Professional Documents
Culture Documents
Final Project
(Thesis)
Online Banking & Role of I.T. in
Online Banking
“Online banking is the practice of making bank transactions or paying bills
via the Internet. It aims to provide bank customers online access to their
bank accounts”.
(Project Documentation)
Session 2007-2009
Submitted To
Sir Mateen
Submitted By
Abdul Mannan MIT (9102)
M Waqas Nawaz Gillani MIT (8202)
Project:
Online Banking
And
ACKNOWLEDGEMENT
First of all I am very great full to Almighty ALLAH, the most
Beneficent, and the most Merciful, who gives me the talent to complete
this task successfully. I am also grateful to Allah also for goodness to the
right path, and also for that make me courage to fulfilment for project.
I have chosen this topic (Online Banking System) for the
Thesis/Project individually. My Thesis/Project supervisor Abdul
Mateen is very kind person and corporative always. He has to
encourage his students dramatically to work hard. He has made available
his support in a number of ways so that we have to complete this task.
He helped us in proposal writing and gave us a lot helping material and
suggestion. His specific comments, corrections, evaluate and praise was
the most.
I owe my deepest gratitude to Sir Shahzad Jamil who is
program manager of evening session. He is always available to help
student of any kind.
I am very grateful to very grateful to my parents whose prayers
and for their support. Also at this occasion we can’t forget our parents
for their guidance at the crucial moments of our life.
I would like to show my gratitude to my elder brother Syed
Jawad Nawaz who’s the senior network administrator of PUCIT. This
thesis would not have been possible unless his corporation. And also my
group fellow makes also effort to complete this task.
Lastly, I offer my regards and blessings to all of those who
supported me in any respect during the completion of the project.
Especially the Chief Manager Mr. Rohail MCB EFU Branch Lahore,
Pakistan.
Index
1. Abstract
2. Introduction
a. What is Online Banking?
b. Definition of Online Banking
c. Online Transaction Processing
d. History
e. Origin of Online Banking
f. Features
i. No Fee
ii. Good Web Tool
iii. Fund Transfers
iv. Account Aggregation
v. E-Mail Alerts and Reminder
vi. Budgeting
3. Types of Online Banking
a. Informal
b. Communicative
c. Transactional
4. How to Open an Online Banking account
a. Instructions
5. Top 10 Online Banks
6. We can Use Online Banking through
a. Automated Teller Machine
i. Security
1. Physical
2. Transactional Secrecy and Integrity
3. Customer Identity Integrity
4. Customer Security
v. Transaction steps
1. Authorization
2. Batching
4. Funding
5. Charge Backs
ix. Frauds
c. Debit Cards
i. What’s a Debit Card?
ii. How Does a Debit Card Work?
iii. Making a travel Budget with a Debit Card.
iv. How to get a Debit Card?
v. What happens if there is not enough money in your
account?
vi. Using a Debit Card over Phone
vii. Benefits of Debit Card
d. Mobile
i. Mobile Banking
ii. Trends in Mobile banking
iii. Mobile Banking Business model
Abstract
Introduction
History:
The concept of online banking as we know it today dates back to the early
1980s, when it was first envisioned and experimented with. However, it was only in
1995 (on October 6, to be exact) that Presidential Savings Bank first announced the
facility for regular client use. The idea was quickly snapped up by other banks like Wells
Fargo, Chase Manhattan and Security First Network Bank. Today, quite a few banks
operate solely via the Internet and have no ‘four-walls’ entity at all.
In the beginning, its inventors had predicted that it would be only a matter of
time before online banking completely replaced the conventional kind. Facts now prove
that this was an overoptimistic assessment - many customers still harbor an inherent
distrust in the process. Others have opted not to use many of the offered facilities
because of bitter experience with online frauds, and inability to use online banking
services.
Banks view online banking as a powerful "value added” tool to attract and
retain new customers while helping to eliminate costly paper handling and teller
interactions in an increasingly competitive banking environment.
Features:
Online banking is evolving rapidly. To make sure you get a top performer,
look for the following features:
No fees:
About 80% of online bill-pay accounts in the U.S. are free, according to
Online Banking Report's Bruene, and "about half" of those are customers of Bank of
America. Many banks offer free bill pay only in limited cases. Wells Fargo, for example,
charges $7 per month if your average monthly account balance falls below $5,000. And
after three months of inactivity, NetBank levies a $5 monthly fee on accounts of less
than $3,000. EverBank charges $5 per month if your monthly balance is less than
$1,500. First Internet Bank customers with free checking pay $4.95 a month for online
bill pay, but customers with interest checking accounts (who pay $10 a month) get it
free, as long as their balance stays above $500.
Online banking should be simple and quick. A bank's site should be a snap
to learn and easy to navigate, and should provide essential features, such as images of
your cashed checks and tools for budgeting. Bank sites have come a long way in recent
years, and you don't have to pick a big bank to get a good online experience. The best
sites also provide recent transaction reports (including payments, transfers and
deposits), and warn you of potential security threats, such as e-mails from phishers.
A good bank site provides scanned images -- both the front and back sides -- of your
canceled checks. Most major banks offer this service, including every bank on the top-
10 list.
Why are check images important? Let's say you forget to record check #1454 in your
register. You go to your bank's site and read your account summary, which lists only the
check number and the amount. Who's the payee? To find out, view the check's image.
And a good site also archives several months' worth of account statements and check
images. Archives vary considerably. For instance, Bank of America archives 18 months
of statements but only 60 business days (about three months) of check images. Ever
Bank, on the other hand, provides 15 months of statements and 13 months of images.
Fund transfers:
Account aggregation:
This is the ability to manage multiple accounts, including those from other
banks, at your bank's Web site. Of the top 10 online banks, only Citibank and Wells
Fargo have this feature.
Budgeting:
Currently, the following three basic kinds of Internet banking are being employed in the
marketplace:
Informational:
This is the basic level of Internet banking. Typically, the bank has
marketing information about the bank’s products and services on a stand-alone server.
The risk is relatively low, as informational systems typically have no path between the
server and the bank’s internal network. This level of Internet banking can be provided by
the bank or outsourced. While the risk to a bank is relatively low, the server or Web site
may be vulnerable to alteration. Appropriate controls therefore must be in place to
prevent unauthorized alterations to the bank’s server or Web site.
Communicative:
Transactional:
Instructions:
1. Step 1
Decide where you want to open an online bank accounts. If you already
have a bank account and simply want to access it online, this is an easy
decision. If not, look for banks that have low fees for the type of banking that you
plan to do. For example, some banks will waive the fees if you maintain a certain
balance.
2. Step 2
Visit the bank's website. Click on the link to open on online banking
account.
3. Step 3
Click the type of account you want. You'll be able to choose between the
different accounts that the bank offers. If you already have an account, you can
skip this step.
4. Step 4
Fill out your personal details. This will include identifying information, such
as your social security number. If you are opening an online account through
your regular bank, they may ask for your account numbers. You will need to
create a password in order to access your account. Banking sites have security
measures in place to ensure that your data is safe.
5. Step 5
Wait for approval. You should receive an approval notice within a few
minutes. However, you may also have to print, sign and mail a document into the
bank before they will officially approve your account.
