• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.615-625
• /
• 2015

This paper proposes new methods and examples for improving fraud detection rules based on banking customer's transaction behaviors focused on anomaly detection method. This study investigates real example that FDS(Fraud Detection System) regards fraudulent transaction as legitimate transaction and figures out fraudulent types and transaction patterns. To understanding the cases that FDS regard legitimate transaction as fraudulent transaction, it investigates all transactions that requied additional authentications or outbound call. We infered additional facts to refine detection rules in progress of outbound calling and applied to existing detection rules to improve. The main results of this study is the following: (a) Type I error is decreased (b) Type II errors are also decreased. The major contribution of this paper is the improvement of effectiveness in detecting fraudulent transaction using transaction behaviors and providing a continuous method that elevate fraud detection rules.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1293-1308
• /
• 2014

The cause of privacy extrusion in credit card company at 2014 is usage of the original data in test system. By Electronic banking supervision regulations of the Financial Supervisory Service and Information Security business best practices of Finance information technology (IT) sector, the data to identify the customer in the test system should be used to convert. Following this guidelines, Financial firms use converted customer identificaion data by loading in test system. However, there is some risks that may be introduced unintentionally by user mistake or lack of administrative or technical security in the process of testing. also control and risk management processes for those risks did not studied. These situations are conducive to increasing the compliance violation possibility of supervisory institution. So in this paper, we present and prove the process to eliminate the compliance violation possibility of supervisory institution by controlling and managing the unidentified conversion customer identification data and check the effectiveness of the process.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.12 no.4
• /
• pp.1911-1918
• /
• 2011

Internet banking, electronic financial services and internet telephony service can be available on smart phone recently. In this case, more robust authentication mechanisms should be provided for enhancing security on it. In this study, a facial biometric ID based one-time password generation mechanism is designed and implemented for enhancing user authentication on smart phone. After capturing a facial biometric data using camera module on smart phone, it is sent to server to generate one-time biometric ID. Finally one-time password will be generated by client module after receiving the one time biometric ID based challenge token from the server. Using proposed biometric ID based one-time password mechanism, it is possible for us to provide more secure user authentication service on smart phone for SIP protocol.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.3
• /
• pp.1439-1444
• /
• 2013

Recently, as the use of the applications like online banking and stock trading is increasing by the rapid development of the network, security of data content is becoming more and more important. Accordingly, public key or symmetric key encryption algorithm is widely used in open networks such as the internet for the protection of data. Generally, public key cryptographic systems is based on two famous number theoretic problems namely factoring or discrete logarithm problem. So, public key cryptographic systems is relatively slow compared to symmetric key cryptography systems. Among public key cryptographic systems, the advantage of ECC compared to RSA is that it offers equal security for a far smaller key. For this reason, ECC is faster than RSA. In this paper, we propose a efficient key generation method for elliptic curve cryptography system based on the real number field.

• The Journal of the Korea Contents Association
• /
• v.20 no.12
• /
• pp.266-277
• /
• 2020

As users' convenience increases, the issue of personal information leakage about smartphones is also becoming serious. Since all of the user's personal information needed to provide functions such as electronic banking services and personal file storage is stored in the smartphone, the user's important personal information may be exposed if the smartphone is lost or stolen. In order to protect this privacy, governments and telecommunications companies offer smartphone locking or initialization services, but there are many loopholes and problems. In this paper, we design and implement applications that prevent malicious use of a user's personal information stored on a smartphone when a smartphone is lost or stolen, and that automatically initializes the smartphone used after removing or altering the USIM chip and destroys the user's personal information stored within the phone. The proposed application prevents users from maliciously using their personal information when a smartphone is lost or stolen.

• International Commerce and Information Review
• /
• v.19 no.1
• /
• pp.43-63
• /
• 2017

I focused on LVTS compare with Fedwire to advance a research effects in this paper. The Fedwire Funds Service is generally used to make large-value, time-critical payments. The Federal Reserve Banks provide the Fedwire Funds Service, a real-time gross settlement system that enables participants to initiate funds transfer that are immediate, final, and irrevocable once processed. The Fedwire Funds Service is a credit transfer service. While, The LVTS(Large Value Transfer System) is the high value electronic wire system that facilitates the transfer of irrevocable payments in canadian dollars across the country. Through LVTS, funds can be transferred between participating financial institutions virtually instantaneously in a fully collateralized environment. Thus in this article, first of all, I considered features of payment system between LVTS and Fedwire. Second, I analyzed the governing structure and legal background. Third, I focused on the operational policy and risk aversion policy. Lastly, I suggested that the payment and banking system have to assume, with good reason, more efficiently accurately and securely operation together with conclusion.

• The KIPS Transactions:PartA
• /
• v.19A no.1
• /
• pp.51-60
• /
• 2012

IC(Integrated circuits)card, generally be named smard card, embedded MPU(Micro Processor Unit) of small-size, memory, EEPROM, Card Operating System(COS) and security algorithm. The IC card is used in almost all industry such as a finance(credit, bank, stock etc.), a traffic, a communication, a medical, a electronic passport, a membership management and etc. Recently, a application field of IC card is on the increase by method for payments of T-commerce, as T-commerce is becoming a new growth engine of the broadcating industry by trend of broadcasting and telecommunication convergence, smart mechanization of TV. For example, we can pay in IC credit card(or IC cash card) on T-Commerce. or we can be provided TV banking service in IC cash card such as ATM. However, so far, T-commerce payment services have weakness in security such as storage and disclosure of card information as well as dropping sharply about custom ease because of taking advantage of card information input method using remote control. To solve this problem, This paper developed processing payment module for implementing TV electronic payment system using IC credit card payment standard, EMV.

• Journal of the Korean Society for information Management
• /
• v.19 no.1
• /
• pp.23-46
• /
• 2002

With explosively increasing digital contents, library and Information center should have a new role between knowledge providers and knowledge users as information brokering organization. Electronic transaction system should be required for performing this brokering service since economic value is added to information and knowledge in information society. The developments and changes around library are keeping up with increasing building digital library and digitalizing printed sources. With the rapidly changing circumstances, the Internet is currently witnessing an explosive growth. By serving as a virtual information resource. the Internet can dramatically change the way business is conducted and Information is provided. However because of features o( the Internet like openness and information sharing, it has fundamental vulnerabilities in security issues. For Instance, disclosure of private information and line eavesdropping such as password, banking account, transaction data on network and so on are primary obstruction factors to activation of digital contents delivery on network. For high network security and authentication, this paper looks at smart card technologies and proposes multi-authentication protocol based on smart card on open network, implements and analyzes it.

• Journal of KIISE:Information Networking
• /
• v.30 no.1
• /
• pp.75-81
• /
• 2003

User authentication, including confidentiality, integrity over untrusted networks, is an important part of security for systems that allow remote access. Using human-memorable Password for remote user authentication is not easy due to the low entropy of the password, which constrained by the memory of the user. This paper presents a new password authentication and key agreement protocol suitable for authenticating users and exchanging keys over an insecure channel. The new protocol resists the dictionary attack and offers perfect forward secrecy, which means that revealing the password to an attacher does not help him obtain the session keys of past sessions against future compromises. Additionally user passwords are stored in a form that is not plaintext-equivalent to the password itself, so an attacker who captures the password database cannot use it directly to compromise security and gain immediate access to the server. It does not have to resort to a PKI or trusted third party such as a key server or arbitrator So no keys and certificates stored on the users computer. Further desirable properties are to minimize setup time by keeping the number of flows and the computation time. This is very useful in application which secure password authentication is required such as home banking through web, SSL, SET, IPSEC, telnet, ftp, and user mobile situation.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.3
• /
• pp.1428-1438
• /
• 2013

Services take place in Internet environment, a formation of the trust relationship between user and service provider for services. Different authentication schemes such as using Certificate of Public Key Infrastructure authentication and using ID/PW for a simple user authentication have been proposed for trust relationship. In addition, in the case of electronic financial transactions, transaction integrity and non-repudiation features are provided. These services are provided in Internet environment, use various measures to ensure service safety. However, it was difficult to prevent attacks using existing security technology because of emergence of MITB attack that manipulate the memory area of the Web browser and social engineering attacks such as phishing/pharming, requires application of new security technologies became. In this paper, we propose a concept of smart secure-pad, and utilize it safely formed a trust relationship between user and service provider, a model has been proposed to ensure safety of data transmission. Proposed model's security evaluation results show security against to MITB attack and phishing/pharming that can't be prevent attack using existing security technology. In addition, service provider can easily apply the model in safe environment can provide Internet service using provided representative services applying the proposed model.