Survey on Banking Protocols and their flaws

ABSTRACT

Current technology is evolving fast and is constantly bringing new dimensions to our daily life. Electronic banking systems provide us with easy access to banking services. The interaction between user and bank has been substantially improved by deploying ATMs, phone banking, Internet banking, and more recently, mobile banking. This paper discusses the security of today's electronic banking systems. We focus on Internet and mobile banking and present an overview and evaluation of the techniques that are used in the current systems. The best practice is indicated, together with improvements for the future. The issues discussed in this paper are generally applicable in other electronic services such as E-commerce and E-government. Fraud detection mechanisms support the successful identification of fraudulent system transactions performed through security flaws within deployed technology frameworks while maintaining optimal levels of service delivery and a minimal numbers of false alarms. Knowledge discovery techniques have been widely applied in fraud detection for data analysis and training of supervised learning algorithms to support the extraction of fraudulent account behavior within static data sets. Escalating costs associated with fraud however have continued to drive the migration towards increasingly proactive methods of fraud detection, to support the real-time screening of transactional data and detection of ambiguous user behavior prior to transaction completion. This shift in data processing from post to pre data storage significantly reduces the available time within which to evaluate newly arriving system requests and produce an accurate fraud decision, demanding increasingly robust and intelligent user profiling technologies to support advanced fraud detection. This paper provides a comprehensive survey of existing research into account signatures, an innovative account profiling technology which maintains a statistical representation of normal account usage for rapid recalculation in real-time. Fraud detection architectures, processing models and applications to date are critically examined and evaluated with respect to their proactive capabilities for detection of fraud within streaming financial data. Discussion is also presented on challenges which remain within the proactive profiling of account behavior and future research directions within the signature domain.

TABLE OF CONTENTS

ABSTRACT2

CHAPTER 1: INTRODUCTION4

Scope of the paper5

Outline of the paper5

CHAPTER 2: LITERATURE REVIEW7

Background: financial fraud management7

Financial fraud7

Fraud management8

Customer profiling11

Architecture and security requirements13

Internet architecture13

WAP architecture14

Security requirements14

Cost versus security15

Services in an electronic banking system15

CHAPTER 3: METHODOLOGY16

Signature processing16

Architecture16

Signature implementation17

Processing granularity18

Signature initialization18

Signature updating19

CHAPTER 4: RESULTS AND DISCUSSION21

Additional security issues22

Registration22

Delegation23

Secure platforms23

The human factor23

Logging and monitoring24

CHAPTER 5: CONCLUSION25

WORKS CITED27

CHAPTER 1: INTRODUCTION

Online electronic banking systems give everybody the opportunity for easy access to their banking activities. These banking activities may include: retrieving an account balance, money transfers between a user's accounts, from a user's account to someone else's account, retrieving an account history. Some banks also allow services such as stock market transactions, and the submission of standardized accounting payment files for bank transfers to third parties (Spalka & Cremers: 403-419).

As technology evolves, different kinds of electronic banking systems emerge, each bringing a new dimension to the interaction between user and bank. The Automated Teller Machine (ATM) is the first well-known system that was introduced to ...