internet banking final report
TRANSCRIPT
-
8/9/2019 Internet Banking Final Report
1/36
While physical security is important, securing your digital assets is just as
important. Access to most digital assets is protected via a password. The
password is the key to your sensitive information files, data sets,
confidential information, among others. A password is a form of secret
authentication data that is used to control access to a resource. The
password is kept secret from those not allowed access, and those wishing
to gain access are tested on whether or not they know the password and
are granted or denied access accordingly. Passwords vary in the degree of
public awareness, security protection and frequency of change. How
secure is your password? If someone is able to guess your password, none
of the systems in the world will protect your valuable information. Your
assets are only as secure as your weakest password. Mitigating
authentication weaknesses by increasing password length and complexity
will reduce security if passwords are pushed beyond the peak of their
effectiveness. With this philosophy we aimed to research on theawareness regarding this matter and found hopeful results.
Before we could work towards a more appropriate solution to users
insecure password practices, it would be necessary to study the
underlying cause of these practices, which lies within users perceptions
of their accounts and passwords. In this thesis, we present the findings
from our study, which investigated the importance of the strength andprivacy, people place on passwords and whether they understand the role of
how weak passwords can lead to exposure of crucial information. Our findings
revealed that anyone can easily become a victim of e-crime as there arevarious ways to steal your password or personal information if you are not
concerned about protecting your account and personal information
against security hazards. People are ignorant about password strength.
Research has proved that passwords are commonly shared and not kept
private by people, same passwords are used for multiple accounts, people
are unaware of data stealing software, there is fear in using E banking;
credit cards, online banking etc.
~ 1 ~
-
8/9/2019 Internet Banking Final Report
2/36
Introduction:
With the advent of the internet, various aspects of life have been
revolutionized; everything has been taken to a different level. Amongst all
these revolutionary changes is the shifting of trends concerning data
security. Gone is the time when lock and key were supposed to be kepthidden. This is the digital era where everything is accessible by the click of a
button. With the banking industry also being revolutionized by information
technology, the biggest threat to its modernization and adaptation is threat
of data security. Internet banking allows its users to conduct a variety of
tasks from the comfort of their homes, once thought impossible. Various
internet services are being provided by banks globally from as simple as
checking bank account balances to the wire transfer of millions of dollars at
the click of a button. With any new solution comes a problem and with that
problem comes a solution waiting to be unearthed. Internet banking while
having brought the ease and convenience of transacting from the comfort ofones home or office brings with itself the very real exploitation threat. There
has been an increasing number of electronic crime cases reported or rather
more commonly known as e-crime. E-Crime generally refers to a criminal
activity where a computer or computer network is the source, tool, target, or
place of a crime. Despite the unavoidable references to computers or
online activity, e-Crime encompasses a whole range of traditional crimes -
such as fraud, theft, blackmail, forgery and embezzlement. For the sake of
our discussion and to simplify the definition this report will deal with e crime
as defined by criminal activity where personal and financial information is atstake because of weak or inadequate network security. Exploitation can
occur during various stages. This report will deal with shortcomings in
security on part of the user, pertaining to password setting, one of the most
basic aspects and something that the user can control arbitrarily.
For the progress of online financial services offered by banks to gain pace,
specially in an under developed country like Pakistan, where most people
hesitate in getting involved in the banking sector due to religious reasons,
the only way internet banking can gain popularity and be accepted is when
the benefits of the above are widely published and all threats eliminated orat least diminished. Banks benefit from offering this service due to its low
costs and economies of scale. The cost for serving 100,000 customers is
virtually the same as serving 10,000. Hence this system boasts of huge
savings for banks. For the users, the major advantages are convenience and
accessibility on-the-go, with a wide range of attractive internet packages
~ 2 ~
-
8/9/2019 Internet Banking Final Report
3/36
being offered by telecom companies this serves as a rich ground for the
growth of internet banking.
One of the key aspects of security, the most basic and the first step to
understanding the importance of security is the significance of a good
password. A strong password can protect personal and financial information
from those wishing to exploit along with supplementary albeit equally crucialmeasures. Since there has been virtually no research conducted in this area,
in Pakistan, we would like to take this opportunity to research on the
awareness of the importance of passwords people place on them.
