SUMMARY

The transformation of the Internet from a huge virtual community into a huge virtual economy may herald the age of electronic money - and with it, headaches for traditional banks and regulators. Electronic banking is an activity that is not new to banks or their customers. Banks have been providing their services to customers electronically for years through software programs. These software programs allowed the user's personal computer to dial up the bank directly. In the past however, banks have been very reluctant to provide their customers with banking via the Internet due to security concerns. Today, banks seem to be jumping on the bandwagon of Internet banking. Why is there a sudden increase of bank interests in the Internet? The first major reason is because of

the improved security and encryption methods developed on the Internet. The second reason is that banks did not want to lose a potential market share to banks that were quick to offer their services on the Internet. The number of customers who choose online banking as the preferred method of dealing with their finances is growing rapidly due to the clear improvement in convenience it offers, including such features as electronic bill payment. There are also more and more banks that operate exclusively online. Online banking is the practice of making bank transactions or paying bills via the Internet. Thanks to technology, and the Internet in particular, we no longer have to leave the house. We can shop online, communicate online, and now, we can even do banking online. Online banking allows one to make deposits, withdrawals and pay bills all with the click of a mouse. It doesnt get much more convenient than that. In this report, I attempt to enlist the various services offered over the net by the different banks in India, the main issues concerning online banking and the scope for online banking in the near future.

RESEARCH METHODOLOGIES

PRIMARY RESEARCH:Bank Survey: Information regarding the online

services offered by the banks and the security factors were collected through survey of bank officials. The websites of these banks were reviewed and rated on the basis of content, online services offered, security issues, design and user-friendliness of the website.

SECONDARY RESEARCH:

Information was collected from various secondary sources including IT and Banking related magazines like CHIP, PC Quest, Professional Banker, etc. Further, information was collected from various online resources.

WHAT IS ONLINE BANKING?

INTRODUCTION:

If you're like most people, you've heard a lot about online banking but probably haven't tried it yourself. You still pay your bills by mail and deposit cheques at your bank branch, much the way your parents did. You might shop online for a loan, life insurance or a home mortgage, but when it comes time to commit, you feel more comfortable working with your banker or an agent you know and trust. Online banking isn't out to change money habits. Instead, it uses today's computer technology to give an individual the option of bypassing the time-consuming, paper-based aspects of traditional banking in order to manage finances more quickly and efficiently.

Online banking or Internet banking is a term used for performing transactions, payments etc. over the Internet through a bank's secure website.

Internet banking is changing the banking industry and is having the major effects on banking relationships. Banking is now no longer confined to the branches were one has to approach the branch in person, to withdraw cash or deposit a cheque or request a statement of accounts. In true Internet banking, any inquiry or transaction is processed online without any reference to the branch (anywhere banking) at any time. Providing Internet banking is increasingly becoming a "need to have" than a "nice to have" service. The net banking, thus, now is more of a norm rather than an exception in many developed countries due to the fact that it is the cheapest way of providing banking services. This can be very useful, especially for banking outside bank hours and banking from anywhere where internet access is available. In most cases a web browser such as Internet Explorer or Mozilla Firefox is utilized and any normal internet connection is suitable. No special software or hardware is usually needed. The number of customers who choose online banking as their preferred method of dealing with their finances is growing rapidly. Many people appreciate the convenience. Online banking usually offers such features as electronic bill payment and the downloading of bank statements for import

in a personal finance program. There are a growing number of banks that operate exclusively online. Because these online banks have low costs compared to traditional banks they can offer high interest rates.

ORIGIN OF ONLINE BANKING:

The introduction of the Internet and the popularity of personal computers presented both an opportunity and a challenge for the banking industry. For years, financial institutions have used powerful computer networks to automate millions of daily transactions; today, often the only paper record is the customer's receipt at the point of sale. Now that its customers are connected to the Internet via personal computers, banks envision similar economic advantages by adapting those same internal electronic processes to home use. Banks view online banking as a powerful "value added" tool to attract and retain new customers, while helping to eliminate costly paper handling and teller interactions, in an increasingly competitive banking environment.

BRICK-TO-CLICK BANKS:

Today, most large national banks, many regional banks and even smaller banks and credit unions offer some form of online banking, variously known as PC banking, home banking, electronic banking or Internet banking. Those that do are sometimes referred to as "brick-to-click" banks, both to distinguish them from brick-and-mortar banks that have yet to offer online banking, as well as from online or "virtual" banks that have no physical branches or tellers whatsoever. The challenge for the banking industry has been to design this new service channel in such a way that its customers will readily learn to use and trust it. After all, banks have spent generations earning our trust; they aren't about to risk that on a Web site that is frustrating, confusing or less than secure. Most of the large banks now offer fully secure, fully functional online banking for free or for a small fee. Some smaller banks offer limited access or functionality; for instance, you may be able to view your account balance and history but not initiate transactions online. As more banks succeed online and more customers use their sites, fully functional online banking likely will become as commonplace as automated teller machines.

