INTRODUCTION:

The purpose of this literature is to identify whether Bio-metric technologies are capable of providing the secured way of identification and personal activities to overcome the security issues in the process of Internet banking in banks. This literature also discusses about the possible security threats which most affect the online banking and the progress of counter measures taken to overcome the security issues. The main aim of this research is to analyse the capability of Bio-metric technologies and also about the benefits of using Bio-metric technologies for the security purpose in Internet banking.

GROWTH OF INTERNET BANKING:

According to Aravind Duraiswamy (2009), traditional way of banking requires their customers to visit the banks every time even to perform their basic banking needs like checking their bank account balance. As the usage of Internet becomes popular banks came up with the concept of Internet banking where customers could perform most of the transactions from their homes or anywhere for that matter. The Internet banking application has features that help to meet most of the banking needs of a bank account holder over the internet.

A recent paper (Hisamatsu et al, 2010) mentioned that the concept of online banking started in the 1980’s and it first became available for client use in 1995. Since then, the number of banks offering online banking services as well as demand for the service has increased. In the UK alone, the number of people using online banking has increased by 174% in just 5 years from 2001 to 2006. In the US, 53 million people, or one out of every 4 adults, used online banking in 2005.

According to Lee (2008, p.130-141) However, despite the fact that online banking provides many advantages, such as faster transaction speed and lower handling fees, there are still a large group of customers who refuse to adopt such services due to uncertainty and security concerns.

Binshan et al. (2010) indicates that trust is the “heart of the system” for online banking. Thus, we can say that internet banking is susceptible to greater sense of insecurity than older banking services and thereby importance of trust is also relatively higher in adoption of internet banking. A review by Michal et al. (2009) mentions that, a high level of perceived risk is considered to be a barrier to propagation of new innovations. Influenced by the imagination-capturing stories of hackers, customers may fear that an unauthorized party will gain access to their online account and serious financial implications will follow.

Rise of Security Attacks in Internet Banking:

A paper (Zakaria et al, 2009) reported that information security means the protection of information and information systems from illegal and unauthorized access, use, destruction or modification of data or information. However at the same time, information security issues are considered as the major factors affecting the growth of online banking as the fraudulent activities are prominently increasing. Also it has been reported that one-third of account holders who had signed up for e-banking had stopped using it due to unsatisfactory security service or the complexity of using the service.

A review by Laerte et al. (2011) indicates that the number of malware and exploits focused on online banking systems vulnerabilities has been steadily growing during past years. Recent reports indicate that banking Trojans were among the 50 main security threats in 2009. While Brazil figures as the source and destination of most of those attacks performed in Latin America.

Rachwald (2008, p.11-12)argues that in the physical world attackers are limited by their ability to manipulate physical items like making an extra copy of your account number. In the online world attackers are essentially unlimited in the resources they can bring to bear.

A review by Francisco et al. (2010) mentions that, Banking is considered a highly dynamic business, even more so when price reductions or better conditions are offered to customers contracting services over the internet. However some groups of customers are reluctant to use such services. Regarding electronic commerce in general, consumers show more concern about the use of banking services when the amount of money potentially exposed to fraud is significantly larger, than with other types of services or organizations.

Various types of possible Security Attacks:

Most internet banking fraud occurs in a two-step process. First, the offender must get their hands on the customer’s account information, like their username and password. Second, the offender will use that information to move his victim’s money to another account or withdraw it to make fraudulent purchases, which can be found online (Internet Banking Fraud: Why is Online Banking so Popular, 2009).

These fraud schemes include,

Phishing:

Hossain et al. (2011) argues that, Phishing is a web-based attack that allures end users to visit fraudulent websites and give away personal information (e.g., user id, password). The stolen information is the beginning point of many illegitimate activities such as online money laundering. Phishing attacks cost billions of dollars in losses to business organizations and end users.

A recent paper (Pravin et al, 2011) argues that, although phishing is a simple social engineering attack, it has proven to be surprisingly effective. Hence, the number of phishing scams is continuing to grow, and the cost of the resulting damages is increasing. One of the main reasons why phishing attacks are possible is because mails can be spoofed easily.

Butler (2007, p.517-533) found that a White Paper on Phishing explains that use of the term “phishing” originates in the term “password harvesting fishing”. Phishing attacks are popular, as they are relatively inexpensive to launch, while the potential returns for the phisher could be significant. Phishers succeed in their attacks as consumers are not adequately informed about the risks of disclosing their personal details.

