{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,20]],"date-time":"2026-02-20T15:54:51Z","timestamp":1771602891187,"version":"3.50.1"},"reference-count":113,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2016,12,5]],"date-time":"2016-12-05T00:00:00Z","timestamp":1480896000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Dutch National Police"},{"name":"Police Academy"},{"name":"Dutch banking sector"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2017,12,31]]},"abstract":"A survey was conducted to provide a state of the art of online banking authentication and communications security implementations. Between global regions the applied (single or multifactor) authentication schemes differ greatly, as well as the security of SSL\/TLS implementations. Three phases for online banking development are identified. It is predicted that mobile banking will enter a third phase, characterized by the use of standard web technologies to develop mobile banking applications for different platforms. This has the potential to make mobile banking a target for attacks in a similar manner that home banking currently is.<\/jats:p>","DOI":"10.1145\/3002170","type":"journal-article","created":{"date-parts":[[2016,12,6]],"date-time":"2016-12-06T16:03:07Z","timestamp":1481040187000},"page":"1-35","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":23,"title":["A Survey of Authentication and Communications Security in Online Banking"],"prefix":"10.1145","volume":"49","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4065-7026","authenticated-orcid":false,"given":"Sven","family":"Kiljan","sequence":"first","affiliation":[{"name":"NHL University of Applied Sciences, Open Universiteit, Radboud University, Nijmegen, The Netherlands"}]},{"given":"Koen","family":"Simoens","sequence":"additional","affiliation":[{"name":"Verizon Enterprise Solutions, Diegem, Belgium"}]},{"given":"Danny De","family":"Cock","sequence":"additional","affiliation":[{"name":"KU Leuven, Leuven-Heverlee, Belgium"}]},{"given":"Marko Van","family":"Eekelen","sequence":"additional","affiliation":[{"name":"Open Universiteit, Radboud University, Nijmegen, The Netherlands"}]},{"given":"Harald","family":"Vranken","sequence":"additional","affiliation":[{"name":"Open Universiteit, Radboud University, Heerlen, The Netherlands"}]}],"member":"320","published-online":{"date-parts":[[2016,12,5]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2006.89"},{"key":"e_1_2_1_2_1","volume-title":"Cybercrime: The case of obfuscated malware. In Global Security, Safety and Sustainability 8 e-Democracy, Christos K","author":"Alazab Mamoun","year":"2012"},{"key":"e_1_2_1_3_1","volume-title":"Proceedings of the 22nd USENIX Conference on Security (SEC\u201913)","author":"AlFardan Nadhem J."},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/AICCSA.2009.5069395"},{"key":"e_1_2_1_5_1","volume-title":"Proceedings of the 2010 International Conference for Internet Technology and Secured Transactions (ICITST). 1--7.","author":"AlZomai Mohammed","year":"2010"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/1385109.1385123"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33383-5_6"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1655008.1655012"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1108\/02652321011054963"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-4048(02)00312-7"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-43936-4_16"},{"key":"e_1_2_1_12_1","first-page":"1","article-title":"Man in the browser attacks","volume":"4","author":"Curran