Title :
Defending E-Banking Services: Antiphishing Approach
Author :
Martino, Antonio San ; Perramon, Xavier
Author_Institution :
Univ. Pompeu Fabra, Barcelona
Abstract :
This paper presents the authentication environment defined for securing E-Banking applications. The proposed method is part of a Phd Doctoral thesis aimed at defining a model for secure operation of an Internet Banking environment, even in the presence of malware on the client side. The authentication model has been designed to be easily applicable with minimum impact to the current Internet banking systems. Its goal is to be resistant to the nowadays too frequent phishing and pharming attacks, and also to more classical ones like social engineering or man-in-the-middle attacks. The key point of this model is the need for multifactor mutual authentication, instead of simply basing the security on the digital certificate of the financial entity, since in many cases users are not able to discern the validity of a certificate, and may not even pay attention to it. By following the rules defined in this proposal, the security level of the Web Banking environment will increase and customers´ trust will be enhanced, thus allowing a more beneficial use of this service.
Keywords :
Internet; authorisation; bank data processing; electronic commerce; Internet banking system; Web banking environment security; antiphishing approach; authentication model; digital certificate; e-banking service; financial entity; malware; man-in-the-middle attack; multifactor mutual authentication; pharming attack; Authentication; Banking; Data security; Guidelines; IEC standards; ISO standards; Information security; Internet; Proposals; Protection; E-Banking; antiphishing; security;
Conference_Titel :
Emerging Security Information, Systems and Technologies, 2008. SECURWARE '08. Second International Conference on
Conference_Location :
Cap Esterel
Print_ISBN :
978-0-7695-3329-2
Electronic_ISBN :
978-0-7695-3329-2
DOI :
10.1109/SECURWARE.2008.9
