Skip to main content
Springer Nature Link
Log in

Using Automated Banking Certificates to Detect Unauthorised Financial Transactions

  • Conference paper
Financial Cryptography and Data Security (FC 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4107))

Included in the following conference series:

  • 1213 Accesses

Abstract

New or emerging technologies such as e-services, e-/m-commerce, Cyber-payment, mobile banking and pay-as-you-go insurance services are opening up new avenues for criminals to commit computer-related financial fraud and online abuse. This serious situation has been evidenced by the UK Information Security Breach Survey 2004 and the UK National Hi-Tech Crime Unit’s recent report, “Hi-Tech Crime: The Impact On UK Business”. It highlights that online financial fraud is one of the most serious e-crimes and takes the lion’s share of over 60% of e-crime costs, and most of the financial fraud cases are committed by authorised insiders. Authorised insiders can more easily break the security barrier of a bank or a financial institution due to their operating privileges on the banking automated systems. Failure to detect such cases promptly can lead to (sometimes huge) financial loses and damage the reputation of financial institutions. This paper introduces a real-time fraud detection solution – the Transaction Authentication Service (TAS) – to tackle the problem of transaction manipulation by authorised insiders. The paper also introduces an important building block used in the design of TAS, Automated Banking Certificates (ABCs).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Baldwin, A., Shiu, S.: Enabling shared audit data. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 14–28. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  2. Bank for International Settlements, Risk Management Priciples for electronic Banking, found on (January 2006), at http://www.bs.org/publ/bcbs98.htm

  3. Corzo, C., Zhang, N.: Towards a real-time solution to the security threats posed by authorised insiders. In: Proceedings of the ECIW 2004: The 3rd European conference on information warfare and security, Royal Holloway, University of London, UK, June 28-29, 2004, pp. 51–60 (2004)

    Google Scholar 

  4. Damgard, I.: Collision free hash functions and public key signatures. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 203–216. Springer, Heidelberg (1988)

    Google Scholar 

  5. Damgard, I.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)

    Google Scholar 

  6. Davies, D.W., Price, W.L.: The application of digital signatures based on public-key cryptosystems. In: Proc. Intl. Computer Communications Conference, October 1980, pp. 525–530 (1980)

    Google Scholar 

  7. Diffie, W., Hellman, M.: New Directions in Cryptography. Information Theory, Transactions on IEEE 22(6), 644–654 (1976)

    Article  MATH  MathSciNet  Google Scholar 

  8. Diffie, W.: Ten first years of public key cryptography. In: Proceedings of the IEEE, 76th edn., pp. 560–577 (May 1988)

    Google Scholar 

  9. Evans, A.: A user authentication scheme not requiring secrecy in the computer. Communications of the ACM 17(8), 437–442 (1974)

    Article  Google Scholar 

  10. Haber, S., Stornetta, W.: How to time-stamp a digital document. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 437–455. Springer, Heidelberg (1991)

    Google Scholar 

  11. Kocher, P.: On certificate revocation and validation. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 172–177. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  12. Merkle, R.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)

    Google Scholar 

  13. Muñoz, J., Forbe, J., Esparza, O.: Certificate revocation system implementation based on the Merkle hash tree. Journal of Information Security 2(2) (2004)

    Google Scholar 

  14. Naor, M., Nissim, K.: Certificate revocation and certificate update. IEEE Journal on selected areas in Communications 18(4), 561–570 (2000)

    Article  Google Scholar 

  15. Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM 21(2) (February 1978)

    Google Scholar 

  16. Tsudik, G.: Message authentication with one-way hash functions. In: Eleventh Annual Joint Conference of the IEEE Computer and Communications Societies, vol. 3, pp. 2055–5059. IEEE, Los Alamitos (1992)

    Google Scholar 

  17. O’Gorman,: Comparing passwords, tokens, and biometrics for user authentication. Proceedings of the IEEE 91(12), 2021–2040 (2003)

    Article  Google Scholar 

  18. Rivest, R.: The MD4 Message Digest Algorithm. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 303–311. Springer, Heidelberg (1991)

    Google Scholar 

  19. Simmons, G.: The practice of authentication. In: Pichler, F. (ed.) EUROCRYPT 1985. LNCS, vol. 219, pp. 261–272. Springer, Heidelberg (1986)

    Chapter  Google Scholar 

  20. Wang, X.: How to Break MD5 and other Hash functions. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, the University of Manchester, Manchester, M13 9PL, UK

    C. Corzo, N. Zhang & A. Carpenter

  2. Universidad Escuela Colombiana de Ingeniería,  

    F. Corzo S.

Authors
  1. C. Corzo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. F. Corzo S.
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. N. Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. A. Carpenter
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Telcordia Technologies, Piscataway, NJ, USA

    Giovanni Di Crescenzo

  2. Johns Hopkins University (JHUISI), 3100 Wyman Park Drive, 21211, Baltimor, MD, USA

    Avi Rubin

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Corzo, C., Corzo S., F., Zhang, N., Carpenter, A. (2006). Using Automated Banking Certificates to Detect Unauthorised Financial Transactions. In: Di Crescenzo, G., Rubin, A. (eds) Financial Cryptography and Data Security. FC 2006. Lecture Notes in Computer Science, vol 4107. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11889663_3

Download citation

  • DOI: https://doi.org/10.1007/11889663_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-46255-2

  • Online ISBN: 978-3-540-46256-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics