the following solutions that aim to increase the level of security for online ba
ID: 3836417 • Letter: T
Question
the following solutions that aim to increase the level of security for online banking:
1-Identity Authentication
Banks should use appropriate measures in order to authenticate the identity of customers. It is important for any bank to check that each online transaction or access request is legitimate to ensure the safety of online banking. Banks therefore have to use reliable methods for verifying the identity and authorisation of new and existing customers. Showing the customers what has been done to secure them, makes them feel the system is secure and that there money are protected.
2-Segregation of Duties
Banks should promote adequate segregation of duties within e-banking systems, databases and application, which is critical for their security and soundness. Therefore, Banks are required to set up sophisticated internal control designed specially to reduce fraud risk in operational processes and systems and to ensure that transactions and equipment are properly authorised, recorded and safeguarded.
The classification of duties should cover authorization, custody, record keeping and reconciliation.
3-Protect Data Integrity
Data integrity of transactions, records and information are essential for any bank to be protected. If the bank did not give special attention to that, it may face financial losses as well as legal and reputational risk. In addition, banks should arrange and represent proper organisational, procedural and technical methods, which ensure that the integrity of financial and transactional data is maintained. Financial data recording should be stored securely, retrievable for inquiry or reporting, safeguarded against improper alteration, and mostly reflect the actual values involved.
4-Regular Update and Audit
Feasible updates of the online banking system would reassurance that the authentication platform is stay one step ahead of hackers and decrease there chances to stole the data and also minimize the security holes. Banks should ensure that the internal control system is adapted to e-banking services and that clear audit trails are maintained. Added to that, internal controls should be independently auditable by external agencies. Audit trail should:
Give adequate proof to show the transaction stream, from start to finish, and any accompanying control/procedural execution.
Be sufficient to fulfill the rules of the courts under which they could be used.
5-Preserve the Confidentiality
The advent of online banking introduces extra security challenges for banks since it increases the exposure that information transmitted over the public network or stored in databases may be accessible by unauthorised or inappropriate parties. Also, expand the use of service providers may uncover essential data of banks to other parties. So, the key data of the banks must remain private. Any abuse could result in exposing the bank to high impact reputation and legal risk. The protection of confidentiality should be commensurate with the impact of the risk of unauthorised exposure:
Confidentiality should be maintained by use of access controls and encryption.
Cryptographic techniques should be based on recognized algorithms that have not been disputed in their strength or use.
Access should only be permitted based on the “need to know” principle.
6-management of incidents
Banks should develop appropriate incident response plans to manage, contain and minimise problems arising from unexpected events, including internal and external attacks, which may hamper the provision of e-banking systems and services.
Banks are strongly advised to develop incident response plans, including at a minimum:
Mechanism to detect incidents as soon as they occur, assess their materiality, and control the risk associated with any disruption in service.
Have the ability to protect their online customers from online fraud.
Have the ability to protect their online identity from illegitimate use.
Have the ability to prevent, detect and respond to online fraud attempts and brand misuse.
Documented and tested procedures that enable a fast reaction to detected incidents and limit the probability of recurrence.
A communication plan to ensure that all relevant external parties, including a bank’s customers, counterparties and the media, are informed in a timely and appropriate manner on material e-banking disruptions and business resumption developments without creating any panic in the minds of public.
An employee training plan to ensure that staff is sufficiently trained in analyzing incident detection/response systems and interpreting the significance of the related output.
In addition, incident management responsibilities and procedures should be established to ensure a quick, effective and orderly response to security incidents.
_______________________________________________________________
Barriers to existing solutions
Q) What the barriers stand in the way of fixing the problem? Based on your research, which tools or practices are the best?
with References
Explanation / Answer
1.Identity Authentication:
In my opinion of these above tools Identity authentication is the important tool for every banking system.To secure the identity of a customer is very important task and should be protected.Becuase customers will trust the bank due to the security of banking system, so that money will be safe in the hands of bank and cutomers will automatically trust the bank.
For safety banking banking systems will use so many antivirus software and some tools for security.
Take some examples.while browsing the internet and entering in to the banking site computer dont know who is accessing this site whether you are a fraudster,schemer or a terrorist.Here there is must and need to provide your details inorder to open your account for safe banking and some way to mitigate online risk.
Generally there are two steps involved in identity proofing.i.e 1. public aspect 2. private aspect.
1.Public aspect: It depends on the data given by the customer in the public sphere. For eg: name, address, and date of birth, are all on record, and provides information to match against.
Identity verification:
Identity verification takes inputs from an individual customer and compares the data and get the data from government agencies, utilities or various other sources to check that provided information is correct or not. The rate of accuracy depends on the provided information.
Identity authentication:
This information only knows by the customer and does not know to the others.This process of analyzing confidential information for identity proofing is known as identity authentication also known as knowledge based authentication (KBA).
Best practise is better not to depend on one technique and follow a multi-layered approach for improving the security and thus increases confidence.Basically oraganizations vary their approach depends on risk level and circumstances currently the company is facing.Identity proofing and authentication will help the customer to reduce th erisk, smooth user experience,and enable the best type of running online and mobile transactions.
.
ActivID® Authentication Devices
These hardware devices offers broad portfolio software-based one-time password (OTP) tokens, which can be run at a time distributing and this one do not expire.
ActivID Threat Detection Service
This software protects the services from cybercrime and protect the customer data and fight against fraudulent access, ,malware and breeches.So that the customer will not face problems and he is happy in choosing the banking services.It helps in business purposes to detect and prevent fraud from compromised devices or accounts.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.