Internet Banking Final Report

8/9/2019 Internet Banking Final Report

1/36

While physical security is important, securing your digital assets is just as

important. Access to most digital assets is protected via a password. The

password is the key to your sensitive information files, data sets,

confidential information, among others. A password is a form of secret

authentication data that is used to control access to a resource. The

password is kept secret from those not allowed access, and those wishing

to gain access are tested on whether or not they know the password and

are granted or denied access accordingly. Passwords vary in the degree of

public awareness, security protection and frequency of change. How

secure is your password? If someone is able to guess your password, none

of the systems in the world will protect your valuable information. Your

assets are only as secure as your weakest password. Mitigating

authentication weaknesses by increasing password length and complexity

will reduce security if passwords are pushed beyond the peak of their

effectiveness. With this philosophy we aimed to research on theawareness regarding this matter and found hopeful results.

Before we could work towards a more appropriate solution to users

insecure password practices, it would be necessary to study the

underlying cause of these practices, which lies within users perceptions

of their accounts and passwords. In this thesis, we present the findings

from our study, which investigated the importance of the strength andprivacy, people place on passwords and whether they understand the role of

how weak passwords can lead to exposure of crucial information. Our findings

revealed that anyone can easily become a victim of e-crime as there arevarious ways to steal your password or personal information if you are not

concerned about protecting your account and personal information

against security hazards. People are ignorant about password strength.

Research has proved that passwords are commonly shared and not kept

private by people, same passwords are used for multiple accounts, people

are unaware of data stealing software, there is fear in using E banking;

credit cards, online banking etc.

~ 1 ~


2/36

Introduction:

With the advent of the internet, various aspects of life have been

revolutionized; everything has been taken to a different level. Amongst all

these revolutionary changes is the shifting of trends concerning data

security. Gone is the time when lock and key were supposed to be kepthidden. This is the digital era where everything is accessible by the click of a

button. With the banking industry also being revolutionized by information

technology, the biggest threat to its modernization and adaptation is threat

of data security. Internet banking allows its users to conduct a variety of

tasks from the comfort of their homes, once thought impossible. Various

internet services are being provided by banks globally from as simple as

checking bank account balances to the wire transfer of millions of dollars at

the click of a button. With any new solution comes a problem and with that

problem comes a solution waiting to be unearthed. Internet banking while

having brought the ease and convenience of transacting from the comfort ofones home or office brings with itself the very real exploitation threat. There

has been an increasing number of electronic crime cases reported or rather

more commonly known as e-crime. E-Crime generally refers to a criminal

activity where a computer or computer network is the source, tool, target, or

place of a crime. Despite the unavoidable references to computers or

online activity, e-Crime encompasses a whole range of traditional crimes -

such as fraud, theft, blackmail, forgery and embezzlement. For the sake of

our discussion and to simplify the definition this report will deal with e crime

as defined by criminal activity where personal and financial information is atstake because of weak or inadequate network security. Exploitation can

occur during various stages. This report will deal with shortcomings in

security on part of the user, pertaining to password setting, one of the most

basic aspects and something that the user can control arbitrarily.

For the progress of online financial services offered by banks to gain pace,

specially in an under developed country like Pakistan, where most people

hesitate in getting involved in the banking sector due to religious reasons,

the only way internet banking can gain popularity and be accepted is when

the benefits of the above are widely published and all threats eliminated orat least diminished. Banks benefit from offering this service due to its low

costs and economies of scale. The cost for serving 100,000 customers is

virtually the same as serving 10,000. Hence this system boasts of huge

savings for banks. For the users, the major advantages are convenience and

accessibility on-the-go, with a wide range of attractive internet packages

~ 2 ~


3/36

being offered by telecom companies this serves as a rich ground for the

growth of internet banking.

One of the key aspects of security, the most basic and the first step to

understanding the importance of security is the significance of a good

password. A strong password can protect personal and financial information

from those wishing to exploit along with supplementary albeit equally crucialmeasures. Since there has been virtually no research conducted in this area,

in Pakistan, we would like to take this opportunity to research on the

awareness of the importance of passwords people place on them.

Methodology:

The rationale behind this research is based on the belief that many people

do not pay adequate attention when setting passwords. The focus of this

study is to identify the importance of the strength and privacy, people place

on passwords and whether they understand the role of how weak passwords

can lead to exposure of crucial information. A direct issue arising from this is

of people revealing personal information which may seem harmless, but can

be a deadly arsenal for someone waiting to exploit and compromise the

situation of such people.

A questionnaire was designed comprising of 15 questions was used to

conduct a sample survey in order to evaluate from respondents on how

passwords are chosen and whether the same passwords are assigned for

multiple accounts and how careful people are when it comes to discussing

seemingly irrelevant personal information. The questionnaire aims to identify

areas of vulnerability. The sample population was aged above 25 years of

age and working in diversified professions, and was tested about the

importance of personal information and about the subjectivity of a good

password. With the result we will aim to prove how the weakness of a

password contributes to risk of personal and financial information, and how

awareness of this matter can help with the promotion of E banking.

~ 3 ~


4/36

Literature Review:

Passwords have been a necessary part for most of the online activitiespeople do. We require passwords to protect our data and accounts form DataSnatchers, whore constantly looking to access our data. Passwords areactually the keys that help the hackers to open up the accounts you exercisemost of the time on the internet i.e. your email, bank account, socialnetworking websites, etc. So, people who use single password for variousaccounts can put their valuable information or money at risk. Singlepasswords actually help hackers to snatch what you have because using thesame password for various times on different web sites helps them tocrack the password easily.

Previous studies have shown that users often write their passwords down,and post them in obvious locations (Barton and Barton 1984; Adams andSasse 1999; Dhamija and Perrig 2000; Horowitz 2001). Users oftencreate weak passwords based on obvious dictionary words or personalinformation, which can be guessed by people who know enough about them.These weak passwords include birth dates, personal names, nicknames,names of partners or favorite celebrities, and even the word password(Riddle, Miron et al. 1989; CentralNic 2001; Sasse, Brostoff et al.2001; Brown, Bracken et al. 2004). Password sharing between friendsand work colleagues has also been noted as a common practice. Many usersdo this because of convenience and practical reasons (Adams and Sasse1999),or as a result of social pressure. A recent study (Gaw and Felten2006) showed that password reuse tends to increase as people accumulatemore accounts. Ives, Walsh et al. (2004) described the domino effect ofmultiple systems being susceptible to attacks because of password reuse.

Morris and Thompson (1979) studied a corpus of 3,289 passwords frommany users over a long period of time and discovered that 86% of thesepasswords were extremely weak. Riddle, Miron et al. (1989) analyzed6226 user generated passwords from IBM CMS environment used bystudents and staff at Syracuse University in 1987, finding that manypasswords were extremely short and consisted of English words or personsnames. Adams and Sasse (1999) conducted a study of password relateduser behaviors, including password construction, frequency of use, passwordrecall and work practices. They concluded that their participants lackedsecurity motivation and understanding of password policies, and tended tocircumvent password restrictions for the sake of convenience. Dhamija andPerrig (2000) conducted an interview-based study involving 30participants. Similar to Adams and Sasse, they concluded that participants

~ 4 ~


5/36

tended to find workarounds to circumvent system restrictions, which oftenresulted in insecure password practices.

Know Hacking! But No Hacking:

People should be aware of the hacking techniques or they should make aneffort to know about the security threats they face in the cyber world. Therehave been many real life cases and dozens of people who have become avictim of e-crime and they have lost their valuable information or money justbecause they were least bothered of the security hazards on the internet.

Another reason that why people should be concerned about their importantinformation is because the favorite target of hackers are home and home-office computers because these computers are mostly connected to the

internet through a broadband and the connection is always open so thehackers can easily locate these computers with the help of the scanners.

