网上银行(online banking)安全性探究

关键词:网上银行安全性online banking




Online banking is a convenient tool which is used for payment on the internet, increasingly people use online banking to buy some articles for daily use. This style of payment becomes popular as the development of Internet. However, some malicious and criminal users find out the vulnerability of online banking or make a trap to steal or to swindle money from the consumers' account. As the development of high technology, more sophisticated attacks are made by the criminal users, in other words, consumers suffer huge losses by using online banking. In recent years, all kinds of Internet fraud have come up, for instance, a method used to get the information of the consumers' account called phishing is a common fraud by using deceitful email that appear to come from a regular organization or other commonly banks; replica website used to capture the detail information; viruses can infect programs or documents and pass from a computer to another; worms can make a replica of itself and infect other computer through networks; furthermore, the Trojans is a powerful program which can broadcast the confidential data unimpeded.


As the growing security problems and standardize and safeguard the financial order, banks are trying to improve their security system with the aim of being protected effectively. SMS (short message service), smart card, Dynamic ID card and other hardware token are widely used to protect the security of online banking. The details will be introduced as follows.


Technology Involved
As the expanding number of consumers using the online banking, a high standard of security is required to support the different business deals in different situations. An authentication approach which called two-factor authentication is popular and widely employed by the banks. The basic two factors are something that the user knows and something that user has. Actually, the factor that the user knows is well-known as password, PIN or passphrases which are common used in different areas in our daily life. In recent years another significant authentication factor is employed by many banks ---- a taken that the user possesses. Four detail types of this new authentication factor are classified which include that a certificate based approach, a one-time password,, a timer based (short) password approach and a certificate- smart card based approach.


the certificate based approach
The certificate based approach is set on PKI (public key infrastructure) which is known as a digital certificate or identity certificate. This approach is applied in USB sticks, websites, and smart cards with the combination of username-password, PIN or pass-phrases together. The certificated based approach has high cost performance ratio and can be implemented easily. However, the approach is vulnerable to a threat without a support of transmission security.


the one time password approach
One time password just as the name implies the password can be only used one time and then it loss its function. The most common application used for one time password is SMS. When the consumers log on their online banking to pay for something, an identifying code which consist of real number or letters are sent by the

