A professional view on ebanking authentication: Challenges and recommendations

In current e-banking systems, millions of consumers are now able to conduct financial transactions using a wide range of mobile devices; this growth exposes the system not only to the set of known threats that are now migrating from traditional PC-based e-banking to the mobile-based scenario, but, to emerging threats specifically targeting mobile devices. Considering the sensitive nature of the financial information managed, security in mobile devices has become a major issue. Thus, to be able to provide transaction security, and minimize the potential threats, e-banking systems must implement robust identification and authentication systems (eIDAS). Therefore, this paper analyzes current threats in e-banking. It presents a brief review on the current state of the art analyzing the most popular eIDAS implemented in Europe, through a survey launched by ENISA addressed to security professionals of the financial sector. The most common eIDAS approaches for e-banking, and their suitability against the known threats in terms of related incidents and financial loss, are therefore assessed. Finally, a set of challenges and recommendations to be considered in any eIDAS implementation is introduced.

[1]  Mohammad Reza Nami,et al.  E-Banking: Issues and Challenges , 2009, 2009 10th ACIS International Conference on Software Engineering, Artificial Intelligences, Networking and Parallel/Distributed Computing.

[2]  Amtul Fatima,et al.  E-Banking Security Issues – Is There A Solution in Biometrics ? , 2011 .

[3]  Campus Universitário,et al.  A FORMAL CLASSIFICATION OF INTERNET BANKING ATTACKS AND VULNERABILITIES , 2011 .

[4]  Janardan Choubey,et al.  Secure User Authentication in Internet Banking: A Qualitative Survey , 2013 .

[5]  Thomas Weigold,et al.  Secure Internet banking authentication , 2006, IEEE Security & Privacy.

[6]  V. Rathore,et al.  e-Banking Security and Authentication Issues , 2011 .