Online Banking Thesis

2010
Final Project
(Thesis)
Online Banking & Role of I.T. in
Online Banking
“Online banking is the practice of making bank transactions or paying bills
via the Internet. It aims to provide bank customers online access to their
bank accounts”.
Abdul Mannan & M. Waqas

Online Banking & Role of I.T. in online Banking
2/5/2010
Online Banking & Role of I.T in Online Banking
(Project Documentation)
Session 2007-2009
Submitted To
Sir Mateen
Submitted By
Abdul Mannan MIT (9102)
M Waqas Nawaz Gillani MIT (8202)
Project:
Online Banking
And
Prepared By: Abdul Mannan (9102) & M. Waqas (8202)

Page 108
Role of I.T in Online Banking
ACKNOWLEDGEMENT
First of all I am very great full to Almighty ALLAH, the most
Beneficent, and the most Merciful, who gives me the talent to complete
this task successfully. I am also grateful to Allah also for goodness to the
right path, and also for that make me courage to fulfilment for project.
I have chosen this topic (Online Banking System) for the
Thesis/Project individually. My Thesis/Project supervisor Abdul
Mateen is very kind person and corporative always. He has to
encourage his students dramatically to work hard. He has made available
his support in a number of ways so that we have to complete this task.
He helped us in proposal writing and gave us a lot helping material and
suggestion. His specific comments, corrections, evaluate and praise was
the most.
I owe my deepest gratitude to Sir Shahzad Jamil who is
program manager of evening session. He is always available to help
student of any kind.
I am very grateful to very grateful to my parents whose prayers
and for their support. Also at this occasion we can’t forget our parents
for their guidance at the crucial moments of our life.
I would like to show my gratitude to my elder brother Syed
Jawad Nawaz who’s the senior network administrator of PUCIT. This
thesis would not have been possible unless his corporation. And also my
group fellow makes also effort to complete this task.
Lastly, I offer my regards and blessings to all of those who
supported me in any respect during the completion of the project.
Especially the Chief Manager Mr. Rohail MCB EFU Branch Lahore,
Pakistan.

Page 108
Abdul Mannan M. Waqas Nawaz Gillani
Index
1. Abstract
2. Introduction
a. What is Online Banking?
b. Definition of Online Banking
c. Online Transaction Processing
d. History
e. Origin of Online Banking
f. Features
i. No Fee
ii. Good Web Tool
iii. Fund Transfers
iv. Account Aggregation
v. E-Mail Alerts and Reminder
vi. Budgeting
3. Types of Online Banking
a. Informal
b. Communicative
c. Transactional
4. How to Open an Online Banking account
a. Instructions
5. Top 10 Online Banks
6. We can Use Online Banking through
a. Automated Teller Machine
i. Security
1. Physical
2. Transactional Secrecy and Integrity
3. Customer Identity Integrity
4. Customer Security

Page 108
5. Device Operation Integrity

ii. Alternate Uses of atm
iii. Fraud
1. Card fraud
b. Credit Cards
i. Types of Credit Cards
ii. Some widely used forms of Credit Card
1. Standard Credit Cards
2. Speciality Credit Cards
3. Credit Cards for Bad Credits
4. Credit Cards with Reward Program
iii. Name of common used Credit Card
1. Standard Credit Cards
2. Business Credit Cards
3. Prepaid Credit Cards
4. Student Credit Cards
5. Bad Credit Credit Cards
6. Secured Credit Cards
7. Questions on Secured Credit Cards
8. Union Plus Secured Credit Cards
9. Secured Visa Credit Card
10. New Millennium Bank Secured Credit Cards
11. Unsecured Credit Cards
12. Virtual Credit Cards
13. Instant Credit Card
14. Airline Credit Cards
15. Miles by Discover Card
16. JetBlue Card

Page 108
17. Gold Delta SkyMiles Credit Card
18. Citi PremierPass Card
19. American Airlines Credit Card
iv. How credit Card works?
v. Transaction steps
1. Authorization
2. Batching
3. Clearing and Settlement
4. Funding
5. Charge Backs
vi. Secured Credit Card
vii. Prepaid Credit Card
viii. Credit Cards in ATMs
ix. Frauds
c. Debit Cards
i. What’s a Debit Card?
ii. How Does a Debit Card Work?
iii. Making a travel Budget with a Debit Card.
iv. How to get a Debit Card?
v. What happens if there is not enough money in your
account?
vi. Using a Debit Card over Phone
vii. Benefits of Debit Card
d. Mobile
i. Mobile Banking
ii. Trends in Mobile banking
iii. Mobile Banking Business model

Page 108
1. Bank focused model

2. Bank Led model
3. Non bank led model
iv. Mobile Banking services
1. Account Information
2. Payments, Deposits, Withdrawal and Transfers
3. Investments
4. Support
5. Content Services
v. Challenges for Mobile Banking Solutions
1. Headset Operability
2. Security
3. Scalability and Reliability
4. Application Distribution
5. Personalization
vi. Mobile Banking VS Online Banking forecast
vii. Advantages and Disadvantages
e. Telephone
f. SMS Banking
i. Push and Pull messages
ii. Typical Push & Pull Services afforded under SMS
Banking
iii. Concerns and Scepticisms about SMS banking
iv. Quality Services in SMS banking
v. The Convenience Factor
vi. Compensation Control for lack of encryption
vii. Technologies Employed for SMS Banking
g. Electronic Fund Transfer (EFT)
i. EFTPOS
ii. Card Based EFT
iii. Transaction Types
iv. Authorization
1. Dual Message Authorization/Clearing
2. Single Message Authorization/Clearing
v. Authentication
7. Internet/Online Banking Frauds

Page 108
a. Schemes Used in Internet Banking Frauds

i. Over the shoulder Looking scheme
ii. Phishing Scheme
iii. Trojan Horse Scheme
b. Financial Services Information Security news
c. How can a Bank Prevent Online Banking frauds
i. Online banking schemes
ii. One Time Passwords
iii. Hardware Tokens Transaction Specific OPTs
iv. OTP by SMS
v. Smart Cards and USB Tokens
vi. Transaction Monitoring
vii. Comparison
viii. Risk Shield fraud Prevention
8. 5 Simple Tips to make Your Online Transaction Safe
9. Security Issues in Online Banking
a. What a Customer can do for its Security of Online Banking
i. Introduction
ii. Typical Dangers faced when using the internet
iii. What can customer do?
b. Security rules
i. Rule 1 (Install Security Software)
ii. Rule 2 (Protect sensitive Data When sending it over open
network)
iii. Rule 3 (Be Sure You Know who You are Dealing With)
iv. Rule 4 (Be Careful with Sensitive Data and access media)
v. Rule 5 (Choose a secure Password)
vi. Rule 6 (Only Use programs from a trust worthy Source)
vii. Rule 7 (Use up-to-date programs version)
viii. Rule 8 (Run a security check on your PC)
ix. Rule 9 (active the Browser’s Security settings)
x. Rule 10 (Don’t make your current account available for
fraudulent financial transactions)
xi. Glossary
xii. Emergency Check list

Page 108
xiii. General Tips of security on Internet

c. Role of information technology in banking industry
i. Products Supported By I.T
10. Online Banking in Pakistan

a. Pakistan’s ICT Back Ground
b. I.T sector in Pakistan
c. Internet/Online banking in Pakistan
d. Current System
i. Rising Trend of Online banking in Pakistan
ii. 45% Growth in Online Banking in Pakistan
iii. Competition
iv. Co efficiencies
v. Geographical Reach
vi. Branding
vii. Customer Demographics
11. Tips for safe Online banking
a. Review your bank’s information about its online privacy policies
and practices
b. Before setting up any online bill payment, check the privacy
policy of the company or service you will be sending payment
to.
c. For security purposes, choose an online personal identification
number (PIN) that is unique and hard to guess.
d. Install anti-virus, firewall, and anti-spyware programs on your
computer and keep them up to date.
e. Regularly check your online account balance for unauthorized
activity.
f. Use a credit card to pay for online goods and services.
g. Avoid situations where personal information can be intercepted,
retrieved, or viewed by unauthorized individuals.
h. If you receive email correspondence about a financial account,

Page 108
verify its authenticity by contacting your bank or financial

institution.
i. If you have disclosed financial information to a fraudulent web
site, file reports with the following organizations:
12.Advantages of Online Banking
a. Revenue Growth
13. Disadvantages
14. Conclusion
a. Problem Area
b. Research Problem & Research Questions
15. Few Screen Shots of Silk Bank Online Banking through
Website
a. Login Page
b. My Account List page
c. Balance Inquiry page
d. Account Balance Page
e. Mini statement Page
f. Account Statement Page
g. Cheque Book Request Page
h. Bill Payment Page
i. Bill Payment History
j. Logout Page
16. References

Page 108
Abstract

Page 108
Introduction

Page 108
What is Online Banking:

If you're like most people, you've heard a lot about online banking
but probably haven't tried it yourself. You still pay your bills by mail and deposit checks
at your bank branch, much the way your parents did. You might shop online for a loan,
life insurance or a home mortgage, but when it comes time to commit, you feel more
comfortable working with your banker or an agent you know and trust.
Online banking isn't out to change your money habits. Instead, it

uses today's computer technology to give you the option of bypassing the time-
consuming, paper-based aspects of traditional banking in order to manage your
finances more quickly and efficiently.
Definitions of Online Banking:

Online banking (or Internet banking) allows customers to conduct
financial transactions on a secure website operated by their retail or virtual bank, credit
union or building society.
A system allowing individuals to perform banking activities at home,
via the internet. Some online banks are traditional banks which also offer online
banking, while others are online only and have no physical presence. Online banking
through traditional banks enable customers to perform all routine transactions, such as:
• Account transfers
• Balance inquiries
• Bill payments and
• Stop-payment requests
And some even offer online loan and credit card applications. Account information can
be accessed anytime, day or night, and can be done from anywhere. A few online
banks update information in real-time, while others do it daily. Once information has
been entered, it doesn't need to be re-entered for similar subsequent checks, and future
payments can be scheduled to occur automatically. Many banks allow for file transfer
between their program and popular accounting software packages, to simplify record
keeping. Despite the advantages, there are a few drawbacks. It does take some time to
set up and get used to an online account. Also, some banks only offer online banking in
a limited area. In addition, when an account holder pays online, he/she may have to put
in a check request as much as two weeks before the payment is due, but the bank may
withdraw the money from the account the day that request is received, meaning the
person has lost up to two weeks of interest on that payment. Online-only banks have a
few additional drawbacks: an account holder has to mail in deposits (other than direct
deposits), and some services that traditional banks offer are difficult or impossible for
online-only banks to offer, such as traveler's checks and cashier's checks.

Page 108
Online Transaction Processing
Computer system where time-sensitive, transaction-related data is

processed immediately and is always kept current. Used mainly in online banking,
inventory control, manufacturing scheduling, and ticket reservations, OLTP must
possess ACID qualities to maintain data integrity and to ensure that transactions are
correctly executed.
History:
The concept of online banking as we know it today dates back to the early
1980s, when it was first envisioned and experimented with. However, it was only in
1995 (on October 6, to be exact) that Presidential Savings Bank first announced the
facility for regular client use. The idea was quickly snapped up by other banks like Wells
Fargo, Chase Manhattan and Security First Network Bank. Today, quite a few banks
operate solely via the Internet and have no ‘four-walls’ entity at all.
In the beginning, its inventors had predicted that it would be only a matter of
time before online banking completely replaced the conventional kind. Facts now prove
that this was an overoptimistic assessment - many customers still harbor an inherent
distrust in the process. Others have opted not to use many of the offered facilities
because of bitter experience with online frauds, and inability to use online banking
services.
Be that as it may, it is estimated that a total of 55 million families in America

will be active users of online banking by the year 2010. Despite the fact that many
American banks still do not offer this facility to customers, this may turn out to be an
accurate prediction. The number of online banking customers has been increasing at an
exponential rate.
Initially, the main attraction is the elimination of tiresome bureaucratic red

tape in registering for an account, and the endless paperwork involved in regular
banking. The speed with which this process happens online, as well as the other
services possible by these means, has translated into a literal boom in the banking
industry over the last five years. Nor are there any signs of the boom letting up - in
historical terms, online banking has just begun.
Some customers have been known to turn to internet banking due to

dissatisfaction with standard procedures and practices. The total absence of human
interaction appeals to some people. Some customers turn to internet banking facilities
for security reasons. This is mainly because of customers being assured of banks'
ability to keep transactions safe and secured.

Page 108
Origin of Online banking:

The advent of the Internet and the popularity of personal computers
presented both an opportunity and a challenge for the banking industry.
For years, financial institutions have used powerful computer networks to

automate millions of daily transactions; today, often the only paper record is the
customer's receipt at the point of sale. Now that its customers are connected to the
Internet via personal computers, banks envision similar economic advantages by
adapting those same internal electronic processes to home use.
Banks view online banking as a powerful "value added” tool to attract and
retain new customers while helping to eliminate costly paper handling and teller
interactions in an increasingly competitive banking environment.
Features:
Online banking is evolving rapidly. To make sure you get a top performer,
look for the following features:
No fees:
About 80% of online bill-pay accounts in the U.S. are free, according to
Online Banking Report's Bruene, and "about half" of those are customers of Bank of
America. Many banks offer free bill pay only in limited cases. Wells Fargo, for example,
charges $7 per month if your average monthly account balance falls below $5,000. And
after three months of inactivity, NetBank levies a $5 monthly fee on accounts of less
than $3,000. EverBank charges $5 per month if your monthly balance is less than
$1,500. First Internet Bank customers with free checking pay $4.95 a month for online
bill pay, but customers with interest checking accounts (who pay $10 a month) get it
free, as long as their balance stays above $500.
Good Web tools:
Online banking should be simple and quick. A bank's site should be a snap
to learn and easy to navigate, and should provide essential features, such as images of
your cashed checks and tools for budgeting. Bank sites have come a long way in recent
years, and you don't have to pick a big bank to get a good online experience. The best

Page 108
sites also provide recent transaction reports (including payments, transfers and
deposits), and warn you of potential security threats, such as e-mails from phishers.
A good bank site provides scanned images -- both the front and back sides -- of your
canceled checks. Most major banks offer this service, including every bank on the top-
10 list.
Why are check images important? Let's say you forget to record check #1454 in your
register. You go to your bank's site and read your account summary, which lists only the
check number and the amount. Who's the payee? To find out, view the check's image.
And a good site also archives several months' worth of account statements and check
images. Archives vary considerably. For instance, Bank of America archives 18 months
of statements but only 60 business days (about three months) of check images. Ever
Bank, on the other hand, provides 15 months of statements and 13 months of images.
Fund transfers:
Transferring money to your accounts at other banks and brokerages is a big

convenience. Some banks let you set up automatic deductions to make regular
payments to, say, an IRA at a mutual fund company.
Account aggregation:
This is the ability to manage multiple accounts, including those from other
banks, at your bank's Web site. Of the top 10 online banks, only Citibank and Wells
Fargo have this feature.
E-mail alerts and reminders:
You'll want to be notified if there's excessive activity on your credit card, if

someone tries to access your account with an incorrect password or even when you're
low on checks.
Budgeting:
Wells Fargo's "My Spending Report" organizes your expenditures into

categories, including groceries, restaurants and lodging. It's a great way to see how and
where you spend your money. Citibank and Bank of America have similar features.

Page 108
Types of Online Banking
Currently, the following three basic kinds of Internet banking are being employed in the
marketplace:
Informational:
This is the basic level of Internet banking. Typically, the bank has
marketing information about the bank’s products and services on a stand-alone server.
The risk is relatively low, as informational systems typically have no path between the
server and the bank’s internal network. This level of Internet banking can be provided by
the bank or outsourced. While the risk to a bank is relatively low, the server or Web site
may be vulnerable to alteration. Appropriate controls therefore must be in place to
prevent unauthorized alterations to the bank’s server or Web site.
Communicative:
This type of Internet banking system allows some interaction between

the bank’s systems and the customer. The interaction may be limited to electronic mail,
account inquiry, loan applications, or static file updates (name and address changes).
Because these servers may have a path to the bank’s internal networks, the risk is
higher with this configuration than with informational systems.
Appropriate controls need to be in place to prevent, monitor, and alert management of
any unauthorized attempt to access the bank’s internal networks and computer
systems. Virus controls also become much more critical in this environment.
Transactional:
This level of Internet banking allows customers to execute

transactions. Since a path typically exists between the server and the bank’s or
outsourcer’s internal network, this is the highest risk architecture and must have the
strongest controls. Customer transactions can include accessing accounts, paying bills,
transferring funds, etc.
How to Open an Online Banking Account

Page 108
Instructions:
1. Step 1
Decide where you want to open an online bank accounts. If you already
have a bank account and simply want to access it online, this is an easy
decision. If not, look for banks that have low fees for the type of banking that you
plan to do. For example, some banks will waive the fees if you maintain a certain
balance.
2. Step 2
Visit the bank's website. Click on the link to open on online banking
account.
3. Step 3
Click the type of account you want. You'll be able to choose between the
different accounts that the bank offers. If you already have an account, you can
skip this step.
4. Step 4
Fill out your personal details. This will include identifying information, such
as your social security number. If you are opening an online account through
your regular bank, they may ask for your account numbers. You will need to
create a password in order to access your account. Banking sites have security
measures in place to ensure that your data is safe.
5. Step 5
Wait for approval. You should receive an approval notice within a few
minutes. However, you may also have to print, sign and mail a document into the
bank before they will officially approve your account.
6. Step 6
Deposit money into your account. You'll likely need to make a money
transfer to yourself in order to get the money into your account.

Page 108
Top 10 Online Banks
We Can Use Online Banking Through

Page 108
a) Automated Teller Machine (ATM)

b) Credit Card
c) Debit Cards
d) Bank’s Web site
e) Mobile
f) Telephone
Automated Teller Machine
A automated teller machine (ATM) or the automatic banking machine (ABM) is a

computerized telecommunications device that provides the clients of a financial
institution with access to financial transactions in a public space without the need for a
cashier, human clerk or bank teller. On most modern ATMs, the customer is identified
by inserting a plastic ATM card with a magnetic stripe or a plastic smartcard with a chip,
that contains a unique card number and some security information such as an
expiration date or CVVC (CVV). Authentication is provided by the customer entering a
personal identification number (PIN).
Using an ATM, customers can access their bank accounts in order to make cash
withdrawals (or credit card cash advances) and check their account balances as well as
purchase cell phone prepaid credit. If the currency being withdrawn from the ATM is
different from that which the bank account is denominated in (eg: Withdrawing
Japanese Yen from a bank account containing US Dollars), the money will be converted
at a wholesale exchange rate. Thus, ATMs often provide the best possible exchange
rate for foreign travelers [1] and are heavily used for this purpose as well.
ATMs are known by various other names including Automated Transaction

Machine,[2] automated banking machine, cash point (in Britain), money machine, bank
machine, cash machine, hole-in-the-wall, Bancomat (in various countries in Europe and
Russia), Multibanco (after a registered trade mark, in Portugal), and Any Time Money
(in India).
Security Features of ATM:

Security, as it relates to ATMs, has several
dimensions. ATMs also provide a practical demonstration of a number of security
systems and concepts operating together and how various security concerns are dealt
with.

Page 108
Physical:
Early ATM security focused on making the ATMs invulnerable to physical

attack; they were effectively safes with dispenser mechanisms. A number of attacks on
ATMs resulted, with thieves attempting to steal entire ATMs by ram-raiding. Since late
1990s, criminal groups operating in Japan improved ram-raiding by stealing and using a
truck loaded with a heavy construction machinery to effectively demolish or uproot an
entire ATM and any housing to steal its cash.
Another attack method, plofkraak, is to seal all openings of the ATM with
silicone and fill the vault with a combustible gas or to place an explosive inside,
attached, or near the ATM. This gas or explosive is ignited and the vault is opened or
distorted by the force of the resulting explosion and the criminals can break in.
Modern ATM physical security, per other modern money-handling security,

concentrates on denying the use of the money inside the machine to a thief, by means
of techniques such as dye markers and smoke canisters.
A common method is to simply rob the staff filling the machine with money.
To avoid this, the schedule for filling them is kept secret, varying and random. The
money is often kept in cassettes, which will dye the money if incorrectly opened.
Transactional secrecy and integrity:

The security of ATM transactions relies mostly on the integrity of the secure
crypto processor: the ATM often uses commodity components that are not considered
to be "trusted systems".
Encryption of personal information, required by law in many jurisdictions, is

used to prevent fraud. Sensitive data in ATM transactions are usually encrypted with

Page 108
DES, but transaction processors now usually require the use of Triple DES. Remote
Key Loading techniques may be used to ensure the secrecy of the initialization of the
encryption keys in the ATM. Message Authentication Code (MAC) or Partial MAC may
also be used to ensure messages have not been tampered with while in transit between
the ATM and the financial network.
Customer identity integrity:
A BTMU ATM with a palm scanner (to the right of the screen)
There have also been a number of incidents of fraud by Man-in-the-middle

attacks, where criminals have attached fake keypads or card readers to existing
machines. These have then been used to record customers' PINs and bank card
information in order to gain unauthorized access to their accounts. Various ATM
manufacturers have put in place countermeasures to protect the equipment they
manufacture from these threats.
Alternate methods to verify cardholder identities have been tested and

deployed in some countries, such as finger and palm vein patterns, iris, and facial
recognition technologies. However, recently, cheaper mass production equipment has
been developed and being installed in machines globally that detect the presence of
foreign objects on the front of ATMs, current tests have shown 99% detection success
for all types of skimming devices.
Customer security:
Dunbar Armored ATM Techs watching over ATMs that have been installed in a
van.

Page 108
In some countries, multiple security cameras and security guards are a

common feature. In the United States, The NY State Comptroller's Office has criticized
the NY State Department of Banking for not following through on safety inspections of
ATMs in high crime areas.
Critics of ATM operators assert that the issue of customer security appears
to have been abandoned by the banking industry;[48] it has been suggested that efforts
are now more concentrated on deterrent legislation than on solving the problem of
forced withdrawals.
At least as far back as July 30, 1986, critics of the industry have called for
the adoption of an emergency PIN system for ATMs, where the user is able to send a
silent alarm in response to a threat. Legislative efforts to require an emergency PIN
system have appeared in Illinois, Kansas and Georgia, but none have succeeded as of
yet. In January 2009, Senate Bill 1355 was proposed in the Illinois Senate that revisits
the issue of the reverse emergency PIN system. The bill is again resisted by the
banking lobby and supported by the police. In 1998 three towns outside of Cleveland
Ohio, in response to an ATM crime wave, adopted ATM Consumer Security Legislation
requiring that a 9-1-1 switch be installed at all outside ATMs within their jurisdiction.
Since the passing of these laws 11 years ago, there have been no repeat crimes. In the
wake of an ATM Murder in Sharon Hill, Pennsylvania, The City Council of Sharon Hill
passed an ATM Consumer Security Bill as well, with the same result. As of July 2009,
ATM Consumer Security Legislation is currently pending in New York, New Jersey, and
Washington D.C. In China, many efforts to promote security have been made. On-
premises ATMs are often located inside the bank's lobby which may be accessible 24
hours a day. These lobbies have extensive CCTV coverage, an emergency telephone
and a security guard on the premises. Bank lobbies that aren't guarded 24 hours a day
may also have secure doors that can only be opened from outside by swiping your bank
card against a wall-mounted scanner, allowing the bank to identify who enters the
building. Most ATMs will also display on-screen safety warnings and may also be fitted
with convex mirrors above the display allowing the user to see what is happening
behind them.
Device operation integrity:

Page 108
ATMs that are exposed to the outside must be vandal and weather resistant.
Openings on the customer-side of ATMs are often covered by mechanical

shutters to prevent tampering with the mechanisms when they are not in use. Alarm
sensors are placed inside the ATM and in ATM servicing areas to alert their operators
when doors have been opened by unauthorized personnel.
Rules are usually set by the government or ATM operating body that dictate
what happens when integrity systems fail. Depending on the jurisdiction, a bank may or
may not be liable when an attempt is made to dispense a customer's money from an
ATM and the money either gets outside of the ATM's vault, or was exposed in a non-
secure fashion, or they are unable to determine the state of the money after a failed
transaction. Bank customers often complain that banks have made it difficult to recover
money lost in this way, but this is often complicated by the bank's own internal policies
regarding suspicious activities typical of the criminal element.
Alternative uses:
Two NCR Personas 84 ATMs at a bank in Jersey dispensing two types of pound sterling
banknotes: Bank of England notes, and States of Jersey notes
Although ATMs were originally developed as just cash dispensers, they have evolved to
include many other bank-related functions. In some countries, especially those which
benefit from a fully integrated cross-bank ATM network (e.g.: Multibanco in Portugal),
ATMs include many functions which are not directly related to the management of one's
own bank account, such as:
• Deposit currency recognition, acceptance, and recycling

Page 108
• Paying routine bills, fees, and taxes (utilities, phone bills, social security, legal
fees, taxes, etc.)
• Printing bank statements
• Updating passbooks
• Loading monetary value into stored value cards
• Purchasing
o Postage stamps.
o Lottery tickets
o Train tickets
o Concert tickets
o Movie tickets
o Shopping mall gift certificates.
• Games and promotional features
• Donating to charities
• Cheque Processing Module
• Adding pre-paid cell phone credit.
Increasingly banks are seeking to use the ATM as a sales device to deliver pre
approved loans and targeted advertising using products such as ITM (the Intelligent
Teller Machine) from CR2 or Aptra Relate from NCR. ATMs can also act as an
advertising channel for companies to advertise their own products or third-party
products and services.
In Canada, ATMs are called guichets automatiques in French and sometimes "Bank
Machines" in English. The Interac shared cash network does not allow for the selling of
goods from ATMs due to specific security requirements for PIN entry when buying
goods. CIBC machines in Canada, are able to top-up the minutes on certain pay as you
go phones.
A South Korean ATM with mobile bank port and bar code reader

Page 108
Manufacturers have demonstrated and have deployed several different technologies on

ATMs that have not yet reached worldwide acceptance, such as:
• Biometrics, where authorization of transactions is based on the scanning of a

customer's fingerprint, iris, face, etc. Biometrics on ATMs can be found in Asia.
• Cheque/Cash Acceptance, where the ATM accepts and recognise cheques
and/or currency without using envelopes Expected to grow in importance in the
US through Check 21 legislation.
• Bar code scanning
• On-demand printing of "items of value" (such as movie tickets, traveler's
cheques, etc.)
• Dispensing additional media (such as phone cards)
• Co-ordination of ATMs with mobile phones
• Customer-specific advertising
• Integration with non-banking equipment.
Fraud:
As with any device containing objects of value, ATMs and the systems they
depend on to function are the targets of fraud. Fraud against ATMs and people's
attempts to use them takes several forms.
The first known instance of a fake ATM was installed at a shopping mall in
Manchester, Connecticut in 1993. By modifying the inner workings of a Fujitsu model
7020 ATM, a criminal gang known as The Buckland’s Boys was able to steal
information from cards inserted into the machine by customers.
In some cases, bank fraud could occur at ATMs whereby the bank
accidentally stocks the ATM with bills in the wrong denomination, therefore giving the
customer more money than should be dispensed. The result of receiving too much
money may be influenced on the card holder agreement in place between the customer
and the bank.
In a variation of this, WAVY-TV reported an incident in Virginia Beach of

September 2006 where a hacker who had probably obtained a factory-default admin
password for a gas station's white label ATM caused the unit to assume it was loaded
with $5 USD bills instead of $20s, enabling himself—and many subsequent customers
—to walk away with four times the money they said they wanted to withdraw. This type
of scam was featured on the TV series The Real Hustle.
ATM behavior can change during what is called "stand-in" time, where the
bank's cash dispensing network is unable to access databases that contain account
information (possibly for database maintenance). In order to give customers access to

Page 108
cash, customers may be allowed to withdraw cash up to a certain amount that may be
less than their usual daily withdrawal limit, but may still exceed the amount of available
money in their account, which could result in fraud.
Card fraud:
ATM line up
The big queue at an ATM in Masalli, Azerbaijan.
In an attempt to prevent criminals from shoulder surfing the customer's PINs, some
banks draw privacy areas on the floor.
For a low-tech form of fraud, the easiest is to simply steal a customer's card. A later
variant of this approach is to trap the card inside of the ATM's card reader with a device
often referred to as a Lebanese loop. When the customer gets frustrated by not getting
the card back and walks away from the machine, the criminal is able to remove the card
and withdraw cash from the customer's account.
Another simple form of fraud involves attempting to get the customer's bank to issue a
new card and stealing it from their mail.

