Banks global are organization that providing online and mobile financial, offering their clients a greater handy way to their banking affairs at the same time as at the identical time enhancing efficiency and saving on working prices. However, online banking has its drawbacks.
Online banking account are often aimed by way of cyber criminals. Security issues remain a first-rate situation for customers and corporations alike. As a result, banks want to implement security features to guard themselves and their consumer base.
Online banking security measures include: manage and secure high value transactions that require real time security capabilities, streamline and simplify the security process for high volume transaction while minimizing manual steps and leverage flexibility that fully enables benefits of integrated hardware, software and risk-based analysis capabilities to drive more secure and user-friendly authentication and transaction signing. (wikipedia, n.d.)
Definition of Computer Security Risks
A computer security risk is clearly something on your laptop which could damage or affected your data or allow someone else to get admission to your computer, without your know how or consent. There are quite a few various things that can create a pc danger, which includes malware, a preferred time period used to explain many types of bad software. We commonly think of pc viruses, however, there are numerous styles of terrible software program that may create a computer safety threat, such as viruses, worms, ransomware, adware, and Trojan horses. Misconfiguration of computer merchandisein addition to hazardous computing habits also pose dangers. (Nott, 2013)
Consistent with a Hurriz group study, safety is the most important obstacles to company internet offerings adoption. Internet services move transactions past firewalls and permit outdoor entities to invoke utility, doubtlessly giving outsiders get admission to touchy data. As a result, internet services gift new security challenges. Despite the fact that present protection requirements guard statistics because it travels over the net, internet offerings require extra measures to comfortable information. (h.m. Deitel)
This security protection is threatened through many risks and dangers, which can be known as computer protection dangers. those are “any occasion or motion that could purpose a loss or harm the computer hardware, software program, records, or information.the ones dangers can lead to humans, corporations and authorities dropping private facts, privacy contents and big quantities of cash. Certainly, amendment of statistics can be huge dangers distorting the functioning of the enterprise. An amendment of any parameter may additionally therefore ultimately lead to the manufacturing of a faulty stop product. (sarapenina, 2014)
TYPES OF SECURITY RISKS
Computer viruses are programs that spread from one computer to another, causing issues on each computer they touch. As viruses propagate, they utilize up so much memory that it can slow down computer frameworks to the point that they are unusable. A few viruses really assault records on the computer by erasing them or altering them in a few way that renders the computer unusable. The extent of harm caused by a virus changes. A few affect a generally small number of computers. Others have been so devastating that they can even cripple large companies. For example, in March 1999, when the Melissa virus hit, it was so damaging that it constrained Microsoft and other large companies to totally closed down their mail frameworks until the virus might be contained. (Varmosi, 2019)
Worm are little programs that as a rule take advantage of systems and spread to all computers organize. Worms check systems for computers with security gaps in programs or working frameworks, duplicate themselves on those computers, and after that begin all over from there. Since worms as a rule spread through systems, they can affect numerous computers in an awfully brief sum of time. For example, The Slammer worm, discharged in January 2003, spread more quickly than any other infection some time recently it. Inside 15 minutes, it had closed down cell phone and Web benefit for millions of individuals around the world. (Varmosi, 2019)
Trojan Horse are laptop programs that claim to be one of the component but are in reality viruses that damage the pc when the user runs them. Trojan horses cannot replicate robotically. Trojan can enables cyber-criminal to spy and steal the sensitive data and gain access to the system. For example, Trojan Ransom, this type of trojan can modify data in the computer and make the computer run correctly and cannot use the specific data anymore. The criminal only unblock the data and restore the computer performance if you paid them. (Varmosi, 2019)
Unauthorized Access and Use
Unauthorized computer access is popularly known as hacking. It is criminal actions where someone use the computer to gain access to a data system without permission to access that data. This activity is illegal and those involvedc will be punished.For example, the criminal gain the access to a bank computer and perform an unauthorized bank transfer. (computer hope, 2014)
Hardware theft is the act of stealing pc equipment. Hardware vandalism is the act of defacing or destroying computer system. Hardware vandalism takes many bureaucracy, from a person reducing a computer cable to people breaking into a commercial enterprise or faculty computer lab and aimlessly smashing computers (Shelly, 2016)
Software theft implies the unauthorized or unlawful replicating, sharing or utilization of copyright-protected computer program programs. Program burglary may be carried out by people, bunches or, in a few cases, organizations who at that point disperse the unauthorized computer program duplicates to users. The example of software theft is illegally duplicates or disseminates a program, steal computer program media, deliberately eradicates programs. (technopedia, n.d.)
Information theft happens when somebody takes individual or private data. Both business and domestic clients can drop casualty to information theft. An untrustworthy company executive may take or purchase stolen data to memorize approximately a competitor. A degenerate person may steal credit card numbers to form false buys. Information theft regularly is connected to other sorts of cybercrime. For example, a person to begin with might pick up unauthorized access to a computer and then steal credit card numbers stored in a firm’s accounting department. (vermaat, 2016)
Definition of Security Measure
Security measures mean the precautionary measures taken toward possible danger or damage (hisham, 2017) Security measure is a safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. (wikipedia, n.d.)
