Risk in Cyber Space
-
Upload
yamini-soni -
Category
Documents
-
view
224 -
download
0
Transcript of Risk in Cyber Space
-
8/2/2019 Risk in Cyber Space
1/45
Cyber Banking
Using the Internet to perform banking
functions. Also called electronic banking,
virtual banking, and online banking.
Cyber banking allows customers toconduct financial transactions from home,
business or from the road, on a securewebsite operated by their retail or virtualbank.
-
8/2/2019 Risk in Cyber Space
2/45
Consumers can use e-banking to check their
accounts, pay bills online, secure a loan
electronically and much more. E-banking saves users time and money. For banks
it offers an inexpensive alternative to branch
banking
Many physical banks offer home banking services
like SBI, Citibank, ICICI, HDFC etc
-
8/2/2019 Risk in Cyber Space
3/45
History
The term online became popular in the late '80s
and referred to the use of a terminal, keyboard and
TV (or monitor) to access the banking systemusing a phone line.
Online services started in New York in 1981 when
four of the citys major banks (Citibank, Chase
Manhattan, Chemical and Manufactures Hanover)offered home banking services using the videotex
system.
-
8/2/2019 Risk in Cyber Space
4/45
The UKs first home online banking
services was set up by the Nottingham
Building Society (NBS) in 1983.
The system allowed on-line viewing of
statements, bank transfers and bill
payments.
-
8/2/2019 Risk in Cyber Space
5/45
Virtual Banks
Virtual banks have no physical location, but
only conduct online transactions.
The world's first fully-functional virtual
bank was the Security First Network Bank
(SFNB)
These banks were designed without atraditional banking infrastructure.
-
8/2/2019 Risk in Cyber Space
6/45
Virtual Banks around the world are: ING Direct
U Bank
HSBC Direct
First Direct
-
8/2/2019 Risk in Cyber Space
7/45
Implementation Issues in
Online Financial Transactions
Access to Banks Intranets by outsiders
Many banks provide their customers withpersonalised service by allowing the access to
the banks intranets
Using Imaging Systems
Several financial institutions eg. Bank of
america, citibank allow customers to viewimages of all their checks, invoices which are inprocess.
For eg, in SBI transactions, before authorising
the check you can see the image of the check
-
8/2/2019 Risk in Cyber Space
8/45
Pricing Online Versus Off-Line Services
Pricing issues must be taken into account for
providing the different types of services.
Mostly computer based banking services are
offered free by banks whereas offline
services prove to be costlier than onlineservices
-
8/2/2019 Risk in Cyber Space
9/45
Features of online banking
Transactional
Electronic bill payment
Investment
Non Transactional
-
8/2/2019 Risk in Cyber Space
10/45
Features of online banking
Transactional (e.g., performing a financial
transaction such as an account to account
transfer, paying a bill, wire transfer and
applications apply for a loan, new account,etc.)
Electronic bill payment Funds transfer
between a customer's own checking andsavings accounts, or to another customer's
account
-
8/2/2019 Risk in Cyber Space
11/45
Investment oppurtunities to customers
like opening of D-MAT account,
Insurance.
Non-transactional (e.g., online statements,
chat)
Bank statements, Account update.
-
8/2/2019 Risk in Cyber Space
12/45
Advantages of Online Banking
View your Transactions
Online banking is the quickest way to check
and see if a transaction has cleared your
account.
Speedy Work For the Bank
Online banking is generally quicker than
the transactions conducted at the ATMS orat the bank.
-
8/2/2019 Risk in Cyber Space
13/45
No physical presence is required
All banks today are encouraging customers
to bank online rather than going to the bank
and making transactions.
24*7 facility is available
Online banking sites never close. They are
available 24 hrs a day, seven days a week.
-
8/2/2019 Risk in Cyber Space
14/45
Eliminating paper work
Paying bills online does more than save trees. It
also helps reduce fuel consumption by the trucksand planes that transport paper checks.
Ubiquity
If you are out of station or even out of country on
a tour or on an official trip, If you are facing
money problem, all you have to do is log on to the
internet.
-
8/2/2019 Risk in Cyber Space
15/45
ATM as a part of cyber banking
Automated Teller Machines or 24-hourTellers are electronic terminals that let youbank almost any time. To withdraw cash,make deposits, or transfer funds betweenaccounts, you generally insert an ATM cardand enter your PIN. Some financialinstitutions and ATM owners charge a fee,particularly to consumers who dont haveaccounts with them or on transactions atremote locations.
-
8/2/2019 Risk in Cyber Space
16/45
Online Billing and Bill Paying
People prefer to pay monthly bills, such as
telephone, utilities, rent, credit cards, and
so on, online. The recipients of such
payments are equally eager to receivemoney online, because online payments
are received much more regularly and
quickly and have lower processing costs.
-
8/2/2019 Risk in Cyber Space
17/45
Payment system
Automatic transfer of funds to pay monthly
utility bills.
Like your gas and water bills, the bank
automatically allows customer to pay these
bills from there bank accounts.
Paying bills from online banking accounts.
Many people pay there monthly rent and
other bills directly into the payees bank
account.
-
8/2/2019 Risk in Cyber Space
18/45
Person to Person direct payment.
An example of this is Pay Pal, it enable a
person to send funds to another individual
over the internet.
-
8/2/2019 Risk in Cyber Space
19/45
Disadvantages of cyber banking
Safety concern
Meant for tech savvy people
Sophisticated technology
Continuous up gradation
-
8/2/2019 Risk in Cyber Space
20/45
Disadvantages Contd.
Safety Concerns: In the article titled, "Is
Online Banking Safe", cyber scams that
may target unsuspecting customers wereexplored in great detail. Phishing, the
presence of malicious software, keylogger
issues and security concerns due to weakwireless security networks deter people
from opting for Internet banking
-
8/2/2019 Risk in Cyber Space
21/45
Because physical presence of a person is not
required, that may pose a problem.
Internet required sophisticated technology.
-
8/2/2019 Risk in Cyber Space
22/45
Meant for Tech Savvy People: People
belonging to the older generation may not
be tech savvy and may find it difficult toadapt to online banking.
Continuous up gradation is required
otherwise the site will become obsolete.
-
8/2/2019 Risk in Cyber Space
23/45
Challenges of cyber banking
Security
Systems Development and Life Cycle
Management
Performance
Return on investment
Identity Theft
-
8/2/2019 Risk in Cyber Space
24/45
Banking Risks
Same inherent risk and issues as Internet
Banking, primary risks affected
Strategic Transaction
Reputation
Compliance
-
8/2/2019 Risk in Cyber Space
25/45
Strategic Risk
Determining wireless banking role indelivering products and services
Defining risk versus reward goals and
objectives Implementing emerging e-banking strategies
Rapidly changing technology standards
-
8/2/2019 Risk in Cyber Space
26/45
Transaction Risk
There are various kinds of transaction risks in cyber
space like
1. On line fund transfer done by some one else on yourbehalf.
2. You yourself do fund transfer but to some phishing
site.
3. Stop payment of a cheque is made by someone else.4. Site not working properly.
-
8/2/2019 Risk in Cyber Space
27/45
Unproven standards can have security
weaknesses
Encourage customers to use goodPIN/Password management practices
-
8/2/2019 Risk in Cyber Space
28/45
Reputation Risk
Reliability of delivery network
Customer acceptance of no-service due to
telecommunications issues when they are inareas they expect service - ConsumerExpectations
Processing and handling of interrupted
transactions Integration of wireless applications with
existing products and services
-
8/2/2019 Risk in Cyber Space
29/45
Reputation Contd.
This kind of risk is mostly considered in
case of HNI (High Net Worth Individual/
High Net Worth Income) client. Becausethey give bank huge interest as well as
business. Bank do not want to let them
down.
-
8/2/2019 Risk in Cyber Space
30/45
Compliance Issues
Disclosures
The various risk removal methods used by
the bank should be compliable to the
government.
They should not violate the rules of the
country.
Privacy concerns for customers.
-
8/2/2019 Risk in Cyber Space
31/45
Risk in Cyber Space
Fraudulent practices
Cyber squatting
Email Spamming
Money Laundering
First Party Risk
Third Party Risk
-
8/2/2019 Risk in Cyber Space
32/45
Fraudulent practices
Many people are involved only in doing
fraud. Like they make virus, spyware, trojan
horse etc.
-
8/2/2019 Risk in Cyber Space
33/45
Cyber squatting
It means a person can subscribe to a domain
name which may be the name of a brand.
After that the person can demand moremoney to the brand, if he will sell that
domain name.