A review by Gerald et al. (2008) indicates that the term ‘phishing’ has its origins from the analogy that identity thieves are using lures usually in the form of e-mails to ‘fish’ for passwords and financial data from the ‘sea’ of Internet users. As users are getting more aware of the modus operandi of phishing attacks over the Internet, identity thieves are taking measures to deceive the public and to continue harvesting stolen identities online. A variant of phishing that is yielding potent results to these perpetrators is spear-phishing which is more targeted and specific if compared to its predecessor.

A review by Petr et al. (2010) mentions that in the Phishing kind of attack, the attacker tries to obtain victims private information like credit card number, passwords or account numbers. It is based on sending bogus e-mails, which pretend to be an official request from victim’s bank or any other similar institution. These e-mails requests to insert victim’s private information on referenced page. This page looks similar to official internet banking and the user fills in all requested fields in good faith that all his information will be safe, which leads to the compromising of all of his information.

Malware, Botnets and DDoS Attacks:

According to Wajeb et al. (2011) nowadays, there is a huge variety of cyber threats that can be quite dangerous not only for big companies but also for an ordinary user, who can be a potential victim for cybercriminals when using unsafe system for entering confidential data, such as login, password, credit card numbers, etc. Among popular computer threats it is possible to distinguish several types depending on the means and ways they are realized. They are: malicious software (malware), DDoS attacks (Distributed Denial-of-Service), botnets.

Shrutiet al. (2010) argues that Botnets are the network compromised machines under the control of a human operator. Using botnet attacker can perform various attacks like distributed denial of service (DDoS), email spamming, key logging, click fraud etc. DDoS attack is used to perform overloading in a network or system, so that an authorized user cannot use the service.

Starting a distributed denial of service attack needs a whole bunch of machines. According to various sources, it’s very easy to compromise a computer. As soon as a computer is compromised it can be used to engage in malignant activities. A so called “Bot” is created. One bot as itself cannot be very harmful but as a user gathers a collection of bots and binds them together, the user is creating a “BotNet” which has a much high bandwidth capability. The communication between the bots is using a specific control channel which is owned by the bot herder or bot master (Burkhard et al., 2011, p.22).

Malware infects PCs, waits for the user to log onto a list of targeted banks and financial institutions, and then steals their credentials which are sent to a remote server in real time (Gendron, 2010).

A recent paper (Shih-Yao et al., 2009) indicates that malware is designed specifically to expose confidential information, such as system data, confidential files and documents, or logon credentials that are stored on the infected computer. With the widespread use of online shopping and Internet banking, the compromises of this nature results in significant financial loss, particularly if credit card information or banking details are exposed.

Viruses:

Online banking customers are being targeted by international cyber criminals who are using sophisticated computer viruses to empty their accounts. A new version of a well-known Trojan virus has stolen ?675,000 from about 3,000 online customers of an unnamed British bank, according to an internet security company (Griffiths and Harvey, 2010). The cash has been remotely transferred out of the accounts, held by businesses and individuals.

The virus checks to see how much money is in the accounts, steals it and shows the customer fake bank balances to cover its tracks, the company said. It uncovered the scale of the theft after penetrating the criminals’ command-and-control server, which is based in Eastern Europe. The company said that it had informed the financial institution concerned and the police two weeks ago and the attack appeared to be continuing. Zeus v3 is one of a new wave of viruses that often invade consumers’ machines when they visit legitimate websites, in what is termed a “drive-by” infection (Griffiths and Harvey, 2010).

Burton (2008) identified a Trojan virus labelled SilentBanker. SilentBanker is aptly named because this virus embeds itself on home computers after users have visited random websites and it has the ability to redirect money from customer’s accounts during a normal Internet banking session, all without any outward signs that a virus is at work. And most worrisome of all is that the usual indicators of a secure website; the locked padlock symbol and the letter “s” in a website address (https :), no longer guarantee that a website is secured.

Spyware and Adware:

Clutterbuck (2010) highlighted that, Spyware has been described as a software paradigm designed to illicitly collect and distribute targeted consumer information. “It is difficult to define spyware with precision. The working definition proposed … was software that aids in gathering information about a person or organization without their knowledge and which may send such information to another entity without the consumer’s consent, or asserts control over a computer without the consumer’s knowledge.”

