
%I Foundation of Computer Science (FCS), NY, USA
Abstract

With the extensive use of technology particularly internet by users, banking is becoming more dependent on technology. Unfortunately, with this the cyber-crimes related to banks are also increasing stupendously. The tendency of cyber security attacks aimed at financial sector is much high than any other sector. Some of the common cyber security attacks aimed at banks include Phishing, Cross site scripting, Cyber-squatting, Botnets, Spoofing, etc. This causes a tremendous loss of money to the customer and bank, declines bank’s reputation and decreases the trust that users place in a bank. Banks are obligated to provide a safe online banking environment to its users. Although banks have taken a lot of steps for safety and security of their assets, yet these conventional security mechanisms are no longer optimum as still attackers are able to bypass these security mechanisms. Thus banks should tighten their security mechanisms and take appropriate countermeasures to ensure safety and privacy to bank’s most valuable assets. In this paper, the emerging challenges in security and privacy faced by banks are analyzed. The security mechanisms used by banks have been identified. The security and privacy issues in financial sector have been recognized particularly the cyber security attacks aimed at banks. Lastly, the countermeasures that should be adopted by banks to provide protection against these attacks and ensure a safe banking environment to users have been suggested.

References
  1. G.Gopalakrishna “Report of the Working Group on information security, electronic banking, technology risk management, and tackling cyber frauds”, RBI, Mumbai, Maharashtra, January 2011 Available: https://rbi.org.in/ scripts/ NotificationUser.aspx?Mode=0&Id=6366
  2. Maria Korolov. (Jun 23, 2015). Banks get attacked four times more than other industries [Online]. Available: http://www.csoonline.com/article/2938767/advanced-persistent-threats/report-banks-get-attacked-four-times-more-than-other-industries.html
  3. Dr. Manisha M.More, Meenakshi P.Jadhav and Dr. K.M.Nalawade, “Online Banking and Cyber Attacks: The current Scenario”, International Journal of Advanced Research in Computer Science and Software Engineering, vol. 5, no. 12, pp. 743-749, 2015 ISSN: 2277 128X
  4. Soni R.R and Soni Neena, “An Investigative Study of Banking Cyber Frauds with Special Reference to Private and Public Sector Banks”, Research Journal Of management Sciences, vol. 2,no.7,pp. 22-27, 2013 ISSN 2319–1171
  5. Mohd Khairul Ahmad, Rayvieana Vera Rosalim, Leau YU Beng and Tan Soo Fun, “Security issues on Banking Systems”, International Journal of Computer Science and Information Technologies, vol. 1, no.4, pp. 268-272, 2010 ISSN: 0975-9646
  6. “Online Banking: Threats and Countermeasures”, Ahnlab Online Security Available: https://sqnetworks.com/ downloads/AhnLab_AOS_WhitePaper.pdf
  7. Navjeet Kaur, “A Survey on Online Banking System Attacks and its Countermeasures”, International Journal of Computer Science and Network Security, vol.15, no.3, pp. 57-61, 2015
  8. Andreea Bendovschi, “Cyber-Attacks – Trends, Patterns and Security Countermeasures”, Procedia Economics and Finance, vol. 28, pp. 24-31, 2015
  9. Changsok Yoo, Byung-Tak Kang and Huy Kang Kim, “Case study of the vulnerability of OTP implemented in internet banking systems of South Korea”, Multimed Tools Appl ,vol. 74, pp. 3289–3303, 2015
  10. Georgios Angelakopoulos and Athanassios Mihiotis “E-banking: challenges and opportunities in the Greek banking sector”, Electron Commer Res, vol. 11, pp. 297–319, 2011
  11. Susheel Chandra Bhatt and Durgesh Pant, “Study of Indian Banks Websites for Cyber Crime Safety Mechanism”, International Journal of Advanced Computer Science and Applications, vol. 2, no.10,pp. 87-90, 2011
  12. “Executive Leadership of Cybersecurity”, CSBS [Online] Available: https://www.csbs.org/CyberSecurity/Documents/ CSBS%20Cybersecurity%20101%20Resource%20Guide%20FINAL.pdf
  13. “What Is SSL (Secure Sockets Layer) and What AreSSL Certificates?”, Digi cert Available:https://www.digicert. com /ssl.htm
  14. “Technical Guide to Information Security Testing and Assessment”, NIST Available: http://csrc.nist.gov/ publications/nistpubs/800-115/SP800-115.pdf
  15. Vibhore K Jain, “Database Encryption”, Banking Security Magazine, vol.1, no.1, 2011
  16. “Guidelines on Firewalls and Firewall Policy”, NIST Available: http://csrc.nist.gov/publications/ nistpubs/800-41-Rev1/sp800-41-rev1.pdf
