...TRANSACTIONS ON MOBILE COMPUTING, VOL. 1, NO. 8, AUGUST 2014 1 Keylogging-resistant Visual Authentication Protocols DaeHun Nyang, Member, IEEE, Aziz Mohaisen, Member, IEEE, Jeonil Kang, Member, IEEE, Abstract—The design of secure authentication protocols is quite challenging, considering that various kinds of root kits reside in PCs (Personal Computers) to observe user’s behavior and to make PCs untrusted devices. Involving human in authentication protocols, while promising, is not easy because of their limited capability of computation and memorization. Therefore, relying on users to enhance security necessarily degrades the usability. On the other hand, relaxing assumptions and rigorous security design to improve the user experience can lead to security breaches that can harm the users’ trust. In this paper, we demonstrate how careful visualization design can enhance not only the security but also the usability of authentication. To that end, we propose two visual authentication protocols: one is a one-time-password protocol, and the other is a password-based authentication protocol. Through rigorous analysis, we verify that our protocols are immune to many of the challenging authentication attacks applicable in the literature. Furthermore, using an extensive case study on a prototype of our protocols, we highlight the potential of our approach for real-world deployment: we were able to achieve a high level of usability while satisfying stringent security requirements. Index...
Words: 12707 - Pages: 51
...has been on display recently as the regulated are pushing back against the tough stance taken on corporate misconduct. In October 2013, Mary Jo White, the Securities and Exchange Commission chairwoman, spoke at the Securities Enforcement Forum about a new approach based on the “broken windows” theory of enforcement in which the police pursue minor infractions to send a message about compliance with the law. This is one way to prevent crime by the white collar criminal as mention in our class material. Crime prevention, or the intervention to prevent a crime from occurring, can be achieved in two ways: by changing the offender’s disposition or by reducing his or her opportunities. The focus of the situational crime prevention is correspondingly based on the belief that crime can be reduced effectively by altering situations rather than an offender’s personal dispositions. Celia Ampel reporter from The South Florida Business Journal: South Florida residents charged in $1.2M money laundering scheme Reporter: 2014. White collar criminal leave their victims penniless after fraudulent behavior of securities transactions. This related to the material we discuss on how white collar crime can destroy their victims financially. South Florida men were charged Tuesday with helping pull off a $1.2 million money laundering scheme that targeted retirement funds. John A. Cavallo, 39, and Allen Franks, 73, of Palm Beach County were charged, along with Colin A. Smith, 37, of Broward County...
Words: 1299 - Pages: 6
... ABSTRACT 4 INTRODUCTION 4 BRIEF HISTORY OF E-BANKING IN INDIA 5 HOW DOES IT WORK? 5 LITERATURE REVIEW 6 Need for E-banking: 7 Advantages and Benefits of E-Banking: 7 Drawbacks: 8 E-banking in Rural India 9 Online Trading 10 Traditional Trading Vs Online Trading 10 Online Bill Payment 11 Frauds 12 Phishing 12 Trojan Horse 13 Preventive measures 13 OTP 13 Hardware Tokens 13 Smart Card and USB Tokens 13 RECOMMENDATION 14 Access Control 14 Firewalls 14 Isolation of Dial up Services 14 Security Log (audit Trail) 14 Back up & Recovery 14 Approval for I-banking 14 FUTURE SCENARIO 15 Cyber Crime 15 Real Time Gross Settlement System (RGTS) 15 Wireless Application Protocol (WAP) 16 Mobile Banking: 17 Direct Benefit Transfer 21 ABSTRACT With rapid advances in technology, changing according to modern times has become a prerequisite to survive in this highly competitive world. As people are becoming increasingly aware of the consequences of their financial decisions, their needs and expectations have rose to high levels. Banking institutions are facing competition not only from each other but also from non-bank financial intermediaries as well as from alternative sources of financing. Almost everything is available to the customer at his/her doorstep and is just a click away. All this cannot be done with the facility of online financial transactions. Thus, internet banking is the need of the hour. This report gives a detailed...
Words: 4291 - Pages: 18
...the progress of economic development. In this paper we have tried to analyze the role of investment banking and how it influences economic development of a country. Investment bank is a financial intermediary that performs a variety of services. Investment banks specialize in large and complex financial transactions such as underwriting, acting as an intermediary between a securities issuer and the investing public, facilitating mergers and other corporate reorganizations, and acting as a broker and/or financial adviser for institutional clients. Major investment banks include Barclays, BofA Merrill Lynch, Warburgs, Goldman Sachs, Deutsche Bank, JP Morgan, Morgan Stanley, Salomon Brothers, UBS, Credit Suisse, Citibank and Lazard. Some investment banks specialize in particular industry sectors. Many investment banks also have retail operations that serve small, individual customers. It indicates the prospect of investment bank is very high because long term relationships between business firms and investment banks are pervasive in developed security markets. A vast literature argues that better monitoring and information result from relationships. Thus, security markets should allocate resources better when an investment banking industry exists. We study necessary conditions for sustainable relationships and then explore whether policy can do something to foster them. 1. Introduction An investment bank is a financial institution that assists individuals, corporations, and governments...
Words: 2300 - Pages: 10
...Introduction 1. Research Questions and Objectives……………….…………………………………………….5 Chapter Two – Literature Review & Definition of Phishing 2.1. Literature Review…………………………………………………………………………………………..8 2.1.2. Definitions of Phishing……………………………………………………………………..8 2.1.3. Outcomes of this Study…………………………………………………………………….16 2.2. Research Details 2.2.1. Scope of the Research……………………………………………………………………….17 2.2.2. Research Methodology……………………………………………………………………..17 2.2.3Inductive versus Deductive Study……..………………………………………………..20 2.2.4. Qualitative versus Quantative……………………………………………………..20 Chapter Three – Phishing in a Banking Context 3.1. Confidence in Internet Banking……………………………………………………………………22 3.1.1. Security Requirements………………………………………………………………………23 3.2. Threat Models……………………………………………………………………………………………….25 3.2.1. The Internet Threat Model……………………………………………………..25 3.2.2. Thompson Threat Model……………………………………………………….26 3.2.3. Viral Threaet Model………………………………………………………………26 3.3. The Phishing Threat Model…………………………………………………………………………..26 3.3.1. Identification of Internet Banking Components………………………………..27 3.3.2. Identification of Phishing Threats………………………………………………29 Chapter 4 – Analysis of Current Phishing Techniques 4.1. Modus Operandi………………………………………………………………………………………….…36 4.2. Roles of Adversary in Phishing………………………………………………………………………..38 4.3. Phishing Supply Chain……………………………………………………………………………………40 4.4. Phishing Techniques…………………………………………………………………………………...
Words: 15039 - Pages: 61
...Enron Questionable Transactions Question 1 The question which segment of its operations got Enron into difficulties is simple to answer, everything. Almost every all segments of their operation were improper. First of all, they practice unethical and dishonest practices which victimized workers, consumers, taxpayers and stockholders. Enron created partnerships within their own organization which led to them creating new financial instruments, called SPE’s (special purpose entities) which was used to falsify the accounting. The improper financial reporting was to make the company look good, instead of assuring that the figures are accurate and reliable. Enron's legal department wrote up contracts that were irregular. Enron executives were so focused on the pursuit of profits, regardless of economic fundamentals. Enron had excesses of difficulties and they also cause their law firm and accounting firm to become involved in a web of dishonesty. Question 3 All of Enron’s directors were involved in the dishonest scheme and they understood how profits were not honorable. One of the directors, Andrew Fastow who was responsible in creating many of the partnerships such as JEDI, Chewco, Kopper & Dodson’s and Dodson Companies knew exactly how the profits were being made along with several other directors such as Ben F. Glisan, Jr., Jeffrey K. Skillings who was on the board of directors. These directors were all part of a financial scheme to continue to gain...
Words: 2117 - Pages: 9
... Some scandals that has gotten worldwide attention would be scandals such as WorldCom, Enron and Avon. These regulations have been put in place to help investors and to prevent companies from being put in situations where a scandal could arise. Companies need to pay close attention and follow the regulations or there can be stiff penalties and consequences against both the employee and the company. There are debates on whether there should be more or less regulations regarding accounting and finance. Whether more or less regulations are put in place employees and companies need to make sure that the obey the regulations. Some of the regulations that have been put in place are the Securities Act of 1933 and 1934 and also the Foreign Corrupt Practices Act of 1977. Regulations I think that regulations need to be monitored and controlled better. I do not think that necessary more regulations need to be put in place. Just enacting more regulations does not do anything if they are not enforced and followed. I do not think that there is a need for more regulations but smarter regulations that are enforced. If there are too many regulations then some regulations can be overlooked which then defeats the purpose. Or if there are too many regulations people cannot keep track of them all, depending on how specific some regulations could get. Which then this could also cause conflict with people not complying correctly. I believe that regulations are important to ensure that...
Words: 2551 - Pages: 11
...most effective tools for fraud detection are internal audit review, specific investigation by management, and whistle-blowing. The paper details the fraud investigation process and the role of auditors as fraud examiners. The correlation of fraud perpetrators’ personality with the size of losses is examined. Personality is analysed into age, gender, position, educational background and collusion. A strong system of internal control is most effective in fraud prevention. Fraud prevention procedures, targeted goals and improvements to system weaknesses feature in the paper. Fraud impacts on accounting transactions in accounts receivable, receipts and disbursements, accounts payable, inventories and fixed assets, and financial reporting. The monetary impact resulting from fraud is analysed by the type of victim and the amount of loss. Internal control and good employment practices prevent fraud and mitigate loss. Computer accounting frauds 1055 Introduction Accounting fraud involves an intentional action, leading to a misstatement in the financial statements. Webster’s New Dictionary defines fraud as “intentional deception to cause a person to give up property or some...
Words: 8560 - Pages: 35
...Charity fraud 2. Internet auction fraud 3. Non-delivery of merchandise 4. Non-payment of funds 5. Re-shipping schemes • Credit-card fraud - Credit card fraud is the unauthorized use of a credit or debit card, to fraudulently obtain money or property. Credit and debit card numbers can be stolen from unsecured websites or can be obtained in an identity theft scheme. • Investment fraud - Investment fraud involves the illegal sale or purported sale of financial instruments. Some of its characteristics by offers of low/ no-risk investments with guaranteed and overly-consistent returns. - The victims of this type of fraud are affinity groups—such as groups with a similar religion or ethnicity—to utilize the common interests to build trust to be able to effectively commit the investment fraud against them. • Telemarketing fraud - By sending money to people you do not know personally or providing personal or financial information to unknown callers, the chances of becoming a victim of telemarketing fraud increase significantly. • Letter of Credit Fraud - Letters of credit frauds are often attempted by sending false documentations to banks that indicate goods were shipped but the truth is no goods or...
Words: 1390 - Pages: 6
...Case Study 3: Boss, I Think Someone Stole Our Customer Data Evaluate the obligation Flayton Electronics has to its customers to protect their private data. Develop the communication strategy you would take to notify the customers of the potential security breach. Recommend procedures that Flayton Electronics should take to prevent future security breaches http://hbr.org/product/boss-i-think-someone-stole-our-customer-data-harva/an/R0709A-PDF-ENG Flayton Electronics is showing up as a common point of purchase for a large number of fraudulent credit card transactions. It's not clear how responsible the company and its less than airtight systems are for the apparent data breach. Law enforcement wants Flayton to stay mute for now, but customers have come to respect this firm for its straight talk and square deals. A hard-earned reputation is at stake, and the path to preserving it is difficult to see. Four experts comment on this fictional case study in R0709A and R0709Z. James E. Lee, of ChoicePoint, offers lessons from his firm's experience with a large-scale fraud scheme. He advises early and frank external and internal communications, elimination of security weaknesses, and development of a brand-restoration strategy. Bill Boni, of Motorola, stresses prevention: comprehensive risk management for data, full compliance with payment card industry standards, and putting digital experts on staff. For the inadequately prepared Flayton, he suggests consulting an established...
Words: 4240 - Pages: 17
...------------------------------------------------- Regulators In India * Reserve Bank of India(RBI) * Securities Exchange Board in India(SEBI) * Insurance Regulatory Development Authority(IRDA) * Financial Intelligence Unit (FIU) * FSDC OVERVIEW A regulator is a public authority or government agency responsible for exercising autonomous authority over some area of human activity in a regulatory or supervisory capacity. An independent regulatory agency is a regulatory agency that is independent from other branches or arms of the government. Regulatory agencies deal in the area of administrative law—regulation or rulemaking (codifying and enforcing rules and regulations and imposing supervision or oversight for the benefit of the public at large). The existence of independent regulatory agencies is justified by the complexity of certain regulatory and supervisory tasks that require expertise, the need for rapid implementation of public authority in certain sectors, and the drawbacks of political interference. Some independent regulatory agencies perform investigations or audits, and some are authorized to fine the relevant parties and order certain measures. Regulatory agencies are usually a part of the executive branch of the government, or they have statutory authority to perform their functions with oversight from the legislative branch. Their actions are generally open to legal review. Regulatory authorities are commonly set up...
Words: 12028 - Pages: 49
...fraud by the leading executives. Or the Waste Management scandal which did things such as capitalizing items which should have been left on the income statement in order to increase their assets. Lastly, Enron, which had such an elaborate scheme in place that it was hard to decipher and was only uncovered when the CEO stepped down. It is not to say that SOX could have prevented these scandals but instead it helped create this act that will help set place 11 laws or sections to help deter such elaborate frauds in future leading companies. Week 1 Assignment-The Case of Phar-Mor Inc The Phar-Mor accounting scandal of $500 million was a massive fraud conducted by upper management which ultimately led to its bankruptcy in 1992. President Michael Monus, chief financial officer Patrick Finn, vice president of finance Jeffrey Walley, controller Stanley Charelstein, and accounting manager John Anderson were all convicted of financial statement fraud. As a result of this fraud charges were also filed against Phar-Mor’s independence audit company, Coopers & Lybrand LLP (Coopers). It is in direct response to accounting scandals such as this that The Sarbanes-Oxley Act of 2002 (SOX) was drafted. SOX was created in large to increase investor’s security and confidence in the market due to high profile accounting scandal cases such as Phar-Mor, WorldCom, Enron and other large entities. Senator Paul Sarbanes and Representative Michael Oxley drafted a bill which contained 11 sections of...
Words: 1536 - Pages: 7
...SYNOPSIS Delima Enterprise Sdn Bhd (DESB) founded in 1981 by Encik Zayed. It conducted trading and supplying related products including manpower supplies to the oil and gas industries. The husband and wife which are Encik Zayed and Puan Hashimah were the two principal shareholders and controlling directors for the company. The company expands into provision of engineering services as part of their business diversification and expansion plans. The company had maintained a very lean organization with basic functional positions. DESB employed their own family members to work in the company with minimal education background and some of them did not have the necessary job experience. In May 2006, the company had employed Cik Amy, a fresh graduate from local university since April 2006 and had no working experience to be their Finance Executive. At the same time, the company had secured a contract worth RM 750,000 to be implemented over a durations of six months. In order to secure the contract, Encik Zayed had applied for banking facilities due to the company’s shortage of funds, which required the Audited Financial Statements had to be issued to the bank at least by September 2006. Cik Amy was assigned to analyze and provide the Auditors with the necessary clarification and documentation, as Delima Enterprise Sdn Bhd (DEBS) had not performed the statutory audit. It was July, 2006 when Encik Zayed engaged the external Auditor Aziz & Co, introduced by his friend to perform...
Words: 3428 - Pages: 14
...Mit 576 e-commerce 1) With the aid of a diagram, describe a typical e-commerce model and how the various e- commerce technologies are implemented in your model? According to Dictionary.com * Commerce is a division of trade or production which deals with the exchange of goods and services from producer to final consumer * It comprises the trading of something of economic value such as goods, services, information, or money between two or more entities. Commonly known as Electronic Marketing, e-commerce is explained below. * “It consist of buying and selling goods and services over an electronic systems Such as the internet and other computer networks.” * “E-commerce is the purchasing, selling and exchanging goods and services over computer networks (internet) through which transaction or terms of sale are performed Electronically. The Business Process is described below, * A consumer uses Web browser to connect to the home page of a merchant's Web site on the Internet. * The consumer browses the catalog of products featured on the site and selects items to purchase. The selected items are placed in the electronic equivalent of a shopping cart. * When the consumer is ready to complete the purchase of selected items, she provides a bill-to and ship-to address for purchase and delivery * When the merchant's Web server receives this information, it computes the total cost of the order--including tax, shipping, and handling charges--and then...
Words: 4480 - Pages: 18
...Cyber Crime Research Presentation by the Australian Institute of Criminology Dr Russell G Smith Principal Criminologist The Australian Institute of Criminology • Australia's national research and knowledge centre on crime and justice • Core funding from the Australian Government, with income for contract research from public and private sectors • Criminology Research Advisory Council representing all jurisdictions • Staff of 30 academic researchers and 25 support staff – total 55 Cyber crime research Research questions • • • • • • • • • • How are cyber crimes committed (e.g. credit cards, internet)? How many crimes are committed and what are the crime trends? Who commits them and why do people commit them? How much money is at stake, lost and recovered? How can such crime be reduced – by prevention or punishment? Online and desk-based reviews of books, reports and articles Legislative and case-law analysis, including sentencing research Consultations with business, government and the community Surveys of households, businesses, offenders and victims Analysis of media reporting of crime Research methods Dissemination of findings • Reports, books, articles, conference papers, roundtables, online, media Cyber crime concepts Organised Crime e.g. OMCGs Identity Crime Cyber Crime e.g. off-line crimes e.g. ID theft Internet Crime e.g. Offensive Content Phishing Financial Crime e.g. Home renovation scams A chronology of cyber crime Cloud...
Words: 1301 - Pages: 6