Please note! This essay has been submitted by a student.
Over the past few years, thanks to the spectacular technological leap, the number of the offshore services has remarkably increased. Thus, we have moved, in a very short time, from the era of postal mail to the digital era. Online banking is one the major services that has made life simple and easy; a user can now do a lot of things while he is sitting on a sofa.
Online banking enables bank customers to handle account management and perform account transactions directly with the bank through the internet by using devices or computers. You can use it anywhere to do a transaction without going to the bank. This is also known as internet banking. Online banking can make personal and business banking faster and more efficient. Online banking allows customers to monitor accounts, download transactions, transfer funds between accounts, including checking, saving, and money market or CD accounts, management investments, and handle loan activity, including applications and repayments. They also can use transfer funds to their bank accounts, and pay bills either electronically with an account transfer.
Besides that, many people see the development of online banking as a revolutionary development, but, broadly speaking, online banking could be seen as another step in banking evolution. Although start-up costs for an internet banking channel can be high, it can quickly become profitable once a critical mass is achieved. This studies will mainly focus on the types security risk and security measure that relate to the scenario given.
Definition of Computer Security Risks
Anything that can negatively affect a loss of or damage to computer hardware, software, data, information, or processing capability. It is a global demand to protect our computer systems from the malicious attackers from doing any damage to our hardware, software as well as disruption of the services provided. So computer security involves controlling our physical access as well as protecting against the harm that occurs via network access, data, and code injection. Attackers often think ahead than a problem solver so always keep in mind that they are frequently trying or using different attacking techniques and methods we may not be aware of to discover our confidential personal or business information. So we have to be mindful of these facts by being extra vigilant when online. Then only, secures of our information becomes possible from our site.
The computer security risks is the protection of computer systems from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide. The field is becoming more important due to increased reliance on computer systems, the Internet and wireless network standards such as Bluetooth and Wi-Fi. Due to its complexity, both in terms of politics and technology, cyber security is also one of the major challenges in the contemporary world.
The computer security risks is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures. (Aryal, 2008)
Malicious code is a type of code that causing damage to a computer or system. The code is not easily or solely controlled through the use of anti-virus tools. Malicious code can either activate itself or be like a virus requiring user to perform an action, such as clicking on advertisement or opening an email attachment.Malicious code is any code added, changed or removed from a software system in order to intentionally cause harm or subvert the intended function of the system.
Malicious code can also cause network and mail server overload by sending email messages, stealing data and passwords, deleting document files, email files or passwords, and even reformatting hard drives. Malicious code can take the form of java applets, ActiveX controls, scripting languages, browser plug-insand pushed content. For examples of malicious code include computer viruses, worms, trojan horses, spyware and backdoor programs. It is because they pose a serious threat to software and information processing facilities, users and administrators must take precautions to detect and prevent malicious code outbreaks. (DuPaul, 2019)
Viruses are malware that are attached to other files in your system and may be used to destroy your data. A potentially damaging computer program that affects, or infects, a computer negatively by altering the way the computer works without the user’s knowledge or permission. It can be spread out and may damage files and system software, including the operating system. As example of viruses are Melissa, Tequila, Cascade and Invader.
Worms are like viruses, but they have their own ability to spread themselves from computer to computer. They using up the system resources and possibly to shutting down the system.They know how to attach themselves to portable storage devices, like USB drives or removable hard drives, or to move through the network
A program installed on a computer that looks harmless and hides in a program or looks like a legitimate program. Unexpected changes to computer settings and unusual activity, even when the computer should be idle, are strong indications that a Trojan is residing on a computer. It does not replicate itself to other computers. It can spread throughout and may damage files and system software, including the operating system. As examples, Netbus, Back Orifice, Subseven and Beast.
The use of a computer or network without permission by connecting to it and then logging in as a legitimate user. Does not cause damages and merely access the data, valuable information or programs in the computer. Viewing private accounts, messages, files or resources when one has not been given permission from the owner to do so it can result in legal action.
