Enhanced Information System Security in Internet Banking and Manufacturing

The internet has contributed significantly by changing the way of interaction among people and the execution of business today. By virtue of the internet, electronic commerce has been developed, enabling business to manage their customers and other organisations inside more effectively and outside their industries. The industry which is applying business transaction using this new communication pathway to reach its business clients is the banking sector. The electronic banking system identifies different emerging trends including providing service to meet customer's demand anytime and anywhere, importance of product time-to-market and increasingly complex back-office integration challenges. The challenges that internet banking is facing are providing information system security and protecting privacy of information. This paper will first discuss the current forms of security threats in the internet banking; secondly, it will investigate weaknesses in the current information security protocols of the internet banking. Thirdly, it will propose an enhanced information system security for internet banking.


INTRODUCTION
Banking is one of the oldest businesses known to humankind. Technology however have transformed and transitioned the traditional banking processes and strategies. Banking institutions have heavily invested in information technology in addition to other well-known systems such as telephone and branch banking. According to Rahi et al. (2018), banks have claimed information systems contributes to reduced operating costs and competitive advantage over rivals as some of the reasons for adopting information technology. Internet banking is the latest information technology infrastructure and has brought a 360-degree change in the entire finance industry. The adoption of internet banking has helped banks to offer real time financial transactions and helps in attracting and retaining customers. This is because banking institutions are now able to offer services at the comfort of customers that who would otherwise be needed to be physically present for transactions. The impacts of internet banking have been of interest to both business financial researchers and banking management. Ntseme, Nametsagang, and Chukwuere (2016) in a study of risks and benefits of online banking focused on the five advantageous factors of internet banking that is: accessibility, perceived security, self-efficacy, convenience, and usability. Ling et al. (2016) identified speed, convenience, 24hours banking as benefits of online banking. Even though banks in several countries have integrated security features, there is several internet security threats and vulnerabilities still continue to persist. As new threats continue to emerge, banks will need to adopt new measures to protect users. Banks can do more by deploying Information Security policies that ensure safer Internet banking experience. The purpose of this report is to evaluate the current forms of security threats in the internet banking, investigate weaknesses in the current information security protocols of the internet banking and propose an enhanced information system security for internet banking.

AN OVERVIEW OF INTERNET BANKING
According to Shaikh and Karjaluoto (2018), internet banking is a connection of banking systems that enable customers to get access to their bank accounts and other important banking details through the use of a website and without the inconvenience of attending physically to the bank, sending faxes, letters, or telephone confirmations. Internet banking has also been defined as a technological service which customers can request bank services such as opening of an account, funds transfer, balance inquiry, and online payments over the internet without leaving their homes or organizations (Sundaram et al. 2019). Ramavhona and Mokwena (2016) stated that the key feature of internet banking is that it provides a universal connection from any location globally and it is very accessible from any internet connected computer. The convenience of internet banking is making more and more banks are integrating internet into their services to develop and expand transactional relationships with their customers (Ramavhona & Mokwena, 2016). Novokmet and Tokić (2016) identified three functional levels of internet banking that are currently employed in the banking industry as show in Figure 1.
• Informational role-Typically, the bank uses a stand-alone server to send marketing information over the internet to consumers about their products and services. This is usually the basic role of internet banking • Communicative level-This role allows interaction between the consumer and the bank systems. The communication is often limited to loan applications, personal details updates (name and address updates) and electronic mail. • Transactional level-this functional level allows bank customers to directly execute financial transactions. Usually, the most basic transactional system allow customer to only transfer funds between different accounts of bank. Today, the advanced transactional internet systems allow online payments directly to third parties taking the forms of electronic bank check, electronic money transfer, and bill payments.
Kalra and Narayan (2017) in a case study in India defined internet banking as a convenient form of banking where a bank account is usually maintained over the internet. The authors stated that the internet banking has a multidimensional advantage, which is both to the consumers and the banking institutions as shown in Table 1. Despite a lot of benefits of internet banking, there are some security threats exist in current internet banking system. Tabiaa et al. (2017) found that internet banking combines a lot of risks. The authors classified the risks into two parts; that is general and operational risks. The general risks are associated with physical equipment such as computers and server tools. The operational risks mean inadequate processes, eternal attacks, and failure of people and system. The operational risks are important to this study as they are a security threat to the provision of internet banking services.