Methodology:
The rationale behind this research is based on the belief that many people
do not pay adequate attention when setting passwords. The focus of this
study is to identify the importance of the strength and privacy, people place
on passwords and whether they understand the role of how weak passwords
can lead to exposure of crucial information. A direct issue arising from this is
of people revealing personal information which may seem harmless, but can
be a deadly arsenal for someone waiting to exploit and compromise the
situation of such people.
A questionnaire was designed comprising of 15 questions was used to
conduct a sample survey in order to evaluate from respondents on how
passwords are chosen and whether the same passwords are assigned for
multiple accounts and how careful people are when it comes to discussing
seemingly irrelevant personal information. The questionnaire aims to identify
areas of vulnerability. The sample population was aged above 25 years of
age and working in diversified professions, and was tested about the
importance of personal information and about the subjectivity of a good
password. With the result we will aim to prove how the weakness of a
password contributes to risk of personal and financial information, and how
awareness of this matter can help with the promotion of E banking.
~ 3 ~
-
8/9/2019 Internet Banking Final Report
4/36
Literature Review:
Passwords have been a necessary part for most of the online activitiespeople do. We require passwords to protect our data and accounts form DataSnatchers, whore constantly looking to access our data. Passwords areactually the keys that help the hackers to open up the accounts you exercisemost of the time on the internet i.e. your email, bank account, socialnetworking websites, etc. So, people who use single password for variousaccounts can put their valuable information or money at risk. Singlepasswords actually help hackers to snatch what you have because using thesame password for various times on different web sites helps them tocrack the password easily.
Previous studies have shown that users often write their passwords down,and post them in obvious locations (Barton and Barton 1984; Adams andSasse 1999; Dhamija and Perrig 2000; Horowitz 2001). Users oftencreate weak passwords based on obvious dictionary words or personalinformation, which can be guessed by people who know enough about them.These weak passwords include birth dates, personal names, nicknames,names of partners or favorite celebrities, and even the word password(Riddle, Miron et al. 1989; CentralNic 2001; Sasse, Brostoff et al.2001; Brown, Bracken et al. 2004). Password sharing between friendsand work colleagues has also been noted as a common practice. Many usersdo this because of convenience and practical reasons (Adams and Sasse1999),or as a result of social pressure. A recent study (Gaw and Felten2006) showed that password reuse tends to increase as people accumulatemore accounts. Ives, Walsh et al. (2004) described the domino effect ofmultiple systems being susceptible to attacks because of password reuse.
Morris and Thompson (1979) studied a corpus of 3,289 passwords frommany users over a long period of time and discovered that 86% of thesepasswords were extremely weak. Riddle, Miron et al. (1989) analyzed6226 user generated passwords from IBM CMS environment used bystudents and staff at Syracuse University in 1987, finding that manypasswords were extremely short and consisted of English words or personsnames. Adams and Sasse (1999) conducted a study of password relateduser behaviors, including password construction, frequency of use, passwordrecall and work practices. They concluded that their participants lackedsecurity motivation and understanding of password policies, and tended tocircumvent password restrictions for the sake of convenience. Dhamija andPerrig (2000) conducted an interview-based study involving 30participants. Similar to Adams and Sasse, they concluded that participants
~ 4 ~
-
8/9/2019 Internet Banking Final Report
5/36
tended to find workarounds to circumvent system restrictions, which oftenresulted in insecure password practices.
Know Hacking! But No Hacking:
People should be aware of the hacking techniques or they should make aneffort to know about the security threats they face in the cyber world. Therehave been many real life cases and dozens of people who have become avictim of e-crime and they have lost their valuable information or money justbecause they were least bothered of the security hazards on the internet.
Another reason that why people should be concerned about their importantinformation is because the favorite target of hackers are home and home-office computers because these computers are mostly connected to the
internet through a broadband and the connection is always open so thehackers can easily locate these computers with the help of the scanners.
A few of the cases are mentioned below to let people know the importancethat they should be aware of the hacking techniques to safeguard theironline activities or they should keep their keys (passwords) strong enough tobe revealed by the hacker.
