Author Topic: Online Banking: Information Security vs. Hackers Research Paper  (Read 2657 times)

0 Members and 1 Guest are viewing this topic.

ijser.editor

  • International Journal of Scientific and Engineering Research
  • Administrator
  • Jr. Member
  • *****
  • Posts: 89
  • Karma: +0/-1
  • Research Paper Publishing
    • View Profile
    • International Journal of Scientific and Engineering Research
Online Banking: Information Security vs. Hackers Research Paper
« on: January 02, 2011, 09:38:41 am »
Author : Paul Jeffery Marshall
International Journal of Scientific & Engineering Research, Volume 1, Issue 1, October-2010
ISSN 2229-5518

Millions of financial data transactions occur online every day of the year 24 hours a day 7 days a week and bank cyber crimes take place every day when bank information is compromised. Skilled criminal hackers can manipulate a financial institutionís online information system, spread malicious bank Trojan viruses that allow remote access to a computer, corrupt data, and impede the quality of an information systemís performance. If sensitive information regarding commercial and personal banking accounts is not better protected, cyber-thieves will continue to illegally access online financial accounts to steal trillions of dollars plus sensitive customer information globally. Audit of bank information technology systems, ethics and policy requirements for bank information security systems, awareness of risk potential, continuity of financial institution information systems all should be high on the list of federal & state regulators and banking board of directorísagendameetings. One major real world cyber crime directed at any specific financial institution can severely take down a domestic and global financial network. Banks and Savings & Loans is identified as financial institutions and both are custodians of not only their customerís money, but even more so a financial institution is responsible for their customerís personal and legacy data. Examples of information that financial institutions are the custodian of records for their commercial and personal banking customers is: day-to-day transactions including deposits, withdrawals, balance amount, social security number, birth date, loan information, partnership agreements related to a loan, year-to-date statements and a host of other extremely sensitive financial information. All the above mention records, transactions and sensitive information is events that occur online usually more than 50 percent of the time. Cyber crooks, network hackers, cyber pirates, internet thieves is an emerging crime category of criminals and threat to online banking information security systems. According to reports $268 million dollars was stolen online from financial institutions, 2009 cyber-robbery of financial institutions escalated to $559 million dollars (Bankrate.com). The efforts used to hi-jack financial institutions was Banking Trojans that piggy-back legitimate customer bank accounts to steal passwords, fraudulent wire transfers, and hackers working from the inside to compromise the information security system of an financial institution, in other words; an inside job.

METHODS
In age where technology has outpaced the law regarding banking cyber crimes many online pirates make it their fulltime work to challenge bank information security systems to find a point of entry into an information system in order to access bank data and steal money. Customers can be clueless about cyber crimes until it is too late and all their money has disappeared from their account. When a potential customer walks through the door of a financial institution to open a basic checking or saving account the customer is asked and required to provide all kinds of sensitive information like social security number, driver license number, and sign an affidavit that authorizes the financial institution to obtain a credit report to check the customerís current credit history and there after every six months before an account is open. Then on top of that requirement; the new customer is asked by the financial institution to trust them with all that sensitive information. Illustrated below are four scenarios and consequences of bank cyber crimes.
Complete Article on http://www.ijser.org/onlineResearchPaperViewer.aspx?OnlineBanking_InformationSecurity_vs_Hackers_Research_Paper.pdf

CARDINAL RULES OF INFORMATION SECURITY
My research for this project paper lead me to the formation of what I believe to be a need for what I will call the CARDINAL RULES of Information Security related to all industries including financial institutions. CARDINAL

RULES of Information Security is as follow:

1. Unprotected Information Systems is a Business Crime
2. Lack of Information Security Policy is Unacceptable
3. Audit and Compliance routinely to Identify Information Security Shortfalls
4. Risk Management Analysis Strengthens Information and System Security
5. Strong Virus Protection Policy help protect against Network Vulnerabilities and Threats

What is at stake when sensitive information is compromised online and all roads lead back to the custodian of the information? In an age where hackers and online information bandits keep 24 hour vigilance as cyber intruders with intent on thief and crime; no information system is completely a safe zone. The best offence against cyber criminals who seek to compromise online system security is defense. Stakeholders who are responsible for online financial data must have a plan, policy, and protection related to information security. In my opinion, CARDINAL RULES of Information Security should be adopted into the by-laws of all business models who expect to do online e-Commerce business in the future. Cyber threats and attacks are real, many go undetected, they occur every day, and will be on the rise in coming years. The facts are clear; the custodian of online information has the responsibility for the security of the data.
Complete Article on http://www.ijser.org/onlineResearchPaperViewer.aspx?OnlineBanking_InformationSecurity_vs_Hackers_Research_Paper.pdf