The Internet Banking [in]Security Spiral: Past, Present, and Future of Online Banking Protection Mechanisms based on a Brazilian case study

Beitrag bei einer Tagung
(Konferenzbeitrag)


Details zur Publikation

Autorinnen und Autoren: Botacin M, Kalysch A, Grégio A
Herausgeber: Edgar Weippl, SBA Research, Austria
A Min Tjoa, TU Vienna, Austria

Verlag: Association for Computing Machinery
Verlagsort: New York, (NY), USA
Jahr der Veröffentlichung: 2019
Tagungsband: Proceedings of the 14th International Conference on Availability, Reliability and Security (ARES 2019) (ARES ’19)
Seitenbereich: 102 - 112
Sprache: Englisch


Abstract

Internet Banking have become the primary way of accessing banking services for most customers, but its security is still a constant concern, since million dollars are still lost every year due to frauds.
Over time, banks and customers overcome the initial technology distrust and learned how to secure their operations. However, there are still many lessons to learn, mainly when looking to the upcoming technological developments. To understand the lessons learned over time and also to help shedding light on possible future developments, we review the past and the present of internet banking implementations in Brazil, a country widely adopting this type of service and an early adopter of new banking technologies, thus targeted by many threats. We show how Internet banking evolved from desktop software to mobile apps and how attackers also evolved from phishing mails to complete phishing applications to target Brazilian users. We also performed a detailed security analysis of Brazilian banking apps available in the Android app store and identified that developers still fail to follow secure development practices, thus causing banking apps to leak user’s sensitive
data. Moreover, we also looked to the future to present new attacks which can threat users in a short-term. In particular, we demonstrate an attack against a Whatsapp-based transaction mechanism implemented by some Brazilian banks.


FAU-Autorinnen und Autoren / FAU-Herausgeberinnen und Herausgeber

Kalysch, Anatoli
Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)


Zitierweisen

APA:
Botacin, M., Kalysch, A., & Grégio, A. (2019). The Internet Banking [in]Security Spiral: Past, Present, and Future of Online Banking Protection Mechanisms based on a Brazilian case study. In Edgar Weippl, SBA Research, Austria A Min Tjoa, TU Vienna, Austria (Eds.), Proceedings of the 14th International Conference on Availability, Reliability and Security (ARES 2019) (ARES ’19) (pp. 102 - 112). Canterbury, United Kingdom: New York, (NY), USA: Association for Computing Machinery.

MLA:
Botacin, Marcus, Anatoli Kalysch, and André Grégio. "The Internet Banking [in]Security Spiral: Past, Present, and Future of Online Banking Protection Mechanisms based on a Brazilian case study." Proceedings of the Conference on Availability, Reliability and Security, Canterbury, United Kingdom Ed. Edgar Weippl, SBA Research, Austria A Min Tjoa, TU Vienna, Austria, New York, (NY), USA: Association for Computing Machinery, 2019. 102 - 112.

BibTeX: 

Zuletzt aktualisiert 2019-01-08 um 14:50