In the analysis of Aycock (2010, pp.2) Adware can be considered a somewhat less harmful and usually more obvious form of Spyware. Spyware is covert; adware is overt. Just as for Spyware, there are behaviours that could be thought of as being characteristic of adware.

Janice et al. (2008) defines Adware, a type of spyware, delivers specific advertisements and offerings, customized for individual users as they browse the web. These advertisements can take the form of pop-up or pop-under ads, web banners, redirected webpages, and spam e-mail. Some adware however, may alter a homepage by hijacking a web browser, or add URLs to bookmarks, to persistently present a competitor’s website or a look-alike site, disallowing the user web access for his own purposes.

According to Janice et al. (2008) personal information such as financial data, passwords, and identification-tagged downloads can be transmitted, without the user’s knowledge or consent, to the spyware author or third-party sites. These sites can “phish” for data from user inputs while surfing, banking, and making purchases. The data could then be used to promote gambling, pornography, or fraudulent schemes, such as identity theft, to unsuspecting users.

Insider Attacks:

(Hui et al., 2010) defines insider and insider threat as “An insider is a current or former employee, a contractor or a business partner who has or had authorized access and intentionally exceeded that access in a manner that negatively affected the confidentiality, integrity or availability of the organization’s information or information systems’.

Fyffe (2008, p.11-14) argues that, In response to the increase in data breaches and the need to monitor and prevent attacks at every level, security professionals are proactively seeking ways to combat the insider threat. Despite this increased focus, internal attacks remain difficult to prevent. The motivation of those behind the breaches can be difficult to identify and the perpetrators often hide in plain sight. In many cases, insider attacks are premeditated and deliberate, but organisations must also recognise that non-malicious insiders can inadvertently access and distribute sensitive information.

Existing counter measures and why they are not effective:

(Paget, 2009) argues that financial fraud often starts with the diversion of personal information. A trash or recycling bin, a telephone conversation, or a poorly protected computer can be the starting point for fraud. Businesses are often vulnerable as well. Stolen laptops and data loss can lead to lasting damage to its brand image and heavy financial consequences for the company itself or its customers. In this respect, banks find themselves on the front line. Although it is impossible to completely eliminate the chance of becoming a victim of identity theft, individuals can effectively reduce their risk by following some commonsense recommendations.

Anti-Phishing Counter measure:

A recent paper (Abdullah and Malcolm, 2009) indicates that there have been different proposed anti-Phishing solutions to mitigate the problem of Phishing. Security toolbars have been used to prevent Phishing attacks such as SpoofStick. There are also anti-Phishing approaches that make users aware of Phishing emails and websites and how to avoid them. The most basic approach is publishing guidelines for the Internet users to follow when they go online.

According to (Abdullah and Malcolm, 2009) Anti-Phishing training will make the end-user aware and it will erect an effective barrier against Phishing attempts. Anti-Phishing awareness was shown to have a great positive effect in mitigating the risk of Phishing. There is a variety of anti-Phishing training approaches to make users aware of Phishing emails and websites and to learn how to avoid them.

People are vulnerable to phishing attacks because spoofed websites look very similar to legitimate websites. People have trouble identifying phishing sites even in tests in which they have been alerted about the possibility of such attacks. Furthermore, when phishers personalize their emails, they can further increase the likelihood that the attack will be successful. Researchers have developed several technical approaches to countering phishing attacks, including toolbars, email filters, and verified sender addresses. However, these approaches are not foolproof. In a recent study of 10 anti-phishing tools, only one tool was able to correctly identify over 90% of phishing websites, and that tool also incorrectly identified 42% of legitimate websites as fraudulent. Furthermore, while automated phishing detection is improving, phishers continuously adapt their attack techniques to improve their chances of success (Johnny, 2007).

According to (Cranor, 2008) with so much of money at stake, the computer security community has been scrambling to develop tech­nologies to combat phishing, such as filters for e-mail and Web browsers that flag phishing at­tempts. Although such software has helped stop many attacks, phishers are constantly evolving their tactics to try to stay a step ahead of such technologies. Since phishing plays on human vul­nerabilities, a successful attack requires a victim to succumb to the lure and take some action and it is also not strictly a technological problem.

