Proceedings of the 7th Australian Information Security Management Conference
Figure 5 - Clear private data setting screen
Figure 6 - An example of a token security used in online banking authentication (Commonwealth Bank of Australia, n.d.)
Before performing any transactions, customers must thoroughly check the destination receiver of the account number, the name of the receiver, the amount of money and the date/time of sending.
Customers must change their password every 3 to 6 months. Customers must not answer any email that asks for credential information or click the link provided.
Customers should report any abnormal transaction activity to their bank, the police or other responsible crime investigators.
If customers lose confidence in more conventional security providers, they should consider requesting a digital token security from their bank (see Figure 6 for an example of a token security).
Customer awareness The best security to protect customers from the effects of browser Trojans is awareness. Banks or financial organisations, private security companies, governments, workplaces or academies can provide training, security protection knowledge, advertising campaigns, or basic knowledge of how to be safe while online.
Customers should not permit any add-on components to be installed while they are surfing the Internet.
Customers must check their practices (US-CERT, 2008).
They should also periodically consult with their bank on whether even better security technology has become available.
CONCLUSION Man-in-the-middle browser add-on is formed as the Trojan browser extensions; poses a serious and growing threat to clients of online banking. Trojans operate by tricking customers into believing that they are an additional software component that can be used to facilitate the experience, particularly when customers use the browser to perform online transactions. Because the attacks work in real time, some standard computer security software cannot detect the Trojans. Internet security and transaction authentication protections are provided by private security companies and financial institutes to shield their customers from being attacked. Nevertheless, customers should also guard their computers by activating anti-Trojan and firewall protections to protect and detect all suspicious activities in their computer, and manually checking the browser configuration to ensure that the browser is set in a secure mode. Lastly, customer awareness is the most important thing that the customers should concern when accessing the Internet and they should follow the security guideline provided by banks or security forums on how to be safe when using online banking.
117| P a g e