Credit Card scam
Credit cards have become a major source of electronic payment system and
it is widely used by the people to make online purchases of airline ticketsand other e-commerce transactions. Although major security actions (suchas SSL, secure web servers, etc.) have been implemented in websites butstill number of credit card frauds are increasing.
The scenario
A number of times people have complained that they have not made anypurchases for which theyre asked to make payments. It happens becausethe victims credit card information is stolen by the Data Snatchers and they
misuse it for making online purchases and then the victim is asked to makepayments. Actually the bad guy or the Data Snatchers are liable who havestolen the valuable information of the credit card holders as well as thosewho have misused it.
~ 5 ~
-
8/9/2019 Internet Banking Final Report
6/36
The suspect install key loggers1 and other password revealing softwares inpublic computers such as cyber cafes, airport lounges, etc and the innocentpeople use these computers to make online purchases and when they entertheir credit card information; it is emailed to the suspect. Another techniqueto know about the victims credit card information is the various peoplewhore actually using your credit card to make receipt for your purchasessuch as petrol pump attendants, hotel waiters who note down the
information and later sell it to criminal gangs that misuse it for online frauds.
Keeping passwords safe:
Passwords and pin numbers should not be written down anywhere to
remember and should not be disclosed to anyone. According to a recent
study, researchers have suggested that passwords should be difficult to
guess i.e. strong passwords rather than obvious passwords, such as
mothers name or date of birth, etc.
Obama Twitter account 'hacked by Frenchman'
Anyone can easily become a victim of e-crime as there are various ways to
steal your password or personal information. This is what happened to the
American President Barack Obama.
The unemployed 25-year-old Frenchman recently hacked twitter accounts
belonging to Obama by simply guessing users passwords. He has also
targeted other celebrities, including Britney Spears.
He accessed the accounts by simply working out answers to reminder or secret
questions on targets e-mail accounts, according to investigators.
1 A commonly used technique to steal password is key logger. It is actually a spyware
and if it is installed in computer and you access your email account through that
computer then youll definitely lose your password because it records each and every
keystroke that you type.
~ 6 ~
-
8/9/2019 Internet Banking Final Report
7/36
Attacks on Password Authentication Mechanisms
User End
Classification of attacks on password authentication
mechanisms based on the targets of the attacks: 1.
Attacks on the user end 2. Attacks on the communication
channel 3. Attacks on the system end.
~ 7 ~
-
8/9/2019 Internet Banking Final Report
8/36
Questionnaire Findings
Question 1:How do you access internet?
Question 2:
Do you use the same password for multiple accounts?
~ 8 ~
-
8/9/2019 Internet Banking Final Report
9/36
33.3%
26.7%
40.0%
usually
yes
never
Question 3:
How many characters do your passwords usually have?
Question 4:
What kind of passwords do you prefer? Tick as many as applicable
~ 9 ~
-
8/9/2019 Internet Banking Final Report
10/36
Question 5:
What do your passwords usually look like?
Question 6:
Do you share your passwords with anyone? Tick as many as applicable
Question 7:
Are you aware of any software (Password Revealer, spywares) that can beinstalled on your computer to retrieve passwords entered on variouswebsites?
Question 8:
Do you think strong passwords can help keep financial information secure,and virtually risk free from hack attacks?
~ 10 ~
-
8/9/2019 Internet Banking Final Report
11/36
13.3%
30.0%
33.3%
23.3%
disagree
neutral
agree
strongly agree
Question 9:
Do you trust Internet cafe or Internet library?
Question 10:
Would you use your credit card for shopping online and other transactions?
~ 11 ~
-
8/9/2019 Internet Banking Final Report
12/36
26.7%
30.0%
30.0%
13.3%never
rarely
frequently
always
Question 11:
Do you think there is a fear using credit card?
Question 12:~ 12 ~
-
8/9/2019 Internet Banking Final Report
13/36
If yes, then if there is an arbitrary password associated with using your creditcard information would you use your credit card then?
43.3%
33.3%
23.3%
dont know
yes
no
Question 13:
Do you conduct transactions using your online bank account?
53.3%
46.7%
yes
no
Reasons for not using online bank account to conduct transactions:
~ 13 ~
-
8/9/2019 Internet Banking Final Report
14/36
Question 14:
Have you been or know someone who has been a victim of E-crime?
Question 15:
What do you think is the reason behind increasing cases of Electroniccrime?
Tick as many as applicable
Research AnalysisThe research based on response of the sample population of 30 individuals,
ages above 25, professions ranging from lecturer to industrialist, to banker
and sub editors of newspapers, from freelance software writer to production
manager. Thus this ensured the sample population came from different
backgrounds and were exposed to different circumstances.
~ 14 ~
-
8/9/2019 Internet Banking Final Report
15/36
The results of the questionnaire about accessing the internet showed that
cable internet was the most popular means of access while DSL and wireless
competing for the second and third popular spots. Satellite internet or any
other means to access the internet received zero responses. It shows that
most of the users of internet are accessing it through cable network which
requires higher safety than DSL or any other means i.e. personal firewall is
needed.
Ways to access Internet Frequency Percent (%)
DSL Internet 8 25
Cable Internet 16 55
Satellite Internet - 0
Wireless Internet 6 20
Others - 0
Total 30
Our assumption that people prefer to have the same passwords for various
accounts was based on the belief that about 80% of the population would
conform to this. On the contrary, the results showed only a small minority of26.7% always set the same password while 33.3% usually used the same
password. This could signify that important accounts like banking or private
business email accounts had different passwords while other less important
ones had invariably the same passwords. What was surprising was a majority
of 40% of the sample chose never meaning that they never chose the
same passwords for multiple accounts. This result was extremely favorable
since it showed that even if passwords were compromised, information from
all of an individuals account would not be misused.
Same password for
multiple accounts
Frequency Percent (%)
Always 8 26.7
~ 15 ~
-
8/9/2019 Internet Banking Final Report
16/36
Never 12 40
Usually 10 33.3
Total 30
Considering the strength of the password which in itself is very subjective,we received slightly unexpected but promising results. Of the three
questions that tested on its subjectivity, one was based on the length of the
password, (the more the number of characters in a password the stronger it
is,) the keys used in the password, (alphabets, numeric and special keys,)
and whether any personal information was used in the password that people
around a person are familiar with, (names, pet names, name of spouse,
phone number, date of birth). This question also seeked any other ideas for
passwords that people used. Results showed a 50% of the sample population
used 7 to 9 characters when setting their passwords, with the rest almostequally divided between 4 to 6 and more than 9 characters per password.
Number of characters
passwords usually have
Frequency Percent (%)
4-6 7 24.8
7-9 15 50
More than 9 8 25.2
Total 30 100.0
There were mixed results to the question which inquired about the
information used in the passwords. While an overwhelming majority did not
used any obvious personal information like their own or their spouses name
or even phone numbers, a surprising 50% of the population confirmed to
using their pet names in their password. This proves our assumption and also
exposes vulnerability. People need to understand that using information that
is commonly known among peers can prove to be dangerous and lead to
damaging results. People who do not use any personal information in their
passwords cited other ideas for the same. From names of cars and
medicines, to random phrases, things they like, and initials of phrases and a
combination of dates and numbers.
~ 16 ~
-
8/9/2019 Internet Banking Final Report
17/36
Use of Personal Info Yes No Yes % No %
Date of Birth 5 25 16.66667 83.33333
Nickname 15 15 50 50
Phone number 5 25 16.66667 83.33333Spouse's name 3 27 10 90
The most favorable result of the research pertained to what a password was
constructed of, i.e. 50% of passwords had at least two types of characters
either i) alphabets and numeric, ii) numeric and special keys, or iii) alphabets
and special keys while another 36.7% used all three types of characters in
their password. Only a small minority of 13.30% used simple passwords. The
result although encouraging, highlights a key component that people do not
place importance on their passwords even though many websites nowprovide the testing of ones password. They require the password to be
entered and a bar will show the strength of the password whether weak,
moderate or strong. Since these tools are easily available and there is the
strong likelihood that individuals are aware of these tools due to the
widespread availability, the mindset is such that even strong passwords
would not protect data against a hacker. While true in some cases, a
password can protect against hackers contrary to the beliefs of many.
Preference for
passwords
Frequency Percent (%)
Simple alphabets 4 13.30
Alphabets and numeric 12 40
Alphabets and special
keys
2 6.70
Numeric and special
keys
1 3.30
All of the above 11 36.70
Total 30 100.0
~ 17 ~
-
8/9/2019 Internet Banking Final Report
18/36
Concerning the sharing of passwords, 14 of the 30 people surveyed
responded that they did share their passwords while the rest of the 16 did
not share their passwords. Of the 14 people who do not keep their passwords
to themselves, 50% shared their passwords with their husbands or wives
while 4 people each responded to having shared their passwords with friends
or siblings while an insignificant minority of 2 people out of the 14 admitted
to having shared their passwords with their boyfriend or girlfriend. Theassumption behind this question was respondents would be more likely to
share their passwords with their respective spouses and girlfriend/boyfriend.
This was however invalid as people also shared such information with their
friends and siblings. The results were skewed towards the unfavorable side
since trusting people with crucial key combinations of bank accounts and
credit card information can leave one penniless if one ever came across a
person who wanted to misuse such financial information.
Password Sharing Yes No Yes % No %
Share passwords 14 16 46.66667 53.33333Share with friends 4 10 28.57143 71.42857
Share with siblings 4 10 28.57143 71.42857
Share with spouse 7 7 50 50Share withgirlfriend/boyfriend 2 12 14.28571 85.71429
The most disappointing result of this research was the question which
surveyed awareness about various softwares that can steal passwords off
computers if installed on them. These softwares are likely to across in publiccomputers at airports, internet cafes and other public places. Once the login
and password is entered it is stored and can be retrieved either by accessing
that same computer or even from an off location computer by accessing it
through the internet. This can lead to various information being
compromised, more so because there is a severe lack of awareness about
such software. An astounding 56.7% of the people pledged to be unaware of
the existence of any such software. This result was highly disappointing
because of the nature of the sample population. Aged above 25 and having
used the internet extensively for about 5 to 7 years they were oblivious to
potentially damaging programs.
Awareness of Passwords
revealers, spywaresFrequency Percent (%)
Yes 13
No 17 56.7
~ 18 ~
-
8/9/2019 Internet Banking Final Report
19/36
Total 30 100.0
When asked about whether respondents thought passwords could help keep
their financial information secure, 56.6% agreed to this statement while 30%
were unsure about it. A mere 13.3% of the responses disagreed with the
statement. This result is reassuring and although not as strongly seen inother conclusions of this research objective that states a majority of people
may not choose the characters in their passwords carefully.
Strong passwords keep
financial information
secure
Frequency Percent (%)
Strongly Agree 7 23.3
Agree 10 33.3
Neutral 9 30
Disagree 4 13.3
Strongly Disagree - -
Total 30 100.0
When inquired about whether they trusted computers in public places, 90%
said no. Despite the population being unaware of why publicly logged in
computers are unsafe, there is a severe lack of trust in the same. Although
contrary to the previous result, this result is encouraging. At least the
population is aware that such places are not to be trusted.
Trust computers in public
areasFrequency Percent (%)
Yes 3
No 27 90
~ 19 ~
-
8/9/2019 Internet Banking Final Report
20/36
Total 30 100.0
Concerning the next aspect of this research report, about the use of financial
transactions available online, many people indicated a fear of using credit
cards and online banking accounts. 90% of the responses stated that there
was some fear associated with using their credit cards but despite this fearonly 56.7% of the people answered that they rarely and never used their
credit cards due to this fear that their information could be misused and they
could be charged for expenses they did not actually incur. In such cases if a
bank is notified that a credit card has been misused, usually the person to
whom the credit card has been issued to, does not have to pay if he can
prove that he did not authorize the transactions. In some cases where the
person cannot prove the same, he is liable to pay or the bank can assume a
limited liability role depending on the rules of the issuing bank. Bottom line
being many individuals believe there is a risk when using credit cards. Thisresult is highly contrasting to that of more developed countries. In the USA
for example, even everyday groceries are purchased by credit cards where
as in Pakistan, a large investment such as a car is also paid for by cash. Thus
there is huge shift in mindset that needs to occur before widespread
acceptance of credit cards. This can be achieved if people start accepting
that credit cards can be protected against misuse.
