We now consider security issues in the context of online banking. Although the liability régime adopted for online banking seems to be based on that for telephone banking, and in most cases the same terms and conditions govern both, the security implications are not the same. The discussion above has drawn attention to the use of a shared secret (usually several shared secrets) for use by the bank to authenticate instructions purporting to come from the customer. It might reasonably be thought that authentication essentially depends on using either biometrics (like handwriting, voice recognition, fingerprints, retinal scans, etc) or shared secrets. This was indeed true until the publication in 1976 of New Directions in Cryptography by Martin Hellman & Whitfield Diffie (Diffie1976). That paper, which laid the foundations of public key cryptography, showed that it was possible to establish a procedure by which (transposing it into the context of this paper) customers can control unique, secret ‘signature’ keys for which they can provide related non-secret information that can be used by a bank to verify that instructions issued by them have been signed using these keys. (We refer to this verification information below as a ‘verification key’.) Provided that this scheme is soundly implemented, and that owners keep their signature keys secret and under their own control, transactions signed with them can be attributed to their owners with a high degree of confidence. In such schemes there is no shared secret since the bank does not know the value of the signature key and cannot discover it from the information it is given.
Implementations of public key cryptography depend on calculations with very large numbers, and are in practice dependant on the use of quite powerful computers. But they have been comfortably within the capabilities of ordinary desktop computers for some years, and are both readily available and in widespread use. Versions are available with user interfaces no more difficult to use than most general purpose home or office software.
It might be thought that with the customer in sole control of a signature key, the problems of liability could acceptably be solved by requiring the customer to accept responsibility without limit for all use of the signature key (at least until the bank is notified of a compromise). But that conclusion would involve considerable dangers, which we explain below after reviewing some other security issues in telephone and online banking.
The security of telephone banking faces the threat of interception of the telephone call and of the security information conveyed during it. The use of techniques described above in which only a part of the security information is used in any session will reduce the risk that any small number of intercepts can provide the interceptor with the means to impersonate the customer in future transactions, although the transaction information from the sessions will be obtained.
The telephone network requires some skill for outsiders to intercept, and the criminal character of unauthorised interception makes the task risky, especially given the limited value of intercepts. (Authorised intercepts can be disregarded as a threat to the transaction information, since the authorities can obtain the information more satisfactorily from the bank. The risk of authorised interception being abused to facilitate customer impersonation by the authorities is beyond useful discussion: those who believe it could happen cannot be reassured by discussion, and those who believe it could not happen do not require reassurance.)
In some cases there may be a real risk of interception between the telephone handset and the public network, either through the use of telephone extensions in homes or very small offices, or through office switchboards (especially where telephone monitoring is practised). There is also the risk of simple eavesdropping, or the planting of surveillance devices for the same purpose. Warnings given by the banks about maintaining the secrecy of security information do not draw attention to these risks. If the banks carry a substantial part of the risk of fraud, this is largely a matter for them; but if they do not, the omission raises a further question about the appropriateness of the liability régime.
PC banking, in which a direct connection is established over the telephone network between the customer’s PC and the bank’s system, faces a different mix of risks from telephone banking by voice. Intercepting the content of traffic between modems is much more difficult than with voice calls; and if the bank and the customer have established their systems correctly, the content of the session passing between the PC and the bank’s system can be made highly secure from interception. This depends on the origin and quality of the software being used by both the bank and the customer. This software must be able to protect data exchanged during an on-line banking session by negotiating session keys that are:
unique to the session;
discarded once the session is complete;
used with widely respected algorithms; and
of sufficient length to prevent decryption without access to keys.
Software for this purpose will generally employ one of several available secure network protocols such as the Secure Sockets Layer using algorithms such as RC4 or Triple DES and key lengths typically in excess of 100 bits. (But making the session confidential does not deal with the authentication problem, which must be solved by either shared secrets, one way functions or the use of public key cryptography.)
If a customer gains access to a bank account through a local network, such as one operated by their employer, additional interception risks may be involved. Many companies will operate a ‘firewall’ to protect their internal computer systems from external attacks. These will often prevent security protocols from operating ‘end to end’ between the bank’s system and the PC on the customer’s desk. This may prevent the customer from gaining on-line access to the bank account or may require that access is gained indirectly using other computer facilities. In that case the additional computer and network connections involved may introduce further interception risks. The result could be access by other employees to information passing between the customer and the bank, such as passwords and other security information. This risk could be reduced by systems adopting a ‘challenge/response’ approach, rather like that used in telephone banking, where any session passes only a fragment of the security information.