Courses/Computer Science/CPSC 203/CPSC 203 2008Winter L03/CPSC 203 2008WinterL03 TermProjects/T16 Group 4 -The Ups and Downs of Online Banking

Topic




Group Members
Corinne Mondoux, Rebecca Huynh, Danielle Boyce, Sanya Lakhani, Jennifer Hosfield, and Cassandra Atkins.

Statement


Online banking has made it increasingly convenient to carry out everyday banking tasks in today's society. As shown in the graph of households using online banking in th United States, the popularity of online banking has been increasing steadily in recent years. This trend seems to show that the many people are finding that the convenience benefits of taking advantage of online banking outweigh the dangers associated with it. Banking online does offer many benefits such as saving time and money, but at the same time it can make your accounts more vulnerable. By accessing your accounts online it becomes possible for hackers to find ways to access your accounts in ways they couldn't before online banking. Here we will be looking at the advantages to banking online as well as the dangers. There are many ways to protect customers from the dangers of online banking, but the issue is whether or not these methods make online banking safe enough that the benefits outweigh the dangers.

Ideas

 * Identity Theft
 * Phishing
 * Fraudulent Transactions
 * Security Features
 * Secure Sockets Layer (SSL)
 * Secure Sessions

The Disadvantages of Online Banking
There are many upsides to online banking, but there are also many disadvantages associated with it as well. One of the many disadvantages includes customer service. When going to a brick-and-mortar bank, the people that assist you are very helpful and you are able to ask many questions and get helpful answers. You also have the opportunity to choose who you deal with at the banks. As for banking online, it may not be very easy to complete. There may be questions you need to ask during your online banking, but who do you ask? Also, if your online bank account offers banking by telephone, you may not get a chance to talk to someone that is kind and helpful.

While online banking, people may experience technical difficulties. "When a bank's website goes down, so do you!" This is a major problem when banking online and you are in dire need of cash or paying your bills. Also, if your computer is running slow or just having issues, the transactions you are trying to complete may not go through. Technology can become very unreliable and frustrating, especially when it comes to completing important tasks. Another disadvantage of online banking is that some banks offer only online services. Many banks are only technologically corporated and do not have physical locations if you preferred to complete your banking transactions face-to-face.

Also, another problem is security and trusting the bank with the information you provide over the screen of a computer. When considering banking online, people look at the security of handling money over the internet. So how safe is online banking? In some ways its actually not that safe. Hackers can easily break into your computer and obtain your password for your online bank account. There are many different techniques people will use to get personal information ranging from simple schemes to complex computer hacking. Banking websites have security measures in place to protect customers from many of them, but customers also must exercise a little common sense to prevent themselves from falling victim to fraud.

Phishing, Pharming and Social Engineering
The following methods are all ways of obtaining personal information that rely on the victim being careless with their account numbers and passwords, or having them enter their information on fraudulent websites.

Phishing: Phishing is a type of deception used to gain personal information. Fraudulent emails will be sent to people appearing to be from a trusted website such as a person's bank or credit card company. These emails will request you provide personal information such as passwords and account numbers allowing the sender of the email to gain access to the recipient’s accounts.

Pharming: Pharming simply causes users of legitimate commercial websites to be redirected to fraudulent sites that appear the same. Once the user enters their username and password the information is sent to these the virus held within. Trojan horses cannot reproduce themselves but the attacker usually gains some degree of control over a victim's computer once the Trojan horse is running. This could include sending data to the attacker's computer such as usernames and passwords or even credit card numbers.

Social Engineering: This is a type of non-technical fraud that uses human interaction to gain personal information. This often involves tricking people to divulge information that compromises personal security. Social engineers will use many different techniques such as appealing to people's weaknesses, eavesdropping and reading information over a person's shoulder (shoulder surfing). As well social engineers will take advantage of the fact that people often use passwords and pin numbers that are meaningful to them.

Trojan Horses, Spyware and Worms
These examples are more technical methods that involve gaining access to a victim's computer in many different ways.

Trojan Horse: A Trojan horse is a program that appears to be safe, such as normal software or an email attachment, but this is actually concealing a virus. Once the program is downloaded it executes the virus held within. Trojan horses cannot reproduce themselves but the attacker usually gains some degree of control over a victim's computer once the Trojan horse is running. This could include sending data to the attacker's computer such as usernames and passwords or even credit card numbers.