6. Step 6
Deposit money into your account. You'll likely need to make a money
transfer to yourself in order to get the money into your account.
Using an ATM, customers can access their bank accounts in order to make cash
withdrawals (or credit card cash advances) and check their account balances as well as
purchase cell phone prepaid credit. If the currency being withdrawn from the ATM is
different from that which the bank account is denominated in (eg: Withdrawing
Japanese Yen from a bank account containing US Dollars), the money will be converted
at a wholesale exchange rate. Thus, ATMs often provide the best possible exchange
rate for foreign travelers [1] and are heavily used for this purpose as well.
Physical:
Another attack method, plofkraak, is to seal all openings of the ATM with
silicone and fill the vault with a combustible gas or to place an explosive inside,
attached, or near the ATM. This gas or explosive is ignited and the vault is opened or
distorted by the force of the resulting explosion and the criminals can break in.
A common method is to simply rob the staff filling the machine with money.
To avoid this, the schedule for filling them is kept secret, varying and random. The
money is often kept in cassettes, which will dye the money if incorrectly opened.
DES, but transaction processors now usually require the use of Triple DES. Remote
Key Loading techniques may be used to ensure the secrecy of the initialization of the
encryption keys in the ATM. Message Authentication Code (MAC) or Partial MAC may
also be used to ensure messages have not been tampered with while in transit between
the ATM and the financial network.
A BTMU ATM with a palm scanner (to the right of the screen)
Customer security:
Dunbar Armored ATM Techs watching over ATMs that have been installed in a
van.
Critics of ATM operators assert that the issue of customer security appears
to have been abandoned by the banking industry;[48] it has been suggested that efforts
are now more concentrated on deterrent legislation than on solving the problem of
forced withdrawals.
At least as far back as July 30, 1986, critics of the industry have called for
the adoption of an emergency PIN system for ATMs, where the user is able to send a
silent alarm in response to a threat. Legislative efforts to require an emergency PIN
system have appeared in Illinois, Kansas and Georgia, but none have succeeded as of
yet. In January 2009, Senate Bill 1355 was proposed in the Illinois Senate that revisits
the issue of the reverse emergency PIN system. The bill is again resisted by the
banking lobby and supported by the police. In 1998 three towns outside of Cleveland
Ohio, in response to an ATM crime wave, adopted ATM Consumer Security Legislation
requiring that a 9-1-1 switch be installed at all outside ATMs within their jurisdiction.
Since the passing of these laws 11 years ago, there have been no repeat crimes. In the
wake of an ATM Murder in Sharon Hill, Pennsylvania, The City Council of Sharon Hill
passed an ATM Consumer Security Bill as well, with the same result. As of July 2009,
ATM Consumer Security Legislation is currently pending in New York, New Jersey, and
Washington D.C. In China, many efforts to promote security have been made. On-
premises ATMs are often located inside the bank's lobby which may be accessible 24
hours a day. These lobbies have extensive CCTV coverage, an emergency telephone
and a security guard on the premises. Bank lobbies that aren't guarded 24 hours a day
may also have secure doors that can only be opened from outside by swiping your bank
card against a wall-mounted scanner, allowing the bank to identify who enters the
building. Most ATMs will also display on-screen safety warnings and may also be fitted
with convex mirrors above the display allowing the user to see what is happening
behind them.
ATMs that are exposed to the outside must be vandal and weather resistant.
Rules are usually set by the government or ATM operating body that dictate
what happens when integrity systems fail. Depending on the jurisdiction, a bank may or
may not be liable when an attempt is made to dispense a customer's money from an
ATM and the money either gets outside of the ATM's vault, or was exposed in a non-
secure fashion, or they are unable to determine the state of the money after a failed
transaction. Bank customers often complain that banks have made it difficult to recover
money lost in this way, but this is often complicated by the bank's own internal policies
regarding suspicious activities typical of the criminal element.
Alternative uses:
Two NCR Personas 84 ATMs at a bank in Jersey dispensing two types of pound sterling
banknotes: Bank of England notes, and States of Jersey notes
Although ATMs were originally developed as just cash dispensers, they have evolved to
include many other bank-related functions. In some countries, especially those which
benefit from a fully integrated cross-bank ATM network (e.g.: Multibanco in Portugal),
ATMs include many functions which are not directly related to the management of one's
own bank account, such as:
• Paying routine bills, fees, and taxes (utilities, phone bills, social security, legal
fees, taxes, etc.)
• Printing bank statements
• Updating passbooks
• Loading monetary value into stored value cards
• Purchasing
o Postage stamps.
o Lottery tickets
o Train tickets
o Concert tickets
o Movie tickets
o Shopping mall gift certificates.
• Games and promotional features
• Donating to charities
• Cheque Processing Module
• Adding pre-paid cell phone credit.
Increasingly banks are seeking to use the ATM as a sales device to deliver pre
approved loans and targeted advertising using products such as ITM (the Intelligent
Teller Machine) from CR2 or Aptra Relate from NCR. ATMs can also act as an
advertising channel for companies to advertise their own products or third-party
products and services.
In Canada, ATMs are called guichets automatiques in French and sometimes "Bank
Machines" in English. The Interac shared cash network does not allow for the selling of
goods from ATMs due to specific security requirements for PIN entry when buying
goods. CIBC machines in Canada, are able to top-up the minutes on certain pay as you
go phones.
A South Korean ATM with mobile bank port and bar code reader
Fraud:
As with any device containing objects of value, ATMs and the systems they
depend on to function are the targets of fraud. Fraud against ATMs and people's
attempts to use them takes several forms.
The first known instance of a fake ATM was installed at a shopping mall in
Manchester, Connecticut in 1993. By modifying the inner workings of a Fujitsu model
7020 ATM, a criminal gang known as The Buckland’s Boys was able to steal
information from cards inserted into the machine by customers.
In some cases, bank fraud could occur at ATMs whereby the bank
accidentally stocks the ATM with bills in the wrong denomination, therefore giving the
customer more money than should be dispensed. The result of receiving too much
money may be influenced on the card holder agreement in place between the customer
and the bank.
ATM behavior can change during what is called "stand-in" time, where the
bank's cash dispensing network is unable to access databases that contain account
information (possibly for database maintenance). In order to give customers access to
cash, customers may be allowed to withdraw cash up to a certain amount that may be
less than their usual daily withdrawal limit, but may still exceed the amount of available
money in their account, which could result in fraud.
Card fraud:
ATM line up
In an attempt to prevent criminals from shoulder surfing the customer's PINs, some
banks draw privacy areas on the floor.
For a low-tech form of fraud, the easiest is to simply steal a customer's card. A later
variant of this approach is to trap the card inside of the ATM's card reader with a device
often referred to as a Lebanese loop. When the customer gets frustrated by not getting
the card back and walks away from the machine, the criminal is able to remove the card
and withdraw cash from the customer's account.
Another simple form of fraud involves attempting to get the customer's bank to issue a
new card and stealing it from their mail.
Some ATMs may put up warning messages to customers to not use them when it
detects possible tampering
The concept and various methods of copying the contents of an ATM card's magnetic
stripe on to a duplicate card to access other people's financial information was well
known in the hacking communities by late 1990.
