Page 456

from bank to bank—all without the trade of tangible property. As evidenced recently by the economic crisis in Mexico, the rapid transfer of investments has the ability to make or break an economy, much as the weather affected economies during the agricultural era. Network-enabled communications speed back-office (check and accounts) processing, as well as mortgage and loan application processing, and indeed interlink financial services, banking, and investment systems worldwide. Wholly new securities (e.g., derivatives and indexes) and services are created by the effective use of information communicated in a prompt and timely fashion.

Banks and financial service institutions have had a long history of being a target of nefarious elements in society and thus traditionally have been willing to spend money on security measures (e.g., safes). This history, coupled with their dependence on information technology and their capability for networked communication among themselves, has led to a relatively high degree of concern within the banking and financial services sector for information security. Given the importance of U.S. banks in the world economy, large U.S. banks with multinational connections have needs for security that are quite stringent.

In the matter of managing electronic transfers of financial transaction information, banks are much more concerned with authentication than with data confidentiality, although concerns about the latter are growing as the result of regulation and increasingly common business practices. The reason is that false authentication may lead to an unrecoverable loss of financial assets, an event regarded as more disastrous than the loss of privacy. Nonetheless, confidentiality is important as well,2 not so much because personal financial transactions need to be kept private (they do, but the ramifications of divulging one person's transactions are generally limited to that person), but because an adversary's understanding of the data flows within the banking system can itself lead to security breakdowns. (For example, with access to confidential information, an adversary may learn how to bypass certain access controls.)

Banking is extensively international today and will become more so in the future. Moreover, it has moved relatively quickly to bring customers (both individual and institutional) on line in an attempt to reduce costs. (For example, some banks with South American customers call the United States and are answered in Spanish or Portuguese from processing and customer service centers in Europe.) For these reasons, the banking industry may represent the leading edge of information security needs

2 Note that banks, as part of a highly regulated industry, are relatively less concerned about government monitoring of their financial transactions, since governments usually have extensive authority to monitor any aspect of bank transactions in any event.

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement