Many experts believe that online payments by Internet service users are subject to threats of malware attacks, the so-called banking Trojan, thanks to the efforts of cyber criminals. The capabilities of this program give cyber fraudsters access to user information entered by them through the online resources of online banks without excluding authorized user data. Thus, during online payments from accessible bank accounts, cybercriminals transfer funds from user accounts to their own or to ward off suspicions and confuse others’ tracks.
The most common cases of criminal theft in the global network are carried out during client applications of electronic payment systems, purchases using online online stores and payments through online banks. Internet users themselves are to blame for everything in the first place with their naive beliefs in the effective over-protection of banking networks and computer systems.
The most risky case when using the Internet banking services is the case of illegal penetration of third party accounts. There are also cases of a system failure arising in the event of a broken Internet line, disruption of the electronic network connection or other difficulties from the technical side, because of which customers also run the risk of being left without their finances. In such cases, cash flows during online payments may be lost, that is, they will be debited but will not reach the final account to which they were sent.
For greater security of online payments by banks, decisions were made in the use of the following protective equipment when providing remote services to their customers:
- Data encryption using SSL is a cryptographic protocol that establishes a secure connection channel for transferring information to the global network and prevents unauthorized capture of closed data on the Internet or other communication flows. SSL encryption provides the proper level of protection for the transfer of sensitive information through an encrypted connection at the end of the mutual authentication process between the client and server.
- The system of using one-time passwords that the user receives at the ATM. Today, the use of one-time passwords is rarely used by Ukrainian banks.
- The two-stage protection system includes authentication of the client identifier (password and client login), and in the second stage, when the operation itself is performed, protection is used under the guise of an SMS password, electronic digital signature, etc.
- Using a one-time SMS password to confirm any operation within a certain period of time allocated by the bank, which the client receives on his phone number associated with the client’s account.
- EDS – the requisite, which is obtained using cryptographically converted information using the generated key confirming the operation.
- Using several simplified versions of the electronic digital version – external electronic devices.
In order to protect the online payments of Internet banking users, in some cases they cannot do without a one-time password generator that connects to the client PC via a usb port and does not require special software. When using a different protection system, a third-party electronic key is generated that is generated during the initial connection with the system and recorded on a third-party medium for further use when performing online payment operations in the system.
Credits for the right amount: a loan secured by real estate in Kiev