Hailey College of Banking & Finance Lahore

July 16 - 22, 2007

Telecommunication in the wireless environment has given new dimensions to the traditional definitions to the different threats to formal communication. The hacking of electronic properties is now so common as much as theft of physical properties. The communication of financial information is amongst the highest victims of these hacking phenomena. In the present era most of the financial institutions have already provided its customers the access to their accounts using their mobile phones. The web based Banking commonly known as Virtual Banking is also considered to be a better mode of communicating financial transactions with financial institutions. Both these forms of financial information interchange modes carry risk that need to be catered by the FI concerned which has offered such access to its customers. Here we present some of such risks and their treatments.

Add-on Attacks: In such type of hacking the intruder tries to enter its on unauthorized traffic into the network of the financial institutions through an unsecured mobile phone or Web point.

Assembly Commandeering: This is also known as middleman attack. It happens when someone hijacks a wireless or web session and authenticates itself to be the actual base station. It is thus imminent to imitate the base station and hijack a web or wireless session.

Overcrowding: This is also called a 'denial of service' attack whereby the attackers try to affect the frequency of the network by intruding the broadcasting packets at the frequency of the network.

Encrypting Assaults: The Financial institutions have successfully introduced encryption and decryption arrangements to protect the transmission of data between itself and the customers. However, there are still systems like IEEE 802.11b that should be avoided because these have weak security.

Interchange Monitoring: There are some transmissions systems whose signals can be received by anyone using standard equipment if they are in the transmission range. One example of which is quoted above. Therefore such systems also need to be improved.

Mobile Node to Mobile Node: The mobile phones are mostly able to communicate with each other if file sharing or other TCP/IP services are available. This means that any malicious file can be uploaded into the networks with least efforts. There is therefore a need to introduce effective firewalls that can protect the data from such malicious files.

Fabrication Issues: There are still increased available for the systems if the devices attached to the networks are not properly configured. To avoid such risks the organizations should have its own in-house team that keeps on checking the compatibility of the organization's devices to work on the network. Also the customers should be educated to use such devices that bear at least minimum specifications to function on the system.

Bully Attacks: Many of the devices use share passwords to function on the networks. This also increases the probability to attack on the networks using the hacked passwords.