Using virtualisation to create a more secure online banking infrastructure

Du Toit, Jaco Louis

09 December 2013

M.Sc. (Computer Science) / Sim swop, Phishing, Zeus and SpyEye are all terms that may be found in articles concerning online banking fraud. Home users are unsure of how the configuration of their computers affects the risk profile for conducting online banking. Software installed by a home user on their computer may be malware designed to steal banking details. Customers expect banks to provide a safe online banking system. The challenge that banks have is that they cannot control the configuration that exists on a client operating system. The V-Bank system was designed to determine whether virtualisation can be used as a means to increase the security for online banking. The V-Bank system uses a virtual machine that is run from a guest that is single purpose, read-only and fulfils the configuration requirements that the bank has for a client system. The V-Bank system also utilises public and private key encryption for identification, authentication and authorisation mechanisms in the online banking system. The architecture of the V-Bank system defines online banking as an end-to-end system. It approaches online banking as a system that consists of three major components. The three major components is a client-side component, network and server-side environment. The V-Bank system gives banks the ability to provide customers with a system that is controlled from the client, through the network to the server. The V-Bank system demonstrates that virtualisation can be used to increase the security of online banking.

Internet banking - Security measures

Virtual computer systems

Beatrix: a model for multi-modal and fine-grained authentication for online banking

Blauw, Frans Frederik

26 June 2015

M.Sc. (Information Technology) / Please refer to full text to view abstract

Internet banking - Security measures

Banks and banking - Security measures

Biometric identification

Multiagent systems

Data encryption (Computer Science)

Information protection in the digital banking environment

Redlinghuis, André Jacques

01 August 2012

M.A. / The evolution of the Internet has led to the establishment of various value-adding products and services such as Internet banking (IB). Internet banking has changed the formal banking landscape forever. Some may argue that Internet banking has positively affected the lives of many, through providing services in a more convenient, efficient and effective manner, 365 days a year. However, the growth of the Internet has lead to the increase of various Information Technology (IT) problems and challenges. Today, individuals and organisations are faced with an increasing number of attacks via computer and Internet viruses, phishing scams and Internet hackers. Individuals and organisations must place greater emphasis on ensuring that their financial well-being is protected. The investment in adequate software and hardware has become critical to conduct financial transactions securely via the Internet. The level of security awareness should also be increased and established at various levels through comprehensive educational programmes. Extensive Internet banking awareness campaigns have been launched, but the level to which these campaigns are successful is uncertain. The main focus of this dissertation is to understand Internet banking customers’ perceptions on information protection when using Internet banking services and products, as various factors influence the perceptions of trust with regards to Internet banking. Trust is formed through a variety of factors from the influence of others on our own beliefs and values, to the experiences gained by using specific technology or processes over a particular period of time. An in-depth literature review forms the basic framework for the dissertation and is followed by an empirical component. The main goal of the literature review is to provide a solid theoretical framework and basis from which to conduct the empirical research. Chapters 2 to 4 delve into the evolution and development of the Internet and provide a perspective on the South African banking landscape. The various challenges the Internet banking domain is faced with, is explored, and the various opportunities that exist are extensively discussed. Trust, the major factor influencing the adoption of Internet banking services and products, is explored, and the factors that shape and diminish trust are discussed. The empirical study consisted of a close-ended questionnaire that was completed by a sample of University of Johannesburg (UJ) alumni. The study included 138 individuals who completed the close-ended questionnaire and the results were analysed by Statistical Consultation Services (StatCon), a statistical research unit within UJ. The results indicate that more should be done to ensure that individuals and businesses are well-versed on issues pertaining to Internet banking security and safety. The results further highlight that the quality of most of the individuals’ relationships with their formal bank branch diminished due to Internet banking. An interesting finding was that 80.7% of the respondents indicated that they would make use of Internet banking services and products, even though they are aware of fraudulent activities that take place via this Internet medium. The research findings provide financial institutions with valuable guidelines on how to plan and implement effective and efficient Internet banking education and awareness strategies.

Internet banking - Security measures

Banks and banking - Security measures

A framework for secure human computer interaction.

Johnston, James

02 June 2008

This research is concerned with the development of a framework for the analysis and design of interfaces found in a security environment. An example of such an interface is a firewall. The purpose of this research is to use the framework as a method to improve the usability of an interface, thus aiding the user to implement the correct security features. The purpose is also to use the framework to assist in the development of trust between a user and a computer system. In this research the framework comprises six criteria which are used to analyse interfaces found in the traditional software environment, Internet banking environment and e-commerce environment. In order to develop the framework an overview of the fields of information security and human computer interfaces (HCI) is given. The overview provides background information and also establishes the existing research which has been done in these fields. Due to its popularity, the Windows Internet Connection Firewall is analysed in this research. Based on the criteria a level of trust fostered between the user and interface is calculated for the firewall. It is then shown how this level of trust can be improved by modifying the interface. A proposed interface for the firewall is presented according to the criteria. Interfaces found in the online Internet environment are discussed. This is important in order to identify the similarities and differences between traditional software interfaces and web interfaces. Due to these differences the criteria are modified to be relevant in the analysis and design of security interfaces found on the Internet. Three South African online banking websites are analysed according to the modified framework. Each interface is broken down into a number of components which are then analysed individually. The results of the analysis are compared between the three banking sites to identify the elements which make up a successful interface in an online banking environment. Lastly, three interfaces of e-commerce websites are analysed. Recommendations are made on how the interfaces can be improved, thus leading to a higher level of trust. / Labuschagne, L., Prof.

electronic commerce security measures

web sites security measures

internet banking security measures

firewalls (computer security)

Microsoft Windows (computer file)

computer security

human- computer interaction