A few of the cases are mentioned below to let people know the importancethat they should be aware of the hacking techniques to safeguard theironline activities or they should keep their keys (passwords) strong enough tobe revealed by the hacker.

Credit Card scam

Credit cards have become a major source of electronic payment system and

it is widely used by the people to make online purchases of airline ticketsand other e-commerce transactions. Although major security actions (suchas SSL, secure web servers, etc.) have been implemented in websites butstill number of credit card frauds are increasing.

The scenario

A number of times people have complained that they have not made anypurchases for which theyre asked to make payments. It happens becausethe victims credit card information is stolen by the Data Snatchers and they

misuse it for making online purchases and then the victim is asked to makepayments. Actually the bad guy or the Data Snatchers are liable who havestolen the valuable information of the credit card holders as well as thosewho have misused it.

~ 5 ~


6/36

The suspect install key loggers1 and other password revealing softwares inpublic computers such as cyber cafes, airport lounges, etc and the innocentpeople use these computers to make online purchases and when they entertheir credit card information; it is emailed to the suspect. Another techniqueto know about the victims credit card information is the various peoplewhore actually using your credit card to make receipt for your purchasessuch as petrol pump attendants, hotel waiters who note down the

information and later sell it to criminal gangs that misuse it for online frauds.

Keeping passwords safe:

Passwords and pin numbers should not be written down anywhere to

remember and should not be disclosed to anyone. According to a recent

study, researchers have suggested that passwords should be difficult to

guess i.e. strong passwords rather than obvious passwords, such as

mothers name or date of birth, etc.

Obama Twitter account 'hacked by Frenchman'

Anyone can easily become a victim of e-crime as there are various ways to

steal your password or personal information. This is what happened to the

American President Barack Obama.

The unemployed 25-year-old Frenchman recently hacked twitter accounts

belonging to Obama by simply guessing users passwords. He has also

targeted other celebrities, including Britney Spears.

He accessed the accounts by simply working out answers to reminder or secret

questions on targets e-mail accounts, according to investigators.

1 A commonly used technique to steal password is key logger. It is actually a spyware

and if it is installed in computer and you access your email account through that

computer then youll definitely lose your password because it records each and every

keystroke that you type.

~ 6 ~


7/36

Attacks on Password Authentication Mechanisms

User End

Classification of attacks on password authentication

mechanisms based on the targets of the attacks: 1.

Attacks on the user end 2. Attacks on the communication

channel 3. Attacks on the system end.

~ 7 ~


8/36

Questionnaire Findings

Question 1:How do you access internet?

Question 2:

Do you use the same password for multiple accounts?

~ 8 ~


9/36

33.3%

26.7%

40.0%

usually

yes

never

Question 3:

How many characters do your passwords usually have?

Question 4:

What kind of passwords do you prefer? Tick as many as applicable

~ 9 ~


10/36

Question 5:

What do your passwords usually look like?

Question 6:

Do you share your passwords with anyone? Tick as many as applicable

Question 7:

Are you aware of any software (Password Revealer, spywares) that can beinstalled on your computer to retrieve passwords entered on variouswebsites?

Question 8:

Do you think strong passwords can help keep financial information secure,and virtually risk free from hack attacks?

~ 10 ~


11/36

13.3%

30.0%

33.3%

23.3%

disagree

neutral

agree

strongly agree

Question 9:

Do you trust Internet cafe or Internet library?

Question 10:

Would you use your credit card for shopping online and other transactions?

~ 11 ~


12/36

26.7%

30.0%

30.0%

13.3%never

rarely

frequently

always

Question 11:

Do you think there is a fear using credit card?

Question 12:~ 12 ~


13/36

If yes, then if there is an arbitrary password associated with using your creditcard information would you use your credit card then?

43.3%

33.3%

23.3%

dont know

yes

no

Question 13:

Do you conduct transactions using your online bank account?

53.3%

46.7%

yes

no

Reasons for not using online bank account to conduct transactions:

~ 13 ~


14/36

Question 14:

Have you been or know someone who has been a victim of E-crime?

