cccccccccc
c

c  c
c
cc c 
c  c

c
 c

Online banking, as an important activity with great emphasis on security and fraud. The article describes
how the security requirement could be difficult for a user to follow and examines the kind of computers
people use for such activity and whether they satisfy system requirements. The survey also sheds more
light on the security settings of systems used for sensitive online transactions.

 
 c

The emphasis within the context was laid on the security and usability of online banking. The banking
system of recent times had moved from conventional traditional banking to the online banking which is
known to serve far more customers with great convenience and reduced overheads. But the popularity of
online banking has attracted many fraudulent acts, leaving criminals to attack online banking customers,
regardless of their status (rich or not). All banks provide comprehensive security and guidelines to their
customers serving as a partial campaign process against fraud also banks also encourage clients to possess
all the system requirements due for an online service. Also in this article it is revealed the perception of
critics based on ³privacy and security requirements imposed by banks on regular home-based online
banking users from a usability point of view´ and they also believed their findings infer that most
customers fail to meet with the requirements enabling them the eligibility for refunds of online banking
fraud losses.

   c

Based on the critics survey, several issues where analyzed. Issues ranging from:

xc Online banking usability and security

xc ser survey satisfying online banking
xc ‘ystem security for informed research
xc ÿho bears responsibility for security
xc Online banking usability and security

Banks emphasize that the presence of an ‘‘ certificate implies that a website is secure and genuine
and that no one can see a user¶s information other than the bank but it¶s argued that a certificate may
authenticate a website but it doesn¶t certainly secure the site. Besides via log-in, users may be re-
directed to a spoofed website or malicious website if a memorized address is misspelled. According
to a survey, online users do not generally understand that any webpage can display within the page
content itself whatever the web designer wishes, thus an embedded lock icon may conflict with the
‘‘ lock icon and confuse users. Also banks Endeavour to ask users to check the site certificates of a
log in page but do not illustrate how. Invariably the security and usability issues were broken into
three major areas.

xc og-in issues: misdirection, spoofing

xc ‘‘ lock icon: confusion based on hacker redesign of look-alike site
xc ‘ecurity toolbar: suspicious threat detection
xc Êertificate component: checking f certificate
xc „omain conflicts

 c
c
Dost banks encourage its client to have a good firewall, antivirus and antimalware installed on their
computers. But the cost of this software is basically high but beyond many clients who do not even feel
bothered about such issues. It is necessary that consistent updates be done on the computer to enable bug
fixing and enhance system security. It should be noted that attackers are targeting security flaws in widely
used anti-malware programs, so as to penetrate the security standards.


 c
c


c

Dany online users are ignorant of the related user agreements for online banking, client card and privacy
agreement. Banks also state that agreement can be changed at any time and users will be notified through
the websites. The critics argue that many users do not read client agreements or security advices and
therefore may not be aware of the requirements they need to fulfill in online banking safety.


c
 c 
c

xc ‘ome other issues involve user¶s password conventions. Dany banks rely on user chosen and
personal verification question password. According to survey it¶s observed that users operate
more than a bank, therefore they seem to have multiple password. Therefore banks recommend
(but do not force) users change password as frequently as monthly.
xc Also the issue of phishing: Phishing e- mails are non genuine mails pushed out to online users as
such that allows for easy access into the computers of the recipient of such mail. Therefore
recommendations on how to detect phishing were identified. E.g. customers¶ real name on
messages can be checked. These recommendations are of little help as phishing attacks are going
more professional.
xc nnecessary information collection: bank requires various information such as ‘IN number,
Annual income, „ependents, rent, and so on which doesn¶t seem necessary for account opening,
meanwhile the bank official was asked , they said it was so as to help serve customers better


c 
c

The survey involved quite a number of people ranging from student to professors and post doctoral fellow
and the study are not representative of any bank. The result of survey shows that, many users¶ reports that
they use fire fox/Dozilla as their browser and most users on Internet explorer did use the platform IE6
rather than IE7 which was recent update with bug fixes. Also many users use inux but other than RBÊ
no other bank explicitly mentioned of its release.

 
 c
c
Banks state that security is a µshared responsibility¶. sers are part of responsibility, but the survey showed that
most of the participants did not fulfill the requirements. The banks in Êanada do not have a policy of telling their
customers that a breach or a loss of data happened. ÊIBÊ has the authority of closing a customer bank account
without notice. Banks do not advice users how to protect themselves from fraud or attacks.
In view of this paper, I can deduced this survey is good because it really help the banking sectors to know the area
to focus on in other for their customer to have trust in them. But the major flaw for banking not to have a policy in
place for a breach or loss of data occurrence is not of good standard. Doreover customer will not be happy if their
account is closed without notification and that might cause the bank to lose their integrity. Because a secure banking
transaction must based on the triad of security called ÊIA: Êonfidentiality, Integrity and Availability.