T19 Group 4 - Security Risks with Online Banking

Group Name
TAK!



Group Members
Tyler Williams, Ashok Parmar, and Kelsey Minor

Technology and Issue
Our technology is online banking; our issue is the security risks associated with banking over the internet.

Introduction
For well over the last few years now, online banking has become an effective way for people all over the world to keep track of their banking matters. Online bankers are using the web today for a number of different services that include electronic bill payments, transferring funds, and various types of investments. However, the security of online banking has to be taken into consideration as a number of incidents over the last few years are indicative of this. Many online hackers are taking the approach of trying to find new and innovative ways to get into people’s accounts and the best way to go about this is through finding personal information about the customer. According to chart below from “The Canadian Bankers Association,” trends indicate that more and more Canadians are making the shift towards online banking.

Growth in Electronic Transactions

Source: Canadian Payments Association

Argument


There are many risks affiliated with internet banking, however, banks are using various techniques to prevent theft of private information. Over the past five years the internet has become more powerful and is being widely used to make daily tasks easier. We are going to examine the advantages and disadvantages of online banking as well as identify the technologies that exist to mitigate the risks. We are going to show that even though security threats exist, the benefits of online banking out-weigh the risks. Finally, we are going to examine technologies such as digital encryption, firewalls, security software, and usernames and pins to show how banks, along with consumers, can protect themselves against online theft. The use of online banking has significantly increased during the last few years. This shows that people are becoming to feel more comfortable with online banking. Even though security risks exist, online banking is an excellent way to save time and money without sacrificing security.

Advantages and Disadvantages


The power of online banking is enormous and can help people save time and money, but risks do exist so people must be aware. One main advantage of online banking is the convenience. When you can access your account information every day of the week and don’t have to deal with office hours or transportation you save valuable time which can be better used. This means you can check your balances, pay your bills, and make other transactions at whenever time is best for you. Since we are moving into a paperless society it is important to be able to retrieve your statements online, thus saving stacks of paper and the environment. Automated payments allow people to set up recurring transactions from their account to their bill. One example of this could be linking your cell phone bill to your savings account so that when you get your cell phone bill, money will be automatically transferred out of your account and be paid towards your bill. You can also handle multiple transactions from one site. This means you can handle your chequing account, savings account and your credit card statement all from the same place, as long as they have been issued from the same bank. The advantages of online banking are clear and influence many people to use the technology.

The disadvantages of online banking may force some people to stray away from it and stay old fashioned. The main issue with people who choose not to use online banking is the safety and security of their money. The internet has security risks that can put user's money at risk. Also, some people feel like the online system is too hard to learn, but most banks have an online tutorial and sometimes even offer online customer service in the form of email or chat. Even if people feel comfortable with the online banking world some may feel that their own errors may cause problems. One example is forgetting to press complete transaction or something to that degree. Other issues that may arise is that some banks make you sign a power of attorney, which is an authorization to make financial decisions. Overall, the disadvantages don’t outweigh the advantages, because banks are implementing many techniques that try and reduce theft and ensure that your identity and money are safe at all times.

Technology


There are several security measures banks use in order to protect information online. These include digital encryption, usernames and PINs (Personal Identification Number), time-out features and internet security software.

Digital Encryption
In order to adapt to the growing concerns surrounding online banking security, new techniques are being put in place for protection. Much of the advice that banks are giving to their customers has to deal with the three issues of protecting your personal information, the advent of the time-out feature and digital encryption. A new technology that is helping protect online bankers is digital encryption. The system is only compatible with computers who have proper requirements, and functions by converting your personal banking information into an encrypted code. This is encrypted information is later translated by encryption software when an authorised user requests it. Your personal information is encrypted well before you share it over the Internet, as steps to protect your personal information are taken once you visit a bank branch to apply for something such as a loan or a credit card.

