Communications Security for Electronic Funds Transfer Systems

This paper focuses on selected aspects of communications security for electronic funds transfer systems that may not be present in classical security-oriented communications systems. 1) An EFT security system should be able to pinpoint the site responsible for any financial loss resulting from a penetration. 2) An EFT security system should not allow false rejections, i.e., should not deny any legitimate transaction. 3) An EFT security system should not employ draconian methods to restore communications security after a penetration. 4) Simultaneous accesses to an EFT account should be synchronized to ensure that improper transactions are not authorized. 5) Traditional access-control methods applied to secure commumcations equipment are not applicable to EFT networks. 6) Traditional manually oriented techniques used to distribute encryption keys may not be practicable in a large scale EFT network. 7) Techniques used in providing communications security, especially those involving encryption algorithms, should not rely on secrecy to protect the integrity of the system. 8) Communications overhead imposed by security measures should be minimized to allow for projected high rates of use of EFT facilities.

[1]  Stephen M. Matyas,et al.  A Cryptographic Key Management Scheme for Implementing the Data Encryption Standard , 1978, IBM Syst. J..

[2]  Dorothy E. Denning Secure personal computing in an insecure network , 1979, CACM.

[3]  Stephen M. Matyas,et al.  Required Cryptographic Authentication Criteria for Electronic Funds Transfer Systems , 1981, 1981 IEEE Symposium on Security and Privacy.

[4]  Kenneth L. Kraemer,et al.  Computers and Banking , 1980 .

[5]  Donn B. Parker,et al.  Vulnerabilities of EFTs to intentionally caused losses , 1979, CACM.

[6]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[7]  D. Kaufman,et al.  A secure, national system for electronic funds transfer , 1976, AFIPS '76.

[8]  Dennis K. Branstad,et al.  Encryption Protection in Computer Data Communications , 1975 .

[9]  C. Campbell A Microprocessor-based Module To Provide Security In Electronic Funds Transfer Systems , 1979 .

[10]  Stephen M. Matyas,et al.  Generation, Distribution, and Installation of Cryptographic Keys , 1978, IBM Syst. J..

[11]  Stephen M. Matyas Digital Signatures - An Overview , 1979, Comput. Networks.

[12]  Frank Backman Are computers ready for the checkless society? , 1976, AFIPS '76.

[13]  C. H. Meyer,et al.  Some cryptographic principles of authentication in electronic funds transfer systems , 1981, SIGCOMM 1981.

[14]  Russell H. Dewey Systems auditability and control in an EFTS environment , 1978, AFIPS National Computer Conference.

[15]  Jason Gait,et al.  Easy entry: the password encryption problem , 1978, OPSR.

[16]  Joseph Mazzetti Design considerations for electronic funds transfer switch system development , 1976, AFIPS '76.

[17]  S. M. Matyas,et al.  Cryptographic Pin Processing In EFT Systems , 1979 .

[18]  M. Smid Integrating the Data Encryption Standard into Computer Networks , 1981, IEEE Trans. Commun..

[19]  Miles E. Smid,et al.  A Key Notarization System for Computer Networks , 1979 .