Friday, May 22 • 09:50 - 10:35
E-Banking Transaction Authorization - Common Vulnerabilities, Security Verification And Best Practices For Implementation

Sign up or log in to save this to your schedule and see who's attending!

E-banking transaction authorization – possible vulnerabilities, security verification and best practices for implementation
Most of  the modern internet or mobile banking applications use some sort of second factor, such as TAN lists, SMS codes, time-based OTP tokens, etc. to let user verify  banking operations and to protect against MitM or malware attacks. During security tests in pre-production, it often turns out that tested banking systems have serious security flaws regarding implementation of transaction authorizations mechanisms,  that (if not detected and corrected) could allow attacker to bypass or weaken those safeguards. During this presentation I would like to throw light on transaction authorization mechanisms security. The agenda will include:
• Examples of possible vulnerabilities, which could allow to bypass those security mechanisms.
• Resistance of selected transaction authorization mechanisms to common banking malware attacks.
• Suggested best practices regarding implementation of transaction authorization.

avatar for Wojtek Dworakowski

Wojtek Dworakowski

IT security consultant with over 15 years of experience in the field. Managing Partner at SecuRing, a company dealing with application security testing and advisory on IT security. Has led multiple security assessments and penetration tests especially for financial services, payment... Read More →

Friday May 22, 2015 09:50 - 10:35
Room Forum Amsterdam RAI

Attendees (0)