Info-Communicative and Protective Function of the State as Combating Fraud using Sberbank Bank Cards

Financial crimes are defined as unfair activities that have become widespread in banking structures. The activities of financial fraudsters often have negative consequences before public rules are created that prohibit them. Intensive transformation processes in financial markets, their automation and virtualisation, the spread of remote interaction between banks and their clients, the influence of unauthorised persons on the software and hardware systems of banks, an increase in the number of cases and trading volumes determine the relevance of clarifying the essence of this phenomenon and the peculiarities of its manifestation in banking structures. The novelty of the study is determined by the fact that financial violations can be represented both in the structure of the current activities of banks and the process of interaction with clients and in the structure of expanding the list of services provided. The leading method to study this problem is the method of analysis, which allows to identify and comprehensively consider ways to counter financial crimes in banks to improve the level of financial security. The authors show that structurally, one should take into account, first of all, countermeasures on the part of customers, which often serve as a source of obtaining personal data. In this case, the state function is considered only as a security function for the purpose of possible punishment for fraudulent actions. The practical significance of the study is determined by the possibilities of structural implementation of combating financial fraudulent actions in the context of the development of the information society

39P. Nature and Extent of Identity Crime through Wireless Technology Abuse and its Impact on Individual and Organisational Levels

Perpetrator(s) are stealing personal data abusing wireless networks to commit identity fraud and related crimes that is affecting us on individual, organisational and national levels. These threats affect national security also (Smith et al. 2010). There have been instances of identity and data theft crimes involving millions of debit and credit card numbers, which indicate the seriousness of this issue and reinforce the concerns of security professionals. These cases were taken from newspapers and recent research papers related to this field and analysed in this study. The objective of this research paper is to investigate the security weaknesses in the wireless protocols and examine how perpetrators are exploiting the wireless networks. The security limitations found in the commonly used types of wireless networks are also presented. The sharing of information on social networking services such as Facebook and Twitter also pose privacy and security threats. The current study presents guidelines and discusses approaches employed to safeguard and protect wireless networks in organisations. It is a study to create public awareness about the threats and related privacy issues in the use of wireless and hand held communication devices

ONLINE CREDIT CARD FRAUD: AN EMERGING CRIME IN THE INFORMATION TECHNOLOGY

While the online retailing environment has provided businesses with an unparalleled opportunity to expand and improve their profits, it has also increased the vulnerability of businesses to online credit card fraud. This paper discusses the vulnerability of online credit card payment and the risks faced by participants in online credit card payment. As well as examining the prevalence of online credit card fraud, this paper considers strategies to reduce the risk of online credit card fraud.

Electronic identity verification: personal data protection challenges and risks

This work highlights the clash of GDPR, eIDAS Regulation and PSD2 Directive, as well as tackles challenges of implementation in practice, specifically the challenges of securing personal data whilst ensuring an electronic identity. A comparative analysis on practical case studies which are concerned with electronic identity verification, electronic identity establishment and use electronic identity verification in the process of providing services is carried out in order to understand how such businesses tackle personal data challenges, how successfully and to what manner. The work concludes with findings of legal uncertainty between all three regulatory acts, as they lack unified definitions and interpretational certainty in terminology, as well as they are in a need of revision due to the fact that some relevant laws were developed prior GDPR

Strong Customer Authentication : Security Issues and Solution Evaluation

In October 2015 PSD2 first adopted by the European Parliament to initiate a new method of payment system. Since then, it receives several amendment time to time. Strong Customer Authentication (SCA), one of the major requirements of PSD2 came into force from September 2019. However, European Banking Authority EBA found it is challenging to comply with this requirement fully, before the given deadline. Technical implementation challenge, complex payment systems across EU, bring-in all related actors under SCA needs to be resolved with profound solution to achieve the PSD2 success. Moreover, contradictory terms of the PSD2 with GDPR and inadequate protection for the user’s privacy prevails account access issues that can be circumvented by the payment service providers. This article investigated the pros and cons of the PSD2, finds feasible solutions for SCA that seamlessly involves all actors in payment system. Despite the fact of technical implementation details, a leading PSP’s SCA compliant solution integrated into an e-invoicing system as an specimen of an SCA compliant model. The model showcases the SCA conformity then test and verifies security of data and privacy of the user

An Analysis of Computer Systems for the Secure Creation and Verification of User Instructions

