This refers to Electronic Banking Case Study 2015
Answer all questions.
1. Outline the meaning of the following terms.
(a) phishing [2 marks]
(b) push/pull technology [2 marks]
2. TransEuropa is based in a European country where it has been established for many years. It also has a presence in some developing countries where its branches are confined to the major cities.
(a) Outline two main areas for securing the transaction. [4 marks]
(b) Outline the process for the customer to do the transaction. [4 marks]
3. Michael explained that, as the online operations are carried out over the internet, the security was based on the SSL protocol, which makes use of both asymmetric and symmetric encryption.
Explain how asymmetric and symmetric encryption works in this case. [6 marks]
4. Discuss the development for electronic banking in the future and the further impact for the societies.
. [12 marks]
1.a. Phishing is an e-mail fraud scam conducted for the purposes of information or identity theft, such as usernames, passwords, and credit card details (and sometimes, indirectly, money)
b. Push technology: A data distribution technology in which selected data are automatically delivered to the user’s computer or mobile device in real time or at prescribed intervals. E-mail messages, calendar updates, text messages, information and advertisements are examples of data that are pushed to the user. Pull technology, in contrast, is specifically requesting information from a particular source. Downloading Web pages via a Web browser is an example of pull technology. Getting mail is also pull technology if the user initiates a request to retrieve it.
2.a. Answer may include:
– User Authentication – avoid bots (captcha, virtual keyboard etc)
– Data Transmission – strong encryption will be needed for this purpose
– Intranet Network – may suggest using VPN (Virtual Private Network)
– Internal Software – need to be monitored from time to time, and upgrade/update the patch
– Installation of third party software to strengthen the network: Firewall, Anti Virus etc.
b. The transaction process:
– customers need to input username and password to begin the transaction
– the system will try to authenticate the customer by sending a security questions that only customer understood
– TAN will also need to enter, customer use their own device to generate TAN
– Once TAN verified by the server, customer can begin to do the transaction they want
3. Asymmetric Encryption is a method of encryption that use two keys (e.g., RSA)—a public and a private one. The public one is available for everyone, but the private one is known only by the owner. When the message is encrypted with the public key, only the corresponding private key can decrypt it. Moreover, the private key can’t be learned from the public one. Symmetric Encryption is another method that holds a secret key, which can be a number, a word, or just a string of random letters, is applied to the text of a message to change the content in a particular way
4. Answer may include:
– There will be a special device that used to do the transaction. The device has connected with the bank internal system, preventing the customers that may forget their authorization process. However, this will become disaster, if the customer has lost the device, since other people may do the transaction also. But we can figure out the solution, which is block the access once the device is missing.
– Centralized data. Electronic banking in the future probably can provide “unlimited” storage to store all of the transaction that made. In one side, using one huge database makes customers feel safe, because the place or the server should be secured. It’s also efficient, since we only apply the security for one system. However, it also become one consideration that using one data may led to the failure of data integrity. Even though it’s almost not possible to break in, hackers will try to do so, since his/her target has already known. This can be avoided by using several fake server that act as if it was a real server.
– Mobile Wallet will become popular. As the technology is rapidly growing, customers will see no real money. Instead, they will do all the transaction using their gadget. There is one global system that arrange all of these, so that all transaction that the customer make, linked directly to their own bank account, once they do the transaction. It’s efficient, because customers will only bring his/her device wherever he/she go. In contrast, it’s also dangerous to put all transaction into one system. When the server down/encountering error, customer will not be able to do any transaction until it up again.