Security

Various Forms of Security Threats: Virus Worms Trojan Logic Bombs Zombie PC Spam

Security Threats in Ecommerce

Phishing Website Forgery Link Manipulation Pop up Window Evil Twins

Damage caused by Phishing It is estimated that between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by phishing. In 2007, phishing attacks escalated. 3.6 million adults lost US$3.2 billion in the 12 months ending in August 2007

Damage caused by Phishing

In the UK losses from web banking fraudmostly from phishingalmost doubled to GB23.2m in 2005, from GB12.2m in 2004,while 1 in 20 computer users claimed to have lost out to phishing in 2005 The Bank of Ireland initially refused to cover losses suffered by its customers (and it still insists that its policy is not to do so), although losses to the tune of 11,300 were refunded

What is Phishing
Sounds similar to fishing Denoting bates used to catch fish

In the field of computer security, phishing is

the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by camouflaged as a trustworthy entity in an electronic communication

What is Phishing
Phishing is typically carried out by email or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. In order to lure the victim into giving up sensitive information the message might include imperatives like "verify your account" or "confirm billing information".

What is Phishing Once the victim had revealed the password, the attacker could access and use the victim's account for fraudulent purposes or spamming. "no one working at AOL will ask for your password or billing information Targeted versions of phishing have been termed spear phishing.

What is Phishing
Several recent phishing attacks have been directed specifically at senior executives and other high profile targets within businesses, and the term whaling has been coined for these kinds of attacks Almost half of phishing thefts in 2006 were committed by groups operating through the Russian Business Network based in St. Petersburg

Link Manipulation
Misspelled URLs or the use of sub domains are common tricks used by phishers. For example URL, - http://www.sbi.benjamin.com/, it appears as though the URL will take you to the example section of the SBI website; actually this URL points to the sbi" (i.e. phishing) section of the benjamin website.

Spoofing
An old method of spoofing used links containing the '@' symbol, originally intended as a way to include a username and password (contrary to the standard). For example, the http://www.google.com@members.tripod.com/ might deceive a casual observer into believing that it will open a page on www.google.com, whereas it actually directs the browser to a page on members.tripod.com

Website forgery
Some phishing scams use JavaScript commands in order to alter the address bar. This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original address bar and opening a new one with the legitimate URL

Evil Twins
Evil twins is a phishing technique that is hard to detect. A phisher creates a fake wireless network that looks similar to a legitimate public network that may be found in public places such as airports, hotels or coffee shops. Whenever someone logs on to the bogus network, fraudsters try to capture their passwords and/or credit card information

SBI Website & Security

SBI Warning on Phishing

Online Virtual Keyboard

CA & Digital Certificate

Certification Authority

SBI & Digital Certificate

Digital Certificate
A digital certificate is an electronic "credit card" that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real.

Certificate Authority (CA)

A certificate authority (CA) is an authority in a network that issues and manages security credentials and public keys for message encryption. CA checks with a registration authority (RA) to verify information provided by the requestor of a digital certificate. If the RA verifies the requestor's information, the CA can then issue a certificate. Depending on the public key infrastructure implementation, the certificate includes the owner's public key, the expiration date of the certificate, the owner's name, and other information about the public key owner

Digital Signature
A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.

Digital Signature
A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.

Public Key
In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document which uses a digital signature to bind a public key with an identity information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual

Digicert
DigiCert Inc is a privately held, US based X.509 SSL certificate provider. As a trusted third party, DigiCert verifies the authenticity of secure websites on behalf of a web browser for the purpose of preventing online phishing scams. Sites not secured in this manner by a trusted third party, or certificate authority, will display warning messages to users who try to access those sites.

Digicert
DigiCert was established in 2003 by Ken Bretschneider, CEO, and is currently the 5th largest public certificate authority in the world.

SSL
The Secure Sockets Layer (SSL) is a commonlyused protocol for managing the security of a message transmission on the Internet. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers.

SSL has recently been succeeded by Transport Layer Security (TLS), which is based on SSL.

Threat To Ecommerce

Threat to Ecommerce
E-commerce tends to be at a higher echelon for risk and attacks. This is so because E-Commerce is the transaction of goods and services; and the payment for those goods and services over the Internet. Therefore, the physical place where all of these transactions occur is at the Server level. The server can be viewed as the central repository for your E-Commerce Place of Business*which consists of the actual website which displays your products and services, the customer database, and the payment mechanism

Threat to Ecommerce
If there are any attacks to this server, in one blow, there is the potential you could lose everything. Thus, being proactive about security takes on a much greater magnitude now Threats to E-Commerce servers fall into two general categories: (1) Threats from an actual attacker(s); and (2) Technological failure.

Threat to Ecommerce
In terms of the former, the motivation is primarily psychological. The intent is to garner personal information from people for the sheer purposes of exploitation (such obtaining Credit Card and Bank Account information; Phishing schemes, obtaining usernames and passwords, etc.). Technological Failure - This can be anything from a network not configured properly to data packets being lost, especially in a wireless access environment.

Threat to Ecommerce
Even poorly written programming code upon which your E-Commerce site was developed can be very susceptible to threats. Most E-Commerce Servers utilize a Windows Operating System (such as Windows 2000 and 2003 Server), a Web Server Software (Apache)to host the E-Commerce Site (such as Internet Information Services, or IIS), and a database (such as Access 2000 or SQL Server 2000) which contains your customer information and transaction history.

Threat to Ecommerce
These platforms have had various security flaws associated with them, which has made them wide open to threats and attacks. As a result, there has been a move in the business community to adopt more robust and secure platforms

Threat to Servers
The direct threats to E-Commerce servers can be classified as either (1) Malicious Code Threats; and (2) Transmission Threats. Malicious, or rogue programming code is introduced into the server in order to gain access to the system resources.

Very often, the intent of Malicious Code Attacks is to cause large scale damage to the E-Commerce server.

Threat to Servers
Transmission threat - the threats and risks can be classified as either as active or passive. With passive threats, the main goal is to listen (or eavesdrop) to transmissions to the server. With active threats, the intent is to alter the flow of data transmission or to create a rogue transmission aimed directly at the ECommerce server.

Malicious Code
Viruses and Worms The most common threat under this category are the worms and viruses. A virus needs a host of some sort in order to cause damage to the system. The exact definition is A virus attaches itself to executable code and is executed when the software program begins to run or an infected file is opened.

Virus
So for example, a virus needs a file in which to attach itself to. Once that file is opened, the virus can then cause the damage. This damage can range from the deletion of some files to the total reformatting of the hard drive. The key to thing to remember about viruses is that they cannot by themselves spread-they require a host file.

Worms
However, worms are very much different. A worm does not need a host to replicate. Rather, the worm replicates itself through the Internet, and can literally infect millions of computers on a global basis in just a matter of hours. A perfect example of this is once again the MS Blaster worm. Worms by themselves do not cause damage to a system like a virus does. However, worms can shut down parts of the Internet or E-Commerce servers, because they can use up valuable resources of the Internet, as well as the memory and processing power of servers and other computers.

Worms Vs Virus
A question that is often asked about worms and viruses is which of the two are worse. This is a difficult question to answer, as the criteria for which is worse depends upon the business environment. However, one thing is certain: in terms of the rate of propagation and multiplicity, worms are much worse than viruses.

Trojan Horse
A Trojan Horse is a piece of programming code that is layered behind another program, and can perform covert, malicious functions. For example, your E-Commerce server can display a cool-looking screen saver, but behind that could be a piece of hidden code, causing damage to your system.

Trojan Horse

Trojan Horse
One way to get a Trojan Horse attack is by downloading software from the Internet. This is where you need to be very careful. Make sure that whatever software is downloaded comes from an authentic and verified source, and that all defense mechanisms are activated on your server.

Logic Bombs
A Logic Bomb is a version of a Trojan Horse, however, it is event or time specific. For example, a logic bomb will release malicious or rogue code in an E-Commerce server after some specific time has elapsed or a particular event in application or processing has occurred.

Logic Bombs

Zombies - A soulless corpse said to be revived by witchcraft, esp. in certain African and Caribbean

Zombie
A computer that has been implanted with a daemon that puts it under the control of a malicious hacker without the knowledge of the computer owner.

Zombies are used by malicious hackers to launch DoS attacks. The hacker sends commands to the zombie through an open port. On command, the zombie computer sends an enormous amount of packets of useless information to a targeted Web site in order to clog the site's routers and keep legitimate users from gaining access to the site.

Zombie
The traffic sent to the Web site is confusing and therefore the computer receiving the data spends time and resources trying to understand the influx of data that has been transmitted by the zombies. Compared to programs such as viruses or worms that can eradicate or steal information, zombies are relatively benign as they temporarily cripple Web sites by flooding them with information and do not compromise the site's data. Such prominent sites as Yahoo!, Amazon and CNN.com were brought down in 2000 by zombie DoS attacks.

Transmission Threat
Denial of Service Attacks With a Denial of Service Attack, the main intention is to deny your customers the services provided on your E-Commerce server. There is no actual intent to cause damage to files or to the system, but the goal is to literally shut the server down. This happens when a massive amount of invalid data is sent to the server. Because the server can handle and process so much information at any given time, it is unable to keep with the information and data overflow. As a result, the server becomes confused, and subsequently shuts down. Another type of Denial of Service Attack is called the Distributed Denial of Service Attack.

Denial of Service Attack

In this scenario, many computers are used to launch an attack on a particular E-Commerce server. The computers that are used to launch the attack are called zombies. These zombies are controlled by a master host computer. It is the master host computer which instructs the zombie computers to launch the attack on the E-Commerce Server. As a result, the server shuts down because of the massive bombardment of bad information and data being sent from the zombie computers. A Distributed Denial of Service Attack is diagrammed as follows:

Ping of Death
When we surf the Web, or send E-Mail, the communications between our computer and the server takes place via the data packet. It is the data packet that contains the information and the request for information that is sent from our computer to other computers over the Internet. The communication protocol which is used to govern the flow of data packets is called Transmission Control Protocol/Internet Protocol, or TCP/IP for short.

Ping of Death
The TCP/IP protocol allows for data packets to be as large as 65,535 bytes. However, the data packet size that is transmitted across the Internet is about 1,500 bytes. With a Ping of Death Attack, a massive data packet is sent-65,536 bytes. As a result, the memory buffers of the E-Commerce Server are totally overloaded, thus causing it to crash.

SYN Flooding
When we open up a Web Browser and type in a Web address, or click Send to transmit that E-Mail from our own computer (referred to as the client computer), a set of messages is exchanged between the server and the client computer. These set of exchanges is what establishes the Internet connection from the client computer to the server, and vice versa. This is also known as a handshake.

SYN Flooding
To initiate this Internet connection, a SYN (or synchronization) message is sent from the client computer to the server, and the server replies back to the client computer with a SYN ACK (synchronization acknowledgement) message. To complete the Internet connection, the client computer sends back an ACK (or acknowledgement) message to the server.

SYN Flooding
At this point, since the E-Commerce server is awaiting to receive the ACK message from the client computer, this is considered to be a half-open connection. It is at this point in which the E-Commerce server becomes vulnerable to attacks Phony messages (which appear to be legitimate) could be sent to the E-Commerce server, thus overloading its memory and processing power, and causing it to crash

IP Spoofing
The Basic protocol for sending data over the Internet network and many other computer networks is the Internet Protocol ("IP"). The header of each IP packet contains, the numerical source and destination address of the packet. The source address is normally the address that the packet was sent from. By forging the header so it contains a different address, an attacker can make it appear that the packet was sent by a different machine. With IP Spoofing, it is difficult to identify the real attacker, since all E-Commerce server logs will show connections from a legitimate source. IP Spoofing is typically used to start the launch of a Denial of Service Attack.

Encryption
Encryption is the conversion of data into a form, called a cipher text, that cannot be easily understood by unauthorized people. Decryption is the process of converting encrypted data back into its original form, so it can be understood. The use of encryption/decryption is as old as the art of communication.

Encryption
In wartime, a cipher, often incorrectly called a code, can be employed to keep the enemy from obtaining the contents of transmissions. (Technically, a code is a means of representing a signal without the intent of keeping it secret; examples are Morse code and ASCII.) Simple ciphers include the substitution of letters for numbers, the rotation of letters in the alphabet, and the "scrambling" of voice signals by inverting the sideband frequencies.

Firewall
A firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs or Internet users from accessing a private network and/or a single computer

Firewall
firewall is a protective system that lies, in essence, between your computer network and the Internet. The job of a firewall is to carefully analyze data entering and exiting the network based on your configuration.

It ignores information that comes from an unsecured, unknown or suspicious locations.

A firewall plays an important role on any network as it provides a protective barrier against most forms of attack coming from the outside world. Firewalls can be either hardware or software.

Firewall
The ideal firewall configuration will consist of both. In addition to limiting access to you computer and network, a firewall is also useful for allowing remote access to a private network through secure authentication certificates and logins. While many people do not completely understand the importance and necessity of a firewall, or consider it to be a product for businesses only, if your network or computer has access to the outside world via the Internet then you need have a firewall to protect your network, individual computer and data therein.

Firewall
Hardware firewalls can be purchased as a stand-alone product but more recently hardware firewalls are typically found in broadband routers, and should be considered an important part of your system and network set-up, especially for anyone on a broadband connection. Hardware firewalls can be effective with little or no configuration, and they can protect every machine on a local network. Most hardware firewalls will have a minimum of four network ports to connect other computers, but for larger networks, business networking firewall solutions are available.

Modem

Modem
Modulator-Demodulator.

A modem is a device or program that enables a computer to transmit data over, for example, telephone or cable lines. Computer information is stored digitally, whereas information transmitted over telephone lines is transmitted in the form of analog waves. A modem converts between these two forms.

Modem

Router

Modem - Router

Firewall Router

Firewall - Router

Netgear Firewall Wireless Router

Hardware & Software Firewalls

Hardware Firewalls
Protect an entire network Implemented on the router level Usually more expensive, harder to configure

Software Firewalls
Protect a single computer Usually less expensive, easier to configure

How does a software firewall work?

Inspects each individual packet of data as it arrives at either side of the firewall Inbound to or outbound from your computer Determines whether it should be allowed to pass through or if it should be blocked

What a personal firewall can do

1. Stop hackers from accessing your computer 2. Protects your personal information

3. Blocks pop up ads and certain cookies

4. Determines which programs can access the Internet

Network Firewall
A network firewall protects a computer network from unauthorized access. Network firewalls may be hardware devices, software programs, or a combination of the two. Network firewalls guard an internal computer network (home, school, business intranet) against malicious access from the outside. Network firewalls may also be configured to limit access to the outside from internal users.

Software Firewall
For individual home users, the most popular firewall choice is a software firewall. Software firewalls are installed on your computer (like any software) and you can customize it; allowing you some control over its function and protection features. A software firewall will protect your computer from outside attempts to control or gain access your computer, and, depending on your choice of software firewall, it could also provide protection against the most common Trojan programs or e-mail worms.

SSL Protocol
SSL Characteristics When SSL connection established browser-to-server and server-to-browser communications are encrypted. This includes: URL of requested document Contents of the document Contents of browser forms Cookies sent from browser to server Cookies sent from server to browser Contents of HTTP header

Establishing an SSL Connection

The client (browser) opens a connection to server port Browser sends client hello message. Client hello message contains: version of SSL browser uses ciphers and data compression methods it supports The Server responds with a server hello message. Server hello message contains session id the chosen versions for ciphers and data compression methods.

Establishing an SSL Connection

The server sends its certificate
used to authenticate server to client

Optionally the server may request clients certificate If requested, client will send its certificate of authentication
if client has no certificate then connection failure

Client sends a ClientKeyExchange message

symmetric session key chosen digital envelope is created using servers public key and contains the symmetric session key

Establishing an SSL Connection

Optionally, if client authentication is used the client will send a certificate verify message. Server and client send ChangeCipherSpec message indicating they are ready to begin encrypted transmission. Client and server send Finished messages to each other These are a message digest of their entire conversation up to this point. If the digests match then messages were received without interference.

SSL Connection setup

SSL Setup
The Secure Socket Layer protocol was created by Netscape to ensure secure transactions between web servers and browsers. The protocol uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions. This is in short how it works. A browser requests a secure page (usually https://). The web server sends its public key with its certificate. The browser checks that the certificate was issued by a trusted party (usually a trusted root CA), that the certificate is still valid and that the certificate is related to the site contacted.

SSL Setup
The browser then uses the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted http data. The web server decrypts the symmetric encryption key using its private key and uses the symmetric key to decrypt the URL and http data. The web server sends back the requested html document and http data encrypted with the symmetric key. The browser decrypts the http data and html document using the symmetric key and displays the information.

Public Key / Private Key

Public key encryption refers to a type of cypher or code architecture known as public key cryptography that utilizes two keys, or a key pair), to encrypt and decrypt data. One of the two keys is a public key, which anyone can use to encrypt a message for the owner of that key. The encrypted message is sent and the recipient uses his or her private key to decrypt it. This is the basis of public and private key encryption.

Encryption
The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text ; encrypted data is referred to as cipher text. There are two main types of encryption: asymmetric encryption (also called public-key encryption) and symmetric encryption.

Electronic Payment System

Evolution of Electronic Payment System

1967 - the New York Clearing House launched CHIPS (Clearing House Interbank Payment System) which provides US Dollar funds transfer and transactions settlements online and in real time. 1970s - Chemical Bank launched its Pronto system providing 3,000 computer terminals to customers home linked to its central computers by telephone. This offers a range of facilities - balance inquiries, money transfer between Chemical Bank accounts, and bill payments to selected local stores. The stumbling blocks for the first generation home building system in general was who is to pay for terminals at home.

Evolution of Electronic Payment System

1985 - EDI (Electronic Data Interchange) extensively used in bank-to-bank payment 1994 - digital cash by DigiCash of Holland conducted online.

1995 - Mondex electronic currency begin in Sweden.

A real revolution in the meaning of electronic payment system came with the development of EFT that allows the transfer of funds from the bank account of the one person or organization to that another.

Electronic Payment Systems

The emergence of e-commerce has created new financial needs that in many cases cannot be effectively fulfilled by the traditional payment systems. Recognizing this, virtually all interested parties are exploring various types of electronic payment system and issues surrounding

electronic payment system and digital currency

Electronic Payment System

There are numerous different payments systems available for online merchants. These include the traditional credit, debit and charge card but also new technologies such as digital - wallets, e-cash, mobile payment and e-checks. Another form of payment system is allowing a 3rd party to complete the online transaction for you. These companies are called Payment Service Providers (PSP).

Electronic Payment System

1.
2. 3. 4.
Credit Card Electronic Cash System Electronic Cheque Smart Cards

Credit Card

Credit Card
A credit card is a small plastic card issued to users as a system of payment. It allows its holder to buy goods and services based on the holder's promise to pay for these goods and services Credit cards allow the consumers a continuing balance of debt, subject to interest being charged Merchants are charged several fees for the privilege of accepting credit cards. The merchant is usually charged a commission of around 1 to 3 per-cent of the value of each transaction paid for by credit card. The merchant may also pay a variable charge, called an interchange rate, for each transaction. In some instances of very low-value transactions, use of credit cards will significantly reduce the profit margin or cause the merchant to lose money on the transaction.

Credit Card
Merchants must accept these transactions as part of their costs to retain the right to accept credit card transactions. Merchants with very low average transaction prices or very high average transaction prices are more averse to accepting credit cards. In some cases merchants may charge users a "credit card supplement", either a fixed amount or a percentage, for payment by credit card.

This practice is prohibited by the credit card contracts in the United States, although the contracts allow the merchants to give discounts for cash payment.

Pre-Paid Credit Card

A prepaid credit card is not a true credit card, since no credit is offered by the card issuer. The card-holder spends money which has been "stored" via a prior deposit by the card-holder or someone else, such as a parent or employer. However, it carries a creditcard brand (such as Visa, MasterCard, American Express, Discover, or JCB (Japan Credit Bureau)

Electronic Cheque / Check

A form of payment made via the internet that is designed to perform the same function as a conventional paper check. Because the check is in an electronic format, it can be processed in fewer steps and has more security features than a standard paper check. Security features provided by electronic checks include authentication, public key cryptography, digital signatures and encryption

Electronic Cheque

Smart Cards
A Smartcard is similar to a credit card; however it contains an embedded 8-bit microprocessor and uses electronic cash which transfers from the consumers card to the sellers device. A popular smartcard initiative is the VISA Smartcard. Using the VISA Smartcard you can transfer electronic cash to your card from your bank account, and you can then use your card at various retailers and on the internet. There are companies that enable financial transactions to transpire over the internet, such as PayPal. Many of the intermediaries permit consumers to establish an account quickly, and to transfer funds into their on-line accounts from a traditional bank account .

EBPPS
Electronic bill presentment and payment (EBPP) is a technique that allows consumers to view and pay bills electronically. There are a significant number of bills that consumers pay on a regular basis, which include: power bills, water, oil, internet, phone service, mortgages, car payments etc. EBPP systems send bills from service providers to individual consumers via the internet.

Models of EBPP
Consolidation - where numerous bills for any one recipient are made available t one Web site. The actual task of consolidation is sometimes performed by a third party and fed to the Web sites where consumers receive the bills. The principal attraction of consolidation is that consumers can receive and pay numerous bills at the one location Biller Direct - where the bills produced by an organization are made available through that organization's Web site. Direct email delivery - where the bills are emailed to the customer's inbox

Process of Electronic Payment System

An electronic fund transfer is a financial application of EDI (Electronic Data Interchange), which sends credit card numbers or electronic cheques Uses secured private networks between banks and major corporations. To use EFT to clear payments and settle accounts, an online payment service will need to add capabilities to process orders, accounts and receipts.

A typical B2C Transaction

Secure Electronic Transaction

Cryptographic protocol Developed by Visa, MasterCard, Netscape, and Microsoft Used for credit card transactions on the Web Provides 1. Authentication of all parties in transaction 2. Confidentiality - transaction is encrypted to foil eavesdroppers 3. Message integrity: not possible to alter account number or transaction amount 4. Linkage: attachments can only be read by 3rd party if necessary

SET
SET protocol supports all features of credit card system
1. 2. 3. 4. 5. 6. 7. 8. 9. Cardholder registration Merchant registration Purchase requests Payment authorizations Funds transfer (payment capture) Charge backs (refunds) Credits Credit reversals Debit card transactions

SET can manage

real-time & batch transactions installment payments

Secure Electronic Transaction

E-payment Method

Electronic Fund Transfer

Electronic funds transfer or EFT is the electronic exchange or transfer of money from one account to another, either within a single financial institution or across multiple institutions, through computer-based systems. The term is used for a number of different concepts:

Cardholder-initiated transactions, where a cardholder makes use of a payment card

Direct deposit payroll payments for a business to its employees, possibly via a payroll service bureau Direct debit payments, sometimes called electronic checks, for which a business debits the consumer's bank accounts for payment for goods or services

EFT
Electronic bill payment in online banking, which may be delivered by EFT or paper check Transactions involving stored value of electronic money, possibly in a private currency Wire transfer via an international banking network (carries a higher fee) SWIFT Electronic Benefit Transfer

EFT

EFT
EFT is applicable to the following financial transactions: Payment made for certain goods and service via card (Debit or Credit). Refund of previous payments by a shopkeeper. Withdrawing money from an account via ATM. Depositing money in an account via ATM. Transferring funds between linked accounts. Making payment to a third party. Inquiring about various account details such as balance enquiry. Taking out mini statement via ATM. Request for PIN change at an ATM.