Threat Analysis of Software Agents in Online Banking and Payments

© 2018, IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. This is the accepted manuscript version of a conference paper which has been published in final form at https://doi.org/10.1109/DASC/PiCom/DataCom/CyberSciTec.2018.00125Software agents are the delegated subcontractors essential to connect the end-user to the bank and payment providers in a distributed service offering. This paper evaluates the key role that the different software agent types play to facilitate collaboration between clients and banks to perform online transactions. It highlights the threats and imminent risks that these software agents introduce in the chain as well as how these threats affect the trust relationship between principals. The discussed threats and resulting risks suggest vulnerabilities in the current software agent model which are beyond the bank and end user’s control. Both principals, the client and the service provider, are open to potential legal, security, quality of service, confidentiality and privacy compromises which influence the overarching trust relationship. There is resounding literature to illustrate advances that have been made to address the exposed challenges. However, a gap of misfortune remains where the software agent can act on its own accord exposing the contracting principals to internal and externally engineered threats thus tainting the trust relationship between these parties

Threat Analysis of Software Agents in Online Banking and Payments

Software agents are the delegated subcontractors essential to connect the end-user to the bank and payment providers in a distributed service offering. This paper evaluates the key role that the different software agent types play to facilitate collaboration between clients and banks to perform online transactions. It highlights the threats and imminent risks that these software agents introduce in the chain as well as how these threats affect the trust relationship between principals. The discussed threats and resulting risks suggest vulnerabilities in the current software agent model which are beyond the bank and end users control. Both principals, the client and the service provider, are open to potential legal, security, quality of service, confidentiality and privacy compromises which influence the overarching trust relationship. There is resounding literature to illustrate advances that have been made to address the exposed challenges. However, a gap of misfortune remains where the software agent can act on its own accord exposing the contracting principals to internal and externally engineered threats thus tainting the trust relationship between these parties

The Internet and the Future of Financial Services: Transparency, Differential Pricing and Disintermediation