A review by Ponnurangam et al. (2010) indicates that most anti-phishing research has focused on solving the problem by eliminating the threat or warning users. However, little work has been done on educating people about phishing and other semantic attacks. Educating users about security is challenging, particularly in the context of phishing, because users are not motivated to read about security in general and therefore do not take time to educate themselves about phishing for most users, security is a secondary task (e.g. one does not go to an online banking website to check the SSL implementation of the website, but rather to perform a banking transaction) and it is difficult to teach people to make the right online trust decision.

Malware, Botnets and DDoS Counter Measures:

Traditional ways of counter-measuring botnets is generally restricted to spotting a central weak point in their infrastructure that can be manipulated, disrupted or blocked. The most common way is to cooperate with an Internet service provider to gain access and shut down the central component, resulting in a loss of control for the botnet owner: The botnet cannot be commanded anymore. Such actions are often performed during emergency response to an ongoing incident like a DDoS attack (Felix et al., 2009).

According to (Felix et al., 2009) the most promising approach is to remove the base of a botnet, which is the C&C server. Pulling the plug of the command-and-control host allows to extinguish the whole botnet in one go. Unfortunately this is only possible if all of the following conditions are met:

1. The botnet uses a centralized structure

2. The location of the C&C server is known

3. The provider cooperates

If any one of those conditions is not met, the C&C server cannot be removed.

A review by Muththolib et al. (2010) mentions that Static Passwords, also the most common type of authentication method used in e-banking websites. It is based on proof knowledge. This type of mechanisms is prone to all type of attacks and usually attacks like capture, replay, guessing or phishing are common and effective attacks. Soft-token Certificate/SSL-TLS,this mechanism conducts mutual authentication between the user terminal and internet banking server, based on the certificates stored on the user’s web browser. The mechanism is prone to malicious software attacks such as key logger screen captures and also allows access to the user’s certificate stored on the browser which would also result in identity theft Muththolib et al. (2010). Hard-token Certificate/SSL-TLS:in this mechanism it uses a token for the authentication process. This mechanism is prone to token attack tools, malicious software attacks and also these tokens can be stolen. One-time Password/Time-based Code Generator: in this mechanism a one-time password is generated by a random calculator, using a seed that is pre shared between a PIN protected user’s device and the Internet Banking Server. This mechanism is also prone to number of attacks including device theft.

Viruses, Spyware and Adware Counter Measures:

(Miko, 2010) argues that using trusted HW deviceslikeHW calculators, HW password generators, smart cardreaders, mobile phonewill help to block the viruses. Assume that the computer is under attacker control (e.g. via Trojan Horse). Using alternate channel (OOB – out of band) SMS messages, phone calls will help to overcome from the attack. Assume that all the communication computer -Internet is under attacker control.

According to (Kishore, 2009) to protect the systems against Trojan horses, users should use virus scanners and be careful with downloaded software or e?mail attachments. However usage of one-time passwords (OTP) solves only credential stealing and the confirmation codes are not linked with authorising transaction which made more vulnerable to the viruses.

Summary:

Finally, from the above discussions we can understand that the bank industries faces an enormous growth with the help of Internet banking facilities and also we can realize that how Internet banking becomes a negative aspect for the banking industry in the means of security issues which cannot be able to completely prevented with the use of existing counter measures. In the next step we can find out and analyse whether Bio-Metric technology is capable of providing a secured way of authentication in Internet banking to overcome the security threats.

References:

(Butler, 2007; Johnny, 2007; Burton, 2008; Cranor, 2008; Fyffe, 2008; Gerald Goh Guan Gan, 2008; Janice C. Sipior, 2008; Lee, 2008; Rachwald, 2008; Internet Banking Fraud: Why is Online Banking so Popular?

, 2009; Abdullah Alnajim, 2009b; a; Aravind Duraiswamy, 2009; Felix Leder, 2009; Kishore, 2009; Paget, 2009; Shih-Yao Dai, 2009; Zakaria Karim, 2009; Michal Polasik, 2009

; Aycock, 2010; Binshan Lin, 2010; Clutterbuck, 2010; Francisco Munoz-Leiva, 2010; Gendron, 2010; Griffiths, 2010; Hui Wang, 2010; Miko, 2010; Muththolib Sidheeq, 2010; Petr Hanaeek, 2010; PONNURANGAM KUMARAGURU & LORRIE FAITH CRANOR, 2010; Shruti Singh, 2010; Hisamatsu, 2010

; Burkhard Stiller, 2011; Hossain Shahriar 2011; Laerte Peotta & Jr, 2011; Pravin Soni, 2011; Wajeb Gharibi, 2011)

Abdullah Alnajim, M. M. (2009a) ‘An Approach to the Implementation of the Anti- Phishing Tool for Phishing Websites Detection’, 2009 International Conference on Intelligent Networking and Collaborative Systems. IEEE. [Online]. Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=05370926 (Accessed: 30 March 2011).

