Impact of cyber crime on Banking- Dr.S.

Arumuga perumal

Impact of cyber crime on virtual Banking

Dr.S.Arumuga perumal Reader and Head Department of Computer Science S.T.Hindu collge,Nagercoil-2 Email :visvenk@yahoo.co.in

Abstract The fast development of network communication leads to the expansion of Information technology which in turn leads to the influence of access control system in IT sectors and banking sectors which sails in to the sea of Network security the most essential scenario in our daily life. So we are in a position to keep the company workers/customers knowledge base up-to-date on any new dangers that they should be cautious about. There are many technologies available to counteract intrusion, but currently no method is absolutely secured. The most dangerous frauds that causes in day to day banking activity is phising, a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. According to the latest research, 93 percent of phising attack specifically involving attempts to rob customers of financial services companies. The aim of this paper is to discuss the various ways by which the phising affects the internet banking and also discuss the implementation of safety security measures adopted by the users. Introduction For the majority of businesses and organizations, information is considered to be an asset, and so worthy of protection. Information security can support a wide variety of objectives, including: Compliance with laws and regulations; Reducing the risk of fraud or other falsification of data to an acceptable level Reducing the risk of unauthorized access or disclosure to an acceptable level The protection afforded to information is usually expressed in terms of the following categories Confidentiality: Concerned with protecting information from unauthorized disclosure Integrality: Protecting information from unauthorized modification in order to preserve its accuracy and completeness Availability: Ensuring that authorized people are able to access information when they need to without undue delay Non Repudiation: Ensuring that a user who performs an action that could have an impact on security of information cannot later refute that action. Authentication has a significant contribution to provide all these services. Now a days in Indian banking system, the authentication is done through password that is not up 1

Impact of cyber crime on Banking- Dr.S.Arumuga perumal to the level of high security measure. There is an urgent need to acclimatize the security measure in the banking system. No one technique, device or procedure is going to provide all of these services. Acceptable authentication processes allow an organization to have a reasonable degree of assurance that the people who read, originate, send or alter material on an information system are: Who they claim to be. Have the authority to do what ever it is they are doing. Cannot avoid accountability for their actions. Counteracting risk Risk from crackers are sure to remain with us for any foreseeable future. The challenge for IT personnel will be to keep one step ahead of crackers.Members of the IT field need to keep learning about the types of attacks and methods of counteracting security risks. There are many technologies available to counteract network intrusion, but curetnly no method is absolutely secure. The best strategy may be to combine a number of security measures. Some of the steps to take towards securing a network are All devices need to be secured All users need to be educated in network security All networks are actively monitored for weakness and breaches. Virtual banking Any banking service delivered to the customer by means of a computer-controlled system that does not directly involve the usual bank's branch is called virtual banking. In virtual banking the traditional paradigm of a customer's integration with the bank is replaced by an electronic paradigm, which is new and innovative in banking sectors. Customer demands, commercial motivation and technological developments are the key drivers of virtual banking. In the changing environment adaptation to market realities as well as technology is causing the virtual banking revolution. Customer pull and banking push are the two engines to drive the virtualization. Factors to be considered in virtual banking The routine banking transaction was becoming both costly and time consuming. The banks resorted to computerization to cut cost and time overheads in handling routine transactions The introduction of automated teller machine (ATM) impart flexibility to bank customers and gave further boost to virtual banking The introduction of credit cards and debit cards helps both the consumers and retailers to be free from cash handling. These payment systems save time and offered security in its rouse Phising idea The most of electronic banking have built-in security features such as encryption, prescription of maximum monetary limits and authorizations, the system operators have to be extremely vigilant and provide clear-cut guidelines for operations. On the larger issue of electronically initiated funds transfer, issues like authentication of payments instructions, the responsibility of the customer for secrecy of the security procedure would also need to be addressed.

Impact of cyber crime on Banking- Dr.S.Arumuga perumal The most dangerous frauds that causes in day to day banking activity is phising, a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. More recent phishing attempts have targeted the customers of banks and online payment services. Most recent research has shown that phishers may in principle be able to establish what bank a potential victim has a relationship with, and then send an appropriate spoofed email to this victim. Targeted versions of phishing have been termed spear phishing. Experiments show a success rate of over 70% for phishing attacks on social networks. Phisng attempts using Linking Manipulation Most methods of phishing use some form of technical deception designed to make a link in an email (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs or the use of subdomains are common tricks used by phishers, such as this example URL, http://www.yourbank.com.example.com/. Another common trick is to make the anchor text for a link appear to be valid, when the link actually goes to a phisherss site. An old method of spoofing used links containing the '@' symbol, originally intended as a way to include a username and password (contrary to the standard). For example, the link http://www.google.com@members.tripod.com/ might deceive a casual observer into believing that it will open a page on www.google.com, whereas it actually directs the browser to a page on members.tripod.com, using a username of www.google.com: the page opens normally, regardless of the username supplied. Such URLs were disabled in Internet Explorer, while the Mozilla and Opera web browsers opted to present a warning message and give the option of continuing to the site or cancelling. Phisng attempts using Website forgery Once the victim visits the website the deception is not over. Some phishing scams use JavaScript commands in order to alter the address bar. This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original address bar and opening a new one with legitimate URL. An attacker can even use flaws in a trusted website's own scripts against the victim. These types of attacks (known as cross-site scripting) are particularly problematic, because they direct the user to sign in at their bank or service's own web page, where everything from the web address to the security certificates appears correct. In reality, the link to the website is crafted to carry out the attack, although it is very difficult to spot without specialist knowledge. A Universal Man-in-the-middle Phishing Kit, discovered by RSA Security, provides a simple-to-use interface that allows a phisher to convincingly reproduce websites and capture log-in details entered at the fake site. Phisng attempts using voice Not all phishing attacks require a fake website. Messages that claimed to be from a bank told users to dial a phone number regarding problems with their bank accounts. Once the phone number (owned by the phisher, and provided by a Voice over IP service)

