• DocumentCode
    3264007
  • Title

    Improving online banking security with hardware devices

  • Author

    Puente, F. ; Sandoval, J.D. ; Hernández, P. ; Molina, C.J.

  • Author_Institution
    Univ. of Las Palmas de Gran Canaria
  • fYear
    2005
  • fDate
    11-14 Oct. 2005
  • Firstpage
    174
  • Lastpage
    177
  • Abstract
    Even though it probably has never happened to us, it is possible to introduce our credit card on an ATM and have it steal the money from our account or access our bank account from a computer and have someone else getting access to it. In the first case we believe that the ATM is a trusted device and never tries to cheat us. In the second case, we believe that our computer provides a safe environment for electronic banking. Although there are a few records in history of ATM fraud, we generally believe that it won´t happen to us. However, we all know that computers are not safe and still take the risk. Viruses and trojans (malicious software) can do all this and much more, not only in movies but in the real world. This is possible just because we are giving away all the information needed to access our money instead of keeping them. In the first case we are giving away our credit card and the PIN (personal identification number) and in the second case we are giving away our login and password/s. Anyone who can intercept this information can successfully pretend to be us and withdraw our money. Digital signature can solve these problems providing the means for validating a user or a given operation without exposing the data required to do it. However, the point is not if digital signature is the best way to protect our money, but how to implement the system in a way that is easy to use and safe enough. Here we propose some possible implementations based on the idea that not only digital signature is needed but also human interaction is required in order to avoid a classic man-in-the-middle-attack. It is not safe to introduce a smart card on a standard smart card reader, introduce the PIN on the application used to access it, and then expect the application to do exactly what we tell it to do. That would be perfectly fine in a world where we can trust each other and we can consider computers to be completely safe from intrusions. But the truth is unfortunately far fro- - m being like that and so we need to look for new ways to protect us from this kind of attacks. Several hardware devices are proposed based on a basic structure where we have a display, some way to input data (such as a keyboard or a few buttons) and some way to communicate with any computer
  • Keywords
    automatic teller machines; bank data processing; fraud; security of data; ATM fraud; automatic teller machines; bank account; computer virus; credit card; digital signature; electronic banking; hardware device; human interaction; malicious software; man-in-the-middle-attack; online banking security; personal identification number; smart card; trojans; Application software; Banking; Computer displays; Credit cards; Digital signatures; Hardware; History; Protection; Security; Smart cards;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Security Technology, 2005. CCST '05. 39th Annual 2005 International Carnahan Conference on
  • Conference_Location
    Las Palmas
  • Print_ISBN
    0-7803-9245-0
  • Type

    conf

  • DOI
    10.1109/CCST.2005.1594874
  • Filename
    1594874