• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.133-146
• /
• 2015

Ever sophisticated e-finance fraud techniques have led to an increasing number of reported phishing incidents. Financial authorities, in response, have recommended that we enhance existing Fraud Detection Systems (FDS) of banks and other financial institutions. FDSs are systems designed to prevent e-finance accidents through real-time access and validity checks on client transactions. The effectiveness of an FDS depends largely on how fast it can analyze and detect abnormalities in large amounts of customer transaction data. In this study we detect fraudulent transaction patterns and establish detection rules through e-finance accident data analyses. Abnormalities are flagged by comparing individual client transaction patterns with client profiles, using the ruleset. We propose an effective flagging method that uses decision trees to normalize detection rules. In demonstration, we extracted customer usage patterns, customer profile informations and detection rules from the e-finance accident data of an actual domestic(Korean) bank. We then compared the results of our decision tree-normalized detection rules with the results of a sequential detection and confirmed the efficiency of our methods.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.6 no.2
• /
• pp.207-213
• /
• 2002

Fingerprint has the characteristics that do not change with time and is unique to an individual. And fingerprint identification is considered the best choice for most biometric applications because of its accuracy, speed, reliability, non-intrusive interfaces and cost-effectiveness. In this paper, we applies fingerprint Identification to web site login to raise the quality of personal identification when we use e-commerce, internet banking, stock dealings, shopping mali, etc. The system implemented in this paper consists of embedded module to carry out fingerprint identification, web server and web site. Existing system carries out fingerprint identification in the web server, but the system Implemented in this paper carries out it in client. Therefore the loads of server are reduced and the confidence of internet service is improved because login is forbidden without fingerprint identification success.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.6
• /
• pp.217-224
• /
• 2008

EThis paper is study regarding banking institution and DoS attack regarding government organization which occurred in 2008. We used a tool aggressive actual DoS You install the N-IDS which used Snort in networks in order to detect a DoS attack. Storages of Winpcap and a packet to detect a packet and MySQL, HSC, to analyze. We install NET Framework etc. E-Watch etc. analyzes Packet regarding a DoS attack of a hacker and TCP, UDP etc. information, Port, MAC and IP information etc. through packet analysis tools. There is a meaning you analyze data regarding the cyber DoS, DDoS attack that is dysfunction of Ubiquitous Information Society, and it generates forensics data regarding an invader and back-tracking analysis data, and to ensure safe Internet information system through this paper study.

• Journal of Digital Convergence
• /
• v.12 no.5
• /
• pp.1-12
• /
• 2014

Recently, the need for non-stop service is increasing by the business mission-critical Internet banking, e-payment, e-commerce, home shopping, securities trading, and petition business increases, clustered in a single database of existing, redundant research on high-availability technologies related to technique, etc. is increasing. It provides an API based on the Active Log in addition to the technique of redundancy, ALTIBASE$^{TM}$ Log Analyzer (below, ALA), provides scalability and communication of the same model or between heterogeneous. In this paper, we evaluated the performance of ALA by presenting the design of the database system that you can use the ALA, to satisfy all the synchronization features high scalability and high availability, real-time.

• International Journal of Computer Science & Network Security
• /
• v.21 no.6
• /
• pp.312-318
• /
• 2021

Lack of knowledge and digital skills is a threat to the information security of the state and society, so the formation and development of organizational culture of information security is extremely important to manage this threat. The purpose of the article is to assess the state of information security of the state and society. The research methodology is based on a quantitative statistical analysis of the information security culture according to the EU-27 2019. The theoretical basis of the study is the theory of defense motivation (PMT), which involves predicting the individual negative consequences of certain events and the desire to minimize them, which determines the motive for protection. The results show the passive behavior of EU citizens in ensuring information security, which is confirmed by the low level of participation in trainings for the development of digital skills and mastery of basic or above basic overall digital skills 56% of the EU population with a deviation of 16%. High risks to information security in the context of damage to information assets, including software and databases, have been identified. Passive behavior of the population also involves the use of standard identification procedures when using the Internet (login, password, SMS). At the same time, 69% of EU citizens are aware of methods of tracking Internet activity and access control capabilities (denial of permission to use personal data, access to geographical location, profile or content on social networking sites or shared online storage, site security checks). Phishing and illegal acquisition of personal data are the biggest threats to EU citizens. It have been identified problems related to information security: restrictions on the purchase of products, Internet banking, provision of personal information, communication, etc. The practical value of this research is the possibility of applying the results in the development of programs of education, training and public awareness of security issues.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.25-31
• /
• 2015