Abdullah Alnajim, M. M. (2009b) ‘An Evaluation of Users’ Anti-Phishing Knowledge Retention’, 2009 International Conference on Information Management and Engineering. 18 June 2009. IEEE. [Online]. Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5077029 (Accessed: 30 March 2011).

Aravind Duraiswamy, S. (2009) Security Testing Handbook for Banking Application. Cambridgeshire: IT Governance.

Aycock, J. (2010) Spyware and Adware. [Online]. Available at: http://books.google.co.uk/books?hl=en&lr=&id=UKNgoM3nLe0C&oi=fnd&pg=PR7&dq=spyware+and+adware&ots=ISwyV-b5-s&sig=EmiqG3ChX6bB5CZKkm_Lnc4cTKs#v=onepage&q&f=false (Accessed: 21 March 2011).

Binshan Lin, A. Y.-L. C., Keng-Boon Ooi, Boon-In Tan (2010) ‘Online banking adoption: an empirical analysis’, International Journal of Bank Marketing, 28 (4), pp. 267-287 [Online]. Available at: http://jr3tv3gd5w.search.serialssolutions.com/?ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info:sid/summon.serialssolutions.com&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Online+banking+adoption%3A+an+empirical+analysis&rft.jtitle=International+Journal+of+Bank+Marketing&rft.au=Binshan+Lin&rft.au=Alain+Yee-Loong+Chong&rft.au=Keng-Boon+Ooi&rft.au=Boon-In+Tan&rft.date=2010-01-01&rft.pub=Emerald+Group+Publishing+Limited&rft.issn=0265-2323&rft.volume=28&rft.issue=4&rft.spage=267&rft.epage=287&rft_id=info:doi/10.1108%2F02652321011054963&rft.externalDBID=n%2Fa&rft.externalDocID=10_1108_02652321011054963 (Accessed: 17 March 2011).

Burkhard Stiller, H., Fabio Hecht,Guilherme Machado,Andrei Vancea,Martin Waldburger (2011) Economic and Technical Analysis of BotNets and Denial-of-Service Attacks. Zurich University of Zurich [Online]. Available at: http://csg.ifi.uzh.ch/publications/ifi-2011.0001.pdf#page=19 (Accessed: 20 March 2011).

Burton, J. (2008) Internet banking virus threatens bank accounts – consumers need to fortify home computer security. Burnaby: BC Crime Prevention Association [Online]. Available at: http://www.bccpa.org/bccpa/newsroom/latest/Feb_14_08_SilentBanker_trojan.pdf (Accessed: 27 March 2011).

Butler, R. (2007) ‘A framework of anti-phishing measures aimed at protecting the online consumer’s identity’, The Electronic Library, 25 (5), pp. 517-533 [Online]. Available at: http://www.emeraldinsight.com/journals.htm?issn=0264-0473&volume=25&issue=5&articleid=1634496&show=html (Accessed: 20 March 2011).

Clutterbuck, P. (2010) ‘Spyware Security Management via a Public Key Infrastructure for Client-Side Web Communicating Applications’, 2010 10th IEEE International Conference on Computer and Information Technology : (CIT 2010). Brisbane IEEE. [Online]. Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5578087 (Accessed: 21 March 2011).

Cranor, L. F. (2008) Can Phishing be FoiledCarnegie Mellon University [Online]. Available at: http://www.cs.virginia.edu/~robins/Can_Phishing_be_Foiled.pdf (Accessed: 30 March 2011).

Felix Leder, T. W., Peter Martini (2009) Proactive Botnet Countermeasures – An Offensive Approache. Germany: University of Bonn [Online]. Available at: http://net.cs.uni-bonn.de/fileadmin/user_upload/leder/proactivebotnetcountermeasures.pdf (Accessed: 31 March 2011).

