The Ghosts of Banking Past

Similar documents
GMS. Cleansing the Database

NETIM GENERAL TERMS AND CONDITIONS OF USE FOR THE RESELLER SERVICE

WebSitePulse Affiliate Program. Terms and Conditions

NETIM GENERAL TERMS AND CONDITIONS OF USE FOR THE RESELLER SERVICE

Resolving Loan-Level Edits. Quick Reference Guide. July 2017

ORDERED MULTINOMIAL LOGISTIC REGRESSION ANALYSIS. Pooja Shivraj Southern Methodist University

TWITTER Q EARNINGS REPORT

Maximum Likelihood Estimation Richard Williams, University of Notre Dame, Last revised January 13, 2018

Payment Center Quick Start Guide

Contacting Customer Support for Upgrades and Decodes For additional information about this release, upgrades, or to request decodes, contact:

DIGITAL MARKETING IS AN UMBRELLA TERM FOR THE MARKETING OF PRODUCT OR SERVICES USING DIGITAL TECHNOLOGIES, MAINLY ON THE INETRENET, BUT ALSO

One statement we continually hear after talking to new members is, I didn t think that y all did that!

Multiple Regression and Logistic Regression II. Dajiang 525 Apr

TWITTER Q EARNINGS REPORT

Maximum Likelihood Estimation Richard Williams, University of Notre Dame, Last revised January 10, 2017

New Jersey Department of Children and Families Policy Manual. Manual: DCF DCF Wide Effective Volume: III Administrative Policies

Loan Estimates. with the following requirements: Estimate SMF SMF SMF

Cyber-Insurance: Fraud, Waste or Abuse?

Master Service Agreement

No purchase necessary to enter or win. Product purchase will not enhance chances of winning a prize.

IBM Agreement for Services Excluding Maintenance

HomePath Online Offers Guide for Public Entity and Non-Profit Buyers

Categorical Outcomes. Statistical Modelling in Stata: Categorical Outcomes. R by C Table: Example. Nominal Outcomes. Mark Lunt.

KYC Automation: Scale, Speed, Standardize Merchant Underwriting

WePay Chargeback Overview

IMPLEMENTED 11/1/2000

CoreLogic Credco Credit Reports [F.A.Q. Reverse Vision]

Articles. Zurich Financial Services Ltd

Instructions for submitting a Loan to 5 th Street Capital

Order No. 59-N, of 3 June 1994

IC Chapter 8. Professional Fundraiser Consultant and Solicitor Registration

BYUH Vehicle Towing Policy

Encompass Compliance Corp 3 nd Quarter Financial Statement Period Ending Sept 30, 2016

Articles Zurich Insurance Group Ltd

Main changes to the EU Vertical Block Exemption Francesca R. Turitto

Consolidated Financial Statements and Notes

Association of American Railroads ADMINISTRATIVE STANDARDS SUPPLEMENT S-010, S-046, S-050, S-051, S-060

DESIGN AND CONSTRUCTION RESPONSIBILITY AND REIMBURSEMENT AGREEMENT BETWEEN THE CITY OF PLACERVILLE AND THE El DORADO IRRIGATION DISTRICT

Did Banking Reforms of the Early 1990s Fail? Lessons from Comparing Two Banking Crises

Protecting Against the High Cost of Cyberfraud

Allison notes there are two conditions for using fixed effects methods.

Payment Center Quick Start Guide

STUDENT ASSISTANCE FOUNDATION OF MONTANA AND AFFILIATES CONSOLIDATED FINANCIAL REPORT

HomePath Online Offers Guide for Selling Agents

Introduction to POL 217

Optimal filter and Cost-Benefit Analysis. Outline. Information security risk management. Risk management terminology overview. Notes. Notes.

Early Closure means closure of Bursa Securities or such relevant Securities Exchange prior to its scheduled closing time; or

EMPLOYEE WELFARE FUND ACT Act No. 4391, Aug. 10, 1991

France Takeover Guide

C H A M B E R O F C O M M E R C E O F T H E U N I T E D S T A T E S O F A M E R I C A

Quantitative Techniques Term 2

Mathematics of Finance Final Preparation December 19. To be thoroughly prepared for the final exam, you should

1) Please EXPLAIN below your error in problem #1. What will you do to correct this error in the future?

