How Private Is Your Financial Data?: Survey of Authentication Methods in Web and Mobile Banking

How Private Is Your Financial Data?: Survey of Authentication Methods in Web and Mobile Banking

Vidya Mulukutla (State University of New York – Buffalo, USA), Manish Gupta (State University of New York – Buffalo, USA) and H. R. Rao (State University of New York – Buffalo, USA)
Copyright: © 2015 |Pages: 28
DOI: 10.4018/978-1-4666-7381-6.ch009
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

The ease and convenience of Internet Banking or e-banking has made it the most preferred way for customers as well as the banking industry alike. The fact that e-banking enables remote accessibility of a customer's account translates to round-the-clock service from the bank and has made this mode of operation a success in every sense. The starting and most important point for which would be the authentication to customer's financial data. This chapter sheds light on the different authentication mechanisms that could be followed as per the situational demands taking into consideration the various threat environments and possible vulnerabilities in the system. The advantages and disadvantages arising out of different authentication mechanisms are presented with the possible attack scenarios enumerated. An overview of the personal computer environ and the mobile environ are discussed. The chapter will be invaluable for managers and professionals in understanding the current authentication landscape.
Chapter Preview
Top

Introduction

The online banking is a service provided by many banks to their customers to access their account from anywhere with a computer and Internet connection with them (Online Banking, 2010). The users prefer this service as they can save time by accessing their bank transaction through the Internet from home or any place. The factors that drive accelerated growth of banking on the Internet are as listed below (Hutchinson & Warren, 2003):

  • Increase the demand of customers.

  • With more and more players in the market, there is increasing competition to stand out and satisfy customer needs.

  • In order to cut down on costs and maintain high levels of efficiency.

  • Relaxation of regulations in the financial services market world-wide.

With increase in fraud and identity theft, the banking sector is constantly on its toes and is struggling a lot with the authentication issues. The authentication of the user is of utmost importance as fraud should be avoided on this service and bank should also ensure that only authorized person accesses the account. Though the banks have taken keen interest in developing secure authentication mechanisms for the users, the fraud is still growing and the improvement in the authentication processes are much needed. At present banks follow different methods to secure their service.

Authentication is a process of verifying that the right person is provided access when requested (Authentication, 2007). Using the authentication we can ensure that the right person is provided with exact identity such as driving license, passport etc to show that he/she is the authorized person to hold those identity cards. There are different types of authentication methods available to authorize a person. The person once verified using those methods are permitted to access the particular resource where the authentication is required. The access control is a term where the authorized person is provided with authorization to access particular factor in the web resources which can be granted or declined as per the service provider (control, 2010).

The authentication can be provided through many methods and authentication is an essential factor in banking sectors to provide complete security to the online banking service. Banks are investing more in providing security to their online banking services. However, with the lack of robust authentication mechanisms for users who access their accounts from multiple number of devices, be it personal computers or shared computers or mobile devices and from any corner of the world, all efforts to make the network secure can turn out futile. For a really long time, passwords were the most common and a de-facto standard for authentication. With recent changes in the stakes and increasing value of underlying information, users are required to remember longer and more complex passwords while also requiring them to change them frequently. This has led to more insecurity and inconvenience (see for example, Bunnell et al., 1997; Furnell et al, 2000; Pond et al, 2000, Bishop & Klein, 1995); and alternative and more secure methods of authentication have made their way in the mainstream. There are different types of authentication methods and each had their unique qualities in providing authentication. There many different issues that are faced by the banking sectors in the online banking and are described in detail in this paper.

Key Terms in this Chapter

Authorization: Verifying user’s privileges to a system.

Multiple Factor Authentication: An authentication system that is based on more than one factor or authentication.

Password Management: Managing users’ passwords for purpose of authentication.

Role Management: Managing user’s roles for purpose of authorization and entitlements.

Identity Management System: A system for managing user identities and related privileges.

Authentication: Verifying user’s assertion of its identification through credentials.

Identity Federation: Asserting user’s identification information to a trusting partner for purpose of user’s identification and authorization.

Identity Management Architecture: Design of identity system for managing credentials and entitlements for users of covered systems.

Authentication Factor: One of three possible factors – something the user knows (knowledge), something user possesses (possession) and something user is (behavioral).

Single Sign On: Use of a single set of credentials to provide access to multiple systems and applications.

Complete Chapter List

Search this Book:
Reset