Usage of data validation techniques in online banking: A perspective and case study
- 65 Downloads
Owing to information security concerns, most Arab small and medium enterprises depend on traditional interactions and have not moved their operations online. The insufficient preparation for the information and communication technologies revolution led to few offering online transaction platforms, information security features and credit facilities. One of the security concerns is a lack of data validation. Data that are not validated or not properly validated is the main issue for serious security vulnerabilities affecting online banking applications. In this article, the influences of security issues on Arab banks will be discussed. A number of data validation methods will be also reviewed to date to provide a systematic summary to banking environment. On the basis of the advantages and disadvantages of each method, the IT developer will decide which is best suited to develop the systematic online banking application. From this analysis, a global view of the current and future tendencies of data validation will be obtained and therefore provision of possible recommendations for solving the security and privacy issues in the online banking in the Arab world.
KeywordsSMEs Arab World ICT SSL PKI SQL
- Abukhzam, M. and Lee, A. (2010) Factors affecting bank staff attitude towards e-banking adoption in Libya. Electronic Journal of Information Systems in Developing Countries 42 (2): 1–15.Google Scholar
- Alkatheeb, M., Wakileh, M. and Agha, O. (2006) ICT for banking. Jordan ICT Forum 2006, http://www.tagorg-theinstitution.com/Files/2006/Events/Dec_6_2006_The_Fourth_Jordan_ICT_Forum_exhibition.pdf, accessed 15 October 2009.
- Al-Nakib, B. (2007) Challenges facing compliance occupation, http://126.96.36.199/search?q =cache:t63v4nSO55cJ:www.uabonline.org/event /event-presentationdownload.php%3Fid%3D162 %26eventid%3D58+the+CHALLENGES+FACING +THE+ORGANIZATION+by+using+data+or+input+validation&cd =8&hl=en&ct=clnk&gl=jo, accessed 5 September 2009.Google Scholar
- Balzarotti, D. et al (2008) Saner: Composing static and dynamic analysis to validate sanitization in web applications. In: Proceedings of the 2008 IEEE Symposium on Security and Privacy. Washington DC: IEEE, pp. 387–401.Google Scholar
- Ben-Jadeed, M. and Molina, A. (2004) The emergence and evolution of e-banking in Saudi Arabia: The case of samba financial group. Paper invited to Conference of Frontier of E-Business Research; 20–22 September, Tampere, Finland.Google Scholar
- Dutta, S. and Coury, M.E. (2003) ICT challenges for the Arab world. The global information technology report 2002–2003, 116–131, http://zunia.org/uploads/media/knowledge/Chapter_08_ICT_Challenges_for_the_Arab_World.pdf, accessed 5 April 2012.
- Hamed, A. (2010) E-commerce and economic development in Libya. PhD Thesis, University of Wales, Cardiff, UK.Google Scholar
- Huang, Y., Huang, S., Lin, T. and Tsai, T. (2003) Web Application Security Assessment by Fault Injection and Behavior Monitoring. Proceedings of the 12th International Conference on World Wide Web, New York, NY: ACM Press, pp. 148–159.Google Scholar
- IBM X-Force® 2010 Mid-Year Trend and Risk Report. (2010) ftp://public.dhe.ibm.com/common/ssi/ecm/en/wgl03003usen/WGL03003USEN.PDF, accessed 18 September 2011.
- Internet Security.ca. (2011) United Arab Emirates hit with massive bank fraud, http://www.internet-security.ca/internet-security-news-020/united-arab-emirates-hit-with-massive-bank-fraud.html, accessed 10 October 2011.
- Jovanovic, N., Kruegel, C. and Kirda, E. (2006) Pixy: A static analysis tool for detecting web application vulnerabilities (short paper). In: Proceedings of the 2006 IEEE Symposium on Security and Privacy. Washington DC: IEEE, pp. 258–263.Google Scholar
- Lam, M.S., Martin, M., Livshits, B. and Whaley, J. (2008) Securing web applications with static and dynamic information flow tracking. In: Proceedings of the 2008 ACM SIGPLAN Symposium on Partial Evaluation and Semantics-Based Program Manipulation. New York: ACM Press, pp. 3–12.Google Scholar
- Libya Investment. (2007) General news, http://www.libyaninvestment.com/libya_news.php, accessed 10 October 2011.
- Mocean, L. (2007) Internet data validation. Journal of Economy Informatics 1 (1): 96–99.Google Scholar
- Offutt, J., Wu, Y., Du, X. and Huang, H. (2004) Bypass testing of web applications. In: Proceedings the 15th International Symposium on Software Reliability Engineering, Los Alamitos, CA: IEEE, pp. 187–197.Google Scholar
- Payment Card Industry (PCI) (2011) Data Security Standard. Security audit procedures, https://www.pcisecuritystandards.org/pdfs/pci_audit_procedures_v1-1.pdf, accessed 8 October 2011.
- Shankland, S. (2005) Andreessen: PHP succeeding where Java isn't, http://www.zdnet.com.au/andreessen-php-succeeding-where-java-isnt-139218171.htm, accessed 21 July 2005.
- Stein, L.D. (1998) Web Security: A Step-by-Step Reference Guide. Washington DC, USA: Addison-Wesley.Google Scholar
- Wikipedia. (2011) Validation rule, http://en.wikipedia.org/wiki/Validation_rule, accessed 8 October 2011.