AiM User Guide Capital Planning and Project Management (CPPM) System

2400: Contracts - General

Section / Nature of Change

INTEREXCHANGE TELECOMMUNICATIONS SERVICES TARIFF

PRINCE2-PRINCE2-Foundation.150q

Going Green What Every College or University President Needs to Know about Renewable Energy Renewable Energy on Campus

TWITTER Q EARNINGS REPORT

For Immediate Release

Terms and Conditions

Terms and conditions. For mobile customers Mobile Ts&Cs_AW.indd 1 21/09/ :50

Bessembinder / Zhang (2013): Firm characteristics and long-run stock returns after corporate events. Discussion by Henrik Moser April 24, 2015

HomePath Online Offers Guide for Listing Agents

SECTION G. RATES AND SERVICE FEES

Strategic Challenge at Northeast Utilities

THIS DOCUMENT IS IMPORTANT AND REQUIRES YOUR IMMEDIATE ATTENTION. IF IN DOUBT PLEASE SEEK PROFESSIONAL ADVICE.

UL Environment, Inc. / GREENGUARD ENVIRONMENTAL INSTITUTE BIFMA level CERTIFICATION TERMS AND CONDITIONS

Getting started on day one. The essentials

2018 Survey Results. SPEE 2018 Petroleum Evaluation Software Symposium. For questions, please contact Dilhan Ilk

Procurement Card Procedures

July 17, Mr. Brent J. Fields Secretary U.S. Securities and Exchange Commission 100 F Street, NE Washington, DC 20549

HPV Health Purchasing Policy 1. Procurement Governance

Terms of Use and Services Subscription Agreement - Member

Case study. Malware mayhem. A targeted ransomware attack on a technology provider opens up a can of worms

The Industrial Organization of Banking

FINANZIA, BANCO DE CREDITO, S.A. BY-LAWS INCORPORATION, NAME, REGISTERED OFFICES, CORPORATE PURPOSE AND DURATION OF INCORPORATION

f x f x f x f x x 5 3 y-intercept: y-intercept: y-intercept: y-intercept: y-intercept of a linear function written in function notation

Independent Auditors Report

Financial Statements. December 31, 2015 and With Independent Auditors' Report

SUMMER 2017 CONFERENCE HOUSING EVENT CONTRACT TERMS AND CONDITIONS

FREQUENTLY ASKED QUESTIONS

XXImo Program Card Conditions

Staff Report. City Council Sitting as the Local Reuse Authority

HP Support Service Agreement Terms & Conditions (General)

User Manual How to Submit an Online Research Proposal to National Department of Health. User Manual How to Submit an Online Research Proposal

[Translation] Notice Regarding the Issuance of Stock Compensation-Type Stock Options

Engines. for decades. Invitation to the Annual General Meeting of MTU Aero Engines AG

Braindumps.PRINCE2-Foundation.150.QA

THE HONOR FOUNDATION. I. Index 1. II. Independent Auditor's Report 2-3. III. Statement of Financial Position 4

Let s get started. Switch to First Southern. Switch to First Southern

News Bulletin October 17, Troubled Assets Relief Program Overview

Estimating Heterogeneous Choice Models with Stata

APPENDIX 4C Q3FY14 QUARTERLY CASH FLOW STATEMENT

Policy Number: 040 Risk Management August 2018

BOYS AND GIRLS CLUBS JUNE 30, 2016 INDEPENDENT AUDITORS REPORT FINANCIAL STATEMENTS OF THE PENINSULA AND

City of Lawrence, Kansas. Purchasing Card Guidelines

WINNING. VOID WHERE PROHIBITED. ALL FEDERAL, STATE, AND LOCAL REGULATIONS APPLY.

The data definition file provided by the authors is reproduced below: Obs: 1500 home sales in Stockton, CA from Oct 1, 1996 to Nov 30, 1998

Transcription:

of Closed Bank Websites 1 Richard Clayton 2 1 Computer Science and Engineering Department, Southern Methodist University, Dallas, TX, USA tylerm@smu.edu 2 Computer Laboratory, University of Cambridge, UK richard.clayton@cl.cam.ac.uk Financial Cryptography and Data Security Barbados March 3, 2014

Motivation Data Collection and Analysis Methodology The US has thousands of banks, and each year hundreds close through collapse or by acquisition While the FDIC has established an orderly process for winding down many bank assets after closure, the websites are often forgotten Customers may still try to visit websites after banks have closed, which could lead to confusion We set out to measure how prevalent ghost banking domains are in practice