In 1996 Andrew Stone, a computer security consultant from Hampshire in the UK, was
convicted of stealing more than £1 million (at the time equivalent to US$1.6 million) by
pointing high definition video cameras at ATMs from a considerable distance, and by
recording the card numbers, expiry dates, etc. from the embossed detail on the ATM
cards along with video footage of the PINs being entered. After getting all the
information from the videotapes, he was able to produce clone cards which not only
allowed him to withdraw the full daily limit for each account, but also allowed him to
sidestep withdrawal limits by using multiple copied cards. In court, it was shown that he
could withdraw as much as £10,000 per hour by using this method. Stone was
sentenced to five years and six months in prison.
In an attempt to stop these practices, countermeasures against card cloning have been
developed by the banking industry, in particular by the use of smart cards which cannot
easily be copied or spoofed by unauthenticated devices, and by attempting to make the
outside of their ATMs tamper evident. Older chip-card security systems include the
French Carte Bleue, Visa Cash, Mondex, Blue from American Express and EMV '96 or
EMV 3.11. The most actively developed form of smart card security in the industry today
is known as EMV 2000 or EMV 4.x.
EMV is widely used in the UK (Chip and PIN) and other parts of Europe, but when it is
not available in a specific area, ATMs must fallback to using the easy to copy magnetic
stripe to perform transactions. This fallback behaviour can be exploited. However the
fallback option has been removed by several UK banks, meaning if the chip is not read,
the transaction will be declined.
In February 2009, a group of criminals used counterfeit ATM cards to steal $9 million
from 130 ATMs in 49 cities around the world all within a time period of 30 minutes.
Card cloning and skimming can be detected by the implementation of magnetic card
reader heads and firmware that can read a signature embedded in all magnetic stripes
during the card production process. This signature known as a "Magne Print" or
"BluPrint" can be used in conjunction with common two factor authentication schemes
utilized in ATM, debit/retail point-of-sale and prepaid card applications.
Credit Cards:
A credit card is a small plastic card with some numbers embossed on it and which
helps to purchase the things with no requirement of cash in pocket. It is 3-1/8 inches by 2-1/8
inches in size and has identification information for example a signature or picture.
They are the most common version of cards available on the market. These
cards have different features such as low interest, balance transfer, and so on. The
interest rates charged on these cards are quite affordable and they help reduce credit
card debt.
These cards are for some specialized purpose like enabling students to
finance their educational expenditures. Some services are for providing financial
assistance to the business sector at affordable rates. Business credit cards and student
credit cards are some of the specialized cards that are available.
The credit card companies also offer their services to the customers with
adverse credit histories. These services come with some conditions. In spite of that, the
credit cards are helpful for the customers. Secured debit cards and prepaid credit cards
are in this category.
This category includes cards that have cash back options, airline miles bonuses, and so
on.
JetBlue Card
When a purchase is made, the credit card user agrees to pay the card issuer. The
cardholder indicates consent to pay by signing a receipt with a record of the card details
and indicating the amount to be paid or by entering a personal identification number
(PIN). Also, many merchants now accept verbal authorizations via telephone and
electronic authorization using the Internet, known as a 'Card/Cardholder Not Present'
(CNP) transaction.
Electronic verification systems allow merchants to verify that the card is valid and the
credit card customer has sufficient credit to cover the purchase in a few seconds,
allowing the verification to happen at time of purchase. The verification is performed
using a credit card payment terminal or Point of Sale (POS) system with a
communications link to the merchant's acquiring bank. Data from the card is obtained
from a magnetic stripe or chip on the card; the latter system is in the United Kingdom
and Ireland commonly known as Chip and PIN, but is more technically an EMV card.
Each month, the credit card user is sent a statement indicating the purchases
undertaken with the card, any outstanding fees, and the total amount owed. After
receiving the statement, the cardholder may dispute any charges that he or she thinks
are incorrect (see Fair Credit Billing Act for details of the US regulations). Otherwise, the
cardholder must pay a defined minimum proportion of the bill by a due date, or may
choose to pay a higher amount up to the entire amount owed. The credit issuer charges
interest on the amount owed if the balance is not paid in full (typically at a much higher
rate than most other forms of debt). Some financial institutions can arrange for
automatic payments to be deducted from the user's bank accounts, thus avoiding late
payment altogether as long as the cardholder has sufficient funds.
Benefits to customers:
The main benefit to each customer is convenience. Compared to debit
cards and checks, a credit card allows small short-term loans to be quickly made to a
customer who need not calculate a balance remaining before every transaction,
provided the total charges do not exceed the maximum credit line for the card. Credit
cards also provide more fraud protection than debit cards. In the UK for example, the
bank is jointly liable with the merchant for purchases of defective products over £100.
Transaction steps:
• Authorization:
The cardholder pays for the purchase and the merchant submits the
transaction to the acquirer (acquiring bank). The acquirer verifies the credit card
number, the transaction type and the amount with the issuer (Card-issuing bank)
and reserves that amount of the cardholder's credit limit for the merchant. An
authorization will generate an approval code, which the merchant stores with the
transaction.
• Batching:
The acquirer sends the batch transactions through the credit card
association, which debits the issuers for payment and credits the acquirer.
Essentially, the issuer pays the acquirer for the transaction.
• Funding:
Once the acquirer has been paid, the acquirer pays the merchant. The
merchant receives the amount totalling the funds in the batch minus either the
"discount rate," "mid-qualified rate", or "non-qualified rate" which are tiers of fees
the merchant pays the acquirer for processing the transactions.
• Charge backs:
Although the deposit is in the hands of the credit card issuer as security in
the event of default by the consumer, the deposit will not be debited simply for missing
one or two payments. Usually the deposit is only used as an offset when the account is
closed, either at the request of the customer or due to severe delinquency (150 to 180
days). This means that an account which is less than 150 days delinquent will continue
to accrue interest and fees, and could result in a balance which is much higher than the
actual credit limit on the card. In these cases the total debt may far exceed the original
deposit and the cardholder not only forfeits their deposit but is left with an additional
debt.
Secured credit cards are an option to allow a person with a poor credit
history or no credit history to have a credit card which might not otherwise be available.
They are often offered as a means of rebuilding one's credit. Secured credit cards are
available with both Visa and MasterCard logos on them. Fees and service charges for
secured credit cards often exceed those charged for ordinary non-secured credit cards,
however, for people in certain situations, (for example, after charging off on other credit
cards, or people with a long history of delinquency on various forms of debt), secured
cards can often be less expensive in total cost than unsecured credit cards, even
including the security deposit.
After purchasing the card, the cardholder loads the account with any
amount of money, up to the predetermined card limit and then uses the card to make
purchases the same way as a typical credit card. Prepaid cards can be issued to minors
(above 13) since there is no credit line involved. The main advantage over secured
credit cards (see above section) is that you are not required to come up with $500 or
more to open an account. With prepaid credit cards you are not charged any interest but
you are often charged a purchasing fee plus monthly fees after an arbitrary time period.
Many other fees also usually apply to a prepaid card.
