U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Security in an Electronic Fund Transfer System

NCJ Number
74921
Journal
Information Privacy Volume: 2 Issue: 5 Dated: (September 1980) Pages: 185-189
Author(s)
H J Beker
Date Published
1980
Length
5 pages
Annotation
The security aspects of electronic fund transfer (EFT) are discussed; criminal methods and preventive measures are reviewed.
Abstract
In EFT systems, all verification and authorization takes place within computer networks that are remote from the terminals. Such systems can be used for consumer transactions with retailers. The retailer enters the amount of a transaction on the EFT terminal, and the customer inserts his card and enter personal identification data (PID). The card issuer's computer verifies the entries and authorizes fund transfers. Such EFT transmissions must be protected against monitoring, which would give intercepters corresponding customer identification and PID pairs. These offenders could then either steal cards for which they know the PID or manufacture their own. In addition, efforts must be made to prevent line tampering through which offenders could change the amounts. Data could be protected from changes through encipherment. At present, most card issuers favor the Bureau of Standards Data Encryption Standard which is a block cipher (a change in a single bit of data may render the entire block of information useless). Such systems could be improved if a number of purely random bits were introduced into each block of information. The discovery of PID's through repeated experiments with stolen cards could be prevented through limits on the number of nonauthorized transactions for each card. Also, the impersonation of computer authorizations for transfers of funds through the use of monitoring equipment could be overcome if each transaction included a full two-way authentication procedure between the terminal and the computer. Other manipulations could be avoided through the use of cipher key hierarchies, transaction authentications, and check sums. Finally, the inclusion of nonerasable 'watermark' information on each user's card could make the counterfeiting of cards more difficult. Eight references are included.