FinTech(Financial Technology) is defined as the technique to create efficient financial services using IT technologies. FinTech is an innovative technology through IT platform and big data, and is expected to improve the security and problems of the conventional banking system. Domestic financial institutions has introduced the technologies and investment in order to provide safe and effective services to users. However, In the financial environment, information disclosure and security incident has occurred so they has lost the trust from their customers. Moreover new variant of the security threats and attack techniques have occurred. Therefore, in this paper, we designed a authentication scheme for secure payment system in FinTech environment. The proposed study evaluated the stability of the existing security systems with respect to attack methods occurred in the financial environment.

• The Journal of Information Technology
• /
• v.6 no.4
• /
• pp.147-162
• /
• 2003

The technique of information-communication rapidly developed has made it possible for us to do business through Internet. Electronic commerce was increased rapidly by the explosive development of the inter and communication revolution. E-Commerce has created a fundamentally new way of conduction and will change drastically accepted ways of doing business. Normally international trade has been formulated in a way that exporters and importers meet face-to-face and contract and pay by letter of credits. For the global electronic commerce to vitalized, the outstanding matters should encourage the creation of infrastructure of information security and new models in the field of electronic payment systems, electronic commerce agreement for remedy, adapting electronic date interchange in transport documents and negotiability of electronic bills of lading. The payment systems such as electronic fund transfers, tradecard system and electronic letters of credits issued by SWIFT system permit the parties concerned(sellers, buyers ad service providers) to settle payment electronically. Still they are many limitations for complete international electronic transactions. The following measures have to be taken to vitalize electronic trade transactions. It is needed to acquire information security such as authenticity, integrity, non-repudiation and confidentiality. All kinds of documents need to be replaced by electronic date exchange and the legal structure of international convention, national law for electronic payment systems have to be completed. Also a detailed guide of the banking operation and developing rules for electronic letters of credits need to be provided to adopt eUCP rules for the electronic presentation of documents.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.48 no.3
• /
• pp.91-101
• /
• 2011

Internet is becoming increasingly popular due to the rapid development of information and communication technology. There has been a convenient social activities such as the mutual exchange of information, e-commerce, internet banking, etc. through cyberspace on a computer. However, by using the convenience of the internet, the personal IDs(identity card, driving license, passport, student ID, etc.) represented by the electronic media are exposed on the internet frequently. Therefore, this study propose a feature extraction method to analyze the characteristics of image files containing personal information and a image retrieval method to find the images using the extracted features. The proposed method selects the feature information from color, texture, and shape of the images, and the images as searched by similarity analysis between feature information. The result which it experiments from the image which it acquires from the web-based image DB and correct image retrieval rate is 89%, the computing time per frame is 0.17 seconds. The proposed method can be efficiently apply a system to search the image files containing personal information and to determine the criteria of exposure of personal information.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.43 no.2
• /
• pp.56-64
• /
• 2020

