Security Journal

, Volume 27, Issue 1, pp 27–35 | Cite as

Usage of data validation techniques in online banking: A perspective and case study

  • Shadi Aljawarneh
  • Thamer Al-Rousan
  • Abdelsalam M Maatuk
  • Mohammad Akour
Original Article


Owing to information security concerns, most Arab small and medium enterprises depend on traditional interactions and have not moved their operations online. The insufficient preparation for the information and communication technologies revolution led to few offering online transaction platforms, information security features and credit facilities. One of the security concerns is a lack of data validation. Data that are not validated or not properly validated is the main issue for serious security vulnerabilities affecting online banking applications. In this article, the influences of security issues on Arab banks will be discussed. A number of data validation methods will be also reviewed to date to provide a systematic summary to banking environment. On the basis of the advantages and disadvantages of each method, the IT developer will decide which is best suited to develop the systematic online banking application. From this analysis, a global view of the current and future tendencies of data validation will be obtained and therefore provision of possible recommendations for solving the security and privacy issues in the online banking in the Arab world.




  1. Abukhzam, M. and Lee, A. (2010) Factors affecting bank staff attitude towards e-banking adoption in Libya. Electronic Journal of Information Systems in Developing Countries 42 (2): 1–15.Google Scholar
  2. Aljawarneh, S., Alkhateeb, F. and Al Maghayreh, E. (2010) A semantic data validation service for web applications. Journal Of Theoretical And Applied Electronic Commerce Research 5 (1): 39–55.CrossRefGoogle Scholar
  3. Alkatheeb, M., Wakileh, M. and Agha, O. (2006) ICT for banking. Jordan ICT Forum 2006,, accessed 15 October 2009.
  4. Al-Nakib, B. (2007) Challenges facing compliance occupation, /event-presentationdownload.php%3Fid%3D162 %26eventid%3D58+the+CHALLENGES+FACING +THE+ORGANIZATION+by+using+data+or+input+validation&cd =8&hl=en&ct=clnk&gl=jo, accessed 5 September 2009.Google Scholar
  5. Balzarotti, D. et al (2008) Saner: Composing static and dynamic analysis to validate sanitization in web applications. In: Proceedings of the 2008 IEEE Symposium on Security and Privacy. Washington DC: IEEE, pp. 387–401.Google Scholar
  6. Ben-Jadeed, M. and Molina, A. (2004) The emergence and evolution of e-banking in Saudi Arabia: The case of samba financial group. Paper invited to Conference of Frontier of E-Business Research; 20–22 September, Tampere, Finland.Google Scholar
  7. Brabrand, C., Moller, A. and Schwartzbach, M. (2002) The project. ACM Transaction International Technology 2 (2): 79–114.CrossRefGoogle Scholar
  8. Dutta, S. and Coury, M.E. (2003) ICT challenges for the Arab world. The global information technology report 2002–2003, 116–131,, accessed 5 April 2012.
  9. Hamed, A. (2010) E-commerce and economic development in Libya. PhD Thesis, University of Wales, Cardiff, UK.Google Scholar
  10. Huang, Y., Huang, S., Lin, T. and Tsai, T. (2003) Web Application Security Assessment by Fault Injection and Behavior Monitoring. Proceedings of the 12th International Conference on World Wide Web, New York, NY: ACM Press, pp. 148–159.Google Scholar
  11. IBM X-Force® 2010 Mid-Year Trend and Risk Report. (2010), accessed 18 September 2011.
  12. Internet (2011) United Arab Emirates hit with massive bank fraud,, accessed 10 October 2011.
  13. Jovanovic, N., Kruegel, C. and Kirda, E. (2006) Pixy: A static analysis tool for detecting web application vulnerabilities (short paper). In: Proceedings of the 2006 IEEE Symposium on Security and Privacy. Washington DC: IEEE, pp. 258–263.Google Scholar
  14. Lam, M.S., Martin, M., Livshits, B. and Whaley, J. (2008) Securing web applications with static and dynamic information flow tracking. In: Proceedings of the 2008 ACM SIGPLAN Symposium on Partial Evaluation and Semantics-Based Program Manipulation. New York: ACM Press, pp. 3–12.Google Scholar
  15. Libya Investment. (2007) General news,, accessed 10 October 2011.
  16. Mocean, L. (2007) Internet data validation. Journal of Economy Informatics 1 (1): 96–99.Google Scholar
  17. Offutt, J., Wu, Y., Du, X. and Huang, H. (2004) Bypass testing of web applications. In: Proceedings the 15th International Symposium on Software Reliability Engineering, Los Alamitos, CA: IEEE, pp. 187–197.Google Scholar
  18. Payment Card Industry (PCI) (2011) Data Security Standard. Security audit procedures,, accessed 8 October 2011.
  19. Scott, D. and Sharp, R. (2003) Specifying and enforcing application-level web security policies. IEEE transaction of Knowledge Data Engineering 15 (4): 771–783.CrossRefGoogle Scholar
  20. Shankland, S. (2005) Andreessen: PHP succeeding where Java isn't,, accessed 21 July 2005.
  21. Stein, L.D. (1998) Web Security: A Step-by-Step Reference Guide. Washington DC, USA: Addison-Wesley.Google Scholar
  22. Wikipedia. (2011) Validation rule,, accessed 8 October 2011.

Copyright information

© Palgrave Macmillan, a division of Macmillan Publishers Ltd 2012

Authors and Affiliations

  • Shadi Aljawarneh
    • 1
  • Thamer Al-Rousan
    • 1
  • Abdelsalam M Maatuk
    • 2
  • Mohammad Akour
    • 3
  1. 1.Isra University, IT FacultyJordan
  2. 2.Omar Al-Mukhtar University, Faculty of SciencesLibya
  3. 3.Prince Hussein bin Abdullah Faculty of Information Technology

Personalised recommendations