Статті в журналах з теми "Unauthorised banking"

This project proposes a technique for planning a security system for banking with email alerts and sensors. In the presence scenario there are so many banking techniques arrived but none of those are secure the properties without vulnerability. So our project main motto is to protect and also provide security without vulnerability. We use IOT to provide high end security for banking system. Our aim is not only identify the authenticate user but also protecting the customers property from theft. We use tilt sensor, pressure sensor, smoke sensor and pir sensor, this sensors is used to identify the unauthorized person activity and prevent him steeling the property and capture the victim image by using web cam and transfer it to user. This technique remove all the vulnerabilities and make sure that the credentials are safe and it will capture the unauthorised person who tries to axis the security system.

Purpose The existence of internal control for Sharīʿah-compliance promotes reasonable assurance that the Islamic financial institution’s (IFI’s) objectives are achieved in the following categories, namely, the effectiveness and efficiency of operations, the reliability of financial reporting and the level of compliance with applicable laws and regulations, as well as accounting and auditing standards. Sharīʿah non-compliant income (SNCI) is an important issue in IFIs’ operations. Thus, the purpose of this paper is to identify issues related to governance and internal control of SNCI in selected IFIs in Malaysia. Design/methodology/approach This research uses a case study approach to gather data on the measures of governance and risk management in relation to the internal control for SNCI in IFIs. Interviews were conducted with officers of the Sharīʿah and internal audit departments on internal control practices regarding SNCI. Findings Regulator’s guidelines on SNCI are simple and brief, lacking rigour in terms of governance, risk management and audit procedures. The section on SNCI is only a brief statement within the Bank Negara Malaysia’s Guidelines on Financial Reporting for Islamic Banking Institutions and also in the Operational Risk Integrated Online Network system operated by IFIs. Most of the respondents in the interviews suggested that there should be a proper guideline in determining the classification of SNCI. Second, although IFIs have established the purification account to manage SNCI, the real practice varies from one IFI to another. Third, although there are supposedly documented procedures established in relation to management and administration of SNCI, the following events still occur in practice, namely, no authorisation from the Sharīʿah Committee (SC) on various types of income channelled to the SNCI account; unauthorised use of SNCI for other purposes; SNCI not being reported in the annual financial reports; and distribution of SNCI prior to obtaining the SC’s consent. Fourth, there is an absence of Sharīʿah risk assessment conducted on operational risk by IFIs to identify any potential Sharīʿah non-compliant event. Research limitations/implications This research contributes to the importance of Islamic corporate governance theory and Sharīʿah risk management, as well as strengthening the case for reporting SNCI to shareholders. It also contributes to the body of knowledge on the capability of the management in managing the internal control system of IFIs’ SNCI. Originality/value A new internal control assessment matrix is proposed for Sharīʿah-compliance in IFIs.

Data warehouses are the most valuable assets of an organization and are basically used for critical business and decision-making purposes. Data from different sources is integrated into the data warehouse. Thus, security issues arise as data is moved from one place to another. Data warehouse security addresses the methodologies that can be used to secure the data warehouse by protecting information from being accessed by unauthorized users for maintaining the reliability of the data warehouse. A data warehouse invariably contains information which needs to be considered extremely sensitive and confidential. Protecting this information is invariably very important as data in the data warehouse is accessed by users at various levels in the organization. The authors propose a method to protect information based on an encryption scheme which secures the data in the data warehouse. This article presents the most feasible security algorithm that can be used for securing the data stored in the operational database so as to prevent unauthorized access.

The implementation of online banking in Indonesia is in line with the increasingof mobile device users who have become a part of people’s lifestyle, hence onlinebanking offers easiness to access on banking services. This study is to examine riskmapping on the implementation online banking using ERM approach, including riskmitigation strategies for identified risks. This research was conducted at XYZ Bankwho has implemented online banking. The results of this study find 55 potentialrisks. Some of it identified risks related to bank system security such as vulnerabilityto viruses, malware, hacking, also access information by an unauthorized person.Risk mitigation strategies applied by XYZ Bank is mostly done by managing the riskbecause the implementation online banking is still on the development process, andthe Bank remains optimistic with the future prospect of online banking by staying withgovernment regulations.

Th e Federal Law of June 27, 2018, No. 167-FZ, aimed at countering the theft of funds from bank accounts, seems to allow credit institutions to signifi cantly reduce losses from unauthorized operations of fi nancial frauds committed using remote banking systems.

The issues related to the developing and improving remote identification mechanism in the Russian banking sector have been considered. The main aspects of the process of collecting, processing, checking and storing biometric data, the functioning status of Single Biometric System (SBS) have been highlighted. The vulnerability and risks of using biometric technologies by banks have been noted. The key trends in the development of the international market of biometric technologies and their application in the banking sector have been presented, as well as current events on the implementation of biometric technologies in Russia. The prospects for the use of biometric technologies in the banking sector and directions for improving the technological infrastructure in order to protect data from unauthorized access have been outlined.

The features of the legal regulation of Internet banking in India are investigated. Internet banking is gradually replacing the use of cash, checks, and, most importantly, customers who personally come to bank offices: according to statistics, the total amount of transactions in the digital payments segment of India in 2019 will be $ 64.775 billion. USA. Electronic banking is a generic term for the provision of banking services and products via electronic channels, such as telephone, Internet, mobile phone, etc. The main regulatory act regulating Internet banking in India is the Information Technologies Act 2000, which provides for legal recognition of electronic transactions and other means of electronic commerce. In addition to the new law, the norms of traditional banking legislation also apply to Internet banking. The main financial regulator of India the Reserve Bank - also provides direct management of Internet banking: it developed guidelines for Internet banking in India in 2001; as well as the Mobile Banking Guide, which was transformed into the Mobile Banking Master Circular51 in 2016. The rights of consumers of Internet banking services are protected on the basis of the Consumer Protection Act 198652, which defines the rights of consumers in India and also applies to banking services. India’s law is based on case law, and in this regard, a number of new case law on disputes between banks and their customers in the field of Internet banking has been studied. However, in the legislation, the article notes, there are a number of gaps related primarily to ensuring the safety of online banking. Information security in electronic banking represents two main areas of risk: preventing unauthorized transactions and maintaining the integrity of customer transactions. When writing the article, general scientific methods of cognition were used: dialectical, hypothetical-deductive method, generalization, induction and deduction, analysis and synthesis, empirical description; private scientific methods were also used: legal, dogmatic, statistical, comparative legal analysis, and others.