Outline Data Collection and Analysis Methodology 1 Data Collection and Analysis Methodology FDIC Data Collection Methodology for Identifying Domain Usage 2 3

Outline Data Collection and Analysis Methodology FDIC Data Collection Methodology for Identifying Domain Usage 1 Data Collection and Analysis Methodology FDIC Data Collection Methodology for Identifying Domain Usage 2 3

FDIC data collection FDIC Data Collection Methodology for Identifying Domain Usage The FDIC provides an online database of all institutions it has supervised, including those which no longer exist due to merger or collapse We focused on 3 181 banks merged or closed between 1 July 2003 and 6 June 2013 We obtained 2 302 URLs matching 2 393 banks For each URL, we fetched WHOIS details and a screenshot of the rendered website

Categorizing bank domain usage FDIC Data Collection Methodology for Identifying Domain Usage We manually inspected each of the screenshots and grouped them into one of the following categories 1 Operable bank-held website (old bank, redirect, or interstitial) 2 Domain parking pages with syndicated advertisements 3 Websites used to distribute malware 4 Other forms of reuse (e.g., blog spam, black-hat SEO) 5 Inoperable websites (e.g., blank pages, misconfigured websites) 6 Inactive domains (unregistered, or not resolving)

FDIC Data Collection Methodology for Identifying Domain Usage Identifying whether a bank still controls a domain We used the following heuristics to confirm that a bank controls a domain 1 Any website whose screenshot is categorized as a bank and the domain has been continuously registered since before the bank closed 2 Any website that redirects to a currently open bank website URL that appears in the FDIC list 3 Any domain with WHOIS information indicating ownership by a bank

Outline Data Collection and Analysis Methodology 1 Data Collection and Analysis Methodology FDIC Data Collection Methodology for Identifying Domain Usage 2 3

How closed banks are used Operable (bank held) Inoperable (bank held) Inoperable (non bank) Parking ads Other reuse Malware Unregistered Bank held Not bank held 0 5 10 15 20 25 30 % of all closed bank websites

Fraction of closed banks whose domains are still owned by a bank, by year of bank closure % of websites held by banks 0 20 40 60 80 100 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 Year of bank closure

Lifecycle of domain reuse Operable (bank held) Inoperable (bank held) Inoperable (non bank) Parking ads Other reuse Malware Unregistered 0 2 4 6 8 10 Years since bank closed

What factors affect the chances a bank domain will be abandoned? 1 Bank size Hypothesis: Smaller banks more likely to be abandoned than larger banks Indicator: log(deposits) 2 Troubled circumstances at closure Hypothesis: Troubled banks more likely to be abandoned Indicator: Boolean variable set to True if the bank collapsed or was merged with FDIC assistance 3 Time since closure Hypothesis: The longer time since a bank has closed, the more likely the domain is to be abandoned Indicator: Years since the bank has closed

Logistic regression 1: Factors affecting abandonment log p abandoned 1 p abandoned = c 0 +c 1 log (Deposits) + c 2 Troubled + c 3 Years closed + Regression 1 Response variable: Abandoned coef. Odds Ratio 95% conf. int. Significance (Intercept) 0.58 1.79 (0.90,3.63) - log(deposits) -0.17 0.84 (0.80,0.89) p 0.0001 Troubled 0.87 2.38 (1.90,2.98) p 0.0001 Years closed 0.29 1.33 (1.29,1.39) p 0.0001 Model fit: χ 2 = 322.8, p 0.0001

The resurrection of abandoned bank domains 535 bank domains have been allowed to expire at some time after the bank closed 326 of these have subsequently been resurrected, that is, reregistered and a new creation date has been recorded in the WHOIS We next examine why some domains are resurrected while others aren t

What factors affect the chances an abandoned bank domain will be re-registered? 1 Bank size Hypothesis: Larger banks more likely to be re-registered Indicator: log(deposits) 2 Troubled circumstances at closure Indicator: Boolean variable set to True if the bank collapsed or was merged with FDIC assistance 3 Time since closure Hypothesis: The longer time since a bank has closed, the less likely the domain is to be re-registered Indicator: Years since the bank has closed

Logistic regression 2: Factors affecting re-registration log p registered 1 p registered = c 0 +c 1 log (Deposits) + c 2 Troubled + c 3 Years closed + Regression 2 Response variable: Registered coef. Odds Ratio 95% conf. int. Significance (Intercept) -0.84 0.43 (0.13,1.38) - log(deposits) 0.33 1.39 (1.27,1.53) p 0.0001 Troubled 0.73 2.08 (1.18,3.86) p = 0.0151 Years closed 0.24 0.79 (0.73,0.85) p 0.0001 Model fit: χ 2 = 120.7, p 0.0001

