Cyber Security Threats on Digital Banking

Haitham M. Alzoubi, Taher M. Ghazal, Mohammad Kamrul Hasan

Skyline University College, Faculty of Information Science and Center for Cyber Security, Faculty of
Sharjah, UAE, Technology, Universiti Kebangsaan Information Science & Technology,
haitham_zubi@yahoo.com Malaysia, 43600 Bangi, Selangor, Universiti Kebangsaan Malaysia
School of Information Technology, (UKM), Selangor, Malaysia
Asma Alketbi Skyline University College, University mkhasan@ukm.edu.my
School of Information Technology, City Sharjah, Sharjah, UAE. https://orcid.org/
Skyline University College, University taher.ghazal@skylineuniversity.ac.ae 0000-0001-5511-0205
City Sharjah,
Sharjah, UAE. Nidal A. Al-Dmour, Shayla Islam
15512@skylineuniversity.ac.ae Department of Computer Engineering, Institute of Computer Science and
College of Engineering Digital Innovation,
Rukshanda Kamran Mutah University, , UCSI University Malaysia,
Faculty of Compter science and Al-Karak, Jordan, shayla@ucsiuniversity.edu.my
Information Technology Universiti nidal75@yahoo.com https://orcid.org/0000-0002-0490-7799
Malaysia Sarawak

Abstract - Digital banking is the new form of banking that involves catch the people who are responsible for such activities. The
using the internet and mobile applications and excludes the use of main approach that this research will take to conduct this
pen and paper. One of the main issues that are associated with the research will consist of using secondary research methods.
form of banking is the presence of several forms of security risks. The research will use both articles and journals, and other
These risks are caused due to criminal activities of hackers and
secondary sources to conduct this work. The approach is
fraudsters who aim to steal people's money. Therefore, an efficient
security system that involves multiple verifications, authentication theoretical.
processes, and data encryption are needed to combat such a threat. This approach is taken in this paper since this paper
There has been much other work about this topic by other authors. analyzes the previous research works done by other authors
By analyzing the finding from all of these sources, the STUDY has regarding the topic. The paper also tries to find the connection
found that cyber security threats are a major problem in digital between the facts given by the previous works and the recent
banking. Most people are not even aware or concerned about this findings that the paper has found out about the validity of the
matter. The research has used a theoretical analysis method information [4].
involving secondary information sources. The research has also The paper will define the problems associated with
been able to bring out some hypotheses about this topic which it
security in digital banking processes and find solutions for the
has also been able to support by using the statements and
graphical charts given by other authors in their previous works problems. The paper will also present the research method
about this topic. The research topic is interesting and can be used used here and its conclusion upon the research findings. It
to do further research in the future. will also try to know about the potential for future research
based on this topic.
Keywords: Cyber Security, Threats, Digital Banking.
II. SECURITY IN DIGITAL BANKING
I. INTRODUCTION This paper looks at the problem of security that usually occurs
One of the latest innovations in finance and technology is when it comes to digital banking. Banking by using digital
digital banking. Digital banking refers to the banking platforms is not safe despite the preventive measures taken
operations done with the help of digital platforms. However, by such platforms to ensure security. There are mainly five
certain problems are associated with such a form of banking types of security issues that can have disastrous outcomes for
. The paper focuses mainly on the problem regarding internet banking services. These problems and their impact
financial security, which is a matter of concern when it comes upon internet banking are further described by the points
to digital banking processes. Bouveret [1] stated that this given below as follows:-
problem is indeed a major form of risk since there have been Unencrypted data- One of the biggest problems that most
several cases of criminals stealing money from people by customers of internet banking services have to face is that
using digital platforms. Such individuals mainly do this by their data in such platforms is not encrypted. This problem
hacking into software or sending malware or fraudulent links happens because most people, in general, do not have any
to people, which leads to them being able to steal people's idea s to how they should encrypt their data which leads to
money successfully [2]. their data being left unprotected. This leads to hackers finding
This problem is very important for the research since it it easy to steal and even use people's data to steal money from
tries to know about the different ways by which criminals their accounts [5].
conduct such activities. Tariq [3] also stated that such a Malware- Most hackers try to hack into the accounts of
problem is spreading quickly which again makes the paper people by sending malware into their smartphones or
very important. The paper, in this way, tries to know about computers through the internet Wewege, et al., [6] stated cell
the solutions that can help people solve such problems and phones and computers already compromised by malware
pose a huge threat to bank cyber security systems. There have OTP tokens- One-time password tokens will be issued by
been many instances where the presence of such systems in banks or digital applications for helping people to gain access
the hands of the customers or even in possession of a bank to online services. However, since this system is not very
had resulted in the systems of the banks getting attacked. The safe, as Bose, et al., [4] stated, the OTPs will not remain valid
outcome of using such software is that hackers can easily for a long time.
steal large amounts of money from bank accounts without Browser protection- Such systems will provide secure
getting caught. browser protection by using protection systems like a cloud
Unreliable third party services- Many banks and financial which will protect all information. The system will also
institutions often employ third-party vendors to provide encrypt all data to make the browning more secure.
better online services to their customers. However, if such Device identification- The device that a person is using will
people do not have good cyber security systems, it could be also be authenticated along with their documents to prevent
easy for hackers to steal money from other people through fraudsters from taking advantage of their information. This
third party systems. Bouveret [1] stated that the main result will help registered users access services and their
of this is that the banks' reputation will get destroyed in the transactional records.
process. Transactional monitoring- Bose, et al., [4] stated that this
Manipulated data- Sometimes, hackers steal money from security system is currently being applied in banks. This will
other accounts by changing certain information associated also be a feature for multi authentication systems to prevent
with cyber security systems or digital platforms. This helps any illegal activity.
them to trick people into giving money to them. Bouveret [1] Figure 1 shows the screenshot of a multi authentication
stated that this ultimately leads to banks suffering from huge system.
financial losses.
Spoofing- One of the new ways hackers are nowadays being
able to steal money from accounts through digital platforms
is by impersonating the owner of an account. Hackers mainly
do this after stealing a person's login information to access a
digital banking platform [7]. This might not hurt a bank's
business, but it will lead to a person suffering from huge
financial losses due to such cyber attacks.
The previous points have given information about the
problem of security in internet banking and the different ways
by which this problem appears to people, which make this
problem an interesting topic. This is because such
information shows the readers the different weaknesses
present in digital platforms and how one can take advantage
of such weaknesses. This shows a different side of digital
banking and cyber security, which is usually unknown to
most people [8]. This problem is also important since this is Fig.1. Screenshot of multi authentication system [2]
associated with the financial security of common people
whose hard-earned money needs to be saved by banks at any The data will also be encrypted not to let any hacker use it
cost. By knowing about the different ways by which cyber even if they manage to steal it. The use of such a system
criminals usually take advantage of digital banking makes it more secure for users to access digital banking
platforms, most of the people associated with such platforms services. Li et al., [11] stated that these systems would also
can work towards helping such applications upgrade use cloud storage systems to protect the data so that hackers
themselves and get rid of their weaknesses to prevent cannot even steal from such platforms, thereby enabling
criminals from using them illegally. Banks can also benefit effectiveness and safety. Great examples of such a system
by knowing about such information, showing the topic's mainly include ATMs or using passwords and codes for
importance. authentication while using smartphone applications for
banking services.
III. PROPOSED SOLUTION
IV. RELATED WORK
The main solution for solving the problems related to cyber
security in digital banking has to be the system of multi-issue There have been many previous works about the issue of
authentication. ALHOSANI & TARIQ [9] mentioned this cyber security in digital banking systems. Giri & Shakya [5]
system will comprise several authentication systems that will did one of the works about challenges related to data security
mostly include usernames, passwords, photographs of a while using cloud computing in digital banking. The
person, fingerprints, and government documents. These specifically focuses on such issues and their happening in
things will be scanned and authenticated to know about a Nepal, although it does not focus on any particular case study.
person's identity. The system will include the following steps The authors have used secondary methods of research and
as its working algorithm:- data collection. This is very similar to this paper's method to
Issuing digital certificates- Banks will first issue digital research since this paper also uses secondary sources for
certificates based upon the data given by customers for collecting information. However, this paper does not try to
authentication. Third-party authentication systems will verify create its hypotheses, unlike this paper and only discusses the
these certificates [10]. information. Hua et al., [8] have been about the individual
resilience of people towards cyber security threats in digital Despite the rise in cybercrimes where criminals are targeting
banking. The article, unlike this paper, has used mixed digital payment platforms, most people are rather
methods of research and mathematical analysis, although this unconcerned about the security measures they need to take to
paper presents its findings in a much easier form compared to protect themselves and their money from such threats [13].
the article. This is mainly happening since most people do not have a
Another paper about customer satisfaction ensured by banks clear idea about cyber security or know about the different
by providing cyber security measures by Li et al. [11] also ways by which they can protect their data. Hua, et al., [8] also
concentrates upon this topic. An article by Tariq [3] about the stated that very little is known about instances where people
cyber security threats also uses secondary methods an themselves were willing to take measures to protect their
mathematical analysis although unlike the article this paper accounts from such threats.
has also given hypotheses and supported them with proofs. The dependent variable, in this case, is digital banking itself,
This research paper also uses secondary methods to create its while the independent variables are the different kinds of
hypotheses. However, this paper does not use the threats that are present against the cyber security of banking
mathematical analysis method. services. The methodology used here is better than the ones
used in the previous research works [14-18]. The earlier
V. RESEARCH METHODOLOGY works have either not given any hypotheses or solid proof
The paper has used secondary research methods to formulate about the findings or have used mathematical analysis, which
its hypotheses about the research problem after analyzing the many readers might find hard to understand.
facts given by the secondary sources. The hypotheses found The paper has shown that cyber security is indeed a major
out for this paper are presented and elaborated as follows: - issue when it comes to digital banking. It has revealed that
many major cyber-threats can cause digital banking processes
H0: The major issue in digital banking is the security of to be hampered, resulting in people and financial institutions
personal information and transactions. suffering from huge losses [16]. By looking at these facts, a
person can understand that the lingering presence of such a
The occurrence of cybercrimes has proven itself to be a huge threat can also tarnish the reputation of banks and online
threat to the use of digital banking platforms. This is because mobile applications that offer banking or financial transaction
there have been many cases from different parts of the world services [17]. The paper has shown that one can fight against
where criminals somehow managed to gain illegal access to such threats if digital banking applications and banks
a person’s digital wallet or somehow wa able to trick a person themselves use more efficient authentication processes. The
into giving them their money by using such platforms. The further results interpreted that most people, in general, are not
following graph proves the occurrence of cyber-attacks in much concerned or have any major understanding about
digital banking platforms. cyber security, which only enhances the problem.
These results are expected to help the research on this topic
be more efficient and useful in the future[18-19, 26-30]. If
there had been more time to conduct the paper, primary
methods would have been used [20-25]. The lack of usage of
primary methods does not provide more accurate facts, which
represents a major flaw in the paper. Thus, it is concluded that
the only way to solve this problem is to be more dependent
on primary research methods. It is also concluded that such
methods will help the research be more efficient and
extensive. The methods of experimental and statistical
analysis can be used in future on this topic if both primary
Fig.2. Occurrence of cybercrimes in certain sectors [5]. and secondary methods are used in the future.

The graph above shows that cyber-attacks on the digital

platforms provided by banks have been on the rise and are VI. DISCUSSION AND CONCLUSION
happening the most compared to similar attacks on other
sectors. Goh et al., [7] stated that such attacks usually have As shown by the previous section, all the hypotheses of this
disastrous impacts on financial institutions and result in paper are supported by the information given by the research
people suffering from major losses. Tariq [3] further stated works of previous authors. Judging by the result of the
that there have also been instances in nations such as the research, the main strength of the method used here lies in the
United States of America where criminals could loot a lot of fact that the paper has been able to use graphical data and
money and destroy financial records by hacking into digital statements as solid proofs for the hypotheses. However, a
banking platforms. All this had happened despite the United major drawback of the method is that it does not use primary
States having the latest form of technologies for software data, which is more authentic. One can explain the result
protection [12]. based on the theoretical analysis, which involves the
explanation of the hypothesis with enough proof for them.