Kevin","year":"2012","journal-title":"International Journal of Ambient Computing and Intelligence"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.im.2006.08.009"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1124772.1124861"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(10)70046-5"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382205"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382204"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2009.03.024"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-03549-4_14"},{"key":"e_1_2_1_20_1","volume-title":"Proceedings of the 2010 12th International Conference on Advanced Communication Technology (ICACT)","volume":"2","author":"Hisamatsu A.","year":"2010"},{"key":"e_1_2_1_21_1","volume-title":"Financial Cryptography and Data Security","author":"Jackson Collin"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1108\/02652321211236923"},{"key":"e_1_2_1_23_1","volume-title":"Marko van Eekelen, and Harald Vranken.","author":"Kiljan Sven","year":"2014"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/STAST.2014.14"},{"key":"e_1_2_1_25_1","volume-title":"Proceedings of the 2004 IEEE International Conference on Networking, Sensing and Control","volume":"2","author":"Kou Yufeng","year":"2004"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.im.2004.01.007"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2004.03.003"},{"key":"e_1_2_1_28_1","volume-title":"Van Oorschot","author":"Mannan Mohammad","year":"2007"},{"key":"e_1_2_1_29_1","first-page":"1","article-title":"Customers perception of security indicators in online banking sites in Nigeria","volume":"14","author":"Oghenerukeybe Egwali Annie","year":"2009","journal-title":"Journal of Internet Banking and Commerce"},{"key":"e_1_2_1_30_1","volume-title":"The evolution of commercial malware development kits and colour-by-numbers custom malware. Computer Fraud 8 Security","author":"Ollmann Gunter","year":"2008"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2766498.2766522"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1108\/10662240410542652"},{"key":"e_1_2_1_33_1","volume-title":"Proceedings of the International Joint Conference on Neural Networks (IJCNN","author":"Quah Jon T. S.","year":"2007"},{"key":"e_1_2_1_34_1","volume-title":"Proceedings of the 24th USENIX Conference on Security Symposium (SEC\u201915)","author":"Reaves Bradley"},{"key":"e_1_2_1_35_1","volume-title":"Proceedings of the 17th Annual South East Asia Regional Conference (SEARCC\u201998)","author":"Redhead Tim","year":"1998"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1053291.1053327"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/986213.986240"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-88313-5_27"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.3844\/ajebasp.2013.89.94"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2005.27"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11280-012-0178-0"},{"key":"e_1_2_1_42_1","volume-title":"Proceedings of the 2011 World Congress on Internet Security (WorldCIS\u201911)","author":"Weigold T."},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.1559-1816.2010.00615.x"},{"key":"e_1_2_1_44_1","volume-title":"Haga","author":"Zviran Moshe","year":"1990"},{"key":"e_1_2_1_45_1","unstructured":"NONACADEMIC AND WEB REFERENCES<sup>8ast<\/sup> NONACADEMIC AND WEB REFERENCES<sup>8ast<\/sup>"},{"key":"e_1_2_1_46_1","unstructured":"Josie Allchin. 2012. A history of innovation in payments. Retrieved from http:\/\/www.marketingweek.com\/2012\/11\/28\/a-history-of-innovation-in-payments\/. Josie Allchin. 