VIRTUAL BANKS:

If one doesn't mind foregoing the teller window, lobby cookie and kindly bank president, a "virtual" or e-bank may save you real money. Virtual banks are banks without bricks; from the customer's perspective, they exist entirely on the Internet, where they offer pretty much the same range of services and adhere to the same federal regulations as your corner bank. Virtual banks pass the money they save on overhead like buildings and tellers along to you in the form of higher yields, lower fees and more generous account thresholds. The major disadvantage of virtual banks revolves around ATMs. Because they have no ATM machines, virtual banks typically charge the same surcharge that your brick-andmortar bank would if you used another bank's automated teller. Likewise, many virtual banks won't accept deposits via ATM; you'll have to either deposit the check by mail or transfer money from another account.

TYPES OF INTERNET BANKING

Understanding the various types of Internet banking products will help examiners assess the risks involved. Currently, the following three basic kinds of Internet banking are being employed in the marketplace:1) Informational: This is the basic level of Internet

banking. Typically, the bank has marketing information about the banks products and services on a stand-alone server. The risk is relatively low, as informational systems typically have no path between the server and the banks internal network. This level of Internet banking can be

provided by the bank or outsourced. While the risk to a bank is relatively low, the server or Web site may be vulnerable to alteration. Appropriate controls therefore must be in place to prevent unauthorized alterations to the banks server or Web site.2) Communicative: This type of Internet banking system

allows some interaction between the banks systems and the customer. The interaction may be limited to electronic mail; account inquiry, loan applications, or static file updates (name and address changes). Because these servers may have a path to the banks internal networks, the risk is higher with this configuration than with informational systems. Appropriate controls need to be in place to prevent, monitor, and alert management of any unauthorized attempt to access the banks internal networks and computer systems. Virus controls also become much more critical in this environment.3) Transactional: This level of Internet banking allows

customers to execute transactions. Since a path typically exists between the server and the banks or outsourcers internal network, this is the highest risk architecture and must have the strongest controls. Customer transactions

can include accessing accounts, paying bills, transferring funds, etc.

SCENARIO IN INDIABanks and financial institutions in India are in the process of Webenabling their services in order to offer certain guidelines Internet banking to its customers. The RBI has drafted Internet that have banking to be

followed by banks about to venture into online banking. Internet banking has gained wide acceptance internationally and seems to be fast catching up in India with more and more banks entering the fray.

It's the new generation of banking in India. Most private and MNC (Multinational Corporation) banks have already setup an elaborate Internet banking infrastructure. And this exercise has provided them numerous benefits like: Greater reach to customers Quicker time to market Ability to introduce new products and services Ability to understand its customers needs Customers are given access to information easily Greater customer loyalty

quickly and successfully

across any location Multi-national and private sector banks in India have been very successful in setting up Internet banking services. This is mainly because these banks already had a robust automated banking environment on which they could build the Internet banking infrastructure. Most multi-national banks already have efficient Internet banking infrastructures running in other countries which could be emulated in India. And the private banks, which are relatively young, did not have to carry the burden of legacy systems. They merely invested in best-of-breed Internet banking solutions from the start.

THE RBI STEPS IN:

The

Reserve

Bank

of

India

(RBI)

has

created

a

comprehensive document which lays down number of security-related guidelines and strategies for banks to follow in order to offer Internet banking. The guidelines broadly talk about the types of risks associated with Internet banking, the technology and security standards, legal issues involved, and regulatory and supervisory concerns. Any bank that wants to offer Internet banking must follow these guidelines and adhere to them as a legal necessity. Vaidyanathan Iyer, National Manager, eSecurity Business, Computer Associates provides solutions to banks which can help them go online. He says, "The guidelines have been created with a lot of thought regarding the banking scenario in India. It is at par with international banking standards and is very comprehensive."

BACKGROUND:

The document broadly categorizes levels of Internet banking services into three types: a) The basic level service in which the banks' websites distribute information on different products and services

to customers. It may receive and reply to customers' queries through e-mail. b) Simple transactional websites which allow customers to submit their instructions, applications for different services, and queries on their account balances. They do not permit any fund-based transactions on their accounts.c) The third level of Internet banking services offered by

fully-transactional websites which allow customers to operate on their accounts for transfer of funds, payment of different bills, subscribing to other products of the bank, and to transact purchase and sale of securities.

INDIAN BANKS ON WEB:

The banking industry in India is facing unprecedented competition from non-traditional banking institutions, which now offer banking and financial services over the Internet. The deregulation of the banking industry coupled with the emergence of new technologies, are enabling new competitors to enter the financial services market quickly and efficiently.

Indian banks are going for the retail banking in a big way. However, much is still to be achieved. This study which was conducted by students of IIML shows some interesting facts: Throughout the country, the Internet Banking is in the nascent stage of development (only 50 banks are offering varied kind of Internet banking services). In general, these Internet sites offer only the most basic services. 55% are so called 'entry level' sites, offering little more than company information and basic marketing materials. Only 8% offer 'advanced transactions' such as online funds transfer, transactions & cash management services.

Foreign & Private banks are much advanced in terms of

the number of sites & their level of development.

A PRACTICAL APPROACH:

IDBI Bank has successfully implemented a robust Internet banking architecture for its customers. IDBI Bank Limited uses the following equipment infrastructure to address its Internet banking needs:

IDBI Banks e-banking InfrastructureWeb servers Hardware Application servers Database servers Networking equipment Software Systems software Application software Application integration with core banking Services Scalability tests (desirable but optional) Web designing Server sizing Firewalls Certification Server level (mandatory) Security Client level (Optional: we did not deploy this) Intrusion Detection Systems Subscribing to advisories

Networking Hosting Decision

Isolation from the main network In-house vs IDC (Internet Data Centre)

IDBI Bank did not undertake services of any systems integrator. Neeraj Bhai, CTO (Chief Technology Officer), IDBI Bank says, "These services are often offered by multiple divisions of a company, and these divisions do not have a good level of coordination among themselves. It is also advisable to have owners within the organization who drive the effort." Though adoption of Internet banking by Indian banks and their customers would not set the Arabian Sea on fire, no one can deny the obvious benefits that this service offers.

INTERNET BANKING PROCESSIn a typical Internet banking transaction, requests for customers online banking

information are passed on from

Web Server to the banks Internet Banking Server through the WWW interface. These requests pass through a firewall before they reach the Internet Banking Server. Due to this SSL (Secure Sockets Layer) technology, only authenticated requests reach the Internet Banking Server. The Customer Information Database is stored on a banks server which is protected by the use of various security tools in addition to the firewall technology. The WWW interface is the only media of communication with the Customer Database, thus ensuring the safety of operation and customer data. When the customers requests reach the Internet Banking Server, it passes the requests to the Bank Server hoarding Customer Database. The database provides the required information to the Internet Banking Server, which in turn is passed on to the Web Server through the firewall from where the customer is able to access it.

This

sort

of

architecture,

known

as

the

three-tiered

architecture (comprising of a Web Sever, Internet Banking Server and Customer Database protected by firewalls), creates a controlled environment, which allows quick incorporation of Internet security technologies. A security analyzer constantly monitors login attempts and recognizes failures that could indicate a possible unauthorized attempt to log into an account. When such trends are observed, steps

are automatically taken to prevent that account from being used. The products and services offered by the banks on the Internet can be divided into 3 types:1) Information Kiosks: It includes providing information

regarding various products and services offered by the bank to its customers. The banks site receives and answers queries of customers through e-mails.2) Basic Internet Banking: It includes enabling customers

to open new accounts, check account balance and pay utility bills.3) E-Commerce E-Banking: Banks function as electronic

market places (e-market place) enabling customers to use their accounts for money transfers, bill payment, purchase and sale of securities and online real-time purchases and payments. The most significant benefit of Internet Banking is the readily accessibility of bank accounts at all times. The inconvenience of visiting and waiting at the banks is also eliminated. These result in enhanced customer satisfaction, reduced customer attrition and increased customer base.

Internet banking considerably reduces transaction costs for the banks.

BENEFITS O F INTERNET BANKINGThough adoption would of not Internet set the

banking by Indian banks and their customers Arabian Sea on fire, no one can deny the obvious benefits that this service offers.

FOR BANKS:a)

Price: In the long run a bank can save on money

by not paying for tellers or for managing branches. Plus, it's cheaper to make transactions over the Internet.b)

Customer Base: The Internet allows banks to

reach a whole new market- and a well off one too, because there are no geographic boundaries with the

Internet. The Internet also provides a level playing field for small banks who want to add to their customer base.c)

Efficiency: Banks can become more efficient than

they already are by providing Internet access for their customers. The Internet provides the bank with an almost paper less system.d)

Customer Service and Satisfaction: Banking

on the Internet not only allows the customer to have a full range of services available to them but it also allows them some services not offered at any of the branches. The person does not have to go to a branch where that service may or may not be offer. A person can print of information, forms, and applications via the Internet and be able to search for information efficiently instead of waiting in line and asking a teller. With more better and faster options a bank will surly be able to create better customer relations and satisfaction.e)

Image: A bank seems more state of the art to a

customer if they offer Internet access. A person may not want to use Internet banking but having the service available gives a person the feeling that their bank is on the cutting image.

FOR CUSTOMERS:a) Bill Pay: Bill Pay is a service offered through Internet

banking that allows the customer to set up bill payments to just about anyone. Customer can select the person or company whom he wants to make a payment and Bill Pay will withdraw the money from his account and send the payee a paper check or an electronic payment.b) Other Important Facilities: Internet banking gives

customer

the

control

over

nearly

every

aspect

of

managing his bank accounts. Besides the Customers can, Buy and Sell Securities, Check Stock Market Information, Check Currency Rates, Check Balances, See which checks are cleared, Transfer Money, View Transaction History and

avoid going to an actual bank. The best benefit is that Internet banking is free. At many banks the customer doesn't have to maintain a required minimum balance. The second big benefit is better interest rates for the customer.

WHAT SERVICES ARE AVAILABLE ONLINE?Online banking provides Internet-based solutions to make dealings in a fast and simple manner. Banking can be done whenever and wherever with great convenience. It allows one to access account information, transfer funds, review account history and much more from the home computer, laptop or workplace. One can also pay bills quickly and conveniently with just a few clicks. No more stamps, writing cheques or rushing to the mailbox to meet payment deadlines!

