Password in online banking

A password is a secret word or string of characters that is used for

authentication, to prove identity or gain access to a resource (example: an access code is a type of password). The password must be kept secret from those not allowed access.

The use of passwords is known to be ancient. Sentries would challenge those wishing to enter an area or approaching it to supply a password or watchword. Sentries would only allow a person or group to pass if they knew the password. In modern times, user names and passwords are commonly used by people during a log in process that controls access to protected computer operating systems, m

obile phones, cable TV decoders, automated teller machines (ATMs), etc. A typical computer user may require passwords for many purposes: logging in to computer accounts, retrieving e-mail from servers, accessing programs, databases, networks, web

sites, and even reading the morning newspaper online.

Despite the name, there is no need for passwords to be actual words; indeed passwords which are not actual words may be harder to guess, a desirable property. Some passwords are formed from multiple words and may more accurately be called a passphrase. The term passcode is sometimes used when the secret information is purely numeric, such as the personal identification number (PIN) commonly used for ATM access. Passwords are generally short enough to be easily memorized and typed.

For the purposes of more compellingly authenticating the identity of one computing device to another, passwords have significant disadvantages (they may be stolen, spoofed, forgotten, etc.) over authentications systems relying on cryptographic protocols, which are more difficult to circumvent.

Contents 1 Easy to remember, hard to guess 2 Factors in the security of a password system 2.1 Rate at which an attacker can try guessed passwords 2.2 Form of stored passwords 2.3 Methods of verifying a password over a network 2.3.1 Simple transmission of the password 2.3.2 Transmission through encrypted channels 2.3.3 Hash-based challenge-response methods 2.3.4 Zero-knowledge password proofs 2.4 Procedures for changing passwords 2.5 Password longevity 2.6 Number of users per password 2.7 Design of the protected software 3 Password cracking 3.1 1998 incident 4 Alternatives to passwords for access control 5 Website password systems 6 History of passwords 7 See also 8 References 9 External links

Feature of online banking

It has been suggested that this article or section be merged into Electronic billing. (Discuss)

Electronic bill payment is a feature of online banking, similar in its effect to a giro, allowing a depositor to send money from his demand account to a creditor or vendor such as a public utility or a department store to be credited against a specific account. The payment is optimally executed electronically in real time, though some financial institutions or payment services will wait until the next business day to send out the payment. The bank can usually also generate and mail a paper cheque or banker's draft to a creditor who is not set up to receive electro

nic payments.

Electronic billing can also feature invoices sent by e-mail or viewed on a secure web site (with notices of new invoices being sent by e-mail).

Most large banks also offer various convenience features with their electronic bill payment systems, such as the ability to schedule payments in advance to be made on a specified date, the ability to manage payments from any computer with a web browser, and various options for searching one's recent payment history: when did I last pay Company X? To whom did I make my most recent payment? In many cases one can also integrate the electronic payment data with accounting or personal finance software.

Peer-to-peer payment systems are extremely popular. The best and most widely known example is PayPal. PayPal allows you to pay for just about anything online as long as the seller also has a PayPal account. Many online sellers use PayPal such as 75% of eBay sellers, overstock.com,

ritzcamera.com, and Walgreens.com (Traver, 2004).

Pal is also sometimes used to pay for personal debts in situations where both parties have an account.

Electronic bill payment and presentment (EBPP) includes an electronic bill payment system (EBPS). Electronic bill payment and presentment is “the electronic bill presentment to the consumer and the electronic initiation of payment by the consumer” (Alexandria Andreeff). This was done completely by postal mail before the internet. Sending bills electronically via the internet is much faster and cheaper though. Although this technology was available before December in 1998, only 26.2% of U.S. households had internet access at that time according to the U.S. Department of Commerce in 2000 (Alexandria Andreeff). By August 2000, electronic bill

payment and presentment systems started to dramatically increase in popularity because 41.5% of U.S. households had internet access by then according to the U.S. Department of Commerce in 2000 (Alexandria Andreeff). In this model, the one who is charging the consumer, notifies the customer (usually) through e-mail (Alexandria Andreeff). The customer is then responsible to log on to the biller’s website to pay the bill (Alexandria Andreeff).

Online saving accountant in banking

Some financial institutions offer online-only savings accounts. These usually pay higher interest rates and sometimes carry higher security restrictions. Those with high interest rates have risen in popularity with the rise of the internet.

One time password in online banking

A one-time password (OTP) is a password that is only valid for a single login session or transaction. OTPs avoid a number of shortcomings that are associated with traditional (static) passwords. The most important shortcoming that is addressed by OTPs is that, in contrast to static passwords, they are not vulnerable to replay attacks. This means that, if a potential intruder manages to record an OTP that was already used to log into a service or to conduct a transaction, he will not be able to abuse it since it will be no longer valid. On the downside, OTPs cannot be memorized by human beings. Therefore they require additional technology in order to work.

