Vous êtes sur la page 1sur 5

Security Challenges in Designing an Integrated Web

Application for Multiple Online Banking


Annie Ai Bee Ng, Nasuha Lee Abdullah
School of Computer Sciences
Universiti Sains Malaysia
11800 USM Penang, Malaysia
annienab@yahoo.com, nasuha@cs.usm.my

Abstract -- Current online banking only allows payment to be conveniences, there is no updated amount due published to
made from a single bank account hence user needs to log in to the users in one single interface. User needs to log in to
several banking sites to settle the dues monthly. Paying several websites to check the amounts due before they could
bills/loans from multiple bank accounts in a single login would settle their monthly dues. According to the results of a
provide greater convenience. This paper reviewed the current on survey, 2 out of 7 factors influencing the growth of e
line banking system and discussed the challenges in designing an
banking are convenience (including internet accessibility
integrated web based application for independent personal
financial organizer called I-PFO. I-PFO allows users to settle and ease of use) and security [5].
their financial commitments from multiple banks in a single
website. It also provides ease of use, tracking due dates, Hence, a secured integrated web application for multiple
organizing and personalization. The challenges of such system online banking services could be the solution in near future.
are security, value proposition to attract collaboration from banks It will resolve the concerns over security architecture and
and user acceptance. This paper focuses on security solutions for provide great conveniences to users. A web-based
I-PFO. application named Independent Personal Finance Organizer
(I-PFO) is proposed.
Keywords- multiple online banking; personalized financial
organizer; integrated web application; security solution;
integrated one-stop solution; II. CHALLENGES IN CURRENT ONLINE BANKING SYSTEM
I. INTRODUCTION The inconveniences that users face in current online
With the rapid growth of online businesses and users, banking system are as follow.
there appear many clusters of e-commerce applications that A. Excessive steps
do not physically link to each other in system perspective; Supposing a user has a car loan with Bank A but need to pay
yet, it is inter-related in business perspective. Online the loan using account from Bank B. User needs to login to
banking has been around since 1980s’ with it first Bank A account to check the car loan amount and loan
introduction in four major banks in New York [1]. However, account number. Next, user needs to login to Bank B
user acceptance only begin to pick up recently with account, key in Bank A loan account number and the loan
Consumer Payment Surveys in United Kingdom (UK) amount. Then, requests for a security pin code and wait for
reporting that 50 percent of regular Internet users in UK the code to appear in user’s mobile phone, finally, proceed
which constitutes of 22 million users are now banking on to final transaction. Besides, user also needs to navigate and
line [2]. In Malaysia, online banking was introduced about flip through multiple pages and websites before making
10 years ago and Bank Negara reported in 2007 that there payment.
were 4.5 million subscribers [3]. The numbers are increasing
each year as Malaysia continues to upgrade its Internet B. Multiple login usernames and passwords
infrastructure. Current online banking systems are offered With reference to the above scenario, users will have to
by individual banks, user with multiple bank accounts is remember various login names and passwords from
facing the inconvenience of safeguarding login names and individual banks.
passwords as well as following different security procedures
adopted by individual banks. Findings reveal that privacy,
security and convenience factors play an important role in C. No due dates tracking
determining the users' acceptance of e-banking services with There is no feature in the online banking system to remind
respect to different segmentation of age group, education users when the bill/loans are due.
level and income level [4]. Meanwhile, accessibility, design
and content are sources of satisfaction [5]. In terms of

978-1-4244-6716-7/10/$26.00 ©2010 IEEE


D. No integrated application in one single paage
User is unable to check the list of all finnancial monthly
commitments in one interface. Moreover, user is also unable
to one-click-pay to settle the bills/loans in one single
interface.

E. Discrimination on disable community


Persons who are visually impaired are not allowed to own
ATM cards, credit cards, and online accouunts to perform
banking transaction. This has caused massivve inconvenience
to them, while, some of them are highlyy educated and
knowledgeable in information technology.