Page 108
Some ATMs may put up warning messages to customers to not use them when it
detects possible tampering
The concept and various methods of copying the contents of an ATM card's magnetic
stripe on to a duplicate card to access other people's financial information was well
known in the hacking communities by late 1990.
In 1996 Andrew Stone, a computer security consultant from Hampshire in the UK, was
convicted of stealing more than £1 million (at the time equivalent to US$1.6 million) by
pointing high definition video cameras at ATMs from a considerable distance, and by
recording the card numbers, expiry dates, etc. from the embossed detail on the ATM
cards along with video footage of the PINs being entered. After getting all the
information from the videotapes, he was able to produce clone cards which not only
allowed him to withdraw the full daily limit for each account, but also allowed him to
sidestep withdrawal limits by using multiple copied cards. In court, it was shown that he
could withdraw as much as £10,000 per hour by using this method. Stone was
sentenced to five years and six months in prison.
By contrast, a newer high-tech modus operandi sometimes called card skimming or

card cloning involves the installation of a magnetic card reader over the real ATM's card
slot and the use of a wireless surveillance camera or a modified digital camera to
observe the user's PIN. Card data is then cloned onto a second card and the criminal
attempts a standard cash withdrawal. The availability of low-cost commodity wireless
cameras and card readers has made it a relatively simple form of fraud, with
comparatively low risk to the fraudsters.
In an attempt to stop these practices, countermeasures against card cloning have been
developed by the banking industry, in particular by the use of smart cards which cannot
easily be copied or spoofed by unauthenticated devices, and by attempting to make the
outside of their ATMs tamper evident. Older chip-card security systems include the

Page 108
French Carte Bleue, Visa Cash, Mondex, Blue from American Express and EMV '96 or
EMV 3.11. The most actively developed form of smart card security in the industry today
is known as EMV 2000 or EMV 4.x.
EMV is widely used in the UK (Chip and PIN) and other parts of Europe, but when it is
not available in a specific area, ATMs must fallback to using the easy to copy magnetic
stripe to perform transactions. This fallback behaviour can be exploited. However the
fallback option has been removed by several UK banks, meaning if the chip is not read,
the transaction will be declined.
In February 2009, a group of criminals used counterfeit ATM cards to steal $9 million
from 130 ATMs in 49 cities around the world all within a time period of 30 minutes.
Card cloning and skimming can be detected by the implementation of magnetic card
reader heads and firmware that can read a signature embedded in all magnetic stripes
during the card production process. This signature known as a "Magne Print" or
"BluPrint" can be used in conjunction with common two factor authentication schemes
utilized in ATM, debit/retail point-of-sale and prepaid card applications.
Credit Cards:
A credit card is a small plastic card with some numbers embossed on it and which
helps to purchase the things with no requirement of cash in pocket. It is 3-1/8 inches by 2-1/8
inches in size and has identification information for example a signature or picture.
It permits the person named on it to charge purchases or services to his account

charges for which he will be billed periodically. This information is checked where we use it for
example by automated teller machines (ATMs), store readers, Internet computers and banks.
Types of Credit Card:

Credit cards have become an important part of the financial life of modern
society. Consumers can choose from a variety of credit cards available on the market.
Credit cards provide easy access to a number of services. At the same time, the
cardholder can get instant cash, within a pre-determined limit, whenever they need it.
They then return the money back to the financial institution in easy installments. For all
these services, the card issuing companies charge a certain amount as their annual fee.
The cardholders also pay a definite rate of interest for the borrowed amount.
With the growing popularity of credit cards, a huge number of financial

institutions have come up with their own customized credit cards. The needs of the
customers design the features of these cards.

Page 108
Some of the widely used forms of credit cards are as follows:

Standard Credit Cards:
They are the most common version of cards available on the market. These
cards have different features such as low interest, balance transfer, and so on. The
interest rates charged on these cards are quite affordable and they help reduce credit
card debt.
Specialty Credit Cards:
These cards are for some specialized purpose like enabling students to
finance their educational expenditures. Some services are for providing financial
assistance to the business sector at affordable rates. Business credit cards and student
credit cards are some of the specialized cards that are available.
Credit Cards for Bad Credit:
The credit card companies also offer their services to the customers with
adverse credit histories. These services come with some conditions. In spite of that, the
credit cards are helpful for the customers. Secured debit cards and prepaid credit cards
are in this category.
Credit Cards with Rewards Programs:
This category includes cards that have cash back options, airline miles bonuses, and so
on.
Types of Credit cards:
 Standard Credit Cards
 Business Credit Cards
 Prepaid Credit Cards
 Student Credit Cards
 Bad Credit Credit Cards
 Secured Credit Cards

Page 108
 Questions on Secured Credit Cards
 Union Plus Secured Credit Cards
 Secured Visa Credit Card
 New Millennium Bank Secured Credit Cards
 Unsecured Credit Cards
 Virtual Credit Cards
 Instant Credit Card
 Airline Credit Cards
 Miles by Discover Card
 JetBlue Card
 Gold Delta SkyMiles Credit Card
 Citi PremierPass Card
 American Airlines Credit Card
How credit cards work:

Credit cards are issued after an account has been approved by the credit provider, after
which cardholders can use it to make purchases at merchants accepting that card.
When a purchase is made, the credit card user agrees to pay the card issuer. The
cardholder indicates consent to pay by signing a receipt with a record of the card details
and indicating the amount to be paid or by entering a personal identification number
(PIN). Also, many merchants now accept verbal authorizations via telephone and
electronic authorization using the Internet, known as a 'Card/Cardholder Not Present'
(CNP) transaction.
Electronic verification systems allow merchants to verify that the card is valid and the
credit card customer has sufficient credit to cover the purchase in a few seconds,
allowing the verification to happen at time of purchase. The verification is performed
using a credit card payment terminal or Point of Sale (POS) system with a
communications link to the merchant's acquiring bank. Data from the card is obtained

Page 108
from a magnetic stripe or chip on the card; the latter system is in the United Kingdom
and Ireland commonly known as Chip and PIN, but is more technically an EMV card.
Other variations of verification systems are used by eCommerce merchants to

determine if the user's account is valid and able to accept the charge. These will
typically involve the cardholder providing additional information, such as the security
code printed on the back of the card, or the address of the cardholder.
Each month, the credit card user is sent a statement indicating the purchases
undertaken with the card, any outstanding fees, and the total amount owed. After
receiving the statement, the cardholder may dispute any charges that he or she thinks
are incorrect (see Fair Credit Billing Act for details of the US regulations). Otherwise, the
cardholder must pay a defined minimum proportion of the bill by a due date, or may
choose to pay a higher amount up to the entire amount owed. The credit issuer charges
interest on the amount owed if the balance is not paid in full (typically at a much higher
rate than most other forms of debt). Some financial institutions can arrange for
automatic payments to be deducted from the user's bank accounts, thus avoiding late
payment altogether as long as the cardholder has sufficient funds.
Benefits to customers:
The main benefit to each customer is convenience. Compared to debit
cards and checks, a credit card allows small short-term loans to be quickly made to a
customer who need not calculate a balance remaining before every transaction,
provided the total charges do not exceed the maximum credit line for the card. Credit
cards also provide more fraud protection than debit cards. In the UK for example, the
bank is jointly liable with the merchant for purchases of defective products over £100.
Additionally, carrying a credit card may be a convenience to some

customers, as it eliminates the need to carry any cash for most purposes.
Transaction steps:
• Authorization:
The cardholder pays for the purchase and the merchant submits the
transaction to the acquirer (acquiring bank). The acquirer verifies the credit card
number, the transaction type and the amount with the issuer (Card-issuing bank)
and reserves that amount of the cardholder's credit limit for the merchant. An
authorization will generate an approval code, which the merchant stores with the
transaction.

Page 108
• Batching:
Authorized transactions are stored in "batches", which are sent to the

acquirer. Batches are typically submitted once per day at the end of the business
day. If a transaction is not submitted in the batch, the authorization will stay valid
for a period determined by the issuer, after which the held amount will be
returned back to the cardholder's available credit (see authorization hold). Some
transactions may be submitted in the batch without prior authorizations; these are
either transactions falling under the merchant's floor limit or ones where the
authorization was unsuccessful but the merchant still attempts to force the
transaction through. (Such may be the case when the cardholder is not present
but owes the merchant additional money, such as extending a hotel stay or car
rental.)
• Clearing and Settlement:
The acquirer sends the batch transactions through the credit card
association, which debits the issuers for payment and credits the acquirer.
Essentially, the issuer pays the acquirer for the transaction.
• Funding:
Once the acquirer has been paid, the acquirer pays the merchant. The
merchant receives the amount totalling the funds in the batch minus either the
"discount rate," "mid-qualified rate", or "non-qualified rate" which are tiers of fees
the merchant pays the acquirer for processing the transactions.
• Charge backs:
A chargeback is an event in which money in a merchant account is held due

to a dispute relating to the transaction. Charge backs are typically initiated by the
cardholder. In the event of a charge back, the issuer returns the transaction to
the acquirer for resolution. The acquirer then forwards the chargeback to the
merchant, who must either accept the chargeback or contest it. A merchant is
responsible for the chargeback only if she has violated the card acceptance
procedures as per the merchant agreement with card acquirers.

Page 108
Secured credit cards:

A secured credit card is a type of credit card secured by a deposit account
owned by the cardholder. Typically, the cardholder must deposit between 100% and
200% of the total amount of credit desired. Thus if the cardholder puts down $1000,
they will be given credit in the range of $500–$1000. In some cases, credit card issuers
will offer incentives even on their secured card portfolios. In these cases, the deposit
required may be significantly less than the required credit limit, and can be as low as
10% of the desired credit limit. This deposit is held in a special savings account. Credit
card issuers offer this because they have noticed that delinquencies were notably
reduced when the customer perceives something to lose if the balance is not repaid.
The cardholder of a secured credit card is still expected to make regular

payments, as with a regular credit card, but should they default on a payment, the card
issuer has the option of recovering the cost of the purchases paid to the merchants out
of the deposit. The advantage of the secured card for an individual with negative or no
credit history is that most companies report regularly to the major credit bureaus. This
allows for building of positive credit history.
Although the deposit is in the hands of the credit card issuer as security in
the event of default by the consumer, the deposit will not be debited simply for missing
one or two payments. Usually the deposit is only used as an offset when the account is
closed, either at the request of the customer or due to severe delinquency (150 to 180
days). This means that an account which is less than 150 days delinquent will continue
to accrue interest and fees, and could result in a balance which is much higher than the
actual credit limit on the card. In these cases the total debt may far exceed the original
deposit and the cardholder not only forfeits their deposit but is left with an additional
debt.
Most of these conditions are usually described in a cardholder agreement

which the cardholder signs when their account is opened.
Secured credit cards are an option to allow a person with a poor credit
history or no credit history to have a credit card which might not otherwise be available.
They are often offered as a means of rebuilding one's credit. Secured credit cards are
available with both Visa and MasterCard logos on them. Fees and service charges for
secured credit cards often exceed those charged for ordinary non-secured credit cards,
however, for people in certain situations, (for example, after charging off on other credit
cards, or people with a long history of delinquency on various forms of debt), secured
cards can often be less expensive in total cost than unsecured credit cards, even
including the security deposit.

Page 108
Sometimes a credit card will be secured by the equity in the borrower's

home.
Prepaid "credit" cards:

A prepaid credit card is not a credit card, since no credit is offered by the
card issuer: the card-holder spends money which has been "stored" via a prior deposit
by the card-holder or someone else, such as a parent or employer. However, it carries a
credit-card brand (Visa, MasterCard, American Express or Discover) and can be used in
similar ways just as though it were a regular credit card.
After purchasing the card, the cardholder loads the account with any
amount of money, up to the predetermined card limit and then uses the card to make
purchases the same way as a typical credit card. Prepaid cards can be issued to minors
(above 13) since there is no credit line involved. The main advantage over secured
credit cards (see above section) is that you are not required to come up with $500 or
more to open an account. With prepaid credit cards you are not charged any interest but
you are often charged a purchasing fee plus monthly fees after an arbitrary time period.
Many other fees also usually apply to a prepaid card.
Prepaid credit cards are sometimes marketed to teenagers for shopping

online without having their parents complete the transaction.
Because of the many fees that apply to obtaining and using credit-card-
branded prepaid cards, the Financial Consumer Agency of Canada describes them as
"an expensive way to spend your own money".[10] The agency publishes a booklet, "Pre-
paid cards", which explains the advantages and disadvantages of this type of prepaid
card.
Credit cards in ATMs:

Many credit cards can also be used in an ATM to withdraw money against the credit
limit extended to the card, but many card issuers charge interest on cash advances
before they do so on purchases. The interest on cash advances is commonly charged
from the date the withdrawal is made, rather than the monthly billing date. Many card
issuers levy a commission for cash withdrawals, even if the ATM belongs to the same
bank as the card issuer. Merchants do not offer cash back on credit card transactions
because they would pay a percentage commission of the additional cash amount to
their bank or merchant services provider, thereby making it uneconomical.
Many credit card companies will also, when applying payments to a card, do so at the
end of a billing cycle, and apply those payments to everything before cash advances.

Page 108
For this reason, many consumers have large cash balances, which have no grace
period and incur interest at a rate that is (usually) higher than the purchase rate, and will
carry those balance for years, even if they pay off their statement balance each month.
Fraud:
In relative numbers the values lost in bank card fraud are minor, calculated
in 2006 at 7 cents per 100 dollars worth of transactions (7 basis points). In 2004 in the
UK, the cost of fraud was over £500 million. When a card is stolen, or an unauthorized
duplicate made, most card issuers will refund some or all of the charges that the
customer has received for things they did not buy. These refunds will, in some cases,
be at the expense of the merchant, especially in mail order cases where the merchant
cannot claim sight of the card. In several countries, merchants will lose the money if no
ID card was asked for, therefore merchants usually require ID card in these countries.
Credit card companies generally guarantee the merchant will be paid on legitimate
transactions regardless of whether the consumer pays their credit card bill. Most
banking services have their own credit card services that handle fraud cases and
monitor for any possible attempt at fraud. Employees that are specialized in doing fraud
monitoring and investigation are often placed in Risk Management, Fraud and
Authorization, or Cards and Unsecured Business. Fraud monitoring emphasizes
minimizing fraud losses while making an attempt to track down those responsible and
contain the situation. Credit card fraud is a major white collar crime that has been
around for many decades, even with the advent of the chip based card (EMV) that was
put into practice in some countries to prevent cases such as these. Even with the
implementation of such measures, credit card fraud continues to be a problem.
Debit Cards:
What's a Debit Card?
A debit card differs from a credit card in that a debit card is tied directly to
your checking account and the amount of money you can spend with it is limited to the
amount of money you have in the bank.
How Does a Debit Card Work?
When you use a debit card, the transaction debits (withdraws) the amount of
the transaction from your checking account, usually on the same day. You can use a
debit card to get cash from ATM machines or have it swiped like a credit card at shops
or restaurants or swipe it through a pay phone to make a call.

