Computer Security in Banking and bookkeeping
-
Upload
yogi-pratama -
Category
Technology
-
view
127 -
download
0
description
Transcript of Computer Security in Banking and bookkeeping
Banking and BookkeepingIF4033 Information Security and AssuranceSemester 2 2013/2014
Kelompok 16Yogi Salomo Mangontang
Pratama (13511059)Habibie Faried (13511069)Setyo Legowo (13511071)
OutlineDefinitionSecurity RequirementSecurity Incident
◦Programming◦Infrastructure◦Process◦Organizational
Security PitfallWhy Important
BankingIn simple words, Banking can be
defined as the business activity of accepting and saving money owned by customers.
BookkeepingRecord financial activityTracking account transactionVerify accuracy of procedures
used for recording financial transaction
HISTORY OF BOOKKEEPING
Why is this important?Tackling Broader Problem of
Electronic Commerce and FraudMainstay of Computer IndustryBecause Finance is an important
aspect of Human Life
Security RequirementInformation Security RequirementImplement Strong Access Control
MeasuresMaintain a vulnerability
management programBuild and maintain a secure
networkProtect cardholder data
Security IncidentProgrammingInfrastructureProcessOrganization
ProgrammingWrong ATM Card's PIN VerificationSame PIN to all customerWrong AssumptionTest System as Live SystemNo Authentication Probable
Wrong Assumption
An assumption was made by bank programmers. Here is the algorithm
Then, how about Inserted ATM’s PIN?. Simply peek it out
Infrastructure and TechnologyPhysical Credit Card SkimmerOnline Credit Card sniffingSmart Card Information SniffingNot authenticated RFID
TransactionSWIFT Wiretapping link from
branch to mainframe computer's bank
Not authenticated RFID Transaction Simple Wireless-based transaction Put RFID reader near to RFID Card
location’s victim Get control over it (steal data, etc) Done? Time to get away
ProcessUnverified Address Change
ProcessMules for Money LaunderingAge Verification With Credit Card
NumberMisuse of Bank's Suspense
AccountShoulder Surfing
Shoulder SurfingStoneProcess Attacked: usage of ATM.New York1990’s
How does it work?
Stand behind
someone in ATM
and Peek their PIN
Take the receipt
they have thrown
away and find the account
information
Create Duplicate Key using retrieved informatio
n
Use The Duplicated Key to Access
Account in any ATM
OrganizationalBank Reset Clerk Authority AbuseATM Repairman accessibilitySWIFT Bogus Transaction
MessageTraditional Banking Law and
PracticesInternal Control Failure
Bank Reset Clerk Authority AbusePaul StubbsBank Reset ClerkHSBC Bank, 2000’s$20 Million Loss
How does it work?
Paul Stubbs, as Reset Password
Clerk change the password
of AT&T Account
Using the New Password, He and comrades
Access the Account of AT&T and
Transfer $20 Million to Offshore Company
Return the Password to its initial so
that the account owner doesn’t realize
Security PitfallBad Authentication in accessing
systemTamper-able InfrastructureAbuse of Power
Thank you