Question 15:

What do you think is the reason behind increasing cases of Electroniccrime?

Tick as many as applicable

Research AnalysisThe research based on response of the sample population of 30 individuals,

ages above 25, professions ranging from lecturer to industrialist, to banker

and sub editors of newspapers, from freelance software writer to production

manager. Thus this ensured the sample population came from different

backgrounds and were exposed to different circumstances.

~ 14 ~


15/36

The results of the questionnaire about accessing the internet showed that

cable internet was the most popular means of access while DSL and wireless

competing for the second and third popular spots. Satellite internet or any

other means to access the internet received zero responses. It shows that

most of the users of internet are accessing it through cable network which

requires higher safety than DSL or any other means i.e. personal firewall is

needed.

Ways to access Internet Frequency Percent (%)

DSL Internet 8 25

Cable Internet 16 55

Satellite Internet - 0

Wireless Internet 6 20

Others - 0

Total 30

Our assumption that people prefer to have the same passwords for various

accounts was based on the belief that about 80% of the population would

conform to this. On the contrary, the results showed only a small minority of26.7% always set the same password while 33.3% usually used the same

password. This could signify that important accounts like banking or private

business email accounts had different passwords while other less important

ones had invariably the same passwords. What was surprising was a majority

of 40% of the sample chose never meaning that they never chose the

same passwords for multiple accounts. This result was extremely favorable

since it showed that even if passwords were compromised, information from

all of an individuals account would not be misused.

Same password for

multiple accounts

Frequency Percent (%)

Always 8 26.7

~ 15 ~


16/36

Never 12 40

Usually 10 33.3

Total 30

Considering the strength of the password which in itself is very subjective,we received slightly unexpected but promising results. Of the three

questions that tested on its subjectivity, one was based on the length of the

password, (the more the number of characters in a password the stronger it

is,) the keys used in the password, (alphabets, numeric and special keys,)

and whether any personal information was used in the password that people

around a person are familiar with, (names, pet names, name of spouse,

phone number, date of birth). This question also seeked any other ideas for

passwords that people used. Results showed a 50% of the sample population

used 7 to 9 characters when setting their passwords, with the rest almostequally divided between 4 to 6 and more than 9 characters per password.

Number of characters

passwords usually have


4-6 7 24.8

7-9 15 50

More than 9 8 25.2

Total 30 100.0

There were mixed results to the question which inquired about the

information used in the passwords. While an overwhelming majority did not

used any obvious personal information like their own or their spouses name

or even phone numbers, a surprising 50% of the population confirmed to

using their pet names in their password. This proves our assumption and also

exposes vulnerability. People need to understand that using information that

is commonly known among peers can prove to be dangerous and lead to

damaging results. People who do not use any personal information in their

passwords cited other ideas for the same. From names of cars and

medicines, to random phrases, things they like, and initials of phrases and a

combination of dates and numbers.

~ 16 ~


17/36

Use of Personal Info Yes No Yes % No %

Date of Birth 5 25 16.66667 83.33333

Nickname 15 15 50 50

Phone number 5 25 16.66667 83.33333Spouse's name 3 27 10 90

The most favorable result of the research pertained to what a password was

constructed of, i.e. 50% of passwords had at least two types of characters

either i) alphabets and numeric, ii) numeric and special keys, or iii) alphabets

and special keys while another 36.7% used all three types of characters in

their password. Only a small minority of 13.30% used simple passwords. The

result although encouraging, highlights a key component that people do not

place importance on their passwords even though many websites nowprovide the testing of ones password. They require the password to be

entered and a bar will show the strength of the password whether weak,

moderate or strong. Since these tools are easily available and there is the

strong likelihood that individuals are aware of these tools due to the

widespread availability, the mindset is such that even strong passwords

would not protect data against a hacker. While true in some cases, a

password can protect against hackers contrary to the beliefs of many.