Page 108
How Does a Debit Card Work?
When you use a debit card, the transaction debits (withdraws) the amount of
the transaction from your checking account, usually on the same day. You can use a
debit card to get cash from ATM machines or have it swiped like a credit card at shops
or restaurants or swipe it through a pay phone to make a call.
Making a Travel Budget With a Debit Card:
Naturally, you can't rely on your debit card for all your international
transactions - imagine haggling with a street vendor, getting the price right and then
trying to give him/her plastic! Remote hostels and many restaurants in third world
countries don't accept credit cards (which is how debit cards are viewed in the business
world). Thus, you'll need to make budget plans before you leave home so that you have
traveler's checks and cash and some money in your checking account for use on your
debit card.
Let's assume you have a budget of $2000 for your trip. Decide how you're
comfortable splitting that into the way you'll use it; $500 in traveler's checks (although
travelers' checks are dead as disco, because carrying them is a pain on several levels --
we've had banks in other countries refuse to cash them, we've lost them, etc. and so
on), $500 in cash and $1000 left in your checking account, for example -- that's $1000
on your debit card.
If that $2000 represents your entire cash portfolio, consider setting up

emergency precautions before you leave home. If someone, like Dad, is willing to loan
you money, leave deposit slips with him so that if you lose all your money abroad, you
can dial for dollars (using your debit card) and he can get some money into your
account. If your debit card (your checking account) is almost empty, ask him to tell the
bank to "memo post" the deposit so that the cash is immediately available and your
debit card is quickly back in business.
How to Get a Debit Card:
Chances are you were automatically offered a debit card when you opened
your checking account. If you don't have a checking account, go open one now. Look
for a bank that doesn't charge checking account fees, and ask for a debit card.
It takes a few days to two weeks to get a debit card after you order it. When
the card arrives, sign the back; have photo id with your signature handy when you use
the card - merchants may want to compare your face and your signatures to protect
themselves from fraud.

Page 108
What happens if there's not enough money in your account?

This will depend on the type of debit card you have:
• if you have a ‘Solo’ or ‘Electron’ debit card the balance in your account is
checked before each transaction – if there’s not enough money you won’t be able
pay or withdraw cash with the debit card without prior agreement
• if you have ‘Switch’, ‘Visa’ or ‘Delta’ card your account balance won’t necessarily
be checked and the payment may still go through
If you go overdrawn the charges you’ll pay will depend on whether or not
you have an authorised overdraft arrangement with your bank. If you do, you’ll pay the
agreed amount of interest at the end of each month. This is usually much lower than
interest charged on credit cards.
If you don’t have an overdraft agreement, or you exceed the agreed limit,
your bank may allow the payment to go through but you’ll usually pay much higher fees
than if you had an agreed overdraft.
Using a debt card over the phone or internet:

Debit cards can be used to make payments by phone or over the internet. In
this case you'll need to provide certain details that are printed on your card. Find out
more and view an example debit card on the Financial Services Authority (FSA)
website.
Exclusive features Debit Card:

• Global Acceptability:
Debit Cards can be used at 24 million establishments across the globe in

210 countries including 10,000 in Pakistan displaying the Debit Cards logo.
• Cash Advance Facility:
You can withdraw cash up to 30% of your available Debit limit at any
VISA/MasterCard ATM across the globe. Cash can also be withdrawn ‘Over-the-
Counter’ at financial institutions worldwide or at any of the Bank branches and all
other VISA/MasterCard member banks.

Page 108
• Supplementary Cards:
Gift your family members, friends, employees or absolutely anyone, with

exclusive Debit or VISA/MasterCard Supplementary Cards and let them enjoy
the privileges these Cards have to offer. You can have up to 5 Supplementary
Cards made for anyone who is more than 18 years of age.
• Foreign Transactions:
When you use your Debit Card abroad, the transaction amount will be
converted from the transaction currency to US Dollars, based on the international
exchange rate prevailing on that date. In order to assist Card members, all
transactions will be converted into yours country currency for payment.
Debit Cards vs. Credit Cards: Similarities and Differences:

The same financial institutions offer both debit cards and credit cards. Both
cards offer special rewards, such as points and cash back on purchases made through
the card. Debit cards and credit cards can be used to make online payments with the
help of the Pin number assigned to them. They can be used to withdraw money from
ATMs, depending on the cash limit available on these cards.
Debit cards and credit cards differ in some significant ways. In the case of a
credit card, the issuer offers credit and overdraft facilities. This facility is not available
with a debit card, which will only debit payments from existing and available funds within
the cardholders account. A credit cardholder therefore has a monthly bill to pay in every
month that the card is used. If they don’t pay that bill, high interest charges are applied.
A debit card holder is free from the hassle of paying those bills, and from the risk of
building up large debts to credit card companies.
Debit Cards: Benefits:

Debit cards offer the following benefits:
• They help people to be disciplined financially, since one cannot splurge with the
limited amount of funds deposited for the card.
• A person with poor credit can obtain a debit card without too much trouble.
• Debit cards can be used to make online purchases and payments.

Page 108
• They provide freedom from carrying cash and checks while travelling, thereby
offering more safety.
• Debit cards do not charge high interest rates or fees on card transactions.
Disadvantages of Debit Cards:

Debit cards, however, do entail certain limitations, such as:
• Debit cards come with lesser fraud protection facilities than credit cards.
• Some transactions cannot be carried out with a debit card, such as renting a car
in a foreign country.
• You can only use as many funds as you have available. Therefore, in case of an
emergencies where credit is urgently needed beyond your account balance, a
debit card will not be enough to meet your needs.
Use of Online Banking through Mobile:

Mobile banking:
Mobile banking (also known as M-Banking, m-banking, SMS Banking etc.)
is a term used for performing balance checks, account transactions, payments etc. via a
mobile device such as a mobile phone. Mobile banking today is most often performed
via SMS or the Mobile Internet but can also use special programs called clients
downloaded to the mobile device.
Trends in mobile banking:

The advent of the Internet has enabled new ways to conduct banking
business, resulting in the creation of new institutions, such as online banks, online
brokers and wealth managers. Such institutions still account for a tiny percentage of the
industry.
Over the last few years, the mobile and wireless market has been one of the
fastest growing markets in the world and it is still growing at a rapid pace. According to
the GSM Association and Ovum, the number of mobile subscribers exceeded 2 billion in
September 2005, and now exceeds 2.5 billion (of which more than 2 billion are GSM).
With mobile technology, banks can offer services to their customers such as
doing funds transfer while travelling, receiving online updates of stock price or even

Page 108
performing stock trading while being stuck in traffic. Smart phones and 3G connectivity
provide some capabilities that older text message-only phones do not.
According to a study by financial consultancy Celent, 35% of online banking

households will be using mobile banking by 2010, up from less than 1% today. Upwards
of 70% of bank center call volume is projected to come from mobile phones. Mobile
banking will eventually allow users to make payments at the physical point of sale.
"Mobile contactless payments” will make up 10% of the contactless market by 2010.
Many believe that mobile users have just started to fully utilize the data
capabilities in their mobile phones. In Asian countries like India, China, Bangladesh,
Indonesia and Philippines, where mobile infrastructure is comparatively better than the
fixed-line infrastructure, and in European countries, where mobile phone penetration is
very high (at least 80% of consumers use a mobile phone), mobile banking is likely to
appeal even more.
Mobile banking business models:

A wide spectrum of Mobile/branchless banking models is evolving.
However, no matter what business model, if mobile banking is being used to attract low-
income populations in often rural locations, the business model will depend on banking
agents, i.e., retail or postal outlets that process financial transactions on behalf telcos or
banks. The banking agent is an important part of the mobile banking business model
since customer care, service quality, and cash management will depend on them. Many
telcos will work through their local airtime resellers. However, banks in Colombia, Brazil,
Peru, and other markets use pharmacies, bakeries, etc.
These models differ primarily on the question that who will establish the
relationship (account opening, deposit taking, lending etc.) to the end customer, the
Bank or the Non-Bank/Telecommunication Company (Telco). Another difference lies in
the nature of agency agreement between bank and the Non-Bank. Models of
branchless banking can be classified into three broad categories - Bank Focused, Bank-
Led and Nonbank-Led.
Bank-focused model:
The bank-focused model emerges when a traditional bank uses non-
traditional low-cost delivery channels to provide banking services to its existing
customers. Examples range from use of automatic teller machines (ATMs) to internet
banking or mobile phone banking to provide certain limited banking services to banks’
customers. This model is additive in nature and may be seen as a modest extension of
conventional branch-based banking.

Page 108
Bank-led model:
The bank-led model offers a distinct alternative to conventional branch-
based banking in that customer conducts financial transactions at a whole range of
retail agents (or through mobile phone) instead of at bank branches or through bank
employees. This model promises the potential to substantially increase the financial
services outreach by using a different delivery channel (retailers/ mobile phones), a
different trade partner (telco / chain store) having experience and target market distinct
from traditional banks, and may be significantly cheaper than the bank-based
alternatives. The bank-led model may be implemented by either using correspondent
arrangements or by creating a JV between Bank and Telco/non-bank. In this model
customer account relationship rests with the bank
Non-bank-led model:
The non-bank-led model is where a bank does not come into the picture
(except possibly as a safe-keeper of surplus funds) and the non-bank (e.g. telco)
performs all the functions.
Mobile Banking Services:

Mobile banking can offer services such as the following:
Account Information
1. Mini-statements and checking of account history

2. Alerts on account activity or passing of set thresholds
3. Monitoring of term deposits
4. Access to loan statements
5. Access to card statements
6. Mutual funds / equity statements
7. Insurance policy management
8. Pension plan management
9. Status on cheque, stop payment on cheque
10. Ordering check books
11. Balance checking in the account
12. Recent transactions
13. Due date of payment (functionality for stop, change and deleting of payments)
14. PIN provision, Change of PIN and reminder over the Internet
15. Blocking of (lost, stolen) cards

Page 108
Payments, Deposits, Withdrawals, and Transfers:

1. Domestic and international fund transfers
2. Micro-payment handling
3. Mobile recharging
4. Commercial payment processing
5. Bill payment processing
6. Peer to Peer payments
7. Withdrawal at banking agent
8. Deposit at banking agent
Especially for clients in remote locations, it will be important to help them

deposit and withdraw funds at banking agents, i.e., retail and postal outlets that turn
cash into electronic funds and vice versa. The feasibility of such banking agents
depends on local regulation which enables retail outlets to take deposits or not.
A specific sequence of SMS messages will enable the system to verify if the
client has sufficient funds in his or her wallet and authorize a deposit or withdrawal
transaction at the agent. When depositing money, the merchant receives cash and the
system credits the client's bank account or mobile wallet. In the same way the client can
also withdraw money at the merchant: through exchanging SMS to provide
authorization, the merchant hands the client cash and debits the merchant's account.
Investments:
1. Portfolio management services
2. Real-time stock quotes
3. Personalized alerts and notifications on security prices
4. mobile banking
Support:
1. Status of requests for credit, including mortgage approval, and insurance
coverage
2. Check (cheque) book and card requests
3. Exchange of data messages and email, including complaint submission and
tracking
4. ATM Location

Page 108
Content Services:
1. General information such as weather updates, news
2. Loyalty-related offers
3. Location-based services
Based on a survey conducted by Forrester, mobile banking will be attractive mainly to

the younger, more "tech-savvy" customer segment. A third of mobile phone users say
that they may consider performing some kind of financial transaction through their
mobile phone. But most of the users are interested in performing basic transactions
such as querying for account balance and making bill payment.
Challenges for a Mobile Banking Solution:

Key challenges in developing a sophisticated mobile banking application
are:
Handset operability:
There are a large number of different mobile phone devices and it is a big
challenge for banks to offer mobile banking solution on any type of device. Some of
these devices support J2ME and others support SIM Application Toolkit, a WAP
browser, or only SMS.
Initial interoperability issues however have been localized, with countries

like India using portals like R-World to enable the limitations of low end java based
phones, while focus on areas such as South Africa have defaulted to the USSD as a
basis of communication achievable with any phone.
The desire for interoperability is largely dependent on the banks

themselves, where installed applications(Java based or native) provide better security,
are easier to use and allow development of more complex capabilities similar to those of
internet banking while SMS can provide the basics but becomes difficult to operate with
more complex transactions.
There is a myth that there is a challenge of interoperability between mobile

banking applications due to perceived lack of common technology standards for mobile
banking. In practice it is too early in the service lifecycle for interoperability to be
addressed within an individual country, as very few countries have more than one
mobile banking service provider. In practice, banking interfaces are well defined and
money movements between banks follow the IS0-8583 standard. As mobile banking

Page 108
matures, money movements between service providers will naturally adopt the same
standards as in the banking world.
Security:
Security of financial transactions, being executed from some remote
location and transmission of financial information over the air, are the most complicated
challenges that need to be addressed jointly by mobile application developers, wireless
network service providers and the banks' IT departments.
The following aspects need to be addressed to offer a secure infrastructure

for financial transaction over wireless network:
1. Physical part of the hand-held device. If the bank is offering smart-card based
security, the physical security of the device is more important.
2. Security of any thick-client application running on the device. In case the device
is stolen, the hacker should require at least an ID/Password to access the
application.
3. Authentication of the device with service provider before initiating a transaction.
This would ensure that unauthorized devices are not connected to perform
financial transactions.
4. User ID / Password authentication of bank’s customer.
5. Encryption of the data being transmitted over the air.
6. Encryption of the data that will be stored in device for later / off-line analysis by
the customer.
Scalability & Reliability:

Another challenge for the CIOs and CTOs of the banks is to scale-up the
mobile banking infrastructure to handle exponential growth of the customer base. With
mobile banking, the customer may be sitting in any part of the world (true anytime,
anywhere banking) and hence banks need to ensure that the systems are up and
running in a true 24 x 7 fashion. As customers will find mobile banking more and more
useful, their expectations from the solution will increase. Banks unable to meet the
performance and reliability expectations may lose customer confidence. There are
systems such as Mobile Transaction Platform which allow quick and secure mobile
enabling of various banking services. Recently in India there has been a phenomenal
growth in the use of Mobile Banking applications, with leading banks adopting Mobile
Transaction Platform and the Central Bank publishing guidelines for mobile banking
operations.

