[attachment=14790]
Modern financial institutions have cashed in on the electronic business opportunities of the Internet by developing numerous payment systems to meet various payment service requirements. Advanced computer systems and telecommunications technology are being used to offer fast, convenient, and secure ways to conduct financial transactions at service and security levels that are hardly or never achieved by traditional payment systems. In this paper, we examine the function and operation flow of the electronic funds transfer process as well as its security control mechanism. To evaluate telecommunication and data security techniques, a standard-leading inter-bank payment system called the Society for Worldwide Inter-bank Financial Telecommunications System is introduced. Some important security features are investigated in detail.
Distributed Transaction Proxy EFT uses on-line transactions carried out on private networks to transfer funds; the bank plays the role of both payer and payee. Such transfers occur between a bank and its customers, or a bank and another bank. In contrast to a check payment, which requires several actual cryptographic processing days and manual efforts like signature verification, check sorting, and information capture, EFTs are same-day, almost instantaneous payments.
Distributed Transaction:
Some of the main risks involved in Swift may come from hackers, increased dependence of banks on IT, Open Technologies, and increased electronic access by customers. Attacks on the system are possible by the following means: (1) Readily available sophisticated hacking tools; (2) Packet/Address spoofing; (3) Stealth diagnostics; (4) Sniffers; (5)Sweepers; and (6) Backdoors
Proposed Security Model:
Lack of encryption between banks and regional processors present serious risks to the system as transmissions may be intercepted and modified or even deleted. Attackers may subsequently divert, redirect, or cancel funds transfers. One of the countermeasures is to use public key cryptography to ensure proper authentication and privacy stealing vulnerability and other required compensating controls to secure cryptographic keys. The RSA cipher is a revolutionary invention in the cryptography field. It enables ciphering without leaking private key information. It deploys the public key scheme to modify the key escrow mechanism to be used in SWIFT system offering the following features for the above stated
problems:
• Each bank owns its private key and public key, but different keys are used for authentication of different
transactions, and these keys are unknown to SWIFT as before.
• Provide bank-to-center authentication.
• Provide link-by-link encryption from end-to-end. Each bank has a securely stored private key and a public key. A SWIFT terminal generates a random number for every message transmitted as the end-to-end authentication session key, and encrypts this key with the receiver's public key. Using the same procedure to perform bank-to-center input sequence number authentication, it enables an operating center to verify the authenticity of the input sequence number from customer banks. The receiving bank to verify the output
sequence number from the operating center uses the same method. Let us name this as link-by-link authentication. Finally, link-by-link encryption can be performed using a uniquely generated session key for message encryption and encrypting the session key with the public key of the code at the other side of the link.
SOFTWARE REQUIREMENTS
OPERATING SYSTEM : Windows 2000.
Technology :.NET/J2EE
DATABASE : Oracle 8i.