Because of the many fees that apply to obtaining and using credit-card-
branded prepaid cards, the Financial Consumer Agency of Canada describes them as
"an expensive way to spend your own money".[10] The agency publishes a booklet, "Pre-
paid cards", which explains the advantages and disadvantages of this type of prepaid
card.
Many credit card companies will also, when applying payments to a card, do so at the
end of a billing cycle, and apply those payments to everything before cash advances.
For this reason, many consumers have large cash balances, which have no grace
period and incur interest at a rate that is (usually) higher than the purchase rate, and will
carry those balance for years, even if they pay off their statement balance each month.
Fraud:
In relative numbers the values lost in bank card fraud are minor, calculated
in 2006 at 7 cents per 100 dollars worth of transactions (7 basis points). In 2004 in the
UK, the cost of fraud was over £500 million. When a card is stolen, or an unauthorized
duplicate made, most card issuers will refund some or all of the charges that the
customer has received for things they did not buy. These refunds will, in some cases,
be at the expense of the merchant, especially in mail order cases where the merchant
cannot claim sight of the card. In several countries, merchants will lose the money if no
ID card was asked for, therefore merchants usually require ID card in these countries.
Credit card companies generally guarantee the merchant will be paid on legitimate
transactions regardless of whether the consumer pays their credit card bill. Most
banking services have their own credit card services that handle fraud cases and
monitor for any possible attempt at fraud. Employees that are specialized in doing fraud
monitoring and investigation are often placed in Risk Management, Fraud and
Authorization, or Cards and Unsecured Business. Fraud monitoring emphasizes
minimizing fraud losses while making an attempt to track down those responsible and
contain the situation. Credit card fraud is a major white collar crime that has been
around for many decades, even with the advent of the chip based card (EMV) that was
put into practice in some countries to prevent cases such as these. Even with the
implementation of such measures, credit card fraud continues to be a problem.
Debit Cards:
What's a Debit Card?
A debit card differs from a credit card in that a debit card is tied directly to
your checking account and the amount of money you can spend with it is limited to the
amount of money you have in the bank.
When you use a debit card, the transaction debits (withdraws) the amount of
the transaction from your checking account, usually on the same day. You can use a
debit card to get cash from ATM machines or have it swiped like a credit card at shops
or restaurants or swipe it through a pay phone to make a call.
When you use a debit card, the transaction debits (withdraws) the amount of
the transaction from your checking account, usually on the same day. You can use a
debit card to get cash from ATM machines or have it swiped like a credit card at shops
or restaurants or swipe it through a pay phone to make a call.
Naturally, you can't rely on your debit card for all your international
transactions - imagine haggling with a street vendor, getting the price right and then
trying to give him/her plastic! Remote hostels and many restaurants in third world
countries don't accept credit cards (which is how debit cards are viewed in the business
world). Thus, you'll need to make budget plans before you leave home so that you have
traveler's checks and cash and some money in your checking account for use on your
debit card.
Let's assume you have a budget of $2000 for your trip. Decide how you're
comfortable splitting that into the way you'll use it; $500 in traveler's checks (although
travelers' checks are dead as disco, because carrying them is a pain on several levels --
we've had banks in other countries refuse to cash them, we've lost them, etc. and so
on), $500 in cash and $1000 left in your checking account, for example -- that's $1000
on your debit card.
Chances are you were automatically offered a debit card when you opened
your checking account. If you don't have a checking account, go open one now. Look
for a bank that doesn't charge checking account fees, and ask for a debit card.
It takes a few days to two weeks to get a debit card after you order it. When
the card arrives, sign the back; have photo id with your signature handy when you use
the card - merchants may want to compare your face and your signatures to protect
themselves from fraud.
• if you have a ‘Solo’ or ‘Electron’ debit card the balance in your account is
checked before each transaction – if there’s not enough money you won’t be able
pay or withdraw cash with the debit card without prior agreement
• if you have ‘Switch’, ‘Visa’ or ‘Delta’ card your account balance won’t necessarily
be checked and the payment may still go through
If you go overdrawn the charges you’ll pay will depend on whether or not
you have an authorised overdraft arrangement with your bank. If you do, you’ll pay the
agreed amount of interest at the end of each month. This is usually much lower than
interest charged on credit cards.
If you don’t have an overdraft agreement, or you exceed the agreed limit,
your bank may allow the payment to go through but you’ll usually pay much higher fees
than if you had an agreed overdraft.
You can withdraw cash up to 30% of your available Debit limit at any
VISA/MasterCard ATM across the globe. Cash can also be withdrawn ‘Over-the-
Counter’ at financial institutions worldwide or at any of the Bank branches and all
other VISA/MasterCard member banks.
• Supplementary Cards:
• Foreign Transactions:
When you use your Debit Card abroad, the transaction amount will be
converted from the transaction currency to US Dollars, based on the international
exchange rate prevailing on that date. In order to assist Card members, all
transactions will be converted into yours country currency for payment.
Debit cards and credit cards differ in some significant ways. In the case of a
credit card, the issuer offers credit and overdraft facilities. This facility is not available
with a debit card, which will only debit payments from existing and available funds within
the cardholders account. A credit cardholder therefore has a monthly bill to pay in every
month that the card is used. If they don’t pay that bill, high interest charges are applied.
A debit card holder is free from the hassle of paying those bills, and from the risk of
building up large debts to credit card companies.
• They help people to be disciplined financially, since one cannot splurge with the
limited amount of funds deposited for the card.
• A person with poor credit can obtain a debit card without too much trouble.
• Debit cards can be used to make online purchases and payments.
• They provide freedom from carrying cash and checks while travelling, thereby
offering more safety.
• Debit cards do not charge high interest rates or fees on card transactions.
• Debit cards come with lesser fraud protection facilities than credit cards.
• Some transactions cannot be carried out with a debit card, such as renting a car
in a foreign country.
• You can only use as many funds as you have available. Therefore, in case of an
emergencies where credit is urgently needed beyond your account balance, a
debit card will not be enough to meet your needs.
Over the last few years, the mobile and wireless market has been one of the
fastest growing markets in the world and it is still growing at a rapid pace. According to
the GSM Association and Ovum, the number of mobile subscribers exceeded 2 billion in
September 2005, and now exceeds 2.5 billion (of which more than 2 billion are GSM).
With mobile technology, banks can offer services to their customers such as
doing funds transfer while travelling, receiving online updates of stock price or even
performing stock trading while being stuck in traffic. Smart phones and 3G connectivity
provide some capabilities that older text message-only phones do not.
Many believe that mobile users have just started to fully utilize the data
capabilities in their mobile phones. In Asian countries like India, China, Bangladesh,
Indonesia and Philippines, where mobile infrastructure is comparatively better than the
fixed-line infrastructure, and in European countries, where mobile phone penetration is
very high (at least 80% of consumers use a mobile phone), mobile banking is likely to
appeal even more.
These models differ primarily on the question that who will establish the
relationship (account opening, deposit taking, lending etc.) to the end customer, the
Bank or the Non-Bank/Telecommunication Company (Telco). Another difference lies in
the nature of agency agreement between bank and the Non-Bank. Models of
branchless banking can be classified into three broad categories - Bank Focused, Bank-
Led and Nonbank-Led.