Page 108
Application distribution
Due to the nature of the connectivity between bank and its customers, it
would be impractical to expect customers to regularly visit banks or connect to a web
site for regular upgrade of their mobile banking application. It will be expected that the
mobile application itself check the upgrades and updates and download necessary
patches (so called "Over The Air" updates). However, there could be many issues to
implement this approach such as upgrade / synchronization of other dependent
components.
Personalization
It would be expected from the mobile application to support personalization
such as:
1. Preferred Language
2. Date / Time format
3. Amount format
4. Default transactions
5. Standard Beneficiary list
6. Alerts
Mobile banking in the world:

Mobile banking has come in handy in many parts of the world with little or
no Infrastructure development, especially in remote and rural areas. This part of the
mobile commerce is also very popular in countries where most of their population is
unbanked. In most of these places banks can only be found in big cities and customers
have to travel hundreds of miles to the nearest bank.
Countries like Sudan, Ghana and South Africa received this new commerce
very well. In Latin America countries like Uruguay, Paraguay, Argentina, Brazil,
Venezuela, Colombia, Guatemala and recently Mexico started with a huge success.
In Colombia was released with Redeban.
In Iran banks like Parsian, Tejarat, Mellat, Saderat, Sepah, edbi and
bankmelli offer this service. Guatemala have the support of Banco industrial.
Mexico released the mobile commerce with Omnilife,Bancomer and a private

company(MPower Ventures). Kenya's Safaricom (Part of the Vodafone Group) has had
the very popular M-Pesa Service - mainly used to transfer limited amounts of money,

Page 108
but has been increasingly used to pay utility bills. Zain in 2009 launched their own
mobile money transfer business known as ZAP in Kenya and other African countries.
Mobile Banking VS Online Banking forecast:

Page 108

Page 108
Telephonic Online Banking:

Telephone banking is a service provided by a financial institution which
allows its customers to perform transactions over the telephone.
Most telephone banking use an automated phone answering system with

phone keypad response or voice recognition capability. To guarantee security, the
customer must first authenticate through a numeric or verbal password or through
security questions asked by a live representative (see below). With the obvious
exception of cash withdrawals and deposits, it offers virtually all the features of an
automated teller machine: account balance information and list of latest transactions,
electronic bill payments, funds transfers between a customer's accounts, etc.
Usually, customers can also speak to a live representative located in a call

centre or a branch, although this feature is not guaranteed to be offered 24/7. In
addition to the self-service transactions listed earlier, telephone banking representatives
are usually trained to do what was traditionally available only at the branch: loan
applications, investment purchases and redemptions, chequebook orders, debit card
replacements, change of address, etc.
Banks which operate mostly or exclusively by telephone are known as

phone banks.
SMS Banking:
SMS banking is a technology-enabled service offering from banks to its
customers, permitting them to operate selected banking services over their mobile
phones using SMS messaging.
Push and pull messages
SMS banking services are operated using both push and pull messages. Push
messages are those that the bank chooses to send out to a customer's mobile phone,
without the customer initiating a request for the information. Typically push messages
could be either Mobile marketing messages or messages alerting an event which
happens in the customer's bank account, such as a large withdrawal of funds from the
ATM or a large payment using the customer's credit card, etc. (see section below on
Typical Push and Pull messages).
Another type of push message is One-time password (OTPs). OTPs are the latest tool
used by financial and banking service providers in the fight against cyber fraud. Instead
of relying on traditional memorized passwords, OTPs are requested by consumers each

Page 108
time they want to perform transactions using the online or mobile banking interface.
When the request is received the password is sent to the consumer’s phone via SMS.
The password is expired once it has been used or once its scheduled life-cycle has
expired.
Pull messages are those that are initiated by the customer, using a mobile phone, for
obtaining information or performing a transaction in the bank account. Examples of pull
messages for information include an account balance enquiry, or requests for current
information like currency exchange rates and deposit interest rates, as published and
updated by the bank.
The bank’s customer is empowered with the capability to select the list of activities (or
alerts) that he/she needs to be informed. This functionality to choose activities can be
done either by integrating to the internet banking channel or through the bank’s
customer service call centre.
Typical push and pull services offered under SMS banking:

Depending on the selected extent of SMS banking transactions offered by the bank, a
customer can be authorized to carry out either non-financial transactions, or both and
financial and non-financial transactions. SMS banking solutions offer customers a range
of functionality, classified by push and pull services as outlined below.
Typical push services would include:
• Periodic account balance reporting (say at the end of month);

• Reporting of salary and other credits to the bank account;
• Successful or un-successful execution of a standing order;
• Successful payment of a cheque issued on the account;
• Insufficient funds;
• Large value withdrawals on an account;
• Large value withdrawals on the ATM or EFTPOS on a debit card;
• Large value payment on a credit card or out of country activity on a credit card.
• One-time password and authentication
Typical pull services would include:
• Account balance enquiry;

• Mini statement request;
• Electronic bill payment;
• Transfers between customer's own accounts, like moving money from a savings
account to a current account to fund a cheque;
• Stop payment instruction on a cheque;

Page 108
• Requesting for an ATM card or credit card to be suspended;

• De-activating a credit or debit card when it is lost or the PIN is known to be
compromised;
• Foreign currency exchange rates enquiry;
• Fixed deposit interest rates enquiry.
Concerns and scepticism about SMS banking:

Many banks would have some concerns when the prospects of introducing
SMS banking are discussed. Most of these concerns could revolve around security and
operational controls around SMS Banking. However supporters of SMS claim that while
SMS banking is not as secure as other conventional banking channels, like the ATM
and internet banking, the SMS banking channel is not intended to be used for very high-
risk transactions.
Quality of service in SMS banking:

Because of the concerns made explicit above, it is extremely important that
SMS gateway providers can provide a decent quality of service for banks and financial
institutions in regards to SMS services. Therefore, the provision of Service Level
Agreement (SLA) is a requirement for this industry; it is necessary to give the bank
customer delivery guarantees of all messages, as well as measurements on the speed
of delivery, throughput, etc. SLAs give the service parameters in which a messaging
solution is guaranteed to perform.
The convenience factor:

The convenience of executing simple transactions and sending out information or
alerting a customer on the mobile phone is often the overriding factor that dominates
over the skeptics who tend to be overly bitten by security concerns.
As a personalized end-user communication instrument, today mobile phones are

perhaps the easiest channel on which customers can be reached on the spot, as they
carry the mobile phone all the time no matter where they are. Besides, the operation of
SMS banking functionality over phone key instructions makes its use very simple. This
is quite different from internet banking which can offer broader functionality, but has the
limitation of use only when the customer has access to a computer and the Internet.
Also, urgent warning messages, such as SMS alerts, are received by the customer
instantaneously; unlike other channels such as the post, email, Internet, telephone
banking, etc. on which a bank's notifications to the customer involves the risk of delayed
delivery and response.

Page 108
The SMS banking channel also acts as the bank’s means of alerting its customers,
especially in an emergency situation; e.g. when there is an ATM fraud happening in the
region, the bank can push a mass alert (although not subscribed by all customers) or
automatically alert on an individual basis when a predefined ‘abnormal’ transaction
happens on a customer’s account using the ATM or credit card. This capability mitigates
the risk of fraud going unnoticed for a long time and increases customer confidence in
the bank’s information systems.
Compensating controls for lack of encryption:

The lack of encryption on SMS messages is an area of concern that is often
discussed. This concern sometimes arises within the group of the bank’s technology
personnel, due to their familiarity and past experience with encryption on the ATM and
other payment channels. The lack of encryption is inherent to the SMS banking channel
and several banks that use it have overcome their fears by introducing compensating
controls and limiting the scope of the SMS banking application to where it offers an
advantage over other channels.
Suppliers of SMS banking software solutions have found reliable means by

which the security concerns can be addressed. Typically the methods employed are by
pre-registration and using security tokens where the transaction risk is perceived to be
high. Sometimes ATM type PINs are also employed, but the usage of PINs in SMS
banking makes the customer's task more cumbersome.
Technologies employed for SMS banking:

Most SMS banking solutions are add-on products and work with the bank’s
existing host systems deployed in its computer and communications environment. As
most banks have multiple backend hosts, the more advanced SMS banking systems
are built to be able to work in a multi-host banking environment; and to have open
interfaces which allow for messaging between existing banking host systems using
industry or de-facto standards.
Well developed and mature SMS banking software solutions normally

provide a robust control environment and a flexible and scalable operating environment.
These solutions are able to connect seamlessly to multiple SMSC operators in the
country of operation. Depending on the volume of messages that are require to be
pushed, means to connect to the SMSC could be different, such as using simple
modems or connecting over leased line using low level communication protocols (like
SMPP, UCP etc.). Advanced SMS banking solutions also cater to providing failover
mechanisms and least-cost routing options.

Page 108
Electronic funds transfer:

Electronic funds transfer or EFT refers to the computer-based systems used
to perform financial transactions electronically.
The term is used for a number of different concepts:
• Cardholder-initiated transactions, where a cardholder makes use of

a payment card
• Direct deposit payroll payments for a business to its employees,
possibly via a payroll services company
• Direct debit payments from customer to business, where the
transaction is initiated by the business with customer permission
• Electronic bill payment in online banking, which may be delivered
by EFT or paper check
• Transactions involving stored value of electronic money, possibly in
a private currency
• Wire transfer via an international banking network (generally carries
a higher fee)
• Electronic Benefit Transfer
EFTPOS:
EFTPOS (short for Electronic Funds Transfer at Point of Sale) is an

Australian and New Zealand electronic processing system for credit cards, debit cards
and charge cards.[1]
European banks and card companies also sometimes reference "EFTPOS"

as the system used for processing card transactions through terminals on points of sale,
though the system is not the trademarked Australian/New Zealand variant.

Page 108
Card-based EFT:
Credit cards
EFT may be initiated by a cardholder when a payment card such as a credit card or
debit card is used. This may take place at an automated teller machine (ATM) or point
of sale (POS), or when the card is not present, which covers cards used for mail order,
telephone order and internet purchases.
Card-based EFT transactions are often covered by the ISO 8583 standard.
Transaction types:
A number of transaction types may be performed, including the following:
• Sale: where the cardholder pays for goods or service

• Refund: where a merchant refunds an earlier payment made by a cardholder
• Withdrawal: the cardholder withdraws funds from their account, e.g. from an
ATM. The term Cash Advance may also be used, typically when the funds are
advanced by a merchant rather than at an ATM
• Deposit: where a cardholder deposits funds to their own account (typically at an
ATM)
• Cashback: where a cardholder withdraws funds from their own account at the
same time as making a purchase
• Inter-account transfer: transferring funds between linked accounts belonging to
the same cardholder
• Payment: transferring funds to a third party account
• Enquiry: a transaction without financial impact, for instance balance enquiry,
available funds enquiry, linked accounts enquiry, or request for a statement of
recent transactions on the account
• E top-up: where a cardholder can use a device (typically POS or ATM) to add
funds (top-up) their pre-pay mobile phone
• Mini-statement: where a cardholder uses a device (typically an ATM) to obtain
details of recent transactions on their account
• Administrative: this covers a variety of non-financial transactions including PIN
change

Page 108
The transaction types offered depend on the terminal. An ATM would offer different
transactions from a POS terminal, for instance.
Authorization:
EFT transactions require communication between a number of parties.
When a card is used at a merchant or ATM, the transaction is first routed to an acquirer,
then through a number of networks to the issuer where the cardholder's account is held.
A transaction may be authorized offline by any of these entities through a

stand-in agreement. Stand-in authorization may be used when a communication link is
not available, or simply to save communication cost or time. Stand-in is subject to the
transaction amount being below agreed limits, known as floor limits. These limits are
calculated based on the risk of authorizing a transaction offline, and thus vary between
merchants and card types. Offline transactions may be subject to other security checks
such as checking the card number against a 'hot card' (stolen card) list, velocity checks
(limiting the number of offline transactions allowed by a cardholder) and random online
authorization.
Before online authorization was standard practice and credit cards were
processed using manual vouchers, each merchant would agree a limit ("floor limit) with
his bank above which he must telephone for an authorization code. If this was not
carried out and the transaction subsequently was refused by the issuer ("bounced"), the
merchant would not be entitled to a refund.
Dual Message Authorization/Clearing:

Depending on the business rules of the issuer, a "hold" may be placed on the funds
authorized. This hold reserves that amount of money for a defined period. If a
transaction is not cleared within the defined period then the "hold" will be removed and
the funds made available again.
Example - Purchase for £10 on Day 2 never completes so hold removed on Day 4:
Cleared Balance Available Balance
Day 1 £100 £100

Day 2 £100 £90 (Hold for a purchase of £10)
Day 3 £100 £90
Day 4 £100 £100 (Hold for £10 purchase removed)

Page 108
Example - Purchase for £10 on Day 2 completes on Day 4:
Cleared
Available Balance
Balance
Day 1 £100 £100
Day 2 £100 £90 (Hold for a purchase of £10)
Day 3 £100 £90
£90 (Transaction completes. Hold removed. Both
Day 4 £90
balances updated with purchase amount)
An offline process, driven by the networks' clearing systems, generates clearing files
which are sent to the card issuers on a daily basis. These files contain the completions
messages to the on-line authorizations.
In addition, not all transactions in a dual-message environment require authorisation.

