• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.2
• /
• pp.373-381
• /
• 2017

Currently, various types of user authentication methods based on public certificates are used in domestic financial transactions. Such an authorized certificate method has a problem that a different security module must be installed every time a user connects an individual financial company to a web server. Also, the financial company relying on this authentication method has a problem that a new security module should be additionally installed for each financial institution whenever a next generation authentication method such as biometric authentication is newly introduced. In order to solve these problems, we propose an integrated authentication system that handles user authentication on behalf of each financial institution in financial transactions, and proposes an integrated authentication protocol that handles secure user authentication between user and financial company web server. The new authentication protocol is a modified version of OAuth2.0 that increases security and efficiency. It is characterized by performing a challenge-response protocol with a pre-shared secret key between the authentication server and the financial company web server. This gives users a convenient and secure Single Sign-On (SSO) effect.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.7
• /
• pp.199-207
• /
• 2024

In this paper, we propose the mechanism of China's green financial policy on renewable energy industry development implemented in different pilot zones. By utilizing the synthetic control method, this paper examines the differences in the effect of green financial policy before and after its implementation. The results demonstrate that green financial policy can significantly reduce traditional energy consumption while promote the renewable energy industry development simultaneously. Furthermore, the effects across different regions reveal that the impacts of green financial policy are pronounced in selected pilot zones, with Shanghai and Chongqing standing out the most while Gansu province performs the worst. The analysis also figure out that green financial policy stimulates the expansion of regional financing scales, resource endowment, and technological innovation as well.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.541-550
• /
• 2016

Considering the results of the 3.20 Cyber Attack, leaks of personal information by card companies, and so on, convenience and efficiency cannot be guaranteed without security as a prerequisite. In addition, it is more likely that customers' interests seem to be interfered with in financial institutions than in any other industry. Therefore, when a security accident occurs, users may suffer mental damage and monetary loss, leading to class action, customer defection, loss of reputation, and falloff in international credibility, which all may have a significant effect on the business continuity of corporations. This study integrates the representative information security certification systems in order to improve the efficiency of information security management and demonstrate the necessity of information security management system certification for the financial sector. If the certification is needed, we would like to recommend the desirable development direction.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.6
• /
• pp.25-30
• /
• 2015

One of the hottest issues of security is information leakage of financial institution. Financial institutions including commercial banks are frequently threatened by attempts of leakage through hacking and vulnerability, and this information is centered on personal information of their clients. Through this study, I found out that security managers of financial institutions are trying to prevent the leaking of private information, but in fact most of them barely know where their personal information is. Even if they know where it is and trace the data, it is often found in unexpected places. Because there is a lot of waste in time and human resources as search is done manually, we have understood that responding to IT Compliance requires a lot of effort. This study is to improve IT Compliance response and protect information leakage through monitoring PC and servers, the main storage of personal information by automated system, periodically.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1319-1328
• /
• 2014

While the recent advance in network system has made it easier to collect and process personal information, the loss of customers, financial companies and even nations is getting bigger due to the leakage of personal information. Therefore, it is required to take a measure to prevent additional damage from the illegal use of leakaged personal information. Currently, financial companies use access control in accordance with job title or position on general documents as well as important documents including personal information. Therefore, even if a documents is confidential, it is possible for a person of the same job title or position to access the document properly. This paper propose setting up security grade of documents to improve current access control system. It will help preventing the leakage of personal information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.885-895
• /
• 2017

Security issues arise due to various types of external intrusions as much as the rapidly changing IT environment. Attacks using vulnerabilities in web applications are increasing, and companies are trying to find the cause of the vulnerability, prevent external intrusion, and protect their systems and important information. Especially, according to the Supervision Regulation, each financial institution and electronic financial service provider shall perform vulnerability analysis evaluation for the website for disclosure once every six months and report the result to the Financial Services Commission. In this study, based on the Web vulnerability items defined in the Supervision Regulation, based on the inspection cases of actual financial institution, we analyze the most frequently occurring items and propose effective countermeasures against them and ways to prevent them from occurring in advance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.353-362
• /
• 2023

Messenger phishing, communications frauds crime, exploits remote control of smartphones and non-face-to-face financial transactions, causing property damage due to money transfers, as well as account opening and loans in the name of victims. Such financial accidents may be careless of victims, but the current messenger phishing criminal method is intelligent and can be seen as digging into loopholes in the non-face-to-face user verification process. In this paper we analyze how messenger phishing uses loopholes in user identification procedures in non-face-to-face financial transactions. Through experiments, it is suggested to improve the non-face-to-face verification process for safer financial transactions.

• Proceedings of the Korea Database Society Conference
• /
• 2001.11a
• /
• pp.60-75
• /
• 2001

금융산업에서 인터넷을 본격적인 영업 채널로 활용하는 비중이 높아지고 사이버금융의 확산에 따라 고객과의 거리를 좁히면서 금융기관의 수익성을 높이는 방안으로 eCRM 등 고객 맞춤화 전략이 최근 국내외에서 주목을 받고 있다. 본 논문에서는 금융정보기술의 발전 단계에 있어서 eCRM 의 위치를 살펴보며, 국민은행 인터넷뱅킹의 개발 배경과 그 유형을 논의하며, 고객의 니즈를 찾아내고 이에 맞추어 가치를 창출하는 방법으로서 개인화의 종류들을 살펴본다. 또한 원투원 마케팅의 실현 기법들과 실제로 국민은행의 eCRM 과정에서 이들이 어떻게 구현되었는지를 논의한다.

• Information and Communications Magazine
• /
• v.34 no.3
• /
• pp.37-46
• /
• 2017

최근 핀테크 산업이 이슈가 되면서 금융 업무를 더 효율적으로 만드는 기술 중 하나로서 이상행위 탐지시스템(FDS)이 관심을 받고 있다. 이상행위 탐지시스템은 금융업무의 리스크 관리를 위한 기술로 주로 활용되고 있다. 본고에서는 이상행위 탐지시스템의 개념을 소개하고, 은행, 카드, 보험 등 금융권 적용분야를 살펴보고자 한다. 또한, 각 금융업무의 리스크 관리 목적뿐만 아니라 FDS를 활용한 침해사고 대응 활동을 소개하면서 기술 발전 방향을 고찰하도록 한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.743-763
• /
• 2018

It has been 10 years since the concept of cloud system has emerged. Despite the fact that the cost-effectiveness and security of cloud systems has been proven, financial companies are reluctant to adopt cloud systems. Financial institutions are reluctant to adopt the cloud system because of the strong regulation of financial authorities in relation to the leakage of customer information However, more important reason why financial institutions hesitate to introduce cloud systems is the lack of direction and standards for the introduction of cloud systems by financial institutions. This study examines the legal and institutional constraints on the introduction of cloud systems in financial institutions and suggests decision models for determining whether cloud systems can be applied and how cloud systems are configured when financial institutions construct IT systems. We hope that this research will be helpful for establishing direction of cloud system introduction of many financial institutions.