The Internet has had a profound effect on the financial service sector, dramatically changing the cost and capabilities for marketing, distributing and servicing financial products and enabling new types of products and services to be developed. This is especially true for retail financial services where widespread adoption of the Internet, the standardization provided by the world-wide web, and the low cost of Internet communications and transactions have made it possible to reach customers electronically in ways that were prohibitively costly even 5 years ago; indeed, pre-Internet attempts at the online distribution of retail financial services were outright failures in the mid-1980s. The concurrent growth and de-facto standardization of Internet-enabled personal financial management software (e.g., Quicken and Microsoft Money) have also contributed to an increasing array of low cost and potentially richer ways to provide information and transaction services to customers. The growth in Internet-enabled products and service has been rapid in some sectors and slower in others. Retail brokerage has seen a dramatic change with more than 15% (Salomon Smith Barney, 2000) of brokerage assets now managed in on-line trading counts, and substantially more if "traditional" brokerage accounts and mutual funds with on-line access are included. Similarly, approximately 10 million US customers currently use on-line banking (O'Brien, 2000) and 39 of the top 100 banks offer fully functional internet banking (ePayNews, 2000). Many banks and brokerages are on their second or third release of their on-line delivery platform. Credit cards, while not radically transformed in operational aspects of the business, have begun to have some volume of new origination on-line. In addition, leading credit card companies such as Capital One Financial have been some of the largest "traditional" companies in the use of Internet advertising (see www.adrelevance.com, 1999). More regulated and complex financial products such as mortgages and insurance have had some origination volume on the Internet (an estimated $17Bn of mortgages will be originated and ~$400mm in insurance premiums will be sold online in 2000). For these sectors, the adoption of on-line origination has been much slower and concentrated in entrants, rather than incumbent firms. However, despite the small level of originations, the Internet has become a significant and growing source of product information - it is estimated that about 10% of insurance customers and 15% of mortgage customers have used the internet to shop for these products (Forrester, 1998; McVey, 2000). This may ultimately affect product purchase and pricing structure, irrespective of the delivery channel. Internet companies have also played a role in many other segments of the industry such as financial information and news, rating and comparison services, and even some areas where one might think the Internet would have a less significant role, such as financial planning and investment banking. While the continued growth rates are uncertain and the penetration for the more complex products has not yet been shown to be widespread, it is safe to conclude that the Internet will play a significant role in consumer financial services for a large subset of customers, and that this role will be significantly different across different sub-sectors of the financial industry. In discussions of the Internet impact on the financial services sector, the emphasis has often been placed on the direct cost-saving effects of using the Internet to provide transaction services. These potential cost savings are indeed significant and in the long term may lead to significant creation of value. However, there also substantial barriers to realizing much of this value. In some industries, such as the credit card industry, many of the potential gains from automation have already been realized, and in others, the gains may be concentrated in only a few areas of the value chain. For products which are sold through branches or agents (banking, mortgage and insurance), realization of cost savings will require a difficult and time consuming redesign of the retail delivery system. Finally, many of these efficiencies are accompanied by improved customer convenience. To the extent that consumers respond by consuming more services, particularly those that generate costs but not revenue, overall costs may not be substantially reduced. This has been the experience of previous innovations in retail financial service delivery such as automated teller machines (ATMs). Computers, and more recently the Internet, are best described as "general purpose technologies" (Brynjolfsson and Hitt, 2000), like the electric motor or the telegraph (Bresnehan and Trajtenberg, 1995). For general purpose technologies, most of the economic value they create is associated with their ability to enable complementary innovations in organization, market structure, and products and services. However, at the same time, these complementary changes are often disruptive to the existing structure of an industry (Tushman and Anderson, 1986; Bower and Christensen, 1995), leading to significant redistribution of value among industry participants and between producers and consumers. To understand the true impact of the Internet on the financial service industry, it is therefore necessary to identify how the Internet affects the critical drivers of industry structure, and how it enables or necessitates changes in products and services. This will necessarily be difficult, as it is hard to isolate the contribution of the Internet separately from the effects of other complementary innovations, and to distinguish Internet effects from other of long-term industry trends and exogenous factors. While obtaining precise numerical estimates of the productivity effects will be hard, in many cases the direction and general magnitude of the impact on productivity, profitability and consumer surplus (consumer value) will be clear. We see three principal issues that will determine the transformation of retail financial services: Transparency, or the ability of all market participants to determine the available range of prices for financial instruments and financial services; Differential pricing, in which finer and finer distinctions must be made among groups of customers, setting their prices based upon the revenue streams they generate, the costs to serve them, and their resulting profitability; Disintermediation or bypass, in which net-based direct interaction eliminates the role previously enjoyed by financial advisors, retail stock brokers, and insurance agents. Each of these will affect the roles to be played by financial service providers, the sources of profits available to them, and the strategies they may choose to pursue in order to earn those profits. However, different financial products will be affected differently by each of these issues in both the nature and the magnitude of the effect. In addition, these factors are often interdependent - for example, differential pricing is often a necessary response to increasing price transparency to prevent erosion of margins, and the ability to deliver sophisticated (although typically not complex) pricing strategies to customers may be affected by the incentives and structure of the distribution system. For these reasons, we will organize the remainder of the paper around the discussion of these effects as they apply within different sectors in financial services. The emphasis of our analysis will be on the primary sectors in retail financial services: credit cards, deposit banking, mortgages, brokerage, and insurance. Our focus is the retail segment because it has been the most radically transformed by the Internet to date, primarily because the retail business has the most to benefit from the reduction in customer interaction costs, the ability to reach mass markets, and the reduction in the role of geography in determining the strategies of financial services providers. Much of the computing- and communications-enabled transformation in the relationships among financial institutions or between financial institutions and consumers of wholesale financial services (for example, brokerage houses and exchanges, or large firms and their commercial lenders) have already occurred or were well underway before the Internet was commercialized. For these markets, the economics of computing and networking were still favorable under previous generations of technology. Many of the commercial financial services that are likely to be transformed by the Internet, at least in the medium term (3-5 years), are those that closely resemble retail services (such as commercial mortgage, short term lending, leasing, cash management, and the like). That is not to say that business to business (B2B) e-commerce opportunities do not exist in the financial sector - only that many of the medium term opportunities that are directly a result of the Internet are closely analogous to changes in the retail sector, and the others are probably more closely related to organizational and market innovation rather than a result of ubiquitous and low-cost communications technology.

