Professional Documents
Culture Documents
The authors
Damien Hutchinson is a Research Assistant and
Matthew Warren is Associate Professor, both at the
School of Computing and Mathematics, Deakin University,
Geelong, Australia.
Keywords
Electronic commerce, Computer security, Internet,
Banking
Abstract
As a continually growing financial service of electronic
commerce, Internet banking requires the development
and implementation of a sound security procedure. This
involves designing effective methods via which users can
be authenticated in a remote environment. Specifically for
Internet banking there is a real need for a way uniquely to
identify and authenticate users without the possibility of
their authenticity being cloned. Some technologies in use
have been presented for meeting the security
requirements for national, regional and global Internet
banking assurance. However, there has been little
research conducted particularly on the creation of secure
and trusted pathways. Concentrates on presenting a
security framework for Internet banking based on
discovering and defining these pathways in terms of
adequate authentication mechanisms. Proposes a
framework concerning how to identify security
requirements for Internet banking such that the
transactions being conducted are secured within their
respective environments.
Electronic access
The Emerald Research Register for this journal is
available at
http://www.emeraldinsight.com/researchregister
The current issue and full text archive of this journal is
available at
http://www.emeraldinsight.com/0957-6053.htm
Logistics Information Management
Volume 16 . Number 1 . 2003 . pp. 64-73
# MCB UP Limited . ISSN 0957-6053
DOI 10.1108/09576050310453750
64
Research methodology
Past research has suggested ``what'' can be
done but not specifically ``how'' to do it;
although government agencies have put
forward electronic commerce initiatives for
small business including guidelines and policy
involving considerations for online security
(Department of Commerce and Trade, 2000),
their make-up describes ``what'' can be done
with little detail about ``how'' to do it. A gap
remains for a comprehensive workable
framework (that incorporates security of SME
electronic business practices with a focus on the
secure management of electronic transactions)
that is both feasible and can be implemented
into the various Australian SME industries.
The methodology employed for this
research involved a qualitative approach
comprising the six phases of developing a
conceptual framework used for organising
variables and their relationships, research
questions that appropriately identified the
objects of inquiry, case definition where the
focus and boundaries of the study were
classified, creating a means for sampling,
instrumentation specifying the collection of
data and finally validation to substantiate the
effectiveness of the framework (Miles and
Huberman, 1994). This methodology, as
shown in Figure 2, was used for the reason
that it can be done inductively and
developmentally from either a tight or a loose
design. Significantly, this approach serves a
critical role both to constrain and to support
analysis within the specified research field.
In order to develop any form of framework
or methodology an extensive literature review
and analysis need to be undertaken. The
literature review was an ongoing component
lasting for the duration of this research. It was
65
.
.
.
.
.
.
Protection
Verification
Authentication
Vulnerability
Counter-measure
Disclosure policies
with regard to privacy
protection and
collection of data
Technology
implementation
Firewall technologies
Non-repudiation
Mechanisms to
ensure that client
(customer) can be
certain they are
communicating with
the genuine server
(bank) or vice versa
Exchange of digital
certificate combined
with encryption
Digital signature
Sphere 3 bank
The framework regards the inter-network of
banks as a single body as opposed to each
bank being its own separate entity. The
purpose of the banking sphere is twofold:
first, to validate customers through
authentication mechanisms and, second, to
authorise and honour transactions to ensure
against non-repudiation.
Sphere 4 Internet
The Internet is considered to be a network of
networks where there is no one single entity
responsible for security or held accountable for
any losses suffered. It is viewed as the
infrastructure that facilitates global
communication, leading to e-commerce and
now Internet banking. From its outset, the
Internet in no way has existed to protect any of
the participants but rather to provide a channel
to facilitate the connection between different
entities wishing to communicate via electronic
means. Despite version 6 of the Internet
Protocol (IPv6) being successfully proven in
various test environments, version 4 (IPv4) is
still the chief Internet protocol. Adversely,
IPv4 is without the security functionality
included within IPv6. Thus, the security of a
message cannot be taken for granted.
70
.
.
.
.
.
the consumer;
the terminal (cell phone or PDA);
the wireless and public network
(telecommunication exchange);
the Internet (communication server); and
the bank.
Case study
For the purpose of this paper, the following
small case study provides an evaluation of one
of the identified scenarios based on the
developed framework constructed previously.
The first evaluation is based on the consumerto-business e-commerce environment
depicted in Figure 8.
In this scenario the areas that must be
secured include:
Figure 8 Scenario of consumer, cell phone and PDA
71
Figure 9 Autonomous actions contained within the cell phone, PDA scenario
72
Conclusion
The entities involved in the transaction
including the technological components are
clearly defined and arranged accordingly.
Naturally the various entities will require
different security requirements based on their
interaction within the specified Internet
banking environment. The model caters for
this determination by providing a detailed
decision table that amalgamates all the
information gathered in the six-step process.
This valuable cross-referencing method
ensures that all avenues from whence
contingencies arise are covered.
The framework of authentication for
Internet banking allows customers to work
their way through each step, identifying the
necessary security requirements along with
the counteracting authentication mechanism.
The distinctive style of the framework,
including explicit descriptions, examples and
cross-referencing capability, ensures all
security requirements and authentication
mechanisms are sufficiently identified for
correct and effective implementation.
References
Barlotta, J. (1999), ``Banks on guard against hackers'',
Business Today, Boston Herald, Sunday, 14 March,
p. 31.
Chellappa, K. (2001), ``Contrasting classical electronic
infrastructure and the Internet: a tale of caution'',
research paper, Marshall School of business,
University of Southern California, Los Angeles, CA.
73