Purpose – The article analyses the limits of protection of bank users´ data in France, framing them as personal data. Its legal analysis is made amidst a context of radical changes in the European and French personal data protection law as well in the banking regulation, which is being transformed by the new payment services regulation. Methodology/approach/design – The article brings an interlacement of some new legal sources from the European and French law to appraise the limits of banking data protection. It tests the application of some legal norms in order to evaluate the potential protection in two areas: the security of the banking data on a new environment of payment services (fintechs and other new firms); the possibility of protection against the unauthorized data commercial usage. Findings – The article concludes that the European and French banking and payment services law have not the desired level of protection against bad commercial practices in a context, which is marked by both the retailers and payment services integration as well the presence of the big techs. The data protection law must complement the banking and payment services regulation in order to provide the desired level of protection. Practical implications – The article demonstrates the possibility of testing new kinds of legal regulation – data protection – to archive social and economic security in a different sector, like baking and commerce. Originality/value – The article departs from a new concept of banking data, built from the meshing of the concepts of banking information and sensible personal data. From this conceptual frame, it can evaluate the level of protection granted by the European and French law in order to sketch a possible protective regime.

In the article, we analyze the impact of artificial intelligence (AI) on banking development. Banks implement AI to provide digital assistance and financial advice to clients, measure their financial standing etc. The paper also includes cases of the AI solutions marketing and some ideas of brand-new banking AI-based services. Despite the rapid spreading of AI across the different spheres, its efficiency is based, primarily, on consumers` attitude and loyalty to this technology. Our research shows that Russian business and consumers perceive AI in a positive light. Sberbank specialists have a positive attitude to the AI implementation in their work, consider these solutions as assistance in performing routine operations and are not afraid of dismissals. They use AI solutions both at work and in everyday life. The emerging fears are associated with possible technical failure, unauthorized transmission of personal data, lack of privacy, and unexpected consequences of AI implementation. However, in general, experts understand that the future of the financial sector is connected with this technology. According to Sberbank employees, consumers tend to demonstrate a certain level of mistrust to AI, which could result from misunderstanding of how this technology works, and what impact it has on their ways of life. Meanwhile, the level of AI resistance from both sides decreases with time. Therefore, state and financial mediators could create necessary conditions for banking development based on modern technologies.

This paper investigates the perceived security threats to computerized accounting information systems (CAIS) in the Egyptian banking industry (EBI) by surveying the entire population of the EBI. Differences between the respondents' opinions regarding the perceived security threats have been identified and investigated in the context of the EBI. The results of the study reveal that accidental entry of bad data by employees, accidental destruction of data by employees, introduction of computer viruses to the system, natural and human-made disasters, employees' sharing of passwords, and misdirecting prints and distributing information to unauthorized people are the most significant perceived security threats to CAIS in the EBI. In all cases, the heads of internal audit departments reported higher occurrence frequencies of CAIS security threats compared to the heads of computer departments.

The presented study examines the potential risks of Islamic banking during its implementation (through the example of the Russian Federation).Aim. The study aims to identify the potential risks of Islamic banking in Russia.Tasks. The author considers the main differences between traditional and Islamic banks, systematizes the types of risks in Islamic banks, analyzes Sharia and economic risks, and examines the potential risks of Islamic financial institutions through the example of the Amal Financial House.Methods. This study uses the dialectical method, methods of statistical research, classification, systems and structural analysis, graphical analysis, generalization and systematization, scientific methods of cognition (observation, comparison, analysis, and synthesis).Results. The main differences between traditional and Islamic banks and the types of risks in Islamic banks are systematized. The system of Sharia control is considered through the example of an Is lamic financial organization (Islamic banking). Through the example of the Amal Financial House, the major risks are identified — for Islamic banking in financing using such Islamic financial instruments as murabaha and ijara, and for investors using mudaraba.Conclusions. Systematization of the main differences between Islamic and traditional banks shows that operations are based on a real asset to exclude contradictions with Sharia (Islamic canon law). The author distinguishes between two types of risk in Islamic banks: economic and Sharia. Sharia control is divided into internal and external (through the example of the Amal Financial House), which ensure the functioning of Islamic banking to prevent risk in unauthorized transactions within the framework of Islam. The author analyzes the activities of the Amal Financial House in 2015-2019 related to financing using such Islamic financial instruments as murabaha and ijara. The return on investment products shows positive dynamics, i.e. investors receive a steady income, even though there is a risk of losing the invested funds.

Commercial banks in Kenya have embraced alternative banking channels which represent a shift in delivery of banking and financial services since the alternative banking have become synonymous with commercial banks in Kenya. While banks have succeeded in leveraging available technology and provide alternative avenues to customers for banking services, the challenge it faces today is optimizing the usage of these channels so as to improve on their performance. The general objective of this study was to investigate the effects of financial innovations on the performance of commercial banks in Kenya. The specific objectives of the study were to examine the influence of internet banking, mobile banking, agency banking and ATM banking on the performance of commercial banks in Kenya. The study was guided by agency theory, balanced score card and diffusion of innovation theory. This study employed a descriptive research design. The study targeted44 commercial banks in Kenya as at 2017. The 16 banks which embrace all the four financial innovations from 2013 to 2017were selected using purposive sampling method. The sample size was 80 respondents who comprised of 5 senior management employees in each of the selected banks.This study used questionnaire to collect primary data from the respondents. Content analysis technique was used to analyze qualitative data collected from open ended questions in and reported in narrative form. Descriptive statistics such as mean and standard deviation were used to analyse the quantitative data. Multiple regression analysis was used to show the relationship between independent variables against dependent variable. The study revealed that internet banking, mobile banking, agency banking and ATM banking had a positive and significant effect on the performance of commercial banks. Thisstudy concludes that the banking industry has benefited tremendously from the development of the Internet. The Internet fundamentally changed the way in which banking networks are designed to meet the client demands and expectations. Mobile banking provides a good opportunity to commercial banks in Kenya to reach many mobile phone subscribers in Kenya who had remained unbanked and unreached due to limited access to bank branch networks in the country. The access to the large masses through mobile banking of the population gives banks the opportunity to grow by reaching the unbanked population. Agency banking has led to accessibility of financial service to many customer in remote areas and hence an increase in effectiveness and efficiency in service delivery. Customers are satisfied with the automated teller machine services because of ease of use, transaction cost and service security but not satisfy with automated teller machine dispense of cash. The study recommends that the public and businesses must be encouraged to use Internet banking in their daily activities, including deposits, payments and money transfers. Commercial banks in Kenya should ensure convenience and security of mobile banking through written guidelines on convenience and security of mobile banking. Commercial banks in Kenya should increase the number of agents in estates and in the rural areas. This can be done by reducing the requirements of becoming a bank agent. The banks should employ customized software that records relevant information on automated teller machine cards so that banks can establish whether unauthorized transaction has taken place or not.

Introduction: currently, the information technologies are at a very high level, so there may be the situations of data leakage, thereby increasing the risk of obtaining information by third parties, moreover, the electronic format of information threatens personal information security, so it seems necessary to adapt the domestic legislation to the current processes of “digitalization” and create a system of comprehensive protection of personal data in banking, necessary in the transition to Industry 4.0. The purpose of the work is to study the impact of digital technologies on the legal regime for the protection of personal data in banking, to develop proposals for improving the legislation in this area, to identify the risks of unauthorized access to personal data in the context of digitalization. Methods: the methodological framework for the study consists of: the methods of scientific analysis, logical analysis and the dialectical method. Results: the result of the research is the development of proposals for improving the regulatory framework in the field of personal data protection in banking in the context of the active development of digital technologies. Conclusions: the conclusion is made about the advantages and disadvantages of using blockchain in the banking sector, the need to develop a regulatory framework that regulates the activities of entities using such technologies. The author draws attention to the existing payment systems that have proven their efficiency in the banking sector. In addition, in order to prevent cases of leaking personal information of the bank customers, it seems appropriate to eliminate the existing legal uncertainty and unify the rules governing the legal regime for the protection of personal data in banking, in particular, the author supports the idea of concluding an agreement on electronic information interaction between the Central Bank and the Ministry of Internal Affairs of Russia, so that the law enforcement agencies can quickly respond to fraudulent actions and prevent them.

Bank is a financial institution, which primary function includes collecting and granting deposits to the public based on fiduciary principle. The development of information technology has shifted financial products and services into electronic-based products and services, making money management easier than before. One of the electronic banking products, an ATM (Automatic Teller Machine) is operated by a financial institution, allowing customers to perform financial transactions. However, the information age shows that ATM skimming has become a rising threat. Skimming is a crime that occurs when skimmers install skimming devices on ATM machines in order to steal debit or credit card information. Skimming is done by surreptitiously installing a device at ATMs to record pin card data using magnetic strips. Therefore, the purpose of this study is to analyze which party is liable as a result of ATM skimming. The result of this study shows that BCA is liable for the loss caused to its customers due to unauthorized withdrawals, considering Article 1367 of the Indonesia Civil Code states that a financial institution is responsible for the damage caused by matters which are under its supervision, that is, an ATM machine. Skimming is a criminal act in the banking sector that not only contravenes Banking Law, but also Criminal Law and Information and Electronic Transactions Law. Therefore, skimmer or fraudster is subject to Article 263 jo. Article 362 of the Criminal Code and/ or Article 30 (3) jo. Article 46 of the Information and Electronic Transactions Law.

The present-day society depends heavily on digital technology where it is used in many applications such as banking and e-commerce transactions, computer passwords, etc. Therefore, it is important to protect information when storing and sharing them. Cryptography is the study of secret writing which applies complex math rules to convert the original message into an incomprehensible form. Graph theory is applied in the field of cryptography as graphs can be simply converted into matrices There are two approaches of cryptography; symmetric cryptography and asymmetric cryptography. This paper proposes a new connection between graph theory and symmetric cryptography to protect the information from the unauthorized parties. This proposed methodology uses a matrix as the secret key which adds more security to the cryptosystem. It converts the plaintext into several graphs and represents these graphs in their matrix form. Also, this generates several ciphertexts. The size of the resulting ciphertexts are larger than the plaintext size.

The study points out that low coverage, low operational performance, low participation of volunteer farmers, low awareness of farmers, low access of farmers to institutional credit, continuous banks’ failure in achieving the target of priority sector in common and agriculture credit in particular, shrinking the banking facilities in rural areas, re-emergence of unauthorized source of credit in rural areas, low education of farmers, non cooperation of bankers towards farmers, problems of design and implementation of the NAIS, problems of obtaining accurate and timely price data from local markets, the model of measurement of agriculture loss by natural hazards which is not appropriate to all farmers are the common weakness of the National Agriculture Insurance Scheme (NAIS). The agriculture sector of India—the main employment provider and the backbone of Indian economy, is affected most by recurring natural hazards due to climate changes, and requires the most care and protection against all sort of uncertainties, hence, NAIS can prove itself as the best protector (Ram Baan) in this context.

While the password-based authentication used in social networks, e-mail, e-commerce, and online banking is vulnerable to hackings, biometric-based continuous authentication systems have been used successfully to handle the rise in unauthorized accesses. In this study, an empirical evaluation of online continuous authentication (CA) and anomaly detection (AD) based on mouse clickstream data analysis is presented. This research started by gathering a set of online mouse-dynamics information from 20 participants by using software developed for collecting mouse information, extracting approximately 87 features from the raw dataset. In contrast to previous work, the efficiency of CA and AD was studied using different machine learning (ML) and deep learning (DL) algorithms, namely, decision tree classifier (DT), k-nearest neighbor classifier (KNN), random forest classifier (RF), and convolutional neural network classifier (CNN). User identification was determined by using three scenarios: Scenario A, a single mouse movement action; Scenario B, a single point-and-click action; and Scenario C, a set of mouse movement and point-and-click actions. The results show that each classifier is capable of distinguishing between an authentic user and a fraudulent user with a comparatively high degree of accuracy.

In recent years, The number of companies that have been collecting personal information for marketing purposes has grown. Then, they have been reselling it to other companies, banks, institutions. In this way, enterprises, financial and public institutions create huge collections of nonpublic data that are valuable information for taking marketing enterpises. By targetting appropriately profiled product and service offer at a selected group of receivers; trading partners and potential clients, a greater effectiveness used in the marketing strategy is achieved suitably Thereupon, multifaceted and informational personal data base, which are built in institutions, enterpises and social networking sites, become a valuable source of informaton used for the marketing purposes. The development of information processing and dissemination techniques through the Internet is determined by the many conveniences for beneficiaries, customers and users of services offered by the Internet. On the other hand, the development of information technologies on the Internet carries the risk of loss or theft of information by an unauthorized entities. The process of facilitating information online generates a number of threats related to identity theft, capturing nonpublic data by hackers, and accomplishing conversion of funds in the electronic system banking. In response to these threats, specific entities expand security systems for remote facilitating of information and making transactions via the Internet.

Abstract. The article is devoted to analysis of the effectiveness of the main procedural legal and financial (banking) mechanisms designed to ensure the protection of property rights’ immunity. The legally regulated procedures of such protection are analyzed on platforms — both procedural and legal as well as financial and economic. There is no doubt that only in a state where the immunity of property is declared and guaranteed to the person can be provided the development of economic, intellectual, socially oriented activities. The effect of the principle of immunity of property rights is not absolute, but its restrictions are possible only on the grounds and in the manner prescribed by law. The topicality of the inviolability of property rights is due to the role of law as a platform for citizens’ property independence and their participation in the processes of social reproduction. The guarantee of property independence is the right of ownership of property and non-property rights, which is realized by giving a person the right to freely, unimpededly, and fully exercise the rights of the owner of personal property. The compliance of the inviolability of property rights during criminal proceedings is not properly ensured in the current CPC (The Criminal Procedure Code) of Ukraine; in particular, the movement of confiscated property is not regulated, which questions the novelty of inviolability. To improve the procedure for the protection of property rights, this is necessary to regulate at the legislative level the mechanism of protection and restoration of property rights of persons victimized by criminal offenses. The etymology of «inviolability» guarantees by law the protection of the status of the person from any encroachment. Inviolability in the economic and legal context is mainly understood as a person’s legal status, which is an unalterable guarantee against unauthorized restrictions by the state institutions — law enforcement, financial, court, and individuals and legal entities. An attempt is made to accumulate most of the latest achievements (both legislative, theoretically investigative and applied) on the issues of legal regulation of the studied financial and legal relations, based on which scientific views are substantiated, and proposals are developed to improve regulations in this area. The main vectors of economic and legal mechanisms for the protection of the inviolability of property rights, which would correlate with generally accepted European and world standards, have been identified. Keywords: the inviolability of property rights, property rights, principles of proceedings, judicial protection, seizure of property, financial guarantee, financial risks. JEL Classification G28; К14 Formulas: 0; fig.: 0; tabl.: 0; bibl.: 12.

Session Hijacking is an attack which is basically used to gain the unauthorized access between an authorized session connections. This is usually done to attack the social network website and banking websites in order to gain the access over the valid session as well as over the website too. These attacks are one of the commonly experienced cyber threats in today’s network. Most of the websites and networks are vulnerable from this kind of attack. For providing the protection I have given the multiple ways to protecting from this session hijacking attack. I have especially focused on one of the major attacks in this session hijacking attack SSL Strip attack which play very vital role in this kind of attack. Sometimes this session hijacking attack is also known as the Man in the Middle attack (MIMA).In this paper, I have covered many security mechanisms to stay away and protect you and the network. This session hijacking attack is very dangers for the security perspective. Even it can steal all users’ most sensitive data. This can create a big loss for the users financially. From all these types of attack, I have proposed many mechanisms to help the users to stay away from the attack. The main objective of this paper is to give detail information of session hijacking and countermeasure from session hijacking attacks.

Smartphones are the most popular and widespread personal devices. Apart from their conventional use, that is, calling and texting, they have also been used to perform multiple security sensitive activities, such as online banking and shopping, social networking, taking pictures, and e-mailing. On a positive side, smartphones have improved the quality of life by providing multiple services that users desire, for example, anytime-anywhere computing. However, on the other side, they also pose security and privacy threats to the users’ stored data. User authentication is the first line of defense to prevent unauthorized access to the smartphone. Several authentication schemes have been proposed over the years; however, their presentation might be perplexing to the new researchers to this domain, under the shade of several buzzwords, for example, active, continuous, implicit, static, and transparent, being introduced in academic papers without comprehensive description. Moreover, most of the reported authentication solutions were evaluated mainly in terms of accuracy, overlooking a very important aspect—the usability. This paper surveys various types and ways of authentication, designed and developed primarily to secure the access to smartphones and attempts to clarify correlated buzzwords, with the motivation to assist new researchers in understanding the gist behind those concepts. We also present the assessment of existing user authentication schemes exhibiting their security and usability issues.

