Using virtualisation to create a more secure online banking infrastructure

Du Toit, Jaco Louis

09 December 2013

M.Sc. (Computer Science) / Sim swop, Phishing, Zeus and SpyEye are all terms that may be found in articles concerning online banking fraud. Home users are unsure of how the configuration of their computers affects the risk profile for conducting online banking. Software installed by a home user on their computer may be malware designed to steal banking details. Customers expect banks to provide a safe online banking system. The challenge that banks have is that they cannot control the configuration that exists on a client operating system. The V-Bank system was designed to determine whether virtualisation can be used as a means to increase the security for online banking. The V-Bank system uses a virtual machine that is run from a guest that is single purpose, read-only and fulfils the configuration requirements that the bank has for a client system. The V-Bank system also utilises public and private key encryption for identification, authentication and authorisation mechanisms in the online banking system. The architecture of the V-Bank system defines online banking as an end-to-end system. It approaches online banking as a system that consists of three major components. The three major components is a client-side component, network and server-side environment. The V-Bank system gives banks the ability to provide customers with a system that is controlled from the client, through the network to the server. The V-Bank system demonstrates that virtualisation can be used to increase the security of online banking.

Internet banking - Security measures

Virtual computer systems

Factors impacting the adoption of biometric authentication in the local banking sector

Pooe, Antonio

08 November 2011

M.Tech. / This research is concerned with establishing the causes for the slow adoption of biometric authentication in the South African banking sector and constitutes exploratory research. It looks at the widely accepted means of authentication and delves deeper into why these modes may not be sufficient to protect sensitive data. The scope of the research is limited to the banking sector only. The first sections of the study establish what the biometric authentication norms are amongst international banking institutions. This is then followed by an environmental study of the South African approach to biometric authentication. Owing to the limited number of banks in South Africa compared to developed countries, the study is limited to the four major banking institutions in South Africa, namely ABSA, Standard Bank, Nedbank and First National Bank. An online survey was used to gather the required data for analysis. The general approach adopted to investigate the extent to which biometric authentication is used by the said four banks was to first measure the respondents’ knowledge of biometrics and to establish the level of exposure the respondents had to the said technology. The next step was then to establish the extent to which the participating banks had investigated the use of biometric authentication. This was followed by consideration of the current use of biometric authentication and lastly, the future use and user perceptions regarding various aspects of biometric authentication in the financial services sector. A matrix that identifies the factors perceived to be impacting the adoption of biometric authentication concludes the last chapter on user perception.

Biometry

Authentication

Banks and banking - Security measures

Beatrix: a model for multi-modal and fine-grained authentication for online banking

Blauw, Frans Frederik

26 June 2015

M.Sc. (Information Technology) / Please refer to full text to view abstract

Internet banking - Security measures

Banks and banking - Security measures

Biometric identification

Multiagent systems

Data encryption (Computer Science)

The impact of securitisation on the effectiveness of the bank lending channel in South Africa

10 June 2014

M.Com. (Financial Economics) / This study analyses the existence of a bank lending channel in South Africa and investigates the impact of the securitisation activity on the effectiveness of the bank lending channel during the period 2001–2010 using data from the South African banking sector. Structural Vector Auto Regression (SVAR) and Structural Vector Error Correction Model (SVECM) methods are used to interpret the impulse responses of bank lending to structural shocks (monetary policy) and to securitisation. The conclusion is that the bank lending channel is present and efficient in South Africa during the sample period with a lag and that securitisation acts as a shield against monetary impulses by constituting an additional source of funding for banks.

