Professional Documents
Culture Documents
Abstract -- Current online banking only allows payment to be conveniences, there is no updated amount due published to
made from a single bank account hence user needs to log in to the users in one single interface. User needs to log in to
several banking sites to settle the dues monthly. Paying several websites to check the amounts due before they could
bills/loans from multiple bank accounts in a single login would settle their monthly dues. According to the results of a
provide greater convenience. This paper reviewed the current on survey, 2 out of 7 factors influencing the growth of e
line banking system and discussed the challenges in designing an
banking are convenience (including internet accessibility
integrated web based application for independent personal
financial organizer called I-PFO. I-PFO allows users to settle and ease of use) and security [5].
their financial commitments from multiple banks in a single
website. It also provides ease of use, tracking due dates, Hence, a secured integrated web application for multiple
organizing and personalization. The challenges of such system online banking services could be the solution in near future.
are security, value proposition to attract collaboration from banks It will resolve the concerns over security architecture and
and user acceptance. This paper focuses on security solutions for provide great conveniences to users. A web-based
I-PFO. application named Independent Personal Finance Organizer
(I-PFO) is proposed.
Keywords- multiple online banking; personalized financial
organizer; integrated web application; security solution;
integrated one-stop solution; II. CHALLENGES IN CURRENT ONLINE BANKING SYSTEM
I. INTRODUCTION The inconveniences that users face in current online
With the rapid growth of online businesses and users, banking system are as follow.
there appear many clusters of e-commerce applications that A. Excessive steps
do not physically link to each other in system perspective; Supposing a user has a car loan with Bank A but need to pay
yet, it is inter-related in business perspective. Online the loan using account from Bank B. User needs to login to
banking has been around since 1980s’ with it first Bank A account to check the car loan amount and loan
introduction in four major banks in New York [1]. However, account number. Next, user needs to login to Bank B
user acceptance only begin to pick up recently with account, key in Bank A loan account number and the loan
Consumer Payment Surveys in United Kingdom (UK) amount. Then, requests for a security pin code and wait for
reporting that 50 percent of regular Internet users in UK the code to appear in user’s mobile phone, finally, proceed
which constitutes of 22 million users are now banking on to final transaction. Besides, user also needs to navigate and
line [2]. In Malaysia, online banking was introduced about flip through multiple pages and websites before making
10 years ago and Bank Negara reported in 2007 that there payment.
were 4.5 million subscribers [3]. The numbers are increasing
each year as Malaysia continues to upgrade its Internet B. Multiple login usernames and passwords
infrastructure. Current online banking systems are offered With reference to the above scenario, users will have to
by individual banks, user with multiple bank accounts is remember various login names and passwords from
facing the inconvenience of safeguarding login names and individual banks.
passwords as well as following different security procedures
adopted by individual banks. Findings reveal that privacy,
security and convenience factors play an important role in C. No due dates tracking
determining the users' acceptance of e-banking services with There is no feature in the online banking system to remind
respect to different segmentation of age group, education users when the bill/loans are due.
level and income level [4]. Meanwhile, accessibility, design
and content are sources of satisfaction [5]. In terms of
F. Server Firewall
Server firewalls ensure that all requests can only enter
the system from specified ports, and ensure that all accesses
are only from certain physical machines [8]. I-PFO will
adopt the server firewall model from IBM security solution,
where a demilitarized zone (DMZ) using two firewalls will
be setup. The model is as shown in Fig. 9 [14].
VII. CONCLUSION
User Interface Backend System Security Framework
The concept of I-PFO may not sound feasible at
Start
present in view of the various challenges mentioned
Server Firewall above. Nevertheless, it proposes the convenience that
protection
any user would like to have in near future. More
First
researches need to carry out to address all other
authentication:
User key in the
I-PFO username and obstacles.
password
username, and
authentication
password. ACKNOWLEDGMENT
The authors would like to thank the School of
Second
authentication:
System receives
request and sends TAC
I-PFO one time Computer Sciences, USM for organizing the writing
credential
User requests TAC to user’s hand phone.
authentication, workshop under the APEX incentive grant that provides
6-digit TAC the platform to produce this paper.
User keys in the I-PFO Fraud REFERENCES
TAC in I-PFO. Detection Service
[1] Mary J Cronin, Banking and Finance on the Internet, New
York Van Nostrand Reinhold, 1997.
[2] Kirky, Online Banking exceeds 50% usage by internet user,
No Terminated.
2010, http://www.onlinebankingreviews.co.uk/ (accessed 14 Feb
System
Log for risk
I-PFO Identity 2010).
Identity protection &
Verification investigation. [3] Yee YY, Yeow PHP, “User acceptance of internet banking
validation
service in Malaysia”, WEBIST 2008, LNBIP 18, pg295-
306, 2009.
Yes
[4] Poon, “Users’ Adoption of E-banking Services: the
User checks Systems ref resh and
Malaysian Perspective”, Journal of Business and Industrial
his/her extract the updated SOAP-DSIG- SSL Marketing, Vol.23, No.1, pp.59-69, 2008.
personalize data and publish in
the I-PFO.
protection for data [5] Poon and Tan, “Spread of E-Banking in Malaysia: A
f inancial page.
extraction Consumer Perspective”, The ICFAI university Journal of
Bank Management, Vol.VII, No.4, pp.71-84.
[6] SAP Netweaver, SOAP-Based Transfer of Data,
No <http://help.sap.com/saphelp_nw04/helpdata/EN/80/1a627ee0721
Due date >= X
Nothing 1d2acb80000e829fbfe/frameset.htm>, 2004 (accessed 14 Feb
days? 2010).
[7] Satoshi Hada, SOAP Security Extension: Digital
Yes
Signature,<http://www.ibm.com/developerworks/webservices/li
Notes: brary/ws-soapsec/>, 2001 (accessed 14 Feb 2010).
For example, if Blinking "DUE"
the current bill [8] Dieter Gollmann, “E-commerce Security”, Computing & Control
due is DIGI, I- Engineering Journal, vol. 11, pg. 4, 2000.
PFO shows
blinking “DUE”. [9] Darshanand Khusial, Ross McKegney, E-Commerce Security:
Server Firewall
Attacks and Preventive Strategies,
protection
<http://www.ibm.com/developerworks/websphere/library/techartic
les/0504_mckegney/0504_mckegney.html>, 2005 (accessed 14
User selects DIGI Feb 2010).
icon, then, drag and Server No
Terminated.
drop CIMB icon authenticate
Log for risk I-PFO Fraud [10] IBM Redguide, Introducing the IBM Security Framework and
near DIGI icon or correct Detection
vice versa. partner?
investigation.
Service IBM Security Blueprint to realize Business-driven Security,
<http://www.ibm.com/developerworks/wikis/display/IBMSecurity
Blueprint/IBM+Security+Framework+Page>, 2009 (accessed 14
Yes Feb 2010).
[11] VeriSign, VeriSign Identity Protection (VIP)
I-PFO interf ace with SSL Certification Network,<http://www.verisign.com/authentication/consumer-
partner's f or secured protection for
payment transf er. (The
authentication/shared-authentication-network/index.html>,2010
interfacing with
correct user account partners
(accessed 14 Feb 2010).
inf ormation is sent f rom
CIMB to DIGI) [12] VeriSign, Secure Socket Layer (SSL): How It Works,VeriSign,
<http://www.verisign.com/ssl/ssl-information-center/how-ssl-
security-works/index.html>, 2010 (accessed 14 Feb 2010).
“Transaction Success”
Yes [13] Li Bo, Xu Congwei, “E-commerce Security Risk Analysis and
and the summary
Transaction Management Strategies of Commercial Banks”, International
report is published. success?
Forum on Information Technology and Applications,
vol.1, pg.423, pg.424, 2009.
“Transaction Fail” and
No
[14] Han Zhang, Gerald Weber, William Zhu, Clark Thomborson,
the summary report is
published. “B2B E-Commerce Security Modeling: A Case Study”, vol.2,
pg.1, 2006.
[15] Ge Qingping, Feng Li, Yang Li, “Probe into E-commerce
Figure 10 Operation Flow Chart of I-PFO Security Technology”, 2009 International Forum on Computer
Science-Technology and Applications, vol.2, pg. 426, pg.427,
pg.428, 2009.