ASSESSMENT -1 PROJECT DELIVERY BRIEF 1. Length – 5000 words 2. Context Remember that this subject is the culminating and integrating experience for the MBIS. It is assumed that you have kept a...

TITLE
Student Name:
Trimester: T2
Submitted To: [name of facilitator]
Word Count
[Version 2.0]
        
Dated Submitted: 2nd of May 2021                            
Executive Summary
This paper provides an exhaustive literature review discussing cybersecurity specifically for banking industry. Today, organizations are vulnerable considering theft and intrusion in cyberspace. With exponential increase in internet penetration and use of computing services and infrastructure in every business sector, the interconnected world is highly susceptible to attacks and vulnerabilities. Data storage and sharing is a necessity and is inadvertently associated with risk of exposure of processes and systems involved in data sharing and storage. Organizations process information through world wide web without enough security measures in place and become victim to cyberattacks and digital assaults.
Banking system, like all other sectors, has adopted computing with interconnected infrastructure for growth. However, it is among the most affected business sectors since it faces internal as well as external assaults. This paper discusses cyberthreat in banking sector in detail, explaining the unencrypted data, malware, third party services, spoofing, phishing and intrusion as the activities causing cyberthreat. Fraud detection papers are reviewed for credit frauds. The problems within credit fraud like bankruptcy fraud, application fraud, theft and behavioral fraud are discussed, the methods of tackling them previously are compared with the improved methods of cybersecurity. Papers are reviewed on cyberthreat mitigation techniques like intrusion detection system (ID) using machine learning, deep learning. This is followed by discussion on how improved authentication from previously used single-factor authentication to multifactor authentication can help in handling credit card fraud. Credit fraud mitigation is discussed using embedded chip technology, multi-factor authentication, cryptography and biometrics. These techniques shall improve cybersecurity in banks better than previously used technique of IDS to control credit fraud. Banking industry is progressing in implementing cybersecurity landscape with effective threat mitigation techniques with improved authentication. Cyber resilience is recommended to this industry through strict monitoring, understanding cyber risks, stress testing and incident response plans.
Contents
Executive Summary    i
List of Keywords: Cybersecurity, Banking, intrusion detection, challenges, mitigation, authentication, machine learning, deep learning, Chip and PIN, cryptography, biometrics.    iv
1.    Introduction    1
1.1    Research Questions    1
1.3.    Scope    2
1.4.    Significance    2
2.    Annotated Bibliography    2
3.    Literature Review    6
Cyberthreat in Banking Sector    6
Unencrypted data    6
Malware    6
Third-party Services    7
Spoofing    7
Phishing    7
Credit Fraud    7
Bankruptcy Fraud    8
Theft    8
Application Fraud    8
Behavioral Fraud    8
Intrusion and its Challenges    8
Cybersecurity in Banks    9
Mitigation Techniques    9
Network-based Intrusion Detection    9
Machine Learning    10
Deep Learning    12
Authentication    12
Embedded Chip Technology    13
Cryptography    14
Biometrics    15
4.    Recommendations    15
5.    Conclusion    16
List of Keywords: Cybersecurity, Banking, intrusion detection, challenges, mitigation, authentication, machine learning, deep learning, Chip and PIN, cryptography, biometrics.
1. Introduction
The recent financial crisis around the world has stimulated a wave among researchers to better understand sources of systemic risk like cyberattacks. Rapidly expanding literature in this context analyses the cyber threats in banking sector and strive to research solutions to mitigate the effects of the attacks. The objective of achieving secure cyberspace for banking is a moving target hindered by the openness of flow of information over the web at the disposal of attackers. With every step forward for cybersecurity, new attack vectors are developed to thwart those efforts. The presence of cybersecurity threat and privacy issues have become rampant with the increasing magnitude of digital transactions on internet banking systems. The impact of cyberthreats adversely affects the integrity, confidentiality and availability of information to banks and its customers.
The level of insecurity on the web is worrisome enough to render online transactions doubtful. The frequency, impact and magnitude of cyberattacks against global banking organizations continues to increase, even though most of these breaches remain unreported.
Literature by different authors offers adequate information about the frauds related to credit in the present days of internet usage and applications, how these problems are tackled previously and the steps that should be taken in order to tackle those problems in a better way. Ten Literature works have been delved into and information is amalgamated to offer elaborate view on causes and solutions of such frauds.
This paper discusses the cyberthreats and old and new cybersecurity measures to manage credit fraud and cyberspace intrusion that are explored by various authors in literature. Network security, cybersecurity and IT security are intertwined in the literature reviewed for this paper to discuss the disruption of services and mitigation of threats related to this problem.
The proceeding section describes cyberthreat in banking systems as authored by (Malaika, 2021) and (NEFF, 2016). The threats included in the review are unencrypted data, malware, third party services, spoofing, phishing and intrusion. The next section contains consolidated discussion on credit fraud by (Amaefule, 2019), (Cooke, 2020) and (Varga,2021). This is followed by a brief idea about cybersecurity (Ahmad, 2021), (Al-Hashedi, 2021) in banks and new mitigation techniques of intrusion detection using machine learning and deep learning. A comparison of these techniques with previously used basic IDS shows how the new techniques offer improved security. Improved authentication is discussed in detail from (Ometov, 2018). The paper concludes with four recommendations that the banking sector should embrace in order to manage the problem of cyberthreat.
1.1 Research Questions
This paper focuses on the following:
· What are the issues surrounding Credit fraud?
· What are the challenges of implementing improved Intrusion Detection Systems?
