Communications Security for Electronic Funds Transfer Systems

This paper focuses on selected aspects of communications security for electronic funds transfer systems that may not be present in classical security-oriented communications systems. 1) An EFT security system should be able to pinpoint the site responsible for any financial loss resulting from a penetration. 2) An EFT security system should not allow false rejections, i.e., should not deny any legitimate transaction. 3) An EFT security system should not employ draconian methods to restore communications security after a penetration. 4) Simultaneous accesses to an EFT account should be synchronized to ensure that improper transactions are not authorized. 5) Traditional access-control methods applied to secure commumcations equipment are not applicable to EFT networks. 6) Traditional manually oriented techniques used to distribute encryption keys may not be practicable in a large scale EFT network. 7) Techniques used in providing communications security, especially those involving encryption algorithms, should not rely on secrecy to protect the integrity of the system. 8) Communications overhead imposed by security measures should be minimized to allow for projected high rates of use of EFT facilities.