scholarly journals Study on security risks of e-banking system

2021 ◽  
Vol 21 (2) ◽  
pp. 1065
Author(s):  
Gabriela Mogos ◽  
Nor Shahida Mohd Jamail
Keyword(s):  
Access Control ◽  
Private Information ◽  
Risk Control ◽  
Banking System ◽  
Online Banking ◽  
Sensitive Data ◽  
Security Risks ◽  
Sql Injection ◽  
Delivery Costs

<p>Online banking and other e-banking modes are a very convenient way to banking in terms of speed, convenience and delivery costs, but they have brought many risks alongside them. Online banking has created a new risk orientation and even new forms of risk. Technology plays an important role as both a source and a tool for risk control. The purpose of this research is to identify the security situation of the e-banking application and to analyze the risks and attacks that could occur to the customers that, although it’s an e-banking application attacks could happen. Several mitigations were mentioned to overcome attacks like, access control is to mitigate eavesdropping this means that, restricting access to sensitive data is mandatory. Another way to mitigate is, update and patch which is for SQL injection meaning, it's vital to apply patches and updates when it’s available. These attacks may attack the whole application or target an individual where private information is stolen or changed. This research also shows how to apply several more different protections measures to protect oneself and organization from being targets of cybercrime. </p>

scholarly journals Program Analysis For Database Injections

2017 ◽  
Vol 16 (6) ◽  
pp. 6977-6986
Author(s):  
Chelsea Ramsingh ◽  
Paolina Centonze
Keyword(s):  
Open Source ◽  
Private Information ◽  
Program Analysis ◽  
Query Language ◽  
Cyber Attacks ◽  
Test Cases ◽  
Sensitive Data ◽  
Sql Injection ◽  
Testing Tools ◽  
Private Data

Today businesses all around the world use databases in many different ways to store sensitive data. It is important that the data stored stay safe and does not get into the wrong hands. To perform data management in a database, the language SQL (Structured Query Language) can be used. It is extremely crucial to prevent these databases from being attacked to ensure the security of the users’ sensitive and private data. This journal will focus on the most common way hackers exploit data from databases through SQL injection, and it presents dynamic and static code testing to find and prevent these SQL cyber attacks by comparing two testing tools. It will also present a comparative analysis and static/dynamic code testing of two SQL injection detection tools. Burp Suite and Vega will be used to identify possible flaws in test cases dealing with users’ sensitive and private information. Currently, there are no comparisons of these two open-source tools to quantify the number of flaws these two tools are able to detect. Also, there are no detailed papers found fully testing the open-source Burp Suite and Vega for SQL Injection. These two open-source tools are commonly used but have not been tested enough. A static analyzer detecting SQL Injection will be used to test and compare the results of the dynamic analyzer. In addition, this paper will suggest techniques and methods to ensure the security of sensitive data from SQL injection. The prevention of SQL injection is imperative and it is crucial to secure the sensitive data from potential hackers who want to exploit it.

scholarly journals Maqāṣid al-Sharīʿah and the Online Banking System: Implications for Service Delivery

2018 ◽  
Author(s):  
International Journal of Fiqh and Usul al-Fiqh Studies
Keyword(s):  
Service Delivery ◽  
Banking System ◽  
Online Banking ◽  
Ease Of Use ◽  
Essential Services ◽  
Cost Implications ◽  
Financial Transactions ◽  
Ideal Practice ◽  
Financial Technology ◽  
The Ideal

One of the Sharīʿah’s requirements in conducting transactions is realising the Maqāṣid al-Sharīʿah. The Modern online banking system is very common to everyone, so it is considered as al-ʿUrf or al-ʿādah (common practice or custom) under the Sharīʿah. However, its practice is surrounded with security concerns, ease of use, and trust and cost implications that need observance of some Sharīʿah rulings. This qualitative analytic study uses the framework for the Maqāṣid al-Sharīʿah to explicate the ideal practice of online banking in service delivery to realize the Maqāṣid al-Sharīʿah. While Islam places more attention on the essential needs, online banking should as well be intended to provide essential services to customers and remove hardship in financial transactions. Banks should hence desist from causing any harm through the charging of hidden fees, causing more confusion to their clients, and even devising deceptive means that lead to the charging of ribā. Instead, banks should use online services to introduce means that promote the realization of the Maqāṣid al-Sharīʿah. This paper stresses the importance of financial technology in realising the Maqāṣid al-Sharīʿah.

scholarly journals Coupling of Inference and Access Controls to Ensure Privacy Protection

2021 ◽  
Vol 11 (5) ◽  
pp. 529-535
Author(s):  
Jihane El Mokhtari ◽  
Anas Abou El Kalam ◽  
Siham Benhaddou ◽  
Jean-Philippe Leroy
Keyword(s):  
Access Control ◽  
Privacy Protection ◽  
Multidimensional Analysis ◽  
Sensitive Data ◽  
Inference Control ◽  
External Data ◽  
Control Rules ◽  
Access Controls ◽  
Policy Information ◽  
History Of

This article is devoted to the topic of coupling access and inference controls into security policies. The coupling of these two mechanisms is necessary to strengthen the protection of the privacy of complex systems users. Although the PrivOrBAC access control model covers several privacy protection requirements, the risk of inferring sensitive data may exist. Indeed, the accumulation of several pieces of data to which access is authorized can create an inference. This work proposes an inference control mechanism implemented through multidimensional analysis. This analysis will take into account several elements such as the history of access to the data that may create an inference, as well as their influence on the inference. The idea is that this mechanism delivers metrics that reflect the level of risk. These measures will be considered in the access control rules and will participate in the refusal or authorization decision with or without obligation. This is how the coupling of access and inference controls will be applied. The implementation of this coupling will be done via the multidimensional OLAP databases which will be requested by the Policy Information Point, the gateway brick of XACML to the various external data sources, which will route the inference measurements to the decision-making point.

Privacy Information Leakage Prevention in Cognitive Social Mining Applications

2019 ◽  
pp. 188-212
Author(s):  
Suriya Murugan ◽  
Anandakumar H.
Keyword(s):  
Social Networks ◽  
Social Relations ◽  
Private Information ◽  
Online Social Networks ◽  
Information Leakage ◽  
User Profile ◽  
User Privacy ◽  
Sensitive Data ◽  
Data Set ◽  
Secure Information

Online social networks, such as Facebook are increasingly used by many users and these networks allow people to publish and share their data to their friends. The problem is user privacy information can be inferred via social relations. This chapter makes a study and performs research on managing those confidential information leakages which is a challenging issue in social networks. It is possible to use learning methods on user released data to predict private information. Since the main goal is to distribute social network data while preventing sensitive data disclosure, it can be achieved through sanitization techniques. Then the effectiveness of those techniques is explored, and the methods of collective inference are used to discover sensitive attributes of the user profile data set. Hence, sanitization methods can be used efficiently to decrease the accuracy of both local and relational classifiers and allow secure information sharing by maintaining user privacy.

Cloud-Based Identity and Identity Meta-Data

2016 ◽  
pp. 1756-1773
Author(s):  
Grzegorz Spyra ◽  
William J. Buchanan ◽  
Peter Cruickshank ◽  
Elias Ekonomou
Keyword(s):  
Access Control ◽  
Data Model ◽  
Ad Hoc ◽  
Personal Data ◽  
Data Access ◽  
Control Model ◽  
Policy Enforcement ◽  
Sensitive Data ◽  
Access Control Model ◽  
Meta Data

This paper proposes a new identity, and its underlying meta-data, model. The approach enables secure spanning of identity meta-data across many boundaries such as health-care, financial and educational institutions, including all others that store and process sensitive personal data. It introduces the new concepts of Compound Personal Record (CPR) and Compound Identifiable Data (CID) ontology, which aim to move toward own your own data model. The CID model ensures authenticity of identity meta-data; high availability via unified Cloud-hosted XML data structure; and privacy through encryption, obfuscation and anonymity applied to Ontology-based XML distributed content. Additionally CID via XML ontologies is enabled for identity federation. The paper also suggests that access over sensitive data should be strictly governed through an access control model with granular policy enforcement on the service side. This includes the involvement of relevant access control model entities, which are enabled to authorize an ad-hoc break-glass data access, which should give high accountability for data access attempts.

Prevention, Detection, and Recovery of CSRF Attack in Online Banking System

2017 ◽  
pp. 172-188
Author(s):  
Nitin Nagar ◽  
Ugrasen Suman
Keyword(s):  
Real Time ◽  
Banking System ◽  
Online Banking ◽  
Banking Systems ◽  
Removal And Recovery ◽  
Cross Site

Online banking system has created an enormous impact on IT, Individuals, and networking worlds. Online banking systems and its exclusive architecture have numerous features and advantages over traditional banking system. However, these new uniqueness create new vulnerabilities and attacks on an online banking system. Cross-site scripting request forgery or XSS attack is among the top vulnerabilities, according to recent studies. This exposure occurs, when a user uses the input from an online banking application without properly looking into them which allows an attacker to execute malicious scripts into the application. Current approaches use to mitigate this problem, especially on effective detection of XSS vulnerabilities in the application or prevention of real-time XSS attacks. To address this problem, the survey of different vulnerability attacks on online banking system performed and also presents a concept for the prevention, detection, removal and recovery of XSS vulnerabilities to secure the banking application.

Use of Purpose and Role Based Access Control Mechanisms to Protect Data Within RDBMS

2020 ◽  
Vol 8 (1) ◽  
pp. 82-91
Author(s):  
Suraj Krishna Patil ◽  
Sandipkumar Chandrakant Sagare ◽  
Alankar Shantaram Shelar
Keyword(s):  
Access Control ◽  
Privacy Preservation ◽  
Original Data ◽  
Sensitive Information ◽  
Role Based Access Control ◽  
Control Mechanisms ◽  
Sensitive Data ◽  
Access To Resources ◽  
Key Factor ◽  
Role Based

Privacy is the key factor to handle personal and sensitive data, which in large chunks, is stored by database management systems (DBMS). It provides tools and mechanisms to access and analyze data within it. Privacy preservation converts original data into some unknown form, thus protecting personal and sensitive information. Different access control mechanisms such as discretionary access control, mandatory access control is used in DBMS. However, they hardly consider purpose and role-based access control in DBMS, which incorporates policy specification and enforcement. The role based access control (RBAC) regulates the access to resources based on the roles of individual users. Purpose based access control (PuBAC) regulates the access to resources based on purpose for which data can be accessed. It regulates execution of queries based on purpose. The PuRBAC system uses the policies of both, i.e. PuBAC and RBAC, to enforce within RDBMS.

scholarly journals Can Skeuomorphic Design Provide a Better Online Banking User Experience for Older Adults?

2019 ◽  
Vol 3 (3) ◽  
pp. 63 ◽  
Author(s):  
Aaron Ellis ◽  
Mark T. Marshall
Keyword(s):  
Older Adults ◽  
User Interfaces ◽  
Banking System ◽  
Digital Technologies ◽  
Online Banking ◽  
Younger Adults ◽  
Customer Base ◽  
System Usability Scale ◽  
Validation Experiment ◽  
Flat Design

With the prevalence of digital technologies and internet connectivity, combined with the reduction in footfall on high streets, banks have taken steps to move most of their customer base online. This has left many older adults behind, trying to keep up with the changes and having to learn to use sometimes complex online banking interfaces. In this work we investigate whether skeuomorphic design can create a more usable online banking system for older adults, compared to the more commonplace flat design. This work took a user-centered approach, beginning with interviews with older adults that were conducted to gather data to be used in the production of prototype user interfaces. Two prototypes were then created: a flat user interface and a skeuomorphic one. We evaluated these interfaces with 15 older adults, gathering a combination of data, including data from the System Usability Scale, observations, and interviews. Results of the experiments showed that our older users preferred the flat prototype to the skeuomorphic one, but raised some potentially useful guidelines for the design of future skeuomorphic user interfaces for older adults. A validation experiment with 17 younger adults (aged 20–25) also showed that the skeuomorphic interface was more usable for older adults than younger ones.

Sign in / Sign up

Export Citation Format

Share Document