Achieving Security to Overcome Attacks and Vulnerabilities in Mobile Banking Security

Achieving Security to Overcome Attacks and Vulnerabilities in Mobile Banking Security

Balamurugan Balusamy (VIT University, India), Malathi Velu (VIT University, India), Saranya Nandagopal (VIT University, India) and Shirley Jothi Mano (VIT University, India)
Copyright: © 2017 |Pages: 26
DOI: 10.4018/978-1-5225-0864-9.ch014


Mobile Banking is a means of connectivity between bank and its customers. It would be impractical to expect customers to regularly visit banks or connect to a web site for regular upgrade of their mobile banking application. Mobile Banking is a provision and availability of both banking and financial services with the help of mobile telecommunication devices as an Application. It would be expected that the mobile application itself check the upgrades and updates and download necessary patches. Mobile banking has brought the advantage to have an alternate to debit and credit card usage. Mobile banking has the below three inter-related concepts: Mobile accounting, Mobile brokerage, Mobile financial information services. Mobile banking services are Account information provision, Monetary Transaction, Investment facilitation, Support and Content services. The threats involved in Mobile Banking are categorized as, Threats against end user and end user device, Threats against communication network, Threats against remote banking service. The impact of various threats is discussed below.
Chapter Preview

Introduction To Mobile Banking

The recent technology that had major impact on bank services is Internet banking. Customers can access the banks anytime by means of Internet Banking. With Internet banking, customers can perform various operations like getting bank statements, performing transactions and paying bills without the need of going to bank every time.

Though there are number of advantages, the limitation of Internet banking is that it requires a device like computer and an Internet connection. This may not be an issue in developed countries like US or Europe but in developing countries like India and China this is a major drawback. This limitation has been overcome by means of Mobile Banking since it requires a simple mobile instead of computers and laptops.

The term Mobile Banking can be defined as ‘A system that helps bank users/customers to access bank services such as transactions by means of a mobile device such as a mobile phone or tablet.

The sales and usage rate of mobile phones is increasing rapidly everyday even in developing economies like India. It is estimated that there are 207 million users in India alone in the year of 2014. This proves the fact that mobile devices have become an integral part of our life.

In recent days, providing mobile banking service has become compulsory for all the banks, in order to enhance the comfort of their customers. The mobile banking applications provided by banks these days are optimized, that they can run smoothly and efficiently on various mobile platforms. Mobile Banking provides greater advantage for customers who frequently use smart phones. The main advantage of mobile banking is that mobile banking enables “Anywhere Banking”. Customers can access bank services even during their regular activities such as travelling, while waiting for buses or during break times in work.

Mobile Banking faces several threats and attacks like Phishing is an attack that targets vulnerabilities that exists in the system due to human factor. Phishing attack is an attempt to acquire sensitive information like username, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication via HTTP link which links to threat. Several cyber attacks are spread via mechanisms that express weakness found in end users, and make the user existing to vulnerability (Worring, et al., 2012). This problem is broad and thus multiple techniques are often implemented to mitigate specific attacks. A high level over-viewing of categories of phishing techniques are detection, offensive defense, correction and prevention. The hacker may use some trusted authorities Id, make the user to believe and steal the information from the user. User education or training is an attempt to increase the technical level awareness of users to reduce their susceptibility to phishing attacks. A detection method termed Intrusion Detection System (IDS) promises to detect the phishing attack based on Natural Language Processing(NLP). This method uses blacklists for eliminating the fake websites. Based on blacklists websites are authenticated (Khonji, et al., 2013).

Normalized Compression Distance (NCD) is a reasonable approach to overcome phishing attack. This approach works by comparing the legitimate website with the fake one. Compression algorithm is used for comparing the websites (Chen, et al., 2014).

SQL injection is a code injection technique, used to attack data-driven (Alnabulsi, et al., 2014) technique applications, in which malicious SQL statements are inserted into an entry field for execution. This attack poses a serious security threat among the Internet community nowadays and it continues to increase exploding flaws found in internet applications. The attackers take the advantage of poorly developed web applications and introduce malicious code to the system and retrieve sensible information. So, additional information must be processed to enhance the security of the data and integrity of the applications. There is a technique that filters the SQL injection attacks by SNORT IDS. SNORT is nothing but network intrusion prevention system which is capable of performing real-time traffic control analysis and packet-logging techniques. SQL injection uses some signature techniques to inject the SQL data and creates threat to user information.

Complete Chapter List

Search this Book: