Breaking e-banking CAPTCHAs
Tools
Tools
Tools
Li, SJ, Shah, SAH, Khan, MAU, Khayam, SA, Sadeghi, A-R and Schmitz, R (2010) Breaking e-banking CAPTCHAs In: 26th Annual Computer Security Applications Conference (ACSAC 2010), 2010-12-06 - 2010-12-10, Austin, TX, USA.
![[img]](http://epubs.surrey.ac.uk/style/images/fileicons/text.png) |
Text
ACSAC2010.pdf Restricted to Repository staff only Available under License : See the attached licence file. Download (800kB) |
|
Text (licence)
SRI_deposit_agreement.pdf Restricted to Repository staff only Download (33kB) |
Abstract
Many financial institutions have deployed CAPTCHAs to protect their e-banking systems from automated attacks. In addition to traditional CAPTCHAs for login, CAPTCHAs are also used to prevent malicious manipulation of e-banking transactions by automated Man-in-the-Middle (MitM) attackers. Despite serious financial risks, security of e-banking CAPTCHAs is largely unexplored. In this paper, we report the first comprehensive study on e-banking CAPTCHAs deployed around the world. A new set of image processing and pattern recognition techniques is proposed to break all e-banking CAPTCHA schemes that we have found over the Internet, including three e-banking CAPTCHA schemes for transaction verification and 41 schemes for login. These broken e-banking CAPTCHA schemes are used by a large number of financial institutions worldwide, which are serving hundreds of millions of e-banking customers. The success rate of our proposed attacks are either equal to or close to 100%. We also discuss possible enhancements to these e-banking CAPTCHA schemes and show some essential difficulties of designing e-banking CAPTCHAs that are both secure and usable.
| Item Type: | Conference or Workshop Item (UNSPECIFIED) | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Divisions : | Surrey research (other units) | ||||||||
| Authors : | Li, SJ, Shah, SAH, Khan, MAU, Khayam, SA, Sadeghi, A-R and Schmitz, R | ||||||||
| Date : | 2010 | ||||||||
| DOI : | 10.1145/1920261.1920288 | ||||||||
| Contributors : |
|
||||||||
| Related URLs : | |||||||||
| Depositing User : | Symplectic Elements | ||||||||
| Date Deposited : | 28 Mar 2017 14:42 | ||||||||
| Last Modified : | 23 Jan 2020 12:47 | ||||||||
| URI: | http://epubs.surrey.ac.uk/id/eprint/532434 |
Actions (login required)
 |
View Item |
Downloads
Downloads per month over past year