Risk in Cyber Space

8/2/2019 Risk in Cyber Space

1/45

Cyber Banking

Using the Internet to perform banking

functions. Also called electronic banking,

virtual banking, and online banking.

Cyber banking allows customers toconduct financial transactions from home,

business or from the road, on a securewebsite operated by their retail or virtualbank.


2/45

Consumers can use e-banking to check their

accounts, pay bills online, secure a loan

electronically and much more. E-banking saves users time and money. For banks

it offers an inexpensive alternative to branch

banking

Many physical banks offer home banking services

like SBI, Citibank, ICICI, HDFC etc


3/45

History

The term online became popular in the late '80s

and referred to the use of a terminal, keyboard and

TV (or monitor) to access the banking systemusing a phone line.

Online services started in New York in 1981 when

four of the citys major banks (Citibank, Chase

Manhattan, Chemical and Manufactures Hanover)offered home banking services using the videotex

system.


4/45

The UKs first home online banking

services was set up by the Nottingham

Building Society (NBS) in 1983.

The system allowed on-line viewing of

statements, bank transfers and bill

payments.


5/45

Virtual Banks

Virtual banks have no physical location, but

only conduct online transactions.

The world's first fully-functional virtual

bank was the Security First Network Bank

(SFNB)

These banks were designed without atraditional banking infrastructure.


6/45

Virtual Banks around the world are: ING Direct

U Bank

HSBC Direct

First Direct


7/45

Implementation Issues in

Online Financial Transactions

Access to Banks Intranets by outsiders

Many banks provide their customers withpersonalised service by allowing the access to

the banks intranets

Using Imaging Systems

Several financial institutions eg. Bank of

america, citibank allow customers to viewimages of all their checks, invoices which are inprocess.

For eg, in SBI transactions, before authorising

the check you can see the image of the check


8/45

Pricing Online Versus Off-Line Services

Pricing issues must be taken into account for

providing the different types of services.

Mostly computer based banking services are

offered free by banks whereas offline

services prove to be costlier than onlineservices


9/45

Features of online banking

Transactional

Electronic bill payment

Investment

Non Transactional


10/45

Features of online banking

Transactional (e.g., performing a financial

transaction such as an account to account

transfer, paying a bill, wire transfer and

applications apply for a loan, new account,etc.)

Electronic bill payment Funds transfer

between a customer's own checking andsavings accounts, or to another customer's

account


11/45

Investment oppurtunities to customers

like opening of D-MAT account,

Insurance.

Non-transactional (e.g., online statements,

chat)

Bank statements, Account update.


12/45

Advantages of Online Banking

View your Transactions

Online banking is the quickest way to check

and see if a transaction has cleared your

account.

Speedy Work For the Bank

Online banking is generally quicker than

the transactions conducted at the ATMS orat the bank.


13/45

No physical presence is required

All banks today are encouraging customers

to bank online rather than going to the bank

and making transactions.

24*7 facility is available

Online banking sites never close. They are

available 24 hrs a day, seven days a week.


14/45

Eliminating paper work

Paying bills online does more than save trees. It

also helps reduce fuel consumption by the trucksand planes that transport paper checks.

Ubiquity

If you are out of station or even out of country on

a tour or on an official trip, If you are facing

money problem, all you have to do is log on to the

internet.


15/45

ATM as a part of cyber banking

Automated Teller Machines or 24-hourTellers are electronic terminals that let youbank almost any time. To withdraw cash,make deposits, or transfer funds betweenaccounts, you generally insert an ATM cardand enter your PIN. Some financialinstitutions and ATM owners charge a fee,particularly to consumers who dont haveaccounts with them or on transactions atremote locations.


16/45

Online Billing and Bill Paying

People prefer to pay monthly bills, such as

telephone, utilities, rent, credit cards, and

so on, online. The recipients of such

payments are equally eager to receivemoney online, because online payments

are received much more regularly and

quickly and have lower processing costs.


17/45

Payment system

Automatic transfer of funds to pay monthly

utility bills.

Like your gas and water bills, the bank

automatically allows customer to pay these

bills from there bank accounts.

Paying bills from online banking accounts.

Many people pay there monthly rent and

other bills directly into the payees bank

account.


18/45

Person to Person direct payment.

An example of this is Pay Pal, it enable a

person to send funds to another individual

over the internet.


19/45

Disadvantages of cyber banking

Safety concern

Meant for tech savvy people

Sophisticated technology

Continuous up gradation


20/45

Disadvantages Contd.

Safety Concerns: In the article titled, "Is

Online Banking Safe", cyber scams that

may target unsuspecting customers wereexplored in great detail. Phishing, the

presence of malicious software, keylogger

issues and security concerns due to weakwireless security networks deter people

from opting for Internet banking


21/45

Because physical presence of a person is not

required, that may pose a problem.

Internet required sophisticated technology.


22/45

Meant for Tech Savvy People: People

belonging to the older generation may not

be tech savvy and may find it difficult toadapt to online banking.

Continuous up gradation is required

otherwise the site will become obsolete.


