Banking and Bookkeeping Principles of Information Security PDF

Summary

This document provides an introduction to banking and bookkeeping principles, focusing on the role of information security within these areas. It includes details about components of banking, bookkeeping, and discusses various computer-based systems used by banks.

Full Transcript

Banking and
Bookkeeping
 Introduction
 Banking and bookkeeping involve the management of financial
transactions and records, and in the context of information
security, there are several considerations to ensure the
confidentiality, integrity, and availability of financial data.
 The primary functions of banking are to facilitate the handling of
money, financial transactions, and the flow of capital within an
economy.
 The purpose of bookkeeping is to create an accurate and up-to-
date record of a company's financial affairs, providing the
foundation for financial statements, reports, and analysis.

Principles of Information Security, 2nd Edition
2
 Components of Banking
 Accepting Deposits
 Providing loans and credits
 Electronic fund transfers
 Currency exchange
 Credit and Debit cards
 Online and Mobile banking
 Mortgage and home loans
 Risk management

Principles of Information Security, 2nd Edition
3
 Components of Bookkeeping
 Recording transactions
 Ledger entries
 Double entry system (one account debited and other credited)
 Trial balance
 Financial statements
 Tax compliance

Principles of Information Security, 2nd Edition
4
 Components of Bookkeeping
 Recording transactions
 Every financial transaction, such as sales, purchases, expenses, and payments,
is recorded in a systematic and chronological manner. This process involves
documenting the date, amount, description, and relevant accounts affected by
each transaction.

 Ledger entries
 Transactions are posted to ledger accounts, which are individual accounts for
specific assets, liabilities, equity, revenue, and expense items. The ledger
provides a detailed record of each account's activity.

 Tax compliance
 Accurate bookkeeping is crucial for fulfilling tax obligations. It provides the
necessary documentation for calculating taxable income, deductions, and
credits.

Principles of Information Security, 2nd Edition
5
 Components of Bookkeeping
 Double entry system
 Bookkeeping typically follows the double-entry accounting system. This means
that every transaction affects at least two accounts, with one account debited
and another credited. The total debits must equal the total credits, ensuring
that the accounting equation (Assets = Liabilities + Equity) is balanced.

 Trial balance
 A trial balance is prepared periodically (usually at the end of an accounting
period) to ensure that the total debits equal total credits. It serves as a
preliminary check on the accuracy of the accounting records.

 Financial statements
 Based on the information in the ledger, financial statements are prepared. The
primary financial statements include the Income Statement (or Profit and Loss
Statement), Balance Sheet, and Cash Flow Statement.

Principles of Information Security, 2nd Edition
6
 Banking and bookkeeping
 Banks extensively use computers for bookkeeping and various
other financial operations.
 The integration of computer technology in the banking industry
has transformed the way financial transactions are recorded,
managed, and analyzed.

Principles of Information Security, 2nd Edition
7
 Banking and bookkeeping
 Several ways which use computers for bookkeeping in banks:
 Account Management Systems
 Core Banking Systems
 General Ledger Software
 Online Banking Platforms
 Automated Teller Machines (ATMs)
 Credit Scoring and Risk Management Systems
 Data Analytics and Reporting Tools
 Fraud Detection Systems
 Customer Relationship Management (CRM) Systems
 Security Systems and Encryption

Principles of Information Security, 2nd Edition
8
 Banking and bookkeeping
 Account Management Systems:
 Banks use computerized systems to keep track of customer accounts to store
and manage information related to account balances, transactions, interest etc.
 Core Banking Systems:
 Core banking systems are software platforms that support various banking
functions, including bookkeeping.
 General Ledger Software:
 Used to record and organize financial transactions and helps in creating
detailed and accurate accounting records, including entries for assets,
liabilities, income, and expenses.
 Automated Teller Machines (ATMs):
 ATMs are computerized systems that facilitate self-service banking. They
record transactions such as cash withdrawals, deposits, and account balance
inquiries, updating the central banking systems in real-time.

Principles of Information Security, 2nd Edition
9
 Banking and bookkeeping
 Online Banking Platforms:
 Online banking relies on computer systems to provide customers with access
to their accounts, transaction history, and other financial information. It allows
users to perform various transactions, check balances, and view statements
through secure online interfaces.
 Credit Scoring and Risk Management Systems:
 Banks use computer algorithms and models to assess creditworthiness and
manage financial risks. These systems help in making informed lending
decisions and managing the overall financial health of the institution.
 Fraud Detection Systems:
 Advanced computer systems with algorithms and machine learning
capabilities are used for detecting and preventing fraudulent activities. These
systems analyze transaction patterns and raise alerts for suspicious activities.

Principles of Information Security, 2nd Edition
10
 Banking and bookkeeping
 Data Analytics and Reporting Tools:
 Computer systems are employed for data analytics and generating financial
reports. Banks use these tools to analyze trends, assess performance, and
generate regulatory reports required by financial authorities.

 Customer Relationship Management (CRM) Systems:
 CRM systems assist banks in managing customer interactions and maintaining
detailed customer profiles. These systems often integrate with bookkeeping
software to provide a holistic view of customer relationships.

 Security Systems and Encryption:
 Banks use computer-based security systems to protect financial data.
Encryption technologies are employed to secure data during transmission and
storage, ensuring the confidentiality and integrity of sensitive information.