This paper is a follow up to the previous study which reveals that smartphone users are divided into three subcategories according to their usage characteristics. In this paper, these groups are called as 'general', 'entertainment', and 'work-assistant', taking into account their respective characteristics. The 'general' is a group whose smartphone usage characteristics are not focused on a specific purpose, the 'entertainment' is focused on music, internet, SNS, picture, and e-banking, and the 'work-assistant' is on work, GPS, diary. Inter-relation between the importance and satisfaction for the purchase determinants to the groups is investigated. In addition, Kano analysis of quality attributes is also performed, which includes quality type, satisfaction/dissatisfaction index, and PCSI (Potential Customer Satisfaction Improvement) index. The analysis result are as follows. Firstly, inter-relation between importance and satisfaction differs by user group. 'Internet', 'Ease of use', and 'Performance' purchase determinants are evaluated as competitive determinants in 'work-assistant' user group. Secondly Kano quality types of quality characteristics also differs by user group. 'Application' was classified as an attractive (A) types to 'entertainment' group and so on. 'Internet' 'Failure/Bug', 'Touch response rate' and 'Charging' are located in 'Nice' Region of S-PCSI Diagram and have to be considered as strategic quality characteristics. The results of this study is expected to give some helps in establishing a customer tailored quality strategy.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.19
• /
• pp.224-242
• /
• 2003

The author believes that the main task of study in international trade usage and practice is the management of transactional risks involved in international sale of goods. They are foreign exchange risks, transportation risks, credit risk, risk of miscommunication, etc. In most cases, these risks are more serious and enormous than those involved in domestic sales. Historically, the merchant adventurers organized the voyage abroad, secured trade finance, and went around the ocean with their own or consigned cargo until around the $mid-19^{th}$ century. They did business faceto-face at the trade fair or the open port where they maintained the local offices, so-called "Trading House"(商館). Thererfore, the transactional risks might have been one-sided either with the seller or the buyer. The bottomry seemed a typical arrangement for risk sharing among the interested parties to the adventure. In this way, such organizational arrangements coped with or bore the transactional risks. With the advent of ocean liner services and wireless communication across the national border in the $19^{th}$ century, the business of merchant adventurers developed toward the clear division of labor; sales by mercantile agents, and ocean transportation by the steam ship companies. The international banking helped the process to be accelerated. Then, bills of lading backed up by the statute made it possible to conduct documentary sales with a foreign partner in different country. Thus, FOB terms including ocean freight and CIF terms emerged gradually as standard trade terms in which transactional risks were allocated through negotiation between the seller and the buyer located in different countries. Both of them did not have to go abroad with their cargo. Instead, documentation in compliance with the terms of the contract(plus an L/C in some cases) must by 'strictly' fulfilled. In other words, the set of contractual documents must be tendered in advance of the arrival of the goods at port of discharge. Trust or reliance is placed on such contractual paper documents. However, the container transport services introduced as international intermodal transport since the late 1960s frequently caused the earlier arrival of the goods at the destination before the presentation of the set of paper documents, which may take 5 to 10% of the amount of transaction. In addition, the size of the container vessel required the speedy transport documentation before sailing from the port of loading. In these circumstances, computerized processing of transport related documents became essential for inexpensive transaction cost and uninterrupted distribution of the goods. Such computerization does not stop at the phase of transportation but extends to cover the whole process of international trade, transforming the documentary sales into less-paper trade and further into paperless trade, i.e., EDI or E-Commerce. Now we face the other side of the coin, which is data security and paperless transfer of legal rights and obligations. Unfortunately, these issues are not effectively covered by a set of contracts only. Obviously, EDI or E-Commerce is based on the common business process and harmonized system of various data codes as well as the standard message formats. This essential feature of E-Commerce needs effective coordination of different divisions of business and tight control over credit arrangements in addition to the standard contract of sales. In a few word, information does not alway invite "trust". Credit flows from people, or close organizational tie-ups. It is our common understanding that, without well-orchestrated organizational arrangements made by leading companies, E-Commerce does not work well for paperless trade. With such arrangements well in place, participating E-business members do not need to seriously care for credit risk. Finally, it is also clear that E-International Commerce must be linked up with a set of government EDIs such as NACCS, Port EDI, JETRAS, etc, in Japan. Therefore, there is still a long way before us to go for E-Commerce in practice, not on the top of information manager's desk.