Online usage of credit
cards
Frequency Percent (%)
Always- its very
convenient
4 13.3
Frequently-Prefer online
transaction more
9 30.0
Rarely- Prefer cash
rather than credit card
9 30.0
Never-too risky 8 26.7
Averse to interest - -
Total 30 100.0
A suggestion to accompany this question was whether respondents would
trust and use credit cards if there was an arbitrary and independent
password associated with their accounts: any such information that was not
~ 20 ~
-
8/9/2019 Internet Banking Final Report
21/36
available on the face of the credit card itself in case it was stolen. Generally
a credit card transaction requires the credit card number, the expiration
date, and in some cases a 3 digit pin code, all embossed on the credit card. If
this smart card were to be stolen, funds associated with the credit card
account could be used for transactions. If a password had to be entered
before authorizing the transaction for the credit card it would be safer since
it would not be printed on the credit card itself. ATM cards use this method; a4 digit pin code is required after inserting the card in the ATM slots before
cash can be withdrawn. This is known as double verification of identity and is
a much safer means of conduction transactions which will also encourage
use of credit cards and even debit cards which work in almost the same way.
Of the 66.7% who stated that they did not use their credit cards, 33.3%
stated that it would be safer if an independent password accompanied their
account and would use their credit cards in such a scenario.
Fear using credit cards Frequency Percent (%)
Yes 20
No 10 33.3
Total 30 100.0
Arbitrary passwords
with credit cards
Frequency Percent (%)
Yes, ensures stolencredit card wont be
used
10 33.3
Don't know 13 43.3
No, it still is risky 7 23.3
Total 30 100.0
Online bank account usage has not caught on much in this country. Thereasons are many. From not having the necessity to use the bank account,
since even some business transactions are carried out with cash, religious
reasons based on interest being haram, and the risk factor associated with
online transactions, it discourages people from using an extremely
convenient method of managing their finances. 53.3% report using their
banks online accounts, the figure being positive, can also simply mean that
~ 21 ~
-
8/9/2019 Internet Banking Final Report
22/36
bank balances are checked using the service. Hence this result is ambiguous.
When the 46.7% of the people who do not use online services were asked to
quote a reason, they varied from security issues to having no needs for such
services while 20% also stated that their banks did not provide such service
yet. This is also a significant finding since the non-availability of online
banking services denotes slow adapting of the banking industry.
Online bank account Frequency Percent (%)
Yes 16
No 14 46.7
Total 30 100.0
Another result stemming from above conclusions of the lack of integration of
internet services and banking in this country is seen from the awareness andcases of E crime. 66.6% reported that they had not been nor were they
aware of any individual who had been a victim of electronic crime concerning
bank accounts or credit card scams. In the developed world, such cases
widely come to light and are propagated through the media and news
channels. There were no official statistics available but the information on
various cases posted at least proved that if electronic crime cases are
unearthed they are publicly condemned so that people can be aware of the
various ways they can threatened with. This leads to better security.
Victim of E-crime Frequency Percent (%)
Yes 10
No 20 66.6
Total 30 100.0
The reasons behind increasing cases of e crime were reported and a 22 out
of 30 voted for loopholes in technology used, for example bugs in software or
inadequately performing anti-virus editions and so on. Only 10 peoplereported that simple passwords could be behind e-crime while password
sharing received just above 50% of the votes. Other reasons quoted
concerned the naivety of people which leads them to be exposed. This result
also confirms that respondents did not believe strong passwords could
contribute to security of data.
~ 22 ~
-
8/9/2019 Internet Banking Final Report
23/36
Are you aware of softwares that can retrieve your
password?
1
7
1
5
.
0
2
.
0
1
3
1
5
.
0
-
2
.
0
3
0
n
o
y
e
s
T
o
t
a
l
O
b
s
e
r
v
e
d
N
E
x
p
e
c
t
e
d
N
R
e
s
i
d
u
a
l
Reasons behind Ecrime Yes No Yes % No %Simple passwords 10 20 33.33333 66.66667Sharing of passwords 16 14 53.33333 46.66667Lack of antivirus 15 15 50 50Loopholes intechnology 22 8 73.33333 26.66667
Statistical analysis:
Hypothesis 1:
Ho= No awareness of any software that can retrieve passwordsHa=Awareness of any software that can retrieve passwords
~ 23 ~
-
8/9/2019 Internet Banking Final Report
24/36
T
e
s
t
S
t
a
ti
s
t
i
c
s
.