The use of a computer or its data for unapproved or possibly illegal activities.It can range from a student send personal e-mail by school computer to someone gaining access to a bank computer and performing an unauthorized transfer. Hackers are the one who try to break into a computer with the intention of stealing or corrupting its data.
Hardware theft is the act of stealing computer equipment. Hardware vandalism is the act of facing or destroying computer equipment. Hardware vandalism takes many forms, from someone cutting a computer cable to individuals breaking into a business or school computer lab and aimlessly smashing computers. We can avoid hardware theft which is cables are used to lock equipment and password, assessed objects or biometric are used as security method on notebook computers. The thief will change the mailing address on an account and run up a huge bill before the person whose identity has been stolen realizes there is a problem. The internet has made it easier for an identity thief to use the information they’ve stolen, because transactions can be made without any personal interaction.
Software theft means the unauthorized or illegal copying, sharing or usage of copyright protected software programs. Software theft may be carried out by individuals, groups or in some cases, organizations who distribute the unauthorized software copies to users. Software theft is committed when someone performs any of these, steals software media, deliberately erases programs, illegally copies or distributes a program, registers or activates a software program illegally.
The unauthorized collection of personal information and its subsequent use for criminal reasons such as to open credit cards and bank accounts, redirect mail, set up cell phone service, rent vehicles and even get a job. These actions can mean severe consequences for the victim, who will be left with bills, charges and a damaged credit score. The information can be used to obtain credit, merchandise and services in the name of the victim, or to provide the thief with false credentials.
Security Measures can be used to prevent this invender from getting the account information. For example, the bank can use a firewall to prevent unauthorised access to its database. Unfortunately, in terms of the security and control of the resources to which computers permit access, this can prove quite a problem. Indeed, many users unfortunately often view security and control measures as inhibitors to effective computer use. The student’s awareness about computer security measures cans big help to them to acquire some knowledge about protection of their digital asset. (Syafiqah, 2007)
Next, when it comes to security and the protection of propriety and sensitive information, there can be no excuse to not have the best available safeguards in place. Defined as “any incident that results in unauthorized access of data, application, services, networks or devices by bypassing their underlying security mechanism” (Technopedia, 2018).
It is the protection of computer systems from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.The field is becoming more important due to increased reliance on computer systems, the Internet and wireless network standards such as Bluetooth and Wi-Fi, and due to the growth of ‘smart’ devices, including smart phones, televisions, and the various devices that constitute the ‘Internet of things’. Due to its complexity, both in terms of politics and technology, cyber security is also one of the major challenges in the contemporary world.(Wikepedia,2019)
Types of Security Measures
A program of file duplication or a copy of a file, program or disk. Backups of data applications are necessary so that they can be recovered. In the case of system failure, you can restore the files by copying the backed up files to their original location such as one file copy in computer and another file as a copy in Yahoo mail.
A process of hiding information by altering the actual information into different representation. technology of encoding information so it can only be read by authorized individuals
A software use to protect computers against viruses. Antivirus program protects a computer against viruses by identifying and removing any computer viruses found in the computer memory, on storage media or incoming e-mail files. Example of anti-viruses are McAfee VirusScan, Smadav, and Norton AntiVirus.
Spyware is a program placed on a computer without the user’s knowledge. It secretly collects information about the user.
Programs that detects and delete spyware and other similar programs. An anti-spyware application program sometime called tracking software or a spybot is used to remove spyware.
Firewall is a piece of hardware or software that protects in a networked environment to prevent some communications forbidden by the security policy. Hardware/software that protects a network’s resources from intrusion by users on another network such as the Internet. They establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet. For example, type of firewall is proxy firewall. Examples of anti-spyware software are Lavasoft Ad-Awares SE Personal, PC Health Plan and Malware Scanner.
