Abstract

With the extensive use of technology particularly internet by users, banking is becoming more dependent on technology. Unfortunately, with this the cyber-crimes related to banks are also increasing stupendously. The tendency of cyber security attacks aimed at financial sector is much high than any other sector. Some of the common cyber security attacks aimed at banks include Phishing, Cross site scripting, Cyber-squatting, Botnets, Spoofing, etc. This causes a tremendous loss of money to the customer and bank, declines bank’s reputation and decreases the trust that users place in a bank. Banks are obligated to provide a safe online banking environment to its users. Although banks have taken a lot of steps for safety and security of their assets, yet these conventional security mechanisms are no longer optimum as still attackers are able to bypass these security mechanisms. Thus banks should tighten their security mechanisms and take appropriate countermeasures to ensure safety and privacy to bank’s most valuable assets. In this paper, the emerging challenges in security and privacy faced by banks are analyzed. The security mechanisms used by banks have been identified. The security and privacy issues in financial sector have been recognized particularly the cyber security attacks aimed at banks. Lastly, the countermeasures that should be adopted by banks to provide protection against these attacks and ensure a safe banking environment to users have been suggested.

References

• G.Gopalakrishna “Report of the Working Group on information security, electronic banking, technology risk management, and tackling cyber frauds”, RBI, Mumbai, Maharashtra, January 2011 Available: https://rbi.org.in/ scripts/ NotificationUser.aspx?Mode=0&Id=6366
• Maria Korolov. (Jun 23, 2015). Banks get attacked four times more than other industries [Online]. Available: http://www.csoonline.com/article/2938767/advanced-persistent-threats/report-banks-get-attacked-four-times-more-than-other-industries.html
• Dr. Manisha M.More, Meenakshi P.Jadhav and Dr. K.M.Nalawade, “Online Banking and Cyber Attacks: The current Scenario”, International Journal of Advanced Research in Computer Science and Software Engineering, vol. 5, no. 12, pp. 743-749, 2015 ISSN: 2277 128X
• Soni R.R and Soni Neena, “An Investigative Study of Banking Cyber Frauds with Special Reference to Private and Public Sector Banks”, Research Journal Of management Sciences, vol. 2,no.7,pp. 22-27, 2013 ISSN 2319–1171
• Mohd Khairul Ahmad, Rayvieana Vera Rosalim, Leau YU Beng and Tan Soo Fun, “Security issues on Banking Systems”, International Journal of Computer Science and Information Technologies, vol. 1, no.4, pp. 268-272, 2010 ISSN: 0975-9646
• “Online Banking: Threats and Countermeasures”, Ahnlab Online Security Available: https://sqnetworks.com/ downloads/AhnLab_AOS_WhitePaper.pdf
• Navjeet Kaur, “A Survey on Online Banking System Attacks and its Countermeasures”, International Journal of Computer Science and Network Security, vol.15, no.3, pp. 57-61, 2015
• Andreea Bendovschi, “Cyber-Attacks – Trends, Patterns and Security Countermeasures”, Procedia Economics and Finance, vol. 28, pp. 24-31, 2015
• Changsok Yoo, Byung-Tak Kang and Huy Kang Kim, “Case study of the vulnerability of OTP implemented in internet banking systems of South Korea”, Multimed Tools Appl ,vol. 74, pp. 3289–3303, 2015
• Georgios Angelakopoulos and Athanassios Mihiotis “E-banking: challenges and opportunities in the Greek banking sector”, Electron Commer Res, vol. 11, pp. 297–319, 2011
• Susheel Chandra Bhatt and Durgesh Pant, “Study of Indian Banks Websites for Cyber Crime Safety Mechanism”, International Journal of Advanced Computer Science and Applications, vol. 2, no.10,pp. 87-90, 2011
• “Executive Leadership of Cybersecurity”, CSBS [Online] Available: https://www.csbs.org/CyberSecurity/Documents/ CSBS%20Cybersecurity%20101%20Resource%20Guide%20FINAL.pdf
• “What Is SSL (Secure Sockets Layer) and What AreSSL Certificates?”, Digi cert Available:https://www.digicert. com /ssl.htm
• “Technical Guide to Information Security Testing and Assessment”, NIST Available: http://csrc.nist.gov/ publications/nistpubs/800-115/SP800-115.pdf
• Vibhore K Jain, “Database Encryption”, Banking Security Magazine, vol.1, no.1, 2011
• “Guidelines on Firewalls and Firewall Policy”, NIST Available: http://csrc.nist.gov/publications/ nistpubs/800-41-Rev1/sp800-41-rev1.pdf
• “SMS Banking”, Wikipedia Available: https://en.wikipedia.org/wiki/SMS_banking
• “Privacy and Banking: Do Indian Banking Standards Provide Enough Privacy Protection?”, The Centre for Internet and society Available:http://cis-india.org/internet-governance/blog/privacy/privacy-banking
• Jason Milletary, “Technical Trends in Phishing Attacks”, US-CERT
• R.P.Kaur, “Statistics Of Cyber Crime In India: An Overview”, International Journal of Engineering and Computer Science, vol.2, no. 8, pp. 2555-2559,2013
• John La Cour (April 29, 2014) Vishing campaign steals card data from customers of dozens of banks [Online] Available: http://blog.phishlabs.com/vishing-campaign-steals-card-data-from-customers-of-dozens-of-banks
• Top Ten Cyber Squatter Cases Available: http://www.computerweekly.com/photostory /2240107807/Photos-Top-ten-cybersquatter-cases/1/ Cybersquatting-cases-Number-10-Dell
• “Pharming”,Wikipedia Available: https://en.wikipedia.org / wiki/Pharming#cite_note-3
• Ellen Messmer (Jan 22, 2008). “First case of drive-by pharming identified in the wild” [Online] Available: http://www.networkworld.com/article/2282527/lan-wan/first-case-of--drive-by pharming--identified-in-the-wild.html
• “Defeating Man in the browser Malware” Available: https://www.entrust.com/wp-content/uploads/2014/03/WP_Entrust-MITB_March2014.pdf
• “SSL/TLS Session-Aware User Authentication—Or How to Effectively Thwart the Man-in-the-Middle” Available: http://people.inf.ethz.ch/basin/pubs/mitm-cc.pdf
• Klaus Plossl, Hannes Federrath and Thomas Nowey,“Protection Mechanisms against Phishing Attacks”in Proc. 2nd International Conference on Trust, Privacy and Security in Digital Business (TrustBus '05). LNCS 3592, Springer-Verlag, Heidelberg, 2005, pp.20-29.
• “Preventing XSS Attacks” Available: http://www.acunetix.com/blog/articles/preventing-xss-attacks
• “Proactive Botnet Countermeasures an Offensive Approach”, NATO Available: https://ccdcoe.org /publications/ virtualbattlefield/15_LEDER_Proactive_Coutnermeasures.pdf
• Rajkumar, Manisha Jitendra Nene, “A Survey on Latest DoS Attacks: Classification and Defence Mechanisms”, International Journal of Innovative Research in Computer and Communication Engineering,vol. 1,no. 8, pp. 1847-1860,2013
• ietf: tcp syn flooding attacks and common mitigations Available:http://tools.ietf.org/html/rfc4987
• “VoIP Defender: Highly Scalable SIP-based Security Architecture”,Iptel Available: http://www.iptel.org/~dor/papers/Fied0707_voip.pdf
• “Protecting SIP against Very Large Flooding DoS Attacks”, NEC Europe Ltd. Available: http://startrinity.com/VoIP/Resources/sip362.pdf
• John Ioannidis, Steven M. Bellovin, “Implementing Pushback: Router-Based Defense Against DDoS Attacks”, In Proc. of Network and Distributed System Security Symposium, 2002 Available: http://citeseer.ist.psu.edu/viewdoc/ download?doi=10.1.1.16.2012 &rep=rep1&type=pdf
• Tao Peng, Christopher Leckie and Kotagiri Ramamohana rao, “Defending Against Distributed Denial of Service Attacks Using Selective Pushback”, In Proc. of the Ninth IEEE International Conference on Telecommunications (ICT), 2002 Available: http://citeseerx.ist.psu.edu /viewdoc /download?doi=10.1.1.11.8639&rep=rep1&type=pdf
• Lei Zhang, Shui Yu, Di Wu and Paul Watters, “A Survey on Latest Botnet Attack and Defense”, International Joint Conference of IEEE TrustCom-11/IEEE ICESS-11/FCST-11,2011 Available: https://pdfs.semanticscholar.org/e4fa/1e3c305ce738da86bc43458e19faf62323d5.pdf
• Supranamaya Ranjan, Ram Swaminathan, Mustafa Uysal and Edward Knightly, “DDoS-Resilient Scheduling to Counter Application Layer Attacks under Imperfect Detection”, In Proc. Of IEEE Infocom,2006, pp.23-29 Available: http://citeseerx.ist.psu.edu/viewdoc/versions ?doi=10.1.1.68.8279
• Huey-Ing Liu and Kuo-Chao Chang, “Defending Systems Against Tilt DDoS Attacks”, The 6th International Conference on Telecommunication Systems, Services, and Applications, Bali, 2011, pp.22-27