The purpose of the work is to consider the theoretical and practical aspects of fraud in the Internet sphere and on this basis to identify ways to ensure the confidentiality and cybersecurity of private users and commercial organizations. The methodological basis of the work is the use of general and special methods of scientific knowledge. Methods of combining analysis and synthesis, induction and deduction have been used to identify different types of fraud in the Internet. Generalization methods, logical and empirical, were used in determining the directions of development of the national cyber defense system and ensuring confidentiality. The main results of the work: The most common methods of fraud with the use of bank payment cards are identified, among which: a fake poll on social networks with a prize draw; a phone call to obtain classified information; SIM card replacement for access to online banking; online payments on unsecured sites; phishing; copying card data when handed over; unsecured WI-Fi networks; computers in public places; skimming for card data theft; unauthorized micropayments; ATM fraud; use of malicious programs (viruses), fake sites in order to compromise the details of electronic payment instruments and/or logins/passwords for access to Internet/mobile banking systems; dissemination (sale, dissemination) of information on compromised data; terminal network fraud; fraud in remote service systems; social engineering. Basic security rules are defined to prevent fraud. The experience of European countries in the field of cybersecurity is analyzed. The directions of adaptation of the current legislation on cybersecurity to the EU standards are outlined and the directions of development of the national system of cybersecurity are defined. The practical significance of the results is to deepen the understanding of the nature and mechanism of various types of fraud in the Internet. The recommendations proposed in the paper can form a methodological and theoretical basis for the development of economic policy of the state to ensure the confidentiality and cybersecurity of private users and commercial organizations. Conclusions. The state should establish an effective oversight body in the field of personal data protection, but security measures and online restrictions should comply with international standards. The use of encryption should not be prohibited at the legislative level, as such restrictions reduce the ability of citizens to protect themselves from illegal intrusions into privacy. In addition, the state policy in the Internet should be aimed at promoting the development and operation of secure Internet technologies and the formation of mechanisms to protect against services and protocols that threaten the technical functioning of the Internet from viruses, phishing and more.

Smartphones have become a major part of human’s life. And also it has been seen that new mobile applications are built day by day. Currently mobile applications are playing major role in many areas such as banking, social networking, financial apps, entertainment and many more. With this increasing number of applications, security is an important issue. The growth of android market has increased security risk and thus focus should be given to the security. Security is the biggest issue in the field of mobile technology. Therefore, mobile applications need to be assessed and ensure that secure coding practices have been followed during development. Mobile application security breach can lead to fraudulent transactions through mobile applications, confidentiality and revenue loss through communications services misuse. Data that is shared on an unsecured channel is vulnerable to attacks and to stop unauthorized access to this data, there is need to encrypt the data before it is sent to the server. In this research work, different cryptographic algorithms for encrypting data and secure data sharing in mobile applications across communications channels were examined. Simulation methodology was used to investigate a suitable cryptographic algorithm and to design a security framework for mobile applications to solve mobile application security problems. The proposed framework employs the use of Advanced Encryption Standard (AES) algorithm for encrypting meter readings data being exchanged between a smart phone and the server. The results obtained from the simulation of the security framework, showed that the four fields namely: Account number, image path, meter number and phone number on which AES encryption was applied were in an unreadable format (ciphertext), implying that the fields have been successfully encrypted. This solution allows application users to transfer (upload readings) data between a smart phone and database server in a secure manner without facing the problem of data attack. Data being uploaded to the server is encrypted before it is transferred and decrypted once it reaches the server side. This solution addresses android application security in the application and network communications layers and data transmission. The research paper ensures information security is guaranteed between an organisation and its customers.

The article points out that the pace of technological advance has led to integrating informaion and communication technology into accounting processes. Examples of advanced technologies for business that influence accounting management include computer-assisted learning and artificial intelligence, “smart” applications for telecommunication devices, “smart” things, complemented by virtual reality, digital twins, blockchain, chat communication systems, adaptive security systems, applications and network architecture, integrated electronic platforms. The aim of the research is to elucidate the impact of advanced technological trends on accounting management and highlight advantages of applying computer and communication technology to the processing of credentials. Artificial intelligence (AI) and computer-assisted learning, which include neural networks and natural-language processing, support the accounting system that is capable of learning, forecasting, adapting and working autonomously. Using AI, technology developers focus on three areas: advanced analytics of accounting information, digital assistants of accounting automation, and interactive interface for virtual reality. AI, used in automated information processing, is complemented by applying “smart” things that make it possible to identify, measure, evaluate and transfer accounting data on phenomena and events to the single database without the participation of staff. A proposed information model of integrated database might act as a common information environment for electronic interaction of all participants in financial market transactions. There is information exchange between suppliers, customers, banking institutions, legal and factoring organizations, government fiscal and statistical authorities. However, public access to a single database may lead to losses of confidential information, which requires effective methods for information protection of the accounting system. “Blockchain” is one of the advanced technologies of information security. It is a type of accounting ledger in the database (for example, in bitcoin crypto-currency), where entries are grouped consecutively into blocks to prevent unauthorized changes. The use of computer and communication technology in the accounting management will provide: the opportunity for complete automation of accounting processes; minimization of time and money spent on administrative staff; information protection in communication interactions between participants of information processes; development of algorithms for building a common database of credentials and common information environment.

