Professional Documents
Culture Documents
On
Banking Service & Operation
(EBanking Security, Online Threats &
Defence Module)
TELE BANKING:
Undertaking a host of banking related services including financial
transactions from the convenience of customers chosen place
anywhere across the GLOBE and any time of date and night has
now been made possible by introducing on-line Telebanking
services. By dialing the given Telebanking number through a
landline or a mobile from anywhere, the customer can access his
account and by following the user-friendly menu, entire banking
can be done through Interactive Voice Response (IVR) system.
Credit Card:
A credit card is part of a system of payments named after the
small plastic card issued to users of the system. It is a card
entitling its holder to buy goods and services based on the
holder's promise to pay for these goods and services. The issuer
of the card grants a line of credit to the consumer (or the user)
from which the user can borrow money for payment to
a merchant or as a cash advance to the user.
DEBIT CARD:
Debit cards are also known as check cards. Debit cards look like
credit cards or ATM (automated teller machine) cards, but
operate like cash or a personal check. Debit cards are different
from credit cards. While a credit card is a way to "pay later," a
debit card is a way to "pay now." When you use a debit card, your
money is quickly deducted from your checking or savings
account. Debit cards are accepted at many locations, including
grocery stores, retail stores, gasoline stations, and restaurants.
You can use your card anywhere merchants display your card's
brand name or logo. They offer an alternative to carrying a
checkbook or cash.
E-CHEQUE:
• An e-Cheque is the electronic version or representation of
paper cheque.
• The Information and Legal Framework on the E-Cheque is
the same as that of the paper cheque’s.
• It can now be used in place of paper cheques to do any and
all remote transactions.
• An E-cheque work the same way a cheque does, the cheque
writer "writes" the e-Cheque using one of many types of
electronic devices and "gives" the e-Cheque to the payee
electronically. The payee "deposits" the Electronic Cheque
receives credit, and the payee's bank "clears" the e-Cheque
to the paying bank. The paying bank validates the e-Cheque
and then "charges" the check writer's account for the check.
Outbound Data Theft – Data sent from the web site are
intercepted for use in attacks. For example, that may include
data about the software installed at the site, version number etc.
• Secret data. The only secret data that are shared between the
customer and the bank is a PIN on an opened account, where the
PIN has been delivered out-of-channel, preferably mailed to the
statement address of the account or selected in a branch. The
PIN should be attached to a specific account, is never visible to
any bank employee, and is stored in an encrypted form in the
system of record.
• Systematic lockout. Systematic lockout by real-time
monitoring controls set on the system’s parameters locks a
person out after two or more invalid attempts to access account
information or transfer funds
There are also different ways to make the user aware of the next
OTP to use. Some systems use special electronic tokens that the
user carries and that generate OTPs and show them using a small
display. Other systems consist of software that runs on the user's
mobile phone. Yet other systems generate OTPs on the server-
side and send them to the user using an out-of-band channel
such as SMS messaging. Finally, in some systems, OTPs are
printed on paper that the user is required to carry with him.
Mutual Authentication:
Mutual authentication or two-way authentication
(sometimes written as 2WAY authentication) refers to two parties
authenticating each other suitably. In technology terms, it refers
to a client or user authenticating themselves to a server and that
server authenticating itself to the user in such a way that both
parties are assured of the others' identity. When describing online
authentication processes, mutual authentication is often referred
to as website-to-user authentication, or site-to-user
authentication.
Mutual SSL provides the same things as SSL, with the addition of
authentication and non-repudiation of the client authentication,
using digital signatures. However, due to issues with complexity,
cost, logistics, and effectiveness, most web applications are
designed so they do not require client-side certificates. This
creates an opening for a man-in-the-middle attack, in particular
for online banking.
Thank You