Figure 2 User Interface


I of I-PFO
III. PROPOSED PRODUCT
I-PFO is a web-based application that allows users to
easily organize and check their perssonal financial IV. CHALLENGEES IN DESIGNING I-PFO
information from multiple banks using one log in. It is an
integrated one-stop solution for the user to pay
p bills or loans There are various challenges that confront the feasibility
from multiple bank accounts. Apart from thhat it also track of I-PFO. The most importaant challenge is how to ensure
due dates and allow customization and personalization. security. With one login, althhough it creates the much sought
Fig. 1 illustrates the proposed technologyy architecture of after conveniences, it also poosed a big risk to the user. The
I-PFO. I-PFO runs on PHP, FLASH and MySQL M database. second challenge is how to attract
a banks to collaborate and
Besides, it also uses Simple Object Acccess Protocol – allow a third party servicee provider into accessing their
Digital Signature (SOAP-DSIG) and Securee Sockets Layer databases. This requires a strong
s value proposition in the
(SSL) technologies for backend data extraction and form of product bundling apart from the comprehensive
transmission. SOAP is a standard messaginng layer used to design of the system. The thhird challenge would be how to
exchange any XML documents [6]. When developing web attract user to subscribe to such a service. Research using
services and B2B applications based on SOAP, security Technology Acceptance Model (TAM) on factors
issues are also important [7]. Due to thhis, in business influencing the subscriptionn of a new system would be
transactions, the security requirement of non-repudiation required. For the purpose of this research, it will only
needs to be satisfied. Thus, SOAP-DSIG will fulfil this address the security issue forr I-PFO.
requirement. Additionally, SSL will ensure data
confidentiality [7]. Therefore, I-PFO willl adopt SOAP-
DSIG and SSL concurrently. V. SECURITY SOLUTION FOR I-PFO
In order to reinforce seecurity system in e-commerce
software, the vulnerability points of a system where the
attackers commonly target have
h to be identified [8]. Using
an analogy of a house, the vuulnerability points would be the
entry and exit doors as well as
a windows.

A. Using Threat Model for I-PFO


I Security Development
Solution
When designing and deveeloping a system, it is important
to identify all the possible attack
a threats in the server [8].
Taking the same example off a house, the burglar will most
likely come in through the windows or the doors. Therefore,
the threat model seeks to t identify these points and
Figure 1 Technology Architecture of I-P
PFO implement defense strategiees to protect the house. IBM,
(Source: SAP Netweaver, 2004 and IBM, 2005)
which is the giant IT consuulting firm in United States has
The design of I-PFO is aimed at ‘easee of use’. The proven track record of provviding trusted security services
design concept of the application is securee, user-friendly, and solutions. Therefore, Figg. 3 shows the threat model that
simple and create value for both user annd banks. It is is adapted from IBM researchh paper [9]. The number ‘1’ and
designed to appeal to both non-IT and IT- savy
s population. ‘2’ shows the possible attackk points of the house.
It extracts up-to-date information in one paage for users to
keep track of their online accounts. With I-PF
FO, users do not
need extensive training to operate and navigaate. Fig. 2 below
showed the interface design of I-PFO.
many ways to authenticate an individual; it depends on who
is the audience, how they access to the site’s services, and
what are the risks when they do [11]. For I-PFO, easy,
flexible and convenient ways are the best solutions. Thus,
based on the best practices from the banks today, I_PFO will
adopt authentication security solution from VeriSign.
I-PFO identity protection and validation infrastructure is
the authentication infrastructure that combines something
that user knows (username and password) with one time
credential that is TAC (6-digit code) that is sent to user
through hand phone. A TAC would expire upon user
logging out from the account. This validation would take
Figure 3 Threat models
place before user can perform any transaction in I-PFO. Fig.
(Source: IBM, 2005) 4 shows the authentication infrastructure adopted from
VeriSign [11].
B. Security Solution for I-PFO
There are many challenges in the process of developing
a secure system for consumers. The biggest challenge is to
balance between convenience and protection, which usually
do not go well together. Thus, I-PFO will adopt the threat
model as a base to develop the security solution. Based on
best practices in today’s e-commerce site (e.g. Maybank,
CIMB), recommendation strategies by leading IT
organizations (e.g. Cisco, IBM), and research journals by
experts, and risk mitigation strategy, I-PFO will use the
most competitive security model.
Most security technologies address just one layer of Figure 4 I-PFO Authentication Infrastructures
(Source: VeriSign, 2010)
protection, leaving weak points in other layers that may be
vulnerable to attacks [10]. Thus, I-PFO would implement
multi-layered security protection, be it on technical and non- D. I-PFO Site Authentication
technical solutions for the best protection possible. The Site authentication helps consumers to ensure that they
following is the list of solutions that I-PFO plans to use: are on the genuine I-PFO site. The padlock icon and https://
• I-PFO Identity Protection and Validation in the browser show the site secured with SSL Certificate
Infrastructure will use the combination of username, and it will encrypt consumer’s information during
password, and TAC as authentication. It combines the transmission and extraction. Fig. 5 and 6 show sample of
concept of something you know (a username and password) secured website with SSL certification [12].
with something you have (a credential with a one-time SSL certificates provide a private communication
password) [11] protocol that encrypts data between the user’s computer and
• I-PFO Site authentication (with SSL certificate) the site’s server [12]. When SSL-protected page is
helps consumers verify that they are on the correct Web site, requested, the browser identifies the server as a trusted
and not an imposter or phishing site [12]. entity and initiates a handshake to pass encryption key
• Risk-based authentication (Fraud Detection information back and forth [12]. With this, hacker sniffing at
Service) learns how each user behaves and requires potential networks cannot read the contents.
additional authentication when a fraud risk is detected [13]. Government certified authority would issue the SSL
• Server Firewall to ensure that requests can only certificate to the server. When a request is made from the
enter the system from specified ports, and in some cases, user’s browser to the site’s server using https://.., the user’s
ensures that all accesses are only from certain physical browser checks if the site has a certificate it can recognize.
machines [14]. If a trusted certificate authority does not recognize the site,
• User education is important to make them aware of then, the browser issues a warning as shown in Fig. 7 [9].
various online threats, so that they can make a good
judgment in all aspects of security issues in order to make
the system as secure as possible [8].