Depending on the type of card used, and the floor-limit of the merchant, it may be that
there are transactions in the clearing files which have not been authorised on-line. This
is a financial exposure for banks as they have to honour the clearing records regardless
of the balance on the cardholder's account.
Example - Purchase for £30 on Day 2 for a transaction not requiring authorization:
Cleared Balance Available Balance

Day 1 £10 £10
Day 2 -£20 -£20 (Offline purchase of £30)
This transaction has to be applied even if the cardholder does not have sufficient funds
or an overdraft.
Single Message Authorization/Clearing:

Some financial networks operate a single message solution, in which a
transaction is authorized and cleared via the same message.
A transaction will be authorized via a pre-authorization step, where the

merchant requests the issuer to reserve an amount on the cardholder's account for a
specific time, followed by completion, where the merchant requests an amount blocked
earlier with a pre-authorization. This transaction flow in two steps is often used in
businesses such as hotels and car rental where the final amount is not known, and the
pre-authorization is made based on an estimated amount. Completion may form part of
a settlement process, typically performed at the end of the day when the day's
completed transactions are submitted. All these messages will be sent "on-line" from
the merchant acquirer to the issuing bank.

Page 108
Authentication:
EFT transactions may be accompanied by methods to authenticate the card and the
card holder. The merchant may manually verify the card holder's signature, or the card
holder's Personal identification number (PIN) may be sent online in an encrypted form
for validation by the card issuer. Other information may be included in the transaction,
some of which is not visible to the card holder (for instance magnetic stripe data), and
some of which may be requested from the card holder (for instance the card holder's
address or the CVV2 value printed on the card).
EMV cards are smartcard-based payment cards, where the smartcard technology
allows for a number of enhanced authentication measures.
Internet/Online Banking Frauds:

Convenience is the key reason of why millions of people are opting out of
traditional banking for online banking. Nearly 45 percent of the 141 million adults in
America pay their bills online (according to the Garter 2004 Survey). Banks also enjoy
providing the option of online banking because they can save on operating costs.
However, during the popularization of online banking, nearly 2 million Americans
suffered from fraudulent bank activity in 2004. Consumers reported an average loss of
$1, 200 per bank fraud. Most market researchers attributed the increase in the number
of bank frauds to online banking.
Schemes Used In Internet Banking Fraud:

Most internet banking fraud occurs in a two-step process. First, the offender
must get their hands on the customer's account information, like their username and
password. Second, the offender will use that information to move his victim's money to
another account or withdraw it to make fraudulent purchases. For the first step,
offenders often employ one of the many popular fraud schemes to obtain personal
information. These fraud schemes include, but are not limited to:
"Over the shoulder looking" scheme:

Page 108
"Over the shoulder looking" scheme involves the offender observing his
potential victim making financial transactions and recording the personal information
used in the transaction.
"Phishing" scheme:
"Phishing" scheme stems from the two words "password" and "fishing." It
entails sending email scams and mail supposedly from the consumer's bank as a way to
obtain the consumer's personal information, social insurance number, and in this case
their online banking username and password.
"Trojan Horse" scheme:

"Trojan Horse" scheme unfolds when malicious software (malware) embeds to a
consumer's computer without the consumer being aware of it. Trojans often come in
links or as attachments from unknown email senders. After installation the software
detects when a person accesses online banking sites and records the username and
password to transmit to the offender. People using public computers, in places like
Internet cafes, are often susceptible to Trojans like malware or spyware. They also are
higher at risk of falling victim of identity theft.
The FBI estimates that 1 million PCs in America are being compromised in
a similar fashion to conduct fraud. Although, analysts note that the use of Trojan
schemes has jumped in the recent years, phishing remains the most popular scheme.
According to the 2004 study by the market research Gartner, 1.8 million Americans
responded to phishing emails with their personal information.
Financial Services Information Security News (02 Feb

2010):

Page 108
Customers risk online banking fraud by reusing bank credentials
Many online banking customers reuse their banking login credentials

to access other websites, putting themselves at risk of account hijacking and
online banking fraud, according to a study by Trusteer Inc.
The New York-based online security vendor found that 73% of bank
customers use their Internet banking password to access non-financial -- and
less secure -- websites. Forty-seven percent use both their online banking user ID
and password on other websites.
The practice puts online banking customers at risk because criminals

are using a variety of methods -- including database hacks, brute forcing and
phishing -- to harvest login credentials from non-financial websites, such as
social networking sites and Web-based email services, according to Trusteer.
Thieves can then test the credentials on financial-services sites to hijack
accounts and commit online banking fraud.
The research was based on data collected over 12 months from more
than 4 million users of Trusteer's Rapport browser security service.
The Rapport browser plug-in has a feature that warns users when they
type their banking credentials into another website in order to block potential
phishing attacks that try to trick users into using their credentials on phony
banking websites. The feature also is intended to alert users about the risks
associated with using online banking credentials on other websites.
Trusteer's study also found that when a bank allows users to create
their own user ID, 65% of those customers share the ID with nonfinancial sites.
When banks assign IDs to customers, the number that use the ID on other sites
dropped to 42%.
In addition to using banking credentials across the Web, users also

put themselves at risk by creating easy-to-guess passwords. A report released
last month by Imperva Inc. showed that many users choose simple, short
passwords that make them susceptible to brute force attacks. The database
security vendor based the report on an analysis of 32 million passwords exposed
in a breach late last year of Rockyou.com, a social networking application site.

Page 108
Almost 50% of users had simple passwords made up of names,

dictionary words, consecutive digits and adjacent keyboard keys, Imperva's
analysis showed. The most common password is "123456," and other favorites
include "password," "princess" and "abc123."
BITS, a division of the Financial Services Roundtable and the Identity

Theft Assistance Center, an affiliate of the Financial Services Roundtable, issued
an advisory last week about the need to boost password security.
"Virtually all financial websites rely on customers' passwords as a

critical layer of protection for their personal and financial information," Paul
Smocer, vice president for security at BITS said in a prepared statement. "We
need to remember how critical it is to protect our online information, and
unfortunately, to understand that there are those who want access to our
information or funds."
How can a Bank prevent Online Banking Fraud?

While online banking has been around for many years, virtually no cases of
fraud have been reported until recently. Since the beginning of the year 2004, reports of
fraud cases nearly explode and banks are looking for ways to protect their online

Page 108
banking channel. This paper discusses the pros and cons of the different fraud
prevention approaches used throughout the world.
Online Banking Fraud Schemes:

Most online banking fraud schemes involve two steps. First, the criminal
obtains the customer's account access data, i.e. logon name and password. Second,
the criminal uses this information to transfer money to other accounts and withdrawals
the funds. For the first step, criminals have employed different schemes in the past:
The "over the shoulder looking" scheme occurs when a customer performs
financial transactions while being observed by a criminal. A fair number of cases have
been reported where customer's account access data was obtained by the criminal just
by observing customers at a public Internet access point.
The "phishing" scheme involves using fake emails and/or fake websites.
The word "phishing" stems from combining the words "password" and "fishing".
Criminals send emails that appear to be from the customer's bank that direct customers
to a fake website. This website impersonates the bank's website and prompts
customers for their account access data. Over the past months, most banks have
executed customer education programs, thereby reducing the effectiveness of this
scheme. It will, however, take awhile before all customers are smart enough to extinct
phishing.
The "Trojan horse" scheme is based on embedding a computer virus type

software program onto the customer's PC. Trojans often tie themselves into the
keyboard driver and record keystrokes. Once a Trojan detects that the customer opens
an online banking website, it captures login name and password, and sends it to the
criminal.
In the year 2003, phishing was the dominant fraud scheme. In the year
2004, banks experienced a sharp rise in Trojan fraud scheme attacks.
One Time Passwords:

To improve security, some banks use "one time passwords", also called
OTP. Upon activation of the customer's account for online banking, the bank mails a list
of OTPs to the customer. Each time the customer perform a transaction, he enters one

Page 108
OTP for verification. Once used, the OTP becomes invalid. If the customer runs out of
OTPs, he is sent a new list.
While this approach effectively prevents "over the shoulder looking", it

generally fails to prevent other fraud schemes. Phishing emails also ask for OTPs, and
a customer naive enough to give out his logon name and password will likely also
provide OTPs.
Trojans simply also capture the OTP once entered. At the same time, they
falsify the customer's input in the browser software (e.g. by adding an invisible
character) or cause the browser software to crash. This causes the customer's
transaction to be intercepted and the OTP to still be valid. The criminal can then use this
valid OTP to perform a fraudulent transaction.
Hardware Tokens:
The high-tech alternative to paper OTP lists are "hardware tokens". These
devices have the form factor of a key chain attachment, featuring a crypto processor
and a display. A hardware token displays a new OTP every 60 seconds. Because each
OTP is only valid for a limited period of time, they provide significant protection against
"over the shoulder looking" and phishing schemes.
Hardware tokens can, however, not protect the customer against Trojans.
The fact that the OTP is only valid for a short time just reduces the amount of time the
criminal has to exploit the data obtained by the Trojan. Because many criminals already
use automated scripts on their servers to perform fraudulent transactions once the
access data is received from the Trojan, the time limit proves no significant barrier to the
criminal.
In addition, some banks have discovered Trojans that perform the

fraudulent transaction right from the customer's PC. As this involves next to no delay,
the hardware token approach fails to prevent Trojan fraud schemes.
Transaction Specific OTPs:

The shortcoming of both paper OTP lists and hardware tokens lies in the
fact that each OTP is not transaction specific. That is, the same OTP can be used to
verify either a genuine or a fraudulent transaction. One possible way to come by this

Page 108
flaw is to use a "key generator" device that generates an OTP based on primary
transaction parameters.
A key generator looks similar to a pocket calculator. It has a keypad that lets
the customer enter the source account, target account, transaction amount, and a PIN.
Based on these parameters, the key generator generates a transaction specific OTP.
The customer now enters the transaction parameters into the online banking application
including the generated OTP. When the online transaction is received by the bank's
server, it performs the same calculations as the key generator and thus verifies the
OTP.
If a criminal captures such an OTP, he cannot use it for a fraudulent

transaction, since this OTP can only be used to verify a transaction with the same
parameters as entered on the key generator. Because the key generator is a separate
hardware device with no connection to the Internet, it is immune to getting attacked by
malicious software.
For these reasons, key generators can be considered a highly effective

fraud prevention measure for online banking capable of preventing all known fraud
schemes. The disadvantages of key generators are, however, the cost of the device,
the fact that the device must be physically present to perform online banking, and the
fact that the customer basically has to enter each transaction two times.
OTP by SMS:
Some of the disadvantages of using key generators are avoided by sending
OTPs to the customer using SMS. With this approach, the customer first sends the
complete transaction to the bank's server. The bank's server then creates a random
number as OTP and sends it to the customer's mobile phone as text message. The
customer now enters this transaction specific OTP into the online banking application,
and sends it also to the bank's server. If the generated OTP matches the one
transmitted by the customer, the transaction is verified.
Because the OTP transmitted can only be used to verify the transaction that
is already received by the bank's server and cannot be altered from the outside, this
OTP is of no use to a criminal. In theory, sending OTPs by SMS should hence be as
effective a fraud prevention measure as a key generator. In reality, banks have
experienced that the weak point is the mobile phone identification. Effective fraud
prevention is only provided if any change of mobile phone number is performed only
after thorough identity checking.
Another disadvantage of this approach is that banks need to tie in their

infrastructure with the infrastructure of a wireless operator. Wireless operators all over

Page 108
the world are investigating ways to leverage their existing infrastructure into new
sources of profit. Most operators hence look into providing financial transaction services
of various kinds. Banks hence may soon find themselves in a situation, where wireless
operators offer their customers financial transactions using just the mobile phone and
nothing else. The bank's offering would involve using first an Internet browser, than wait
for an SMS, read it, go back to the Internet browser, type in the OTP and erase the
SMS. For a customer, the bank's offering appeals to be a lot more complex than the
wireless operator's offering.
Smart Cards and USB Tokens:

Smart cards and USB tokens implement a different approach to
authentication. Smart cards contain crypto processors without a display. They must be
electrically connected to the customer's PC using a card reader device. USB tokens are
essentially the same, only that they render card readers unnecessary by plugging
directly into the customer PC's USB port.
By exchanging crypto keys with the bank's server, the bank's server can be
sufficiently sure that the online transactions secured with this approach stem from the
genuine customer. While smart cards have been hacked in the past, the latest
generation smart cards will likely provide a high level of fraud protection for many years.
The disadvantages of the smart card approach lies in its need to by

electrically connected to the customer's PC. This connection requires the installation
and configuration of specific hardware drivers. In many pilot rollouts of smart cards, this
turned out to be a frequent source of customer support needs.
The other disadvantage is that the need for the electrical connection limits
the use of online banking. Many customers perform online banking from their office.
Installing card reader hardware and drivers is often not possible for managed office
PCs. Also, recent electronic organizers and smart phones provide Internet browsers
that are well capable to perform online banking, but offer no capabilities to connect a
smart card reader or an USB token.
Transaction Monitoring:
A completely different approach to secure online banking comes from the
adaptation of fraud prevention systems used with credit and debit card processing. In
payment card processing, fraud is a known phenomenon since many years. Technical
security measures introduced to payment cards, such as magnetic stripes or chips,
have only provided temporary relief from fraud losses.