2012. A history of innovation in payments. Retrieved from http:\/\/www.marketingweek.com\/2012\/11\/28\/a-history-of-innovation-in-payments\/."},{"key":"e_1_2_1_47_1","unstructured":"Ally Bank. 2010. How We Protect You. Retrieved from http:\/\/www.ally.com\/security\/. Ally Bank. 2010. How We Protect You. Retrieved from http:\/\/www.ally.com\/security\/."},{"key":"e_1_2_1_48_1","unstructured":"Bank of America. 2013. Online Banking Security from Bank of America. Retrieved from https:\/\/www.bankofamerica.com\/privacy\/online-mobile-banking-privacy\/online-banking-security.go. Bank of America. 2013. Online Banking Security from Bank of America. Retrieved from https:\/\/www.bankofamerica.com\/privacy\/online-mobile-banking-privacy\/online-banking-security.go."},{"key":"e_1_2_1_49_1","volume-title":"Online and Mobile Banking Report\u2014Full Year 2014 and Q4","author":"Banking 8 Payments Federation Ireland. 2015.","year":"2014"},{"key":"e_1_2_1_50_1","unstructured":"Barclays. 2014. What we\u2019re doing to protect your account. Retrieved from http:\/\/www.barclays.co.uk\/Helpsupport\/Whatweredoingtoprotectyou\/P1242560037946#Fraudmonitoring. Barclays. 2014. What we\u2019re doing to protect your account. Retrieved from http:\/\/www.barclays.co.uk\/Helpsupport\/Whatweredoingtoprotectyou\/P1242560037946#Fraudmonitoring."},{"key":"e_1_2_1_51_1","first-page":"57","article-title":"Transitions: Recommendation for key management\u2014Part 1: General (revision 3)","volume":"800","author":"Barker Elaine","year":"2012","journal-title":"NIST Special Publication"},{"key":"e_1_2_1_52_1","unstructured":"BBA. 2015. The Way We Bank Now: World of Change. Retrieved from https:\/\/www.bba.org.uk\/publication\/bba-reports\/world-of-change-2\/. BBA. 2015. The Way We Bank Now: World of Change. Retrieved from https:\/\/www.bba.org.uk\/publication\/bba-reports\/world-of-change-2\/."},{"key":"e_1_2_1_53_1","volume-title":"Consumers and Mobile Financial Services","author":"Federal Reserve System Board","year":"2014"},{"key":"e_1_2_1_54_1","volume-title":"Consumers and Mobile Financial Services","author":"Federal Reserve System Board","year":"2015"},{"key":"e_1_2_1_55_1","volume-title":"Mobiel internet groeide 30 procent","author":"Boogert Erwin","year":"2007"},{"key":"e_1_2_1_56_1","unstructured":"Danyl Bosomworth. 2015. Statistics on mobile usage and adoption to inform your mobile marketing strategy. Retrieved from http:\/\/www.smartinsights.com\/mobile-marketing\/mobile-marketing-analytics\/mobile-marketing-statistics\/. Danyl Bosomworth. 2015. Statistics on mobile usage and adoption to inform your mobile marketing strategy. Retrieved from http:\/\/www.smartinsights.com\/mobile-marketing\/mobile-marketing-analytics\/mobile-marketing-statistics\/."},{"key":"e_1_2_1_57_1","unstructured":"John Bristowe. 2015. What is a Hybrid Mobile App? Retrieved from http:\/\/developer.telerik.com\/featured\/what-is-a-hybrid-mobile-app\/. John Bristowe. 2015. What is a Hybrid Mobile App? Retrieved from http:\/\/developer.telerik.com\/featured\/what-is-a-hybrid-mobile-app\/."},{"key":"e_1_2_1_58_1","first-page":"6","article-title":"PRONTO: Bank on your atari","volume":"1","author":"Burns Deborah","year":"1983","journal-title":"Antic"},{"key":"e_1_2_1_59_1","unstructured":"Business Standard News. 2014. Mobile banking zooms as India gets smarter. Retrieved from http:\/\/www.business-standard.com\/article\/finance\/mobile-banking-zooms-as-india-gets-smarter-114081100826_1.html. Business Standard News. 2014. Mobile banking zooms as India gets smarter. Retrieved from http:\/\/www.business-standard.com\/article\/finance\/mobile-banking-zooms-as-india-gets-smarter-114081100826_1.html."},{"key":"e_1_2_1_60_1","unstructured":"Mike Cetera. 2015. Online banking vs. mobile banking. Retrieved from http:\/\/www.bankrate.com\/financing\/mobile-finance\/online-banking-vs-mobile-banking\/. Mike Cetera. 2015. Online banking vs. mobile banking. Retrieved from http:\/\/www.bankrate.com\/financing\/mobile-finance\/online-banking-vs-mobile-banking\/."},{"key":"e_1_2_1_61_1","unstructured":"Chaos Computer Club. 2013. Chaos Computer Club Breaks Apple TouchID. Retrieved from http:\/\/www.ccc.de\/en\/updates\/2013\/ccc-breaks-apple-touchid. Chaos Computer Club. 2013. Chaos Computer Club Breaks Apple TouchID. Retrieved from http:\/\/www.ccc.de\/en\/updates\/2013\/ccc-breaks-apple-touchid."},{"key":"e_1_2_1_62_1","volume-title":"Statistical Report on Internet Development in China (Jan","author":"China Internet Network Information Center","year":"2014"},{"key":"e_1_2_1_63_1","unstructured":"Richard Collins. 2013. Get the FAQs about Ubuntu on Smartphones. Retrieved from https:\/\/insights.ubuntu.com\/2013\/02\/15\/get-the-faqs-about-ubuntu-on-smartphones\/. Richard Collins. 2013. Get the FAQs about Ubuntu on Smartphones. Retrieved from https:\/\/insights.ubuntu.com\/2013\/02\/15\/get-the-faqs-about-ubuntu-on-smartphones\/."},{"key":"e_1_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC2246"},{"key":"e_1_2_1_65_1","doi-asserted-by":"crossref","unstructured":"Tim Dierks and Eric Rescorla. 2006. RFC 4346\u2014The Transport Layer Security (TLS) Protocol Version 1.1. Retrieved from http:\/\/tools.ietf.org\/html\/rfc4346. Tim Dierks and Eric Rescorla. 2006. RFC 4346\u2014The Transport Layer Security (TLS) Protocol Version 1.1. Retrieved from http:\/\/tools.ietf.org\/html\/rfc4346.","DOI":"10.17487\/rfc4346"},{"key":"e_1_2_1_66_1","doi-asserted-by":"crossref","unstructured":"Tim Dierks and Eric Rescorla. 2008. RFC 5246\u2014The Transport Layer Security (TLS) Protocol Version 1.2. Retrieved from http:\/\/tools.ietf.org\/html\/rfc5246. Tim Dierks and Eric Rescorla. 2008. RFC 5246\u2014The Transport Layer Security (TLS) Protocol Version 1.2. Retrieved from http:\/\/tools.ietf.org\/html\/rfc5246.","DOI":"10.17487\/rfc5246"},{"key":"e_1_2_1_67_1","volume-title":"Here Come The &oplus","author":"Duong Thai"},{"key":"e_1_2_1_68_1","unstructured":"Eurostat. 2016. Individuals Using the Internet for Internet Banking. Retrieved from http:\/\/ec.europa.eu\/eurostat\/tgm\/table.do?tab=table8plugin=18language=en8pcode=tin00099. Eurostat. 2016. Individuals Using the Internet for Internet Banking. Retrieved from http:\/\/ec.europa.eu\/eurostat\/tgm\/table.do?tab=table8plugin=18language=en8pcode=tin00099."},{"key":"e_1_2_1_69_1","doi-asserted-by":"crossref","unstructured":"Chris Evans Chris Palmer and Ryan Sleevi. 2015. RFC 7469\u2014Public Key Pinning Extension for HTTP. Retrieved from https:\/\/tools.ietf.org\/html\/rfc7469. Chris Evans Chris Palmer and Ryan Sleevi. 2015. RFC 7469\u2014Public Key Pinning Extension for HTTP. Retrieved from https:\/\/tools.ietf.org\/html\/rfc7469.","DOI":"10.17487\/RFC7469"},{"key":"e_1_2_1_70_1","unstructured":"Febelfin. 2015. Cijfers\u2014Succes internetbankieren. Retrieved from https:\/\/www.safeinternetbanking.be\/nl\/cijfers-internetbankieren. Febelfin. 2015. Cijfers\u2014Succes internetbankieren. Retrieved from https:\/\/www.safeinternetbanking.be\/nl\/cijfers-internetbankieren."},{"key":"e_1_2_1_71_1","unstructured":"Mary Jo Foley. 2014. Microsoft to Bring Back Start Menu Windowed Apps to Windows. Retrieved from http:\/\/www.zdnet.com\/article\/microsoft-to-bring-back-start-menu-windowed-apps-to-windows\/. Mary Jo Foley. 2014. Microsoft to Bring Back Start Menu Windowed Apps to Windows. Retrieved from http:\/\/www.zdnet.com\/article\/microsoft-to-bring-back-start-menu-windowed-apps-to-windows\/."},{"key":"e_1_2_1_72_1","doi-asserted-by":"crossref","unstructured":"Alan Freier Philip Karlton and Paul Kocher. 2011. RFC 6101\u2014The Secure Sockets Layer (SSL) Protocol Version 3.0. Retrieved from http:\/\/tools.ietf.org\/html\/rfc6101. Alan Freier Philip Karlton and Paul Kocher. 2011. RFC 6101\u2014The Secure Sockets Layer (SSL) Protocol Version 3.0. Retrieved from http:\/\/tools.ietf.org\/html\/rfc6101.","DOI":"10.17487\/rfc6101"},{"key":"e_1_2_1_73_1","doi-asserted-by":"crossref","unstructured":"Jeff Hodges Collin Jackson and Adam Barth. 2012. RFC 6797\u2014HTTP Strict Transport Security (HSTS). Retrieved from https:\/\/tools.ietf.org\/html\/rfc6797. Jeff Hodges Collin Jackson and Adam Barth. 2012. RFC 6797\u2014HTTP Strict Transport Security (HSTS). Retrieved from https:\/\/tools.ietf.org\/html\/rfc6797.","DOI":"10.17487\/rfc6797"},{"key":"e_1_2_1_74_1","unstructured":"Jasper Houtman. 2002. Postbank: 40 procent bankiert met mobiel toestel. Retrieved from http:\/\/www.emerce.nl\/nieuws\/postbank-40-procent-bankiert-met-mobiel-toestel. Jasper Houtman. 2002. Postbank: 40 procent bankiert met mobiel toestel. Retrieved from http:\/\/www.emerce.nl\/nieuws\/postbank-40-procent-bankiert-met-mobiel-toestel."},{"key":"e_1_2_1_75_1","unstructured":"IO Active. 2012. Reversal and Analysis of Zeus and SpyEye Banking Trojans. Retrieved from http:\/\/www.ioactive.com\/pdfs\/ZeusSpyEyeBankingTrojanAnalysis.pdf. IO Active. 2012. Reversal and Analysis of Zeus and SpyEye Banking Trojans. Retrieved from http:\/\/www.ioactive.com\/pdfs\/ZeusSpyEyeBankingTrojanAnalysis.pdf."},{"key":"e_1_2_1_76_1","volume-title":"Population and Migration Estimates -","author":"Statistics Office Ireland\u2019s Central","year":"2012"},{"key":"e_1_2_1_77_1","unstructured":"iResearch. 2014. Mobile Finance Becomes the Trend of Future Banking. Retrieved from http:\/\/www.iresearchchina.com\/content\/details7_18315.html. iResearch. 2014. Mobile Finance Becomes the Trend of Future Banking. Retrieved from http:\/\/www.iresearchchina.com\/content\/details7_18315.html."},{"key":"e_1_2_1_78_1","unstructured":"ITavisen. 1999. Verdens f\u00b8rste WAP-bank fra Norge. Retrieved from http:\/\/www.itavisen.no\/nyheter\/verdens-f%C3%B8rste-wap-bank-fra-norge-41812. ITavisen. 1999. Verdens f\u00b8rste WAP-bank fra Norge. Retrieved from http:\/\/www.itavisen.no\/nyheter\/verdens-f%C3%B8rste-wap-bank-fra-norge-41812."},{"key":"e_1_2_1_79_1","volume-title":"Mobile Banking","author":"KPMG.","year":"2015"},{"key":"e_1_2_1_80_1","unstructured":"Brian Krebs. 2014. Chip 8 PIN vs. Chip 8 Signature. Retrieved from http:\/\/krebsonsecurity.com\/2014\/10\/chip-pin-vs-chip-signature\/. Brian Krebs. 2014. Chip 8 PIN vs. Chip 8 Signature. Retrieved from http:\/\/krebsonsecurity.com\/2014\/10\/chip-pin-vs-chip-signature\/."},{"key":"e_1_2_1_81_1","unstructured":"Adam Langley. 2012. BEAST Followup. Retrieved from https:\/\/www.imperialviolet.org\/2012\/01\/15\/beastfollowup.html. Adam Langley. 2012. BEAST Followup. Retrieved from https:\/\/www.imperialviolet.org\/2012\/01\/15\/beastfollowup.html."},{"key":"e_1_2_1_82_1","unstructured":"Adam Langley. 2014. The POODLE Bites Again. Retrieved from https:\/\/www.imperialviolet.org\/2014\/12\/08\/poodleagain.html. Adam Langley. 2014. The POODLE Bites Again. Retrieved from https:\/\/www.imperialviolet.org\/2014\/12\/08\/poodleagain.html."},{"key":"e_1_2_1_83_1","unstructured":"Eric Lawrence. 2005. Upcoming HTTPS Improvements in Internet Explorer 7 Beta 2. Retrieved from http:\/\/blogs.msdn.com\/b\/ie\/archive\/2005\/10\/22\/483795.aspx. Eric Lawrence. 2005. Upcoming HTTPS Improvements in Internet Explorer 7 Beta 2. Retrieved from http:\/\/blogs.msdn.com\/b\/ie\/archive\/2005\/10\/22\/483795.aspx."},{"key":"e_1_2_1_84_1","volume-title":"Washington D.C.","author":"Marlinspike Moxie","year":"2009"},{"key":"e_1_2_1_85_1","unstructured":"Tim Matthews. 2012. Don\u2019t Be Afraid of Mobile Banking Apps. Retrieved from http:\/\/www.banktech.com\/channels\/dont-be-afraid-of-mobile-banking-apps\/a\/d-id\/1295727. Tim Matthews. 2012. Don\u2019t Be Afraid of Mobile Banking Apps. Retrieved from http:\/\/www.banktech.com\/channels\/dont-be-afraid-of-mobile-banking-apps\/a\/d-id\/1295727."},{"key":"e_1_2_1_86_1","volume-title":"Security Bulletin MS15-032\u2014Cumulative Security Update for Internet Explorer (3038314)."},{"key":"e_1_2_1_87_1","doi-asserted-by":"crossref","unstructured":"Bodo Moeller and Adam Langley. 2015. RFC 7507\u2014TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks. Retrieved from https:\/\/tools.ietf.org\/html\/rfc7507. Bodo Moeller and Adam Langley. 2015. RFC 7507\u2014TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks. Retrieved from https:\/\/tools.ietf.org\/html\/rfc7507.","DOI":"10.17487\/RFC7507"},{"key":"e_1_2_1_88_1","volume-title":"Security changes in Opera 25","author":"Molland H\u00e5vard","year":"2014"},{"key":"e_1_2_1_89_1","unstructured":"Bodo M\u00f6ller Thai Duong and Krzysztof Kotowicz. 2014. This POODLE Bites: Exploiting The SSL 3.0 Fallback. Retrieved from https:\/\/www.openssl.org\/∼bodo\/ssl-poodle.pdf. Bodo M\u00f6ller Thai Duong and Krzysztof Kotowicz. 2014. This POODLE Bites: Exploiting The SSL 3.0 Fallback. Retrieved from https:\/\/www.openssl.org\/∼bodo\/ssl-poodle.pdf."},{"key":"e_1_2_1_90_1","unstructured":"Kim Moser. 2012. Computer History\u2014Citibank Direct Access and the Enhanced Telephone. Retrieved from http:\/\/www.kmoser.com\/computerhistory\/?id=citibank. Kim Moser. 2012. Computer History\u2014Citibank Direct Access and the Enhanced Telephone. Retrieved from http:\/\/www.kmoser.com\/computerhistory\/?id=citibank."},{"key":"e_1_2_1_91_1","unstructured":"Mozilla. 2006. Bug 236933\u2014Disable SSL2 and other weak ciphers. Retrieved from https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=236933. Mozilla. 2006. Bug 236933\u2014Disable SSL2 and other weak ciphers. Retrieved from https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=236933."},{"key":"e_1_2_1_92_1","volume-title":"https:\/\/www.mozilla.org\/en-US\/firefox\/34.0\/releasenotes\/","author":"Firefox\u2014Notes","year":"2014"},{"key":"e_1_2_1_93_1","unstructured":"National Institute of Standards and Technology. 2011. Vulnerability Summary for CVE-2011-3389. Retrieved from http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2011-3389. National Institute of Standards and Technology. 2011. Vulnerability Summary for CVE-2011-3389. Retrieved from http:\/\/web.nvd.nist.gov\/view\/vuln\/detail?vulnId=CVE-2011-3389."},{"key":"e_1_2_1_94_1","unstructured":"Nedbank. 2011. SIM Swap Scam. Retrieved from http:\/\/www.nedbank.co.za\/website\/content\/Security\/sim.asp. Nedbank. 2011. SIM Swap Scam. Retrieved from http:\/\/www.nedbank.co.za\/website\/content\/Security\/sim.asp."