1. Manage the Account Details online: -

Statement

of

Account

-

View

all

the

latest

transactions of account for a period, with details of uncleared cheques-

Balance Details - Balance Enquiry with Minimum Transaction Details - Confirm the transaction Cheque Status - Check the clear and unclear Request Copies - Request copies of checks or

Balance alerts. Download/Print the latest Balance details-

details-

cheques-

statements2. Requisitions: -

Cheque Books - Request for a new Cheque book Demand Drafts - Issue of demand drafts Open a new Account - Open another account with Change of Address - Inform the bank site about

online-

online-

your change of address3. Funds Transfer: -

Funds transfer online Funds Transfer offline

-

4. Correspondence: -

General Correspondence The bank provides the

facility of email correspondence between the customer and the Bank. One can enquire about TDS, Deposits (Maturity date, Maturity amount etc.) and also give instructions for payment on maturity.-

Customer Correspondence View - A mailbox facility

to view all the correspondence from the customer to the Bank, till date.-

Branch Correspondence View - A mailbox facility to

view all the correspondence from the Bank to the customer, till date.5. Utility Bill Payments:

-

Pay your bills online Pending payments view Receiving bills via the Web Give standing instructions to the Bank Instantaneous inter-city transactions through

6. Standing Instructions:

-

online connections between all branches Internet Payment Gateway handles credit card transactions on the Internet7. Online shopping for:

-

Loans and Credit Cards

-

Mortgages Insurance Auctions

E LECTRONIC TRANSACTIONSTo most people, electronic banking means 24-hour access to cash through an automated teller machine (ATM) or paychecks deposited directly into checking or savings accounts. Electronic banking, also known as electronic fund transfer (EFT), uses computer and electronic technology as a

substitute for checks and other paper transactions. EFTs are initiated through devices such as cards or codes that you use to gain access to your account. Many financial institutions use an automated teller machine (ATM) card and a personal identification number (PIN) for this purpose.1) Electronic

Bill can

Payment

(EBP):

Consumers

pre-authorize

withdrawals so that recurring bills such as insurance premiums, mortgages and utility bills are paid automatically. Getting customers to use the Internet to pay bills will save banks billions of rupees in making and processing paper cheques.2) Credit Card: Credit Card is a plastic

card issued by a bank or building society that allows one to make purchases now and pay for them later. Credit (that is, money) will be made available to buy goods and services. Every month the bank or building society will send a bank statement of the account. One must pay back a minimum amount and interest will be charged on any money still owing.

3) Debit Card: Debit Card is an identity

card issued by a bank to a customer, which the customer can use to buy goods. The price of the goods is charged to customer's bank account.4) Automated

Teller

Machines

or

24-hour Tellers: They are electronic terminals that let a person bank almost any time. To withdraw cash, make deposits, or transfer funds between accounts, you generally insert an ATM card and enter the Personal Identification Number (PIN). It is an Automated Teller Machine. This is usually called a cash machine. As well as dispensing cash, many ATMs provide other information or services to customers, such as informing people how much money they have got in their account, giving them a mini-bank statement, or allowing people to pay money into their account.5) Direct

Deposit:

It

lets

one

authorize a

specific deposits, such as paychecks and social security checks, to your account on regular authorize basis. direct One also may so prethat withdrawals

recurring bills, such as insurance premiums, mortgages, and utility bills, are paid automatically.

6) Pay-by-Phone Systems: It lets

one

telephone

the

financial

institution with instructions to pay certain bills or to transfer funds between accounts. One must have an agreement in advance with the institution to make such transfers.

7) Personal

Computer

Banking:

It

allows one to conduct many banking transactions electronically via the personal computer. For instance, one may use the computer to view the account balance, request transfers between accounts, and pay bills electronically.

ADVANTAGES OF ONLINE BANKING

What makes online banking more appealing than the old-fashioned way? If you have a PC at home and are already relatively computer savvy, online banking will add just one more convenience to your life. Imagine being able to clean up the kitchen, put the kids to bed, and then go to your computer and apply for a home equity loan when it's convenient for you. The various advantages are:

Convenience: Unlike the corner bank, online banking

sites never close; they're available 24 hours a day, seven days a week and they're only a mouse click away. The number of customers who choose online banking as their preferred method of dealing with their finances is growing rapidly. Many people appreciate the convenience.

Ubiquity: If a person is out of state or even out of the

country when a money problem arises, they can log on instantly to the online bank and take care of business, 24/7.

Transaction

speed:

Online

bank

sites

generally

execute and confirm transactions at or quicker than ATM processing speeds.

Efficiency: One can access and manage all the bank

accounts, including IRAs, CDs, even securities, from one secure site.

Effectiveness: Many online banking sites now offer

sophisticated tools, including account aggregation, stock quotes, rate alerts and portfolio managing programs to help one manage all of the assets more effectively. Most are also compatible with money managing programs such as Quicken and Microsoft Money.

Other Advantages: There are other advantages like: Expedient Inexpensive Convenient bill paying medium Bank any time of day or night Bank weekdays, weekends, and even holidays Bank from anywhere in the world (as long as you

have access to a computer and the Internet)

DISADVANTAGES OF ONLINE BANKINGInternet banking may be the wave of the future, but be informed that the wave is still building. If your idea of a mouse is something that should never be caught dead--or alive for that matter--inside your house, online banking may not be for you. It's convenient if you know how to work on a computer. If not, a drive through ATM takes a whole lot less time than trying to teach yourself Windows 2000. Hence the various disadvantages are:

Start-up may take time: In order to register for

bank's online program, one will probably have to provide ID and sign a form at a bank branch. If you and your spouse wish to view and manage your assets together online, one of you may have to sign a durable power of attorney before the bank will display all of your holdings together.

Learning curve: Banking sites can be difficult to

navigate at first. Plan to invest some time and read the

tutorials in order to become comfortable in the virtual lobby.

Bank

site

changes:

Even

the

largest

banks

periodically upgrade their online programs, adding new features in unfamiliar places. In some cases, one may have to re-enter account information.

The trust thing: For many people, the biggest hurdle

to online banking is learning to trust it. Did my transaction go through? Did I push the transfer button once or twice? Best bet: always print the transaction receipt and keep it with the bank records until it shows up on the personal site or bank statement.

System Crashes: When dealing with computers, there

is always the concern of the system crashing, viruses entering the system or a power cut. These are larger problems and are not easily solved. In all 3 cases, many people would be affected, information may be lost and a backup plan would have to be initiated.

Other Disadvantages: (ISP) Security concerns, like "hackers" accessing bank accounts Need an account with an Internet Service Provider

-

Original

setup

for

bill

paying

time

is

time-

consuming but will ultimately be a time-saver Switching banks can be more cumbersome online Must have basic computer skills and Internet Must be comfortable using a computer than in person knowledge

IS ONLINE BANKING SAFE?

Be Careful watching you surf

Someone is

Faced with the concept of online banking, many people wonder about security. After all, you don't face a bank officer or teller when you are opening an account. How does the bank know who you are? And how do you know they won't give access to your money to a crook?

If you are just setting up online access to an existing brickand-mortar bank, the transaction usually is done over the phone. You are given a temporary password to use the first time you access your account online. At that point, you should change the password. Usually, you are asked for your account number, or your Social Security number, along with the password. As with any personal identification number (PIN), memorize your online bank password and don't write it anywhere that could easily be connected with the bank account. When setting up a new account with an Internet bank, you may be asked to submit an online application or to download an application, print it, fill it out and mail it to the bank. Most banks will check the information you provide with one of the major credit reporting agencies, in order to verify that it agrees with information in your credit file. Before you begin banking online, you may receive a message from the bank that your browser needs to be updated in order to conform to the highest security standards. Online banks have information available on their web sites about security, including firewalls and encryption systems meant to deter hackers. Look for:

"128-bit encryption," the standard in the industry. A written guarantee to protect account holders from losses due to online fraud. Automatic lock out if you enter your password wrong more than three or four times. Automatic log out if you are not active at the site for a certain amount of time. When accessing the bank, it is safer to "bookmark" the bank's address in the browser than to type in the address each time one wants to visit. Slight mistakes in entering the address may take you to a "spoofer" site designed by criminals to trick you into entering your account number and password so that they can be used to access your online account. Spoofers set up copycat web sites at addresses that are very close to that of the real bank. The crooks set up a home page that looks exactly like your banks. Internet banks have taken precautions to buy up similar domain names so that this does not happen. But it pays to be vigilant. Many online banks use a verification system called Verisign Site Secure. When you click on the Verisign icon it should give you information about the web site you are visiting. If

you are taken to the Verisign home page instead, you will be given a warning that something might be wrong and that the icon you clicked on is not official. Information Technology has no doubt reinvented the way that many firms do business. Yet like every area, IT has risks that need to be recognized and protected against. There are a number of specific risk areas that most businesses with IT including banking, will face. These risks include1) Viruses: These are small, malicious programs designed

to cause problems with your computer such as the loss of information or internal systems failure. The effects may range from simply displaying a message to wiping your entire hard drive. They may be transmitted in anyway that data is moved between computers, be it by floppy, internet download or via e-mail. There are 3 methods of protection that businesses can put in place to help guard against viruses: a. b. Install anti-virus software Virus check all floppies and CDs before installing or

opening files, preferably on a standalone machine to avoid the spread of viruses to your LAN c. Install a Firewall. Regular backups of critical information are vital to survive such virus attacks.

2) Accidental

Loss of to

Data: Data loss can occur where it cannot be found.

accidentally for many reasons. The wrong file may be deleted or moved Alternatively, a system error may corrupt data or cause physical damage to a PC and prevent it from being accessed. Frequent backups are a simple way to guard against any data loss.3) Theft of Information: Information can be a powerful

asset. This means that like any other asset, it may be subject to theft from external or internal sources.4) Unauthorized Access: Unauthorized Access, as the

name suggests, is access to computer systems or information by anyone without permission. This may originate either internally or externally and can lead to loss of information and damage to internal systems. External unauthorized access has the higher profile and is usually described as hacking. However, internal unauthorized access is far more common and can cause just as many problems. There is a raft of measures that can help prevent such access. These include associating access rights to user IDs, physical smart cards to restrict access and good staff management practices.

5) Hacking: It is the unauthorized use or attempt to avoid

the security mechanisms of an information system or network. A hacker is a person who enjoys exploring the details of computers and how to stretch their capabilities. He is a malicious or inquisitive meddler who tries to discover information by poking around. A person who enjoys learning the details of programming systems and how to stretch their capabilities, as opposed to most users who prefer to learn on the minimum necessary.6) Phishing Scams: Phishing scams take the form of

spoof letters, emails or websites. They look as though they are from or represent respectable institutions. They look so authentic that victims are fooled into revealing their account or personal information to unauthorized third parties. Phishing is derived from fishing- a social engineering attack attempting to trick users into revealing personal information like passwords and credit card numbers. It is the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message).