Bank-focused model:
The bank-focused model emerges when a traditional bank uses non-
traditional low-cost delivery channels to provide banking services to its existing
customers. Examples range from use of automatic teller machines (ATMs) to internet
banking or mobile phone banking to provide certain limited banking services to banks’
customers. This model is additive in nature and may be seen as a modest extension of
conventional branch-based banking.
Bank-led model:
The bank-led model offers a distinct alternative to conventional branch-
based banking in that customer conducts financial transactions at a whole range of
retail agents (or through mobile phone) instead of at bank branches or through bank
employees. This model promises the potential to substantially increase the financial
services outreach by using a different delivery channel (retailers/ mobile phones), a
different trade partner (telco / chain store) having experience and target market distinct
from traditional banks, and may be significantly cheaper than the bank-based
alternatives. The bank-led model may be implemented by either using correspondent
arrangements or by creating a JV between Bank and Telco/non-bank. In this model
customer account relationship rests with the bank
Non-bank-led model:
The non-bank-led model is where a bank does not come into the picture
(except possibly as a safe-keeper of surplus funds) and the non-bank (e.g. telco)
performs all the functions.
Account Information
A specific sequence of SMS messages will enable the system to verify if the
client has sufficient funds in his or her wallet and authorize a deposit or withdrawal
transaction at the agent. When depositing money, the merchant receives cash and the
system credits the client's bank account or mobile wallet. In the same way the client can
also withdraw money at the merchant: through exchanging SMS to provide
authorization, the merchant hands the client cash and debits the merchant's account.
Investments:
1. Portfolio management services
2. Real-time stock quotes
3. Personalized alerts and notifications on security prices
4. mobile banking
Support:
1. Status of requests for credit, including mortgage approval, and insurance
coverage
2. Check (cheque) book and card requests
3. Exchange of data messages and email, including complaint submission and
tracking
4. ATM Location
Content Services:
1. General information such as weather updates, news
2. Loyalty-related offers
3. Location-based services
Handset operability:
There are a large number of different mobile phone devices and it is a big
challenge for banks to offer mobile banking solution on any type of device. Some of
these devices support J2ME and others support SIM Application Toolkit, a WAP
browser, or only SMS.
matures, money movements between service providers will naturally adopt the same
standards as in the banking world.
Security:
Security of financial transactions, being executed from some remote
location and transmission of financial information over the air, are the most complicated
challenges that need to be addressed jointly by mobile application developers, wireless
network service providers and the banks' IT departments.
1. Physical part of the hand-held device. If the bank is offering smart-card based
security, the physical security of the device is more important.
2. Security of any thick-client application running on the device. In case the device
is stolen, the hacker should require at least an ID/Password to access the
application.
3. Authentication of the device with service provider before initiating a transaction.
This would ensure that unauthorized devices are not connected to perform
financial transactions.
4. User ID / Password authentication of bank’s customer.
5. Encryption of the data being transmitted over the air.
6. Encryption of the data that will be stored in device for later / off-line analysis by
the customer.
Application distribution
Due to the nature of the connectivity between bank and its customers, it
would be impractical to expect customers to regularly visit banks or connect to a web
site for regular upgrade of their mobile banking application. It will be expected that the
mobile application itself check the upgrades and updates and download necessary
patches (so called "Over The Air" updates). However, there could be many issues to
implement this approach such as upgrade / synchronization of other dependent
components.
Personalization
It would be expected from the mobile application to support personalization
such as:
1. Preferred Language
2. Date / Time format
3. Amount format
4. Default transactions
5. Standard Beneficiary list
6. Alerts
Countries like Sudan, Ghana and South Africa received this new commerce
very well. In Latin America countries like Uruguay, Paraguay, Argentina, Brazil,
Venezuela, Colombia, Guatemala and recently Mexico started with a huge success.
In Colombia was released with Redeban.
In Iran banks like Parsian, Tejarat, Mellat, Saderat, Sepah, edbi and
bankmelli offer this service. Guatemala have the support of Banco industrial.
but has been increasingly used to pay utility bills. Zain in 2009 launched their own
mobile money transfer business known as ZAP in Kenya and other African countries.
SMS Banking:
SMS banking is a technology-enabled service offering from banks to its
customers, permitting them to operate selected banking services over their mobile
phones using SMS messaging.
SMS banking services are operated using both push and pull messages. Push
messages are those that the bank chooses to send out to a customer's mobile phone,
without the customer initiating a request for the information. Typically push messages
could be either Mobile marketing messages or messages alerting an event which
happens in the customer's bank account, such as a large withdrawal of funds from the
ATM or a large payment using the customer's credit card, etc. (see section below on
Typical Push and Pull messages).
Another type of push message is One-time password (OTPs). OTPs are the latest tool
used by financial and banking service providers in the fight against cyber fraud. Instead
of relying on traditional memorized passwords, OTPs are requested by consumers each
time they want to perform transactions using the online or mobile banking interface.
When the request is received the password is sent to the consumer’s phone via SMS.
The password is expired once it has been used or once its scheduled life-cycle has
expired.
Pull messages are those that are initiated by the customer, using a mobile phone, for
obtaining information or performing a transaction in the bank account. Examples of pull
messages for information include an account balance enquiry, or requests for current
information like currency exchange rates and deposit interest rates, as published and
updated by the bank.
The bank’s customer is empowered with the capability to select the list of activities (or
alerts) that he/she needs to be informed. This functionality to choose activities can be
done either by integrating to the internet banking channel or through the bank’s
customer service call centre.
The SMS banking channel also acts as the bank’s means of alerting its customers,
especially in an emergency situation; e.g. when there is an ATM fraud happening in the
region, the bank can push a mass alert (although not subscribed by all customers) or
automatically alert on an individual basis when a predefined ‘abnormal’ transaction
happens on a customer’s account using the ATM or credit card. This capability mitigates
the risk of fraud going unnoticed for a long time and increases customer confidence in
the bank’s information systems.
EFTPOS:
Card-based EFT:
Credit cards
EFT may be initiated by a cardholder when a payment card such as a credit card or
debit card is used. This may take place at an automated teller machine (ATM) or point
of sale (POS), or when the card is not present, which covers cards used for mail order,
telephone order and internet purchases.
Card-based EFT transactions are often covered by the ISO 8583 standard.
Transaction types:
A number of transaction types may be performed, including the following:
The transaction types offered depend on the terminal. An ATM would offer different
transactions from a POS terminal, for instance.
Authorization:
EFT transactions require communication between a number of parties.
When a card is used at a merchant or ATM, the transaction is first routed to an acquirer,
then through a number of networks to the issuer where the cardholder's account is held.
Before online authorization was standard practice and credit cards were
processed using manual vouchers, each merchant would agree a limit ("floor limit) with
his bank above which he must telephone for an authorization code. If this was not
carried out and the transaction subsequently was refused by the issuer ("bounced"), the
merchant would not be entitled to a refund.
Example - Purchase for £10 on Day 2 never completes so hold removed on Day 4:
Cleared
Available Balance
Balance
Day 1 £100 £100
Day 2 £100 £90 (Hold for a purchase of £10)
Day 3 £100 £90
£90 (Transaction completes. Hold removed. Both
Day 4 £90
balances updated with purchase amount)
An offline process, driven by the networks' clearing systems, generates clearing files
which are sent to the card issuers on a daily basis. These files contain the completions
messages to the on-line authorizations.
