There is increasing coverage in the literature highlighting threats to online financial systems. Attacks range from the prevalent reverse social engineering technique known as phishing; where spam emails are sent to customers with links to fake websites, to Trojans that monitor a customer’s account log on process that captures authentication details that are later replayed for financial gain. This ultimately results in loss of monetary funds for affected victims. As technological advances continue to influence the way society makes payment for goods and services, the requirement for more advanced security approaches for transaction verification in the online environment increases. This paper has three main purposes. The first is to detail the current threats and vulnerabilities to online financial systems and in particular online banking, from the selected literature. The second is to present the known prevention techniques for protecting against these attacks. The third is to present a conceptual model for authentication, data entry and transaction verification. It is suggested that the design adds another layer of security to existing methods to either prevent a MitM attack or to make the procedure of capturing and reassembling customer log on and transaction details more computationally and time intensive than what it is worth to an attacker. The model is based on a graphical authentication application previously developed called Authentigraph.
|Title of host publication||Proceedings of the 6th Australian Information Security Management Conference, Edith Cowan University, Perth, Western Australia, 1st to 3rd December 2006|
|Publisher||Security Research Centre, School of Computer and Security Science, Edith Cowan University, Perth, Western Australia|
|Publication status||Published - 2008|
Wells, J., Huthinson, D., & Pierce, J. (2008). Enhanced Security for Preventing Man-in-the Middle Attacks in Authentication, Data Entry and Transaction Verification. In Proceedings of the 6th Australian Information Security Management Conference, Edith Cowan University, Perth, Western Australia, 1st to 3rd December 2006 Security Research Centre, School of Computer and Security Science, Edith Cowan University, Perth, Western Australia.