Banking

1. e-Banking http://www.scribd.com/doc/6928663/10-Ebanking-delivery-channel http://www.ehow.com/about_5137259_ebanking.html
 * Definition**: Electronic Banking is the automatic delivery of new and traditional banking services to customers via electronic communication channels. These services include accessing accounts, transacting businesses, and attaining monetary information. E-banking can be accessed through computers, personal digital assistants, and mobile phones.

media type="youtube" key="Q62IcYsXBW0" height="385" width="480"
 * Technology**

Although E-banking is convenient, there are numerous security issues associated with it. The security issues are usually divided into three categories: breaches with serious criminal intent such as fraud, breaches by hackers such as the denial of service, and flaw in system design. Furthermore, if the bank is updating its system and/or is experiencing downtime, individuals who need immediate access to it will not be admitted. Therefore, this reduces the equality of access and could prove detrimental. Furthermore, the reliability of the e-banking website may not be as great due to inaccurate or altered information. This inaccuracy could lead to confidential information spreading, money being illegally transferred, and information being tampered. http://www.fsa.gov.uk/Pages/Library/Communication/Speeches/2000/sp46.shtml
 * Issues** (Security, Equality of Access, Reliability)

When accessing an account online, individuals should resort to using firewall programs to ensure the security of their account. Firewall is a program that protects the resources of a private network from other networks. Therefore, when one individual is accessing their account information, Firewall will prevent others from intercepting an gaining access to private data resources. There are numerous firewall screening methods such as screen requests to make sure that the user comes from an acceptable domain name or IP address. http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212125,00.html
 * Solution** (Security)

2. Paypal

1) ** Definition ** - PayPal is an e-commerce business allowing payments and money transfers to be made thorugh the internet. PayPal serves as an electronic alternative to traditional paper methods such as checks and money orders.  []   2) ** Technology ** – PayPal uses encryption software. Encryption is the conversion of data into a form, called a cipher-text that cannot be easily understood by unauthorised people. Cipher-texts are codes like “1, 2” which is impossible for people to understand. Decryption is the process of converting encrypted data back into its original form, so it can be understood. So for example, when someone purchases a product through the E-commerce service, the information such as credit card number must be shared to the e-commerce service, so the PayPal encryption can convert the data into cipher-text; therefore it keeps the bank credit card number very secure from hacking.  [] 3) ** Issues that we can raise ** – The use of PayPal technology brings to an issue of security. Because it acts like an online banking system, it holds a lot of customer’s money on the web and makes millions of financial transactions; even it offers credit cards for their customers. But the problem is that, it is not regulated or recognised as bank, one reason is because PayPal lacks in personal securities. When every purchase is made, the customer’s real name and personal E-mail is revealed between the seller and buyer. So some hackers could have a PayPal account in order to get personal details about the buyer or seller. Personal PayPal account contains every information about the user such as their real name, credit card number and their personal E-mail address, because personal details are required to verify the identification and for transaction of the money. Past few years, many hackers tried to hack into people’s personal PayPal account. One way that hackers used was Phishing. Phishing is a fraudulent attempt, usually made through E-mail and camouflages itself or try to lure the user to click on a hacking link, which then leads to a steal of people’s personal information. So as a result when people click onto the links of the E-mail, it automatically hacks into your personal data, which means that hackers can now access personal PayPal account and steal the personal details. Moreover, the personal information can be used for malicious uses. [] [] **4) **** How can we solve it – ** Solution to phishing is using Anti-Phishing software, which allows people to filter the phishing links or E-mails, so that it prevents from hacking into your personal information. Also, to prevent phishing happening, people must take responsible for their own. So people must check their E-mails carefully whether it’s from unknown sender and never click on a link in an suspicious E-mail that asks personal log-in information or password. []