Example - Purchase for £30 on Day 2 for a transaction not requiring authorization:
This transaction has to be applied even if the cardholder does not have sufficient funds
or an overdraft.
Authentication:
EFT transactions may be accompanied by methods to authenticate the card and the
card holder. The merchant may manually verify the card holder's signature, or the card
holder's Personal identification number (PIN) may be sent online in an encrypted form
for validation by the card issuer. Other information may be included in the transaction,
some of which is not visible to the card holder (for instance magnetic stripe data), and
some of which may be requested from the card holder (for instance the card holder's
address or the CVV2 value printed on the card).
EMV cards are smartcard-based payment cards, where the smartcard technology
allows for a number of enhanced authentication measures.
"Over the shoulder looking" scheme involves the offender observing his
potential victim making financial transactions and recording the personal information
used in the transaction.
"Phishing" scheme:
"Phishing" scheme stems from the two words "password" and "fishing." It
entails sending email scams and mail supposedly from the consumer's bank as a way to
obtain the consumer's personal information, social insurance number, and in this case
their online banking username and password.
The FBI estimates that 1 million PCs in America are being compromised in
a similar fashion to conduct fraud. Although, analysts note that the use of Trojan
schemes has jumped in the recent years, phishing remains the most popular scheme.
According to the 2004 study by the market research Gartner, 1.8 million Americans
responded to phishing emails with their personal information.
The New York-based online security vendor found that 73% of bank
customers use their Internet banking password to access non-financial -- and
less secure -- websites. Forty-seven percent use both their online banking user ID
and password on other websites.
The research was based on data collected over 12 months from more
than 4 million users of Trusteer's Rapport browser security service.
The Rapport browser plug-in has a feature that warns users when they
type their banking credentials into another website in order to block potential
phishing attacks that try to trick users into using their credentials on phony
banking websites. The feature also is intended to alert users about the risks
associated with using online banking credentials on other websites.
Trusteer's study also found that when a bank allows users to create
their own user ID, 65% of those customers share the ID with nonfinancial sites.
When banks assign IDs to customers, the number that use the ID on other sites
dropped to 42%.
banking channel. This paper discusses the pros and cons of the different fraud
prevention approaches used throughout the world.
The "over the shoulder looking" scheme occurs when a customer performs
financial transactions while being observed by a criminal. A fair number of cases have
been reported where customer's account access data was obtained by the criminal just
by observing customers at a public Internet access point.
The "phishing" scheme involves using fake emails and/or fake websites.
The word "phishing" stems from combining the words "password" and "fishing".
Criminals send emails that appear to be from the customer's bank that direct customers
to a fake website. This website impersonates the bank's website and prompts
customers for their account access data. Over the past months, most banks have
executed customer education programs, thereby reducing the effectiveness of this
scheme. It will, however, take awhile before all customers are smart enough to extinct
phishing.
In the year 2003, phishing was the dominant fraud scheme. In the year
2004, banks experienced a sharp rise in Trojan fraud scheme attacks.
OTP for verification. Once used, the OTP becomes invalid. If the customer runs out of
OTPs, he is sent a new list.
Trojans simply also capture the OTP once entered. At the same time, they
falsify the customer's input in the browser software (e.g. by adding an invisible
character) or cause the browser software to crash. This causes the customer's
transaction to be intercepted and the OTP to still be valid. The criminal can then use this
valid OTP to perform a fraudulent transaction.
Hardware Tokens:
The high-tech alternative to paper OTP lists are "hardware tokens". These
devices have the form factor of a key chain attachment, featuring a crypto processor
and a display. A hardware token displays a new OTP every 60 seconds. Because each
OTP is only valid for a limited period of time, they provide significant protection against
"over the shoulder looking" and phishing schemes.
Hardware tokens can, however, not protect the customer against Trojans.
The fact that the OTP is only valid for a short time just reduces the amount of time the
criminal has to exploit the data obtained by the Trojan. Because many criminals already
use automated scripts on their servers to perform fraudulent transactions once the
access data is received from the Trojan, the time limit proves no significant barrier to the
criminal.
flaw is to use a "key generator" device that generates an OTP based on primary
transaction parameters.
A key generator looks similar to a pocket calculator. It has a keypad that lets
the customer enter the source account, target account, transaction amount, and a PIN.
Based on these parameters, the key generator generates a transaction specific OTP.
The customer now enters the transaction parameters into the online banking application
including the generated OTP. When the online transaction is received by the bank's
server, it performs the same calculations as the key generator and thus verifies the
OTP.
OTP by SMS:
Some of the disadvantages of using key generators are avoided by sending
OTPs to the customer using SMS. With this approach, the customer first sends the
complete transaction to the bank's server. The bank's server then creates a random
number as OTP and sends it to the customer's mobile phone as text message. The
customer now enters this transaction specific OTP into the online banking application,
and sends it also to the bank's server. If the generated OTP matches the one
transmitted by the customer, the transaction is verified.
Because the OTP transmitted can only be used to verify the transaction that
is already received by the bank's server and cannot be altered from the outside, this
OTP is of no use to a criminal. In theory, sending OTPs by SMS should hence be as
effective a fraud prevention measure as a key generator. In reality, banks have
experienced that the weak point is the mobile phone identification. Effective fraud
prevention is only provided if any change of mobile phone number is performed only
after thorough identity checking.
the world are investigating ways to leverage their existing infrastructure into new
sources of profit. Most operators hence look into providing financial transaction services
of various kinds. Banks hence may soon find themselves in a situation, where wireless
operators offer their customers financial transactions using just the mobile phone and
nothing else. The bank's offering would involve using first an Internet browser, than wait
for an SMS, read it, go back to the Internet browser, type in the OTP and erase the
SMS. For a customer, the bank's offering appeals to be a lot more complex than the
wireless operator's offering.
By exchanging crypto keys with the bank's server, the bank's server can be
sufficiently sure that the online transactions secured with this approach stem from the
genuine customer. While smart cards have been hacked in the past, the latest
generation smart cards will likely provide a high level of fraud protection for many years.
The other disadvantage is that the need for the electrical connection limits
the use of online banking. Many customers perform online banking from their office.
Installing card reader hardware and drivers is often not possible for managed office
PCs. Also, recent electronic organizers and smart phones provide Internet browsers
that are well capable to perform online banking, but offer no capabilities to connect a
smart card reader or an USB token.
Transaction Monitoring:
A completely different approach to secure online banking comes from the
adaptation of fraud prevention systems used with credit and debit card processing. In
payment card processing, fraud is a known phenomenon since many years. Technical
security measures introduced to payment cards, such as magnetic stripes or chips,
have only provided temporary relief from fraud losses.
The only measure that has proved to limit fraud losses permanently was the
deployment of transaction monitoring software. This has become the de-facto standard
for fraud prevention with payment card processing worldwide.
Comparison:
But what are the disadvantages of transaction monitoring? One problem
arises when a new fraud pattern emerges, which is not stored in the transaction
monitoring software. Another problem arises when by accident the current genuine
transaction patterns resemble a known fraud pattern so much that the transaction
monitoring system refers the genuine transaction to the call centre.
