HOMEWORK Master Define the following terms: Feature, Concern, Redundant, Intercept Answer the following questions: –What is phishing? Give one example –What is pharming? Give one example Homework due Sunday December 2 –Should be typed and submitted or emailed on Friday before class if you have a printer issue
Why use online banking Online banking is a fairly established practice in our internet- saturated world Convenience (banking available 24/7) You can be on any computer, anywhere and access your financial account and do your necessary business, at no extra charge! Saving time & travel costs (do not have to drive to the bank, or stand in a queue) Disabled people do not have to leave the house
You can view a summary of your account and transaction history (ATM? POS?) Features of online banking
Up-To-Date Bank Statements Bill Payment Services
Features of online banking Bill Payment Services
Features of online banking Mobile Banking (Using web enabled phones)
Features of online banking Can apply for a loan or manage a loan
Features of online banking Can apply for a new account or apply to close an account Can set up or request an increase of overdraft(?) protection Higher interest rates for savers (people with savings accounts) because of lower costs Can make changes to personal details Offers security features Can stop a cheque (stop cheque?) Help in the form of FAQs (Frequently Asked Questions) and tutorials
You will be asked to select a user name and password (sometimes you request a password and it is mailed or emailed to you) Confirm the password (retype it so there are no mistakes) Select a security question such as: choose favourite name/place/date/provide mother’s maiden name Enter essential personal details such as name, date of birth, address and phone number/mobile number Finally you will be asked to provide an email address
advantages of online banking For Banks & for customers Disadvantages of online banking for banks & for customers Read textbook pages 49-50
Online Threats Phishing – e-mail appear to be from customer's bank; ask for customer’s details – password, card/account number, other security details; e-mail makes up a plausible reason; includes a website address for customer to go to which looks just like the actual bank’s website but is a fake website Pharming – fraudster redirects genuine website’s traffic to own website; customer is now sending personal details to fraudster’s website Spyware is downloaded then software is used to gather user's personal details Software detects key presses of user logging on to bank site
Online threats Hacking – to access or intercept personal information to use personal information against the individual or to commit fraud hacking to spread viruses Encryption is the main technique used to ensure the confidentiality of data in online systems.
encryption Encryption is the name given to the converting of data into code by scrambling or encoding it. Encryption involves taking a piece of data and translating it into a coded version of itself (ciphertext). The resulting symbols appear all jumbled up If a hacker gains access to the data they will not be able to understand it. To read an encrypted file requires a secret key or password that enables the person to decrypt it. Some of the best data encryption can last for centuries, while other types of decryption can be broken in minutes or even seconds by people who are skilled at such tasks
In most situations a public key/private key encryption is used Ali’s Computer Public Key – anyone’s computer that wants to send a message to Ali’s computer knows the public key and can encrypt a message going to that computer To decode the message a separate key is used called the private key. Only Ali’s computer knows that key. This process is based on the fact that although an encryption key may be discovered, the key is so complex that just knowing it doesn’t mean that the message can be decrypted.
Online encryption User and payment data are encrypted when they are transferred using the Internet. Public key systems are used to encrypt information that is sent using the Internet for payment purposes. When paying online, individuals do NOT need to worry about the key as the browser manages this task itself by asking the remote server for it’s public key.
Transaction Numbers (TANs) Passwords that are used once daily Sent to you via post or via mobile phone Only valid for a short amount of time Reduces the amount of time available for a hacker to intercept and use it
Partial Password User is asked to enter only part of their password – Example: 2 nd, 3 rd, 5 th characters Every time the user logs in they are asked for a different combination of characters Hacker can only get to know part of the password, and would need to intercept the password several times to access the account Helps to identify phishing and pharming which would ask for entire password Reduces the chances of keylogging software detecting password
authentication Strong authentication is generally considered to be a multi- factored method of confirming the identity of a person seeking access to information or entry into a restricted area. The factors for verifying the identity of an individual are something the person knows, something the person has and something physically particular to that person The first of these identifying factors, something the person knows, is a presumably secret item of information. This might be a password or a personal identification number (PIN). The second factor, something the person has, is a unique item such as an identity document (ID), passport or hardware token (a physical object, where the user's interaction with a login system proves that the user physically possesses the object). The third factor is a physically identifying characteristic such as a fingerprint or retinal scan. A common implementation of strong authentication using two of these factors is the use of a PIN number with a bankcard. – ‘Weak’ passwords: password, 123456, david, 27dec1992 – ‘Strong’ passwords: s63gRdd1, G66ew$dQ, gdr298783X
Online security Passwords, user ids and memorable words Two or Three Factor Authentication Encryption Use of drop down menus to prevent access by keyloggers Anti-spyware software Customer needs to ensure the online site is reputable and secure – Make sure the data is being transmitted using either the SSL (secure socket layer) or TLS (transport layer security) protocols, there should be a padlock at the bottom of the site.
ICT and Employment Unemployment – Robots in factories caused many car factory workers to lose their jobs – Many clerical workers have been replaced by automated software (example: payroll processing) – Many bank tellers have been replaced by ATM machines and online banking – Cheque processing centres and workers are being replaced by online bill payment options – Number of retail shop workers have decreased due to the increase in online shopping
ICT and Employment Increased Employment The use of ICT has created the need for skilled ICT workers in many industries and business sectors – System Analysts: analyse existing systems and recommend the design and implementation of new systems – Computer Programmers: write code for new applications – Website Developers: increased e-commerce – Computer Technicians: install and service hardware – Support Staff: users need to contact companies for help when they have technical problems, which has led to the rise of call centres, many of which are in developing countries