The security of internet Banking is a widely debated topic nowadays. People who feel that it is secure carry out large number of transactions over the internet daily. However, people who have doubts over the security of Internet Banking, regards it as unsafe for financial transactions. Group which is against internet banking comprises of people who have experienced internet fraud themselves or their colleagues/relatives have been cheated. In some cases, people have made up their opinion on the basis of media stories.
Considering all the risks and advantages, it is more or less safe to use internet banking if proper care is taken and common sense is applied. If you are running a PC with updated anti-virus/malware tools, you check the authenticity of site’s URL, check small padlock at the bottom of the screen and check the correct certificates on the site then it is high probability that you are going to make safe and secure transaction using internet banking.
There are basically two different security methods used for online banking.
The PIN/TAN system: In this system PIN is a password used for the login and TANs are one-time passwords for authenticating transactions. TANs are distributed in different ways and generated using the security token. It is called as a two factor authentication or 2FA. The online banking transactions with PIN/TAN are done using a web browser through SSL secured connections. TANs are also send to the online banking user via SMS on mobile phone.
It is regarded as very secure procedure for safe transactions.
Signature based system: In this system all the online banking transactions are signed and encrypted digitally. Depending on the implementation, the keys used for generating signature and encryption are stored on smartcards or any memory medium.
Common Attacks on Internet Banking Security
The nature of attacks has become more active than passive nowadays. Earlier, attackers use the passive threats like password guessing, shoulder surfing, dumpster diving etc. However, now attackers steal the login data and valid TANs by deceiving the user. Phishing and pharming are the widely used techniques adopted by attackers or hackers. Apart from it, cross-site scripting and keylogger/Trojan horses are also employed for stealing login information.
Signature based attack: The attack on signature based online banking methods involves manipulation of the used software in such a way that although correct transactions are visible on screen, faked transactions get signed in the background.
Trojan attack: In this attack, Trojan gets installed on a user’s computer without their knowledge during his visit to certain websites and downloading programs. This program captures the confidential information keyed in by the user on to bank’s website and sent it to the attacker. Thus, attacker gets the user ID and password for making fraudulent transactions.
Man-in-the-middle attack: In this attack, attacker creates a fake website and dupes the user to visit his site. Users do not realise that they are visiting the fraudster’s website. The information keyed in during that session is captured and used for making fraudulent transactions at the same time.
Prevention Measures against Viruses
There are many effective countermeasures which are employed for avoiding attacks.
Digital certificates are used for prevention against phishing and pharming.
Class-3 card readers areused for avoiding manipulation of transactionsby the software in cases of signature based security system.
Virus scanners and Antivirus/Malware tools are used to protect systems against Trojan horses.