An Analysis of the Online Banking Security Issues Reported by Hole, Moen, and Tjostheim

Online Banking has become increasingly popular globally, because it is so easy and convenient for Internet users to manage their bank accounts from anywhere of the world at any time. Banks have encouraged for this trend for years, since Online Banking also saves lots of resources for the banks regarding of staff training, investment for ATMs and branches, and other operations costs. The Internet enhanced the user experience of banking activities dramatically. However, since the Internet is not originally designed for Online Banking, Online Banking now is facing a wide range of security risks for both the banks and the Online Banking users such as brute-force attacks, distributed attacks, and social phishing. The banks have to increase their Online Banking security system constantly, which means the banks have to keep investing on the security systems all the time. Compared with the possibility of the lost from the potential risks, the banks may not want to update their current security systems, because the cost of upgrading security is too expensive and the risks of loss are low. Then this will leave the lots of security responsibilities to the Online Banking users. However, the customers’ PCs actually are always the weakest link for the Online Banking security. The customers would rather to choose convenience and easy-to-use than complex login procedure for Online Banking. In other words they would choose great choose great user experience with foolproof security. This paper will discuss and analyze the Online Banking security issues reported by Hole et al. In this paper, both Lampson’s work and Claessens’ work will be used as a framework and a security analysis “language”. The Online Banking security is a wide range of topic. This paper will discuss and analyze two important security issues related to the security policy, design and implementation which reported by Hole et al, focusing on client authentication and related attacks. This paper will use case study method to analyze both issues.