7) Pharming: Pharming (from farming) exploits the DNS

(Domain

Name

System),

the

Internet

system

that

translates a computer name into an Internet Protocol (IP) address. A computer with a compromised host file will go to the wrong website even if the user types the correct URL. More alarming is DNS poisoning where the Domain Name System directory is 'poisoned' and can cause large groups of users to be herded to fraudulent look-alike sites.8) Password cracking: It is the process of recovering

secret passwords from data that has been stored in or transmitted by a computer system, typically, by repeatedly verifying guesses for the password. The purpose of password cracking might be to help a user recover a forgotten password (though installing an entirely new password is less of a security risk), to gain unauthorized access to a system, or as a preventive measure by the system administrator to check for easily crack able passwords.9) Credit card fraud: It is one of many forms of frauds

that involve credit cards, charge cards, debit cards, or prepaid cards. Typically, the fraudster causes a credit card of another person to be charged for a purchase. Today, half of all credit card fraud is conducted online, meaning

that the fraudsters make online purchases with the credit card details of other people.10) Identity theft: Identity theft (or identity fraud) is the

deliberate assumption of another person's identity, usually to gain access to their finances or frame them for a crime. Less commonly, it is to enable illegal immigration, terrorism, espionage, or changing identity permanently. It may also be a means of blackmail, especially if medical privacy or political privacy has been breached, and if revealing the activities undertaken by the thief under the name of the victim would have serious consequences like loss of job or marriage. Assuming a false identity with the knowledge and approval of the person being impersonated, such as for cheating on an exam, is not considered to be identity theft.11) Carding: It means stealing credit card numbers from

the Internet. It is a criminal offense. A carder is a special kind of criminal that specializes in stealing information from credit cards. The primary method that carders use to make money is to use information skimmed off from credit cards to encode the magnetic stripes of their replica credit cards with and make purchases with them.

12) Random Dialing: This technique is used to dial every

number on a known bank telephone exchange. The objective is to find a modem connected to the network. This could then be used as a point of attack.13) Social Engineering: An attacker calls the banks help

desk

impersonating about

an the

authorized system

user

to

gain

information passwords.

including

changing

14) Trojan Horse: A programmer can embed code into a

system that will allow the programmer or another person unauthorized entrance into the system or network.

TYPES OF ATTACKSWe can classify attacks as: Passive Attacks: Passive Attacks are those wherein

the attacker indulges in eavesdropping or monitoring the data transmission. In other words, the attacker aims to obtain information that is in transit. The term passive indicates that the attacker does not attempt to perform

any modifications to the data. In fact, this is also why passive attacks are harder to detect. Thus, the general approach to deal with passive attacks is to think about prevention, rather than detection or corrective measures. Passive Attacks are further divided into: Release of Message Content Traffic Analysis

Release of Message Content is quite easy to understand. When we send a confidential e-mail message to our friend, we desire that only she be able to access it. Otherwise, the contents of the message are released against our wishes to someone else. Using certain security mechanisms, we can prevent release of message contents. For example, we can encode messages using code language, so that only the desired parties understand the contents of a message because only they know the code language. However if many such messages are passing through, a passive attacker could try to figure out the similarities between them to come up with some sort of patterns that provides him some clues regarding the communication that is taking place. Such attempts of analyzing message to come up with likely patterns are the work of the Traffic Analysis attack.

Active Attacks: Unlike passive attacks, the active

attacks are based in modification of the original message in some manner or in creation of a false message. These attacks cannot be prevented easily. However they can be detected with some efforts and attempts can be made to recover from them. These attacks can be in the form of Interruption, Modification and Fabrication. Fabrication attacks are called as masquerade attacks. Masquerade is caused when an unauthorized user pretends to be another entity. For example, User C can pretend to be User A and send a message to User B. User B will be under the impression that the message indeed came from User A. Modification attacks can be further divided as replay attacks and alteration of messages. In a replay attack, a user captures a sequence of events or some data units and resends them. For instance, suppose User A wants to transfer some amount to User Cs Account, both User A and User C have accounts with Bank B. User A might send an electronic message to Ban k B requesting for the funds transfer. User C could capture this message and send a second copy of the same to Bank B. Bank B would have no idea that this is an unauthorized message and would treat this as a second and different funds transfer altogether.

HOW TO AVOID BECOMING A VICTIM?To prevent such be attacks, taken. proper These

measures

must

include the installation of firewalls, anti-virus programs, etc. Here are

some important parameters to ensure safe online banking transactions1) Secure

Servers: It is a server that uses Secure

Sockets Layer (SSL) encryption technology to protect users' credit card information. It transmits data in an encoded form that is intended to prevent unauthorized access to the data. All Web servers that handle credit cards should use SSL (secure socket layer) encrypted communications. While a secure server discusses sensitive credit card information with the customer, anyone eavesdropping on this electronic conversation (through any Internet computer) between browser and server will only see illegible data.2) SSL