Francisco Munoz-Leiva, T. L.-M., Juan Sanchez-Fernandez (2010) ‘How to improve trust toward electronic banking’, Online Information Review, 34 (6), pp. 907-934 [Online]. Available at: http://www.emeraldinsight.com/journals.htm?issn=1468-4527&volume=34&issue=6&articleid=1896453&show=html (Accessed: 19 March 2011).

Fyffe, G. (2008) ‘Addressing the insider threat ‘, Network Security, 2008 (3), pp. 11-14 [Online]. Available at: http://jr3tv3gd5w.search.serialssolutions.com/?ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info:sid/summon.serialssolutions.com&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Addressing+the+insider+threat&rft.jtitle=Network+Security&rft.au=Fyffe%2C+George&rft.date=2008-01-01&rft.issn=1353-4858&rft.volume=2008&rft.issue=3&rft.spage=11&rft.epage=14&rft_id=info:doi/10.1016%2FS1353-4858%2808%2970031-X&rft.externalDBID=n%2Fa&rft.externalDocID=10_1016_S1353_4858_08_70031_X (Accessed: 21 March 2011).

Gendron, M. (2010) ‘Trusteer Warns Financial Malware is Attacking; Leading US Banks Using Visa and MasterCard Hoax Trojan Injects Enrollment Screen for Verified by Visa and MasterCard SecureCode Security Programs during Online Banking Sessions’, M2 Presswire, 14 July [Online]. Available at: http://jr3tv3gd5w.search.serialssolutions.com/?ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info:sid/summon.serialssolutions.com&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=news&rft.atitle=Trusteer+Warns+Financial+Malware+is+Attacking%3B+Leading+US+Banks+Using+Visa+and+MasterCard+Hoax+Trojan+Injects+Enrollment+Screen+for+Verified+by+Visa+and+MasterCard+SecureCode+Security+Programs+during+Online+Banking+Sessions&rft.jtitle=M2+Presswire&rft.date=2010-01-01&rft.pub=Normans+Media+Ltd&rft.externalDBID=n%2Fa&rft.externalDocID=231533464 (Accessed: 26 March 2011).

Gerald Goh Guan Gan, T. N. L., Goh Choon Yih & Uchenna Cyril Eze (2008) ‘Phishing: A Growing Challenge for Internet Banking Providers in Malaysia’, Journal of Internet Banking, 5, pp. 133-141 [Online]. Available at: http://www.ibimapublishing.com/journals/CIBIMA/volume5/v5n17.pdf (Accessed: 20 March 2011).

Griffiths, M. H. K. (2010) ‘Online banking hit by new trojan virus: Criminals plunder accounts without trace’, The Times August 11, p. 3. [Online]. Available at: http://jr3tv3gd5w.search.serialssolutions.com/?ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info:sid/summon.serialssolutions.com&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=news&rft.atitle=Online+banking+hit+by+new+trojan+virus&rft.jtitle=The+Times&rft.au=Katherine+Griffiths&rft.au=Mike+Harvey&rft.date=2010-08-11&rft.issn=0140-0460&rft.spage=3&rft.externalDBID=TOFL&rft.externalDocID=2106969741 (Accessed: 21 March 2011).

Hisamatsu, A. P., D. Nishantha, G.G.D. (2010) ‘Online banking and modern approaches toward its enhanced security’, Advanced Communication Technology (ICACT) 2010 : The 12th International Conference onPhoenix Park 7-10th February IEEE Xplore pp. 1459 – 1463

[Online]. Available at:

(Accessed: 17 March 2011).

Hossain Shahriar , M. Z. (2011) ‘Trustworthiness testing of phishing websites: A behavior model-based approach’, Future Generation Computer Systems, [Online]. Available at: http://www.sciencedirect.com/science?_ob=MImg&_imagekey=B6V06-5265S47-1-1&_cdi=5638&_user=122879&_pii=S0167739X11000045&_origin=gateway&_coverDate=02%2F16%2F2011&_sk=999999999&view=c&wchp=dGLbVlW-zSkWA&md5=244583ca30474732386b5fab04504a2f&ie=/sdarticle.pdf (Accessed: 19 March 2011).