Physical Access Control
Physical access controls are mechanisms that are designed to minimize the risk of
injury. A simple example is a good fit on the door lock, which will discourage many potential thieves. The installation of biometric sensors, such as iris scanning or fingerprint recognition, can make even the most determined intruder falter while trying to gain access to a guarded place. Sometimes all that is needed to resolve the issue is a mechanism to provide enough time to contact the appropriate authorities. But the door is not the only object that should be closed
Human aspects of security measures
Human aspects refer to the user and also the intruder of a computer system. The most common problem is the lack of achieving a good information security procedure.Therefore, human aspect is measures that can prevent from theft are by using locks, smart–card or password. Prevent portability by restricting the hardware from being moved. Detect and guard all exits and record any hardware transported.
Online Banking Security
Internet banking services have been operated in Malaysia since 2001. Presently, only banking institutions licensed under the Banking and Financial Institution Act 1989 (BAFIA) and Islamic Banking Act 1983 are allowed to offer Internet Banking services here. There are 12 commercial banks (inclusive of Islamic banks) out of a total of 25 in Malaysia currently offering Internet Banking services. According to the 11th Malaysia Internet Survey conducted by AC Nielson, Internet Banking is the one of the most popular services utilised by Malaysian surfers. The survey found out that 51 percent out of the total respondent base of 8000 used the Internet for online banking once a month.
However, 2003 and 2004 saw the emergence of fraudulent activities pertaining to Internet Banking or better known in the industry as “phishing”. A total of 92 phishing cases were reported to the Malaysian Computer Emergency Response Team (MyCERT, www.mycert.org.my) in 2004. The modus operandi of this activity is to use spoofing techniques to gain names and passwords of account holders.
The victims reported being deceived into going to a fake website where perpetrators stole their user names and passwords and later use the information for the perpetrators’ own advantage. Phishing is an attempt to commit fraud via social engineering. The impact is the breach of information security through the compromise of confidential data.
It also known as phishing. Phishing generally involves by tricking somebody into clicking a link in an email message. The link often downloads software to a computer that can be used to gather sensitive information such as username and passwords. Besides that, the link may take a user look that website like a legitimate website. Once there, the website asks for confidential information that can be used by the hackers to gain access to other accounts, such as email.
The victims reported being deceived into going to a fake website where perpetrators stole their user names and passwords and later use the information for the perpetrators’ own advantage.
Unauthorized Access and Use
The modus operandi of this activity is to use spoofing techniques to gain names and passwords of account holders. That’s means that they use the others’ authority to access the account.
From the history, encryption has been used to protect the secrecy of communications between a sender and a receiver. Governments have historically been heavy users of encryption and rely on encrypted communications continues to the present day. In recent years, encryption has become far more widely available on a wide range of consumer and business products and services.
A hacker can get access to other computer and steal the data without other realization. Backing up data and information is an important steps for uses to protect their personals. Users also may unintentionally delete files or have their flash drive suddenly stop working. For instance, the laptop may drop on the ground, causing the hard drive break and resulting a complete data loss. A virus or bomb from email attachment which users open can damage the original file. So, save the important files in the other memory devices or cloud storage.
Physical Access Control
In tough economic times, the banking and finance sector is under even greater security than ever. Whilst online banking gets a great deal of attention, one of the key considerations for the sector continues to be physical security and access control ¬ something which can be a challenge when the organization has numerous branches and facilities spread across a large geographical area. It will make them harder to get into our account.
Conclusion from The Scenario Problem
It is proven than current online banking is highly insecure. All the currently used countermeasures implemented by banks are vulnerable to some kind of attack, especially to nowadays virus that are more powerful. From this point of view, cryptography is no more than other link in the chain. In the scenario above, we can conclude that there are many risk in online banking such as Malicious Codes that can be done by professional hacker. They can gain our information and steal our data by guessing our password and login without our permission. Other than that, one of the risk is information theft. Hackers can gain our information by stealing it in many ways such as call or SMS. Lastly, online banking can be dangerous as hackers can use malicious codes such as virus to gain our private data without our consent, this can be done when we download any file from any websites or open an email from unknown party. There are many ways to overcome if method above not works, such as backup our data, install a spy-ware and upgrade our firewall. Therefore, the future online banking maybe they can upgrade their security by using fingerprint Id whenever online transaction is made, this allows only identified user to make online banking transaction.