CHALLENGES OF INTERNET BANKING
Internet banking has been emerged as one of the fastest and easiest way of banking. The threat of cyber security attacks become a great challenge for the Internet banking and electronic commerce (E-commerce) industries. Therefore, the security of this information system infrastructure is a major concern in the provision of effective The report also noted that the increased use of mobile phone in financial transactions will increase the internet banking security vulnerabilities to a great extent. International Monetary Fund (IMF) in 2018 reported that more financial institutions around the globe are reporting cyber-attacks, data breaches, and frauds on their online services as shown in Table 2 (Bouveret, 2018). From this context, creating an information technology infrastructure that ensures optimized security of internet banking is critical. The current internet banking system relies on Personal Identification Number (PIN) authentication and unencrypted short messages (SMS) and emails as the only security features in their Internet banking systems. Sundaram et al. (2019) further studied the current security protocols in internet banking and found that financial institutions use similar methods of authentication for all users. The measures employed ranged from telephone number, PIN, mother's maiden name, and simple passwords only systems. The problems with the structures now-a-days are inherent inside the setup of the communications and additionally within the computer systems itself. Hackers have many unique methods that they can access these security protocols of internet banking. Therefore, even though banking institutions have integrated security features in internet banking, the existing security protocols are not efficient.
While a significant number of Australians use internet banking, a large number continue to use bank conventionally. According to Australia Bureau of statistics (ABS, 2016), only 21 percent of Australian citizens are comfortable using the mobile banking despite having many benefits of online banking. Moreover, age is a determinant of using internet banking. ABS (2016) reported that 61 percent of Australian citizens age 15 years and above used internet in 2014 and 2015 and 72 percent of them used the internet for conducting banking transactions. On the other hand, only 49 percent of Australians aged 65 years used the internet and only a half used the internet for banking services. Security concerns are the core reason for lower adoption of internet banking in Australia. The groups who do not engage in internet banking have cited low trust in the system. At the same time, security remains a main concern for those who use the services in Australia. Given the many benefits of internet banking such as convenience, non-physical handling of money, speed, and cost reduction, this study will evaluate the current forms of security threats in the internet banking, investigate weaknesses in the current information security protocols of the internet banking and propose an enhanced information system security for internet banking. As a result, individuals will trust internet banking and ensure many Australians benefit from the new technology.

Khan et al. (2016) stated that internet banking infrastructure can be attacked with different skills and persistence.
Communication and transitional roles of internet banking has been termed as the most vulnerable to security attacks. According to Reserve Bank of Australia (2018), the most common cyber threats in Australian Banks are data breaches by stealing sensitive data by means of phishing, system disruption such as denial of service (DoS) attack and financial attacks either through fraud or ransom. HSBC Australia stated in their website that the most common cyber-attacks in Australian Banks are phishing, Malware, Business Email Compromise, Text and phone scams. Australian Cyber Security Centre reported in 2016 that the most common threats in financial institutions are phishing and denial of service (DoS) attack. Internet Banking may face some security threats including Phishing, Denial-of-Service (DoS) attack, password cracking, Social Engineering attack, Man-in-the-middle attacks, and Man-in-the-Browser attacks. This is the science of using social interaction to persuade an internet banking user to comply with a specific request from the attacker and the request involves a computer related trick. Airehrour et al. (2018) in investigating social engineering in the New Zealand banking system stated that cyber attackers use relationships and friendships to obtain information from their victims. The authors explored social engineering attack cycle which was first described by Kevin Mitnick (2002) as show in Figure 2.

Man-in-the-Middle Attacks
Kimwele et al. (2014) focused on studying threats associated with man-in-the-middle attacks in the mobile banking system. They found that this type of attack often targets the communicative level of internet banking which is normally achieved through SMS and emails. The attacker will intercept messages in a public communication server and then retransmits them, substituting the message to a new but related version so that the two original parties appear to be communicating with each other. Tabiaa et al. (2017) stated the attacker is usually a third party who has access to the communication channel between two end users. The attackers convince the two communicating parties that they have a secure channel but instead they access to all the encrypted messages.