Identifying at-risk bank websites We consider a bank-controlled website to be at-risk if, according to the WHOIS record, the domain has not been updated since before the bank closed but has yet to expire In this circumstance, the bank has not yet had to make a decision whether or not to renew the domain (if they even know there s a decision to be made!) 157 of 1 127 bank-controlled websites are at-risk of falling out of bank control

At-risk banks by year of domain expiration 40 Year of expiration 30 20 10 0 2013 2014 2015 2016 2017 2018 2019 # at risk bank domains 2020 2021 2022 2023

Outline Data Collection and Analysis Methodology 1 Data Collection and Analysis Methodology FDIC Data Collection Methodology for Identifying Domain Usage 2 3

What is the harm imposed by ghost domains in general? Ghost domains are a problem not only for banks At one end, businesses regularly close and domainers are often quick to buy their associated domain names to exploit residual traffic or resell Cybercrime domains (e.g., botnet C&C) are registered to do harm, so their permanent removal seems desirable Banks fall somewhere between, since trust in banking is so crucial to the sector s fiscal health We now review a range of mechanisms to reassert control over domains where restrictions over re-registration can be justified

Mechanisms to protect ghost domains 1 Permanent cancellation + Avoids any possible harm - Overkill; impractical (and often unwise) to enforce permanence 2 Prepaid escrow: certain classes of domains (e.g., banks) must prepay registration fees for many years in the future + Avoids all harm - Only practical in highly-regulated industries 3 Trusted repository: neutral body holds domains in trust and decides when and if to reopen a domain to registration - Selecting criteria to release is difficult - Funding could be problematic 4 Warning lock: automatic tracking of high-value domains with notification before expiry and volunteers choose whether to defensively register - Selecting criteria to release is difficult - Impact likely extremely patchy

Mechanisms to protect ghost domains 1 Permanent cancellation + Avoids any possible harm - Overkill; impractical (and often unwise) to enforce permanence 2 Prepaid escrow: certain classes of domains (e.g., banks) must prepay registration fees for many years in the future + Avoids all harm - Only practical in highly-regulated industries 3 Trusted repository: neutral body holds domains in trust and decides when and if to reopen a domain to registration - Selecting criteria to release is difficult - Funding could be problematic 4 Warning lock: automatic tracking of high-value domains with notification before expiry and volunteers choose whether to defensively register - Selecting criteria to release is difficult - Impact likely extremely patchy

Mechanisms to protect ghost domains 1 Permanent cancellation + Avoids any possible harm - Overkill; impractical (and often unwise) to enforce permanence 2 Prepaid escrow: certain classes of domains (e.g., banks) must prepay registration fees for many years in the future + Avoids all harm - Only practical in highly-regulated industries 3 Trusted repository: neutral body holds domains in trust and decides when and if to reopen a domain to registration - Selecting criteria to release is difficult - Funding could be problematic 4 Warning lock: automatic tracking of high-value domains with notification before expiry and volunteers choose whether to defensively register - Selecting criteria to release is difficult - Impact likely extremely patchy

Mechanisms to protect ghost domains 1 Permanent cancellation + Avoids any possible harm - Overkill; impractical (and often unwise) to enforce permanence 2 Prepaid escrow: certain classes of domains (e.g., banks) must prepay registration fees for many years in the future + Avoids all harm - Only practical in highly-regulated industries 3 Trusted repository: neutral body holds domains in trust and decides when and if to reopen a domain to registration - Selecting criteria to release is difficult - Funding could be problematic 4 Warning lock: automatic tracking of high-value domains with notification before expiry and volunteers choose whether to defensively register - Selecting criteria to release is difficult - Impact likely extremely patchy

Conclusions Data Collection and Analysis Methodology When banks close, their domains are often forgotten: 53% of domains for US banks closed in the past decade are no longer controlled by banks This can create confusion for consumers and opportunities for cybercriminals Regression analysis has shown that smaller or troubled banks are more likely to abandon domains, while larger and more recently closed banks are more likely to be re-registered We recommend that bank regulators help coordinate the defensive registration of at-risk domains For more: http://lyle.smu.edu/~tylerm/

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback