Security of mobile banking
Brief review of modern mobile bank technologies, allowing to carry out bank an operation from the devices of mobile communication. List of basic threats to the mobile bank transactions, description of methods of their protecting from breaking and thefts.
Рубрика | Банковское, биржевое дело и страхование |
Вид | статья |
Язык | английский |
Дата добавления | 24.02.2019 |
Размер файла | 13,0 K |
Отправить свою хорошую работу в базу знаний просто. Используйте форму, расположенную ниже
Студенты, аспиранты, молодые ученые, использующие базу знаний в своей учебе и работе, будут вам очень благодарны.
Размещено на http://www.allbest.ru/
4
SECURITY OF MOBILE BANKING
Зеленина Е.С. студентка, Ермолаева Л.Д. - научный руководитель
Владимирский государственный университет имени Александра
Григорьевича и Николая Григорьевича Столетовых,
Владимир, Россия
Mobile banking is managing a bank account using a tablet computer (iPad, HTC Flyer, Samsung Galaxy Tab, etc.), smartphone or regular phone. As a rule, you need to download a special application to your mobile device. Internet banking is often available through the bank-client system, using thin client technology.
Currently, the mobile bank is gaining unthinkable popularity. Every modern person has an application with which he can make various bank transactions. With the growing popularity of this service, the number of crimes in the field of mobile banking is also growing.
The company Digital Security, whose director is Dmitry Evdokimov, investigated the results of a new study "Mobile banking security: the possibility of implementing a MiTM attack (Man in the Middle)" and found that via the Internet, you can "catch" malicious code, which will fall into the internal network and change the DNS settings on the router. Then when trying to connect to a bank, the device redirects DNS to the attacker's site
Previously, Digital Security tried to conduct statistical analysis of the sphere of mobile banking, and also systematized the security of about 40 applications running on various OSes, such as Android and iOS. In the new study, about 60 applications have already been considered, including bank clients of Alfa-Bank, Avangard Bank, Baltika Bank, VTB, Gazprombank, Promsvyazbank,
Raiffeisenbank, SIAB, Citibank, Uralsib, Khanty-Mansi Bank and others.
"This time we decided to focus on finding one of the most dangerous vulnerabilities in the field of mobile banking, connected with insufficient protection of the transport level or its absence. This problem can lead to the implementation of the MiTM attack and the theft of money from customers' accounts, "commented Dmitry Evdokimov.
Due to the greatest popularity among other systems and the largest number of mobile banking applications, Android and Ios have been selected for the study. Expert Digital Security found out that of all considered mobile bank clients with iOS 14% are subject to theft of money only with the help of MitM-attack, and with Android 23% (Picture 1). Also, the combination of other vulnerabilities can lead to the theft of money from customers' accounts. In the course of the research, the expert of Digital Security also made a number of interesting findings not directly related to the main topic. For example, server responses sometimes receive debugging traces, disclosure of internal banking information (even information about ABS, automated banking system).
In addition to the MitM-attack, there are other ways of stealing money from the user's mobile bank:
1.Social engineering.
This is an attack not on the application, but on the user. It is enough to know some information about the client.
2.Installation of malware.
Usually, social engineering is used to deceive the user and persuade him to install a malicious program that will intercept SMS and passwords.
3. Theft or loss of the device.
Since the device is mobile, the client can lose it, and the attacker who has found it can perform unauthorized transactions using the previously installed and authorized application. Such attacks can be thought of by thieves, who act in places of large concentrations of people.
4.NFC technology.
If the phone is equipped with an NFC that allows you to make NFC payments using a mobile phone through a mobile bank application, then this may be an additional attack vector. In each case the mobile bank application itself does not break, and the attacker simply uses the interface of the card (if the card is crammed into the phone).
4. Data capture.
It should also be noted that with a properly designed application, the probability of theft of the necessary data and the procedure for verification of the application by an unauthorized user is low enough. You often need to clone the SIM card to which the bank account is attached, or install a Trojan that will, in real time, intercept SMS on the client device.
Based on the findings of the study, it can be stated that the overwhelming majority of Russian banks still do not pay due attention to the safety of mobile banking. Ultimately, with the development of mobile banking technology, more and more online transactions will occur. And if the vulnerabilities exist and multiply, then their use will lead to massive theft of financial assets from customers' accounts.
mobile communication defence bank transaction
Literature:
Internet dictionary "Academician"[Electronic resource]. - Electron. data. URL: https://dic.academic.ru
Internet-magazine [Electronic resource]. - Electron. data. URL: https://xakep.ru/
Web-site of the research center Digital Security [Electronic resource]. - Electron. data. URL: https://dsec.ru/research-center/
News web-site [Electronic resource]. - Electron. data. URL: https://habrahabr.ru/
Internet portal [Electronic resource]. - Electron. data. URL: Wikipedia.org
Размещено на Allbest.ru
...Подобные документы
General information about Asya Participation Bank. Offering uninterrupted, rapid and effective service via Online Banking. Capital and Shareholder Structure. Affiliates and subsidiaries. The leader of participation banking. Bank Asya’s Objectives.
курсовая работа [1,4 M], добавлен 01.11.2011The principal types of banking in the modern world are commercial banking and central banking. The provision of safe deposit facilities for money and valuables. Establishing a bank account. Cashier’s checks. Characteristic of the central bank in the UK.