Preference for

passwords


Simple alphabets 4 13.30

Alphabets and numeric 12 40

Alphabets and special

keys

2 6.70

Numeric and special

keys

1 3.30

All of the above 11 36.70

Total 30 100.0

~ 17 ~


18/36

Concerning the sharing of passwords, 14 of the 30 people surveyed

responded that they did share their passwords while the rest of the 16 did

not share their passwords. Of the 14 people who do not keep their passwords

to themselves, 50% shared their passwords with their husbands or wives

while 4 people each responded to having shared their passwords with friends

or siblings while an insignificant minority of 2 people out of the 14 admitted

to having shared their passwords with their boyfriend or girlfriend. Theassumption behind this question was respondents would be more likely to

share their passwords with their respective spouses and girlfriend/boyfriend.

This was however invalid as people also shared such information with their

friends and siblings. The results were skewed towards the unfavorable side

since trusting people with crucial key combinations of bank accounts and

credit card information can leave one penniless if one ever came across a

person who wanted to misuse such financial information.

Password Sharing Yes No Yes % No %

Share passwords 14 16 46.66667 53.33333Share with friends 4 10 28.57143 71.42857

Share with siblings 4 10 28.57143 71.42857

Share with spouse 7 7 50 50Share withgirlfriend/boyfriend 2 12 14.28571 85.71429

The most disappointing result of this research was the question which

surveyed awareness about various softwares that can steal passwords off

computers if installed on them. These softwares are likely to across in publiccomputers at airports, internet cafes and other public places. Once the login

and password is entered it is stored and can be retrieved either by accessing

that same computer or even from an off location computer by accessing it

through the internet. This can lead to various information being

compromised, more so because there is a severe lack of awareness about

such software. An astounding 56.7% of the people pledged to be unaware of

the existence of any such software. This result was highly disappointing

because of the nature of the sample population. Aged above 25 and having

used the internet extensively for about 5 to 7 years they were oblivious to

potentially damaging programs.

Awareness of Passwords

revealers, spywaresFrequency Percent (%)

Yes 13

No 17 56.7

~ 18 ~


19/36

Total 30 100.0

When asked about whether respondents thought passwords could help keep

their financial information secure, 56.6% agreed to this statement while 30%

were unsure about it. A mere 13.3% of the responses disagreed with the

statement. This result is reassuring and although not as strongly seen inother conclusions of this research objective that states a majority of people

may not choose the characters in their passwords carefully.

Strong passwords keep

financial information

secure


Strongly Agree 7 23.3

Agree 10 33.3

Neutral 9 30

Disagree 4 13.3

Strongly Disagree - -

Total 30 100.0

When inquired about whether they trusted computers in public places, 90%

said no. Despite the population being unaware of why publicly logged in

computers are unsafe, there is a severe lack of trust in the same. Although

contrary to the previous result, this result is encouraging. At least the

population is aware that such places are not to be trusted.

Trust computers in public

areasFrequency Percent (%)

Yes 3

No 27 90

~ 19 ~


20/36

Total 30 100.0

Concerning the next aspect of this research report, about the use of financial

transactions available online, many people indicated a fear of using credit

cards and online banking accounts. 90% of the responses stated that there

was some fear associated with using their credit cards but despite this fearonly 56.7% of the people answered that they rarely and never used their

credit cards due to this fear that their information could be misused and they

could be charged for expenses they did not actually incur. In such cases if a

bank is notified that a credit card has been misused, usually the person to

whom the credit card has been issued to, does not have to pay if he can

prove that he did not authorize the transactions. In some cases where the

person cannot prove the same, he is liable to pay or the bank can assume a

limited liability role depending on the rules of the issuing bank. Bottom line

being many individuals believe there is a risk when using credit cards. Thisresult is highly contrasting to that of more developed countries. In the USA

for example, even everyday groceries are purchased by credit cards where

as in Pakistan, a large investment such as a car is also paid for by cash. Thus

there is huge shift in mindset that needs to occur before widespread

acceptance of credit cards. This can be achieved if people start accepting

that credit cards can be protected against misuse.

Online usage of credit

cards


Always- its very

convenient

4 13.3

Frequently-Prefer online

transaction more

9 30.0

Rarely- Prefer cash

rather than credit card

9 30.0

Never-too risky 8 26.7

Averse to interest - -

Total 30 100.0

A suggestion to accompany this question was whether respondents would

trust and use credit cards if there was an arbitrary and independent

password associated with their accounts: any such information that was not

~ 20 ~


21/36

available on the face of the credit card itself in case it was stolen. Generally

a credit card transaction requires the credit card number, the expiration

date, and in some cases a 3 digit pin code, all embossed on the credit card. If

this smart card were to be stolen, funds associated with the credit card

account could be used for transactions. If a password had to be entered

before authorizing the transaction for the credit card it would be safer since

it would not be printed on the credit card itself. ATM cards use this method; a4 digit pin code is required after inserting the card in the ATM slots before

cash can be withdrawn. This is known as double verification of identity and is

a much safer means of conduction transactions which will also encourage

use of credit cards and even debit cards which work in almost the same way.

Of the 66.7% who stated that they did not use their credit cards, 33.3%

stated that it would be safer if an independent password accompanied their

account and would use their credit cards in such a scenario.

Fear using credit cards Frequency Percent (%)

Yes 20

No 10 33.3

Total 30 100.0

Arbitrary passwords

with credit cards


Yes, ensures stolencredit card wont be

used

10 33.3

Don't know 13 43.3

No, it still is risky 7 23.3

Total 30 100.0

Online bank account usage has not caught on much in this country. Thereasons are many. From not having the necessity to use the bank account,

since even some business transactions are carried out with cash, religious

reasons based on interest being haram, and the risk factor associated with

online transactions, it discourages people from using an extremely

convenient method of managing their finances. 53.3% report using their

banks online accounts, the figure being positive, can also simply mean that

~ 21 ~


22/36

bank balances are checked using the service. Hence this result is ambiguous.

When the 46.7% of the people who do not use online services were asked to

quote a reason, they varied from security issues to having no needs for such

services while 20% also stated that their banks did not provide such service

yet. This is also a significant finding since the non-availability of online

banking services denotes slow adapting of the banking industry.

Online bank account Frequency Percent (%)

Yes 16

No 14 46.7

Total 30 100.0

Another result stemming from above conclusions of the lack of integration of

internet services and banking in this country is seen from the awareness andcases of E crime. 66.6% reported that they had not been nor were they

aware of any individual who had been a victim of electronic crime concerning

bank accounts or credit card scams. In the developed world, such cases

widely come to light and are propagated through the media and news

channels. There were no official statistics available but the information on

various cases posted at least proved that if electronic crime cases are

unearthed they are publicly condemned so that people can be aware of the

various ways they can threatened with. This leads to better security.

Victim of E-crime Frequency Percent (%)

Yes 10

No 20 66.6

Total 30 100.0

The reasons behind increasing cases of e crime were reported and a 22 out

of 30 voted for loopholes in technology used, for example bugs in software or

inadequately performing anti-virus editions and so on. Only 10 peoplereported that simple passwords could be behind e-crime while password

sharing received just above 50% of the votes. Other reasons quoted

concerned the naivety of people which leads them to be exposed. This result

also confirms that respondents did not believe strong passwords could

contribute to security of data.

~ 22 ~


23/36

Are you aware of softwares that can retrieve your

password?

1

7

1

5

.

0

2

.

0

1

3

1

5

.

0

-

2

.

0

3

0

n

o

y

e

s

T

o

t

a

l

O

b

s

e

r

v

e

d

N

E

x

p

e

c

t

e

d

N

R

e

s

i

d

u

a

l

Reasons behind Ecrime Yes No Yes % No %Simple passwords 10 20 33.33333 66.66667Sharing of passwords 16 14 53.33333 46.66667Lack of antivirus 15 15 50 50Loopholes intechnology 22 8 73.33333 26.66667

Statistical analysis:

Hypothesis 1:

Ho= No awareness of any software that can retrieve passwordsHa=Awareness of any software that can retrieve passwords

~ 23 ~


24/36

T

e

s

t

S

t

a

ti

s

t

i

c

s

.

5

3

3

1.

0

3

C

h

i

-

S

q

u

a

re

ad

f

A

s

y

m

p

.

S

ig

.

Are you aware ofs

o

f

t

w

a

r

e

s

t

h

a

t

Can retrieve yourP

a

s

s

w

o

r

d

?

0

c

e

l

l

s

(.

0

%

)

h

a

v

e

e

xp

e

c

t

e

d

f

r

e

q

u

e

n

c

i

e

s

l

e

s

s

t

h

a

n

5

.

T

h

e

m

in

i

m

u

m

e

x

p

e

c

te

d

c

e

l

l

f

r

e

q

u

e

n

c

y

i

s

1

5

.

0

.

a

.

Rejection region:

Reject Ho if X-value


25/36

Conclusion:Since X-value is less than 0.05 i.e. 0.03 so we reject Ho and conclude thatpeople arent aware of any software that can retrieve passwords.

Hypothesis 2 :

Ho= Strong passwords cannot keep financial information secureHa=Strong passwords can keep financial information secure

strong pass can keep fin info secure?

7 7.5 -.5

10 7.5 2.5

9 7.5 1.5

4 7.5 -3.5

30

strongly agree

agree

neutral

disagree

Total

Observed N Expected N Residual

~ 25 ~


26/36

T

e

s

t

S

t

at

i

s

t

i

c

s

0

.

0

2

5

3.

0

0

5

C

h

i

-

S

q

u

ar

e

ad

f

A

s

y

m

p

.

Si

g

.

S

t

r

o

n

g

pa

s

s

c

a

n

k

e

e

p

f

i

n

i

n

f

o

s

e

cu

r

e

?

0

c

e

l

l

s

(

.

0

%

)

h

a

v

e

ex

p

e

c

t

e

d

f

r

e

q

u

e

n

c

i

e

s

l

e

s

s

t

h

a

n

5

.

T

h

e

mi

n

i

m

u

m

e

x

p

e

ct

e

d

c

e

l

l

f

r

e

q

u

e

n

c

y

i

s

7

.

5.

a

.

Rejection region:

~ 26 ~


27/36

Reject ho if X-value


28/36

D

o

y

o

u

tr

u

s

t

i

n

t

e

r

n

et

c

a

f

e

s

?

2

7

1

5

.

0

1

2

.

0

31

5

.

0

-

1

2

.

0

3

0

n

o

y

e

s

T

o

t

a

l

O

b

s

e

r

v

e

d

N

E

x

p

e

c

t

e

d

N

R

e

s

i

d

u

a

l

~ 28 ~


29/36


30/36

Reject ho if X cal


31/36

I

s

t

h

e

r

e

a

f

e

a

r

u

s

i

n

g

c

r

e

d

i

t

c

a

r

d

?

1

0

1

5

.

0

-

5

.

0

2

0

1

5

.

0

5

.

0

3

0

n

o

y

e

s

T

o

t

a

l

O

b

s

e

r

v

e

d

N

E

x

p

e

c

t

e

d

N

R

e

s

i

d

u

a

l

~ 31 ~


32/36

T

e

s

t

S

t

at

i

s

t

i

c

s

3

.

3

3

3

1.

0

0

5

C

h

i

-

S

q

u

ar

e

ad

f

A

s

y

m

p

.

Si

g

.

i

f

t

h

e

r

e

a

f

e

a

r

u

s

i

n

g

c

re

d

i

t

C

a

r

d

?

0

c

e

l

l

s

(

.

0

%

)

h

a

v

e

ex

p

e

c

t

e

d

f

r

e

q

u

e

n

c

i

e

s

l

e

s

s

t

h

a

n

5

.