H1: Security issues are not a concern for customers

REFERENCES
1. Bouveret, A. (2018). Cyber risk for the financial sector: A 19. Hasan, Mohammad Kamrul, Musse Mohamud Ahmed,
framework for quantitative assessment. International Sherfriz Sherry Musa, Shayla Islam, Siti Norul Huda
Monetary Fund. Sheikh Abdullah, Eklas Hossain, Nazmus Shaker Nafi,
2. In ICCWS 2020 15th International Conference on Cyber and Nguyen Vo. "An improved dynamic thermal current
Warfare and Security (Vol. 270). Academic Conferences rating model for PMU-based wide area measurement
and publishing limited. framework for reliability analysis utilizing sensor cloud
3. Tariq, N. (2018). Impact of cyberattacks on financial system." IEEE Access 9 (2021): 14446-14458.
institutions. Journal of Internet Banking and Commerce, 20. Hasan, Mohammad Kamrul, Shayla Islam, Rossilawati
23(2), 1-11. Sulaiman, Sheroz Khan, Aisha-Hassan Abdalla Hashim,
4. Bose, R., Chakraborty, S., & Roy, S. (2019, February). Shabana Habib, Mohammad Islam et al. "Lightweight
Explaining the workings principle of cloud-based multi- encryption technique to enhance medical image security
factor authentication architecture on banking sectors. In on internet of medical things applications." IEEE Access
2019 Amity International Conference on Artificial 9 (2021): 47731-47742.
Intelligence (AICAI) (pp. 764-768). IEEE. 21. Islam, Shayla, Aisha-Hassan Abdalla, and M. Kamrul
5. Giri, S., & Shakya, S. (2019). Cloud computing and data Hasan. "Novel multihoming-based flow mobility scheme
security challenges: A Nepal case. International Journal for proxy NEMO environment: A numerical approach to
of Engineering Trends and Technology, 67(3), 146. analyse handoff performance." ScienceAsia 43 (2017):
6. Wewege, L., Lee, J., & Thomsett, M. C. (2020). 27-34.Design and Implementation of a Multihoming-
Disruptions and digital banking trends. Journal of Applied Based Scheme to Support Mobility Management in
Finance and Banking, 10(6), 15-56 NEMO
7. Goh, J., Kang, M. H., Koh, Z. X., Lim, J. W., Ng, C. W., 22. Islam, Shayla, Othman O. Khalifa, Aisha-Hassan Abdalla
Sher, G., & Yao, C. (2020). Cyber Risk Surveillance: A Hashim, Mohammad Kamrul Hasan, Md Razzaque, and
Case STUDY of Singapore. International Monetary Fund. Biswajeet Pandey. "Design and evaluation of a
8. Hua, J., Chen, Y., & Luo, X. R. (2018). Are we ready for multihoming-based mobility management scheme to
cyberterrorist attacks?—Examining the role of individual support inter technology handoff in PNEMO." Wireless
resilience. Information & Management, 55(7), 928-938. Personal Communications 114, no. 2 (2020): 1133-1153.
9. ALHOSANI, F. A., & TARIQ, M. U. (2020). Improving 23. Ali, Elmustafa Sayed, Mohammad Kamrul Hasan,
Service quality of smart banking using quality Rosilah Hassan, Rashid A. Saeed, Mona Bakri Hassan,
management methods in UAE. International Journal of Shayla Islam, Nazmus Shaker Nafi, and Savitri
Mechanical Production Engineering Research and Bevinakoppa. "Machine learning technologies for secure
Development (IJMPERD), 10(3), 2249-8001. vehicular communication in internet of vehicles: recent
advances and applications." Security and Communication
10. Jibril, A. B., Kwarteng, M. A., Chovancova, M., & Networks 2021 (2021).
Denanyoh, R. (2020, March). Customers’ perception of 24. Hasan, Mohammad Kamrul, Siti Hajar Yousoff, Musse
cybersecurity threats toward e-banking adoption and Mohamud Ahmed, Aisha Hassan Abdalla Hashim,
retention: A conceptual Discussion and Conclusion and Ahmad Fadzil Ismail, and Shayla Islam. "Phase offset
future work analysis of asymmetric communications infrastructure in
11. . Li, F., Lu, H., Hou, M., Cui, K., & Darbandi, M. (2021). smart grid." Elektronika ir Elektrotechnika 25, no. 2
Customer satisfaction with bank services: The role of (2019): 67-71.