Indonesia is currently racing with time related to the increasingly rampant criminal corruption committed by state officials who have a very significant impact also on the increase of TPPU. One of the perpetrators' efforts to avoid him from the law by hiding or obscuring his crime through money laundering takes advantage of the mechanism of financial traffic. Money laundering practices are very often committed against money earned from crime. The practice is simply a way to disguise or conceal the proceeds of a criminal offense. Money laundering is then used as a shield for the proceeds of the crime. Therefore, the existence of provisions or regulations on TPPU is very beneficial to minimize the velocity of funds from the crime. The latent danger of corruption has touched almost all levels of society, not only in relation to state organizers, power and policy, but also to the presence of private parties. Various methods have been taken to eradicate it, both preventively and repressively as well as by making changes to the method of eradication. One of the objectives of repressive action is to restore the State's losses. Corruption has resulted in heavy losses to the state's finances and undermines the stability of the national economy. The state losses in the form of assets resulting from corruption in returning it are not easy, the complexity of the settlement of criminal cases is one of the most dominant causes, not to mention the settlement of cases of corruption, especially those that have obtained permanent legal force, in relation to the spoils and payments replacement money, suspects, defendants, or convicted persons who disappeared at the time the proceedings were underway. The handling of TPPU cases has significance for the return of state assets related to the eradication of corruption. Property becomes a very fundamental object in relation to corruption and TPPU. Money laundering is always associated with property derived from a crime. The outcome of corruption is certainly related to assets or property acquired in an unauthorized and dirty manner. The prosecution of the perpetrators of corruption is not only related to the problem of his actions but also the repression of the result of his act of seizure of assets or assets of the perpetrator. Presidential Instruction Number 5 of 2004 on the Acceleration of Corruption Eradication issued by the President on December 9, 2004 to prove the seriousness of the government in criminalizing the money laundering of corruption results as well as a legal instrument that ordered law enforcement officers to immediately restore the state loss (asset recovery).1 The handling of TPPU, is a tough task for PPATK, especially to detect the occurrence of TPPU and further criminal acts. So the prevention and eradication of money laundering requires a systematic and comprehensive mechanism, which includes the detection process and legal process.2 The practice of money laundering through bank mechanisms is possible because banks are the most vulnerable financial institutions, and are subjected to the practice of Money Laundering whereby banks have a clearing system, international correspondence and a secret banking system.3 The role of the financial and government industry (PPATK) in preventing and eradicating TPPU becomes a barometer. It is based on banking and other financial services providers as front lines, in anti money laundering regimes. It is expected that financial institutions together with employees are at the forefront, in an effort to combat illegal financial activities.4

Syari’ah Financial Institution is one of the institutions of Islamic doctrine that is currently mushrooming in the midst of modern Indonesian society. Along with the growth of syari'ah financial institutions, MUI issued that interest is usury which is unlawful. The entry of syari'ah financial institutions in Indonesia made a new breakthrough in the syari'ah capital market. One of the products of syari'ah capital market is Syari'ah Mutual Fund. Syari'ah mutual funds are defined as mutual funds as referred to in the Capital Market Law and its implementing regulations whose management does not conflict with the principles of syari'ah in the capital market. The problem of this research is how is the interpretation of the regulation of syari'ah economic principle in Indonesia and how is the management of Syari'ah Mutual Funds based on syari'ah economic principle in Indonesia. This research is normative research with descriptive research type. The approach used is normative juridical. The data collection was done by literature study and document study. The data used are secondary data consisting of primary legal materials, secondary legal materials, and tertiary legal materials. The collected data is then analyzed qualitatively. The findings of the research show that there are 3 (three) principles of syari'ah economy namely the principles of Tauhid, Justice, and Benefits. The regulation of syari'ah economic principles in Indonesia is regulated in the DSN-MUI and compilation of Islamic law. Basically syari'ah economic principles are in the field of Bank financial institutions and Non-Bank financial institutions. The arrangement of syari'ah economic principles, as well as regulated in law but also governed by Syar'i Law and Fiqh law through Ijtihad, by the method of Mashlahah Mursalah. Implementation of investments in Syari'ah Mutual Fund transaction mechanism in investing through Syari’ah Mutual Funds should pay attention to things that are not against the Islamic Syari'ah. Implementation of the transaction contract should not be contrary to the Islamic Syari'ah, whether prohibited because (1) Forbidden in addition to the substance, which contains tadlis, ihtikar, ba'i najasy, garar, and usury, as well (2) Because unauthorized, i.e. the order and conditions are not met, there ta'alluq, and there are two contracts in one transaction simultaneously. The idea of syari’ah economic principles recommends to the Syari’ah Banking Supervisory Board to make further regulation in the development of investing through Syari’ah Mutual Funds in Indonesia.

This paper presents a proactive defense scheme based on Honeypot security system (HPSS). We propose an improved approach based on Intruder Detector System (IDS) which enhances the security of cyber. HPSS provide improved attack prevention, detection and reaction information, drawn from the log files and other information captured in the process. Honeypot security system can be best defined as follows: “A honeypot is a security resource whose value lies in being probed, attacked or compromised.[1] However, the electronic banking system users still face the security risks with unauthorized access into their banking accounts by non-secure electronic transaction hence it need to build reliable system which holds the identity of both the sender and the receiver.”

Automated Teller Machine (ATM’s) are devices used for the personal and business financial transactions or banking functions. It can be used without the help of the banking official. The ATM’s have become popular among the public for their availability and the user friendliness. Nowadays ATMs are available in many locations such as college, supermarket, gas station, banking center, airport, work location, hotels, and entertainment establishment, having a consistent high volume of user traffic. The existing ATM machine uses the ATM cards for the user access to authenticate their account in order to use the services of the ATM. There are several problems which includes card expiring, cost of maintenance, accessing customer account by others, waiting time before the issuance of the new card, card damaging, card cloning, shoulder surfing attack, skimming attack, eavesdropping attack, guessing attack. This paper presents the prototype for the card-less electronic Automated Teller Machine without the use of the card. The proposed system uses the face recognizer using the HAAR algorithm. Using the help IoT the unauthorized users could be tracked and if there is any mismatch with the authorized users the mail and SMS could be send to the registered users.