C. I-PFO Identity Protection and Validation Infrastructure


Authentication is the process of identifying genuine
Figure 5 I-PFO website with secured SSL Certification
users logging into I-PFO. In the market today, there are
The outer firewall has ports open to allow ingoing and
outgoing HTTPS request. This will allow the client/user
browser to communicate with the server. A second firewall
sits behind e-commerce servers. This firewall is more
Figure 6 Secure Icon in Microsoft Internet stringent, allowing only requests from trusted partners’
(Source: VeriSign, 2010)
servers on specific ports. This is a good model when I-PFO
interfaces with banks and other institutions to ensure that all
necessary security is enforced. Both firewalls are with
intrusion detection software to detect any unauthorized
access attempts.

Figure 7 Warning to user

E. Risk-based Authentication / Fraud Detection Service


(FDS)
If a user logs on and attempts to perform actions that he
is not entitled to perform, the system locks the account as it Figure 9 I-PFO Server Firewall
(Source: IBM, 2005)
indicates illegal intrusion. In other words, if it exceeds the
risk threshold, the intervention engine will be invoked [13].
Internal monitoring team will immediately look into it and G. User Education
resolve the issue. The rules and behavioral engine will help No matter how advanced the technical enforcement in
to provide early warning of attacks such as malicious the system, the site is only as secure as those who use it
intrusions, non-legitimate network traffic, and malware [15]. Just like a house, one can have the most expensive and
sources to that may cause potential denial of service (DoS) sophisticated grill and lock installed, but if the owner
attack. Fig. 8 shows the flow of risk based authentication carelessly leaves the door unlocked, exposing the house
adapted from VeriSign Security Solution [15]. regardless of the level of security available. Same
explanation applies to online systems that if the users choose
a weak password and do not keep their password
confidentially, they expose themselves to various threats and
attacks. Therefore, user needs to use good judgment when
giving out confidential information, and be educated about
possible phishing fraud and other social engineering or
online attacks.

VI. PROPOSED OPERATION FLOW OF I-PFO


Fig. 10 shows the proposed operation flow of I-
PFO using selected security measures.

Figure 8 I-PFO Risk Based Authentication / Fraud Detection Service


(Source: VeriSign, 2010)

