Online Version - Last Updated - 20 Jan 2012 |
 |
| Home |
| |
| Procedures and Resources for Authors |
|
| Information and Resources for Volume Editors |
| |
| Orders and Subscriptions |
| |
| Published Articles |
|
| Upcoming Volumes |
| |
| Contact Us |
| |
| Useful External Links |
| |
| CRPIT Site Search |
An Experimental Investigation of the Usability of Transaction Authorization in Online Bank Security Systems
AlZomai, M., Alfayyadh, B., Josang, A. and McCullagh, A.
Security for online banking has changed considerably
during the relatively short period that online banking
has been in use. In particular, authentication and identity
management in the early implementations were, and
sometimes still are, vulnerable to various attacks such as
phishing. Current state-of-the art solutions include methods
for re-authenticating users via out-of-band channels
for each transaction. This paper describes a security investigation
of this type of solution. The investigation concludes
that it protects against certain attacks while still
being vulnerable to other obvious attacks. In the near future,
it is expected that the remaining vulnerabilities will
be exploited as the attackers get more sophisticated. Possible
ways of protecting against these future attacks are
outlined.
Cite as: AlZomai, M., Alfayyadh, B., Josang, A. and McCullagh, A. (2008). An Experimental Investigation of the Usability of Transaction Authorization in Online Bank Security Systems. In Proc. Sixth Australasian Information Security Conference (AISC 2008), Wollongong, NSW, Australia. CRPIT, 81. Brankovic, L. and Miller, M., Eds. ACS. 65-73.
(from crpit.com)
(local if available)
