In 2020, active internet banking users worldwide numbered 1,903 billion and are projected to reach close to 2,552 billion by 2024. However, one study mentioned that the number of malware and exploits targeting online banking systems’ weaknesses has been growing steadily. Integrating more secure protection systems, such as Police Criminal Records, is one consideration to strengthen internet banking security.

(Photo by Khwanchai Phanthong: https://www.pexels.com/photo/woman-holding-a-credit-card-and-cellphone-4174746/)

Designing a More Secure Internet Banking System Using Police Criminal Records and Other Models

What are the advantages of incorporating police criminal records into internet banking security systems? How can these enhanced security protocols be integrated? What security models do banks implement? Are there other ways to improve internet banking security?

This article discusses how banks can integrate a police criminal records system and other security models to fortify their internet banking systems. This article also explores the security threats to internet banking and what security measures banks can implement to minimize or prevent breaches.

Some families may have loved ones incarcerated for banking- or finance-related crimes. Lookupinmate’s online inmate records checker provides these families a way to search for their imprisoned relatives conveniently and access jail records from more than 7,000 correctional facilities around the U.S.

Advantages of Integrating Police Criminal Records With Internet Banking Security Systems

Whenever we perform financial transactions online, we trust that our accounts and money are safe from any security threat. But even with that trust, online accounts can become easy targets for hackers and other criminal elements. For these culprits, they might find it easier to steal our money with a few keystrokes than robbing a physical bank.

Financial institutions employ policies to secure online customer accounts to combat these threats and protect our hard-earned money. These measures include the following:

• Antivirus protection on bank computers.
• Firewalls.
• Website encryption.
• Fraud monitoring.

If a user has done online banking, their bank or financial institution will likely use these security measures. However, some of these institutions might not have integrated their online banking service with security systems used by law enforcement. One of these systems includes police criminal records management.

A law enforcement records management system can provide various business functions, including the following:

• Service calls.
• Incident reporting.
• Investigative case management.
• Traffic accident reporting.
• Permits and licenses.

Integrating this system with online banking can help banks coordinate more closely with law enforcement to prevent and report crimes. Implementing such a system can also sustain or improve online banking security by covering three essential dimensions of an information security system: confidentiality, availability, and integrity. Furthermore, implementing a standard for information security can help provide such systems with consistent quality, increased compliance, and improved knowledge retention.

One such standardization reference is the International Organization for Standardization (ISO) 27001. Financial institutions can use this standard for auditing their information system’s security and producing relevant documents. One advantage of ISO 27001 is its flexibility, which can be tailored based on organizational needs, goals, and system security requirements.

Security Models for Internet Banking

Aside from a police criminal records management system, other security systems banks and financial institutions typically use for their online banking services include the following:

Digital Certificates

Online banking applications use digital certificates to authenticate the users and the banking system.

This authentication method depends on a certificate authority (CA) and public key infrastructure (PKI). These elements ensure that there is a trusted third party that signs the certificates used in financial transactions. Signing these certificates helps attest to their validity.

OTP Token

Some devices and applications implementing a two-factor authentication system (a security method requiring two pieces of evidence for authentication) use one-time passwords (OTPs) requested in specific or random situations.

This method uses dynamically changing passwords as a second layer of protection should the first authentication layer be compromised. Users can input such passwords only once. Hence, unauthorized entities cannot keep using them.

Browser Protection

When accessing the online banking service, a system implementing this protection is secured at the internet browser level.

Browser protection secures the user and their browser against known malware by monitoring the browser’s allocated memory area. This monitoring helps detect malware and prevent credential theft and the capture of sensitive information.

CAPTCHA

CAPTCHA, “completely automated public Turing test to tell computers and humans apart,” protects against bots (automated programs) by generating tests that only a human user can pass and a computer program cannot.

Banking systems adopt this model to render any automated attacks against authenticated sessions ineffective. CAPTCHA requires the legitimate user to input information manually to prove they are not using bots.

Short Message Service

Some banking systems implement the short message service (SMS) method to notify a user about transactions requiring that person’s authorization.

SMS provides a second authentication channel, similar to the OTP method, for transactions requiring additional security verification by sending users a code through a text messaging service. Users input this code into the online banking application to authorize and process the transaction.

Threats Against Internet Banking

Without the necessary security models in place, there is a higher chance the following threats can compromise an individual’s internet banking account:

• Human threats
  • Accidental or intentional data deletion or bad data entry.
  • Hacking or unauthorized data access.
  • Social engineering (manipulative activities accomplished through human interactions).
  • Denial of service attacks.
• Non-human threats
  • Mechanical and electrical problems.
  • Computer viruses, Trojans, or worms.
  • Spyware.
  • Fire, water, or wind damage.

Security Recommendations

In addition to police criminal records and other security models, implementing the following activities can allow banks and other financial institutions to reinforce their online banking security:

• Update the antivirus software periodically to safeguard the clients’ data.
• Implement a shielded authentication method not vulnerable to web spoofing (creating a fake website mimicking the bank’s official website) on all banking sites.
• Consider adopting biometrics, such as fingertip pattern analysis, retinal scan, hand shape measurement, vocal behavior analysis, or signature analysis.
• Require security questions for logging in to a user’s account.
• Use firewalls (a network security device filtering incoming and outgoing traffic) to protect the bank’s websites from threats such as computer viruses, Trojans, worms, and spyware.
• Organize security awareness training programs for employees and customers.
• Implement audit programs to help prevent employees from accidental or intentional incorrect data entries.

Individuals can consult their bank or an internet security professional for more information on internet banking security and how they can further secure their accounts.

References

1. Number of active online banking users worldwide in 2020 with forecasts from 2021 to 2024, by region

https://www.statista.com/statistics/1228757/online-banking-users-worldwide/

2. Internet Banking, Security Models and Weakness

http://ijrmbs.com/vol2issue4/bilal.pdf

3. Law Enforcement Records Management Systems (RMS)

https://bja.ojp.gov/sites/g/files/xyckuh186/files/media/document/leitsc_law_enforcement_rms_systems.pdf

4. Designing of the Internet Banking System with the Police Criminal Records System and the Government Financial Services Authority to Protect the Assets of Bank Customers

http://sersc.org/journals/index.php/IJAST/article/view/27331

Discussieer mee op ITpedia LinkedIn of op Financial Executives LinkedIn.