The Internet Banking [in]Security Spiral: Past, Present, and Future of Online Banking Protection Mechanisms based on a Brazilian case study

Botacin M, Kalysch A, Grégio A (2019)


Publication Language: English

Publication Type: Conference contribution, Conference Contribution

Publication year: 2019

Publisher: Association for Computing Machinery

City/Town: New York, (NY), USA

Pages Range: 102 - 112

Conference Proceedings Title: Proceedings of the 14th International Conference on Availability, Reliability and Security (ARES 2019) (ARES ’19)

Event location: Canterbury, United Kingdom

DOI: 10.1145/3339252.3340103

Abstract

Internet Banking have become the primary way of accessing banking services for most customers, but its security is still a constant concern, since million dollars are still lost every year due to frauds.
Over time, banks and customers overcome the initial technology distrust and learned how to secure their operations. However, there are still many lessons to learn, mainly when looking to the upcoming technological developments. To understand the lessons learned over time and also to help shedding light on possible future developments, we review the past and the present of internet banking implementations in Brazil, a country widely adopting this type of service and an early adopter of new banking technologies, thus targeted by many threats. We show how Internet banking evolved from desktop software to mobile apps and how attackers also evolved from phishing mails to complete phishing applications to target Brazilian users. We also performed a detailed security analysis of Brazilian banking apps available in the Android app store and identified that developers still fail to follow secure development practices, thus causing banking apps to leak user’s sensitive
data. Moreover, we also looked to the future to present new attacks which can threat users in a short-term. In particular, we demonstrate an attack against a Whatsapp-based transaction mechanism implemented by some Brazilian banks.

Authors with CRIS profile

How to cite

APA:

Botacin, M., Kalysch, A., & Grégio, A. (2019). The Internet Banking [in]Security Spiral: Past, Present, and Future of Online Banking Protection Mechanisms based on a Brazilian case study. In Edgar Weippl, SBA Research, Austria A Min Tjoa, TU Vienna, Austria (Eds.), Proceedings of the 14th International Conference on Availability, Reliability and Security (ARES 2019) (ARES ’19) (pp. 102 - 112). Canterbury, United Kingdom: New York, (NY), USA: Association for Computing Machinery.

MLA:

Botacin, Marcus, Anatoli Kalysch, and André Grégio. "The Internet Banking [in]Security Spiral: Past, Present, and Future of Online Banking Protection Mechanisms based on a Brazilian case study." Proceedings of the Conference on Availability, Reliability and Security, Canterbury, United Kingdom Ed. Edgar Weippl, SBA Research, Austria A Min Tjoa, TU Vienna, Austria, New York, (NY), USA: Association for Computing Machinery, 2019. 102 - 112.

BibTeX: Download