The ongoing digitisation of previously analogue systems through the Fourth Industrial Revolution transforms modern societies. Almost every citizen and businesses operating in most parts of the economy are increasingly dependent on the ability of computer systems to accurately execute people's command. This requires efficient data processing capabilities and effective data input methods that can accurately capture and process instructions given by a user. This thesis is concerned with the analysis of state-of-the-art technologies for reliable data input through three case studies. In the first case study, we analyse the UI of Windows 10 and macOS 10.14 for their ability to capture accurate input from users intending to erase data. We find several shortcomings in how both OS support users in identifying and selecting operations that match their intentions and propose several improvements. The second study investigates the use of transaction authentication technology in online banking to preserve the integrity of transaction data in the presence of financial malware. We find a complex interplay of personal and sociotechnical factors that affect whether people successfully secure their transactions, derive representative personas, and propose a novel transaction authentication mechanism that ameliorates some of these factors. In the third study, we analyse the Security Code AutoFill feature in iOS and macOS and its interactions with security processes of remote servers that require users to handle security codes delivered via SMS. We find novel security risks arising from this feature's design and propose amendments, some of which were implemented by Apple. From these case studies, we derive general insights on latent failure as causes for human error that extend the Swiss Cheese model of human error to non-work environments. These findings consequently extend the Human Factors Analysis and Classification System and can be applied to human error incident investigations

Culturally aligned security in banking. A system for rural banking in Ghana.

This thesis is an investigation into the unique rural banking system in Ghana and the role of information systems in fraud control. It presents a robust information security and internal control model to deal with fraud for the banking system. The rural banking industry has been noted for poor internal control leading to fraud. This has resulted in poor performance and even the collapse of some banks. The Focus of the study was on the processes used to deliver banking services. To design a protection system, a number of rural banks were visited. This was to understand the environment, regulatory regimes and the structure and banking processes of the industry and banks. Systemic vulnerabilities within the industry which could be exploited for fraud were found. The lack of structures like an address system and unreliable identification documents makes it difficult to use conventional identification processes. Also the lack of adequate controls, small staff numbers and the cross organisational nature of some transactions among other cultural issues reduces the ability to implement transaction controls. Twenty fraud scenarios were derived to illustrate the manifestation of these vulnerabilities. The rural banking integrity model was developed to deal with these observations. This protection model was developed using existing information security models and banking control mechanisms but incorporating the nature of the rural banking industry and culture of its environment. The fraud protection model was tested against the fraud scenarios and was shown to meet the needs of the rural banking industry in dealing with its systemic vulnerabilities. The proposed community-based identification scheme deals with identification weaknesses as an alternative to conventional identity verification mechanisms. The Transaction Authentication Code uses traditional adinkra symbols. Whilst other mechanisms like the Transaction Verification Code design v internal controls into the banking processes. This deals with various process control weaknesses and avoids human discretion in complying with controls. Object based separation of duties is also introduced as a means of controlling conflicting tasks which could lead to fraud

An information systems security framework for the e-Government Programme of Jordan

Any e-government programme provides e-services as one of the most important means by which the interaction between citizens, businesses and governments takes place. This has brought great opportunities but also raises serious cybersecurity challenges. Critical information assets are facing various potential security risks and threats. Information systems security is necessary to mitigate those risks and threats that are faced by the e-government programme and to safeguard the confidentiality, integrity and availability of the available e-services. In light of the above, the aim of this study is to examine how information security is managed and approached within e-government programmes and the case study of the Ministry of ICT in Jordan informs that aim. The study deconstructs information security through the Technical/Formal/Informal (TFI) framework and enriches that framework by customising it for e-government, expanding it also to include citizens’ online trust. To achieve this aim, a qualitative investigation of the Jordanian e-government programme was conducted by following the research design of a case study in the interpretivist tradition. Furthermore, a survey was used as a complementary phase to examine citizens’ perspectives on e-government security. By combining, analysing and reflecting on the empirical data, a consolidated information security framework was developed for different security aspects, based on the TFI model (technical, formal and informal). The dissertation contributes to the knowledge domain at the intersection of e-government and cybersecurity both practically and theoretically, focusing on technical aspects and non-technical aspects as well. The proposed framework provides an overview of the TFI-categorised elements that can help governments reflect on and manage the security challenges of their corresponding e-government programmes