The first problem exists with any fraud prevention measure. Once criminals
find a way to circumvent the measure, the door to fraud is open. The question becomes
what can be done in this case. If the fraud prevention measure involves devices that are
distributed to the customers, fixing the security problem becomes difficult. When the
French credit card chip system was hacked, retrofitting point of sales terminals to patch
up security was estimated to cost 5 billion U.S. dollars. Transaction monitoring provides
a significant advantage in this case because it is centralized. By adding the new fraud
pattern to the fraud detection logic in the bank's data centre, the entire system becomes
instantly "immunized".
The second problem also occurs with any fraud prevention measure. Any
measure will impose a certain customer disturbance. Smart cards and USB tokens may
cause trouble when their hardware driver becomes incompatible with any change of the
customer's PC. And like hardware tokens and key generators, all extra electronic
devices have certain likelihood to fail or get lost. OTPs send by SMS may get lost or
delayed, in particular with International roaming. Transaction monitoring software will
inevitable generate a certain rate of false alarms. Banks must carefully determine which
level of customer disturbance they consider acceptable for the security level needed.
In addition, Risk Shield looks out for "unusual" transaction patterns because
they could be emerging fraud patterns. Once Risk Shield administrators are alerted,
they use the Risk Shield analysis and simulation environment to isolate potentially new
fraud patterns, and simulate the effectiveness of the developed countermeasures.
Risk Shield also uses transaction data from other payment channels to
refine its detection of certain fraud patterns, if such data is available. The transaction
sequences are automatically merged by Risk Shield into "transaction fingerprints". Also,
non-monetary transactions, such as password changes, address changes or claims of
lost cards are used by Risk Shield to detect specific fraud patterns.
Banking is more sensitive business than the other. The online banking
makes it more sensitive because all the information and financial transactions take
place online.
Despite of SSL security and other security measures there are many frauds
reported due to fault at the customer end by disclosing the personal details via e-mail or
on the website so security of database or personal & banking details are most
important. If you have opened an online account than you must have to see the bank
website thoroughly because there will be a chances to have similar types of website.
Please make sure that the website get secured with SSL security certification symbol.
There are some points for the customer to perform the safer transaction in online
banking.
2. Online banking business is based on SSL security and Java Script. All
transaction you made or all information you feed online will convert into an encryption
so there are nil chances to get an access on the customer information.
4. You must have to monitor your online banking account carefully. If you
find any unknown transaction to other account than you can immediately call to the
customer care department for further scrutiny.
5. It is most important for you to put the login details at a safer place.
The online banking is safe till you can’t disclosed or make sure to share your personal
details to other or through e-mail or online. Once customer get smarter to manage
online account, it makes all online banking transaction safer.
1). Technology has opened up new markets, new products, new services and efficient
delivery channels for the banking industry. Online electronics banking, mobile banking
and internet banking are just a few examples.
2). Information Technology has also provided banking industry with the wherewithal to
deal with the challenges the new economy poses. Information technology has been the
cornerstone of recent financial sector reforms aimed at increasing the speed and
reliability of financial operations and of initiatives to strengthen the banking sector.
3). The IT revolution has set the stage for unprecedented increase in financial activity
across the globe. The progress of technology and the development of world wide
networks have significantly reduced the cost of global funds transfer.
4). It is information technology which enables banks in meeting such high expectations
of the customers who are more demanding and are also more techno-savvy compared
to their counterparts of the yester years. They demand instant, anytime and anywhere
banking facilities.
5). IT has been providing solutions to banks to take care of their accounting and back
office requirements. This has, however, now given way to large scale usage in services
aimed at the customer of the banks.
IT also facilitates the introduction of new delivery channels - in the form of Automated
Teller Machines, Net Banking, Mobile Banking and the like. Further, IT deployment has
assumed such high levels that it is no longer possible for banks to manage their IT
implementations on a standalone basis with IT revolution, banks are increasingly
interconnecting their computer systems not only across branches in a city but also to
other geographic locations with high-speed network infrastructure, and setting up local
area and wide area networks and connecting them to the Internet.
As a result, information systems and networks are now exposed to a growing number.
Technology Products:
Current System:
However, the situation has dramatically changed, as now banks are again
hungry for funds. In the last few months or so, we have seen a new trend of advance
profit in the banking sector. ABL, the Bank of Punjab, Atlas Bank have already
announced the best possible advance profit for the customers who have money more
than Rs. 50,000/- and want handsome profit immediately.
It seems that we are forced to just put our money in the banks and enjoy the
interest. There is no need to work or taking risk to invest money in any type of business.
This will also lead to more foreign trade debit, which is already worsening and crossing
US$ 10 billion. Remember that this gap was 1 billion US dollar in 1994 and at that time
US $ had a price value of Rs. 36.
According to the sources, this race of advance profit will be intensified in the
near future and more banks will offer higher and advance profit like MCB, Bank -al-
Falah, National Bank.
Let’s pray for our country, our economy and our future be in safe and secure
with one and only dream of prosperity.
Some of the market factors that describe Growths in Online banking include
the following:
Competition:
Studies show that competitive pressure is the chief driving force behind
increasing use of Internet banking technology, ranking ahead of cost reduction and
revenue enhancement, in second and third place respectively. Banks see Online
banking as a way to keep existing customers and attract new ones to the bank.
Cost Efficiencies:
MCB banks can deliver banking services on the Internet at transaction costs
far lower than traditional brick-and-mortar branches. The actual costs to execute a
transaction will vary depending on the delivery channel used.
MCB banks have significant reasons to develop the technologies that will
help them deliver banking products and services by the most cost-effective channels.
Management should include in their decision making the development and ongoing
costs associated with a new product or service, including the technology, marketing,
maintenance, and customer support functions. This will help management exercise due
diligence, make more informed decisions.
Geographical Reach:
Branding:
Customer Demographics:
Online banking allows banks to offer a wide array of options to their banking
customers. Some customers will rely on traditional branches to conduct their banking
business. For many, this is the most comfortable way for them to transact their banking
business. Those customers place a premium on person-to-person contact. Other
customers are early adopters of new technologies that arrive in the marketplace. These
customers were the first to obtain PCs and the first to employ them in conducting their
banking business. The demographics of banking customers will continue to change.
The challenge to national banks is to understand their customer base and find the right
mix of delivery channels to deliver products and services profitably to their various
market segments.
Review your bank’s information about its online privacy policies and practices:
By law, banks are required to send you a copy of their privacy policies and
practices annually; you may also request a copy of this information (see Electronic
Code of Federal Regulations, Title 16: Commercial practices, Part 313.9 – Delivering
Privacy and Opt Out Notices for more information). Bank web sites should also have
this information. As you read this information, pay particular attention to any mention
of the methods used for encrypting transactions and authenticating user information.
Also, check the information to see if the bank requires additional security information
before authorizing a payment to a business or individual that as never received a
payment before.