Contents 1 How OTPs are generated and distributed 2 Methods of generating the OTP 2.1 Time-synchronized 2.2 Mathematical algorithms 3 Methods of delivering the OTP 3.1 OTP over SMS 3.2 OTP on a mobile phone 3.3 OTP on proprietary tokens 3.4 Direct OTP implementation 4 Comparison of technologies 4.1 One OTP implementation versus another 4.2 OTPs versus other methods of securing data 4.3 Related technologies 5 Standardization 6 OTPs in the context of online banking 7 See also 8 External links 9 References

OTPs in the context of online banking

paper-based OTP web-site login

In some countries OTPs that are used in the context of online banking. In some of these systems, the bank sends to the user a numbered list of OTPs that are printed on paper. For every online transaction, the user is required to enter a specific OTP from that list. In Germany, those OTPs are typically ca

lled TANs (for 'transaction authentication numbers'). Some banks even dispatch such TANs to the user's mobile phone via SMS, in which case they are called mTANs (for 'mobile TANs').

Telephone online ban king

Telephone banking is a service provided by a financial institution, which

allows its customers to perform transactions over the telephone.

Most telephone banking services use an automated phone answering system with phone keypad response or voice recognition capability. To guarantee security, the customer must first authenticate through a numeric or verbal password or through security questions asked by a live representative (see below). With the obvious exception of cash withdrawals and deposits, it offers virtually all the features of an automated teller machine: account balance information and list of latest transactions, electronic bill payments, funds transfers between a customer's accounts, etc.

Usually, customers can also sp

eak to a live representative located in a call

centre or a branch, although this feature is not always guaranteed to be offered 24/7. In addition to the self-service transactions listed earlier, telephone banking representatives are usually trained to do what was traditionally available only at the branch: loan applications, investment purchases and redemptions, chequebook orders, debit card replacements, change of address, etc.

Banks which operate mostly or exclusively by telephone are known as

mobile online banking in world

Mobile banking has come in handy in many parts of the world with little or no Infrastructure development,

especially in remote and rural areas. This part of the mobile commerce is also very popular in countries where most of their population is unbanked. In most of these places banks can only be found in big cities and customers have to travel hundreds of miles to the nearest bank.
Countries like Sudan, Ghana and South Africa received this new commerce very well.
In Latin America countries like Uruguay, Paraguay, Argentina, Brazil, Venezuela, Colombia, Guatemala and recently Mexico started with a huge success.
In Colombia was released with Redeban.
In Iran banks like Parsian, Tejarat, Mellat, Saderat, Sepah, edbi and bankmelli offer this service. Guatemala have the support of Banco industrial.
Mexico released the mobile commerce with Omnilife, Bancomer and a private company(MPower Ventures). Kenya's Safaricom (Part of the Vodafone Group) has had the very popular M-Pesa

online banking overview

In the past, investors had to call up their brokers and place an order on the phone. The broker would

then enter the order in their system which was linked to trading floors and exchanges.

With the advent of the internet, investors can now enter orders directly online, or even trade with other investors via ECN's (electronic communication networks). Some orders entered online are still routed through the broker allowing agents to approve or monitor the trades. This step assists in the protection of both the client and brokerage firm from unlawful or incorrect trades which could affect the client’s portfolio or the broker’s license.

Online brokers are most often referred to as discount brokers, due to their lower fees as opposed to full service brokers who also give advice to clients.

Before choosing to invest or trade online it is important for investors to research the online brokers that they plan to employ, assuring that they are licensed within their state or provincial jurisdiction. This step will help to protect investors from falling victim to unlawful or illegal securities schemes (e.g. Boiler Room scams).

Investors must also fully understand the potential risks of investing without the help of a trained Stock Broker or Investment Advisor. These professionals are experienced both in trade and education and forgoing their advice could be costly. For this reason, most online brokers offer a number of investment

tools.

Once the above two steps are complete it is dually important to research the sector, business and financial statements of each company whose stock they plan to purchase. This, along with diversification and basic portfolio theory, will assist to mitigate some of the risks associated with the volatility in both the stocks and the stock markets.

Once investors have chosen an online brokerage that best suits their needs, they will be provided a trading platform. This platform acts as the hub, allowing investors to purchase and sell securities (fixed income and equities), options, mutual funds, and forex. Included with the platform are tools to track and monitor securities, portfolios and indices, as well as research tools, real-time streaming quotes and up-to-date news releases; all of which are necessary to trade profitably. Often, more robust research tools are available such as full, in-depth analyst reports and analysis, and customized backtesting to see how particular investment strategies would have been realized during different historical periods.

Some of the popular online brokers include: E*TRADE, Scottrade, Ameritrade, and Fidelity. Schwab is an example of a hybrid broker combining a traditional, brick-and-mortar brokerage house with discounted trading online, with the usual benefits of both available to customers. Commissions vary from broker to broker, depending on the services included with the account. Some less known online brokers are Forex, Interactive Brokers, Lightspeed, Marsco, optionsXpress and Zecco.

security of onlinebanking&how to attack

Security token devices

Protection through single password authentication, as

is the case in most secure Internet shopping sites, is not considered secure enough for personal online banking applications in some countries. Basically there exist two different security methods for online banking.

• The PIN/TAN system where the PIN represents a password, used for the login and TANs representing one-time passwords to authenticate transactions. TANs can be distributed in different ways, the most popular one is to send a list of TANs to the online banking user by postal letter. The most secure way of using TANs is to generate them by need using a security token. These token generated TANs depend on the time and a unique secret, stored in the security token (this

is called two-factor authentication or 2FA). Usually online banking with PIN/TAN is done via a web browser using SSL

• secured connections, so that there is no additional encryption needed.
• Signature based online banking where all transactions are signed and encrypted digitally. The Keys for the signature generation and encryption can be stored on smartcards or any memory medium, depending on the concrete implementation.

Attacks

Most of the attacks on online banking used today are based on deceiving the user to steal login data and valid TANs. Two well known examples for those attacks are phishing and pharming. Cross-site scripting and keylogger/Trojan horses can also be used to steal login information.

A method to attack signature based online banking methods is to manipulate the used software in a way, that correct transactions are shown on the screen and fa

ked transactions are signed in the

background.

A recent FDIC Technology Incident Report, compiled from suspicious activity reports banks file

quarterly, lists 536 cases of computer intrusion, with an average loss per incident of $30,000. That adds up to a nearly $16-million loss in the second quarter of 2007. Computer intrusions increased by 150 percent between the first quarter of 2007 and the second. In 80 percent of the cases, the source of the intrusion is unknown but it occurred during online banking, the report states.

The most recent kind of attack is the so-called Man in the Browser attack, where a Trojan horses permits a remote attacker to modify the destination account number and also the amount.

Countermeasures

There exist several countermeasures which try to avoid attacks. Digital certificates are used against phishing and pharming, the use of class-3 card readers is a measure to avoid manipulation of transactions by the software in signature based online banking variants. To protect their systems against Trojan horses, users should use virus scanners and be careful with downloaded software or e-mail attachments.

In 2001 the FFIEC issued guidance for multifactor authentication (MFA) and then required to be in place by the end of 2006.

history of online banking

The precursor for the modern home online banking services were the distance banking services over electronic media from the early '80s. The term online became popular in the late '80s and referred to the use of a terminal, keyboard and TV (or monitor) to access the banking system using a phone line. ‘Home banking’ can also refer to the use of a numeric keypad to send tones down a phone line with instructions to the bank. Online services started in New York in 1981 when four of the city’s major banks (Citibank, Chase Manhattan, Chemical and Manufacturers Hanover) offered home banking services^[1] using the videotex system. Because of the commercial failure of videotex these banking services never became popular except in France where the use of videotex (Minitel) was subsidised by the telecom provider and the UK, where the Prestel system was used.

The UK’s first home online banking services was set up by Bank of Scotland for customers of the Nottingham Building Society (NBS) in 1983 ("History of the Nottingham". http://www.thenottingham.com/main.asp?p=1710. Retrieved 2007-12-14. ). The system used was based on the UK's Prestel system and used a computer, such as the BBC Micro, or keyboard (Tandata Td1400) connected to the telephone system and television set. The system (known as 'Homelink') allowed on-line viewing of statements, bank transfers and bill payments. In order to make bank transfers and bill payments, a written instruction giving details of the intended recipient had to be sent to the NBS who set the details up on the Homelink system. Typical recipients were gas, electricity and telephone companies and accounts with other banks. Details of payments to be made were input into the NBS system by the account

holder via Prestel. A cheque was then sent by NBS to the payee and an advice giving details of the payment was sent to the account holder. BACS was later used to transfer the payment directly.

Stanford Federal Credit Union was the first financial institution to offer online internet banking services to all of its members in Oct, 1994.

Today, many banks are internet only banks. Unlike their predecessors, these internet only banks do not maintain brick and mortar bank branches. Instead, they typically differentiate themselves by offering better interest rates and online banking features.