Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.1.115

A Study on Risk Analysis and Countermeasures of Electronic Financial Fraud  

Jeong, Dae Yong (Graduate School of Information Security, Korea University)
Kim, Gibum (Graduate School of Information Security, Korea University)
Lee, Sangjin (Graduate School of Information Security, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.1, 2017 , pp. 115-128 More about this Journal
Abstract
The methods of electronic financial fraud continue to evolve. Various research and countermeasures have been proposed to counter this problem, but it is difficult to eradicate it. The purpose of this study is to analyze the risk of electronic financial fraud through MS Threat Risk Modeling and to propose the countermeasures against the electronic financial fraud. As a result of the analysis, it is confirmed that despite the difference of authentication methods, there is a high risk of pharming, and it is difficult to prevent attack by using only additional authentication means, device security or user authentication based security system. Therefore, this study suggests the introduction of preventive measures such as readjustment of transaction limit by security means, account authentication, and additional physical security measures. It also suggests the establishment and implementation of a comprehensive electronic financial fraud prevention policy through linkage of electronic fraud prevention system and improvement of public relations and user awareness.
Keywords
Electronic Financial Fraud; Consumer Financial Information Security; Threat risk modeling; Threat modeling; Attack tree; STRIDE; DREAD;
Citations & Related Records
Times Cited By KSCI : 6  (Citation Analysis)
연도 인용수 순위
1 FSC(Financial Services Commission) and FSS(Financial Supervisory Servi ce), "Electronic Financial Fraud Prevention Service Test Operation- EnforcementofIdentificationProcedure on Replacement of Certificate and Electronic Transaction," Press Release, Sep. 14, 2012.
2 Dae Yong Jeong, Kyung-bok Lee, and Tae Hyoung Park, "A Study on Improving the Electronic Financial Fraud Prevention Service," Journal of the Korea Institute of Information Security and Cryptology, 24(6), pp. 1243-1261, Dec. 2014.   DOI
3 Ji Hwon Song, So Jun Ryu, "Malware evolution... Phising and Qshing Attack PC . Smartphone at same time," KISA Internet & Security Focus, pp. 36-54, Jul. 2014.
4 Yonhap News, "ARS certification require ments in the chat window... appeared ne w financial fraud," http://www.yonhapn ews.co.kr/economy/2014/03/20/0301000 000AKR20140320180900002.HTML, Mar. 2014.
5 ISO/IEC, "Standard 13335-1: Information technology - Security techniques - Management of information and communications technology security," Nov. 2004.
6 Korea Information Security Agency, "Guide to Information Security Management System Risk Management," Nov. 2004.
7 Cha Won Joo, "A Study on risk analysis and countermeasures of the type of cyber breaches to Public institutions," Master's Thesis, Korea University, Jun. 2013.
8 Rao, K. Ram Mohan, and Durgesh Pant. "A threat risk modeling framework for Geospatial Weather Information System (GWIS): DREAD based study," International Journal of Advanced Computer Science and Applications 1(3), pp. 20-28, Sep. 2010.   DOI
9 OWASP(The Open Web Application Security Project), "Threat Risk Modeling", Available : https://www.owasp.org/index.php/Threat_Risk_Modeling
10 Joon ho Sa and Sangjin Lee, "Real-time Phishing Site Detection Method," Journal of The Korea Institute of Information Security and Cryptology, 22(4), pp. 819-825, Aug. 2012.
11 Dong-won Kim. et al. "Telemedicine Security Risk Evaluation Using Attack Tree," Journal of the Korea Institute of Information Security and Cryptology, 25(4), pp. 951-960, Aug. 2015.   DOI
12 Ki-Hong Park, Jun-Hwan Lee and Han-Jin Cho, "Countermeasure against Social Technologic Attack using Privacy Input-Detection," The Journal of the Korea Contents Association, 12(5), pp. 32-39, May 2012.   DOI
13 Gangshin Lee, "A Study on Improving Security Controls in the Electronic Financial Transaction," Journal of the Korea Institute of Information Security and Cryptology, 25(4), pp. 881-888, Aug. 2015.   DOI
14 Kim Kyoung Gon. et al., "Using Threat Modeling for Risk Analysis of SmartHome," Proceedings of Symposium of the Korean Institute of communications and Information Sciences, pp 378-379, Nov. 2015.
15 Microsoft, "Threat Modeling Web Applications," Available : https://msdn.microsof t.com/library/ms978516.aspx
16 Microsoft, "The STRIDE Threat Model," available : https://msdn.microsoft.com/en-us/library/ee823878(v=cs.20).aspx
17 Eui-soon Choi, Kyung-ho Lee, "A Study on Improvement of Effectiveness Using Anomaly Analysis rule modification in Electronic Finance Trading," Journal of the Korea Institute of Information Security and Cryptology, 25(3), pp. 615-625, Jun. 2015.   DOI
18 Woori bank, "ARS certified fraud through real-time chat window," Available : http s://spot.wooribank.com/pot/Dream?wit hyou=CQSCT0116&ARTICLE_ID=1509 5&BOARD_ID=B00301&bbsMode=view
19 Schneier, Bruce, "Attack Trees," Dr. Dobb's Journal of Software Tools, 24(12), pp. 21-29, Dec. 1999.
20 Microsoft, "Threat Modeling," available : https://msdn.microsoft.com/en-us/library/ff648644.aspx.
21 Financial Security Agency, "Research Report on the New Authentication Technologies for Electronic Financial Transaction," Financial Security Agency's Research Report. 2011-01, pp. 38-48, Mar. 2011.
22 The Bank of Korea "2016 1stQ, the domestic Internet banking service usage," Press Release, May 2016.