Eg. Nike, Coke
-
8/2/2019 Risk in Cyber Space
34/45
Email Spamming
Fraud email can be sent to a persons email
address. Whether a person wants them or
not.
-
8/2/2019 Risk in Cyber Space
35/45
Money Laundering
Money can be sent via the internet from one
part of the world to the other part of the
world. This is a good way of making white money
from black money.
-
8/2/2019 Risk in Cyber Space
36/45
-
8/2/2019 Risk in Cyber Space
37/45
Cyber Intelligence
It is defined as the various methodologies
used by a company to eliminate risk in
cyber space. It includes many things
-
8/2/2019 Risk in Cyber Space
38/45
Firewall
A firewall is a set of programs, located at a network
server that protects the resources of a private networkfrom users from other networks. (The term alsoimplies the security policy that is used with the
programs.) An enterprise with an intranet that allowsits workers access to the wider Internet installs a
firewall to prevent outsiders from accessing its ownprivate data resources and for controlling whatoutside resources its own users have access to.
-
8/2/2019 Risk in Cyber Space
39/45
Virus Scanners and IDS
Virus is defined as a computer program that do unwantedthings. It may replicates itself many times or it may deleteimportant data.
Meaning of IDSIntrusion Detection System, is asecurity system that detects inappropriate or maliciousactivity on a computer or network.
An Intrusion Detection System (IDS) is used to determineif a computer network or server has experienced anunauthorized intrusion. An IDS works like a burglar alarm
system. If it detects a possible intrusion, the IDS systemwill send out an alert or warning which would prompt anadministrator to perform further investigation which mightinclude computer forensics and prosecution.
-
8/2/2019 Risk in Cyber Space
40/45
Authentication
Authentication is the process of determining whethersomeone is, what it is pretended to be. Authentication iscommonly done through the use of logon passwords.
Knowledge of the password is assumed to guarantee thatthe user is authentic. Each user registers initially has anassigned or self-declared password. On each subsequentuse, the user has to state that password.
The weakness in this system for transactions is that
passwords can often be stolen, accidentally revealed, orforgotten.
That may pose a problem.
-
8/2/2019 Risk in Cyber Space
41/45
Encryption
Encryption is a process of translating a message,called the Plaintext, into an encoded message,called the Ciphertext. This is usually accomplished
using a secret Encryption Key and a cryptographicCipher.
Two basic types of Encryption are commonlyused:
Symmetric Encryption, where a single secret keyis used for both encryption and decryption.
Asymmetric Encryption, where a pair of keys isused -- one for Encryption and the other forDecryption.
-
8/2/2019 Risk in Cyber Space
42/45
Active content filter
A type of malware that uses common, dynamicscripting languages (e.g. Java, JavaScript, ActiveX, or Visual Basic). Vulnerabilities in the
scripting language are exploited to carry maliciouscode, which could be downloaded through a Webbrowser and executed on a local system withoutthe user's knowledge or consent. Malicious activecontent can be used for many criminal activities,
including to deliver viruses and worms, send e-mail, record information from the local user, or toredirect users or content. Active content is alsocalled mobile code.
-
8/2/2019 Risk in Cyber Space
43/45
Active Content Filter (ACF) removes potentiallymalicious active content (JavaScript, Java)from application content that is displayed in a
browser that interprets DHTML. The ACF runsover any application content over which usershave control, such as e-mail bodies and subjects orcalendar entries. Filtering of mail messages, forexample, occurs every time a user opens a
message for viewing, replying, or forwarding. Theoriginal content of the message is stored in thedatabase and the content is filtered on the fly.
-
8/2/2019 Risk in Cyber Space
44/45
OCTAVE
Operationally Critical Threat, Asset, and VulnerabilityEvaluation. It is a suite of tools, techniques, and methodsfor risk-based information security strategic assessmentand planning.
The OCTAVE methods are
self-directedSmall teams of organizational personnelacross business units and IT work together to address thesecurity needs of the organization.
flexibleEach method can be tailored to theorganization's unique risk environment, security andresiliency objectives, and skill level.
-
8/2/2019 Risk in Cyber Space
45/45
Chief Security Officer
Chief Security Officer means the person
responsible for the organization's entire
security posture which is digital. CSOs alsofrequently own or participate closely in
related areas such as business continuity
planning, loss prevention and fraudprevention, and privacy.