Worms: Computer worms spread across weaknesses or holes in networks. Unlike Trojan horses or viruses they do not need a host file to run them, worms are able to spread without a host program, but they do often come in email attachments like Trojans. Worms are able to share and corrupt your online banking information with other computers through these network holes.

Spyware: Spyware is a very general term and not all things included under its definition are considered bad. It is a type of software used largely for advertising and gathering personal information. Spyware can also change the configuration of a computer causing it to become very slow at processing or even causing it to crash. Spyware often comes along with other software downloads whether it is document in the 'Terms of Use Agreement' or not. Spyware that tracks your online activities can be used to obtain personal passwords and account numbers, however most spyware is not intended for that purpose.

Keylogging: This is a method of obtaining passwords and personal information by recording keystrokes of a user. People are more susceptible to having their information recorded by keylogging devices on public computers. Cables and devices may be connected to the computer or keyboard without the user noticing. Keylogging can also be downloaded on to a computer and go unnoticed on the OS (operating system). Check out this you tube video about hustlers using keylogging to steal a womens account number and password. 

The Benefits of Online Banking
Though there are some down sides of online banking, people all over the world are benefiting from the connivance of online banking. Online banking allows people to make transactions from the comfort of their own home. No hassles of trying to book appointments, and no waiting in line, it provides control of your finances at the tip of your finger. Another advantage to online banking is the ability to check your bank statements more often, therefore resulting in faster notice of mistakes. People are more aware of what’s happening to their money and can act faster when a mistake is spotted. A misconception about online banking is that your money is at the risk of someone hacking into your account and stealing it all. The thing that people don’t know about this is that someone can hack your online internet account the same way that they can steal your money if you don’t use online banking. By adding protection methods, as explained below, one can insure that the likelihood of being hacked is lowered significantly.

Along with the obvious pluses of online banking, such as saving time, you can actually save some money by not purchasing stamps to send your cheques with. Online banking is also available 24 hours a day, 7 days a week which can be extremely helpful to those people who cannot make it to the bank during their rather limited hours. So when you want to know if that check has cleared, it’s as simple as logging in on your computer. This is one of the greatest features of online banking. If you discover charges against your account that you are sure are not yours, you can find out immediately rather than waiting until your monthly statement comes in. Thus, allowing better protection in the event of identity theft against you.

How is Information Protected
There are many ways personal information is protected from online fraud. Some of these are put in place by the banking websites to make them as secure as possible for their customers. Other measures that can be put in place are included in the web browser being used. As well, online bankers should take some steps to further ensure the safety of their information.

The Bank's Role in Securing Online Information
Most banks that offer online banking services also offer guarantees that will reimburse any money lost due to unauthorized transactions through online bank accounts. Because of these guarantees banks must ensure that their security measures reduce this risk as much as possible. The most effective way of protecting data being sent over online networks is encryption, but banks use other tactics along with this to further guarantee safety.

Secure Sockets Layer: SSL is a protocol developed to secure transfer of private documents over the web. SSL encrypts data that is being sent. In the case of online banking, SSL encrypts banking information, so information can be securely transferred from the bank to the customer and from the customer to the bank.

Encrypted Cookies:When a user logs into an online banking system, such as The Royal Bank. The web site uses encrypted cookies to protect the account from unauthorized users. This encrypted cookie will help verify that the client and block unauthorized access to the accounts.


 * Additional Protection: TD Canada Trust's online banking system, EasyWeb, offers an additional security feature called IdentificationPlus. If a user logs in from a computer that they do not regularly use, the feature will prompt the user to answer 1 of 5 randomly chosen security questions before being allowed access to any banking information. Most banking web sites now require the client to have 3-5 personal questions that must be answered when requested to access the account. The questions are created by the client, so only the client should know the answer to it. The banking web sites determines irregularity by detecting IP address and encrypted cookies.


 * Real life example: One of our group members used a friend's laptop to do some online banking. This was the first time another computer was used to log on the banking web site, and a question was asked to be answered before accessing the account.

