Improving Security of Online Banking Using RFID
Saleh, Zakaria I., Academy of Banking Studies Journal
Banks protect customers' security in three main techniques: passwords, encryption, and firewalls/server security. Passwords and user names are an essential element of online security. Passwords ensure that only those authorized have access to an account. However, a hacker could intercept a user name and password during transmission and uses them to access the account.
This study proposed that there is a need for an additional authentication due to the fact that trust has new dimensions in financial services. Several studies have identified trust as an important factor influencing customer participation in web-based commerce (Cheung & Lee, 2000; Koufaris et al, 2005; Stewart et al, 2001; Saleh, 2003). Saleh assumed Internet security to be a major obstacle to the adoption of online banking, which made customers concerned about the safety of their online accounts and risk of fraudulent transactions. Based on the findings of Saleh dissertation, improved security can improve Trust in Online Banking (Saleh, 2003).
THREAT AND VULNERABILITY OF ONLINE SERVICES
The threat can come from anyone with the motivation to attempt to gain unauthorized access to the network, or from anyone with authorized access to the network. Therefore, it is possible that the threat can be anyone. The vulnerability to the threat depends on several factors, such as motivation and trust. Motivation can be assessed by analyzing how useful access to or destruction of the network might be to someone. Trust can be determined by knowing how well an organization can trust the authorized users and/or how well trained the users are in their understanding of what is acceptable use of the network and what is not acceptable use. Most threats that users face are not new, but the Internet makes them potentially more dangerous.
Vulnerability essentially comes from failures of the security system to protect the network from an unauthorized person gaining access to the banking network system. In addition, it can come from failures to protect the network system from someone within the network (e.g., an unauthorized employee) intentionally or accidentally gaining access to or damaging the network. "Hackers count on the fact that many organizations won't have addressed certain vulnerabilities on their systems; unfortunately, they're often correct" (Betts, 2000).
Banks protect customers' security by means of passwords, encryption, and firewalls (a combination of computer hardware and software that restrict the flow of information between computers). However, this study finds that there have been security breaches that bring serious question whether the banking system is fully capable of protecting existing bank accounts from cyber criminals. "So far, at least one person has taken advantage of the flaw in the system. That individual bragged to an Internet newsgroup that he or she had transferred $25,000 (US$) from an account that "has millions of dollars in funds" and had withdrawn $4,500 in cash" (Greenberg & Caswell, 2001). Several modern models in preventing and detecting fraud are evolving and being applied to many banking systems. However, they have no effective detection mechanism to identify legitimate users and trace their unlawful activities (Dandash et al, 2007).
ONLINE BANKING SECURITY SYSTEM
All major retail banks offer an online channel for transaction processing as well as product sales to a certain extent. Still, the most advanced channels are often provided by direct banks, but by far not all direct banking customers are also online banking customers. A lot still prefer traditional telephone banking or ATMs and service terminals (Berger & Gensler, 2007).
In online banking as with traditional banking methods, security is a primary concern. Banks have taken every precaution necessary to be sure that information is transmitted safely and securely. The security of online banking application is addressed at three levels (see figure 1). …