Principles of Information Security, 2nd Edition
11
 Threats Faced by Banks
 Phishing
 Malware
 Spoofing
 Data Manipulation

Principles of Information Security, 2nd Edition
12
 CIA with Banking and Bookkeeping
 Confidentiality:
 Secure Access Control: Implement strong access controls to
ensure that only authorized personnel have access to financial
data. This includes using role-based access, strong
authentication mechanisms, and limiting access to a need-to-
know basis.
 Encryption: Use encryption to protect sensitive financial
information during transmission and storage. This is crucial for
safeguarding data as it moves between systems and when it is
stored in databases or on servers.

Principles of Information Security, 2nd Edition
13
 CIA with Banking and Bookkeeping
 Integrity:
 Data Validation: Implement robust data validation processes
to ensure that financial data is accurate and has not been
tampered with. This is important for preventing unauthorized
modifications to transaction records.
 Audit Trails: Maintain detailed audit trails that log changes to
financial data. These logs can help in identifying and
investigating any unauthorized alterations or suspicious
activities.

Principles of Information Security, 2nd Edition
14
 CIA with Banking and Bookkeeping
 Availability:
 Redundancy and Backups: Implement redundancy and
regular backups to ensure the availability of financial data in
case of system failures, data corruption, or other disasters. This
includes offsite backups for disaster recovery purposes.
 Incident Response Planning: Develop and regularly test
incident response plans to address any disruptions to financial
systems promptly. This ensures a quick recovery and
minimizes downtime.

Principles of Information Security, 2nd Edition
15
 Authentication in Banking

 PIN (Personal Identification Number)
 Biometric Authentication
 One-Time Passwords (OTP)
 Knowledge-Based Authentication (KBA)
 verifying a user's identity by asking questions based on personal information
that only the legitimate user should know.
 Multi-Factor Authentication (MFA)
 Smart Cards with Cryptographic Authentication
 Static Data Authentication (SDA)
 Dynamic Data Authentication (DDA)
 RFID

Principles of Information Security, 2nd Edition
16
 Authentication in Banking

 Static Data Authentication (SDA)
 Dynamic Data Authentication (DDA)
 These authentication methods contribute to the security of
transactions by protecting the integrity and authenticity of data
during the payment process.
 Both SDA and DDA are implemented using the chip (EMV)
technology in payment cards.
 EMV (Europay, Mastercard, and Visa)

Principles of Information Security, 2nd Edition
17
 Static Data Authentication (SDA)
 SDA involves the authentication of static data stored on the card's
chip.
 The card's chip contains static data, including information such as
the cardholder's name, card number, expiration date, and a static
digital signature.
 The static signature is generated during the card's personalization
process and remains the same for all transactions.
 Transaction Process:
 During a transaction, the chip provides the static signature to the terminal. The
terminal uses the card's public key (previously stored) to verify the signature's
authenticity.
 The static nature of the data means that the same signature is used for every
transaction, which makes it less resistant to certain types of attacks.
 Example: A customer uses a payment card with an embedded chip
for an in-store purchase.

Principles of Information Security, 2nd Edition
18
 Static Data Authentication (SDA)
 Example: A customer uses a payment card with an embedded chip
for an in-store purchase.
 Process:
1. The customer inserts the card into the chip reader at the point of sale
(POS) terminal.
2. The chip on the card provides the static data, including the
cardholder's name, card number, expiration date, and a static digital
signature.
3. The POS terminal reads the static data and uses the card's public key
(previously stored) to verify the static digital signature.
4. If the signature is valid, the transaction is approved.

Principles of Information Security, 2nd Edition
19
 Dynamic Data Authentication (DDA)
 DDA involves the authentication of dynamic data generated for
each transaction.
 The card's chip generates a unique digital signature for each
transaction, incorporating dynamic elements such as a unique
transaction counter and cryptograms.
 The dynamic data makes it significantly more secure compared to
static data, as the information changes for every transaction.
 Transaction Process:
 During a transaction, the chip generates a dynamic signature based on the
unique transaction data and the card's private key.
 The terminal verifies the dynamic signature using the card's public key,
ensuring the authenticity and integrity of the transaction data.
 Example: A customer uses a payment card with an embedded chip
for an online purchase.

Principles of Information Security, 2nd Edition
20
 Dynamic Data Authentication (DDA)
 Example: A customer uses a payment card with an embedded chip
for an online purchase.
 Process:
 The customer initiates an online purchase, and the card's chip
generates dynamic data for the transaction.
 The dynamic data includes elements such as a unique transaction
counter and cryptograms, and it is used to create a unique digital
signature.
 The chip sends the dynamic signature to the online payment gateway
along with other transaction details.
 The online payment gateway verifies the dynamic signature using the
card's public key, ensuring the authenticity and integrity of the
transaction data.
 If the signature is valid, the online transaction is approved.

Principles of Information Security, 2nd Edition
21
 Radio-Frequency Identification(RFID)
 RFID, or Radio-Frequency Identification, is a technology that uses wireless
communication to identify, track, and manage objects, people, or animals.
 RFID systems consist of tags (or transponders), readers (or interrogators),
and a backend system for data processing.
 Many modern credit and debit cards use RFID technology for contactless
payments.
 Customers can make transactions by simply tapping or waving their cards
near a contactless-enabled terminal.

Principles of Information Security, 2nd Edition
22
 References
 A Guide to Building Dependable Distributed Systems, 3rd Edition Ross
Anderson
 https://chat.openai.com/
 https://intellipaat.com/

Principles of Information Security, 2nd Edition
23