T

h

e

mi

n

i

m

u

m

e

x

p

e

ct

e

d

c

e

l

l

f

r

e

q

u

e

n

c

y

i

s

1

5

.0

.

a

.

Rejection region:

~ 32 ~


33/36

Reject ho if X cal


34/36

Conclusion

Internet banking, a relatively new phenomenon in our part of the world, has

unleashed its opportunities almost suddenly. So fast that many users of this

technology are still not able to grasp the abilities and consequences of the

same. With our research we aim to prove that once basic internet security is

understood by our population, acceptance of internet banking will follow

hand in hand.

Our questionnaire was designed with a purpose to survey the understanding

of the vitals of internet security keeping in mind the future of internet

banking. It was aimed to test the basic knowledge behind security threats

and what we must do to safeguard our data.

Statistical evidence showed that there were certain shortcomings regarding

awareness but at the same time some results were better than our

assumptions behind the research.

Most of our assumptions behind this research were proven true. These

assumptions were:

People are ignorant about password strength

Passwords are commonly shared and not kept private

Same passwords are used for multiple accounts

Unawareness of data stealing software

~ 34 ~

Fear using credit card


35/36

Fear in using E banking; credit cards, online banking etc.

Unawareness about the reasons behind increasing rates of e-crime

Our research has proven that anyone can easily become a victim of e-crime

as there are various ways to steal your password or personal information if

you are not concerned about protecting your account and personal

information against security hazards.

Recommendations

Considering the sensitive nature of security, personal and financial security,

there are certain aspects that need to be published and highlighted. With an

increasing number of cases ranging from financial and identity theft, there is

a dire need to incorporate security measures. To protect one from such

dilemma, the following measures need to be implemented:

Creating strong passwords for all accounts no matter how unimportantthey seem.

The greater the variety of characters in your password, the better.

Multiple passwords for multiple accounts.

Avoid sharing passwords unless absolutely necessary.

Avoid entering personal and financial information on public terminals.

To limit the risk of your password being cracked, it should be at least 8characters long and include letters (both upper and lower case), digitsand punctuation.

You should change your password regularly and always after a tripwhere you could have exposed your password at a remote site.

~ 35 ~


36/36

Investing in a good antivirus to protect information.

To encourage banking transactions through the internet, banks canimplement the following details:

Use multiple factor authorization.

Allow entering only a specific number of characters for a password, butdifferent every time such as UBLs online banking.

Use passwords along with credit card numbers to authorizetransactions.

Educate their clients about banking security.

Bibliography

http://www.utexas.edu/its/secure/articles/importance_strong_passwords.php

http://www.associatedcontent.com/article/137084/the_importance_of_choosing_strong_computer.html

http://www.spamlaws.com/data-security-importance.html

http://crpit.com/confpapers/CRPITV98Notoatmodjo.pdf.

Exploring the Weakest Link: A Study of Personal Password Security, GilbertNotoatmodjo, 15 July 2007

Passwords and Perceptions by Gilbert Notoatmodjo and Clark Thomborson
http://www.utexas.edu/its/secure/articles/importance_strong_passwords.phphttp://www.associatedcontent.com/article/137084/the_importance_of_choosing_strong_computer.htmlhttp://www.associatedcontent.com/article/137084/the_importance_of_choosing_strong_computer.htmlhttp://www.spamlaws.com/data-security-importance.htmlhttp://crpit.com/confpapers/CRPITV98Notoatmodjo.pdfhttp://www.associatedcontent.com/article/137084/the_importance_of_choosing_strong_computer.htmlhttp://www.associatedcontent.com/article/137084/the_importance_of_choosing_strong_computer.htmlhttp://www.spamlaws.com/data-security-importance.htmlhttp://crpit.com/confpapers/CRPITV98Notoatmodjo.pdfhttp://www.utexas.edu/its/secure/articles/importance_strong_passwords.php

Documents

Internet Banking Final Report