Question

Develop a map specific to bank's client needs , addressing all the issues and elements that are important for the increased security of the bank's online service , Keeping in mind for the banking requirements, stakeholders and security. ?????

Go through the cyber physical system ...

Answer 1

Strong Password or Pass Phrase Support - A common practice in online banking systems is to require passwords that meet certain criteria:

• Minimum length requirement (usually eight characters)
• Use upper and lower case letters
• Must include a number or special character

Banks should be encouraging customers to use long pass phrases, such as "Turkey and stuFFing at 4599 Pet$ Road." Pass phrases like this are difficult to guess or crack using brute force password attacks.

2 - Risk-Based Authentication - Many online banking systems today employ risk-based authentication (RBA) to prevent unauthorized access to customer accounts. A common RBA method uses a combination of challenge questions and security images. A weakness in many systems is the use of questions that hackers can easily answer with a minimal amount of research on Facebook, Geni.com or similar social sites

.The purpose of using a security image in online banking systems is to help a customer identify phishing sites. In theory a phishing site would not be able to show the correct security image for a specific user and therefore the user would not enter his credentials into the phishing site. One vulnerability of these systems is image harvest attacks.

When the collection of available images is small, hackers can successfully harvest the images and execute a phishing scam. A common method of using a security image in an RBA process. If the user does not recognize the image, she should not enter her password.

Multi-factor Authentication -One method of multi-factor authentication is RSA's SecurID keyfob system. SecurID uses small, electronic keyfobs that use an algorithm to generate a random pass code every 60 seconds. A user must enter this pass code in order to log into any system that the SecurID protects. a mobile phone or even landline telephone. Services like Authly will easily plug into an existing online banking system to generate one-time-use pass codes that are sent to a customer's mobile phone. To logon to online banking, the customer enters her username and password like normal, and then immediately she receives an eight character pass code on her phone via text message that she enters into the site to complete her login.

Real-time Out-of-Band Transaction Alerts - banks and credit unions can easily provide customers with tools to monitor their accounts for unusual activity and thus give customers more control and responsibility in protecting their assets. Using services like Authly, or even simple email, a bank can allow a customer to configure notification rules on her accounts. Real-time email or SMS text notification can help customers halt fraudulent transactions quickly

these four types of security mechanisms in place, banks and credit unions can better arm customers with the tools they need to protect their assets.