  17. “SMS Banking”, Wikipedia Available: https://en.wikipedia.org/wiki/SMS_banking
  18. “Privacy and Banking: Do Indian Banking Standards Provide Enough Privacy Protection?”, The Centre for Internet and society Available:http://cis-india.org/internet-governance/blog/privacy/privacy-banking
  19. Jason Milletary, “Technical Trends in Phishing Attacks”, US-CERT
  20. R.P.Kaur, “Statistics Of Cyber Crime In India: An Overview”, International Journal of Engineering and Computer Science, vol.2, no. 8, pp. 2555-2559,2013
  21. John La Cour (April 29, 2014) Vishing campaign steals card data from customers of dozens of banks [Online] Available: http://blog.phishlabs.com/vishing-campaign-steals-card-data-from-customers-of-dozens-of-banks
  22. Top Ten Cyber Squatter Cases Available: http://www.computerweekly.com/photostory /2240107807/Photos-Top-ten-cybersquatter-cases/1/ Cybersquatting-cases-Number-10-Dell
  23. “Pharming”,Wikipedia Available: https://en.wikipedia.org / wiki/Pharming#cite_note-3
  24. Ellen Messmer (Jan 22, 2008). “First case of drive-by pharming identified in the wild” [Online] Available: http://www.networkworld.com/article/2282527/lan-wan/first-case-of--drive-by pharming--identified-in-the-wild.html
  25. “Defeating Man in the browser Malware” Available: https://www.entrust.com/wp-content/uploads/2014/03/WP_Entrust-MITB_March2014.pdf
  26. “SSL/TLS Session-Aware User Authentication—Or How to Effectively Thwart the Man-in-the-Middle” Available: http://people.inf.ethz.ch/basin/pubs/mitm-cc.pdf
  27. Klaus Plossl, Hannes Federrath and Thomas Nowey,“Protection Mechanisms against Phishing Attacks”in Proc. 2nd International Conference on Trust, Privacy and Security in Digital Business (TrustBus '05). LNCS 3592, Springer-Verlag, Heidelberg, 2005, pp.20-29.
  28. “Preventing XSS Attacks” Available: http://www.acunetix.com/blog/articles/preventing-xss-attacks
  29. “Proactive Botnet Countermeasures an Offensive Approach”, NATO Available: https://ccdcoe.org /publications/ virtualbattlefield/15_LEDER_Proactive_Coutnermeasures.pdf
  30. Rajkumar, Manisha Jitendra Nene, “A Survey on Latest DoS Attacks: Classification and Defence Mechanisms”, International Journal of Innovative Research in Computer and Communication Engineering,vol. 1,no. 8, pp. 1847-1860,2013
  31. ietf: tcp syn flooding attacks and common mitigations Available:http://tools.ietf.org/html/rfc4987
  32. “VoIP Defender: Highly Scalable SIP-based Security Architecture”,Iptel Available: http://www.iptel.org/~dor/papers/Fied0707_voip.pdf
  33. “Protecting SIP against Very Large Flooding DoS Attacks”, NEC Europe Ltd. Available: http://startrinity.com/VoIP/Resources/sip362.pdf
  34. John Ioannidis, Steven M. Bellovin, “Implementing Pushback: Router-Based Defense Against DDoS Attacks”, In Proc. of Network and Distributed System Security Symposium, 2002 Available: http://citeseer.ist.psu.edu/viewdoc/ download?doi=10.1.1.16.2012 &rep=rep1&type=pdf
  35. Tao Peng, Christopher Leckie and Kotagiri Ramamohana rao, “Defending Against Distributed Denial of Service Attacks Using Selective Pushback”, In Proc. of the Ninth IEEE International Conference on Telecommunications (ICT), 2002 Available: http://citeseerx.ist.psu.edu /viewdoc /download?doi=10.1.1.11.8639&rep=rep1&type=pdf
  36. Lei Zhang, Shui Yu, Di Wu and Paul Watters, “A Survey on Latest Botnet Attack and Defense”, International Joint Conference of IEEE TrustCom-11/IEEE ICESS-11/FCST-11,2011 Available: https://pdfs.semanticscholar.org/e4fa/1e3c305ce738da86bc43458e19faf62323d5.pdf
  37. Supranamaya Ranjan, Ram Swaminathan, Mustafa Uysal and Edward Knightly, “DDoS-Resilient Scheduling to Counter Application Layer Attacks under Imperfect Detection”, In Proc. Of IEEE Infocom,2006, pp.23-29 Available: http://citeseerx.ist.psu.edu/viewdoc/versions ?doi=10.1.1.68.8279
  38. Huey-Ing Liu and Kuo-Chao Chang, “Defending Systems Against Tilt DDoS Attacks”, The 6th International Conference on Telecommunication Systems, Services, and Applications, Bali, 2011, pp.22-27
Index Terms

Computer Science
Information Sciences

Keywords

Phishing Botnets Spoofing Key-logging Cyber squatting MITM-Man In The Middle MITB- Man In The Browser MITPC- Man In The Personal Computer OTP-One Time Password ATM-Automated Teller Machine DDOS-Distributed Denial Of service SSL-Secure Sockets Layer XSS-Cross Site Scripting IDS-Intrusion Detection System IPS-Intrusion Prevention System DNS-Domain Name Server