Online banking system has created an enormous impact on IT, Individuals, and networking worlds. Online banking systems and its exclusive architecture have numerous features and advantages over traditional banking system. However, these new uniqueness create new vulnerabilities and attacks on an online banking system. Cross-site scripting request forgery or XSS attack is among the top vulnerabilities, according to recent studies. This exposure occurs, when a user uses the input from an online banking application without properly looking into them which allows an attacker to execute malicious scripts into the application. Current approaches use to mitigate this problem, especially on effective detection of XSS vulnerabilities in the application or prevention of real-time XSS attacks. To address this problem, the survey of different vulnerability attacks on online banking system performed and also presents a concept for the prevention, detection, removal and recovery of XSS vulnerabilities to secure the banking application.
TopIntroduction
Online banking (Internet banking or e-banking) offers benefits such as, fast transaction, data accuracy, and data consistency, for both banks and its customers. Online banking has enabled traditional banking work with lower operational cost through the reduction of physical facilities and staffing resources needed. It reduces the waiting times in branches leading to potential increase in sales performance. (Sarel & Mamorstein, 2003). Online banking permits customers to perform banking transactions electronically via bank's website anytime and anyplace. Additionally, customers is not area restricted to the gap hours of banks, travel and waiting times aren't any longer necessary in online banking (Hamlet, 2000). The delivery channels/ services are the primarily represent the domain of on-line banking which include ATM Machines (ATMs), Net Banking, Phone Banking, Mobile Banking, TV Banking and Non-Cash Retail Payments (e.g., Debit Cards, Credit Cards, ECS, NEFT, and RTGS).
Online banking involves different facilities for the banking customers. The provision of facilities is include accessing accounts, transferring funds, and shopping for monetary product or services on-line. Furthermore, new banking services such as, electronic bill generation and payment, also involve in online banking which permit the purchasers to pay and receive the bills on a banks web site. This mechanism is often referred to as transactional on-line banking (Abha& Vinita, 2010). Online banking can be series of processes within which a bank customer login on to the web site of the bank through the browser that's installed on client laptop, desktop, palmtop, and smartphone. It is useful to carries out numerous transactions such as, account transfers, bill submissions, account inquiries etc. Online banking comprise of four major stages such as, PC booting and OS execution, banking services, cloud or internet and banking websites. Figure 1 shows the working of online banking system.
Figure 1. Working of online banking system
Online banking threats and vulnerabilities are a foremost challenge in the field of research. The rest of the chapter is organized as follows. Section 2 includes an online banking mechanism. The section 3 states that online banking security issues along with case study of online banking system with CSRF attack impact. In Section 4, the proposed work focuses on XSS detection and recovery in the DOM. We also discuss the implementation of work with performance evaluation of different aspects. In section 5, we state the conclusion and final.
TopOnline Banking System Mechanisms
Online banking has basically transformed the manner in which banks traditionally conduct their businesses and therefore the customers can perform their banking activities through online banking (Eriksson et al., 2008; Sathye, 1999). Nowadays, on-line banking has full-fledged extraordinary growth in the market and has become one of the most sources of avenues for banks is to deliver their product and services to customer (Amato-McCoy, 2005).