• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.1
• /
• pp.133-146
• /
• 2015

Ever sophisticated e-finance fraud techniques have led to an increasing number of reported phishing incidents. Financial authorities, in response, have recommended that we enhance existing Fraud Detection Systems (FDS) of banks and other financial institutions. FDSs are systems designed to prevent e-finance accidents through real-time access and validity checks on client transactions. The effectiveness of an FDS depends largely on how fast it can analyze and detect abnormalities in large amounts of customer transaction data. In this study we detect fraudulent transaction patterns and establish detection rules through e-finance accident data analyses. Abnormalities are flagged by comparing individual client transaction patterns with client profiles, using the ruleset. We propose an effective flagging method that uses decision trees to normalize detection rules. In demonstration, we extracted customer usage patterns, customer profile informations and detection rules from the e-finance accident data of an actual domestic(Korean) bank. We then compared the results of our decision tree-normalized detection rules with the results of a sequential detection and confirmed the efficiency of our methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.653-671
• /
• 2017

The majority of financial institutions are complying with the ratio of the total number of IT staff to total IT regulatory regulations, regardless of the size of the financial institutions and the scope of the information security work. The risk is spreading as a result of the information security workforce neglect their own work because of having multiple tasks. In this study, we propose a method to estimate the number of workforce needed in consideration of the size of financial companies and the characteristics of information security work, and to establish a systematic information security organization to respond more effectively to financial security accidents.

• Korean System Dynamics Review
• /
• v.16 no.4
• /
• pp.31-50
• /
• 2015

The purpose of this research is to understand a structural relationship between financial regulations and security industry based on the systems thinking perspective using causal loop analysis. As a result, the positive regulations on security technology against finance security incidents shrink the autonomy of the security industry and will deteriorate the competitiveness of the security industry through the unknown feedback loop. The conclusion provides the direction that policy makers understand causal loop diagram related current regulations and open enough to the consideration of the negative regulations.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.05a
• /
• pp.747-749
• /
• 2017

To protect financial services against danger of financial accidents and customer information leakage caused by malware, injection attack and so on, Financial Services Commission announced "Financial Networks Security Enhancement Comprehensive Plan", which suggests the guideline of protecting customer information and providing secure financial services by separating network topology and then makes the financial company use network partitioning system. In consequence of this policy, financial companies respectively chose between the physical partitioning mechanism or the logical partitioning mechanism according to their IT environment. This paper suggests an efficient infrastructure configuration plan for making the logical network partition, by comparison of a construction of traditional general equipment and an integrated HCI(Hyper Converged Infrastructure) through 'Hyper Converged' which is one of virualization techniques for developing currently, and the case study of the integrated HCI method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.67-81
• /
• 2010

As wide propagation of smartphones, e-commerce with smartphones increases rapidly. Such as transfer or stock trade systems. It has prospect that most of financial companies going to offer e-commerce systems via smartphones. And e-commerce via smartphones will be increased, hence the nature of smartphone that can be used whenever, wherever. However, legislation of e-commerce in Korea does not reflect these characteristics of smartphones, because it has set standards in regular PC. So that this study is security threat and feature of smartphones considering that the current legal system will use Certificate constraints, ensuring the safety of e-commerce and install security programs for protection of users, e-commerce responsible for the accident analysis has focused on the issues presented for this improvement.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.4
• /
• pp.669-679
• /
• 2014

This study introduces server-side security-oriented framework for smart financial service. Most of domestic financial institutions providing e-banking services have employed server-side framework which implement service-oriented architecture. Because such architecture accommodates business and security requirements at the same time, institutions are struggling to cope with the security incidents efficiently. The thesis suggests that separating security areas from business areas in the frameworks makes users to be able to apply security policies in real time without considering how these policies may affect business transactions. Security-oriented frameworks support rapid and effective countermeasures against security threats. Furthermore, plans to avoid significant changes on existing system when institutions implement these frameworks are discussed in the report.

