Remote Check Truncation Systems: Vulnerability Analysis and Countermeasures

Hafiz Malik, Rigel Gjomemo, V. N. Venkatakrishnan, Rashid Ansari, Aun Irtaza
2020 IEEE Access  
All major banks in the USA and around the world offer remote check deposit services. Consumers can use their smart phones to deposit checks remotely. This new online check truncation system is vulnerable to a wide range of attacks, including digital check forgery. Shifting trust from a human teller or an automated teller machine (ATM) to a smart device (cell phone) provides new attack surfaces. This paper exploits security vulnerabilities in the existing remote check deposit system and presents
more » ... an attack vector for existing remote check truncation systems. The proposed attack vector exploits vulnerabilities in the untrusted client-side check-deposit system that enables an attacker to instrument the check deposit application library. The instrumented library allows the attacker to induce digital check forgery with minimized tampering artifacts. It has been observed through this investigation that digital check forgery-based attacks are more powerful than conventional paper-based check forgery attacks. The effectiveness of these attacks is evaluated by targeting three leading banks in United States, finding that all three of the targeted banks are vulnerable to the proposed attacks. A set of countermeasures based on digital check verification is also proposed to combat digital check forgery attacks on existing remote check deposit systems. The proposed countermeasures rely on tamper detection in digital images and expert-system based decision fusion. The effectiveness of the proposed framework is evaluated using tampered check images. The tampered images used for performance evaluation also include set of tampered images used for successfully attacking the remote check deposit systems(being using by leading banks around the world today). Experimental results show that the proposed expert system-based framework is capable of detecting digital check forgery attacks. INDEX TERMS Check truncation system, online banking, remote check deposit, digital check forgery, forgery detection, image forensics, expert system, library instrumentation, JPEG artifacts. VOLUME 8, 2020 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
doi:10.1109/access.2020.2982620 fatcat:uegjeqbj5bhfronpxu7kjg7ynq