It is an internet service that permits customers to make secure financial transactions using a website controlled by their virtual bank, credit union or building society.
All of these websites have some common traits. One of them refers to transactions like: a transfer from an account to another, paying bills, getting a loan, buying or selling something. Non-transactional common features are bank statements, or cobrowsing. Also they are under the administration of a financial institution, they have the support of many users that have different levels of authority, for every transaction there is an approval process and they all have wire transfer.
As distinctive feature there is the management of personal finance like transferring data into your personal accounting software. There are online banking sites that use account aggregation so as the customer can monitor all of their accounts in one place even if they are with their main bank or other institutions.
In terms of security there are two main methods for online banking. The PIN/TAN system, where PIN is a password and TAN is a one-time password to authorize transactions. The second one may be sent via postal letter. Another method is by using digitally encrypted signatures for all transactions. The Keys for the signature generation and encryption are stored on smartcards or on other type of memories.
The most common attacks against these websites are Cross-site scripting and Trojan horses. The first one tries to manipulate the software while the second modifies the destination account for the money transferred. To avoid these attacks there are two countermeasures. For the first one it is used class-3 card readers and for the second users should have virus scanners and they should pay attention to spam e-mail attachments and at software downloads.
loading...
