Class Notes (806,850)
Canada (492,484)
CMN 124 (62)
John Burry (16)

Analytical Report.docx

5 Pages
Unlock Document

Ryerson University
CMN 124
John Burry

TD Canada Trust Interoffice Memo TO: Frank Skeptic, Director of IT Security FROM: Ajanthan Jeyarajah SUBJECT: Analytical Report on Tightening Web Security DATE: November 20, 2012 Purpose More users today are using mobile devices as a means for banking and authorizing transactions. At the same time, there is also a significant increase in online fraud and identity theft. The purpose of this report was to gain knowledge on ways to strengthen web security for high-risk transactions involving customer information and movement of information of other important parties. Also, this report will educate on ways that web security can be breached and the precautions that can be taken to prevent this from happening. “Online financial cybercrime has increased exponentially in the past 4 years forming the foundation of a trend that shows no signs of abating. What began with simple 419 scams and rudimentary phishing has grown into a highly complex underground economy generating professional-quality software tools, legitimate businesses that provide protection to cyber criminals, sophisticated stock-manipulation schemes, and, most tellingly, a sense of community among the criminals. The global total of criminal gain from cyber fraud is impossible to estimate precisely. However, most indicators suggest it stands in the high tens of billions of dollars, perhaps in the hundreds. (Graham, 2009)” How to Tighten Web Security There are many different methods that can be used to execute web transactions. The question that is prevalent is whether these methods are sufficient to prevent fraud and identity theft. Many different banks are currently using the two-factor authentication system. This system is one used the most out of various authentications systems. This is because a two-factor authentication system usually consists of two or three security factors. These factors are a knowledge factor, a possession factor, and an inherence factor. The knowledge factor is something that the user already knows. An example of this would be a password or a PIN number. A possession factor is a factor that the user has or owns. This can be as simple as an access card or a USB token. The third factor is rarely used and is still in its experimental stage for its other uses. The inherence factor is essentially the user. The easiest way of explaining this factor is through biometrics. This factor is currently being used in very high security offices and vaults in corporate America. It can also be as simple as a fingerprint scanner that is being used on household appliances such as PCs (McLaughlin, 2006). Using these three factors form a variety of complex combinations that can be very hard to crack. The issue with using these combinations is that only a select few can be used over a web-based medium. Especially when banking online, only few factors can be implemented from the comfort of your home or on the go if you are using a mobile device. A way to overcome this issue is through the use of the possession factor. Although access cards cannot be swiped to provide proof of identity, a USB token can be used on almost all electronic devices. These tokens can be manufactured with the same technology that is used in the access card with some minor alterations. This would mean that the instead of swiping the access card at a bank machine, the USB token would simply have to be plugged in to the device that is being used. This token will also incorporate the technology of the Interac chip. Therefore, the user will feel more confident using this new technology due to the credibility of the Interac chip. Currently, Interac does have a system where online shoppers can go through their website to authorize a transaction by a major bank but this system is time consuming and isn’t easily accessible by users that do not have a large data plan. By using the USB token you eliminate these steps and are still guaranteed the same security if not better. The USB tokens will be manufactured to fit the standard USB hub on any c
More Less

Related notes for CMN 124

Log In


Don't have an account?

Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.