cloud services, security, e-learning and service quality. 25. Ghazal, Taher M., Mohammad Kamrul Hasan,
Technology in Society, 64, 101487. Muhammad Turki Alshurideh, Haitham M. Alzoubi,
12. D. Jiang, P. Zhang, Z. Lv, and H. Song, “Energy-efficient Munir Ahmad, Syed Shehryar Akbar, Barween Al Kurdi,
multiconstraint routing algorithm with load balancing for and Iman A. Akour. "IoT for smart cities: Machine
smart city applications,” IEEE Internet Things J., vol. 3, learning approaches in smart healthcare—A review."
no. 6, pp. 1437–1447, Dec. 2021 Future Internet 13, no. 8 (2021): 218.
13. F. L. Quilumba, W.-J. Lee, H. Huang, D. Y. Wang, and 26. Memon, Imran, Riaz Ahmed Shaikh, Mohammad Kamrul
R. L. Szabados, “Using smart meter data to improve the Hasan, Rosilah Hassan, Amin Ul Haq, and Khairul Akram
accuracy of intraday load forecasting considering Zainol. "Protect mobile travelers information in sensitive
customer behavior similarities,” IEEE Trans. Smart Grid, region based on fuzzy logic in IoT technology." Security
vol. 6, no. 2, pp. 911–918, Mar. 2021. and Communication Networks 2020 (2020).
14. Machine learning technique (2021) Intelligent 27. Akhtaruzzaman, Md, Mohammad Kamrul Hasan, S.
Automation and Soft Computing, 30 (1), pp. 243-257. Rayhan Kabir, Siti Norul Huda Sheikh Abdullah,
15. S. -W. Lee et al., Multi-Dimensional Trust Quantification Muhammad Jafar Sadeq, and Eklas Hossain. "HSIC
by Artificial Agents Through Evidential Fuzzy Multi- bottleneck based distributed deep learning model for load
Criteria Decision Making," in IEEE Access, vol. 9, pp. forecasting in smart grid with a comprehensive survey."
159399-159412, 2021. IEEE Access 8 (2020): 222977-223008.
16. S. Mehmood et al., "Malignancy Detection in Lung and 28. Hasan, Mohammad Kamrul, Muhammad Shafiq, Shayla
Colon Histopathology Images Using Transfer Learning Islam, Bishwajeet Pandey, Yousef A. Baker El-Ebiary,
with Class Selective Image Processing," in IEEE Access, Nazmus Shaker Nafi, R. Ciro Rodriguez, and Doris
doi: 10.1109/ACCESS.2022.3150924. Esenarro Vargas. "Lightweight cryptographic algorithms
17. Wade, S., Salahat, M. Strategies for facilitating learning for guessing attack protection in complex internet of
in multinational groups STUDYing information systems things applications." Complexity 2021 (2021).
design Transnational Higher Education in Computing 29. Hasan, M.K., Ismail, A.F., Islam, S., Hashim, W. and Pandey, B.,
Courses: Experiences and Reflections, 2019, pp. 173–184. 2017. Dynamic spectrum allocation scheme for heterogeneous
18. Wade, S., Salahat, M., Wilson, D.A scaffolded approach network. Wireless Personal Communications, 95(2), pp.299-315.
to teaching information systems design ITALICS 30. Hasan, M.K., Islam, S., Memon, I., Ismail, A.F., Abdullah, S.,
Budati, A.K. and Nafi, N.S., 2022. A novel resource oriented
Innovations in Teaching and Learning in Information and
DMA framework for internet of medical things devices in 5G
Computer Sciences, 2011, 11(1), pp. 56–70.
network. IEEE Transactions on Industrial Informatics.