Abstract
The digitization of banking has caused a revolution in e-banking frauds. Today, e-banking frauds have become an industry where cyber criminals are employing sophisticated tools to steal information and commit frauds. It is made possible through techniques like phishing, using viruses and Trojans, identity theft. This study aims at examining the techniques behind e-banking frauds, the main vulnerabilities in the banking systems, the security measures that we should take while dealing with online transactions, current technologies that different banks are operating on to secure e-banking and the emerging techniques which have the potential to combat this issue of e-banking frauds. This study also gives an insight on the fraudulent certificates, the way they are used in banking frauds, and how this problem is dealt with by applying certificate transparency.
TopBackground
Online banking today is so prominent that it is hard to imagine that it was not far ago that this boon came into existence. The beginning of online banking dates back to as early as 1980s when biggest banks in New York started providing their customers home-based services. Customers could access their bank accounts to view statements and pay bills. However, the real breakthrough in internet banking arrived in mid 1990s when internet was acknowledged as a distribution media with great potential. The ease and comfort that this breakthrough brought with itself was commendable and life changing. While this mode of access to the banks and ease of handling the accounts was very convenient and had great potential, people soon realized that this flexibility came at a price. Cyber criminals started considering potential in e-banking to accomplish their vicious motives of financial gains by hacking into the systems. Conventional methods of banking frauds soon were replaced now by e-banking frauds. Technological innovations that the banking sector adopted in their quest for growth, in turn opened a gateway for higher levels of cyber risks. It probably introduced new vulnerabilities and complexities into the system. Hackers are now exploiting these loopholes or finding and inventing new technologies to find such vulnerabilities in the banking systems. Various studies and work have been directed towards this critical topic of online banking frauds. Research on this topic includes both the preventive security measures, strengthening the system and the detection of frauds. Banks are constantly working towards the enhancement of security and using various methods to keep the system safe, like encrypted channels for the transactions, two factor authentication and many technologies are being worked upon to secure the system from being exploited by the criminals. Data analysis software are used by examiners to analyse a bank’s business data to gain insight into how well internal controls are operating and to find transactions that indicate fraudulent activity or the risk of fraud.
Key Terms in this Chapter
Phishing: It is a deceiving technique which involves social engineering (that refers to psychological manipulation of people into performing actions or divulging confidential information) and technical subterfuge.
Certificate Transparency: Google's certificate transparency project repairs several structural defects in the SSL certificate system, which is the key cryptographic system that triggers all HTTPS connections.
HSTS: It is a web safekeeping policy contrivance that aids to protect websites against protocol downgrade outbreaks and cookie hijacking.
SSL: It is the foundation of the Internet protection. It secures website and handles the confidential and sensitive information of the users like credentials by providing critical security, privacy and data integrity.
HTTP: It is a web safekeeping policy contrivance that aids to protect websites against protocol downgrade outbreaks and cookie hijacking.
CAPTCHA: Completely automated public Turing test to state computers and humans separately is a technique implemented in some banking systems whose aim is to render bots by creating and rating tests that humans can clear but existing computer programs cannot.
Malware: Malware, or malicious software, is any program or file that is detrimental to a computer operator. Malware comprises computer viruses, worms, Trojan horses and spyware.
HPKP: It is a safekeeping policy that tells a web client to associate a detailed cryptographic public key with a certain web server to cut the jeopardy of MITM attacks with bogus certificate.
TLS: The upgraded version of SSLv3.
SIEM: Security information and event management.