An Inter-banking Auditing Security Solution for Detecting Unauthorised Financial Transactions entered by Authorised Insiders
Insider abuse has recently been reported as one of
the more frequently occurring security incidents, suggesting that
more security is required for detecting and preventing unauthorised
financial transactions entered by authorised users. To address the
problem, and based on the observation that all authorised interbanking
financial transactions trigger or are triggered by other
transactions in a workflow, we have developed a security solution
based on a redefined understanding of an audit workflow. One audit
workflow where there is a log file containing the complete workflow
activity of financial transactions directly related to one financial
transaction (an electronic deal recorded at an e-trading system). The
new security solution contemplates any two parties interacting on
the basis of financial transactions recorded by their users in related
but distinct automated financial systems. In the new definition interorganizational
and intra-organization interactions can be described
in one unique audit trail. This concept expands the current ideas of
audit trails by adapting them to actual e-trading workflow activity, i.e.
intra-organizational and inter-organizational activity. With the above,
a security auditing service is designed to detect integrity drifts with
and between organizations in order to detect unauthorised financial
transactions entered by authorised users.
[1] Bank for International Settlements: Risk Management Priciples for
electronic Banking found at www.bs.org/publ/bcbs98.htm on January
2006
[2] Corzo, C.,Zhang, N.: Towards a real-time solution to the security threats
posed by authorised insiders, Proceedings of the ECIW 2004: The
3rd European conference on information warfare and security, Royal
Holloway, University of London, UK, (2004) 51-60
[3] David, L., Graeme B.: Managing Technology in the Operations Function,
Securities Institute, ISBN 0 7506 5485 6, 2002
[4] Group of Ten, Report on Consolidation in the Financial Sector, Bank
of International Settlements, International Monetary Fund Organization
for Economic Co-operation and Development, www.bis.org, 2001
[5] David Folkerts-Landau, Peter Garber, and Dirk Schoenmaker, The
Reform of Wholesale Payment Systems, The World Bank, Finance and
Development, pages 25-28, June 1997
[6] CPSS Group, Statistics on payment and settlement systems in selected
countries, Committee on Payment and Settlement Systems-Bank of
International Settlements, pages 1-331, ISBN 92-9131-679-2, 2008
[7] The London Stock Exchange, www.londonstockexchange.com/NR/exeres
/D28B12F2-E15C-4FC8-93AE-CB4E31DC898E.htm, Electronic Order
Book Trading Grows 33 Per Cent During March, cited April 2009, 7th
April 2008
[8] Ranee Jayamaha, Impact of IT in the Banking Sector, BIS Review 13,
2008
[9] Robert Richardson, CSI Director, CSI Computer Crime & Security
Survey, http:gocsi.com, 2008
[10] Robert Richardson , CSI Director, CSI Computer Crime & Security
Survey, http:gocsi.com, 2009
[11] Helen Allen and John Hawkins and Setsuya Sato, Electronic trading
and its implications for financial systems, BIS papers No 7, pages 30-
52, 2008
[12] Ben Bernanke, Regulation and financial innovation, BIS Review 49,
pages 1-5, 2007
[13] Timothy Geithner, Challenges facing the global payment systems, BIS
Review 59, pages 1-5, 2004
[14] Committee on Payment and Settlement Systems (CPSS) - Bank for International
Settlements, Real-time gross settlement systems, Publication
No 22, www.bis.org, March 1997
[15] Board of Governors of the Federal Reserve System, FEDWIRE
FUNDS TRANSFER SYSTEM - Assessment of Compliance with
the Core Principles for Systemically Important Payment Systems,
www.federalreserve.gov/paymentsystems/files/fedfunds _coreprinciples.
pdf, March 2009
[16] Paras Verma, FCHIPS:Clearing House Inter-Bank Payment Systems,
http://knol.google.com/k/paras-verma/chips /3mh4aumwkgjuc/3,
accessed on October 2009, July 2008
[17] Dan Zhu, Security Control in Inter-bank Fund Transfer, Journal of
Electronic Commerce Research, V3, pages 15-22, 2002
[18] FIN Copying Services, www.swift.comsolutions...SWIFT_MS_ FIN_
copying_services_200808.pdf, FIN Copying Services, cited April 2009,
2008
[19] Torsten Schaper, Integrating the European Securities Settlement, IFIP
International Federation for information processing 2009, 385-399, 2009
[20] Committee on Payment and Settlement Systems (CPSS) - Bank for
International Settlements, www.bis.org, Payment and settlement systems
in selected countries - CPSS Red Book, cited April 2009, April 2003
[21] Committee on Payment and Settlement Systems (CPSS) - Bank for
International Settlements, www.bis.org/publ/cpss84.htm, The interdependencies
of payment and settlement systems - CPSS - Publications
No 84, cited October 2009, June 2008
[22] Francis Braeckevelt, Clearing, settlement and depository issues, Bank of
International Settlements , BIS paper No 30, pages 284-332, November
2006
[23] Committee on Payment and Settlement Systems (CPSS) - Bank for
International Settlements, Risk Management Principles for Electronic
Banking, www.bis.org, accessed on October 2009, 2003
[24] Francis Braeckevelt, Clearing, settlement and depository issues, Bank of
International Settlements, BIS paper No 30, pages 284-332 , November
2006
[25] Linda Goldberg and John Kambhu and James Mahoney and Asani
Sarkar, Securities Trading and Settlement in Europe: Issues and Outlook
, Current Issues in Economic and Finance-Federal Reserve Bank of New
York, V8, 4, pages 1-2 , 2002
[1] Bank for International Settlements: Risk Management Priciples for
electronic Banking found at www.bs.org/publ/bcbs98.htm on January
2006
[2] Corzo, C.,Zhang, N.: Towards a real-time solution to the security threats
posed by authorised insiders, Proceedings of the ECIW 2004: The
3rd European conference on information warfare and security, Royal
Holloway, University of London, UK, (2004) 51-60
[3] David, L., Graeme B.: Managing Technology in the Operations Function,
Securities Institute, ISBN 0 7506 5485 6, 2002
[4] Group of Ten, Report on Consolidation in the Financial Sector, Bank
of International Settlements, International Monetary Fund Organization
for Economic Co-operation and Development, www.bis.org, 2001
[5] David Folkerts-Landau, Peter Garber, and Dirk Schoenmaker, The
Reform of Wholesale Payment Systems, The World Bank, Finance and
Development, pages 25-28, June 1997
[6] CPSS Group, Statistics on payment and settlement systems in selected
countries, Committee on Payment and Settlement Systems-Bank of
International Settlements, pages 1-331, ISBN 92-9131-679-2, 2008
[7] The London Stock Exchange, www.londonstockexchange.com/NR/exeres
/D28B12F2-E15C-4FC8-93AE-CB4E31DC898E.htm, Electronic Order
Book Trading Grows 33 Per Cent During March, cited April 2009, 7th
April 2008
[8] Ranee Jayamaha, Impact of IT in the Banking Sector, BIS Review 13,
2008
[9] Robert Richardson, CSI Director, CSI Computer Crime & Security
Survey, http:gocsi.com, 2008
[10] Robert Richardson , CSI Director, CSI Computer Crime & Security
Survey, http:gocsi.com, 2009
[11] Helen Allen and John Hawkins and Setsuya Sato, Electronic trading
and its implications for financial systems, BIS papers No 7, pages 30-
52, 2008
[12] Ben Bernanke, Regulation and financial innovation, BIS Review 49,
pages 1-5, 2007
[13] Timothy Geithner, Challenges facing the global payment systems, BIS
Review 59, pages 1-5, 2004
[14] Committee on Payment and Settlement Systems (CPSS) - Bank for International
Settlements, Real-time gross settlement systems, Publication
No 22, www.bis.org, March 1997
[15] Board of Governors of the Federal Reserve System, FEDWIRE
FUNDS TRANSFER SYSTEM - Assessment of Compliance with
the Core Principles for Systemically Important Payment Systems,
www.federalreserve.gov/paymentsystems/files/fedfunds _coreprinciples.
pdf, March 2009
[16] Paras Verma, FCHIPS:Clearing House Inter-Bank Payment Systems,
http://knol.google.com/k/paras-verma/chips /3mh4aumwkgjuc/3,
accessed on October 2009, July 2008
[17] Dan Zhu, Security Control in Inter-bank Fund Transfer, Journal of
Electronic Commerce Research, V3, pages 15-22, 2002
[18] FIN Copying Services, www.swift.comsolutions...SWIFT_MS_ FIN_
copying_services_200808.pdf, FIN Copying Services, cited April 2009,
2008
[19] Torsten Schaper, Integrating the European Securities Settlement, IFIP
International Federation for information processing 2009, 385-399, 2009
[20] Committee on Payment and Settlement Systems (CPSS) - Bank for
International Settlements, www.bis.org, Payment and settlement systems
in selected countries - CPSS Red Book, cited April 2009, April 2003
[21] Committee on Payment and Settlement Systems (CPSS) - Bank for
International Settlements, www.bis.org/publ/cpss84.htm, The interdependencies
of payment and settlement systems - CPSS - Publications
No 84, cited October 2009, June 2008
[22] Francis Braeckevelt, Clearing, settlement and depository issues, Bank of
International Settlements , BIS paper No 30, pages 284-332, November
2006
[23] Committee on Payment and Settlement Systems (CPSS) - Bank for
International Settlements, Risk Management Principles for Electronic
Banking, www.bis.org, accessed on October 2009, 2003
[24] Francis Braeckevelt, Clearing, settlement and depository issues, Bank of
International Settlements, BIS paper No 30, pages 284-332 , November
2006
[25] Linda Goldberg and John Kambhu and James Mahoney and Asani
Sarkar, Securities Trading and Settlement in Europe: Issues and Outlook
, Current Issues in Economic and Finance-Federal Reserve Bank of New
York, V8, 4, pages 1-2 , 2002
@article{"International Journal of Information, Control and Computer Sciences:59401", author = "C. A. Corzo and N. Zhang and F. Corzo", title = "An Inter-banking Auditing Security Solution for Detecting Unauthorised Financial Transactions entered by Authorised Insiders", abstract = "Insider abuse has recently been reported as one of
the more frequently occurring security incidents, suggesting that
more security is required for detecting and preventing unauthorised
financial transactions entered by authorised users. To address the
problem, and based on the observation that all authorised interbanking
financial transactions trigger or are triggered by other
transactions in a workflow, we have developed a security solution
based on a redefined understanding of an audit workflow. One audit
workflow where there is a log file containing the complete workflow
activity of financial transactions directly related to one financial
transaction (an electronic deal recorded at an e-trading system). The
new security solution contemplates any two parties interacting on
the basis of financial transactions recorded by their users in related
but distinct automated financial systems. In the new definition interorganizational
and intra-organization interactions can be described
in one unique audit trail. This concept expands the current ideas of
audit trails by adapting them to actual e-trading workflow activity, i.e.
intra-organizational and inter-organizational activity. With the above,
a security auditing service is designed to detect integrity drifts with
and between organizations in order to detect unauthorised financial
transactions entered by authorised users.", keywords = "Intrusion Detection and Prevention, Authentica-transtionand Identification.", volume = "5", number = "11", pages = "1368-9", }