Monetary policy - South Africa

Součastný stav a perspektivy rozvoje internetového bankovnictví / The current state and development prospects of internet banking

Lych, Oleg

January 2011

The thesis deals with the most recent and discussed issue of the safe provision of direct banking services. Although surveys indicate that users of banking online services do not show much concern about the safety of the internet banking, the reality is quite different. Banking houses put a lot of emphasis on the information embargo and their clients will never learn about the majority of attacks. Due to higher demands for the safety of direct banking applications compared to conventional applications, made available over the Internet are subject to increasing security demands, and there are a number of recommendations and standards that should be followed for the Internet banking to be considered truly safe. However, even if there is a full compliance with all ISO standards and the situation in security remains critical. Therefore, there is a need for broader use of security methods. This thesis carries out a very comprehensive analysis of all existing security methods and recommends new security methods. For better clarity, the new method embedded in the context of existing and they are viewed from different angles as the effectiveness of authentication methods to the threats, the appropriateness of methods according to the segment, application methods in various channels, customer relationship and hardware components of the method, comfort, etc. Finally, I use the Gartner's chart to better illustrate the advantages of the proposed methods.

Marketing implications of self-service technologies amongst online banking customers

Bolton, Kimberley Jane

04 June 2012

M. Comm. / The overall goal of this short dissertation is the investigation of self-service technologies with reference to online banking. As the issue of security is one of the main factors to adoption of self-service technologies, it will be the main focus of the study. The focus of the investigation concerns the security perceptions of consumers with regard to selfservice technologies and online banking, and thus determine a framework that groups consumers based on these security perceptions. Included in the study is the profile of consumers who use self-service technologies and online banking, the investigation into the risk dimensions (financial, privacy, time and convenience, psychological, social and physical) that contribute to the security perceptions of consumers. And ultimately, indicating the relationship that security perceptions of respondents have that affect their adoption of online banking.

Online banking

Self-service technologies

Online banking security

Intelligent quality performance assessment for e-banking security using fuzzy logic

Aburrous, Maher R., Hossain, M. Alamgir, Thabatah, F., Dahal, Keshav P.

January 2008

Yes / Security has been widely recognized as one of the main obstacles to the adoption of Internet banking and it is considered an important aspect in the debate over challenges facing internet banking. The performance evaluation of e-banking websites requires a model that enables us to analyze the various imperative factors and criteria related to the quality and performance of e-banking websites. Ebanking site evaluation is a complex and dynamic problem involving many factors, and because of the subjective considerations and the ambiguities involved in the assessment, Fuzzy Logic (FL) model can be an effective tool in assessing and evaluating of e-banking security performance and quality. In this paper, we propose an intelligent performance assessment model for evaluating e-banking security websites. The proposed model is based on FL operators and produces four measures of security risk attack dimensions: direct internal attack, communication tampering attack, code programming attack and denial of service attack with a hierarchical ring layer structure. Our experimental results show that direct internal attack risk has a large impact on e-banking security performance. The results also confirm that the risk of direct internal attack for e-banking dynamic websites is doubled that of all other attacks.