Man-in-the-Browser (MitB) Attacks
A Man-in-the-Browser attack is performed by infecting a user browser with a browser add-on, or plug-in that executes malicious actions. Generally, the attacker can perform anything the user can and can act on their behalf once user's machine is infected with malware. The attacker can perform any bank transfer that the user does while infected if the user logs into their bank account at that time. By the virtue of being invoked by the browser during Web surfing, that code can take the control of the session and perform malicious actions without the user's knowledge. 5 RESEARCH METHODOLOGY In this study, a survey was conducted in Australia as the research methodology. The targeted participants were bankers and internet banking users. The bankers were considered the most suitable informant, especially if these bankers also at a senior level in the overall organizational hierarchy. The questionnaires were sent to 200 participants and the response rate was good. 123 participants responded to this survey. The participants were asked about current forms of security threats in the internet banking, weaknesses in the current information security protocols of the internet banking and they were asked to propose an enhanced information system security for internet banking. Based on the survey's positive and negative responses, the security threats, and weaknesses in the current information security protocols in internet banking have been identified. Finally, an enhanced information security for internet banking has been proposed.

RESULTS AND IMPLICATIONS OF THE STUDY
The most common security threats in internent banking are not pure technical attacks. 71 participants mentioned that phishing is the main threat in internet banking and they mentioned that password stealing, identity theft, Denial-of-Service (DoS) attacks and Man-in-the-Browser (MitB) attacks are the other security threats. 52 respondents stated that Denial-of-Service (DoS) attack is the main security threat in internet banking while phishing, password stealing and identity theft are the other types of cyber attack in intenet banking. Therefore, the most security threats that are identified for internet banking in this study are phishing, password stealing, identity theft, Denial-of-Service (DoS) attacks and Man-in-the-Browser (MitB) attacks. Cyber attackers often steal and accses to personal and bank security details. Currently, banks have developed authentication protocols to mitigate cyber attacks in internet banking. An authentication is a method and a piece of information used to verify the identity of a person or organization when accessing networks with security constraints. The most common types of authentication in current online banking systems include, PIN, passwords, identifiable picture, one time password (OTP), finger and palm print, voice, signature, and facial recognition. Kayode et al. (2017) stated that the most common methods of authentication using in current internet banking have low to medium security strength. The authors revealed only Iris pattern have high security strength. Sheikh and Rajmohan (2015) stated now-a-days CAPTCHA is a common authentication protocol in internet banking. The authors however stated that the images used are too simple, making it very possible to obtain desired banking information using the OCR sofware.
This study recommends that Biometrics-based authentication is the enhanced security solution to address security issues in online banking. This is the use of personal physical and behavioral human features to identify the identity of internet banking user. Some common features used include voice, fingerprints, facial paaterns, and typing cadence. This type of authentication is not transferable as with the case in passwords, PIN, and mother maiden name. The findings of this study will challenge banking management to rethinks about their current authentication methods in online banking. The findings are also important for system developers who design and develop internet banking information technology infrastructure.

RELEVANCE TO MANUFACTURING INDUSTRY
Industrial production relies upon secure digital connections with vendors, partners, and customers to stay relevant and competitive. These digitally connected industry has significant amount of cyber risk. All that sensitive data, communication channel and automatic processes multiply the opportunities for hackers by expanding the "surface area" exposed to cyber-attack. Since digital systems are very much embedded in daily operations, the significant damage can be magnified from even a single security incident. Industrial business processes are automated, digitized and streamlined. This data-driven, real-time operation creates more risks from autonomous machines and processes. These risks could occur from robots to automatic warehouse equipment to information systems that automatically carry out work with outsiders. To manage risks, industry need to develop pervasive cyber resilience that weaving cyber protection into all operations they perform at present and plan to perform in future. This paper recommends cyber security solutions that can help industry to make them cyber resilient. Cyber resilient enterprises can operate safely under persistent threats and sophisticated attacks. They can strengthen customer trust and boost industrial production.

CONCLUSIONS
The number of cyber attacks have increased dramatically as more banks adopt internet banking. The technology have been adopted due to its benefits in increasing convinience of banking services, the potential to reduce operations costs in bank, and the perceived security. However, the current security models in mobile banking have some weaknesses due to the persistent number of attacks. Common types of security attacks in online banking systems include phishing, denial of service attcks, password cracking, social engineering attacks, man-in-the-middle attacks and man-in-the-browser attacks. It is important that banks rethink their authentication strategies. The limitation of this research is that this study was conducted in a single country only. The future research may be conducted in broad geographical areas in the world.

ACKNOWLEDGEMENT
The author is grateful to the bankers and the internet users in Australia who participated in the survey as part of this research study.