Scientific Online Resource System

Izvestia Journal of the Union of Scientists - Varna. Economic Sciences Series

Application of security technologies in the public websites of banks in Serbia

Pavel Petrov, Shabnamjit Hundal

Abstract

In this publication, the collected data in the course of a survey are summarized, systemized and analyzed. The survey is conducted in the autumn of 2018 and is focused on the usage of the HTTPS protocol in the public web sites of Serbian banks. The scope of the survey is limited only to the public site of the particular bank and 27 web sites were explored. All of them belong to Serbian banks, which are licensed by the National Bank of Serbia. The HTTPS protocol in the last years is used as the default protocol by many web applications. The study shows that from all 27 Serbian banks licensed by the Serbian National Bank, 81.5% (22 banks) of the surveyed bank's sites are using HTTPS without problems, 11.1% (3 banks) are using HTTPS with some problems and 7,4% (2 banks) are not using HTTPS at all. From banks that are using HTTPS without any problems, the majority - 72.7% (16 banks) use simple Domain Validation (DV), and the rest - 27.2% (6 banks) use Extended Validation (EV) types of certificates. The most popular certification authorities are Thawte with share of 27.2% (6 banks), Go Daddy Secure Certificate Authority and GeoTrust - each with share of 18.1% (4 banks), cPanel Inc. Certification Authority - 13.6% (3 banks), and etc. One bank uses free certificate from Let's Encrypt Authority X3. The validity period varies from 3 months (typically issued from cPanel and Let's Encrypt) to 3 years (typically issued from Go Daddy). Only 7.4% (2 banks) of all Serbian banks are using the latest HTTP/2 protocol.

Keywords

Serbia, banks, Serbian banks, HTTPS, web site, SSL, certificates

Full Text


References

Cooper, D., Santesson, S., Farrell, S. et al. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, IETF RFC5280, 2008. Available at: http://www.ietf.org/rfc/rfc5280.txt

Hickman, K., The SSL Protocol, 1995. Available at: https://tools.ietf.org/id/draft-hickman-netscape-ssl-00.txt

Kuyumdzhiev, I. Backup and recovery of MongoDB database: features, state, problems. // IZVESTIA, JOURNAL OF THE UNION OF SCIENTISTS - VARNA, ECONOMIC SCIENCES SERIES, 2015, pp.125-133.

Kuyumdzhiev, I. Controls Mitigating the Risk of Confidential Information Disclosure by Facebook: Essential Concern in Auditing Information Security. TEM Journal, 3, 2014, 2, 113-119.

National Bank of Serbia (NBS), List of Banks, 04.09.2018. Available at: https://www.nbs.rs/internet/english/50/50_2.html

Qualys SSL Labs, SSL and TLS Deployment Best Practices. Available at: https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices

Radev, M. Proposals for changes in the rule 3-2-1 used in corporate backup strategies in the IT infrastructure. // IZVESTIA, JOURNAL OF THE UNION OF SCIENTISTS - VARNA, ECONOMIC SCIENCES SERIES, 2015, pp.134-139.

Radev, M. Using the TOPSIS Method to Evaluate Projects for Virtualization. // IZVESTIA, JOURNAL OF THE UNION OF SCIENTISTS - VARNA, ECONOMIC SCIENCES SERIES, 2017, vol.2, pp.234-241.

Rescorla, E. HTTP Over TLS, IETF RFC 2818, 2000. Available at: https://tools.ietf.org/rfc/rfc2818.txt

Stoev, S. Integration of Risk Management Processes into the Business of IT Companies. // IZVESTIA, JOURNAL OF THE UNION OF SCIENTISTS - VARNA, ECONOMIC SCIENCES SERIES, 2017, vol.2, pp.225-233.

Stoev, S. Product Risk Management in Information Systems Implementation. // IZVESTIA, JOURNAL OF THE UNION OF SCIENTISTS - VARNA, ECONOMIC SCIENCES SERIES, 2016, vol.2, pp.109-116.

Zafirova, T., Stavreva, G. Quality of banking and strategic management after entrance foreign capital in bank organizations. The case SG Expressbank. Strategijski mеnadžment, 2002, 1, 12-17.


Refbacks

Font Size


|