5
3
3
1.
0
3
C
h
i
-
S
q
u
a
re
ad
f
A
s
y
m
p
.
S
ig
.
Are you aware ofs
o
f
t
w
a
r
e
s
t
h
a
t
Can retrieve yourP
a
s
s
w
o
r
d
?
0
c
e
l
l
s
(.
0
%
)
h
a
v
e
e
xp
e
c
t
e
d
f
r
e
q
u
e
n
c
i
e
s
l
e
s
s
t
h
a
n
5
.
T
h
e
m
in
i
m
u
m
e
x
p
e
c
te
d
c
e
l
l
f
r
e
q
u
e
n
c
y
i
s
1
5
.
0
.
a
.
Rejection region:
Reject Ho if X-value
-
8/9/2019 Internet Banking Final Report
25/36
Conclusion:Since X-value is less than 0.05 i.e. 0.03 so we reject Ho and conclude thatpeople arent aware of any software that can retrieve passwords.
Hypothesis 2 :
Ho= Strong passwords cannot keep financial information secureHa=Strong passwords can keep financial information secure
strong pass can keep fin info secure?
7 7.5 -.5
10 7.5 2.5
9 7.5 1.5
4 7.5 -3.5
30
strongly agree
agree
neutral
disagree
Total
Observed N Expected N Residual
~ 25 ~
-
8/9/2019 Internet Banking Final Report
26/36
T
e
s
t
S
t
at
i
s
t
i
c
s
0
.
0
2
5
3.
0
0
5
C
h
i
-
S
q
u
ar
e
ad
f
A
s
y
m
p
.
Si
g
.
S
t
r
o
n
g
pa
s
s
c
a
n
k
e
e
p
f
i
n
i
n
f
o
s
e
cu
r
e
?
0
c
e
l
l
s
(
.
0
%
)
h
a
v
e
ex
p
e
c
t
e
d
f
r
e
q
u
e
n
c
i
e
s
l
e
s
s
t
h
a
n
5
.
T
h
e
mi
n
i
m
u
m
e
x
p
e
ct
e
d
c
e
l
l
f
r
e
q
u
e
n
c
y
i
s
7
.
5.
a
.
Rejection region:
~ 26 ~
-
8/9/2019 Internet Banking Final Report
27/36
Reject ho if X-value
-
8/9/2019 Internet Banking Final Report
28/36
D
o
y
o
u
tr
u
s
t
i
n
t
e
r
n
et
c
a
f
e
s
?
2
7
1
5
.
0
1
2
.
0
31
5
.
0
-
1
2
.
0
3
0
n
o
y
e
s
T
o
t
a
l
O
b
s
e
r
v
e
d
N
E
x
p
e
c
t
e
d
N
R
e
s
i
d
u
a
l
~ 28 ~
-
8/9/2019 Internet Banking Final Report
29/36
-
8/9/2019 Internet Banking Final Report
30/36
Reject ho if X cal
-
8/9/2019 Internet Banking Final Report
31/36
I
s
t
h
e
r
e
a
f
e
a
r
u
s
i
n
g
c
r
e
d
i
t
c
a
r
d
?
1
0
1
5
.
0
-
5
.
0
2
0
1
5
.
0
5
.
0
3
0
n
o
y
e
s
T
o
t
a
l
O
b
s
e
r
v
e
d
N
E
x
p
e
c
t
e
d
N
R
e
s
i
d
u
a
l
~ 31 ~
-
8/9/2019 Internet Banking Final Report
32/36
T
e
s
t
S
t
at
i
s
t
i
c
s
3
.
3
3
3
1.
0
0
5
C
h
i
-
S
q
u
ar
e
ad
f
A
s
y
m
p
.
Si
g
.
i
f
t
h
e
r
e
a
f
e
a
r
u
s
i
n
g
c
re
d
i
t
C
a
r
d
?
0
c
e
l
l
s
(
.