FinTech, blockchain and Islamic finance : an extensive literature review

Purpose: The paper aims to review the academic research work done in the area of Islamic financial technology. The Islamic FinTech area has been classified into three broad categories of the Islamic FinTech, Islamic Financial technology opportunities and challenges, Cryptocurrency/Blockchain sharia compliance and law/regulation. Finally, the study identifies and highlights the opportunities and challenges that Islamic Financial institutions can learn from the conventional FinTech organization across the world. Approach/Methodology/Design: The study collected 133 research studies (50 from Social Science Research Network (SSRN), 30 from Research gate, 33 from Google Scholar and 20 from other sources) in the area of Islamic Financial Technology. The study presents the systematic review of the above studies. Findings: The study classifies the Islamic FinTech into three broad categories namely, Islamic FinTech opportunities and challenges, Cryptocurrency/Blockchain sharia compliance and law/regulation. The study identifies that the sharia compliance related to the cryptocurrency/Blockchain is the biggest challenge which Islamic FinTech organizations are facing. During our review we also find that Islamic FinTech organizations are to be considered as partners by the Islamic Financial Institutions (IFI’s) than the competitors. If Islamic Financial institutions want to increase efficiency, transparency and customer satisfaction they have to adopt FinTech and become partners with the FinTech companies. Practical Implications: The study will contribute positively to the understanding of Islamic Fintech for the academia, industry, regulators, investors and other FinTech users. Originality/Value: The study believes to contribute positively to understanding of Fintech based technology like cryptocurrency/Blockchain from sharia perspective.peer-reviewe

Troli tong gas

Tong gas adalah sebahagian daripada keperluan rumah yang sangat penting untuk kegunaan dapur. LPG (Liquefied Petroleum Gas), atau petroleum gas biasanya digunakan untuk aplikasi perumahan (tong gas masak) dan tujuan komersial. LPG terutamanya terdiri daripada campuran hidrokarbon seperti propana (C3H8), propene (C3H6), n-butana (C4H10), isobutena (metil-propana), dan pelbagai butanes lain (C4H8) (Mustapa, Gitano Briggs, 2008). LPG disimpan cair dalam tong pada tekanan tinggi, tekanan wap sekitar 6 hingga 7 bar (Petrolium Nasional Berhad, 2013). Oleh itu, tong gas perlu diperbuat daripada silinder keluli bertekanan tinggi. Tong gas digunakan hampir di semua perumahan, termasuk rumah pangsa, kondominium dan apartment. Kebiasaan penghuni perumahan bertingkat yang tidak mempunyai lift terpaksa mengangkat tong gas menggunakan tenaga empat kerat, kadang kala menggunakan troli biasa untuk menggangkut tong gas tersebut bagi memudahkan dan meringankan kerja. Troli adalah peranti yang digunakan untuk membawa beban atau memindahkan bahan dari satu tempat ke yang lain. Untuk aplikasi yang berbeza pelbagai jenis troli digunakan Kebanyakan pekerja domestik juga menggunakan tenaga tulang empat kerat untuk kerja-kerja pemindahan troli .

Mobile Application Security Platforms Survey

Nowadays Smartphone and other mobile devices have become incredibly important in every aspect of our life. Because they have practically offered same capabilities as desktop workstations as well as come to be powerful in terms of CPU (Central processing Unit), Storage and installing numerous applications. Therefore, Security is considered as an important factor in wireless communication technologies, particularly in a wireless ad-hoc network and mobile operating systems. Moreover, based on increasing the range of mobile application within variety of platforms, security is regarded as on the most valuable and considerable debate in terms of issues, trustees, reliabilities and accuracy. This paper aims to introduce a consolidated report of thriving security on mobile application platforms and providing knowledge of vital threats to the users and enterprises. Furthermore, in this paper, various techniques as well as methods for security measurements, analysis and prioritization within the peak of mobile platforms will be presented. Additionally, increases understanding and awareness of security on mobile application platforms to avoid detection, forensics and countermeasures used by the operating systems. Finally, this study also discusses security extensions for popular mobile platforms and analysis for a survey within a recent research in the area of mobile platform security

Nonbanks and risk in retail payments

This paper documents the importance of nonbanks in retail payments in the United States and in 15 European countries and analyzes the implications of the importance and multiple roles played by nonbanks on retail payment risks. This paper also reviews the main regulatory safeguards in place, and concludes that there may be a need to reconsider some of them in view of the growing role of nonbanks and of the global reach of risks in the electronic era.

Electronic security - risk mitigation in financial transactions : public policy issues

This paper builds on a previous series of papers (see Claessens, Glaessner, and Klingebiel, 2001, 2002) that identified electronic security as a key component to the delivery of electronic finance benefits. This paper and its technical annexes (available separately at http://www1.worldbank.org/finance/) identify and discuss seven key pillars necessary to fostering a secure electronic environment. Hence, it is intended for those formulating broad policies in the area of electronic security and those working with financial services providers (for example, executives and management). The detailed annexes of this paper are especially relevant for chief information and security officers responsible for establishing layered security. First, this paper provides definitions of electronic finance and electronic security and explains why these issues deserve attention. Next, it presents a picture of the burgeoning global electronic security industry. Then it develops a risk-management framework for understanding the risks and tradeoffs inherent in the electronic security infrastructure. It also provides examples of tradeoffs that may arise with respect to technological innovation, privacy, quality of service, and security in designing an electronic security policy framework. Finally, it outlines issues in seven interrelated areas that often need attention in building an adequate electronic security infrastructure. These are: 1) The legal framework and enforcement. 2) Electronic security of payment systems. 3) Supervision and prevention challenges. 4) The role of private insurance as an essential monitoring mechanism. 5) Certification, standards, and the role of the public and private sectors. 6) Improving the accuracy of information on electronic security incidents and creating better arrangements for sharing this information. 7) Improving overall education on these issues as a key to enhancing prevention.Knowledge Economy,Labor Policies,International Terrorism&Counterterrorism,Payment Systems&Infrastructure,Banks&Banking Reform,Education for the Knowledge Economy,Knowledge Economy,Banks&Banking Reform,International Terrorism&Counterterrorism,Governance Indicators

Regulation for E-payment Systems - Analytical Approaches Beyond Private Ordering

Technology-driven payment instruments and services are facilitating the development of e-commerce; however, security concerns beleaguer their implementation, particularly in developing countries. This article considers the limits of private ordering in the regulation of e-payment systems. It uses Nigeria to exemplify a developing country that is increasingly pushing for the adoption of a regulatory framework for e-payment systems based on private ordering. It argues that, although technical standards and self-regulation by the financial industry are important, law is an essential regulatory mechanism that is largely absent. The article proposes that law be used as a mechanism to set and compel compliance with technical and industry standards, thus building trust, catering to public interest concerns and legitimizing the regulatory process

Critical success factors for preventing E-banking fraud

E-Banking fraud is an issue being experienced globally and is continuing to prove costly to both banks and customers. Frauds in e-banking services occur as a result of various compromises in security ranging from weak authentication systems to insufficient internal controls. Lack of research in this area is problematic for practitioners so there is need to conduct research to help improve security and prevent stakeholders from losing confidence in the system. The purpose of this paper is to understand factors that could be critical in strengthening fraud prevention systems in electronic banking. The paper reviews relevant literatures to help identify potential critical success factors of frauds prevention in e-banking. Our findings show that beyond technology, there are other factors that need to be considered such as internal controls, customer education and staff education etc. These findings will help assist banks and regulators with information on specific areas that should be addressed to build on their existing fraud prevention systems