Wednesday, 3 February 2010

Financial Cryptography and Information security in Financial Services

What is financial cryptography?

Financial cryptography is the use of cryptography in dealing with financial transactions, it's foundation is based on the following key parameters that ensures successful and secure financial transactions:

• Secure communication architecture reliability
• Control on user access rights.
• Security product's Governance

Financial Cryptographic zones in Internet Banking Applications

Cryptography in financial institutions operates within cryptographic zones. For instance in an Internet banking application financial Cryptography will operate in the following zones.

- Account Holder's secure Login Zone (Login to bank's website)
- Bank's web server-to-application server communication and authentication zone
- Banks Application Server-to-Business domain layer communication zone

Security Risks in internet-based financial/banking applications.

- Spoofed site.

SSL proxies can create spoofed SSL sessions and intercept sensitive data like the user's credentials. In this scenario the web server's certificate invalidity will be reported by the browser but very few internet users will realize and acknowledge this certificate invalidity as a security risk.

- Vulnerability of data exiting SSL session communication channel.

Once the data comes out of an SSL session communication channel it is in unencrypted form and can be intercepted.

Financial Cryptography in Merchant Banking/Card payment systems

In Merchant banking/card payment systems financial cryptography secures transaction cycle from the Merchant to the acquirer to the card issuer. It reduces the risks encurred by the Acquirer and card Issuer bank.

Financial Cryptography in ACH and global financial messaging services