0
%
)
h
a
v
e
ex
p
e
c
t
e
d
f
r
e
q
u
e
n
c
i
e
s
l
e
s
s
t
h
a
n
5
.
T
h
e
mi
n
i
m
u
m
e
x
p
e
ct
e
d
c
e
l
l
f
r
e
q
u
e
n
c
y
i
s
1
5
.0
.
a
.
Rejection region:
~ 32 ~
-
8/9/2019 Internet Banking Final Report
33/36
Reject ho if X cal
-
8/9/2019 Internet Banking Final Report
34/36
Conclusion
Internet banking, a relatively new phenomenon in our part of the world, has
unleashed its opportunities almost suddenly. So fast that many users of this
technology are still not able to grasp the abilities and consequences of the
same. With our research we aim to prove that once basic internet security is
understood by our population, acceptance of internet banking will follow
hand in hand.
Our questionnaire was designed with a purpose to survey the understanding
of the vitals of internet security keeping in mind the future of internet
banking. It was aimed to test the basic knowledge behind security threats
and what we must do to safeguard our data.
Statistical evidence showed that there were certain shortcomings regarding
awareness but at the same time some results were better than our
assumptions behind the research.
Most of our assumptions behind this research were proven true. These
assumptions were:
People are ignorant about password strength
Passwords are commonly shared and not kept private
Same passwords are used for multiple accounts
Unawareness of data stealing software
~ 34 ~
Fear using credit card
-
8/9/2019 Internet Banking Final Report
35/36
Fear in using E banking; credit cards, online banking etc.
Unawareness about the reasons behind increasing rates of e-crime
Our research has proven that anyone can easily become a victim of e-crime
as there are various ways to steal your password or personal information if
you are not concerned about protecting your account and personal
information against security hazards.
Recommendations
Considering the sensitive nature of security, personal and financial security,
there are certain aspects that need to be published and highlighted. With an
increasing number of cases ranging from financial and identity theft, there is
a dire need to incorporate security measures. To protect one from such
dilemma, the following measures need to be implemented:
Creating strong passwords for all accounts no matter how unimportantthey seem.
The greater the variety of characters in your password, the better.
Multiple passwords for multiple accounts.
Avoid sharing passwords unless absolutely necessary.
Avoid entering personal and financial information on public terminals.
To limit the risk of your password being cracked, it should be at least 8characters long and include letters (both upper and lower case), digitsand punctuation.
You should change your password regularly and always after a tripwhere you could have exposed your password at a remote site.
~ 35 ~
-
8/9/2019 Internet Banking Final Report
36/36
Investing in a good antivirus to protect information.
To encourage banking transactions through the internet, banks canimplement the following details:
Use multiple factor authorization.
Allow entering only a specific number of characters for a password, butdifferent every time such as UBLs online banking.
Use passwords along with credit card numbers to authorizetransactions.
Educate their clients about banking security.
Bibliography
http://www.utexas.edu/its/secure/articles/importance_strong_passwords.php
http://www.associatedcontent.com/article/137084/the_importance_of_choosing_strong_computer.html
http://www.spamlaws.com/data-security-importance.html
http://crpit.com/confpapers/CRPITV98Notoatmodjo.pdf.
Exploring the Weakest Link: A Study of Personal Password Security, GilbertNotoatmodjo, 15 July 2007
Passwords and Perceptions by Gilbert Notoatmodjo and Clark Thomborson
http://www.utexas.edu/its/secure/articles/importance_strong_passwords.phphttp://www.associatedcontent.com/article/137084/the_importance_of_choosing_strong_computer.htmlhttp://www.associatedcontent.com/article/137084/the_importance_of_choosing_strong_computer.htmlhttp://www.spamlaws.com/data-security-importance.htmlhttp://crpit.com/confpapers/CRPITV98Notoatmodjo.pdfhttp://www.associatedcontent.com/article/137084/the_importance_of_choosing_strong_computer.htmlhttp://www.associatedcontent.com/article/137084/the_importance_of_choosing_strong_computer.htmlhttp://www.spamlaws.com/data-security-importance.htmlhttp://crpit.com/confpapers/CRPITV98Notoatmodjo.pdfhttp://www.utexas.edu/its/secure/articles/importance_strong_passwords.php