· Credit Fraud and its minimization techniques
· Authentication and other techniques of enhanced cybersecurity
1.3. Scope
This study has been carried out purposely to understand cybercrime related to credit in banking sector. Different research methodologies are reviewed to obtain deep insight in the real business problem of credit fraud and a combined analysis helps me in justifying that an improved authentication process and cybersecurity measures are required to underpin credit frauds in this industry.
1.4. Significance
With cybercrime becoming prevalent, banks need to embrace a comprehensive risk management strategy in order to be self-sufficient in fighting against the cyberthreats and ensuring that the approach taken for combating the threats uses rigorous internal procedures and adopts external support. The existing approach urgently need a review to combat the new phenomenon in IT age.
2. Annotated Bibliography
Ahmad, Z., Khan, A. S., Shiang, C. W., Abdullah, J., Ahmad, F., (2020), Network intrusion detection system: A systematic study of machine learning and deep learning approaches. First published: 16 October 2020 https://doi.org/10.1002/ett.4150
The authors explain IDS and explain NIDS in detail using ML and DL techniques. They have reviewed articles on NIDS and discussed the limitations and strengths of solutions proposed in the reviewed articles. They also discuss how ML and DL-based NIDS can be improved through further research.
Al-Hashedi, K. G., Magalingam, P., (2021), Financial fraud detection applying data mining techniques: A comprehensive review from 2009 to 2019, Computer Science Review, Volume 40, 100402, ISSN 1574-0137, https://doi.org/10.1016/j.cosrev.2021.100402.
The paper reviews previous literature by authors discussing techniques of fraud detection through data mining. Multiple articles are reviewed to categorize fraud and conclude that data mining techniques are implemented to handle bank fraud.
Al-Maliki, O., Al-Assam, H., (2021), Challenge-response mutual authentication protocol for EMV contactless cards, Computers & Security, Volume 103, 102186, ISSN 0167-4048, https://doi.org/10.1016/j.cose.2021.102186.
The authors focus on Europay Mastercard and Visa protocol as an advanced way of transactions that has vulnerabilities exploited by attackers to gain access to sensitive information. The authors propose authentication protocol against such vulnerabilities.
Chaimaa, B., Najib, E., Rachid, H., (2021), E-banking Overview: Concepts, Challenges and Solutions. Wireless Pers Commun 117, 1059–1078. https://doi.org/10.1007/s11277-020-07911-0
The authors discuss electronic banking in this paper, the challenges and risks in e-banking like phishing, credit card frauds and spamming and then propose solutions to the enlisted challenges.
Cooke, A. N., (2020), The Brick-and-Mortar Bank is Dead—COVID-19 Killed It: Analyzing the “New Normal” for Data Security in the Increasingly Digital Financial Services Industry, 25 N.C. BANKING INST. 419 (2020). Available at: https://scholarship.law.unc.edu/ncbi/vol25/iss1/15
Discusses increasing digital banking, data breaches caused due to exponential increase in e-banking, prevalence of data breaches, types of breaches and their impact on banking.
Das, P. K., Tripathy, H. K., Yusof, S. A. M, (2021), Privacy and Security Issues in Big Data: An Analytical View on Business Intelligence, ISBN: 978-981-16-1007-3
The authors of this book offer address privacy and security protection challenges and suggest requirements of computing and storage in general to the readers to handle security and privacy issues.
Ghali, Z., (2021) Motives of customers’ e-loyalty towards e-banking services: a study in Saudi Arabia, Journal of Decision Systems, DOI: 10.1080/12460125.2020.1870063
This paper in included in this review to discuss that customer’s e-loyalty is dependent upon e-satisfaction and e-trust which are further dependent upon convenience and security of the bank’s website and responsiveness.
Hwang, Kai & Liu, Hua & Member, Student & Chen, Ying. (2004). Cooperative Anomaly and Intrusion Detection for Alert Correlation in Networked Computing Systems.
The paper has diagrammatic representation of IDS and ADS and the authors offer technique of integrating the two systems to detect known attacks as well as unknown anomalies. The paper discusses technological details of the proposed solution that can help in detecting the attacks.
Injadat, M., Moubayed, A., Nassif, A.B. et al., (2021), Machine learning towards intelligent systems: applications, challenges, and opportunities. Artif Intell Rev 54, 3299–3348. https://doi.org/10.1007/s10462-020-09948-w
The authors have explained machine learning as the upcoming technology against cyberthreats and have explained its applications in the banking sector. They have enlisted solutions and research opportunities to manage the challenges in network security of banks.
Innes, M., Dobreva, D., Innes, H., (2021) Disinformation and digital influencing after terrorism: spoofing, truthing and social proofing, Contemporary Social Science, 16:2, 241-255, DOI: 10.1080/21582041.2019.1569714
This article is chosen for this literature review as it discusses the digital influence engineering technique of spoofing in detail and the seriousness of strategic communication interventions to be explored to mitigate harm due to disinformation and misinformation.
Malaika, M. (2021). Central Bank Risk Management, Fintech, and Cybersecurity, IMF Working Papers, 2021(105), A001. Retrieved Aug 6, 2021, from https://www.elibrary.imf.org/view/journals/001/2021/105/article-A001-en.xml
The authors examine fintech and cybersecurity from central bank’s perspective of risk management. The authors emphasize that cyber resilience should be assessed through strategic planning. Regular and timely input from experts can be used against fast-evolving risks.
Najaf, K., Mostafiz, M. I., Najaf, R., (2021), Fintech firms and banks sustainability: Why cybersecurity...