Information Assurance and Security (IAS) is a field of research that focus on the management and protection of knowledge, information and data. It combines two fields:Information assurance, which focuses on ensuring the availability, integrity, authentication, confidentiality, and non-repudiation of information and systems. These measures may include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.Information security, which emphasizes on the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.Information systems play an important role in the infrastructure that supports commerce, banking, telecommunications, health care, and national security, driving the need for qualified IAS specialists.This special issue is a platform for Master of Science (Information Security) students to publish their final year project/research findings. The papers published in this issue have been reviewed by at least 3 reviewers or lecturers in the area of IAS. The scopes of research area conducted by the students are:- Information Security Awareness, Evaluation, Maturity Model/Metamodel- Security Issues in Cloud- Spam Email/Review/Web Detection- Biometrics Recognition- Privacy Preserving Data Mining- Cyber Security Analytics and Visualization- Digital Forensics and Investigation- Others

In the past recent, identification of a person in an effective manner is a foremost concern for any security authentication in numerous applications such as, banking, e-commerce, communications etc. One of the best identification technology for person identification and authentication compared with the existing password based authentication is the multimodal biometric technology. Multimodal can be defined as, a system which uses two or more biometrics for identification of person. In the paper we propose a multimodal bio-metric system with a unique methodology and features extraction method incorporated in system for a secure authentication. The two modalities used in the system are face and thumb. We use Harris based image feature extraction for both and choose the best unique features from both and fused using concatenation. The extracted unique features are embedded in a cover image using modulo operator based steganography technique. This encrypted data is shared as an image file to the receiver for authentication. At the receiver end the hidden features are decrypted and separated into face and thumb features. These decrypted features are compared with the pre-trained authorized person feature, based on the multi-svm classifier result the person is decided as authorized or unauthorized. The accuracy of the system is been calculated and was resulted in a good accuracy. The system can be made much more secure by adding an additional secret key for encryption and decryption.

This case covers the scandal that occurred in 2008 at Société Générale when one trader, Jérôme Kerviel, lost the prominent French bank nearly €5 billion through his unauthorized trading. The case describes Kerviel’s schemes as well as SocGen’s internal monitoring and reporting processes, organizational structures, and culture so that students reading the case can identify and discuss the shortcomings of the firm’s risk management practices. The case and epilogue also describe the French government’s and Finance Minister Christine Lagarde’s reactions to the scandal (e.g., imposition of a €4 million fine and increased regulations), prompting students to consider the role of government in overseeing that healthy risk management practices are followed in key industries (such as banking) that are highly entwined with entire economies. Finally, the case encourages students—during class discussion—to critically consider whether it is truly possible for one rogue trader to act alone, which elements in a work environment enable or even encourage risky behavior, and who should be held accountable when such scandals occur. Interestingly, this case highlights a story that is not unique. Prior to Kerviel’s transgressions were the similar scandals of Nick Leeson at Barings Bank and Toshihide Iguchi at Daiwa Bank, yet history has repeated itself. This case gives students a vivid example of the dangers of internal, self-inflicted risk on organizations, and it opens a discussion on how to avoid it.After completing this case, students will be able to: Identify shortcomings in a firm’s risk management practices (i.e., processes, systems, structures) Evaluate the role and interests of governments as well as peer firms in overseeing healthy risk management practices in an industry Understand the dangers of self-inflicted risk and consider the elements in an organization (e.g., leadership, compensation structure, incentives, recruiting) that impact its risk environment

E-commerce (electronic commerce) or EC is the buying and selling of goods and services, or the transmitting of funds or data, over an electronic network, primarily the internet. These business transactions occur either as b to b (business-to-business), b to c (business-to-consumer), c to c (consumer-to-consumer) or c to b (consumer-to-business).It is the trading or in products or services using computer networks like Internet or online social networks. Here the Business conducted through the use of computers, telephones, fax machines, barcode readers, credit cards, automated teller machines (ATM) or other electronic appliances without the exchange of paper-based documents or physically moving to a shopping mall. It includes activities such as procurement, order entry, transaction processing, online payment, authentication, inventory control, order fulfillment, shipment, and customer support. When a buyer pays with a bank card swiped through a magnetic-stripe-reader, he or she is participating in e-commerce. E-commerce Security is a part of the Information Security framework and is specifically applied to the components that affect e- commerce including of Data security and other wider realms of the Information Security framework. E-commerce security is the protection of e-commerce assets from unauthorized access, use, alteration, or destruction. Dimensions of e-commerce security-Integrity, Non-repudiation, Authenticity, Confidentiality, Privacy, Availability. Ecommerce offers the banking industry great opportunity, but also creates a set of new risks and vulnerability such as security threats, hackings. Therefore it is an essential management and technical requirement for any efficient and effective Payment transaction activities over the internet. Due to the constant technological and business change and requires a coordinated match of algorithm and technical solutions. In this paper we discussed with Overview of security for e- commerce, various steps to place an order, Security purpose in E-commerce, various security issues in E-commerce, guidelines for secure online shopping etc.