• Proceedings of the Korean Institute of Navigation and Port Research Conference
• /
• 2015.10a
• /
• pp.187-189
• /
• 2015

해양사고를 야기하는 위기(risk) 또는 해저드(hazard)는 세계 경제 및 물류, 기상환경, 금융, 선종개발, 기술개발 등 다양한 요소에 의해서 수시로 변한다. 변한 위기에 대해서 사전에 대응방안을 수립하지 못한 경우 대규모 해양사고로 연계될 가능성이 크다. 그 이유는 대응방안을 사전에 고려하지 못했거나 준비하지 못한 해양사고는 사전대응책이 마련된 사고와 비교하여 대응하는 방법과 대응속도 등이 다르기 때문이다. 본 연구에서는 현재까지 새로 창출된 다양한 위기를 각종 보고서, 논문 등을 통해서 식별하고 분류하여 현재까지 식별하지 못한 위기를 구분하고, 식별하였더라도 새로운 사고를 유발한 위기를 식별하여 사전에 예방책을 강구하는 것이 목적이다. 연구 대상이 방대하기 때문에 본 연구에서는 일단, 알리안츠 보험회사 자료에서 획득한 위기분석 결과를 토대로 위기를 식별하고, 이에 대한 시나리오를 전개하였다. 이를 통해서 추후 연구방법을 검토하고자 한다.

• The KIPS Transactions:PartC
• /
• v.18C no.2
• /
• pp.71-78
• /
• 2011

Financial accidents such as password exposure of credit cards or bankbooks occur often when a password is inputted to ATM/CD(Automated Teller Machines and Cash Dispenser), so particular attention is required when inputting a password. This study suggested a method to input a password safely to prevent stealing a glance at a password in case of the use of ATM/CD. The method is that users input a password when numbers are randomly displayed and disappear not to notice the password even though someone is next to or behind the users. As methods to input a password safely, the study verified safety by dividing the methods into a test of shoulder surfing, an intuitive perspective, and a theoretical analysis. In addition, the result of implementation to apply the method to ATM/CD shows that a percentage of acquiring a password from the attack of shoulder surfing is found to be lower than an existing method, so password exposure can be prevented.

• The Journal of Society for e-Business Studies
• /
• v.22 no.4
• /
• pp.129-139
• /
• 2017

With the advent of FinTech, many financial services have become available in the mobile Internet environment and recently, there is an internet bank that provides all bank services online. As the proportion of financial services over the Internet increases, it offers convenience to users, but at the same time, the threat of financial network is increasing. Financial institutions are investing heavily in security systems in case of an intrusion. However attacks by hackers are getting more sophisticated and difficult to cope with. However, applying an IP Trace-back method that can detect the actual location of an attacker to a financial network can prepare for an attacker's arrest and additional attacks. In this paper, we investigate IP Trace-back technology that can detect the actual location of attacker and analyze it to apply it to financial network. And we propose a new IP Trace-back method through Infra-structure construction through simulation experiments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1243-1261
• /
• 2014

With the methods of electronic financial frauds becoming advanced, economic losses have greatly increased. The Electronic Financial Fraud Prevention Service(hereafter EFFPS) has taken effect to prevent electronic financial frauds, but economic losses still occurring. This paper aimed to suggest a direction for improvement of the EFFPS, through the analysis of electronic financial fraud cases. As a result of analysis on the fraud cases before and after implementation of the EFFPS, 'Fraud using Smartphone App' and 'Fraud using Calls and SMS' were increased after implementation of the EFFPS, and also the damage cost of 'Fraud using Smartphone App' had increased. Also we revealed some limitations of the EFFPS. For complementing this limitations, authors considered direction for improvement of the EFFPS focus on application of current services/systems related prevention of electronic financial fraud and considered the ways that are make connection with several measurements related prevention currently being discussed and implemented in perspective of defense in depth.