Authors: C. A. Corzo, N. Zhang, F. Corzo

Abstract:

Insider abuse has recently been reported as one of the more frequently occurring security incidents, suggesting that more security is required for detecting and preventing unauthorised financial transactions entered by authorised users. To address the problem, and based on the observation that all authorised interbanking financial transactions trigger or are triggered by other transactions in a workflow, we have developed a security solution based on a redefined understanding of an audit workflow. One audit workflow where there is a log file containing the complete workflow activity of financial transactions directly related to one financial transaction (an electronic deal recorded at an e-trading system). The new security solution contemplates any two parties interacting on the basis of financial transactions recorded by their users in related but distinct automated financial systems. In the new definition interorganizational and intra-organization interactions can be described in one unique audit trail. This concept expands the current ideas of audit trails by adapting them to actual e-trading workflow activity, i.e. intra-organizational and inter-organizational activity. With the above, a security auditing service is designed to detect integrity drifts with and between organizations in order to detect unauthorised financial transactions entered by authorised users.

Keywords: Intrusion Detection and Prevention, Authentica-transtionand Identification.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1075056

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1498

References:

[1] Bank for International Settlements: Risk Management Priciples for electronic Banking found at www.bs.org/publ/bcbs98.htm on January 2006
[2] Corzo, C.,Zhang, N.: Towards a real-time solution to the security threats posed by authorised insiders, Proceedings of the ECIW 2004: The 3rd European conference on information warfare and security, Royal Holloway, University of London, UK, (2004) 51-60
[3] David, L., Graeme B.: Managing Technology in the Operations Function, Securities Institute, ISBN 0 7506 5485 6, 2002
[4] Group of Ten, Report on Consolidation in the Financial Sector, Bank of International Settlements, International Monetary Fund Organization for Economic Co-operation and Development, www.bis.org, 2001
[5] David Folkerts-Landau, Peter Garber, and Dirk Schoenmaker, The Reform of Wholesale Payment Systems, The World Bank, Finance and Development, pages 25-28, June 1997
[6] CPSS Group, Statistics on payment and settlement systems in selected countries, Committee on Payment and Settlement Systems-Bank of International Settlements, pages 1-331, ISBN 92-9131-679-2, 2008
[7] The London Stock Exchange, www.londonstockexchange.com/NR/exeres /D28B12F2-E15C-4FC8-93AE-CB4E31DC898E.htm, Electronic Order Book Trading Grows 33 Per Cent During March, cited April 2009, 7th April 2008
[8] Ranee Jayamaha, Impact of IT in the Banking Sector, BIS Review 13, 2008
[9] Robert Richardson, CSI Director, CSI Computer Crime & Security Survey, http:gocsi.com, 2008
[10] Robert Richardson , CSI Director, CSI Computer Crime & Security Survey, http:gocsi.com, 2009
[11] Helen Allen and John Hawkins and Setsuya Sato, Electronic trading and its implications for financial systems, BIS papers No 7, pages 30- 52, 2008
[12] Ben Bernanke, Regulation and financial innovation, BIS Review 49, pages 1-5, 2007
[13] Timothy Geithner, Challenges facing the global payment systems, BIS Review 59, pages 1-5, 2004
[14] Committee on Payment and Settlement Systems (CPSS) - Bank for International Settlements, Real-time gross settlement systems, Publication No 22, www.bis.org, March 1997
[15] Board of Governors of the Federal Reserve System, FEDWIRE FUNDS TRANSFER SYSTEM - Assessment of Compliance with the Core Principles for Systemically Important Payment Systems, www.federalreserve.gov/paymentsystems/files/fedfunds _coreprinciples. pdf, March 2009
[16] Paras Verma, FCHIPS:Clearing House Inter-Bank Payment Systems, http://knol.google.com/k/paras-verma/chips /3mh4aumwkgjuc/3, accessed on October 2009, July 2008
[17] Dan Zhu, Security Control in Inter-bank Fund Transfer, Journal of Electronic Commerce Research, V3, pages 15-22, 2002
[18] FIN Copying Services, www.swift.comsolutions...SWIFT_MS_ FIN_ copying_services_200808.pdf, FIN Copying Services, cited April 2009, 2008
[19] Torsten Schaper, Integrating the European Securities Settlement, IFIP International Federation for information processing 2009, 385-399, 2009
[20] Committee on Payment and Settlement Systems (CPSS) - Bank for International Settlements, www.bis.org, Payment and settlement systems in selected countries - CPSS Red Book, cited April 2009, April 2003
[21] Committee on Payment and Settlement Systems (CPSS) - Bank for International Settlements, www.bis.org/publ/cpss84.htm, The interdependencies of payment and settlement systems - CPSS - Publications No 84, cited October 2009, June 2008
[22] Francis Braeckevelt, Clearing, settlement and depository issues, Bank of International Settlements , BIS paper No 30, pages 284-332, November 2006
[23] Committee on Payment and Settlement Systems (CPSS) - Bank for International Settlements, Risk Management Principles for Electronic Banking, www.bis.org, accessed on October 2009, 2003
[24] Francis Braeckevelt, Clearing, settlement and depository issues, Bank of International Settlements, BIS paper No 30, pages 284-332 , November 2006
[25] Linda Goldberg and John Kambhu and James Mahoney and Asani Sarkar, Securities Trading and Settlement in Europe: Issues and Outlook , Current Issues in Economic and Finance-Federal Reserve Bank of New York, V8, 4, pages 1-2 , 2002