Security and privacy have become the essence in the banking sector. With every type of transaction available for customers online, security and privacy are important requirements along with the right type of encryption methods for data to be exchanged over the internet. One of the main risks of using online banking is the ability of unwanted third parties to obtain access to the confidential financial information and accessing customer’s funds. By using efficient cryptography levels, banks conducting business over the internet can ensure that it is impossible to hack into private accounts of their customers and, that all commercial and private transactions are processed securely.
Cryptography involves the study and practice of hiding information through the use of keys, associated with web-based applications, such as ecommerce and online banking. Encryption is the process in cryptography that converts ordinary information called plaintext into ‘unintelligible gibberish’ called cipher text. Decryption is the reverse, moving from unintelligible cipher text back to plain text. A cipher is a pair of algorithms that create the encryption and the reverse decryption, and is controlled both by the algorithm and in each instance by a ‘key’. This key is known only by the communicants and is the secret guide for the encryption and decryption of the message being sent and delivered. ‘A cryptosystem is the ordered list of elements of finite possible plaintexts, finite possible cypher texts, finite possible keys, and the encryption and decryption algorithms which correspond to each key’ (1).
There are many encryption systems that are in use today to provide users with the satisfaction that they are conducting secure financial transactions. One of such encryption systems is the Triple Data Encryption System or 3DES which was established primarily to maintain the protection and confidentiality of data, when it is exchanged over the internet. This system works by extending the size of the DES keys and applying the DES encryption system three times in succession but with three different keys making it highly effective, but highly time consuming and CPU-intensive (2). Unless the user has the valid access to the details of the software it is impossible to crack through the encrypted data. This makes 3DES a virtually unbreakable encryption method also due to its hardware specificity. Being CPU-intensive, due to the large processing time that is required and hardware rigidity, makes 3DES not the method of choice at large. To forgo the disadvantages of the 3DES, Advanced Encryption Standard (AES) was selected by the U.S. government to replace it in 2001, since AES can perform at high speeds in spite of low RAM availability (2). This means that AES has the ability to operate on a wide variety of hardware ranging from low bit smartcards to high performing personal computers. AES also offers three distinct key strengths: 128, 192 256-bit key, while operating on the smallest of computing devices. But there are disadvantages. In comparison to 3DES, it is easier to break through encrypted data in AES due to its ability to be used in virtually any software and hardware.
Super Secure Bank
At the present time we are facing a law suit filed by Alice, a high net worth customer, who is claiming that Bob, the bank manager, has forged a message allowing him to transfer $1,000,000 from her account to his as a token of appreciation. She has filed suit against us, Super Secure Bank, Bob, the bank manager, and the government of Cayman Islands, where Bob currently resides. Bob has responded by claiming that all procedures were followed properly and that Alice is filing a nuisance suit. When reached via long distance in the Cayman Islands, Bob produced a message from Alice, properly encrypted with the agreed upon 3DES keys, used for all communication between SSB and Alice.
From the information available at hand it is clear that the bank manager, Bob, has followed the instructions of the customer, Alice. Accepting gratuity and token of rewards is not an unethical practice. The message produced by Bob to support the transfer of funds is encrypted with the right 3DES encryption key used by our institution in all communications with the customer. SSB uses the highly effective 3DES encryption methods to secure all of its communication with customers, therefore claims of forgery by Bob are highly doubted. The software system uses financial cryptography to hide confidential information from unwanted third parties, intending the message to be viewed only by participants permitted to do so. It is not only a difficult method to crack, but is also extremely time consuming. In the use of 3DES encryption methods the original message is encrypted in three stages, by three variable keys, and is hardware-specific, making it impossible for break-ins and inclusion/exclusion of unwanted information as compared to the AES system, which is extremely versatile.