Jasmine Posted April 10, 2002 Share Posted April 10, 2002 Hi! I wish to get some views and expertise on the security issues of using Internet Banking. As a user, I see the benefits of having the convenience of being able to see my transactions online and paying my monthly bills without physically leaving my home. However, I know alot of people is still not be able to accept this concept. And I do understand their concerns on the security issue that is involved. I can roughly visualise how many people would be involved in the process. Many people would be able to view my transactions such as employees from the bank and IT personnels. They would also have access to my account. In fact, anybody just by calling the bank on the phone, with my personal details would be able to access my account over the phone. The idea of banking over the Internet is scary. One would like to think that it is safe to do my banking on the Internet. However, is it? Is it safe for one to do banking over the Internet? What are the security issues involved? What are the measurements can one take in order to improve the security while doing internet banking? I would like to hear views or comments on the idea of using Internet Banking. Thanks! Jasmine Link to comment Share on other sites More sharing options...
Steven P. Administrators Posted April 10, 2002 Administrators Share Posted April 10, 2002 Hi Jasmine, welcome to Neowin :D I can tell you that Internet Banking in Holland is tried tested and quite safe. Most banking software takes place within its own graphical interface (or program) and has to pass many security "tokens" before you can actually do anything. I would however ask at your bank if there is an online forum in which the said banking software or other services can be discussed. That would be the best way to find out if its worth doing. Although Banking via the Internet through your web-browser is something I personally wouldnt do despite all of the security claims. Internet Explorer + Banking doesnt add up as long as there are companies who try to install tracking software on my PC without my knowledge and hackers of course. Link to comment Share on other sites More sharing options...
MxxCon Posted April 10, 2002 Share Posted April 10, 2002 i am personaly against any type of clientside banking application like Neobond mentioned(it's differnt from accounting apps like quicken and ms money). it's alot less secure. having access to such application "blackhat" can analyse it and find any weaknesses banking system might have making it less secure that it apears to be. i'd much rather use server side application that talk to me thru browser. using SSL(and only idiot wouldn't use it) and removing any inet cache/cookies is pretty secure. your employer or IT will not be able to read traffic or any cached pages. obviously server-side security is very important. properly implemented it can be very secure. on the other hand, taking shortcuts can leave huge holes opens. just look at the recent problems telcos and isps had when all of their customer data was exposed on the web. there isn't much a consumer can do other than stress to their bank that security is very important to them and any violations will cuase lost business... Link to comment Share on other sites More sharing options...
Grappa Posted April 10, 2002 Share Posted April 10, 2002 You've basically got three points of possible weakness in Internet banking: a. Your computer b. The Internet c. Your Bank's computer A - Your computer is probably the weakest link in the equation. If a cracker (a "black hat" hacker) is able to install keystroke or monitoring software on your computer somehow, he would be able to see what you typed, your password, etc. Generally speaking, the "easiest" way for a cracker to install such software is to send your an e-mail with a trojan horse attachment - a program that installs the monitoring software on your computer when your open it, while masquarading as some other program. If you run antivirus software, are vigilant about not opening attached files from unknown people, and have a firewall operating (if you use broadband), you're usually pretty safe. You might want to disable Javascript and ActiveX in Internet Explorer for additional security. Obviously, the other way the monitoring software (and hardware does exist as well) could be installed is if the cracker broke into your house, but this actually involves physical dangers and additional complications, and usually aren't worth the cracker's time or (many times very limited) attention span. B. The Internet - All recent online banking I've seen now uses Secure Socket Layer (SSL) encryption through your Web browser - look for the little lock icon in the lower right-hand corner of your browser window. If it's not closed, do not proceed even with logging into your account. To give you the 30000-foot view, every single little piece of information sent between you and the bank computer is encrypted separately, making interception and decryption by a cracker virtually impossible (until maybe the invention and dissemination of quantum computers, but that's a whole other story.) Banking software probably uses similar techniques, but as MxxCon mentioned, this adds the possibility that the home-banking software you run is keeping vulnerable information in files on your computer (see "A" above.) C. Your Bank - Unless your bank is a one-location mom-and-pop operation, they will have multiple firewalls in place to filter out crackers; their systems will log every single time anyone (employees included) even looks at your account, and unless I'm mistaken, if you're in the U.S., your funds are protected by FDIC anyway, and the bank would be risking business suicide by not trying to buy your silence in the event they did get hacked and your money was taken. So overall, I think it's actually safer than making online purchases, and I do that as well. I've had a couple of fraudulent charges on credit cards from online purchases, but those were always simple to take care of with the CC company. I've yet to have any problem with crackers getting into my bank's systems and sucking out the loot. G Link to comment Share on other sites More sharing options...