Internet banking

E-banking security

Internet security

Fuzzy logic

Information protection in the digital banking environment

Redlinghuis, André Jacques

01 August 2012

M.A. / The evolution of the Internet has led to the establishment of various value-adding products and services such as Internet banking (IB). Internet banking has changed the formal banking landscape forever. Some may argue that Internet banking has positively affected the lives of many, through providing services in a more convenient, efficient and effective manner, 365 days a year. However, the growth of the Internet has lead to the increase of various Information Technology (IT) problems and challenges. Today, individuals and organisations are faced with an increasing number of attacks via computer and Internet viruses, phishing scams and Internet hackers. Individuals and organisations must place greater emphasis on ensuring that their financial well-being is protected. The investment in adequate software and hardware has become critical to conduct financial transactions securely via the Internet. The level of security awareness should also be increased and established at various levels through comprehensive educational programmes. Extensive Internet banking awareness campaigns have been launched, but the level to which these campaigns are successful is uncertain. The main focus of this dissertation is to understand Internet banking customers’ perceptions on information protection when using Internet banking services and products, as various factors influence the perceptions of trust with regards to Internet banking. Trust is formed through a variety of factors from the influence of others on our own beliefs and values, to the experiences gained by using specific technology or processes over a particular period of time. An in-depth literature review forms the basic framework for the dissertation and is followed by an empirical component. The main goal of the literature review is to provide a solid theoretical framework and basis from which to conduct the empirical research. Chapters 2 to 4 delve into the evolution and development of the Internet and provide a perspective on the South African banking landscape. The various challenges the Internet banking domain is faced with, is explored, and the various opportunities that exist are extensively discussed. Trust, the major factor influencing the adoption of Internet banking services and products, is explored, and the factors that shape and diminish trust are discussed. The empirical study consisted of a close-ended questionnaire that was completed by a sample of University of Johannesburg (UJ) alumni. The study included 138 individuals who completed the close-ended questionnaire and the results were analysed by Statistical Consultation Services (StatCon), a statistical research unit within UJ. The results indicate that more should be done to ensure that individuals and businesses are well-versed on issues pertaining to Internet banking security and safety. The results further highlight that the quality of most of the individuals’ relationships with their formal bank branch diminished due to Internet banking. An interesting finding was that 80.7% of the respondents indicated that they would make use of Internet banking services and products, even though they are aware of fraudulent activities that take place via this Internet medium. The research findings provide financial institutions with valuable guidelines on how to plan and implement effective and efficient Internet banking education and awareness strategies.

Internet banking - Security measures

Banks and banking - Security measures

Perceptions Towards On-line Banking Security: An Empirical Investigation of a Developing Country`s Banking Sector, how secure is On-line Banking

Bongani Ngwenya, Khanyisa Malufu

01 December 2012

Information systems concentrate data in computer files that have the potential to be accessed by large numbers of people in and outside of organisations. While security breaches and damages of information systems still come from organisational insiders, security breaches are increasing, especially in developing countries because organisations are now open to outsiders through the internet. As a result, automated data are more susceptible to error, destruction, fraud and misuse. The banking sector in Zimbabwe has introduced, of late, on-line banking facilities and these are heavily dependent on the use of internet. / The increase in computer crime has led to scepticism about the move made by the banks to introduce on-line banking. Some view this as a noble move which has made the banking system more efficient, reliable and secure, while others view it as a risky and insecure way of banking. The aim of this study was to assess whether on-line banking in the developing countries is secure or not. The researcher chose a descriptive-quantitative research design. Data was collected using a self constructed questionnaire. Convenience sampling and stratified random sampling techniques were used to select the main subjects of the study. Generally on average there was no significant difference between the perceptions of management bank personnel and non-management bank personnel on the security of on-line banking. The study recommends further future studies on the security of on-line banking in developing countries based on the perceptions of the customers themselves, who are using on-line banking services, the Common Criteria for Information Technology Security and also a study of the latent dimensions of on-line banking security as extracted by factor analysis, how they differ from elements of information security as derived from the theoretical framework and literature.

on-line banking

on-line banking security

information security

network services

banking system

Trust and security risks in mobile banking

Messaggi Kaya, Monica

January 2013

With the development and growth of mobile technologies, mobile phones enable users to perform a number of different tasks with their devices: from sending simple text messages, checking e-mails and browsing the internet, to running elaborated applications. Nowadays, the mobile phone platform creates great opportunities for businesses, especially due to its capabilities and population coverage: the number of mobile subscriptions approaches global population figures. In order to explore such opportunities, most banks have already launched their mobile applications and/or re-designed mobile version of their websites. One of the benefits of using mobile banking is the possibility for users to carry out bank transactions, such online payments or transfers, at anytime and anywhere. Expectations for the adoption of mobile banking were high; however, it represents about 20% of mobile phone users at the present. One factor has been recognised as being a strong reason for users not to adopt mobile banking: their concerns about security. This dissertation focuses on the relationship between the trust users have in mobile banking and the security risks that the use of mobile devices potentially pose. A questionnaire was created in order to gather users’ perception of security about mobile banking, and its results compared with recognised security issues.

005.8