Abstract
New or emerging technologies such as e-services, e-/m-commerce, Cyber-payment, mobile banking and pay-as-you-go insurance services are opening up new avenues for criminals to commit computer-related financial fraud and online abuse. This serious situation has been evidenced by the UK Information Security Breach Survey 2004 and the UK National Hi-Tech Crime Unit’s recent report, “Hi-Tech Crime: The Impact On UK Business”. It highlights that online financial fraud is one of the most serious e-crimes and takes the lion’s share of over 60% of e-crime costs, and most of the financial fraud cases are committed by authorised insiders. Authorised insiders can more easily break the security barrier of a bank or a financial institution due to their operating privileges on the banking automated systems. Failure to detect such cases promptly can lead to (sometimes huge) financial loses and damage the reputation of financial institutions. This paper introduces a real-time fraud detection solution – the Transaction Authentication Service (TAS) – to tackle the problem of transaction manipulation by authorised insiders. The paper also introduces an important building block used in the design of TAS, Automated Banking Certificates (ABCs).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Baldwin, A., Shiu, S.: Enabling shared audit data. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 14–28. Springer, Heidelberg (2003)
Bank for International Settlements, Risk Management Priciples for electronic Banking, found on (January 2006), at http://www.bs.org/publ/bcbs98.htm
Corzo, C., Zhang, N.: Towards a real-time solution to the security threats posed by authorised insiders. In: Proceedings of the ECIW 2004: The 3rd European conference on information warfare and security, Royal Holloway, University of London, UK, June 28-29, 2004, pp. 51–60 (2004)
Damgard, I.: Collision free hash functions and public key signatures. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 203–216. Springer, Heidelberg (1988)
Damgard, I.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)
Davies, D.W., Price, W.L.: The application of digital signatures based on public-key cryptosystems. In: Proc. Intl. Computer Communications Conference, October 1980, pp. 525–530 (1980)
Diffie, W., Hellman, M.: New Directions in Cryptography. Information Theory, Transactions on IEEE 22(6), 644–654 (1976)
Diffie, W.: Ten first years of public key cryptography. In: Proceedings of the IEEE, 76th edn., pp. 560–577 (May 1988)
Evans, A.: A user authentication scheme not requiring secrecy in the computer. Communications of the ACM 17(8), 437–442 (1974)
Haber, S., Stornetta, W.: How to time-stamp a digital document. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 437–455. Springer, Heidelberg (1991)
Kocher, P.: On certificate revocation and validation. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998)
Merkle, R.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)
Muñoz, J., Forbe, J., Esparza, O.: Certificate revocation system implementation based on the Merkle hash tree. Journal of Information Security 2(2) (2004)
Naor, M., Nissim, K.: Certificate revocation and certificate update. IEEE Journal on selected areas in Communications 18(4), 561–570 (2000)
Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM 21(2) (February 1978)
Tsudik, G.: Message authentication with one-way hash functions. In: Eleventh Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 3, pp. 2055–5059. IEEE, Los Alamitos (1992)
O’Gorman,: Comparing passwords, tokens, and biometrics for user authentication. Proceedings of the IEEE 91(12), 2021–2040 (2003)
Rivest, R.: The MD4 Message Digest Algorithm. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 303–311. Springer, Heidelberg (1991)
Simmons, G.: The practice of authentication. In: Pichler, F. (ed.) EUROCRYPT 1985. LNCS, vol. 219, pp. 261–272. Springer, Heidelberg (1986)
Wang, X.: How to Break MD5 and other Hash functions. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Corzo, C., Corzo S., F., Zhang, N., Carpenter, A. (2006). Using Automated Banking Certificates to Detect Unauthorised Financial Transactions. In: Di Crescenzo, G., Rubin, A. (eds) Financial Cryptography and Data Security. FC 2006. Lecture Notes in Computer Science, vol 4107. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11889663_3
Download citation
DOI: https://doi.org/10.1007/11889663_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-46255-2
Online ISBN: 978-3-540-46256-9
eBook Packages: Computer ScienceComputer Science (R0)