},{"key":"e_1_2_1_95_1","unstructured":"Opera Software. 2008. Opera 9.5 for Windows Changelog. Retrieved from http:\/\/www.opera.com\/docs\/changelogs\/windows\/950\/. Opera Software. 2008. Opera 9.5 for Windows Changelog. Retrieved from http:\/\/www.opera.com\/docs\/changelogs\/windows\/950\/."},{"key":"e_1_2_1_96_1","unstructured":"Kevin Rawlinson. 2015. Banks to Allow Account Access Using Fingerprint Tech. Retrieved from http:\/\/www.bbc.com\/news\/technology-31508932. Kevin Rawlinson. 2015. Banks to Allow Account Access Using Fingerprint Tech. Retrieved from http:\/\/www.bbc.com\/news\/technology-31508932."},{"key":"e_1_2_1_97_1","doi-asserted-by":"crossref","unstructured":"Eric Rescorla Marsh Ray Steve Dispensa and Nasko Oskov. Retrieved from RFC 5746\u2014Transport Layer Security (TLS) Renegotiation Indication Extension. (2010). https:\/\/tools.ietf.org\/html\/rfc5746. Eric Rescorla Marsh Ray Steve Dispensa and Nasko Oskov. Retrieved from RFC 5746\u2014Transport Layer Security (TLS) Renegotiation Indication Extension. (2010). https:\/\/tools.ietf.org\/html\/rfc5746.","DOI":"10.17487\/rfc5746"},{"key":"e_1_2_1_98_1","unstructured":"Ivan Ristic. 2009. SSL and TLS Authentication Gap Vulnerability Discovered. Retrieved from https:\/\/community.qualys.com\/blogs\/securitylabs\/2009\/11\/05\/ssl-and-tls-authentication-gap-vulnerability-discovered. Ivan Ristic. 2009. SSL and TLS Authentication Gap Vulnerability Discovered. Retrieved from https:\/\/community.qualys.com\/blogs\/securitylabs\/2009\/11\/05\/ssl-and-tls-authentication-gap-vulnerability-discovered."},{"key":"e_1_2_1_99_1","volume-title":"Not a Fix.","author":"Ristic Ivan","year":"2010"},{"key":"e_1_2_1_100_1","volume-title":"CRIME: Information Leakage Attack against SSL\/TLS.","author":"Ristic Ivan","year":"2012"},{"key":"e_1_2_1_101_1","unstructured":"Ivan Ristic. 2013. Is BEAST Still a Threat? Retrieved from https:\/\/community.qualys.com\/blogs\/securitylabs\/2013\/09\/10\/is-beast-still-a-threat. Ivan Ristic. 2013. Is BEAST Still a Threat? Retrieved from https:\/\/community.qualys.com\/blogs\/securitylabs\/2013\/09\/10\/is-beast-still-a-threat."},{"key":"e_1_2_1_102_1","unstructured":"David Ross Tobias Gondrom and Thames Stanley. 2015. RFC 7034\u2014HTTP Header Field X-Frame-Options. Retrieved from https:\/\/tools.ietf.org\/html\/rfc7034. David Ross Tobias Gondrom and Thames Stanley. 2015. RFC 7034\u2014HTTP Header Field X-Frame-Options. Retrieved from https:\/\/tools.ietf.org\/html\/rfc7034."},{"key":"e_1_2_1_103_1","unstructured":"Ariel Sanchez. 2014. Personal banking apps leak info through phone. (2014). http:\/\/blog.ioactive.com\/2014\/01\/personal-banking-apps-leak-info-through.html. Ariel Sanchez. 2014. Personal banking apps leak info through phone. (2014). http:\/\/blog.ioactive.com\/2014\/01\/personal-banking-apps-leak-info-through.html."},{"key":"e_1_2_1_104_1","unstructured":"Mark Scott. 2014. Preparing for Chip-and-PIN Cards in the United States. Retrieved from http:\/\/bits.blogs.nytimes.com\/2014\/12\/02\/preparing-for-chip-and-pin-cards-in-the-united-states\/. Mark Scott. 2014. Preparing for Chip-and-PIN Cards in the United States. Retrieved from http:\/\/bits.blogs.nytimes.com\/2014\/12\/02\/preparing-for-chip-and-pin-cards-in-the-united-states\/."},{"key":"e_1_2_1_105_1","unstructured":"Remco Tomesen. 2006a. Grote merken willen beter mobiel internet. Retrieved from http:\/\/www.emerce.nl\/nieuws\/grote-merken-willen-beter-mobiel-internet. Remco Tomesen. 2006a. Grote merken willen beter mobiel internet. Retrieved from http:\/\/www.emerce.nl\/nieuws\/grote-merken-willen-beter-mobiel-internet."},{"key":"e_1_2_1_106_1","unstructured":"Remco Tomesen. 2006b. Rabobank ontevreden over gebruik mobiel bankieren. Retrieved from http:\/\/www.emerce.nl\/nieuws\/rabobank-ontevreden-over-gebruik-mobiel-bankieren. Remco Tomesen. 2006b. Rabobank ontevreden over gebruik mobiel bankieren. Retrieved from http:\/\/www.emerce.nl\/nieuws\/rabobank-ontevreden-over-gebruik-mobiel-bankieren."},{"key":"e_1_2_1_107_1","doi-asserted-by":"crossref","unstructured":"Sean Turner and Tim Polk. 2011. RFC 6176\u2014Prohibiting Secure Sockets Layer (SSL) Version 2.0. Retrieved from http:\/\/tools.ietf.org\/html\/rfc6176. Sean Turner and Tim Polk. 2011. RFC 6176\u2014Prohibiting Secure Sockets Layer (SSL) Version 2.0. Retrieved from http:\/\/tools.ietf.org\/html\/rfc6176.","DOI":"10.17487\/rfc6176"},{"key":"e_1_2_1_108_1","unstructured":"Monique van den Heuvel. 2001. Het mobieltje van Postbank. Retrieved from http:\/\/www.mt.nl\/1\/1727\/home\/het-mobieltje-van-postbank.html. Monique van den Heuvel. 2001. Het mobieltje van Postbank. Retrieved from http:\/\/www.mt.nl\/1\/1727\/home\/het-mobieltje-van-postbank.html."},{"key":"e_1_2_1_109_1","unstructured":"W3C. 2015. Content Security Policy Level 2. Retrieved from https:\/\/www.w3.org\/TR\/CSP2\/. W3C. 2015. Content Security Policy Level 2. Retrieved from https:\/\/www.w3.org\/TR\/CSP2\/."},{"key":"e_1_2_1_110_1","unstructured":"Western Union. 2012. History of Western Union. Retrieved from https:\/\/www.westernunionbank.com\/en\/history\/. Western Union. 2012. History of Western Union. Retrieved from https:\/\/www.westernunionbank.com\/en\/history\/."},{"key":"e_1_2_1_111_1","unstructured":"Colin Wilhelm. 2014. Mobile Banking Deployment Widespread. Next Challenge: Adoption. Retrieved from http:\/\/www.americanbanker.com\/issues\/179_209\/1070929-1.html. Colin Wilhelm. 2014. Mobile Banking Deployment Widespread. Next Challenge: Adoption. Retrieved from http:\/\/www.americanbanker.com\/issues\/179_209\/1070929-1.html."},{"key":"e_1_2_1_112_1","unstructured":"Wireless Application Protocol Forum. 2001. Wireless Transport Layer Security - Version 06-Apr-2001. (2001). http:\/\/technical.openmobilealliance.org\/tech\/affiliates\/wap\/wap-261-wtls-20010406-a.pdf. Wireless Application Protocol Forum. 2001. Wireless Transport Layer Security - Version 06-Apr-2001. (2001). http:\/\/technical.openmobilealliance.org\/tech\/affiliates\/wap\/wap-261-wtls-20010406-a.pdf."},{"key":"e_1_2_1_113_1","unstructured":"World Bank Open Data. 2016. Data Related to China. Retrieved from http:\/\/data.worldbank.org\/country\/china. World Bank Open Data. 2016. Data Related to China. Retrieved from http:\/\/data.worldbank.org\/country\/china."}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3002170","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3002170","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:49:54Z","timestamp":1750218594000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3002170"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,12,5]]},"references-count":113,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2017,12,31]]}},"alternative-id":["10.1145\/3002170"],"URL":"https:\/\/doi.org\/10.1145\/3002170","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,12,5]]},"assertion":[{"value":"2015-07-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2016-09-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2016-12-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}