Computer Security in Banking and bookkeeping
-
Upload
yogi-pratama -
Category
Technology
-
view
126 -
download
0
description
Transcript of Computer Security in Banking and bookkeeping
![Page 1: Computer Security in Banking and bookkeeping](https://reader036.fdocuments.us/reader036/viewer/2022062514/55890f98d8b42ac3788b4619/html5/thumbnails/1.jpg)
Banking and BookkeepingIF4033 Information Security and AssuranceSemester 2 2013/2014
![Page 2: Computer Security in Banking and bookkeeping](https://reader036.fdocuments.us/reader036/viewer/2022062514/55890f98d8b42ac3788b4619/html5/thumbnails/2.jpg)
Kelompok 16Yogi Salomo Mangontang
Pratama (13511059)Habibie Faried (13511069)Setyo Legowo (13511071)
![Page 3: Computer Security in Banking and bookkeeping](https://reader036.fdocuments.us/reader036/viewer/2022062514/55890f98d8b42ac3788b4619/html5/thumbnails/3.jpg)
OutlineDefinitionSecurity RequirementSecurity Incident
◦Programming◦Infrastructure◦Process◦Organizational
Security PitfallWhy Important
![Page 4: Computer Security in Banking and bookkeeping](https://reader036.fdocuments.us/reader036/viewer/2022062514/55890f98d8b42ac3788b4619/html5/thumbnails/4.jpg)
BankingIn simple words, Banking can be
defined as the business activity of accepting and saving money owned by customers.
![Page 5: Computer Security in Banking and bookkeeping](https://reader036.fdocuments.us/reader036/viewer/2022062514/55890f98d8b42ac3788b4619/html5/thumbnails/5.jpg)
BookkeepingRecord financial activityTracking account transactionVerify accuracy of procedures
used for recording financial transaction
![Page 6: Computer Security in Banking and bookkeeping](https://reader036.fdocuments.us/reader036/viewer/2022062514/55890f98d8b42ac3788b4619/html5/thumbnails/6.jpg)
HISTORY OF BOOKKEEPING
![Page 7: Computer Security in Banking and bookkeeping](https://reader036.fdocuments.us/reader036/viewer/2022062514/55890f98d8b42ac3788b4619/html5/thumbnails/7.jpg)
Why is this important?Tackling Broader Problem of
Electronic Commerce and FraudMainstay of Computer IndustryBecause Finance is an important
aspect of Human Life
![Page 8: Computer Security in Banking and bookkeeping](https://reader036.fdocuments.us/reader036/viewer/2022062514/55890f98d8b42ac3788b4619/html5/thumbnails/8.jpg)
Security RequirementInformation Security RequirementImplement Strong Access Control
MeasuresMaintain a vulnerability
management programBuild and maintain a secure
networkProtect cardholder data
![Page 9: Computer Security in Banking and bookkeeping](https://reader036.fdocuments.us/reader036/viewer/2022062514/55890f98d8b42ac3788b4619/html5/thumbnails/9.jpg)
Security IncidentProgrammingInfrastructureProcessOrganization
![Page 10: Computer Security in Banking and bookkeeping](https://reader036.fdocuments.us/reader036/viewer/2022062514/55890f98d8b42ac3788b4619/html5/thumbnails/10.jpg)
ProgrammingWrong ATM Card's PIN VerificationSame PIN to all customerWrong AssumptionTest System as Live SystemNo Authentication Probable
![Page 11: Computer Security in Banking and bookkeeping](https://reader036.fdocuments.us/reader036/viewer/2022062514/55890f98d8b42ac3788b4619/html5/thumbnails/11.jpg)
Wrong Assumption
An assumption was made by bank programmers. Here is the algorithm
Then, how about Inserted ATM’s PIN?. Simply peek it out
![Page 12: Computer Security in Banking and bookkeeping](https://reader036.fdocuments.us/reader036/viewer/2022062514/55890f98d8b42ac3788b4619/html5/thumbnails/12.jpg)
Infrastructure and TechnologyPhysical Credit Card SkimmerOnline Credit Card sniffingSmart Card Information SniffingNot authenticated RFID
TransactionSWIFT Wiretapping link from
branch to mainframe computer's bank
![Page 13: Computer Security in Banking and bookkeeping](https://reader036.fdocuments.us/reader036/viewer/2022062514/55890f98d8b42ac3788b4619/html5/thumbnails/13.jpg)
Not authenticated RFID Transaction Simple Wireless-based transaction Put RFID reader near to RFID Card
location’s victim Get control over it (steal data, etc) Done? Time to get away
![Page 14: Computer Security in Banking and bookkeeping](https://reader036.fdocuments.us/reader036/viewer/2022062514/55890f98d8b42ac3788b4619/html5/thumbnails/14.jpg)
ProcessUnverified Address Change
ProcessMules for Money LaunderingAge Verification With Credit Card
NumberMisuse of Bank's Suspense
AccountShoulder Surfing
![Page 15: Computer Security in Banking and bookkeeping](https://reader036.fdocuments.us/reader036/viewer/2022062514/55890f98d8b42ac3788b4619/html5/thumbnails/15.jpg)
Shoulder SurfingStoneProcess Attacked: usage of ATM.New York1990’s
![Page 16: Computer Security in Banking and bookkeeping](https://reader036.fdocuments.us/reader036/viewer/2022062514/55890f98d8b42ac3788b4619/html5/thumbnails/16.jpg)
How does it work?
Stand behind
someone in ATM
and Peek their PIN
Take the receipt
they have thrown
away and find the account
information
Create Duplicate Key using retrieved informatio
n
Use The Duplicated Key to Access
Account in any ATM
![Page 17: Computer Security in Banking and bookkeeping](https://reader036.fdocuments.us/reader036/viewer/2022062514/55890f98d8b42ac3788b4619/html5/thumbnails/17.jpg)
OrganizationalBank Reset Clerk Authority AbuseATM Repairman accessibilitySWIFT Bogus Transaction
MessageTraditional Banking Law and
PracticesInternal Control Failure
![Page 18: Computer Security in Banking and bookkeeping](https://reader036.fdocuments.us/reader036/viewer/2022062514/55890f98d8b42ac3788b4619/html5/thumbnails/18.jpg)
Bank Reset Clerk Authority AbusePaul StubbsBank Reset ClerkHSBC Bank, 2000’s$20 Million Loss
![Page 19: Computer Security in Banking and bookkeeping](https://reader036.fdocuments.us/reader036/viewer/2022062514/55890f98d8b42ac3788b4619/html5/thumbnails/19.jpg)
How does it work?
Paul Stubbs, as Reset Password
Clerk change the password
of AT&T Account
Using the New Password, He and comrades
Access the Account of AT&T and
Transfer $20 Million to Offshore Company
Return the Password to its initial so
that the account owner doesn’t realize
![Page 20: Computer Security in Banking and bookkeeping](https://reader036.fdocuments.us/reader036/viewer/2022062514/55890f98d8b42ac3788b4619/html5/thumbnails/20.jpg)
Security PitfallBad Authentication in accessing
systemTamper-able InfrastructureAbuse of Power
![Page 21: Computer Security in Banking and bookkeeping](https://reader036.fdocuments.us/reader036/viewer/2022062514/55890f98d8b42ac3788b4619/html5/thumbnails/21.jpg)
Thank you