What technology would a banks website use a scramble information as it is transmitted over the Internet?

Various tools and technologies used to help protect against or monitor intrusion include authentication tools, firewalls, intrusion detection systems, and antivirus and encryption software.

Access control consists of all the policies and procedures a company uses to prevent improper access to systems by unauthorized insiders and outsiders. Authentication refers to the ability to know that a person is who he or she claims to be. Access control software is designed to allow only authorized persons to use systems or to access data using some method for authentication. New authentication technologies include:

• Token: A physical device similar to an identification card that is designed to prove the identity of a single user.
• Smart card: A device about the size of a credit card that contains a chip formatted with access permission and other data.
• Biometric authentication: Compares a person's unique characteristics, such as fingerprints, face, or retinal image, against a stored set profile.

A firewall is a combination of hardware and software that controls the flow of incoming and outgoing network traffic and prevents unauthorized communication into and out of the network. The firewall identifies names, Internet Protocol (IP) addresses, applications, and other characteristics of incoming traffic. It checks this information against the access rules programmed into the system by the network administrator. There are a number of firewall screening technologies:

• Packet filtering examines fields in the headers of data packets flowing between the network and the Internet, examining individual packets in isolation.
• Stateful inspection determines whether packets are part of an ongoing dialogue between a sender and a receiver.
• Network Address Translation (NAT) conceals the IP addresses of the organization's internal host computer(s) to protect against sniffer programs outside the firewall.
• Application proxy filtering examines the application content of packets. A proxy server stops data packets originating outside the organization, inspects them, and passes a proxy to the other side of the firewall. If a user outside the company wants to communicate with a user inside the organization, the outside user first "talks" to the proxy application and the proxy application communicates with the firm's internal computer.

FIGURE 8-6 A CORPORATE FIREWALL The firewall is placed between the firm’s private network and the public Internet or another distrusted network to protect against unauthorized traffic.

Intrusion detection systems feature full-time monitoring tools placed at the most vulnerable points of corporate networks to detect and deter intruders continually. Scanning software looks for patterns indicative of known methods of computer attacks, such as bad passwords, checks to see if important files have been removed or modified, and sends warnings of vandalism or system administration errors.

Antivirus software is designed to check computer systems and drives for the presence of computer viruses. However, to remain effective, the antivirus software must be continually updated.

Many organizations use encryption to protect sensitive information transmitted over networks. Encryption is the coding and scrambling of messages to prevent their access by unauthorized individuals.

Two methods for encrypting network traffic on the Web are:

Data is encrypted by applying a secret numerical code, called an encryption key, so that the data are transmitted as a scrambled set of characters. To be read, the message must be decrypted (unscrambled) with a matching key. There are two alternative methods of encryption:

• Symmetric key encryption: The sender and receiver create a single encryption key that is shared.
• Public key encryption: A more secure encryption method that uses two different keys, one private and one public.

FIGURE 8-7 PUBLIC KEY ENCRYPTION A public key encryption system can be viewed as a series of public and private keys that lock data when they are transmitted and unlock the data when they are received. The sender locates the recipient’s public key in a directory and uses it to encrypt a message. The message is sent in encrypted form over the Internet or a private network. When the encrypted message arrives, the recipient uses his or her private key to decrypt the data and read the message.

Digital signatures and digital certificates help with authentication. A digital signature is a digital code attached to an electronically transmitted message that is used to verify the origin and contents of a message. Digital certificates are data files used to establish the identity of users and electronic assets for protection of online transactions. A digital certificate system uses a trusted third party known as a certificate authority (CA) to validate a user's identity. The digital certificate system would enable, for example, a credit card user and a merchant to validate that their digital certificates were issued by an authorized and trusted third party before they exchange data. Public key infrastructure (PKI), the use of public key cryptography working with a certificate authority, is a principal technology for providing secure authentication of identity online.

Figure 8-8

FIGURE 8-8 DIGITAL CERTIFICATES Digital certificates help establish the identity of people or electronic assets. They protect online transactions by providing secure, encrypted, online communication.

• Our security technologies
• Our measures to prevent card fraud

Our security technologies

We are continually assessing our technology to ensure we provide the best security for you.

