Results 1 to 7 of 7

Thread: security mobile banking

  1. #1
    Junior Member
    Join Date
    Oct 2011
    Posts
    2

    security mobile banking

    I'm an italian student of computer engineering.
    I'm preparing the final test about security of mobile banking. I need to know how banks grants the security of their transaction (at the low level and not high one) and if there are some vulnerabilities.

    If you don't have these information could paste only the link which have them.

    hope in a useful answer

    regards
    mamidd

  2. #2
    Senior Member
    Join Date
    Mar 2008
    Posts
    262
    AFAIK each of the major banks select and use their own security measures.
    Those measures can vary by customer as well. For example Bank of America uses SSL plus the usual userID/password along with other account identifiers such as the state where the account is located and a user selected icon to protect against site forgery. A customer can optionally use an RSA SecurID for additional security. Bank of America along with most other banks have their own mobile application that eliminates the use of a browser.

  3. #3
    Junior Member
    Join Date
    Oct 2011
    Posts
    2
    i known these things. i want to know more of specific information. Such as how bank and customers exchange information? how bank can grant security during the communication with its customers?

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    @mamidd,

    I am afraid that I do not understand your question

    You log in to the banking system with your user id, password and a token?................

    The bank send you session credentials, which it subsequently uses to verify that it is you they are talking to.

    You do your business and logout.............the session is closed and the credentials are invalid?

  5. #5
    Senior Member
    Join Date
    Mar 2008
    Posts
    262
    More specific information is proprietary and disclosure of same is in itself a security breach.
    Proprietary security methods and procedures is not an appropriate topic for public discussion.

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    The systems being discussed here have already been placed in the Public Domain by their providers by virtue of them offering the services to members of the general public.

    I would have thought that the only vendor or provider specific details that might be privileged would be in the areas of design and implementation and not really have any relevance to security. From an academic viewpoint one is allowed to assume that whatever has been done has been done properly?

    The underlying requirements would be (from the user's viewpoint):

    1. Establish a secure connection.
    2. Ensure that the connection is with whom it is supposed to be.
    3. Authenticate your credentials securely.
    4. Close the session/connection properly.
    5. Don't leave any compromising traces lying around.

    As far as the bank is concerned all they are really interested is that the user provides the required authentication details and a valid transaction type. Typically this would be user ID, account number and password. In more sophisticated systems a part of the authentication may come from a dynamic or static token device.

    If you think about it, the most common mobile banking transactions are conducted using a plastic card and a 4 digit PIN? These days you generally have chip and PIN, where the chip acts as a form of token device and the PIN is the password.

    I guess the question arises of what do you mean by "mobile banking"?

    There are three basic sorts:

    1. Plastic card
    2. Telephone
    3. Internet

    And what do you classify as a "transaction"?............. different types have different security implications.

  7. #7
    Senior Member
    Join Date
    Mar 2008
    Posts
    262
    Actually there are several security layers and protocols being used in remote banking transactions that the user is not aware of. Many of them are related to the data presented such as an account type, number or request, not user sign on authentication.

Similar Threads

  1. Windows Error Messages
    By cheyenne1212 in forum Miscellaneous Security Discussions
    Replies: 7
    Last Post: February 1st, 2012, 02:51 PM
  2. Ethical Hacking!
    By E5C4P3 in forum AntiOnline's General Chit Chat
    Replies: 33
    Last Post: January 17th, 2008, 12:40 AM
  3. Tips
    By XTC46 in forum Site Feedback/Questions/Suggestions
    Replies: 15
    Last Post: August 24th, 2005, 07:52 PM
  4. NEWS: This weeks security news. 10/2/02
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 1
    Last Post: October 2nd, 2002, 09:32 PM
  5. Latest SANS Update
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: May 29th, 2002, 09:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •