To what extent is internet banking safe - Essay Example

?To what extent is internet banking safe? Describe and evaluate how security and privacy systems work on internet banking. Internet banking has thrived in the past decade. According to a survey, online banking was found to be used by 80 per cent of the American population that makes 72.5 million American households in the year 2010 (Fenlon, 2013). Provision of electronic services by banks has evolved with the use of advanced communication technologies. Nevertheless, online banking imparts need for additional security because of the extremely sensitive nature of the exchanged information. In addition, attacks against the authentication mechanisms of internet banking evolve, thus decreasing the trust of the users (Dimitriadis, 2007). Users look for security and privacy factors while accepting the online services offered by a bank with respect to income level, education level, and age group (Jalal, Marzooq, and Nabi, 2011). Although the risk embedded in online transactions to lead to stealth of information and fraud of credit card cannot be ignored, most banks realize these risks and take measures to secure the transmissions. Hackers look for online retailers with large customer base and poor security to obtain their usernames and passwords to access their financial information. Most customers fall prey to emails that appear to be send by their bank but steal the customers’ passwords by leading them to fraudulent websites. Keylogging is a process through which all strokes of a password are tracked by a virus while the password is being entered. It can breach personal computers’ defences. Ordinary web users can fend off such software with having latest versions of anti-virus software installed and extra-thick internet firewalls. Hackers use latest technology to surpass their barriers and many users overlook regular computer checks. In order to deal with these threats, online banks avoid connecting to the internet directly. Instead, they use firewall technology to protect their computer system from unauthorized access. Many online banks hire outside security experts so as to ensure that their systems are secure internally and externally against the experts’ attempts to make unauthorized attacks. If a user forgets logging off while the banking session has been inactive for a certain duration which is usually few minutes, the online bank ends the session for the user. The information can thus not be accessed in the terminated account. The user needs to give the User ID and Password to resume the banking session again. Security systems commonly employed by online banks can be categorized into two types; software based systems and hardware based systems. In the software based systems, information is coded and decoded with the help of specialized security software. These systems are in abundance in the market because of their ease of distribution and portability. Security systems based on software employ encryption as the main method. Encryption modifies information so that it becomes unreadable till the process is reversed. Online banks use Secured Socket Layer (SSL) encryption to provide their users with safe online transaction services. Messages in each session are encrypted with a unique master key. Encryption is a process of communication in which the private information is scrambled to deter unauthorized access during the transmission of information from the user’s browser to the bank. The master key used for a particular session is wasted once the user has signed off because it was only meant for one session. Users need an internet browser which supports the encryption of 128 bits before they can login to the internet banking (FirstBank, 2013). This ensures use of the highest security level. Some examples of the current encryption technology include digital signature, pretty good privacy (PGP), and Kerberos (Yang, 1997). A digital signature transforms a signed message so that the sender is recognizable to the reader. A private key is used to sign the messages which are then verified with a public key. Only a public key can verify a message that the private key encrypts. It is a safe method as the private key needed to do the signature is only with the sender. PGP is a “hybrid cryptosystem that combines a public key (asymmetric) algorithm, with a conventional private key (symmetric) algorithm to give encryption combining the speed of conventional cryptography with the considerable advantages of public key cryptography” (mycal.net, n.d.). The benefit of using PGP is that a trusted channel of encryption key transmission is not required by the message’s recipient. Kerberos creates a ticket that is actually an encrypted packet of data to identify the user securely (Rouse, 2007). A transaction is made by making exchanges with a server to generate a ticket. The Kerberos server exists between two systems that share a private key to secure information. Kerberos is amongst the best encryption technologies of private key. Hardware based security systems protect information in a more secure way compared to software based systems, but the former are more expensive and less portable compared to the latter. Security system based on hardware develops a closed and secure channel in which the confidential identification data is kept totally out of reach of the unauthorized users. Two hardware based security systems that are commonly employed include MeCHIP and Smartcard system. MeCHIP ensures secure online transaction by directly connecting to the keyboard of a PC with a patented connection (Tittel and Scott, 1997, p. 163). MeCHIP receives the information that is to be secured, circumventing the vulnerable microprocessor of the client’s PC. Secure coded form of the information is signed before the bank receives it. In this case, the channel from the user to the bank is secure and closed. The logged information is verified and if any deviations are found, the session gets terminated instantly. MeCHIP provides users with the necessary security required to transfer confidential information from their personal computers. Smartcard system is a device that encodes information on the chip over the card. It identifies information with algorithms that are based on asymmetric sequences. “An estimated 88% of registered Internet bank users actively use this card, which is not currently EMV-compliant” (Atkins, 2004, p. 118). Users have unique chips registered for them only thus making them safe against the penetration of viruses. However, Smartcard system comes with some practical limitations; it is not accepted broadly in online distribution or home banking. Also, large amount of information that requires decoding cannot be handled by Smartcard. While the private identification of the user is protected, the transfer of information is not secured with the use of Smartcard. While a Smartcard is very secure for the users, the security model is damaged if there is a malware in the PC as the transactions get modified by the malware and the users can then not detect them (Muraleedharan, 2009, p. 361). In light of the security systems analyzed in this paper, it can be said that internet banking is safe to a large extent at least from the bank’s end because most banks conduct banking over Secure Socket Layers and have a high level of security which is almost impossible to breach. However, the safety of internet banking is low from the user’s end because most personal computers are not adequately safeguarded against the potential threats. Internet banking can be safe provided that both the bank and the user fully fulfill the responsibilities at their respective ends. Internet banking is prone to risks of stealth and misuse of information. To reduce these vulnerabilities, different sorts of security systems based on software and hardware have been realized. Generally, software based security systems are used more often than hardware based security systems because software based systems are cost effective and easier to distribute. It takes specialized knowledge to assess the security of applications of internet banking. References: Atkins, W 2004, The Smart Card Report, Elsevier Ltd. Dimitriadis, CK, 2007, Analyzing the Security of Internet Banking Authentication Mechanisms, ISACA, Vol. 3, [Online] Available at http://www.isaca.org/Journal/Past-Issues/2007/Volume-3/Pages/Analyzing-the-Security-of-Internet-Banking-Authentication-Mechanisms1.aspx [accessed: 5 August 2013]. Fenlon, W 2013, Is online banking safe? [Online] Available at http://money.howstuffworks.com/personal-finance/online-banking/online-banking-safe.htm [accessed: 5 August 2013]. First Bank 2013, Security & Privacy, [Online] Available at https://www.efirstbank.com/internet-banking/security-privacy.htm [accessed: 5 August 2013]. Jalal, A, Marzooq, J, and Nabi, HA 2011, Evaluating the Impacts of Online Banking Factors on Motivating the Process of E-banking, Journal of Management and Sustainability, Vol. 1, No. 1, pp. 32-42. Muraleedharan, D 2009, Modern Banking: Theory And Practice, New Delhi: PHI Learning Private Limited. Mycal.net n.d., How PGP Works, [Online] Available at http://www.mycal.net/Group42/crypto/pgp/howpgp.htm [accessed: 5 August 2013]. Rouse, M 2007, Kerberos, [Online] Available at http://searchsecurity.techtarget.com/definition/Kerberos [accessed: 5 August 2013]. Tittle, E, and Scott, C 1997, Building Web commerce sites, IDG Books Worldwide. Yang, Y 1997, The security of electronic banking, [Online] Available at http://csrc.nist.gov/nissc/1997/proceedings/041.pdf [accessed: 5 August 2013]. Read More