(Secure by

Sockets

Layer): for

It

is

a

protocol

developed

Netscape

transmitting

documents

securely over the Internet. It is a security protocol that provides communication privacy. SSL enables client and server applications to communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery. It passes sensitive information, such as credit card details, over the Internet. It is used by most commerce servers on the World Wide Web; this high-level security protocol protects the confidentiality and security

of data while it is being transmitted through the internet. URL's that begin with https (and not http) indicate that an SSL connection will be used. SSL provides 3 important things: Privacy, Authentication, and Message Integrity.3) Encryption: It is the conversion of data into a secret

code. In other words, it is modifying data, i.e., turning readable text into cipher text, to prevent unauthorized access to the information. It refers to algorithmic schemes that encode plain text into non-readable The receiver form of or the ciphertext, providing privacy.

encrypted text uses a key to decrypt the message, returning it to its original plain text form. Only the person or persons that have the right type of decoding software can unscramble the message.4) Digital

Certificates:

A

digital

certificate

is

an

electronic "credit card" that establishes your credentials when doing business or other transactions on the Web. They are issued by trusted third parties known as Certificate Authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting and decrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify

that the certificate is real. It is a form of personal identification that can be verified electronically.5) Firewalls: It is a security system intended to protect

an organization's network against external threats, such as hackers, coming from another network. It is a system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet. All messages entering or leaving the Intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. Firewalls are used to filter and stop information sent and received via the Internet. They are used as a means of keeping networks secure.6) Protection

of

PINs: (PINs)

Passwords should be

or

personal when

identification

numbers

used

accessing an account online. Your password should be unique to you and you should change it regularly. Do not use birthdates or other numbers or words that may be easy for others to guess. Always carefully control to whom you give your password. For example, if you use a

financial company that requires your passwords in order to gather your financial data from various sources, make sure you learn about the companys privacy and security practices.7) General Security: General security over your personal

computer such as virus protection and physical access controls should be used and updated regularly. Contact your hardware and software suppliers or Internet service provider to ensure you have the latest in security updates.

Tips for Safe Banking over the Internet

As use of the Internet continues to expand, more banks and thrifts are using the Web to offer products and services or otherwise enhance communications with consumers. The Internet offers the potential for safe, convenient new ways to shop for financial services and conduct banking business, any day, any time. However, safe banking online involves making good choices decisions that will help you avoid costly surprises or even scams. Listed below are some tips to ensure maximum security while banking online:

Tips

while

using

PIN

(Personal

Identification Number):

Change the PIN after the first login and change it at Change the PIN after accessing Internet Banking using

least once a month

shared PCs. This is important because there could be a risk of capturing keystrokes (including the Banking Credit Card number and PIN) by certain programs running in the memory of the shared PC without the persons knowledge. Destroy the PIN mailer after memorizing it

Keep the PIN a secret and don't disclose it to anyone

(including the employees)

Do not write the PIN on the ATM/Debit Card or Credit Do not hand over the ATM/Debit Card or Credit Card to

Card.

anyone. Do not use common names as PINs. Choose passwords that are difficult for others to guess.

Use a different password for each of the accounts.

Use both letters and numbers and a combination of lower case and capital letters if the passwords or PINS are case sensitive.

Scam e-mails and websites:If one believes that someone is trying to Be alert for scam e-mails. These are designed

commit fraud, please contact the bank immediately.

to trick one into downloading a virus or jumping to a fraudulent website and disclosing sensitive information.

Beware! Phony "look alike" websites are

designed to trick consumers and collect their personal information. Make sure that websites on which you transact business post privacy and security statements and review them carefully. the URL. Verify the address of every website, known as

Make sure that the URL you want appears in

the "address" or "location" box on your browser window. Some websites may appear to be genuine but actually are fake. Take a few extra seconds and type the URL yourself. Don't reply to any e-mail that requests your personal information. Be very suspicious of any business or person who asks for your password, social security number, or other highly sensitive information. Open e-mails only when you know the sender. Be especially careful about opening an e-mail with an attachment. Even a friend may accidentally send an email with a virus.

Tips while using e-commerce

websites: Many e-commerce websites utilize

state-of-the-art encryption and other security procedures to give you a convenient and secure shopping and banking experience. If you suspect a website is not what it claims to be, leave the site. Do not follow any of the instructions it may present you.

Ask yourself if the information you

are asked to provide makes sense for the activity you are engaged in. For example, an online auction site should not ask for your driver's license number or the PIN for your credit card. If a site or e-mail asks for information that doesn't feel right, do not respond.

Keep a Paper Trial. Print out the

"address" of the company site you are on its Uniform Resource Locator (URL). The URL ensures that you are dealing with the right company. It's also a good idea to print out a copy of your order and confirmation number for your records.

General Precautions:Look for the padlock

symbol at the bottom right of a web page to ensure the site is running in secure mode before you input sensitive information. Make sure your home computer has the most current anti-virus software. Antivirus software needs frequent updates to guard against new viruses.

Install a personal firewall

to help prevent unauthorized access to your home

computer, especially if you connect through a cable or DSL modem. ensure your protection. Do not keep computers online when not in use. Either shut them off or physically disconnect them from Internet connection.

Log off. Do not just close

your browser. Follow the secure area exit instructions to

Monitor

your

transactions. Review your order confirmations, credit card, and bank statements as soon as you receive them to make sure that you you are being charged only for any transactions irregularities. Regularly download security patches from your software vendors. made. Immediately report

TYPICAL EXAMPLE OF INTERNET BANKING SERVICE OFFERED BY INDIAN BANKS

PUNJAB NATIONAL BANK

PAGE 1 PAGE 2

PAGE 3

PAGE 4

PAGE 5

INTERNET BANKING THE ROAD AHEAD!!!

