Banking and Bookkeeping Principles of Information Security PDF
Document Details
Uploaded by Deleted User
Tags
Summary
This document provides an introduction to banking and bookkeeping principles, focusing on the role of information security within these areas. It includes details about components of banking, bookkeeping, and discusses various computer-based systems used by banks.
Full Transcript
Banking and Bookkeeping Introduction Banking and bookkeeping involve the management of financial transactions and records, and in the context of information security, there are several considerations to ensure the confidentiality, integrity, and availability of financial...
Banking and Bookkeeping Introduction Banking and bookkeeping involve the management of financial transactions and records, and in the context of information security, there are several considerations to ensure the confidentiality, integrity, and availability of financial data. The primary functions of banking are to facilitate the handling of money, financial transactions, and the flow of capital within an economy. The purpose of bookkeeping is to create an accurate and up-to- date record of a company's financial affairs, providing the foundation for financial statements, reports, and analysis. Principles of Information Security, 2nd Edition 2 Components of Banking Accepting Deposits Providing loans and credits Electronic fund transfers Currency exchange Credit and Debit cards Online and Mobile banking Mortgage and home loans Risk management Principles of Information Security, 2nd Edition 3 Components of Bookkeeping Recording transactions Ledger entries Double entry system (one account debited and other credited) Trial balance Financial statements Tax compliance Principles of Information Security, 2nd Edition 4 Components of Bookkeeping Recording transactions Every financial transaction, such as sales, purchases, expenses, and payments, is recorded in a systematic and chronological manner. This process involves documenting the date, amount, description, and relevant accounts affected by each transaction. Ledger entries Transactions are posted to ledger accounts, which are individual accounts for specific assets, liabilities, equity, revenue, and expense items. The ledger provides a detailed record of each account's activity. Tax compliance Accurate bookkeeping is crucial for fulfilling tax obligations. It provides the necessary documentation for calculating taxable income, deductions, and credits. Principles of Information Security, 2nd Edition 5 Components of Bookkeeping Double entry system Bookkeeping typically follows the double-entry accounting system. This means that every transaction affects at least two accounts, with one account debited and another credited. The total debits must equal the total credits, ensuring that the accounting equation (Assets = Liabilities + Equity) is balanced. Trial balance A trial balance is prepared periodically (usually at the end of an accounting period) to ensure that the total debits equal total credits. It serves as a preliminary check on the accuracy of the accounting records. Financial statements Based on the information in the ledger, financial statements are prepared. The primary financial statements include the Income Statement (or Profit and Loss Statement), Balance Sheet, and Cash Flow Statement. Principles of Information Security, 2nd Edition 6 Banking and bookkeeping Banks extensively use computers for bookkeeping and various other financial operations. The integration of computer technology in the banking industry has transformed the way financial transactions are recorded, managed, and analyzed. Principles of Information Security, 2nd Edition 7 Banking and bookkeeping Several ways which use computers for bookkeeping in banks: Account Management Systems Core Banking Systems General Ledger Software Online Banking Platforms Automated Teller Machines (ATMs) Credit Scoring and Risk Management Systems Data Analytics and Reporting Tools Fraud Detection Systems Customer Relationship Management (CRM) Systems Security Systems and Encryption Principles of Information Security, 2nd Edition 8 Banking and bookkeeping Account Management Systems: Banks use computerized systems to keep track of customer accounts to store and manage information related to account balances, transactions, interest etc. Core Banking Systems: Core banking systems are software platforms that support various banking functions, including bookkeeping. General Ledger Software: Used to record and organize financial transactions and helps in creating detailed and accurate accounting records, including entries for assets, liabilities, income, and expenses. Automated Teller Machines (ATMs): ATMs are computerized systems that facilitate self-service banking. They record transactions such as cash withdrawals, deposits, and account balance inquiries, updating the central banking systems in real-time. Principles of Information Security, 2nd Edition 9 Banking and bookkeeping Online Banking Platforms: Online banking relies on computer systems to provide customers with access to their accounts, transaction history, and other financial information. It allows users to perform various transactions, check balances, and view statements through secure online interfaces. Credit Scoring and Risk Management Systems: Banks use computer algorithms and models to assess creditworthiness and manage financial risks. These systems help in making informed lending decisions and managing the overall financial health of the institution. Fraud Detection Systems: Advanced computer systems with algorithms and machine learning capabilities are used for detecting and preventing fraudulent activities. These systems analyze transaction patterns and raise alerts for suspicious activities. Principles of Information Security, 2nd Edition 10 Banking and bookkeeping Data Analytics and Reporting Tools: Computer systems are employed for data analytics and generating financial reports. Banks use these tools to analyze trends, assess performance, and generate regulatory reports required by financial authorities. Customer Relationship Management (CRM) Systems: CRM systems assist banks in managing customer interactions and maintaining detailed customer profiles. These systems often integrate with bookkeeping software to provide a holistic view of customer relationships. Security Systems and Encryption: Banks use computer-based security systems to protect financial data. Encryption technologies are employed