Publication Details
E-Banking Security Study - 10 years later
Hujňák Ondřej, Ing., Ph.D. (RG-3-02)
Hanáček Petr, doc. Dr. Ing. (DITS)
Hellebrandt Lukáš, Ing. (FIT)
Online banking, PSD2, Authentication, Multi-factor, Cybersecurity, Secure
hardware
ICT security in the banking area is going through rapid changes. It is ten years
since we covered the state of e-banking security, and both authentication schemes
and legislation has evolved. With the Payment Services Directive (PSD2) for
European Union coming into force, we believe it is a good time to update our
findings. PSD2 brings new requirements for multi-factor authentication, thus it
is necessary to revise compliance of currently used schemes. This works main
contribution is an overview of current authentication methods, their properties
with respect to international standards, and their resistance against attacks. We
further discuss the multi-factor authentication schemes composed of those methods
and their compliance with the PSD2 requirements. In order to present the
overview, we introduced the e-banking attacks taxonomy, which is compatible with
authenticator threats from NIST Digital Identity Guidelines but has an increased
level of detail with respect to the e-banking area. The available sources in this
area are usually either very broad, targeted on the business executive, or focus
on one particular issue or attack in greater detail. We believe our article can
bridge such diverse sources by providing a comprehensive and complex tool to help
with orientation in the area.
@article{BUT176376,
author="Kamil {Malinka} and Ondřej {Hujňák} and Petr {Hanáček} and Lukáš {Hellebrandt}",
title="E-Banking Security Study - 10 years later",
journal="IEEE Access",
year="2022",
volume="2022",
number="10",
pages="16681--16699",
doi="10.1109/ACCESS.2022.3149475",
issn="2169-3536",
url="https://ieeexplore.ieee.org/document/9706204"
}