Internet banking is "still in a strong growth phase". To meet the increased demand, banks are expected to ratchet up their spending on Internet banking technology. Internet banking is taking an increasing importance in banks policy. Systems are being developed throughout the USA and Europe. However much is still desired, hence we think that it would be useful to create an exchange forum in charge of the dissemination of information on Internet banking development. Nevertheless, there's still room for improvement. Although all large and mid-sized banks and a growing number of small banks offer online banking, their offerings are far from equal. User-friendliness is uneven, support varies and features menus differ notably. As a result, banks may achieve the greatest impact by pursuing basic improvements instead of cutting-edge technologies. It is recommended to bring improvements in the services by offering services such as online account opening, universal registration for multiple services and prepopulated application forms. To enhance the customer experience, banks should conduct usability tests and monitor user feedback; provide smooth navigation aids; incorporate easy-to-access contextual help; and minimize data entry

problems with appropriate user interface elements, such as calendar widgets. For several of these enhancements, the back office has to get involved. Specifically, banks are seeking to maintain a consistent look and feel across applications used by multiple lines of business; incorporate third-party offerings into the Internet banking channel; and create links between online applications, according to the report. Finally it must be accepted that although e-commerce is widely and quickly spreading its wings across the globe, at the moment it appears as if the emerging markets and the third world countries might take some time to adapt to latest technological innovations and the modern ways of banking. However sooner than later the juggernaut of e-commerce would certainly sweep these nations into the world of innovative and smart banking. Internet Banking still has a long way to go in India, though the future is promising. As for now, bank online only if you think you can handle all the downsides but along with the anytime, anywhere convenience. One thing is very clear. Internet Banking is here to stay!!!

Q: So here comes the big question IS ONLINE BANKING FOR YOU? A: YES, if you crave for convenience and speed. And NO, if you trust the Internet as much as you do your car mechanic!

INDIAS NET BANKING ENCYCLOPEDIA

Bank NameABN AMRO Bank Abu Dhabi Commercial Bank Bank of India Centurion Bank Citibank Corporation Bank Deutsche Bank Federal Bank HDFC Bank HSBC ICICI Bank IDBI Bank IndusInd Bank Punjab National Bank Standard Chartered Bank State Bank of India UTI Bank

Technology VendorInfosys (BankAway) Infosys (BankAway) I-flex Logica Orbitech (now Polaris) I-flex Sanchez i-flex/ Satyam Infosys, ICICI Infotech Infosys (BankAway) CR2 Infosys (BankAway) In-House Satyam/Broadvisio n Infosys (BankAway)

Service offeringNetBanking ADCB NetLink BOIonline MyCBOL Citibank Online CorpNet db direct FedNet NetBanking Online@hsbc Infinity i-net banking IndusNet

Me Standard Chartered Online onlinesbi.com iConnect

QUESTIONNAIRE FOR THE BANK EMPLOYEE

1) How is online banking easy for the customers to use as compared to the traditional banking? A: to Online banking is easy to use provided the user is knowledgeable in using the Internet. Also it is now safe conducts transactions like payment of bills, transferring money to anothers A/c, etc. 2) What are the basic requirements for an Internet banking software? A: For a traditional bank to adopt online banking, it will require a strong server with foolproof security check so that it becomes difficult and tedious for a hacker to break into the banks server. Secondly it will require a high speed processor to handle many customer hits at a given point of time. 3) What information is required from the bank for making the software for them? A: When a bank approaches a banking software developing company, they basically require the full list of customers at present and also a lump sum number of customers they would expect in the very near future, complete bank details, facilities that the bank would like to provide

on its homepage, the security organization they would prefer (E.g.: Verisign). 4) Can you give a working example of the e-banking software? A: Bank of Hyderabad

5) What security requirements are needed while using the Internet? A: The bank must provide unique A/c login IDs and nonrepetitive startup passwords. In this way, the security of the bank as well as the A/c holder is maintained at a very high level. We also request the Internet users to not choose passwords that can be easily guessed by the hacker. Make them simple but unique, not something related to you like, birthdays, names of spouse, children or any familiar names. It is for the safety of their savings and personal information. 6) In which known ways can the security of the customers be breached? A: The various ways are Virus, Hacking, etc. 7) Could you give me a brief information on how hacking is done?

A: Hacking is a process which is carried out by a hacker. For example, A sends Rs.10,000 to B. This is a normal transaction. When C intercepts the flow and transfers Rs.5,000 hacking. 8) With these breaches taking place, what are the ways by which we can repair and prevent more of these happenings? A: The only known way is to keep changing passwords and by not telling everybody about it in any written format. Do not keep the passwords written in a reminder note near your PC or on your desk. The banks must not give same login IDs to 2 or more people. from Bs A/c to Cs A/c; this is called interception or hacking. There are various other types of

BIBLIOGRAPHY

Websites:

www.pcquest.com www.indiainfoline.com www.google.com www.pnbindia.com www.onlinebanking.com www.netbanker.com www.banknetindia.com

Magazines:Can You Bank Online? PC Quest Personal Finance Business

Today