Abstract
With the emergence of cyber technology, the biggest evolution has been observed in the use of Internet for financial purposes, in particular for the Internet banking sector. However, with the increase in the number of Internet banking users, many security issues have been discovered. In the recent past, there have been many successful cyber-attacks on the Internet banking services (IBS) throughout the world. There exists a huge amount of various data about the security of the banking systems, however, proper analysis of such data using various learning techniques is needed for security assessment. In this research work, we aim to assess the security of IBS by developing a framework based on deep analysis of big data (available in various formats) and the existing security requirements of the country. We propose a framework consisting of 93 data categories to assess the security of the IBS. We evaluate our proposed approach on a case study consisting of the banks providing IBS in Pakistan. A total of 21 Pakistani banks providing Internet banking services are analyzed thoroughly using our proposed framework. The result uncovered many deficiencies in the Internet banking services of the analyzed banks. All these deficiencies are conveyed to the respective banks for verification and helping them to take corrective measures. In addition, a comprehensive set of security recommendations is developed for the banks, their customers and the regularity authority for improving Internet banking security.
Similar content being viewed by others
References
Hamid, M.R.A., Amin, H., Lada, S., Ahmad, N.: A comparative analysis of Internet banking in Malaysia and Thailand. J. Internet Bus. 4, 1–19 (2007)
Furst, K., Lang, W.W., Nolle, D.E.: Internet banking. J Financ Servi Res 22, 95–117 (2002)
Suganthi, R., Balachandher, K.G., Balachandran, S.: Internet banking patronage: an empirical investigation of malaysia. J. Internet Bank. Commerc. 6(1), 20–32 (2001)
Sathye, M.: Adoption of Internet banking by Australian consumers: an empirical investigation. Int J Bank Market 17, 324–334 (1999). https://doi.org/10.1108/02652329910305689
Hutchinson, D., Warren, M.: Security for Internet banking: a framework. Logist Inform Manag 16, 64–73 (2003). https://doi.org/10.1108/09576050310453750
BBC BBC. https://www.bbc.com/news/technology-37896273. Accessed 2 Apr 2019
SCRIBD. https://www.scribd.com/document/321800525/2016-Bangladesh-Bank-heist-docx. Accessed 2 Apr 2019
The Times of India. https://timesofindia.indiatimes.com/business/india-business. Accessed 2 Apr 2019
PakCERT. https://www.pakcert.org. Accessed 3 Apr 2019
State Bank of Pakistan. https://www.sbp.org.pk/psd/2015/C3-Annexure-A.pdf . Accessed 15 Apr 2019
New York State Department. https://www.dfs.ny.gov/docs/legal/regulations/. Accessed 21 Apr 2019
Frust, K., Lang, W.W., Nolle. D.E.: Internet Banking: Developments and Prospects (September 1, 2000). Office of the Comptroller of the Currency Economic and Policy Analysis Working Paper No. 2000-9. https://ssrn.com/abstract=1988503 (2000)
Li, S., Ekberg, P., Morina, G.: Online banking access system: Principles behind choices and further development, seen from a managerial perspective [Internet] [Dissertation]. http://urn.kb.se/resolve?urn=urn:nbn:se:hj:diva-984 (2007)
RSA. In: RSA 2010 global consumer security survey. https://www.rsa.com. Accessed 1 Apr 2019
Shiraz, M., Boroumand, L., Gani, A., Khan, S.: An improved port knocking authentication framework for mobile cloud computing. Malaysian J Comput Sci 32, 269–283 (2019)
Khan, S., Shiraz, M., Boroumand, L., et al.: Towards port-knocking authentication methods for mobile cloud computing. J Netw Comput App 97, 66–78 (2017)
Iqbal, S., Kiah, M.L.M., Dhaghighi, B., et al.: On cloud security attacks: a taxonomy and intrusion detection and prevention as a service. J Netw Comput App 74, 98–120 (2016)
Iqbal, S., Kiah, M.L.M., Anuar, N.B., et al.: Service delivery models of cloud computing: security issues and open challenges. Secur Commun Netw 9, 4726–4750 (2016)
Jan S, Nguyen CD, Briand L (2015) Known XML Vulnerabilities Are Still a Threat to Popular Parsers and Open Source Systems. In: Proceedings - 2015 IEEE International Conference on Software Quality, Reliability and Security, QRS 2015. IEEE, pp 233–241
Jan S, Nguyen CD, Briand LC (2016) Automated and effective testing of web services for XML injection attacks. In: ISSTA 2016 - Proceedings of the 25th International Symposium on Software Testing and Analysis. pp 12–23
Jan S, Nguyen CD, Arcuri A, Briand L (2017) A Search-Based Testing Approach for XML Injection Vulnerabilities in Web Applications. In: Proceedings - 10th IEEE International Conference on Software Testing, Verification and Validation, ICST 2017. Institute of Electrical and Electronics Engineers Inc., pp 356–366
Jan, S., Panichella, A., Arcuri, A., Briand, L.: Search-based multi-vulnerability testing of XML injections in web applications. Empirical Softw Eng 24, 3696–3729 (2019). https://doi.org/10.1007/s10664-019-09707-8
Hole, K.J., Moen, V., Tjostheim, T.: Case study: online banking security. IEEE Secur Priv 4, 14–20 (2006). https://doi.org/10.1109/MSP.2006.36
