Blacklist contains entities which are penalized due to unethical or illegal activities. In finance, a blacklist consists of a list of persons or organizations that are punished for allegedly violating laid down business ethics. Generally maintained by entities, blacklist can be made public or secret depending on the involved parties and the nature of the crime.
Blacklists do not apply to credit loans as many people believe. Rather loans are given out on a basis of credit score as no firm has the right to deny an individual access to a credit loan if he meets the requirements.
A Little More on What is Blacklist
Being blacklisted is has bad consequences ranging from loss of reputation, inability to get new clients, and declining relationship with existing clients. Also, financial hardship might also occur since only a little amount of persons will be willing to do business with you.
We earlier stated that blacklists can be public or secret depending on the situation and the crime. An example of a blacklist which is popularly kept from the public is the US Department of Homeland Security’s “No-Fly List” which provides a list of persons who are not allowed entry into the United States or are denied exits from the United States via commercial airlines. The Financial Action Task Force (FATF) is an example of a public blacklist which lists the countries that are believed to be uncooperative in the movement against money laundering and financing of terrorists.
Reference for “Blacklist”
Academics research on “Blacklist”
A framework for financial botnet analysis, Riccardi, M., Oro, D., Luna, J., Cremonini, M., & Vilanova, M. (2010, October). A framework for financial botnet analysis. In 2010 eCrime Researchers Summit (pp. 1-7). IEEE. Financial botnets, those specifically aimed at carrying out financial fraud, represent a well-known threat for banking institutions all around the globe. Unfortunately, these malicious networks are responsible for huge economic losses or for conducting money laundering operations. Contrary to DDoS and spam malware, the stealthy nature of financial botnets requires new techniques and novel research in order to detect, analyze and even to take them down. This paper presents a work-in-progress research aimed at creating a system able to mitigate the financial botnet problem. The proposed system is based on a novel architecture that has been validated by one of the biggest savings banks in Spain. Based on previous experiences with two of the proposed architecture building blocks -the Dorothy framework and a blacklist-based IP reputation system-, we show that it is feasible to map financial botnet networks and to provide a non-deterministic score to its associated zombies. The proposed architecture also promotes intelligence information sharing with involved parties such as law enforcement authorities, ISPs and financial institutions. Our belief is that these functionalities will prove very useful to fight financial cybercrime.
An empirical analysis of phishing blacklists, Sheng, S., Wardman, B., Warner, G., Cranor, L., Hong, J., & Zhang, C. (2009). An empirical analysis of phishing blacklists. In this paper, we study the effectiveness of phishing blacklists. We used 191 fresh phish that were less than 30 minutes old to conduct two tests on eight anti-phishing toolbars. We found that 63% of the phishing campaigns in our dataset lasted less than two hours. Blacklists were ineffective when protecting users initially, as most of them caught less than 20% of phish at hour zero. We also found that blacklists were updated at different speeds, and varied in coverage, as 47% – 83% of phish appeared on blacklists 12 hours from the initial test. We found that two tools using heuristics to complement blacklists caught significantly more phish initially than those using only blacklists. However, it took a long time for phish detected by heuristics to appear on blacklists. Finally, we tested the toolbars on a set of 15,345 legitimate URLs for false positives, and did not find any instance of mislabeling for either blacklists or heuristics. We present these findings and discuss ways in which anti-phishing tools can be improved.
Click trajectories: End-to-end analysis of the spam value chain, Levchenko, K., Pitsillidis, A., Chachra, N., Enright, B., Félegyházi, M., Grier, C., … & McCoy, D. (2011, May). Click trajectories: End-to-end analysis of the spam value chain. In 2011 ieee symposium on security and privacy (pp. 431-446). IEEE. Spam-based advertising is a business. While it has engendered both widespread antipathy and a multi-billion dollar anti-spam industry, it continues to exist because it fuels a profitable enterprise. We lack, however, a solid understanding of this enterprise’s full structure, and thus most anti-Spam interventions focus on only one facet of the overall spam value chain (e.g., spam filtering, URL blacklisting, site takedown).In this paper we present a holistic analysis that quantifies the full set of resources employed to monetize spam email — including naming, hosting, payment and fulfillment — using extensive measurements of three months of diverse spam data, broad crawling of naming and hosting infrastructures, and over 100 purchases from spam-advertised sites. We relate these resources to the organizations who administer them and then use this data to characterize the relative prospects for defensive interventions at each link in the spam value chain. In particular, we provide the first strong evidence of payment bottlenecks in the spam value chain, 95% of spam-advertised pharmaceutical, replica and software products are monetized using merchant services from just a handful of banks.
Financial websites oriented heuristic anti-phishing research, Liu, Y., & Zhang, M. (2012, October). Financial websites oriented heuristic anti-phishing research. In 2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems (Vol. 2, pp. 614-618). IEEE. With the rapid development of Internet technology, phishing techniques are increasingly diversified and the Concealment is growing, so to prevent phishing technology is still urgent and important. In this paper, a heuristic anti-phishing technology against this increasingly prominent security issues is proposed. It will perform six checks in two rounds based on the key elements of the page, including domain name URL, the password field, pictures, links, etc. The effect is obvious, especially for the financial website which has special picture element and teeming-information form.
Fraud and financial crime detection model using malware forensics, Kim, A. C., Kim, S., Park, W. H., & Lee, D. H. (2014). Fraud and financial crime detection model using malware forensics. Multimedia tools and applications, 68(2), 479-496. Recently various electronic financial services are provided by development of electronic devices and communication technology. By diversified electronic financial services and channels, users of none face-to-face electronic financial transaction services continuously increase. At the same time, under financial security environment, leakage threats of inside information and security threats against financial transaction users steadily increase. Accordingly, in this paper, based on framework standards of financial transaction detection and response, digital forensics techniques that has been used to analyze system intrusion incidents traditionally is used to detect anomaly transactions that may occur in the user terminal environment during electronic financial transactions. Particularly, for the method to analyze user terminals, automated malware forensics techniques that is used as supporting tool for malware code detection and analysis is used, and for the method to detect anomaly prior behaviors and transaction patterns of users, moving average based on the statistical basis is applied. In addition, the risk point calculation model is proposed by scoring anomaly transaction cases in the detection step by items. This model logs calculated risk point results as well as maintains incident accountability, which can be utilized as basic data for establishing security incident response and security policies.