A Mechanism for e-Banking Frauds Prevention and User Privacy Protection
In this paper we will discuss how recent trends in malware evolution will probably require a change of the internet banking security paradigms currently in use. Specifically, we will demonstrate how next generation malware may defeat the most recent strong authentication mechanisms put in place by several financial institutions. These new attacks clearly require a change on current schemes and, at the same time, a definitive reduction in the final user responsibility. Too often the user’s behavior adds a weak layer which can be exploited by several techniques, such as Social Engineering attacks. Therefore, a new generation of automatic and hardware-based mechanisms should be deployed, in order to both increase the security level intrinsically offered by the technology, and reducing the exposure to Social Engineering risks. They have to work transparently, minimizing any kind of misuse that could be source of vulnerabilities.
KeywordsMobile Phone Mutual Authentication User Privacy Integrity Verification Server Certificate
Unable to display preview. Download preview PDF.
- Rsa Fraud Action Research Lab: Zeus Trojan Leverages IM Software to Forward Stolen Online Account Data, RSA, 2009.Google Scholar
- Trusteer Report: Measuring the in-the-wild effectiveness of Antivirus against Zeus, Trusteer Inc., 2009Google Scholar
- Falliere Nicolas, Chien Eric : Zeus: King of the Bots. Symantec, 2010.Google Scholar
- Stevens Kevin, Jackson Don: Zeus Banking Trojan Report. SecureWorks, 2010.Google Scholar
- NssLab Report: Vulnerability-Based Protection and the Google ”Operation Aurora“ attack. NssLab, 2010.Google Scholar
- TrendMicro Treath Research Team: ZeuS: A Persistent Criminal Enterprise. TrendMicro Inc., 2010.Google Scholar
- NetWitness Press Release: Kneber Botnet. http://www.netwitness.com, 2010
- Google Safe Browing API v2. http://code.google.com/apis/safebrowsing/, 2010