Subsorn, P., Limwiriyakul, S.: A comparative analysis of the security of internet banking in Australia: A customer perspective. In: Proceedings of the 2nd International Cyber Resilience Conference. Perth, Western Australia, pp 70–83 (2011)
Subsorn, P., Limwiriyakul, S.: A comparative analysis of internet banking security in Thailand: a customer perspective. Procedia Eng 32, 260–272 (2012). https://doi.org/10.1016/j.proeng.2012.01.1266
Subsorn, P., Limwiriyakul, S.: An analysis of internet banking security of foreign subsidiary banks in Australia: a customer perspective. Int J Comput Sci Issues (IJCSI) 9, 8 (2012)
Limwiriyakul S, Subsorn P (2012) A customer perspective investigation on internet banking security of licensed banks in Hong Kong. In: Proceedings of the International Conference on Security and Management (SAM). Las Vegas, USA
Subsorn P, Limwiriyakul S (2012) A case study of internet banking security of Mainland Chinese Banks: A customer perspective. In: 2012 Fourth International Conference on Computational Intelligence, Communication Systems and Networks. IEEE, pp 189–195
Subsorn, P., Limwiriyakul, S.: An investigation of internet banking security of selected licensed banks in Vietnam. Walailak J Sci Technol (WJST) 13, 411–432 (2016)
Yusuf, S.E.: An empirical analysis of security on nigerian’s internet banking platform: an end user’s perspective. Int J Comput App Technol Res 4, 823–828 (2015). https://doi.org/10.7753/ijcatr0411.1008
Mueni, M.F., Muchiri, M.G.: An assessment framework for Internet banking system reliability. Int. J. Technol. Comput. Sci. Eng. 1(3), 88–100 (2014)
Wazid, M., Zeadally, S., Das, A.K.: Mobile banking: evolution and threats: malware threats and security solutions. IEEE Consumer Electron Mag 8, 56–60 (2019)
Nie J, Hu X (2008) Mobile banking information security and protection methods. In: 2008 International Conference on Computer Science and Software Engineering. IEEE, pp 587–590
Manohar, A.L., Yau, K.L., Ling, M.H., Khan, S.: A security-enhanced cluster size adjustment scheme for cognitive radio networks. IEEE Access 13(7), 117–130 (2018)
Jan, S., Panichella, A., Arcuri, A., Briand, L.: Automatic generation of tests to exploit XML injection vulnerabilities in web applications. IEEE Trans Software Eng 45(4), 335–362 (2017)
Ahmad, A., Din, S., Paul, A., Jeon, G., Aloqaily, M., Ahmad, M.: Real-time route planning and data dissemination for urban scenarios using the internet of things. IEEE Wirel Commun 26(6), 50–55 (2019)
Ullaha, H., Islam, N., Jan, Z., Farman, H., Jan, B., Jeon, G., Ahmad, A.: Optic disc segmentation and classification in color fundus images: a resource-aware healthcare service in smart cities. J Ambient Intell Humanized Comput 30, 1–3 (2018)
Ahmad, A., Khan, M., Paul, A., Din, S., Rathore, M.M., Jeon, G., Choi, G.S.: Toward modeling and optimization of features selection in Big Data based social Internet of Things. Futur Gener Comput Syst 1(82), 715–726 (2018)
Ahmad, A., Cuomo, S., Wu, W., Jeon, G.: Intelligent algorithms and standards for interoperability in internet of things. Futur Gener Comput Syst 92, 1187–1191 (2019)
Khan, M., Din, S., Gohar, M., Ahmad, A., Cuomo, S., Piccialli, F., Jeon, G.: Enabling multimedia aware vertical handover management in internet of things based heterogeneous wireless networks. Multimed Tools App 76(24), 25919–25941 (2017)
Ahmad, A., Paul, A., Din, S., Rathore, M.M., Choi, G.S., Jeon, G.: Multilevel data processing using parallel algorithms for analyzing big data in high-performance computing. Int J Parallel Prog. 46(3), 508–527 (2018)
Rathore, M.M., Son, H., Ahmad, A., Paul, A., Jeon, G.: Real-time big data stream processing using GPU with spark over hadoop ecosystem. Int J Parallel Prog. 46(3), 630–646 (2018)
Rahman, S., Masood, F., Khan, K.W.U., Khan, N., Khan, F.Q., Tsarmirsis, G., Jan, S., Ashraf, M.: A novel approach of image steganography for secure communication based on LSB substitution technique. CMC-Comput Mater Continua 64(1), 31–61 (2020)
Ishaque, M., Khan, F.Q., Sattar, S.A.: Investigation of steganalysis algorithms for multiple cover media. Ubiquitous Comput Commun J 6(5), 9–20 (2011)
Demšar, J.: Statistical comparisons of classifiers over multiple data sets. J Mach Learn Res 7, 1–30 (2006)
Acknowledgements
This research work is based on the MS thesis of Sana Khattak (first author) carried out at the department of Computer Science and Information Technology, University of Engineering & Technology, Peshawar, Pakistan, and submitted to Higher Education Commission (HEC) Pakistan.
Funding
This research is funded by the Higher Education Commission (HEC), Pakistan, through its initiative of National Center for Cyber Security for the affiliated Security Testing- Innovative Secured Systems Lab (ISSL) established at University of Engineering & Technology (UET) Peshawar, Grant No: 2(1078)/HEC/M&E/2018/707.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Khattak, S., Jan, S., Ahmad, I. et al. An effective security assessment approach for Internet banking services via deep analysis of multimedia data. Multimedia Systems 27, 733–751 (2021). https://doi.org/10.1007/s00530-020-00680-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00530-020-00680-7