skip navigation

PUBLICATIONS

Register for Latest Research

Stay Informed
Register with NCJRS to receive NCJRS's biweekly e-newsletter JUSTINFO and additional periodic emails from NCJRS and the NCJRS federal sponsors that highlight the latest research published or sponsored by the Office of Justice Programs.

NCJRS Abstract

The document referenced below is part of the NCJRS Virtual Library collection. To conduct further searches of the collection, visit the Virtual Library. See the Obtain Documents page for direction on how to access resources online, via mail, through interlibrary loans, or in a local library.

 

NCJ Number: 74921 Find in a Library
Title: Security in an Electronic Fund Transfer System
Journal: Information Privacy  Volume:2  Issue:5  Dated:(September 1980)  Pages:185-189
Author(s): H J Beker
Date Published: 1980
Page Count: 5
Format: Article
Language: English
Country: United Kingdom
Annotation: The security aspects of electronic fund transfer (EFT) are discussed; criminal methods and preventive measures are reviewed.
Abstract: In EFT systems, all verification and authorization takes place within computer networks that are remote from the terminals. Such systems can be used for consumer transactions with retailers. The retailer enters the amount of a transaction on the EFT terminal, and the customer inserts his card and enter personal identification data (PID). The card issuer's computer verifies the entries and authorizes fund transfers. Such EFT transmissions must be protected against monitoring, which would give intercepters corresponding customer identification and PID pairs. These offenders could then either steal cards for which they know the PID or manufacture their own. In addition, efforts must be made to prevent line tampering through which offenders could change the amounts. Data could be protected from changes through encipherment. At present, most card issuers favor the Bureau of Standards Data Encryption Standard which is a block cipher (a change in a single bit of data may render the entire block of information useless). Such systems could be improved if a number of purely random bits were introduced into each block of information. The discovery of PID's through repeated experiments with stolen cards could be prevented through limits on the number of nonauthorized transactions for each card. Also, the impersonation of computer authorizations for transfers of funds through the use of monitoring equipment could be overcome if each transaction included a full two-way authentication procedure between the terminal and the computer. Other manipulations could be avoided through the use of cipher key hierarchies, transaction authentications, and check sums. Finally, the inclusion of nonerasable 'watermark' information on each user's card could make the counterfeiting of cards more difficult. Eight references are included.
Index Term(s): Computer crime prevention measures; Computer related crime; Electronic funds transfer
To cite this abstract, use the following link:
http://www.ncjrs.gov/App/publications/abstract.aspx?ID=74921

*A link to the full-text document is provided whenever possible. For documents not available online, a link to the publisher's website is provided. Tell us how you use the NCJRS Library and Abstracts Database - send us your feedback.