to secure data during transmission and storage, ensuring the confidentiality and integrity of sensitive information. Principles of Information Security, 2nd Edition 11 Threats Faced by Banks Phishing Malware Spoofing Data Manipulation Principles of Information Security, 2nd Edition 12 CIA with Banking and Bookkeeping Confidentiality: Secure Access Control: Implement strong access controls to ensure that only authorized personnel have access to financial data. This includes using role-based access, strong authentication mechanisms, and limiting access to a need-to- know basis. Encryption: Use encryption to protect sensitive financial information during transmission and storage. This is crucial for safeguarding data as it moves between systems and when it is stored in databases or on servers. Principles of Information Security, 2nd Edition 13 CIA with Banking and Bookkeeping Integrity: Data Validation: Implement robust data validation processes to ensure that financial data is accurate and has not been tampered with. This is important for preventing unauthorized modifications to transaction records. Audit Trails: Maintain detailed audit trails that log changes to financial data. These logs can help in identifying and investigating any unauthorized alterations or suspicious activities. Principles of Information Security, 2nd Edition 14 CIA with Banking and Bookkeeping Availability: Redundancy and Backups: Implement redundancy and regular backups to ensure the availability of financial data in case of system failures, data corruption, or other disasters. This includes offsite backups for disaster recovery purposes. Incident Response Planning: Develop and regularly test incident response plans to address any disruptions to financial systems promptly. This ensures a quick recovery and minimizes downtime. Principles of Information Security, 2nd Edition 15 Authentication in Banking PIN (Personal Identification Number) Biometric Authentication One-Time Passwords (OTP) Knowledge-Based Authentication (KBA) verifying a user's identity by asking questions based on personal information that only the legitimate user should know. Multi-Factor Authentication (MFA) Smart Cards with Cryptographic Authentication Static Data Authentication (SDA) Dynamic Data Authentication (DDA) RFID Principles of Information Security, 2nd Edition 16 Authentication in Banking Static Data Authentication (SDA) Dynamic Data Authentication (DDA) These authentication methods contribute to the security of transactions by protecting the integrity and authenticity of data during the payment process. Both SDA and DDA are implemented using the chip (EMV) technology in payment cards. EMV (Europay, Mastercard, and Visa) Principles of Information Security, 2nd Edition 17 Static Data Authentication (SDA) SDA involves the authentication of static data stored on the card's chip. The card's chip contains static data, including information such as the cardholder's name, card number, expiration date, and a static digital signature. The static signature is generated during the card's personalization process and remains the same for all transactions. Transaction Process: During a transaction, the chip provides the static signature to the terminal. The terminal uses the card's public key (previously stored) to verify the signature's authenticity. The static nature of the data means that the same signature is used for every transaction, which makes it less resistant to certain types of attacks. Example: A customer uses a payment card with an embedded chip for an in-store purchase. Principles of Information Security, 2nd Edition 18 Static Data Authentication (SDA) Example: A customer uses a payment card with an embedded chip for an in-store purchase. Process: 1. The customer inserts the card into the chip reader at the point of sale (POS) terminal. 2. The chip on the card provides the static data, including the cardholder's name, card number, expiration date, and a static digital signature. 3. The POS terminal reads the static data and uses the card's public key (previously stored) to verify the static digital signature. 4. If the signature is valid, the transaction is approved. Principles of Information Security, 2nd Edition 19 Dynamic Data Authentication (DDA) DDA involves the authentication of dynamic data generated for each transaction. The card's chip generates a unique digital signature for each transaction, incorporating dynamic elements such as a unique transaction counter and cryptograms. The dynamic data makes it significantly more secure compared to static data, as the information changes for every transaction. Transaction Process: During a transaction, the chip generates a dynamic signature based on the unique transaction data and the card's private key. The terminal verifies the dynamic signature using the card's public key, ensuring the authenticity and integrity of the transaction data. Example: A customer uses a payment card with an embedded chip for an online purchase. Principles of Information Security, 2nd Edition 20 Dynamic Data Authentication (DDA) Example: A customer uses a payment card with an embedded chip for an online purchase. Process: The customer initiates an online purchase, and the card's chip generates dynamic data for the transaction. The dynamic data includes elements such as a unique transaction counter and cryptograms, and it is used to create a unique digital signature. The chip sends the dynamic signature to the online payment gateway along with other transaction details. The online payment gateway verifies the dynamic signature using the card's public key, ensuring the authenticity and integrity of the transaction data. If the signature is valid, the online transaction is approved. Principles of Information Security, 2nd Edition 21 Radio-Frequency Identification(RFID) RFID, or Radio-Frequency Identification, is a technology that uses wireless communication to identify, track, and manage objects, people, or animals. RFID systems consist of tags (or transponders), readers (or interrogators), and a backend system for data processing. Many modern credit and debit cards use RFID technology for contactless payments. Customers can make transactions by simply tapping or waving their cards near a contactless-enabled terminal. Principles of Information Security, 2nd Edition 22 References A Guide to Building Dependable Distributed Systems, 3rd Edition Ross Anderson https://chat.openai.com/ https://intellipaat.com/ Principles of Information Security, 2nd Edition 23