How to Protect Yourself
Wi-Fi: Avoid using open, unencrypted wi-fi connections when possible because these open wi-fi connections are not secure. Since these connections do not require a password to access, these waves can be intercepted by third-party users and they can retrieve personal information entered by other users.

Virtual Private Network: A VPN is made from public wires that connect to nodes. It is safer than a public network because it uses encryption and other security features so only authorized users have access to the network. A VPN is usually used in companies and organizations to secure data transfers.

Phishing Scams: Know that your bank will NEVER ask for your account number, PIN or any other personal information via email. If you receive an email that asks you for your personal information, report it to your bank and do not respond to the email. In one email, it says that CIBC has recently upgraded their servers and require that clients log on and enter their personal information. The website that directs the potential fraud victims is called cibconline.com, NOT cibc.com. CIBC clients can be easily tricked if they are not aware of that and the banks policy of acquiring personal information.
 * Here are some real examples that CIBC clients received in their email: http://www.cibc.com/ca/legal/fraud-example1.html#example116

Secure Websites: Before conducting any banking transactions, make sure there is a small padlock symbol at the bottom right-hand side of the browser window. This symbol indicates that the site is secure. If you hover over the padlock symbol, the company that ensures that the site is secure should display. The company monitoring the security of the website does security checks daily to guarantee security. Secure websites should also have an address beginning with https://. Banks use the Secure Sockets Layer (SSL) protocol, so banking information is encrypted before it is sent over the internet. Only the bank will be able to read the information you sent via the banking web site.

Protecting Your Password: 1. Choose a password that is easy for you to remember and difficult for others to guess 2. Change your password regularly; once every 3-4 months 3. Use a combination of upper case, lower case letters and symbols as part of your password 4. Do not disclose your password via phone, email, text messaging, or voicemail 5. Do not save your password on the computer or on paper 6. Make sure no one is around when you are typing in your password 7. Do not choose a password or PIN that is used for another account

Conclusion
From all the information available on the benefits and dangers of online banking it still seems, overall, to be a good development. It greatly increases efficiency of simple banking tasks such as money transfers and bill payments by allowing them to be done from the comfort of your own home and at anytime rather than working around the business hours of banks. Banking online still leaves the option to go into the bank for more complex transactions and as well has customer service hotlines to phone in questions. Along with the convenience of online banking, it also results in less paper use by eliminating some mail out statements and bills. As discussed previously, online banking can leave some personal information vulnerable to hackers; however, most of the risks can be eliminated if customers take the necessary precautions discussed above that work along with the bank's security features. With how fast everything is moving in today's society, many find it difficult to find time to stop by the bank for every necessary transaction. Banking online is the solution to this problem for many people, by taking a few simple steps and being careful with personal information it is, for the most part, secure.

Rebecca

 * 1) http://banking.about.com/od/savings/a/3onlinebankacct.htm
 * 2) http://www.fdic.gov/bank/individual/online/safe.html
 * 3) http://banking.about.com/od/securityandsafety/Scams_Security_Safety.htm
 * 4) Phishing http://www.sxip.com/newsitem-online_banking_stalls_phishing_privacy_concerns
 * 5) http://www.coastalfinancial.ca/Tips-SafetyPrecautionsforOnlineBanking.htm
 * 6) Secure Sockets Layer(SSL) https://www.sdfcuib.org/onlineserv/HB/security_site/privacy.html
 * 7) Identity Theft Checklist http://www.privcom.gc.ca/id/checklist_e.asp
 * 8) https://www5.memberdirect.net/direct/info_secure.jsp?inst=/bc/envision&lang=en&action=goto
 * 9) http://www.symantec.com/business/library/article.jsp?aid=confidence_in_online_banking
 * 10) Security features offered by TD Canada Trust https://easyweb.tdcanadatrust.com/

