Internet Banking Safeguards Vulnerabilities - AppSecEU 2016

Explore common attack patterns and vulnerabilities in internet banking safeguards through this conference talk from AppSecEU 2016 in Rome. Delve into clipboard manipulation, server vulnerability exploitation, and how banks mitigate these risks. Examine functional and non-functional vulnerability examples, transaction authorization best practices, and recommendations for trusted recipients. Learn about transaction limits, notification requirements, and user authentication methods. Discuss the revised Payment Services Directive, Strong Customer Authentication, and implementation errors. Gain insights into precise requirements and OWASP's role in improving internet banking security.

APPSEC EUROPE
Agenda
Common attack patterns
Clipboard (or memory) manipulation
Server vulnerability exploitation
How banks mitigate these risks?
Vuin examples (functional)
Vuln examples (non functional)
Transaction authorization best practices
make it trusted
overwrite data
business logic error
Trusted recipients Recommendations
Limit examples
Transaction limits - requirements
Notifications - requirements
USER AUTHENTICATION
Payment Services Directive (revised)
Strong Customer Authentication (SCA)
Payment Initiation Service
Account Information Service
Implementation errors - vulnerabilities
Precise requirements
OWASP to the rescue!
Internet banking - proposal