Usernames and PINs
Perhaps the simplest piece of advice that banks will give you in terms of protecting your online security is taking all necessary precautions when it comes to your username and your passwords. Usernames are the unique name that you choose to identify your account; passwords are secret words or phrases that you use to prove your identification. One danger that exists is online bankers choosing passwords that are easily associated with them. For example, this can include the name of a favorite pet or a loved one or even a favorite number. While it is beneficial to have a username and password that are easy to remember, there is nonetheless a great deal of risk that comes along with people being able to find out this information. While it may sound very strange, unfortunately there are many victims of online banking who are being targeted by those who may be close to them such as friends and family. Preventative Measures Some online banking services, particularly in Europe, are beginning to use the Transaction Authentication Number or TAN system as a means of security for their customers. Within this system, users are almost forced by the bank to take many more precautions when it comes to their security. The bank has a lot of control here as they set out a list of different PINs, called TANs, for the online banking consumer. In order for the consumer to gain access to this information, he/she will likely have to go the bank branch and present some secure identification such as a passport, SIN Card, birth certificate, etc. to receive these TANs. What makes the system so secure is that there is a long list of TANs that the consumer will only use once each time. For example, every time the consumer uses his/her username and password to log on there will be an additional TAN to be entered as well. One benefit of a system like this is that even if a computer hacker has access to somebody's username and password, the TAN is something that the perpetrator may not have access to. Since the username and password are mailed directly to the customers and the TANs are picked up in person, even if somebody tries to steal the information, they would be unsuccessful logging into the customer's account without both pieces of information.

Bank of America Another method being used to protect passwords and PINs is The Bank of America's latest attempt at changing the way people do their online banking. Rather than immediately typing your password and/or PIN when logging on to the bank's website, the customer fills in their personal information after seeing an image that they had previously chosen. Just like with the TANs, the concept of connecting an image with your personal information is a two-factor authentication. However, this system is not bulletproof either, as many banks who offer two-factor authentication have still had incidents of online banking fraud.

Nordea One example of this occurred with the Scandinavian bank Nordea that went through one of the biggest online bank frauds ever. With over 1.1 million dollars in losses to the bank, perpetrators were able to gain access to customer information through a Trojan virus that would eventually find its way to the victims’ computers. Eventually the Trojan virus would be able to find out all the websites that the victim would visit. Most importantly, the perpetrators were able to use the Trojan virus in detecting personal information that was being entered at the Nordea website, and therefore the perpetrators now had access to PINs, passwords and the online information of the victim. Almost 300 people were affected by this event and it even led to Nordea temporarily suspending their online services due continued attempts by hackers to gain access to their customers' personal information.

Time-Out
Another method being used by banks to help protect their customers is through automatically logging them off. The service consists of the bank logging you out of your account if you have had a lengthy period of not making any transactions. The need for this arises from the fact that despite the many risks associated with online banking, many people fail to log out of their banking account. A lot of this happens by people leaving their computer on for hours among hours without having the concern that they are putting themselves at risk. For those people who forget to log out, many banks are starting to offer the time-out service for their customers. A significant concern deals with customers who are not using their own computer when sending out confidential banking information online. The danger with this is that another person's or business's computer may not be protected with the same kind of protection that you may have on your computer. Another safety precaution to take when using a public computer is to make sure that no usernames or passwords have been stored and that you have deleted your browsing history if possible. Many banks, such as CIBC, are using the time-out function.

Security Software


Most security software must be used on the customer's computer. These programs include anti-virus and anti-spyware software and firewalls. All of these programs are extremely useful, but can only be effective if they are used properly and regularly, and are kept current.

Anti-Virus

Antivirus programs find and neutralize threats to the security of the computer, including viruses, worms, and phishing scams. When an antivirus program identifies a threat it tries to remove it from the file in which it is embedded. If it is unsuccessful, it will quarantine the file and attempt to delete it. Online banking customers need to install antivirus software on their own computers to benefit from it, and once they do it protects them by stopping viruses that may be trying to collect their banking data or destroying their files.

Some of the problems with using antivirus software are that they are based on old code, which can be vulnerable. As well, the software itself can have many security problems, which consumers may not realize. Also, some antivirus software is actually spyware, or contains adware, and could be harmful to the user's computer.

Anti-Spyware

Spyware is probably the most important concern for online bankers. Spyware collects personal information, along with manipulating the user's computer by changing settings. If a bank customer has spyware on their computer, their data could easily be collected by a third party and used to steal their identity. Anti-spyware programs must be used to counteract this threat. They work in a similar manner to antivirus programs, scanning the computer for spyware and quarantining or deleting any possible threats. The most important way to prevent spyware from infecting your computer is to use a firewall, as well as to be aware of everything you download onto your computer.