Page 108
The only measure that has proved to limit fraud losses permanently was the
deployment of transaction monitoring software. This has become the de-facto standard
for fraud prevention with payment card processing worldwide.
Transaction monitoring occurs in the bank's data centre. For each

transaction, the transaction monitoring software scrutinizes the current transaction's
parameters, and compares it with the previous transaction of both the customer and the
counterparty of the transaction histories. By comparing the current transaction pattern to
stored known fraud patterns, the software can flag suspicious transactions "on the fly".
Such transactions are then referred to a call centre for manual verification.
There are multiple advantages to this approach when compared to the

others discussed before. There is no new device to be used by the customer, no
dependency on mobile phones and no customer support problem with hardware driver
installation. There are also no one-time costs per customer for a card reader or an USB
token, and no per-transaction cost for sending SMS.
Comparison:
But what are the disadvantages of transaction monitoring? One problem
arises when a new fraud pattern emerges, which is not stored in the transaction
monitoring software. Another problem arises when by accident the current genuine
transaction patterns resemble a known fraud pattern so much that the transaction
monitoring system refers the genuine transaction to the call centre.
The first problem exists with any fraud prevention measure. Once criminals
find a way to circumvent the measure, the door to fraud is open. The question becomes
what can be done in this case. If the fraud prevention measure involves devices that are
distributed to the customers, fixing the security problem becomes difficult. When the
French credit card chip system was hacked, retrofitting point of sales terminals to patch
up security was estimated to cost 5 billion U.S. dollars. Transaction monitoring provides
a significant advantage in this case because it is centralized. By adding the new fraud
pattern to the fraud detection logic in the bank's data centre, the entire system becomes
instantly "immunized".
The second problem also occurs with any fraud prevention measure. Any
measure will impose a certain customer disturbance. Smart cards and USB tokens may
cause trouble when their hardware driver becomes incompatible with any change of the
customer's PC. And like hardware tokens and key generators, all extra electronic
devices have certain likelihood to fail or get lost. OTPs send by SMS may get lost or
delayed, in particular with International roaming. Transaction monitoring software will

Page 108
inevitable generate a certain rate of false alarms. Banks must carefully determine which
level of customer disturbance they consider acceptable for the security level needed.
Risk Shield Fraud Prevention:

One of the most commonly used transaction monitoring software product
used for fraud prevention with card based payment systems is Risk Shield® of Inform
Software Corp. Since its introduction in the year 2001, Risk Shield has won fraud
prevention for 122 million cards in Europe, spread over 7 different portfolios. Banks
have verified that Risk Shield provides a total of US$ 223 million fraud savings each
year.
Inform Software Corp has recently introduced a special version of Risk

Shield for online banking. This product is currently in rollout with online banking
operations of 3 major European banks.
Risk Shield is delivered with countermeasures against all known online

banking fraud patterns. A fraud pattern for example can be an unusually high frequency
of payments going into one target account from different source account. If none of the
source accounts have ever transferred funds to this target account before, and the
transactions have all been originated from IP address ranges belonging to certain
Internet service providers never used before by the source account holders, Risk Shield
will conclude that this is part of a fraud scheme and will refer transactions to the call
centre. At the moment, Risk Shield's prevention logic contains about 80 different online
banking fraud patterns plus variants.
In addition, Risk Shield looks out for "unusual" transaction patterns because
they could be emerging fraud patterns. Once Risk Shield administrators are alerted,
they use the Risk Shield analysis and simulation environment to isolate potentially new
fraud patterns, and simulate the effectiveness of the developed countermeasures.
Risk Shield also uses transaction data from other payment channels to
refine its detection of certain fraud patterns, if such data is available. The transaction
sequences are automatically merged by Risk Shield into "transaction fingerprints". Also,
non-monetary transactions, such as password changes, address changes or claims of
lost cards are used by Risk Shield to detect specific fraud patterns.

Page 108
5 Tips to Make Your Online Banking Transaction

Safe:
Banking is more sensitive business than the other. The online banking
makes it more sensitive because all the information and financial transactions take
place online.
Despite of SSL security and other security measures there are many frauds
reported due to fault at the customer end by disclosing the personal details via e-mail or
on the website so security of database or personal & banking details are most
important. If you have opened an online account than you must have to see the bank
website thoroughly because there will be a chances to have similar types of website.
Please make sure that the website get secured with SSL security certification symbol.
There are some points for the customer to perform the safer transaction in online
banking.
1. Once you open an online banking account either personal or current

business account than you must get the details by mail like your account number,
customer identification number, online access username and password as well as ATM
card PIN number etc. You can get all the details in sealed enveloped by post so you
must keep all the details in the safer place. Please do not disclosed to anybody
2. Online banking business is based on SSL security and Java Script. All
transaction you made or all information you feed online will convert into an encryption
so there are nil chances to get an access on the customer information.
3. Another most important consideration is do not disclose a your login

details and password. It is most important to change your password every time. Please
also make sure that un-tick login details and password remember request from the
computer. If you are not able to perform such task on other PC than there may be a
chances for someone to access your account.
4. You must have to monitor your online banking account carefully. If you
find any unknown transaction to other account than you can immediately call to the
customer care department for further scrutiny.
5. It is most important for you to put the login details at a safer place.
The online banking is safe till you can’t disclosed or make sure to share your personal
details to other or through e-mail or online. Once customer get smarter to manage
online account, it makes all online banking transaction safer.

Page 108
What a Customer can do for its Security of Online

Banking?

Page 108

Page 108

Page 108

Page 108

Page 108

Page 108

Page 108

Page 108

Page 108

Page 108

Page 108

Page 108

Page 108

Page 108

Page 108

Page 108

Page 108
Emergency Check List:

Page 108

Page 108
ROLE OF INFORMATION TECHNOLOGY IN

BANKING INDUSTRY:
INTRODUCTION I.T. in Banking:
1). Technology has opened up new markets, new products, new services and efficient
delivery channels for the banking industry. Online electronics banking, mobile banking
and internet banking are just a few examples.
2). Information Technology has also provided banking industry with the wherewithal to
deal with the challenges the new economy poses. Information technology has been the
cornerstone of recent financial sector reforms aimed at increasing the speed and
reliability of financial operations and of initiatives to strengthen the banking sector.
3). The IT revolution has set the stage for unprecedented increase in financial activity
across the globe. The progress of technology and the development of world wide
networks have significantly reduced the cost of global funds transfer.
4). It is information technology which enables banks in meeting such high expectations
of the customers who are more demanding and are also more techno-savvy compared
to their counterparts of the yester years. They demand instant, anytime and anywhere
banking facilities.
5). IT has been providing solutions to banks to take care of their accounting and back
office requirements. This has, however, now given way to large scale usage in services
aimed at the customer of the banks.
IT also facilitates the introduction of new delivery channels - in the form of Automated
Teller Machines, Net Banking, Mobile Banking and the like. Further, IT deployment has
assumed such high levels that it is no longer possible for banks to manage their IT
implementations on a standalone basis with IT revolution, banks are increasingly
interconnecting their computer systems not only across branches in a city but also to
other geographic locations with high-speed network infrastructure, and setting up local
area and wide area networks and connecting them to the Internet.

Page 108
Products supported by I.T.:
As a result, information systems and networks are now exposed to a growing number.
Technology Products:
(1). Net Banking

(2). Credit Card Online
(3). One View
(4). Instant Alerts
(5). Mobile Banking
(6). Net Safe
(7). e-Monies Electronic Fund Transfer
(8). Online Payment of Excise & Service Tax
(9). Phone Banking
(10). Bill Payment
(11). Shopping
(12). Ticket Booking
(13). Railway Ticket Booking through SMS
(14). Prepaid Mobile Recharge
(15). Smart Money Order
(16). Card to Card Funds Transfer
(17). Funds Transfer (eCheques)
(18). Anywhere Banking
(19). Internet Banking
(20). Mobile Banking
(21). Bank@Home
(i) Express Delivery
(22). Cash on Tap:
(ii) Normal Delivery

Page 108
Online Banking In Pakistan:

Pakistan’s ICT Back Ground:

Page 108
I.T. Sector in Pakistan:

Page 108
Internet Banking in Pakistan:

Page 108
Current System:
In previous regime, I mean Musharraf’s era, lots of new products evolved;

like credit cards, ATMs, E- banking, small loans for common people and what not. We
used to receive multiple calls a day from banks offering one or the other product. Tele
sale representatives used make hundreds of calls daily to meet their targets. In short we
had eight years of boom in banking sector with higher foreign reserves and stronger
economy every month.
Instead of discussing rights and wrongs of that time, we need to focus on

results. Interest rates were as low as 9 or 10 % during that time. Even the Central
Directorate of National Savings (CDNS) had come down to its lowest mark up of 11%;
earlier on which was 18%. People withdrew their heavy amounts from banks and CDNS
and invested millions in the property sectors; resultantly real estate industry touched
new height of success, created plenty of jobs. We know that real estate industry boosts
at least 10 other allied sectors. So during that era Bahria Town, Giga Mall, Emaar
Pakistan and many other builders and developers were on the rise.

Page 108
However, the situation has dramatically changed, as now banks are again
hungry for funds. In the last few months or so, we have seen a new trend of advance
profit in the banking sector. ABL, the Bank of Punjab, Atlas Bank have already
announced the best possible advance profit for the customers who have money more
than Rs. 50,000/- and want handsome profit immediately.
It seems that we are forced to just put our money in the banks and enjoy the
interest. There is no need to work or taking risk to invest money in any type of business.
This will also lead to more foreign trade debit, which is already worsening and crossing
US$ 10 billion. Remember that this gap was 1 billion US dollar in 1994 and at that time
US $ had a price value of Rs. 36.
According to the sources, this race of advance profit will be intensified in the
near future and more banks will offer higher and advance profit like MCB, Bank -al-
Falah, National Bank.
Let’s pray for our country, our economy and our future be in safe and secure
with one and only dream of prosperity.
Rising Trend of Online-Banking in Pakistan:
Online-Banking and branchless banking transactions continued to show

growth momentum as both the volume and value of these transactions displayed a
rising trend in the country during the last quarter of the monetary year (FY2008-09).
According to the Fourth Quarterly Report on “Online-Banking the’’ volume
and value of online banking transactions in the country reached at 13.7 million and Rs
3.7 trillion respectively showing a growth of 10.8 percent in numbers and 7.4 percent
increase in value as compared to 14.8 percent increase in numbers and 11.7 percent
increase in value in the previous quarter.
It said that total quantity of cards (debit / credit /ATM only) in circulation
during fourth quarter of FY09 reached at 8.9 million which shows an increase of 6.6
percent as compared to 3.1 percent decline in the previous quarter. The quantity of
credit cards has decreased by 0.6 percent as compared to 6.2 percent decrease in the
previous quarter. The quantity of debit cards has increased by 9.6 percent as compared
to 2.5 percent decline in previous quarter and stood at 6.4 million, it added.
It said that during the last six quarters the transition from manual (paper-
based) banking to Online-Banking has been gradual, yet consistent, in terms of both
volume and value of transactions. The composition (in percentage) of electronic
transactions increased to 34.2 percent of the total number of transactions as compared
to 32.9 percent recorded last quarter. In terms of value, the same increased by 10.5
percent as compared to 9.3 percent rise recorded last quarter.

Page 108
45% growth in online banking in Pakistan:
The commercial banks have registered a growth of 45 percent in opening

new online branches in the second quarter of the current fiscal year, State Bank of
Pakistan data said on Monday.
During this quarter retail payment transaction (paper based and electronic)
registered a growth of 5.05 percent in numbers, whereas the value of transactions
increased by 4.91 percent over the first quarter of 2005-06.
Quarterly growth on the basis of previous quarter showed growth at the rate
of 5.45 percent and growth in value of transactions by 2.98 percent, whereas the growth
rate was 23.46 percent and 12.20 percent in case of number of transactions and
amount, respectively, in the previous quarter.
Electronic banking: The central bank data said electronic transactions have posted a
growth of 3.05 percent in the number of transactions and the amount showed a growth
of 66.20 percent during the current quarter. The main contributor to growth in the value
is real time online funds transfer by online bank branches that posted a 73 percent
increase.
During the last six quarters the transactions from paper-based banking to e-banking has
increased in terms of number of transactions. However, the value has achieved a
remarkable growth, which has been driven by B2B through online branch network.
Online Branch Network and Automated Teller Machines (ATMs): Online
branch network is expanding to meet the funds movement needs of customers. This
quarter witnessed the addition of 235 new branches in the online network. The
coverage of online branches as a percentage of total branches has also increased from
41 percent in the previous quarter to 45 percent in the current quarter. As such, the total
number of online branches reached 3,265 out of total branch network of 7,245 reported
by banks.
Similarly, during the second quarter of fiscal year 2005-06 banks have added 75 new
ATMs in their network, bringing the total to 1,217, registering a growth of 6.6 percent as
compared with 11 percent in the last quarter.
Some of the market factors that describe Growths in Online banking include
the following:
Competition:
Studies show that competitive pressure is the chief driving force behind
increasing use of Internet banking technology, ranking ahead of cost reduction and
revenue enhancement, in second and third place respectively. Banks see Online
banking as a way to keep existing customers and attract new ones to the bank.

Page 108
Cost Efficiencies:
MCB banks can deliver banking services on the Internet at transaction costs
far lower than traditional brick-and-mortar branches. The actual costs to execute a
transaction will vary depending on the delivery channel used.
MCB banks have significant reasons to develop the technologies that will
help them deliver banking products and services by the most cost-effective channels.
Management should include in their decision making the development and ongoing
costs associated with a new product or service, including the technology, marketing,
maintenance, and customer support functions. This will help management exercise due
diligence, make more informed decisions.
Geographical Reach:
Internet banking allows expanded customer contact through increased

geographical reach and lower cost delivery channels. In fact some banks are doing
business exclusively via the Internet they do not have traditional banking offices and
only reach their customers online.
Other financial institutions are using the Internet as an alternative delivery
channel to reach existing customers and attract new customers.
Branding:
Relationship building is a strategic priority for bank. Online banking

technology and products can provide a means for bank to develop and maintain an
ongoing relationship with their customers by offering easy access to a broad array of
products and services. By capitalizing on brand identification and by providing a broad
array of financial services, banks hope to build customer loyalty, cross-sell, and
enhance repeat business.
Customer Demographics:
Online banking allows banks to offer a wide array of options to their banking
customers. Some customers will rely on traditional branches to conduct their banking
business. For many, this is the most comfortable way for them to transact their banking
business. Those customers place a premium on person-to-person contact. Other
customers are early adopters of new technologies that arrive in the marketplace. These
customers were the first to obtain PCs and the first to employ them in conducting their
banking business. The demographics of banking customers will continue to change.
The challenge to national banks is to understand their customer base and find the right
mix of delivery channels to deliver products and services profitably to their various
market segments.

Page 108
Tips for Safe Online Banking:

When it comes to online banking, there is no way to absolutely guarantee
our safety. However, good practices do exist that can reduce the risks posed to your
online accounts. The following sections describe these practices.
Review your bank’s information about its online privacy policies and practices:
By law, banks are required to send you a copy of their privacy policies and
practices annually; you may also request a copy of this information (see Electronic
Code of Federal Regulations, Title 16: Commercial practices, Part 313.9 – Delivering
Privacy and Opt Out Notices for more information). Bank web sites should also have
this information. As you read this information, pay particular attention to any mention
of the methods used for encrypting transactions and authenticating user information.
Also, check the information to see if the bank requires additional security information
before authorizing a payment to a business or individual that as never received a
payment before.
Before setting up any online bill payment, check the privacy policy of the
company or service you will be sending payment to:
You have the right to limit the information an online bank shares with both
its parent organization and any other financial institutions (see “Protecting Your
Privacy” and “How Anonymous Are You?” for more information). Be aware that some
online banks may have separate procedures for handling each of these
requests. You may also want to use a service such as the Better Business Bureau to
view any existing history of outstanding consumer complaints about privacy violations.
For security purposes, choose an online personal identification number (PIN)

that is unique and hard to guess:
Be sure to change your PIN regularly. Do not choose a PIN that contains
personal information such as your birthday or Social Security number; an attacker
might be able to guess these. Regardless of the circumstances, never give someone
access to your current PIN number (see “Choosing and Protecting Passwords” for
more information).