3. ATM

**What is it?** ATM stands for Asynchronous Transfer Mode which is a digital data transmission technology that has been developed in mid 1980s. It uses both properties of circuit switches and packet switched network. It offers features of packet switching technology at high speed for LAN and WAN networks. ATM can transport any transmission such as data, voice, and video in a single data stream over the physical medium. [] **Technology-** It uses cell-based packet communication in which connections run parallel. This allows ATM switch to support multiple conversations. SVC (switched virtual circuit) performs between sender and receiver when data is being transferred in ATM network. The data is then converted into fixed length cells which transmit through network and reassemble into packets when reaching the destination. [] **Issues (Integrity, Reliability Security)-** The magnetic strip of ATM card has information on bank ID and bank account number. The encoded information is not encrypted, making it vulnerable to crimes and anyone with a magnetic card reader can swipe the card to copy it. Recently, some fraudsters have put a small magnetic card reader before ATM card reader which steals the card information and PIN. The information in ATM card would be read when the victim slides it in and the fraudster would record the PIN by putting a pin-hole camera in the corner of the room with ATM machines before hand. [] Another solution can be using ADT Anti-Skim ATM Security Solution which is installed inside ATM near the card reader so that it can’t be seen from outside. It detects any foreign devices near ATM card entry slot without interrupting transactions or operations of ATMs. It can instead interrupt the operation of illegal card reader and trigger silent alarm which triggers response from the command center. It requires no additional software adjustments to ATM since it isn’t connected to ATM communications network. [] []
 * Solution-** One solution is to use hardware token; if the card supports NETs, it would request hardware token displayed number instead of PIN. Unlike PIN, hardware token have numbers displayed that are time dependent and cannot be re-used, so even if the fraudster copy the card and film the number that had been entered, it would be useless because the number can’t be reused and is not supported on foreign ATMs.

3. EFT **Definition:** Electronic Funds Transfer (EFT) is a system of transferring money from one bank account directly to another without any paper money changing hands. [] **Technology:** It is used for both credit transfers, such as payroll payments, and for debit transfers, such as mortgage payments. Its use has become widespread with the arrival of personal computers, cheap networks, improved cryptography and the Internet. The history of electronic funds transfer originated from the common funds transfer of the past. Since the 19th century, and with the help of telegraphs, funds transfers were a usual thing in commercial transactions. Finally, it migrated itself to computers and became the electronic money transfers of today. T he table below shows the uses of Electronic Fund Transfer for consumers and businesses. Consumer oriented/decentralized EFT services Services that facilitate the transfer of information EFT services that involve direct money transfer Institution oriented/centralized EFT services Registration for EFT is quite a simple one-time process. The information you will need to successfully register for the ACH debit option is your bank routing number, bank account number, type of bank account, contact name, contact phone number, and contact e-mail address.
 * Check and credit authorization
 * Check verification
 * Check guarantee
 * Account status Inquiry
 * Deposit
 * Cash withdrawal
 * Bill or loan payment
 * Interaccount transfer
 * Debit of transaction balance with overdraft privileges
 * Credit purchase
 * Cash advance
 * Direct deposit of payroll
 * Preauthorized debit services
 * Corporate cash management (including interbank and Intrabank transfers
 * Interbank settlements and clearings

[] http://www.fas.org/ota/reports/8223.pdf

**Security:** Security in EFT refers to the protection of EFT systems from unauthorized access and use of their data. If security is violated, there are risks for maliciousness, extortion, blackmailing, and terrorism. In response to security concerns of consumers, The Electronic Funds Transfer Act was established in 1978 (9). This act defines the rights and responsibilities of EFT consumers and providers. For example, the act: l. Sets limits on the liability of consumers if there are errors in an EFT transaction or if an improperly authorized transaction is executed; 2. Establishes the responsibility of consumers for ensuring the security of their EFT accounts and for reviewing statements provided by the financial institutions; 3. Establishes requirements for the documentation of an EFT transaction that must be provided to the consumer, including definition of the contents of a receipt provided at the time of a transaction and the timing and content of periodic statements that are issued by the service operator; 4. Establishes rules governing the issuance of EFT access devices.

The Right to Financial Privacy Act of 1978 limits the right of the Federal Government to access financial records of individuals and small partnerships, as well as the right of financial institutions to reveal such records to the Government. It applies only to the Federal Government and not to other organizations and institutions that might seek information. []  ** Issues that can be raised & solutions: ** Privacy: The concern of privacy can be raised while using the EFT system. Personal data in EFT systems may be exposed to third parties by the financial institutions. A lot of personal data is contained in EFT systems because many people use credit/debit cards or have bank accounts, which when revealed or stolen can be used for malicious purposes. A major solution is implementing privacy policies. For example, federal and state laws allow you to restrict the sharing of your personal information. []