Before setting up any online bill payment, check the privacy policy of the
company or service you will be sending payment to:
You have the right to limit the information an online bank shares with both
its parent organization and any other financial institutions (see “Protecting Your
Privacy” and “How Anonymous Are You?” for more information). Be aware that some
online banks may have separate procedures for handling each of these
requests. You may also want to use a service such as the Better Business Bureau to
view any existing history of outstanding consumer complaints about privacy violations.
Be sure to change your PIN regularly. Do not choose a PIN that contains
personal information such as your birthday or Social Security number; an attacker
might be able to guess these. Regardless of the circumstances, never give someone
access to your current PIN number (see “Choosing and Protecting Passwords” for
more information).
Installing and updating this software protects your computer and its contents
against unauthorized access. You should turn on automatic updates for these
programs or, if prompted, always agree to download system updates as soon as they
are available
You should conduct online bank transactions in locations that are not
subject to public monitoring. When you are entering login information, you should
avoid using unsecured or public network connections (for example, at a coffee shop or
library). As a general rule, you should avoid using any computer that other people can
freely access; the end result could be unauthorized access of your financial
information. Remember, it is possible for your account information to be stored in the
web browser’s temporary memory
You should not reply to any email requests for security information,
warnings of an account suspension, opportunities to make easy money, overseas
requests for financial assistance, and so forth. Also, links found in these suspicious
emails should not be clicked. Forward a copy of the suspicious email to the Federal
Trade Commission at uce@ftc.com and then delete the mail from your mailbox.
If you have disclosed financial information to a fraudulent web site, file reports
with the following organizations:
• Your bank
• The local police
• The Federal Trade Commission
• The Internet Crime Complaint Centre
Revenue Growth:
The ability to combine services increases flexibility, which facilitates
innovation and speeds new products to market. Your bank will benefit from the
following:
Conclusion:
Online banking involves certain risks. It is important to educate yourself
about these risks, how unauthorized access to your financial information occurs, and
the steps you can take to protect your financial information. Learning about your rights
and responsibilities as an online banking consumer can make a difference to your
financial well-being by changing the age-old saying “A penny saved is a penny
earned” to “A penny saved is a penny kept.”
Protection through single password authentication, as is the case in most
secure Internet shopping sites, is not considered secure enough for personal online
banking applications in some countries. Basically there exist two different
security methods for online banking.
The PIN/TAN system where the PIN represents a password, used for the
login and TANs representing one-time passwords to authenticate transactions. TANs
can be distributed in different ways; the most popular one is to send a list of TANs to
the online banking user by postal letter. The most secure way of using TANs is to
generate them by need using a security token. These token generated
TANs depend on the time and a unique secret, stored in the security token (this is
called two-factor authentication or 2FA). Usually online banking with PIN/TAN is done
via a web browser using SSL secured connections, so that there is no additional
encryption needed.
Signature based online banking where all transactions are signed and
encrypted digitally. The Keys for the signature generation and encryption can be
stored on smartcards or any memory medium, depending on the concrete
implementation.
Problem Area:
The industry sector is one of the most important service sectors for the
whole national economy. Modern, highly industrialized and technology driven
economies are threatened by higher risks than ever, and individual need to protect
themselves against private risk. From the banks’ viewpoint, use of Internet banking is
expected to lead to cost reductions and improved competitiveness. This service
delivery channel is seen as powerful because it can retain current Web-based
customers who continue using banking services from any location. Moreover, Internet
banking provides opportunities for the bank to develop its market by attracting a new
customer base from existing Internet users (Suganthi et al., 2001; Dannenberg and
Keller, 1998; Zineldin, 1995).
In the last five years financial analysts have assessed financial services
websites as laggards behind other industries in overall innovation (Bruno-Britz, 2006).
This trend is confirmed by the Internet Standards Assessment Report which shows
that Internet banking sites currently score low in the categories of innovation and use
of technology (ISAR, 2006) compared to other retail websites. Current financial
analysis indicates that bank customers “are most satisfied if they themselves are
allowed to state where, when, and how they do their banking” (Silva,2005). Survey
results and industry research that concludes that banks need to spend time and
increase investments in improving connections with customers and differentiating the
customer experience is getting the attention of many banks (Eckenrode, 2006).
Financial analysts suggest “banks can learn a thing or two from many non-bank
industries that are exhibiting innovation in the way that they deal with self-service
options for their customers” (Silva, 2005).
Internet technology have the potential to enable the banks to enhance their
Internet offerings with features that will improve customer service interactions and
allow them with options for increasing control of their Internet banking experience.
However, due to the strong fact that financial transactions involve the transmission of
highly sensitive personal data, a major factor influencing consumer use of Internet
banking websites is trust (Suh & Han, 2002). Continuing instances of Internet banking
security violation and reports “degrades customer trust in the bank and in online
banking in general” by (Fox, 2005), and thus, issues related to adoption of internet
banking must be factored in to any plans for adding customer satisfaction and security
control features.
Login Page:
Logout Page:
References
http://en.wikipedia.org/wiki/Online_banking
http://ezinearticles.com/?A-Brief-History-of-Internet-
Banking&id=353450
http://ezinearticles.com/?History-of-Online-Banking&id=270075
http://www.google.com.pk/url?
sa=t&source=web&ct=res&cd=2&ved=0CA0QFjAB&url=http%3A
%2F%2Fwww.occ.treas.gov%2Fhandbook
%2Fintbank.pdf&ei=GKlqS7SjG4ze7AP7zdj1BQ&usg=AFQjCNFGc5t
KCxI41uD9JUo4Dv0O3ior8g
http://www.ehow.com/how_5886920_open-online-banking-account.html
http://www.bankrate.com/brm/olbstep2.asp
http://articles.moneycentral.msn.com/Banking/BetterBanking/TheTop1
0OnlineBanks.aspx
http://en.wikipedia.org/wiki/Automated_teller_machine
http://www.typesofcreditcards.com/
http://en.wikipedia.org/wiki/Credit_card
http://studenttravel.about.com/od/mattersofmoney/qt/atmcard.htm
http://www.economywatch.com/debit-card/
http://en.wikipedia.org/wiki/Mobile_banking\
http://www.google.com.pk/url?
sa=t&source=web&ct=res&cd=6&ved=0CBQQFjAF&url=http%3A
%2F%2Fwww.mmaglobal.com
%2Fmbankingoverview.pdf&ei=EkFrS5TjEYzW7AOqp6X2BQ&usg=
AFQjCNFUqV8HH-PgzF_x3JscAGIEH7pbTw
http://en.wikipedia.org/wiki/Telephone_banking
http://en.wikipedia.org/wiki/SMS_Banking
http://en.wikipedia.org/wiki/Guide_to_E-payments
http://www.spamlaws.com/onlinebanking-fraud.html
http://searchfinancialsecurity.techtarget.com/news/article/0,289142,sid1
85_gci1380406,00.html
http://internetbankingfraud.com/
http://www.google.com.pk/url?
sa=t&source=web&ct=res&cd=2&ved=0CAwQFjAB&url=http%3A
%2F%2Fwww.postbank.com%2FDatei%2F0711online-banking-
security_en_Internetfassung
%2C0.pdf&ei=kPprS6efOorY7APN5rCABg&usg=AFQjCNEjH6uMrg
I0i-9J9njg-m3FfP1xdA