Hui Wang, D. H., Shufen Liu (2010) ‘Research On Security Architecture MSIS For

Defending Insider Threat’, Proceedings of the Third International Symposium on Computer Science and Computational Technology : (ISCSCT ’10). China 14-15 August. China: academy publisher.com pp. 389-392. [Online]. Available at: http://academypublisher.com/proc/iscsct10/papers/iscsct10p389.pdf (Accessed: 21 March 2011).

Internet Banking Fraud: Why is Online Banking so Popular?. (2009) [Online]. Available at: http://www.spamlaws.com/onlinebanking-fraud.html (Accessed: 26 March 2011).

Janice C. Sipior, B. T. W. (2008) ‘User perceptions of software with embedded spyware’, Journal of Enterprise Information Management, 21 (1), 2008, pp. 13-23 [Online]. Available at: http://jr3tv3gd5w.search.serialssolutions.com/?ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info:sid/summon.serialssolutions.com&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=User+perceptions+of+software+with+embedded+spyware&rft.jtitle=Journal+of+Enterprise+Information+Management&rft.au=Janice+C.+Sipior&rft.au=Burke+T.+Ward&rft.date=2008-01-01&rft.pub=Emerald+Group+Publishing+Limited&rft.issn=1741-0398&rft.volume=21&rft.issue=1&rft.spage=13&rft.epage=23&rft_id=info:doi/10.1108%2F17410390810842228&rft.externalDBID=LIM&rft.externalDocID=10.1108%2F17410390810842228 (Accessed: 27 March 2011).

Johnny (2007) Does Anti-Phishing Training Work [Online]. Available at: http://www.cs.cmu.edu/~jasonh/publications/apwg-ecrime2007-johnny.pdf (Accessed: 30 March 2011).

Kishore, K. L. (2009) E – Banking(CS05B034 ) [Online]. Available at: http://netlab.cs.iitm.ernet.in/cs648/2009/assignment1/cs05b034.pdf (Accessed: 31 March 2011).

Laerte Peotta, M. D. H., Bernardo M. David, Flavio G. Deus, Rafael & Jr, T. d. S. (2011) ‘A FORMAL CLASSIFICATION OF INTERNET

BANKING ATTACKS AND VULNERABILITIES’, International Journal of Computer Science & Information Technology (IJCSIT), 3 (1) [Online]. Available at: http://airccse.org/journal/jcsit/0211ijcsit13.pdf (Accessed: 18 March 2011).

Lee, M.-C. (2008) ‘Factors influencing the adoption of internet banking: An integration of TAM and TPB with perceived risk and perceived benefit ‘, Electronic Commerce Research and Applications, 8 (3), pp. 130-141 [Online]. Available at: http://jr3tv3gd5w.search.serialssolutions.com/?ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info:sid/summon.serialssolutions.com&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Factors+influencing+the+adoption+of+internet+banking%3A+An+integration+of+TAM+and+TPB+with+perceived+risk+and+perceived+benefit&rft.jtitle=Electronic+Commerce+Research+and+Applications&rft.au=Lee%2C+Ming-Chi&rft.date=2009-01-01&rft.pub=Elsevier+B.V&rft.issn=1567-4223&rft.volume=8&rft.issue=3&rft.spage=130&rft.epage=141&rft_id=info:doi/10.1016%2Fj.elerap.2008.11.006&rft.externalDBID=LCRP&rft.externalDocID=000266272200003 (Accessed: 17 March 2011).

Michal Polasik, T. P. W. (2009) ‘Empirical analysis of internet banking adoption in Poland

‘, International Journal of Bank Marketing 27 (1), pp. 32 – 52

[Online]. Available at:

&rfr_id=info:sid/summon.serialssolutions.com&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Empirical+analysis+of+internet+banking+adoption+in+Poland&rft.jtitle=International+Journal+of+Bank+Marketing&rft.au=Tomasz+Piotr+Wisniewski&rft.au=Michal+Polasik&rft.date=2009-01-01&rft.pub=Emerald+Group+Publishing+Limited&rft.issn=0265-2323&rft.volume=27&rft.issue=1&rft.spage=32&rft.epage=52&rft_id=info:doi/10.1108%2F02652320910928227&rft.externalDBID=IJB&rft.externalDocID=10_1108_02652320910928227> (Accessed: 17 March 2011).

Miko, K. (2010) Internet Banking Attacks. Prague: DCIT [Online]. Available at: http://www.dcit.cz/cs/system/files/CEPOL_Internet-Banking-Attacks.pdf (Accessed: 31 March 2011).

Muththolib Sidheeq, A. D., Geetha Kananparan (2010) ‘Utilizing Trusted Platform Module to Mitigate Botnet Attacks ‘, International Journal of Advancements in Computing Technology, 2 (5), pp. 111-117 [Online]. Available at: http://www.aicit.org/ijact/ppl/12_IJACT6-187020.pdf (Accessed: 31 March 2011).

Paget, F. (2009) Financial Fraud and Internet Banking: Threats and Countermeasures. California: McAfee [Online]. Available at: http://www.mcafee.com/us/resources/reports/rp-financial-fraud-int-banking.pdf (Accessed: 30 March 2011).

Petr Hanaeek, K. M., Jiri Schafer (2010) ‘E-banking security – A comparative study’, IEEE, 25 (1), pp. 29-34 [Online]. Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5442151 (Accessed: 26 March 2011).

Ponnurangam Kumaraguru, S. S., ALESSANDRO ACQUISTI, & LORRIE FAITH CRANOR, J. H. (2010) ‘Teaching Johnny Not to Fall for Phish’, ACM Transactions on Internet Technology, 10 (2), pp. 1-31 [Online]. Available at: http://delivery.acm.org/10.1145/1760000/1754396/a7-kumaraguru.pdf?key1=1754396&key2=0657261031&coll=DL&dl=ACM&ip=192.173.4.219&CFID=16000505&CFTOKEN=34623913 (Accessed: 30 March 2011).

Pravin Soni, S. F., B. B. Meshram (2011) ‘A Phishing Analysis of Web Based Systems’, ICCCS ’11 : Proceedings of the 2011 International Conference on Communication, Computing & Security New York New York: ACM, pp. 527-530. [Online]. Available at: http://delivery.acm.org/10.1145/1950000/1948049/p527-soni.pdf?key1=1948049&key2=9596401031&coll=DL&dl=ACM&ip=192.173.4.213&CFID=15108157&CFTOKEN=79387292 (Accessed: 20 March 2011).

Rachwald, R. (2008) ‘Is banking online safer than banking on the corner?’, Computer Fraud & Security, 2008 (3), pp. 11-12 [Online]. Available at: http://jr3tv3gd5w.search.serialssolutions.com/?ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info:sid/summon.serialssolutions.com&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Is+banking+online+safer+than+banking+on+the+corner%3F&rft.jtitle=Computer+Fraud+%26+Security&rft.au=Rachwald%2C+Rob&rft.date=2008-01-01&rft.issn=1361-3723&rft.volume=2008&rft.issue=3&rft.spage=11&rft.epage=12&rft_id=info:doi/10.1016%2FS1361-3723%2808%2970045-9&rft.externalDBID=n%2Fa&rft.externalDocID=10_1016_S1361_3723_08_70045_9 (Accessed: 19 March 2011).

Shih-Yao Dai, Y. F., Jain-Shing Wu, Chih-Hung Lin, Yennun Huang, Sy-Yen Kuo (2009) ‘Holography: A Hardware Virtualization Tool for Malware Analysis’, 2009 15th IEEE Pacific Rim International Symposium on Dependable Computing. Shanghai 16-18 Nov. 2009 Taiwan IEEE, p. 263. [Online]. Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5370996 (Accessed: 26 March 2011).

Shruti Singh, M. G. (2010) ‘Analysis of Botnet Behavior Using Queuing Theory’, International Journal of Computer Science & Communication, 1 (2), pp. 239-241 [Online]. Available at: http://www.csjournals.com/IJCSC/PDF1-2/49..pdf (Accessed: 20 March 2011).

Wajeb Gharibi, A. M. (2011) ‘Software Vulnerabilities, Banking Threats, Botnets and Malware Self-Protection Technologies ‘, IJCSI International Journal of Computer Science, 8 (1), pp. 236-241 [Online]. Available at: http://www.ijcsi.org/papers/IJCSI-8-1-236-241.pdf (Accessed: 20 March 2011).

Zakaria Karim, K. M. R., Aliar Hossain (2009) ‘Towards secure information systems in online banking’, Internet Technology and Secured Transactions, 2009 : ICITST 2009. International conference for London9-12 Nov, 2009. pp. 1-6[Online]. Available at:

(Accessed: 18 March 2011).