Impact of cyber crime on Banking- Dr.S.Arumuga perumal was dialed, prompts told users to enter their account numbers and PIN. Voice phishing sometimes uses fake caller-ID data to give the appearance that calls come from a trusted organization. The damage caused by phishing ranges from loss of access to email to substantial financial loss This style of identity theft is becoming more popular, because of the ease with which unsuspecting people often divulge personal information to phishers, including credit card numbers, social security numbers, and mothers' maiden names. There are also fears that identity thieves can add such information to the knowledge they gain simply by accessing public records. Once this information is acquired, the phishers may use a person's details to create fake accounts in a victim's name, ruin a victim's credit, or even prevent victims from accessig their own accounts. Statistical study It is estimated that between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by phishing, totaling approximately US$929 million. U.S. businesses lose an estimated US$2 billion per year as their clients become victims. In the United Kingdom losses from web banking fraud mostly from phishing almost doubled to 23.2m in 2005, from 12.2m in 2004. while 1 in 20 users claimed to have lost out to phising in 2005. According to the latest research released by security applications maker Symantec, the company's Probe Network detected 157,477 unique phishing e-mail campaigns during the first six months of 2006, an 81 percent increase over the 86,906 phishing attempts it tracked during the second half of 2005. Similarly discouraging results recently published by the Anti-Phishing Working Group indicate that unique phishing sites doubled during the 12 months between June 2005 and June 2006, with 93 percent of those attacks specifically involving attempts to rob customers of financial services companies.

Impact of cyber crime on Banking- Dr.S.Arumuga perumal A chart showing the increase in phishing reports from October 2004 to June 2005 Safety security measures Anti-phishing measures have been implemented as features embedded in browsers, as extensions or toolbars for browsers, and as part of website login procedures Helping users identify legitimate sites Augmenting passwords logins Eliminating phinsing mail Monitoring and takedown Customer Vigilance Customers may take a number of steps to avoid becoming a victim of a phishing attack that involve inspecting content that is presented to them and questioning its authenticity. General vigilance includes: If you get an email that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm billing information, do not reply or click on the link in the email. Instead, contact the company cited in the email using a telephone number or Web site address you know to be genuine. Never respond to HTML email with embedded submission forms. Any information submitted via the email (even if it is legitimate) will be sent in clear text and could be observed. Avoid emailing personal and financial information. Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It signals that your information is secure during transmission. Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances. Conclusion Now, as more organizations provide greater online access for their customers, professional criminals are successfully using phishing techniques to steal personal finances and conduct identity theft at a global level. The popularity which virtual banking services have won among customers, owning to the speed, convenience and round-theclock access they offer, is likely to increase in the future. However, several issues of concern would need to be pro-actively attended. While most of electronic banking has built-in security features such as encryption, prescription of maximum monetary limits and authorizations, the system operators have to be extremely vigilant and provide clearcut guidelines for operations. On the larger issue of electronically initiated funds transfer, issues like authentication of payments instructions, the responsibility of the customer for secrecy of the security procedure would also need to be addressed. So for the better security multifactor authentication is best to make the virtual banking with higher security in forth coming years. However, it needs to be recognized that such high cost 5

Impact of cyber crime on Banking- Dr.S.Arumuga perumal technological initiatives need to be undertaken only after the viability and feasibility of the technology and its associated applications have been thoroughly examined. By applying a multi-tiered approach to their security model (client-side, server-side and enterprise) organizations can easily manage their protection technologies against todays and tomorrows threats without relying upon proposed improvements in communication security that are unlikely to be adopted globally for many years to come. References 1.Skoudis, Ed. "Phone phishing: The role of VoIP in phishing attacks", searchSecurity, June 13, 2006. 2.Krebs, Brian. "Phishing Schemes Scar Victims", washingtonpost.com, November 18, 2004. 3.Anti-Phishing Working Group: Vendor Solutions. Anti-Phishing Working Group. Retrieved on July 06, 2006. 4.http://www.technicalinfo.net/papers/Phishing.html 5.http://www.antiphishing.org/solutions.html#takedown .