Security in information systems :the identification of risks in selected electronic banking applications : a thesis presented in partial fulfilment of the requirements for the degree of Master of Business Studies in Information Systems at Massey University

Abstract

This thesis considers the security threats associated with the introduction of electronic banking. In electronic banking services the paper based instructions for the movement of money are replaced by the electronic transmission of data. Since electronic banking relies heavily on advanced information technology (the use of computers and communications), security is a matter of grave concern. This thesis identifies the principle risks to security in five electronic applications : Automated Teller Machines (ATMs), Electronic Funds Transfer, Point-of-Sale (EFTPOS), credit cards, home banking and wire transfers. Both the information technology used and the applications are described. The major threats to each element of the computer system, hardware, software, data, communications and the environment are identified and related to the appropriate service. Five major risk categories are described: disaster, accident, error, computer abuse and sabotage. These headings are used as the starting point for the analysis of risks to each component of the system.