F. Server Firewall
Server firewalls ensure that all requests can only enter
the system from specified ports, and ensure that all accesses
are only from certain physical machines [8]. I-PFO will
adopt the server firewall model from IBM security solution,
where a demilitarized zone (DMZ) using two firewalls will
be setup. The model is as shown in Fig. 9 [14].
VII. CONCLUSION
User Interface Backend System Security Framework
The concept of I-PFO may not sound feasible at
Start
present in view of the various challenges mentioned
Server Firewall above. Nevertheless, it proposes the convenience that
protection
any user would like to have in near future. More
First
researches need to carry out to address all other
authentication:
User key in the
I-PFO username and obstacles.
password
username, and
authentication
password. ACKNOWLEDGMENT
The authors would like to thank the School of
Second
authentication:
System receives
request and sends TAC
I-PFO one time Computer Sciences, USM for organizing the writing
credential
User requests TAC to user’s hand phone.
authentication, workshop under the APEX incentive grant that provides
6-digit TAC the platform to produce this paper.
User keys in the I-PFO Fraud REFERENCES
TAC in I-PFO. Detection Service
[1] Mary J Cronin, Banking and Finance on the Internet, New
York Van Nostrand Reinhold, 1997.
[2] Kirky, Online Banking exceeds 50% usage by internet user,
No Terminated.
2010, http://www.onlinebankingreviews.co.uk/ (accessed 14 Feb
System
Log for risk
I-PFO Identity 2010).
Identity protection &
Verification investigation. [3] Yee YY, Yeow PHP, “User acceptance of internet banking
validation
service in Malaysia”, WEBIST 2008, LNBIP 18, pg295-
306, 2009.
Yes
[4] Poon, “Users’ Adoption of E-banking Services: the
User checks Systems ref resh and
Malaysian Perspective”, Journal of Business and Industrial
his/her extract the updated SOAP-DSIG- SSL Marketing, Vol.23, No.1, pp.59-69, 2008.
personalize data and publish in
the I-PFO.
protection for data [5] Poon and Tan, “Spread of E-Banking in Malaysia: A
f inancial page.
extraction Consumer Perspective”, The ICFAI university Journal of
Bank Management, Vol.VII, No.4, pp.71-84.
[6] SAP Netweaver, SOAP-Based Transfer of Data,
No <http://help.sap.com/saphelp_nw04/helpdata/EN/80/1a627ee0721
Due date >= X
Nothing 1d2acb80000e829fbfe/frameset.htm>, 2004 (accessed 14 Feb
days? 2010).
[7] Satoshi Hada, SOAP Security Extension: Digital
Yes
Signature,<http://www.ibm.com/developerworks/webservices/li
Notes: brary/ws-soapsec/>, 2001 (accessed 14 Feb 2010).
For example, if Blinking "DUE"
the current bill [8] Dieter Gollmann, “E-commerce Security”, Computing & Control
due is DIGI, I- Engineering Journal, vol. 11, pg. 4, 2000.
PFO shows
blinking “DUE”. [9] Darshanand Khusial, Ross McKegney, E-Commerce Security:
Server Firewall
Attacks and Preventive Strategies,
protection
<http://www.ibm.com/developerworks/websphere/library/techartic
les/0504_mckegney/0504_mckegney.html>, 2005 (accessed 14
User selects DIGI Feb 2010).
icon, then, drag and Server No
Terminated.
drop CIMB icon authenticate
Log for risk I-PFO Fraud [10] IBM Redguide, Introducing the IBM Security Framework and
near DIGI icon or correct Detection
vice versa. partner?
investigation.
Service IBM Security Blueprint to realize Business-driven Security,
<http://www.ibm.com/developerworks/wikis/display/IBMSecurity
Blueprint/IBM+Security+Framework+Page>, 2009 (accessed 14
Yes Feb 2010).
[11] VeriSign, VeriSign Identity Protection (VIP)
I-PFO interf ace with SSL Certification Network,<http://www.verisign.com/authentication/consumer-
partner's f or secured protection for
payment transf er. (The
authentication/shared-authentication-network/index.html>,2010
interfacing with
correct user account partners
(accessed 14 Feb 2010).
inf ormation is sent f rom
CIMB to DIGI) [12] VeriSign, Secure Socket Layer (SSL): How It Works,VeriSign,
<http://www.verisign.com/ssl/ssl-information-center/how-ssl-
security-works/index.html>, 2010 (accessed 14 Feb 2010).
“Transaction Success”
Yes [13] Li Bo, Xu Congwei, “E-commerce Security Risk Analysis and
and the summary
Transaction Management Strategies of Commercial Banks”, International
report is published. success?
Forum on Information Technology and Applications,
vol.1, pg.423, pg.424, 2009.
“Transaction Fail” and
No
[14] Han Zhang, Gerald Weber, William Zhu, Clark Thomborson,
the summary report is
published. “B2B E-Commerce Security Modeling: A Case Study”, vol.2,
pg.1, 2006.
[15] Ge Qingping, Feng Li, Yang Li, “Probe into E-commerce
Figure 10 Operation Flow Chart of I-PFO Security Technology”, 2009 International Forum on Computer
Science-Technology and Applications, vol.2, pg. 426, pg.427,
pg.428, 2009.