Preface: This article is a technical analysis article on the security of the general online banking system. It does not have an evaluation function for the security of specific banks in China at present, and is not responsible for any third-party evaluation data. Below is the text.
Online banking is the standard configuration of most banks in China. Most of China's online banking is an extension of the existing bank's dedicated network and a supplement to the traditional business method of the bank. The bank adds some software and hardware equipment, so that users can connect to the bank through home computers. System, to carry out various ordinary banking business, to make up for the lack of business outlets and short business hours in traditional banking business.
China's online banking started relatively early in Shenzhen China Merchants Bank, they developed the first end-user-oriented online banking system. China Merchants Bank's online banking has a public version and a professional version. With the large-scale popularization of the Internet, various banks in China have gradually opened their own online banking systems. Some banks' systems are only limited to account information inquiry, some include functions such as transfer and payment, and some have already involved loans, investments, etc. Content. With the popularity of online banking, the security of online banking has become the most crucial part of the entire system.
Since the beginning of this year, a large number of reports about online banking defrauding the DAO have been published in the newspapers. Criminals steal users' card numbers and passwords, use a large amount of DAOQI funds and use fraudulent consumption. Therefore, although online banking has many benefits for banks and users, these situations make banks face huge risks in promoting online banking and improve the security of online banking. Sex is also urgent.
According to general reports and analysis, criminals steal user information mainly through Trojan programs. For example, after the hackers first inject the Trojan program into the user's computer system, the monitoring system residing in the Zhongzhao computer system can intercept and monitor the system and users. The online banking password window that opens when surfing the Internet. That is to say, when the user enters the card number or password in the online banking program, the computer will automatically send the code of the relevant information to the hacker, and they will read and decipher accordingly, and the money will be hacked away.
The main problem of the current online banking system is that the security of users relies too much on the quality of the users themselves. For users with poor security concepts, their passwords can easily be stolen. Therefore, the design of this "trust user" security model is very unreasonable. of. The user's computer may be installed with a Trojan horse program, and the user's every move may be monitored and stolen. The secure online banking system should be designed as follows: Suppose the administrator of the online banking is a hacker, and install a Trojan horse on the end user's computer and can monitor everything of the user. With keyboard and mouse operation, the administrator of the online banking can also manage and operate the system, but the administrator of the online banking still cannot steal the end user's funds through the online banking system. If this can be done, then the online banking system is relatively safe.
Tomorrow, I will continue to introduce how the security of such an online banking system is realized, from which aspects the security of the system can be guaranteed, and what kind of loopholes such a system exists.