This paper is included in the First Monday Special Issue #3: Internet banking, e-money, and Internet gift economies, published in December 2005. Special Issue editor Mark A. Fox asked authors to submit additional comments regarding their articles. How has the hi-tech gift economy evolved since 1998, when the paper was written? This article was a product of its time. When I originally wrote The Hi-Tech Gift Economy, the Net was still a novelty for most people even in the developed world. Nearly 8 years later, using this technology is no longer something special. This means that it is impossible to understand my article without remembering the bizarre moment in the late-1990s when so many pundits believed that the Net had almost magical powers. Led by Wired, dotcom boosters were claiming that the Net was creating the free market only found up to then in neo-classical economics textbooks. Inspired by post-modernist gurus, new media activists were convinced that humanity would soon liberate itself from corporate control by escaping into cyberspace. What intrigued me at the time was how these devotees of irreconcilable ideologies shared a common faith in McLuhan-style technological determinism. The Net – not people – was the subject of history. This demiurge promised the final victory of one – and only one - method of organizing labor: the commodity or the gift. When I was writing this article, my goal was to attack these almost totalitarian ideologies. The sharing of information over the Net disproved the neo-liberal fantasies of Wired. The leading role of capitalist businesses within the open source movement was incompatible with the anarcho-communist utopia. I wanted to argue that the choice wasn’t the commodity or the gift. On the Net, the same piece of information could exist both as a commodity and a gift. Nowadays, this conclusion is hardly controversial. My ideological opponents have long ago left the theoretical battlefield. We won’t hear their arguments again until the next wave of innovation within the information technologies creates the conditions for another revival of McLuhanist prophecy. In the meantime, it is common sense to describe the Net’s economy as a mixed economy. Information is shared and sold. Copyright is protected and broken. Capitalists benefit from one advance and lose out from another. Users get for free what they used to pay for and pay for what they used to get for free. In 2005, the dotcom commodity economy and the hi-tech gift economy are – at one and the same time – in opposition and in symbiosis with each other. What are some current examples of the hi-tech gift economy in action? Over the past decade, the hi-tech gift economy has moved from the fringes into the mainstream. When I was writing The Hi-Tech Gift Economy, the open source movement was the iconic example of non-commercial production over the Net. In the intervening period, blogging has become the public face of this new way of working. What was once the preserve of a small minority is now a mass phenomenon. Crucially, just like their techie predecessors, the participants in this enlarged hi-tech gift economy don’t have to think about the political implications of their method of working together. Free market fanatics can happily give away their blog-making labor without realizing they’ve become cyber-communists! This ideological inconsistency has hidden the social impact of the hi-tech gift economy. Allowing people to download your photos for free from Flickr doesn’t seem very radical. Putting up your latest tunes on-line can’t really be a threat to the music moguls. Making your own website doesn’t look like attack on the media corporations. Yet, when large numbers of people are engaged in these activities, commercial self-interest is checked by social altruism within the mixed economy of the Net. Before buying information, every sensible person checks whether you can download it for free. What are the impediments and what are the driving forces of the hi-tech gift economy? Is it possible to distinguish between the two? Long ago, Karl Marx pointed out that socialists had been forced to define their own political position to counter attacks by their liberal and conservative critics. It seems to me that we could make a similar observation today about the two sides in the copyright debate. During the past few decades, American and European politicians have steadily increased and extended the legal privileges of the media corporations. Entranced by the neo-liberal version of the McLuhanist prophecy, they’re convinced that the knowledge economy will be built around the buying and selling of intellectual property – and the state must punish anyone who threatens this new paradigm. In the digital Panopticon, Big Brother will spying on you to make sure that you don’t have any illegally copied files on your hard drive. Since the mid-1960s, the ideological appeal of the post-industrial future has protected the interests of the copyright owners. According to neo-liberal pundits, the global marketplace is founded upon the North exchanging its information commodities for the South’s manufactured goods. Economic prosperity now depends upon the World Trade Organisation imposing copyright protection as a universal obligation. Ironically, by proclaiming their global ambitions, the media and software corporations have exposed the weakness of their economic position. Across the developing world, governments know that copyright laws are unenforceable. Only the rich can afford to pay Northern prices in the South. If piracy can no longer be tolerated, alternatives must be found. In Brazil, the ministry of culture is promoting open source software as not just a more affordable product, but also an opportunity to create local employment. At the international level, they’re advocating the replacement of rigid copyright protection with flexible copyleft licenses. Inspired by this good example, other governments in the South are launching their own open source initiatives. In the developing world, participating within the hi-tech gift economy is a necessity not a hobby. During the last year, the American movie and music industries have forced the leading file-sharing services to limit unauthorized copying by their users. But, as soon as one threat is seen off, another arises. In 2005, over three-quarters of online music is still distributed for free. By forcing the issue, the owners of intellectual property have proved that the hard-line definition of copyright is as anachronistic in the North as in the South. Up-and-coming bands long ago learnt that giving away tunes attracts punters to their gigs and – in due course – sells their music. Yet, in contrast with the South, few politicians in the developed world have accepted the copyright laws need updating for this new dispensation. But, eventually, legislation must match social reality. The dotcom commodity economy can’t displace the hi-tech gift economy. Miscegenation is the epitome of the Net. During the Sixties, the New Left created a new form of radical politics: anarcho-communism. Above all, the Situationists and similar groups believed that the tribal gift economy proved that individuals could successfully live together without needing either the state or the market. From May 1968 to the late Nineties, this utopian vision of anarcho-communism has inspired community media and DIY culture activists. Within the universities, the gift economy already was the primary method of socialising labour. From its earliest days, the technical structure and social mores of the Net has ignored intellectual property. Although the system has expanded far beyond the university, the self-interest of Net users perpetuates this hi-tech gift economy. As an everyday activity, users circulate free information as e-mail, on listservs, in newsgroups, within on-line conferences and through Web sites. As shown by the Apache and Linux programs, the hi-tech gift economy is even at the forefront of software development. Contrary to the purist vision of the New Left, anarcho-communism on the Net can only exist in a compromised form. Money-commodity and gift relations are not just in conflict with each other, but also co-exist in symbiosis. The 'New Economy' of cyberspace is an advanced form of social democracy.