Professional Documents
Culture Documents
A)
.
Page 1 of 22
CONTENTS 1. Introduction.......................................................................................................................... 3 2. Work done in this field ............................................................................................................... 6 3. Noteworthy contribution in the field of proposed work ............................................................ 7 4. Proposed methodology during the tenure of the research ....................................................... 8 5. Expected outcome of the purpose work..................................................................................... 9
Outcome for Industry: ............................................................................................................................ 9 Outcome for Individuals and Society: ................................................................................................. 10
Page 2 of 22
1.
Introduction
Last 2 decades Internet has become the core infrastructure for the vast majority of individuals and financial transactions. Every individual, company, small or big organization wants to save time and paperwork by using online banking and financial applications. In todays highly collaborative financial environment, customers, employees and business partners can access more business and financial information than ever before. Its available in real-time and usually at the press of a button. .To increase the user experience and also to reach out to the remote areas Banks and financial institutes are focusing more on Internet based applications which can provide 24 X 7 availability and easy access to its customers. Now in new era organizations are migrating to a new concept known as Cloud Computing, so the dependency on secure application and infrastructure to perform secure financial transaction is increasing day by day. As the global economy goes digital the global underworld follows suits. If money is stored and moved around the internet the criminals are also changing their game plans and migrating from physical crime to more sophisticated, less dangerous and less violent online options like Hacking, fishing etc. Every day, cybercriminals are devising new and ingenious attacks to profit illegally off the backs of financial organizations both large and small. Be they banks, credit unions, credit card processors or mortgage houses, these firms must find a way to adjust to this evolving attack landscape to prevent these threats from wreaking havoc on the bottom line. The fraudsters goal is simple and limited: steal online banking credentials, set up online transactions, and transfer money undetected. The various techniques they use are all just different ways of accomplishing the same thing. Their strategy is to lure unsuspecting individuals with online access to personal or business banking accounts to well designed fake sites or put malware on their computers to steal credentials, and occasionally even hijack sessions. Criminals are focusing on the weakest link the account holder (and its not entirely the end users fault). Their attacks are relentless, sophisticated, and pervasive and can defeat most antivirus and anti-malware solutions. Collectively, users dont stand a chance and education is only part of the solution. Dont get drawn into simply building stronger defenses around the user fraudsters will get through them. Commercial organizations are getting more and more competent and margins are constantly reducing which is forcing organizations to rely more on automation i.e. use sophisticated and robust applications for Banking and Insurance business so that they can still keep pace with changing market conditions. Thus applications need to be more secure and safe as any online fraud or security breach can damage the organization image and results in big loss or hefty penalties. Financial institutions stand to not only lose money stolen through fraud, but also the amount needed to pay legal fees, the cost to report the breach to customers and fees from compliance organizations. Whats more, they will lose even more in reputation damage, brand damage and customer departures. 20 percent of customers leave immediately upon finding out an organization suffered a breach.
Page 3 of 22
Financial institutions have responded to consumer demand with new service options that can prove dangerous. Among these new options: Social Networking. Social networking sites are commonplace today; an opportunity for institutions to reach key audiences. But there are so many ways that social media can hurt a company. For example, an innocuous statement from an over-zealous employee like, Busy weekend coming up. I'll be working on the latest release! could be used by a competitor or a criminal. And many of the applications and games that are available on social media sites were crafted specifically to introduce malware to a users PC. Mobility. Mobility has become paramount to sales, marketing and customer service strategies, as younger clientele especially clamor to conduct their banking business on the run from their mobile phones and handheld devices. That means institutions are creating services to do exactly thatfrom deposits to bill payments. Unfortunately, that newfound freedom introduces complexities, including a higher level of risk in terms of theft, malware and even direct attacks. And a lot of the risk is out of the institutions control and in the hands of customers with varying degrees of security savvy. IT Consumerization. Financial institutions empower employees with more business tools like smartphones,netbooks and laptops that take data beyond the traditional erimeter. Most banks are doing it right, by providing them with corporate laptops and secure access methods. But there have been mishaps that put consumers at risk. For example, a laptop containing customer account information may get stolen from the office or home. Cloud Computing. The cloud is the future for financial services, as in every other industry sector. The new delivery model promises cost savings and efficiencies as well as agility and innovation. But do institutions should have some sound strategies for putting sensitive data out there. As the custodians of confidential customer information, they are responsible for its safekeeping. So putting that data in the hands of a third party ups the ante in regard to security and compliance implications. Institutions cant afford to stick with old delivery models, butthey have to approach the cloud with renewed focus on risk mitigation. Whether its from treacherous insiders stealing data or malicious cybercriminals hacking into company resources, financial institutions face risk from both inside and outside the organization. Whether an insider steals information for financial gain or a crook from halfway across the globe plants malware that eventually gives him unauthorized account access, the risks are the same: costly. The average breach cost organizations about $6.75 million in 2009. While each side of the coin poses unique threats, the financial sector can minimize the doublesided risks with very similar tactics. These solutions rest on the security fundamentals of solid vulnerability management, device control, application control, and sound monitoring and reporting practices.
Looking this as a serious threat regulators are stepping into the breach and establishing the data protection legislation and this is increasingly supported by fines and other non-financial sanctions. As lots of personal data are collected and help electronically and therefore every data controlling organization has to ensure that applications are secured. Every country (US, EU,
Page 4 of 22
India) has some measures to protect the data. The Payment Card Industry Data Security Standard ( PCI DSS) mandates specific security controls for all merchants that accepts payments by card , whether online or offline. PCI DSS contains specific requirements around application security and application security testing.
In most of the European countries common man is getting more and more educated regarding the data security and data protection due to higher computer literacy. However in India still lot of work needs to be done on these areas as many countryman are still unaware of these threats and are easy victims of Internet, data fraud. This research is all about understanding the threat and then proposing the way in which applications and infrastructure should be designed, tested and monitored so that we can avoid any fraud minimize data security incidents. Also this research will help to educate the individuals and society on Internet frauds, Importance of data security and in case they become victims of Internet fraud than what actions they can take against individuals, companies for recovery.
Page 5 of 22
Name
College/University
Topic
Design and development of secured mobile payment system framework for higher academic institutions.
Few companies Lot of research is currently going on in this area but as its a very dynamic topic it requires more and more individuals/companies/ banks and financial institute to do more and more and try to mitigate the risk of fraud.
Page 6 of 22
Page 7 of 22
Page 8 of 22
Page 9 of 22
Range (1-5) Not follows the basic security and security trends which are in market and do not demonstrate an understanding of market direction. Outcome for Individuals and Society: This research will help laymen to understand what data security, is all about and its importance and make them more aware of various hacking mechanism like fishing, Internet fraud etc which are used by cyber criminals. Also make them aware on How to make sure that while using any applications their data is secured and their systems cant be hacked. Also this research will guide individuals and masses on what to do and what not do in case they become victim of Internet frauds.
Page 10 of 22
6. Bibliography
BOOKS:
Security Testing Handbook for Banking Applications by Arvind Doraiswamy, Sangita Pakala Nilesh Kapoor, Prashant Verma , Praveen Singh , Raghu Nair and Shalini Gupta Data and applications security: developments and directions: By Bhavani M. Thuraisingham No Author Given: Protecting Financial Enterprise Data from Two Faces of Risk Best Practices for Building a Holistic Security Strategy White Paper The Financial Institutions Guide to Securing Information and Trust
Page 11 of 22
Page 12 of 22