Firewalls

Firewalls are essentially barriers that prevent or allow traffic within a network. They can be configured to stop certain attacks on a network, which is essential when banking online for both the bank's network and the home computers of its users. Some firewalls, called network address translation firewalls, can hide the real address of the host that they are protecting, making it even harder for hackers to get into the system. In general, they work by analyzing the information being sent across the firewall, and comparing it to a database. If the information is determined to be a threat, it is not allowed through the firewall. There are three types of firewalls:


 * Packet filtering: Packets of data are analysed as they are sent through the network. If they are allowed through, they are sent on. If not, they are refused access into or out of the network.


 * Proxy service: Information is sent to and from a requesting system by the firewall.


 * Stateful inspection: Parts of packets are compared to a database. If the parts are the same as the database says they should be, the packet is allowed through.

Conclusion
While there are security risks to be concerned about while banking online, the truth is that banking over the internet is no more dangerous than banking through the use of ATMs. As we have seen, if banks are careful to secure their systems and customers are proactive about protecting their information, there is little threat to their online privacy.

Tyler
http://www.isaca.org/Template.cfm?Section=Home&CONTENTID=17424&TEMPLATE=/ContentManagement/ContentDisplay.cfm

http://en.wikipedia.org/wiki/Online_banking#Security

http://www.cbc.ca/money/story/2000/12/13/internet_banking001213.html

http://www.hsbc.com.au/1/2/personal/services/internet-banking/faq/faq5

http://www.spamlaws.com/onlinebanking-fraud.html

http://72.14.253.104/search?q=cache:x-IOpUEI0fIJ:www.csialliance.org/publications/csia_whitepapers/CSIA_FFIEC_Get_Facts_November_2006.pdf+online+banking+facts&hl=en&ct=clnk&cd=31&gl=ca

http://www.staysmartonline.gov.au/smart_transacting_online/list/step_2_smart_online_banking

http://www.protectfinancialid.org.au/Protecting-yourself-online/default.aspx

http://www.financeguide101.com/component/option,com_magazine/Itemid,1/func,show_edition/id,35/

http://en.wikipedia.org/wiki/Disk_encryption_software

Ashok
http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software

http://www.ftc.gov/bcp/edu/pubs/consumer/credit/cre14.shtm

http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software

http://en.wikipedia.org/wiki/Phishing

http://en.wikipedia.org/wiki/Personal_identification_number

http://muse.jhu.edu.ezproxy.lib.ucalgary.ca/journals/eservice_journal/v001/1.1nath.html

http://muse.jhu.edu.ezproxy.lib.ucalgary.ca/journals/journal_of_money_credit_and_banking/v035/35.2berger.pdf

http://web.ebscohost.com.ezproxy.lib.ucalgary.ca/ehost/detail?vid=4&hid=9&sid=a7f6f503-6155-448a-8deb-c66ddafbc691%40sessionmgr9

http://news.bbc.co.uk/2/hi/business/6279561.stm

http://ezinearticles.com/?Online-Banking:-Advantages-and-Disadvantages&id=445102

Kelsey
http://www.24-7-ebiz.com/online-banking-security-information/Disadvantages_of_Online_Banking.html

http://en.wikipedia.org/wiki/Antivirus_software

http://www.heise-online.co.uk/security/Antivirus-software-as-a-malware-gateway--/features/100965

http://en.wikipedia.org/wiki/Spyware

http://images.google.ca/imgres?imgurl=http://www.cba.ca/en/images/pubs/9-afford.gif&imgrefurl=http://www.cba.ca/en/viewPub.asp?fl%3D6%26sl%3D23%26docid%3D533%26pg%3D4&h=343&w=550&sz=28&hl=en&start=4&um=1&tbnid=2PfGt7FfJZuLhM:&tbnh=83&tbnw=133&prev=/images?q%3Dcanadian%2Bonline%2Bbanking%2Bstatistics%26um%3D1%26hl%3Den

http://www.microsoft.com/protect/computer/basics/spyware.mspx

http://www.microsoft.com/protect/computer/spyware/prevent.mspx

http://en.wikipedia.org/wiki/Firewall_(networking)

http://www.howstuffworks.com/firewall.htm

http://www.firewallguide.com/