Page 108
Install anti-virus, firewall, and anti-spyware programs on your computer and

keep them up to date:
Installing and updating this software protects your computer and its contents
against unauthorized access. You should turn on automatic updates for these
programs or, if prompted, always agree to download system updates as soon as they
are available
Regularly check your online account balance for unauthorized activity:
Timing is a factor in your response to unauthorized electronic fund

transactions. If you receive a paper account balance, make sure that you reconcile it
with your online balance.
Use a credit card to pay for online goods and services:
Credit cards usually have stronger protection against personal liability

claims than debit cards. Some credit cards limit personal liability for unauthorized
transactions to $50. Personal liability for debit cards can be higher. According to the
Federal Reserve’s Regulation E, if you report an electronic fund transaction problem
involving debit cards to a bank or financial institution in the first two days, you are only
liable for $50. Reporting that same incident between 3 and 60 days increases your
personal liability to $500. After 60 days, there are no financial restrictions placed on
your personal liability (see Electronic Code of Federal Regulations, Title 12: Banks
and Banking, Part 205 – Electronic Fund Transfers (Regulation E) for more
information).
Avoid situations where personal information can be intercepted, retrieved, or

viewed by unauthorized individuals:
You should conduct online bank transactions in locations that are not
subject to public monitoring. When you are entering login information, you should
avoid using unsecured or public network connections (for example, at a coffee shop or
library). As a general rule, you should avoid using any computer that other people can
freely access; the end result could be unauthorized access of your financial
information. Remember, it is possible for your account information to be stored in the
web browser’s temporary memory

Page 108
If you receive email correspondence about a financial account, verify its

authenticity by contacting your bank or financial institution:
You should not reply to any email requests for security information,
warnings of an account suspension, opportunities to make easy money, overseas
requests for financial assistance, and so forth. Also, links found in these suspicious
emails should not be clicked. Forward a copy of the suspicious email to the Federal
Trade Commission at uce@ftc.com and then delete the mail from your mailbox.
If you have disclosed financial information to a fraudulent web site, file reports
with the following organizations:
• Your bank
• The local police
• The Federal Trade Commission
• The Internet Crime Complaint Centre
Advantages of online banking:

For the online banking customer, the convenience factor rates high. No
longer does a person have to wait for the bank statement to arrive in the
mail to check account balances. One can check the balance every day just by
logging onto one's account. In addition to checking balances and transactions,
one can catch discrepancies in the account right away and deal with them
swiftly. The best part is that this can be done anywhere! As long as one has Internet
access, one can practice online banking.
Since bills are paid online, the necessity of writing checks, affixing postage
and posting the payment in the mail is eliminated. Once the amount is entered and the
payee is checked off, the funds are automatically deducted from the payer's choice of
account. Since the cost to the bank is minimal, the cost to the consumer, in many
cases, is also minimal. While there is usually a fee for online banking, it can be
extremely low. Those who partake in online banking all agree it's worth every penny.
Not having to spend all Saturday morning standing in a crowded bank line is
justification for most. It can even pay for itself since costs like postage and ATM fees
are reduced. Online banking also eliminates paper waste, which is a plus not only for
those who have to handle all the paper work, but also for the environment.

Page 108
Revenue Growth:
The ability to combine services increases flexibility, which facilitates
innovation and speeds new products to market. Your bank will benefit from the
following:
 Accelerated integration with business partners

 Greater automation through improved straight-through processing
 Improved customer service through wider choice, better information, and easy-to-
use self-services
 In addition, ESA’s discrete services and service-area migration allow your bank
to exploit the economies of scale and synergy.
Of course, there are also Disadvantages:

Security is always an issue with Internet transactions. Although information
is encrypted, and the chances of your account being hacked are slim, it happens.
Banks pay big bucks to install high tech firewalls. Chances are your money is in good
hands. You're also missing the personal service. No smiling teller or representative
hands you a receipt. Instead, except for what's printed into your account, all the
paperwork is up to you. Always print copies of important transactions.
If you have to deposit cash or checks, you'll still have to spend time at the
ATM. Unless a payment to you is directly deposited, this is one thing you'll
always have to handle manually.
Still, the benefits far outweigh the risks. The convenience of online banking
is a advantage well worth the cost.

Page 108
Conclusion:
Online banking involves certain risks. It is important to educate yourself
about these risks, how unauthorized access to your financial information occurs, and
the steps you can take to protect your financial information. Learning about your rights
and responsibilities as an online banking consumer can make a difference to your
financial well-being by changing the age-old saying “A penny saved is a penny
earned” to “A penny saved is a penny kept.”
Protection through single password authentication, as is the case in most
secure Internet shopping sites, is not considered secure enough for personal online
banking applications in some countries. Basically there exist two different
security methods for online banking.
The PIN/TAN system where the PIN represents a password, used for the
login and TANs representing one-time passwords to authenticate transactions. TANs
can be distributed in different ways; the most popular one is to send a list of TANs to
the online banking user by postal letter. The most secure way of using TANs is to
generate them by need using a security token. These token generated
TANs depend on the time and a unique secret, stored in the security token (this is
called two-factor authentication or 2FA). Usually online banking with PIN/TAN is done
via a web browser using SSL secured connections, so that there is no additional
encryption needed.
Signature based online banking where all transactions are signed and
encrypted digitally. The Keys for the signature generation and encryption can be
stored on smartcards or any memory medium, depending on the concrete
implementation.
Problem Area:
The industry sector is one of the most important service sectors for the
whole national economy. Modern, highly industrialized and technology driven
economies are threatened by higher risks than ever, and individual need to protect
themselves against private risk. From the banks’ viewpoint, use of Internet banking is
expected to lead to cost reductions and improved competitiveness. This service
delivery channel is seen as powerful because it can retain current Web-based
customers who continue using banking services from any location. Moreover, Internet
banking provides opportunities for the bank to develop its market by attracting a new
customer base from existing Internet users (Suganthi et al., 2001; Dannenberg and
Keller, 1998; Zineldin, 1995).

Page 108
In the last five years financial analysts have assessed financial services
websites as laggards behind other industries in overall innovation (Bruno-Britz, 2006).
This trend is confirmed by the Internet Standards Assessment Report which shows
that Internet banking sites currently score low in the categories of innovation and use
of technology (ISAR, 2006) compared to other retail websites. Current financial
analysis indicates that bank customers “are most satisfied if they themselves are
allowed to state where, when, and how they do their banking” (Silva,2005). Survey
results and industry research that concludes that banks need to spend time and
increase investments in improving connections with customers and differentiating the
customer experience is getting the attention of many banks (Eckenrode, 2006).
Financial analysts suggest “banks can learn a thing or two from many non-bank
industries that are exhibiting innovation in the way that they deal with self-service
options for their customers” (Silva, 2005).
Internet technology have the potential to enable the banks to enhance their
Internet offerings with features that will improve customer service interactions and
allow them with options for increasing control of their Internet banking experience.
However, due to the strong fact that financial transactions involve the transmission of
highly sensitive personal data, a major factor influencing consumer use of Internet
banking websites is trust (Suh & Han, 2002). Continuing instances of Internet banking
security violation and reports “degrades customer trust in the bank and in online
banking in general” by (Fox, 2005), and thus, issues related to adoption of internet
banking must be factored in to any plans for adding customer satisfaction and security
control features.
Research Problem and Research Question
A full consideration of future internet banking in Pakistan would demand

investigation in different areas. This research has addressed the adoption issues of
Internet banking in Pakistan. Prior studies frequently focus only on positive aspects of
Internet banking, e.g. benefits (Suganthi et al., 2001), trust (Suh and Han, 2002),
innovations (Gerrard and Cunningham, 2003). Internet banking technology in Asian
countries especially in Pakistan is less developed as compared to Western world. The
purpose of this research, aims to identify the issues that preventing Pakistani
community (individual & firms) from adopting Internet banking services.
Common services provided by local banks via internet.
 Balance Transfer Facility

 Global Acceptability
 Cash Advance Facility
 Revolving Credit
 Supplementary Cards

Page 108
 Card Expiry Period

 24-Hours Phone Banking Service
 Zero Loss Liability
 All Billing in Pak Rupees
 Comprehensive Travel Protection
 Statement of Account
 Fortunes
 Acceptance at 1Link ATMs
 Instant SBS Monthly Instalment Plan
 Utility bill Payments
 Call and Pay Facility
 Prepaid Mobiles Top ups
 Credit on Phone
 Credit Card bill Payment through Hilal Card
 Special Offer on Warid post paid connection
 Step By Step Plan
Few Screen Shots of Silk Bank Online Banking through

Website:
Login Page:

Page 108
Main account list page:
Balance Inquiry Page:

Page 108
Account Balance Page:
Mini Statement Page:

Page 108
Account Statement Page:
Cheque Book Request Page:

Page 108
Bill Payment Page:
Bill Payment History:

Page 108
Logout Page:

Page 108
References
 http://en.wikipedia.org/wiki/Online_banking
 http://ezinearticles.com/?A-Brief-History-of-Internet-
Banking&id=353450
 http://ezinearticles.com/?History-of-Online-Banking&id=270075
 http://www.google.com.pk/url?
sa=t&source=web&ct=res&cd=2&ved=0CA0QFjAB&url=http%3A
%2F%2Fwww.occ.treas.gov%2Fhandbook
%2Fintbank.pdf&ei=GKlqS7SjG4ze7AP7zdj1BQ&usg=AFQjCNFGc5t
KCxI41uD9JUo4Dv0O3ior8g
 http://www.ehow.com/how_5886920_open-online-banking-account.html
 http://www.bankrate.com/brm/olbstep2.asp
 http://articles.moneycentral.msn.com/Banking/BetterBanking/TheTop1
0OnlineBanks.aspx
 http://en.wikipedia.org/wiki/Automated_teller_machine
 http://www.typesofcreditcards.com/
 http://en.wikipedia.org/wiki/Credit_card
 http://studenttravel.about.com/od/mattersofmoney/qt/atmcard.htm
 http://www.economywatch.com/debit-card/
 http://en.wikipedia.org/wiki/Mobile_banking\
sa=t&source=web&ct=res&cd=6&ved=0CBQQFjAF&url=http%3A
%2F%2Fwww.mmaglobal.com
%2Fmbankingoverview.pdf&ei=EkFrS5TjEYzW7AOqp6X2BQ&usg=
AFQjCNFUqV8HH-PgzF_x3JscAGIEH7pbTw
 http://en.wikipedia.org/wiki/Telephone_banking
 http://en.wikipedia.org/wiki/SMS_Banking
 http://en.wikipedia.org/wiki/Guide_to_E-payments
 http://www.spamlaws.com/onlinebanking-fraud.html
 http://searchfinancialsecurity.techtarget.com/news/article/0,289142,sid1
85_gci1380406,00.html
 http://internetbankingfraud.com/

Page 108
sa=t&source=web&ct=res&cd=2&ved=0CAwQFjAB&url=http%3A
%2F%2Fwww.postbank.com%2FDatei%2F0711online-banking-
security_en_Internetfassung
%2C0.pdf&ei=kPprS6efOorY7APN5rCABg&usg=AFQjCNEjH6uMrg
I0i-9J9njg-m3FfP1xdA

Page 108

Online Banking Thesis

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Online Banking Thesis

Uploaded by

Copyright:

Available Formats

2010

Abdul Mannan & M. Waqas

Prepared By: Abdul Mannan (9102) & M. Waqas (8202)

Role of I.T in Online Banking

Prepared By: Abdul Mannan (9102) & M. Waqas (8202)

Abdul Mannan M. Waqas Nawaz Gillani

Prepared By: Abdul Mannan (9102) & M. Waqas (8202)

5. Device Operation Integrity

2. Business Credit Cards

3. Prepaid Credit Cards

4. Student Credit Cards

5. Bad Credit Credit Cards

6. Secured Credit Cards

7. Questions on Secured Credit Cards

8. Union Plus Secured Credit Cards

9. Secured Visa Credit Card

10. New Millennium Bank Secured Credit Cards

11. Unsecured Credit Cards

12. Virtual Credit Cards

13. Instant Credit Card

14. Airline Credit Cards

15. Miles by Discover Card

16. JetBlue Card

Prepared By: Abdul Mannan (9102) & M. Waqas (8202)

17. Gold Delta SkyMiles Credit Card

18. Citi PremierPass Card

19. American Airlines Credit Card

iv. How credit Card works?

3. Clearing and Settlement

vi. Secured Credit Card

vii. Prepaid Credit Card

viii. Credit Cards in ATMs

Prepared By: Abdul Mannan (9102) & M. Waqas (8202)

1. Bank focused model

Prepared By: Abdul Mannan (9102) & M. Waqas (8202)

a. Schemes Used in Internet Banking Frauds

Prepared By: Abdul Mannan (9102) & M. Waqas (8202)

xiii. General Tips of security on Internet

10. Online Banking in Pakistan

Prepared By: Abdul Mannan (9102) & M. Waqas (8202)

verify its authenticity by contacting your bank or financial

Prepared By: Abdul Mannan (9102) & M. Waqas (8202)

Prepared By: Abdul Mannan (9102) & M. Waqas (8202)

Prepared By: Abdul Mannan (9102) & M. Waqas (8202)

What is Online Banking:

Online banking isn't out to change your money habits. Instead, it

Definitions of Online Banking:

Prepared By: Abdul Mannan (9102) & M. Waqas (8202)

Online Transaction Processing

Computer system where time-sensitive, transaction-related data is

Be that as it may, it is estimated that a total of 55 million families in America

Initially, the main attraction is the elimination of tiresome bureaucratic red

Some customers have been known to turn to internet banking due to

Prepared By: Abdul Mannan (9102) & M. Waqas (8202)

Origin of Online banking:

For years, financial institutions have used powerful computer networks to

Good Web tools:

Prepared By: Abdul Mannan (9102) & M. Waqas (8202)

Transferring money to your accounts at other banks and brokerages is a big

E-mail alerts and reminders:

You'll want to be notified if there's excessive activity on your credit card, if

Wells Fargo's "My Spending Report" organizes your expenditures into

Prepared By: Abdul Mannan (9102) & M. Waqas (8202)