To keep your information secure, we safeguard our systems in the following ways:

• Anti-virus protection stops threats before they reach our computer network.
• Firewalls prevent unauthorised access to our network.
• Secure transmissions maintain confidential information. Encryption technology such as Secure Socket Layer (SSL) is utilised when sending information between you and the bank. Security is achieved through:
• Authentication to establish the validity of a transmission; this prevents another computer from impersonating the bank.
• Encryption to scramble transmitted data over the Internet.
• Data integrity to verify that information sent to us has not been altered during the transmission process.

Additional online security features

Adaptive Authentication

BankSA Internet Banking is protected by our market-leading technology BankSA Secure™ Adaptive Authentication – a comprehensive, real-time, authentication and fraud detection platform that monitors your banking behaviour.

Automatic time out period

We recommend that you not leave your computer unattended when logged into Internet Banking. However, after a period of inactivity we will automatically log you out to reduce the risk of anyone else accessing your account information on your computer.

Lockout

To prevent someone from trying to guess your Password, access to Internet Banking will be blocked after a number of unsuccessful logon attempts.

Time of last logon

To confirm that there has been no unauthorised access to your account, when you logon to Internet Banking you will see the date and time of your last visit and the details of your last online transaction.

Secure Code

BankSA Secure Code is part of our Adaptive Authentication technology, allowing us to request that you enter a code to authenticate a transaction or access a feature. This verifies that a genuine action is being performed by you, the authorised person.

Our measures to prevent card fraud

BankSA ATMs are fitted with ATM anti-skimming technology. A number of our ATMs have PIN pad shields that conceal you typing in your PIN.
We also actively monitor your typical card spending, so we can detect any unusual spending patterns that might indicate fraud.

We contact you if we detect unusual activity

Our Fraud Detection team operates 24 hours a day, 7 days a week to protect your security, whether you are at home or overseas. For example, when there are transactions on your card that differ considerably from any style of transaction you've done before, we will attempt to contact you (regardless of your location) to check that it is really you making the transactions. For your protection there may be instances when we need to immediately stop your card prior to making contact with you.

Our Fraud Detection team may initially contact you via SMS message. The SMS message will ask you call the number on the back of your card. This BankSA SMS will never display a specific telephone number for you to call us back on. If you don't have your card on hand, please refer to the phone numbers listed under contact us on the BankSA website.

We stop your card to prevent further fraud

BankSA will stop your card when you call to report a fraudulent transaction or when a potential fraud alert is triggered.

If there really is fraud on your card, we will stop access to prevent any more spending. We have to act fast in such instances and sometimes, if we can't reach you when we try to call, we may decide to stop access to your card to ensure we protect your account until we can speak to you.

How we manage a fraudulent transaction

The BankSA Fraud Detection team will take the following steps we take when fraud occurs:

• Contact you on all your available telephone numbers, which may include sending you an SMS and a letter to inform you about the fraud.
• If your ATM card is compromised you can attend any BankSA branch to obtain a replacement card on the spot.
  If your credit card/visa debit is compromised you can reorder a replacement card over the phone or via our branch network. You should receive the replacement card within 5-7 business days.
• If you are entitled to a refund in relation to the fraudulent transaction on your card(s) (see the information under the heading “Liability” below) then the refund will be processed within a maximum of 10 days e.g. transaction amount, over limit fees, interest and other related charges.

How we protect you from ATM skimming

BankSA ATMs are fitted with ATM anti skimming technology. A number of our ATMs have PIN pad shields concealing your PIN when entered.

We actively monitor your usual card spending, so we can detect any unusual spending patterns.

How we protect you from EFTPOS skimming

Because we are able to monitor usual card purchasing/spending patterns, we are able to detect any unusual patterns that may occur and prevent attempts by others to use your card.

Liability

This information is to assist you to look after the security of your card and PIN. It does not state the circumstances in which either you or BankSA may be responsible for unauthorised transactions on your account.

Where the Electronic Funds Transfer Code of Conduct (Code) applies to you, BankSA applies the rules in the Code to determine responsibility for unauthorised electronic transactions on your accounts.

Please refer to the terms and conditions applying to the use of your card for further information.