Basic System Security Measures apply to all or any systems , no matter the amount of their System Classification, it is a baseline, that all systems should meet. Note that for many personal workstations, these squares measure the sole measures that apply. Part of the necessities is word protection, that is, all accounts and resources should be protected by passwords that meet the subsequent necessities, that should be mechanically implemented by the system and it should be a minimum of eight characters long (mark vimalan, 2014)
Type of Security Measure
A data backup is the result of replicating or documenting records and organizers for the reason of being able to re-establish them in case of information loss. Data lost can be caused by numerous things extending from computer infections to equipment disappointments to record debasement to fire, surge, or robbery. For example on the off chance that you’re dependable for trade information, a misfortune may include basic budgetary, client, and company information. On the off chance that the information is on a personal computer, you may lose money related information and other key records, pictures or music that would be difficult to replace. (winzip, 2019)
Cryptograph is about constructing and analysing third parties or to prevent public from reading privates messages. There are three type of cryptographiy : secret key cryptography (SKC) for privacy and confidential, public key cryptography (PKC) for authentication and Hash functions for message integrity. Cryptography is used in many applications such as banking transaction cards, computer passwords and e-commerce transactions. (guedez, 2018)
Antivirus program may be a sort of program planned and created to secure computers from malware like virus, computer worms, spyware, botnets, rootkits, key loggers and such. Antivirus programs work to filter, identify and evacuate viruses from your computer. There are numerous forms and sorts of anti-virus programs that are on the market. However, the prime objective of any antivirus program is to secure computers and evacuate viruses once detected. antivirus program is fundamentally expecting to guarantee total assurance for PCs against infection contaminations, various antivirus programs presently secure against diverse sorts of malware for example, spyware, adware, and rootkits as well. (judge, 2019)
Anti-spyware program may be a sort of program outlined to avoid and identify undesirable spyware program establishments and to evacuate those programs on the off chance that introduced. Location may be either rules-based or based on downloaded definition records that distinguish as of now dynamic spyware programs. Anti-spyware items are accessible from a number of merchants, counting Sunbelt Computer program, TrendMicro and Webroot (Rouse, 2007)
In computing, a firewall may be a arrange security framework that screens and controls approaching and active organize activity based on foreordained security rules. A firewall regularly builds up a boundary between a trusted inside organize and untrusted outside organize, such as the Internet. Firewalls are regularly categorized as either arrange firewalls or host-based firewalls. Arrange firewalls channel activity between two or more systems and run on organize equipment. Host-based firewalls run on have computers and control organize activity in and out of those machines. (wikipedia, n.d.)
Physical Access Control
Many organizations use access controls to minimize the chance that a perpetrator intentionally may access or an employee accidentally may access confidential information on a computer, mobile device, or network. An access control is a security measure that defines who can access a computer, device, or network; when they can access it; and what actions they can take while accessing it. The security program can be configured to alert a security administrator whenever suspicious or irregular activities are suspected. (vermaat, 2016)
Human Aspect: Awareness
Measure that can anticipate from burglary are utilizing locks, keen card or password and prevent transportability by limiting the equipment from being moved. It detect and protect all exits and record any equipment transported. For example of human perspectives awareness are association self-awareness, association client self-awareness and person client self-awareness. (waniey, 2017)
SCENARIO OF THE PROBLEM: ONLINE BANKING SECURITY
Internet banking services have been operated in Malaysia since 2001. Presently, only banking institutions licensed under the Banking and Financial Institution Act 1989 (BAFIA) and Islamic Banking Act 1983 are allowed to offer Internet Banking services here. There are 12 commercial banks (inclusive of Islamic banks) out of a total of 25 in Malaysia currently offering Internet Banking services. According to the 11th Malaysia Internet Survey conducted by AC Nielson, Internet Banking is the one of the most popular services utilised by Malaysian surfers. The survey found out that 51 percent out of the total respondent base of 8000 used the Internet for online banking once a month.
However, 2003 and 2004 saw the emergence of fraudulent activities pertaining to Internet Banking or better known in the industry as “phishing”. A total of 92 phishing cases were reported to the Malaysian Computer Emergency Response Team (MyCERT, www.mycert.org.my) in 2004. The modus operandi of this activity is to use spoofing techniques to gain names and passwords of account holders.
The victims reported being deceived into going to a fake website where perpetrators stole their usernames and passwords and later use the information for the perpetrators’ own advantage. Phishing is an attempt to commit fraud via social engineering. The impact is the breach of information security through the compromise of confidential data
Nowadays, online banking is very important as it can help us in various way. By using online banking we are able to get the access to our account easily. We can inquire our account balances, transfer funds and view our transaction history. Other than that, online banking is perform 21 hours, so we can access our account everyday and everywhere with the access to the internet. It is very conveniences. As we know that the internet is a wide area network of computers and connected around the world in order to facilitate data transmission and exchange
Due to the fact internet is universal, all web based services including online banking also have the possibility to get the security risk. Online banking is a financial organization so the most risk that always happen is phishing because the criminal wants to get the access to steal the money. Phishing is type of hacking that use many ways such as information theft, virus attack and unauthorized access. Information theft is occurs when the criminal uses your personal identifying information such as name security number. So the criminal will get access the account. Virus attack is commonly affected the online banking system will make the person to connect to their account as they will be connected to the false web site while the criminal get the access of their true online banking web site. The unauthorized access and use in phishing is use the computer or network without the owner permission. They can get the access by connecting to it and then logging in as legitimate user. It will cause damages but they will get access to the data, valuable information in the computer.
Despite all the risk, there were also ways to overcome. We called it as security measures. The example of security measure is physical access control, human aspect: awareness and antivirus. Physical access control helps to limits the access connections to computer network, system files and data. So the phishing activities can be prevent. Human aspect: awareness helps us as we can prevent the criminal from pursuing his action even he are able to steal money from your account by safeguard our personal information and reported the loss immediately so the bank can reimburse your account. Next, antivirus software that have special signatures that give protection and prevent the access to malicious attacks.
We should keep in mind that phishing can be sophisticated and we must always alerted on the online interface and protecting our financial information from phishing attack.