презентация [1,1 M], добавлен 23.03.2015Development banking, increasing the degree of integration of the banking sector of Ukraine in the international financial community, empowerment of modern financial markets, increasing range of banking products. The management mechanism of bank liquidity.
реферат [17,2 K], добавлен 26.05.2013Commercial banks as the main segment market economy. Principles and functions of commercial banks. Legal framework of commercial operation banks. The term "banking risks". Analysis of risks and methods of their regulation. Methods of risk management.
дипломная работа [95,2 K], добавлен 19.01.2014A bank: nature of activity, main business-processes and organizational structure, the market place and history. Definitions of the project and project management, the project life cycle. Management of development projects in a bank, the expected results.
реферат [20,6 K], добавлен 14.02.2016History of introduction of a modern banking system to the Muslim countries, features of their development and functioning in today's market economy. Perspectives of future development of Islamic banking in the world and in the Republic of Kazakhstan.
курсовая работа [1,3 M], добавлен 19.04.2012The Banking System of USA. Central, Commercial Banking and the Development of the Federal Reserve and Monetary Policy. Depository Institutions: Commercial Banks and Banking Structure. Banking System in Transition. Role of the National Bank of Ukraine.
научная работа [192,0 K], добавлен 22.01.2010Поняття, переваги та можливості SMS-банкінгу, плата за користування послугами. Типи підключення до Mobile Banking кліентів Приватбанку. Зміст послуг SMS- та GSM-банкінгу, особливості процедури їх підключення та надання у найкрупніших банках України.
реферат [21,1 K], добавлен 07.06.2010The concept and general characteristics of the banking system and its main elements of the claimant. Current trends and prospects of development of the banking system, methods of its realization, legal foundation. Modern banking services in Ukraine.
контрольная работа [21,7 K], добавлен 02.10.2013Financial position of the "BTA Bank", prospects, business strategy, management plans and objectives. Forward-looking statements, risks, uncertainties and other factors that may cause actual results of operations; strategy and business environment.
презентация [510,7 K], добавлен 17.02.2013Организационная структура банка, предоставляемые услуги (банковские карты, сейфы), дистанционное обслуживание (Mobile Banking, Call-центр), правила открытия счета, оформление расходных, приходных ордеров, анализ налогообложения и финансовой устойчивости.
отчет по практике [22,6 K], добавлен 15.04.2009Краткая финансово-экономическая характеристика деятельности ОАО "Optima Bank", адекватность капитала. Процедура учета и организация документооборота расчетно-кассовых операций. Коэффициенты эффективности использования обязательств коммерческого банка.
отчет по практике [42,3 K], добавлен 29.01.2015Рoль вклaдoв клиентoв в фoрмирoвaние реcурcнoй бaзы бaнкa. Клaccификaция бaнкoвcкиx депoзитoв. Xaрaктериcтика АО "Kaspi Bank", анализ его финaнcoвo-xoзяйcтвенной деятельнocти. Aнaлиз депoзитнoгo пoртфеля бaнкa, его прoблемы и перcпективы развития.
дипломная работа [289,2 K], добавлен 21.05.2012Сущность понятия "ипотечное кредитование". Объемы ипотечного кредитования в Казахстане. Основные источники финансирования жилищного строительства Астаны. Кредитный портфель АО "Kaspi Bank". Предложения по совершенствованию ипотечного кредитования.
доклад [14,2 K], добавлен 09.12.2010Сегментная стратегия для привлечения и удержания состоятельных клиентов Альфа-Банка. Денежно-мотивационные инструменты обеспечения лояльности: разработка особых продуктов, предоставление наивысшей безопасности вкладов. Предоставление услуг Mobile Banking.
статья [623,5 K], добавлен 14.03.2015The history of the development of Internet banking in Kazakhstan and abroad. Analysis of the problems faced by banks in the development of this technology. Description of statistical of its use and the dynamics of change. Security practices for users.
презентация [1,3 M], добавлен 24.05.2016Степень проникновения интернет-банкинга в клиентскую базу. Доступные операции в Сбербанк Онлайн. Преимущества и недостатки интернет-банкинга. Услуга E-invoicing. Тенденции в развитии Mobile и Desktop. Рейтинг эффективности интернет-банков для частных лиц.
презентация [1,8 M], добавлен 19.06.2019History of the online payment systems. Payment service providers. Online bill payments and bank transefrs. Pros and cons for using online payment systems. Card Holder Based On Biometrics. Theft in online payment system. Online banking services, risk.
реферат [37,2 K], добавлен 26.05.2014Оценка современного состояния и перспектив дальнейшего развития банковской системы Казахстана, причины опережения развития по сравнению с постсоветскими странами. Характеристика "HSBC Bank Kazakhstan", анализ и оценка его сервисов, микро- и медиасреда.
презентация [125,7 K], добавлен 17.02.2011Раскрытие сущности и характеристика основных видов кредитования населения. Общие условия и методы кредитования. Кредитная политика и анализ структуры кредитного портфеля в КФ АО "Kaspi bank". Кредитный мониторинг проблемных потребительских кредитов.
дипломная работа [312,2 K], добавлен 25.10.2015