Danielle

 * 1) Guide to Security and Privacy RBC - http://www.rbcroyalbank.com/online/guidetosecurity.html
 * 2) RBC Online Banking Guarantee - http://www.rbcroyalbank.com/online/rbcguarantee.html
 * 3) http://www.finweb.com/banking-credit/is-internet-banking-a-good-idea.html
 * 4) Guide to Web Banking - http://web-banking.org/
 * 5) http://www.ecommercetimes.com/story/41042.html?welcome=1203716125
 * 6) The Ethical Hacker Network - http://www.ethicalhacker.net/content/view/31/24/
 * 7) CIBC - http://www.cibc.com/ca/legal/online-banking-guarantee.html
 * 8) ING Direct - http://www.ingdirect.ca/en/security/index.html
 * 9) Citizens Bank of Canada - https://www.citizensbank.ca/Personal/OnlineBanking/
 * 10) Security - https://www.sdfcuib.org/onlineserv/HB/security_site/privacy.html

Cassandra

 * 1) http://en.wikipedia.org/wiki/Identity_Theft
 * 2) http://en.wikipedia.org/wiki/Phishing
 * 3) http://en.wikipedia.org/wiki/Online_banking
 * 4) http://en.wikipedia.org/wiki/Two-factor_authentication
 * 5) http://en.wikipedia.org/wiki/Keystroke_logging
 * 6) http://en.wikipedia.org/wiki/Mobile_banking
 * 7) http://en.wikipedia.org/wiki/TAN_%28banking%29
 * 8) https://www5.memberdirect.net/direct/info_secure.jsp?inst=/bc/envision&lang=en&action=goto
 * 9) http://www.the-security-site.net/s/online_banking_security
 * 10) http://www.tdcanadatrust.com/ebanking/norton.jsp

Corinne

 * 1) http://www.phishingdangers.com/
 * 2) http://www.channel4.com/money/feature.jsp?id=420
 * 3) http://www.windowsecurity.com/articles/Secure_Socket_Layer.html
 * 4) http://www.scotiabank.com/cda/content/0,1608,CID418_LIDen,00.html
 * 5) https://www.paypal.com/us/cgi-bin/webscr?cmd=_security-center-outside
 * 6) http://www.banksafeonline.org.uk/
 * 7) http://www.scamwatch.gov.au/content/index.phtml/itemId/694322/fromItemId/694028
 * 8) http://www.computeractive.co.uk/vnunet/news/2203016/human-error-puts-web-banking
 * 9) http://www.moneyinstructor.com/art/bankonline.asp
 * 10) http://ezinearticles.com/?Do-The-Risks-Outweigh-The-Benefits-Of-Internet-Banking&id=413170

Sanya

 * 1) http://www.msmoney.com/mm/banking/onlinebk/bank_disadv.htm
 * 2) http://www.24-7-ebiz.com/online-banking-security-information/Disadvantages_of_Online_Banking.html
 * 3) http://www.bankrate.com/brm/olbstep2.asp
 * 4) http://banking.about.com/od/savings/a/3onlinebankacct.htm
 * 5) http://www.buzzle.com/articles/advantages-and-disadvantages-of-online-banking-services.html
 * 6) http://ezinearticles.com/?Online-Banking:-Advantages-and-Disadvantages&id=445102
 * 7) http://www.finweb.com/banking-credit/is-internet-banking-a-good-idea.html
 * 8) http://www.bankbranchonline.com/banking.html
 * 9) https://www5.memberdirect.net/direct/info_secure.jsp?inst=/bc/envision&lang=en&action=goto
 * 10) http://www.chicagofed.org/consumer_information/what_you_should_know_about_internet_banking.cfm

Jennifer

 * 1) http://www.fdic.gov/bank/individual/online/safe.html
 * 2) http://banking.about.com/od/securityandsafety/Scams_Security_Safety.htm
 * 3) http://www.americanbanker.com/btn_article.html?id=20060403KDQBHYBZ
 * 4) http://www.coastalfinancial.ca/Tips-SafetyPrecautionsforOnlineBanking.htm
 * 5) http://online.lovetoknow.com/wiki/Online_Banking_Safety
 * 6) http://www.dfps.state.tx.us/Documents/Adult_Protection/b-safe/pdf/internet_banking_safety.pdf
 * 7) http://banking.about.com/od/savings/a/3onlinebankacct.htm
 * 8) http://www.pcworld.com/article/id,117757-page,1/article.html
 * 9) http://www.bankrate.com/brm/news/ob/19981030.asp
 * 10) http://www.bankrate.com/brm/olbstep2.asp