23/45

Challenges of cyber banking

Security

Systems Development and Life Cycle

Management

Performance

Return on investment

Identity Theft


24/45

Banking Risks

Same inherent risk and issues as Internet

Banking, primary risks affected

Strategic Transaction

Reputation

Compliance


25/45

Strategic Risk

Determining wireless banking role indelivering products and services

Defining risk versus reward goals and

objectives Implementing emerging e-banking strategies

Rapidly changing technology standards


26/45

Transaction Risk

There are various kinds of transaction risks in cyber

space like

1. On line fund transfer done by some one else on yourbehalf.

2. You yourself do fund transfer but to some phishing

site.

3. Stop payment of a cheque is made by someone else.4. Site not working properly.


27/45

Unproven standards can have security

weaknesses

Encourage customers to use goodPIN/Password management practices


28/45

Reputation Risk

Reliability of delivery network

Customer acceptance of no-service due to

telecommunications issues when they are inareas they expect service - ConsumerExpectations

Processing and handling of interrupted

transactions Integration of wireless applications with

existing products and services


29/45

Reputation Contd.

This kind of risk is mostly considered in

case of HNI (High Net Worth Individual/

High Net Worth Income) client. Becausethey give bank huge interest as well as

business. Bank do not want to let them

down.


30/45

Compliance Issues

Disclosures

The various risk removal methods used by

the bank should be compliable to the

government.

They should not violate the rules of the

country.

Privacy concerns for customers.


31/45

Risk in Cyber Space

Fraudulent practices

Cyber squatting

Email Spamming

Money Laundering

First Party Risk

Third Party Risk


32/45

Fraudulent practices

Many people are involved only in doing

fraud. Like they make virus, spyware, trojan

horse etc.


33/45

Cyber squatting

It means a person can subscribe to a domain

name which may be the name of a brand.

After that the person can demand moremoney to the brand, if he will sell that

domain name.

Eg. Nike, Coke


34/45

Email Spamming

Fraud email can be sent to a persons email

address. Whether a person wants them or

not.


35/45

Money Laundering

Money can be sent via the internet from one

part of the world to the other part of the

world. This is a good way of making white money

from black money.


36/45


37/45

Cyber Intelligence

It is defined as the various methodologies

used by a company to eliminate risk in

cyber space. It includes many things


38/45

Firewall

A firewall is a set of programs, located at a network

server that protects the resources of a private networkfrom users from other networks. (The term alsoimplies the security policy that is used with the

programs.) An enterprise with an intranet that allowsits workers access to the wider Internet installs a

firewall to prevent outsiders from accessing its ownprivate data resources and for controlling whatoutside resources its own users have access to.


39/45

Virus Scanners and IDS

Virus is defined as a computer program that do unwantedthings. It may replicates itself many times or it may deleteimportant data.

Meaning of IDSIntrusion Detection System, is asecurity system that detects inappropriate or maliciousactivity on a computer or network.

An Intrusion Detection System (IDS) is used to determineif a computer network or server has experienced anunauthorized intrusion. An IDS works like a burglar alarm

system. If it detects a possible intrusion, the IDS systemwill send out an alert or warning which would prompt anadministrator to perform further investigation which mightinclude computer forensics and prosecution.


40/45

Authentication

Authentication is the process of determining whethersomeone is, what it is pretended to be. Authentication iscommonly done through the use of logon passwords.

Knowledge of the password is assumed to guarantee thatthe user is authentic. Each user registers initially has anassigned or self-declared password. On each subsequentuse, the user has to state that password.

The weakness in this system for transactions is that

passwords can often be stolen, accidentally revealed, orforgotten.

That may pose a problem.


41/45

Encryption

Encryption is a process of translating a message,called the Plaintext, into an encoded message,called the Ciphertext. This is usually accomplished

using a secret Encryption Key and a cryptographicCipher.

Two basic types of Encryption are commonlyused:

Symmetric Encryption, where a single secret keyis used for both encryption and decryption.

Asymmetric Encryption, where a pair of keys isused -- one for Encryption and the other forDecryption.


42/45

Active content filter

A type of malware that uses common, dynamicscripting languages (e.g. Java, JavaScript, ActiveX, or Visual Basic). Vulnerabilities in the

scripting language are exploited to carry maliciouscode, which could be downloaded through a Webbrowser and executed on a local system withoutthe user's knowledge or consent. Malicious activecontent can be used for many criminal activities,

including to deliver viruses and worms, send e-mail, record information from the local user, or toredirect users or content. Active content is alsocalled mobile code.


43/45

Active Content Filter (ACF) removes potentiallymalicious active content (JavaScript, Java)from application content that is displayed in a

browser that interprets DHTML. The ACF runsover any application content over which usershave control, such as e-mail bodies and subjects orcalendar entries. Filtering of mail messages, forexample, occurs every time a user opens a

message for viewing, replying, or forwarding. Theoriginal content of the message is stored in thedatabase and the content is filtered on the fly.


44/45

OCTAVE

Operationally Critical Threat, Asset, and VulnerabilityEvaluation. It is a suite of tools, techniques, and methodsfor risk-based information security strategic assessmentand planning.

The OCTAVE methods are

self-directedSmall teams of organizational personnelacross business units and IT work together to address thesecurity needs of the organization.

flexibleEach method can be tailored to theorganization's unique risk environment, security andresiliency objectives, and skill level.


45/45

Chief Security Officer

Chief Security Officer means the person

responsible for the organization's entire

security posture which is digital. CSOs alsofrequently own or participate closely in

related areas such as business continuity

planning, loss prevention and fraudprevention, and privacy.

Documents

Risk in Cyber Space