Jasmine Posted April 14, 2002 Author Share Posted April 14, 2002 Hi again. First of all, I'll like to thank you all who have replied to my post and appreciate your valuable comments and knowledge to this subject. I am actually located in Australia and there is a rising growth of Internet Banking here too. I'm fairly new at Internet Security and still very keen to learn more about it as I'm a student studying the development of Information Systems. I believe that learning more about the security issues would help me to understand better on how to develop better systems. I think it is a personal decision to be made on whether to use Internet Banking or not. Since sessions are all encrypted and that all the data are password protected, I guess we do have to assume that it should be secured to an extent. However, since banks offer such services to their customers, they would have more of the responsibility to do their utmost to make sure their services are secure enough to use. I also think this subject is far deeper than expected and that Internet banking is not the key priority of our worries. It links to how secure the Internet is, as well as how safe our systems are from intrusion and the list goes on. One of the replies I had said that all the worries are already available today even without Internet Banking adding into the mix. I agree. Time from time you often hear about hackers being able to retrieve credit card details from online transactions or even just hacking into people's system and putting "I was here" note on the desktops. Traditional banking would also have screw-ups like most things in this world, 'cause nothing is perfect. I also strongly agree to Grappa?s point of the three points of possible weakness in Internet Banking. Our own systems are so vulnerable to ?attacks?. Even if you do have a firewall, it is still no promise that it will help to guard and protect your system from invaders. And though the Internet has since improved and that most Banks now uses SSL encryption, how would you know if little bits of your information cannot be viewed since you do not know what kind of software was installed in order for you to access to your Internet Banking. As a customer, we wouldn?t know how well secured their systems can be, I think right now many banks are still having servers or even mainframes as their backbones, with several firewalls attached. But how safe are their systems to be "safe"? And I also often ask the same question as whether they update their systems for security patches as often as we would like them to be. Though lots of questions are still yet to be answered, I think for now, I'm still up for using Internet Banking. I still see no reason why I shouldn't enjoy this great service that the banks provide as it is very convenient to make my bill transactions at home without going to the bank. I have yet experienced any problems. And you can?t deny that there is still a growing popularity for using this service. So what are your views? Jasmine Link to comment Share on other sites More sharing options...
john smith 1924 Veteran Posted April 14, 2002 Veteran Share Posted April 14, 2002 At the moment, i believe there are minimal risks for the end user which uses internet banking : the vast majority of web users performing online transactions are secure. Link to comment Share on other sites More sharing options...
Jasmine Posted April 14, 2002 Author Share Posted April 14, 2002 Hi Mr Magoo! Just curious to know why do you believe there are minimal risks for the end user which uses internet banking? And that the vast majority of web users performing online transactions are secure as you mentioned? Cheers! Jasmine Link to comment Share on other sites More sharing options...
altezza Veteran Posted April 15, 2002 Veteran Share Posted April 15, 2002 I use Internet Banking. My personal view is that Internet Banking would be useful thing in coming years. I know the majority of people still prefer to use traditional method of banking by visiting the bank branches or just by phone banking. People only concern mainly one thing: Privacy. Yes of course they do not want to disclose the info to the bank. Apart from it, yes Security do have lots of concerns in common. Hackers may steal the account info and allegedly use it for their own enjoyment. Though every security measurement has been taken to make Internet Banking to be more secured, people still tend to take little chance of using it. Well that was my personal opinion though. I hope my point can be clearly understood. Cheers I'm off to bed :) Link to comment Share on other sites More sharing options...
Recommended Posts