Chapter 7

Online Banking

Online Banking• Online banking isn't out to change your money habits. It simply uses

today's technology to give you the option of bypassing the time-consuming, paper-based aspects of traditional banking in order to manage your finances more quickly and efficiently.

• Origin of online bankingThe advent of the Internet and the popularity of personal computers presented both an opportunity and a challenge for the banking industry.

• For years, financial institutions have used powerful computer networks to automate millions of daily transactions; today, often the only paper record is the customer's receipt at the point of sale. Now that its customers are connected to the Internet via personal computers, banks envision similar economic advantages by adapting those same internal electronic processes to home use.

Scope of Online Banking

• It is now widely believed that online banking will ultimately change the face of banking industry, slicing margins and weakening customer loyality.

• The Web has made it cheaper to deliver online banking services, and easier to do comparative shopping. It is also believed that the web will lead to a revolution in consumer banking.

• It is almost certainly the way most banking will be conducted in the not-too-distant future

Early Adopters of Online Banking Services

The existing online services available can be categorized according to the following:

Basic servicesChecking account balanceTransferring funds among accountsPayments of bills electronically

Advance servicesApplication for loansTrading stocks for mutual fundsViewing images of cheques and deposits

Client-based packaged software

The bank concerned supports a special software for the client. The client software connects the bank’s software using a modem and a phone line.

Some benefits are overshadowed when the client switches to a new bank which requires a new software and re-entry of data.

Internet-based

The general security-enabled Internet browser is enough to carry out online transactions with the bank. Its portability and low cost are offset by fewer features are less versatility.

The approaches to connect online banking are:

Early Adopters of Online Banking Services (Cont…)

Benefits of Online Banking

The online banking services are available seven days a week, 24 hours a day. The transactions are executed and conformed faster, as compared to ATM ( automatic teller machine) transactions.

For the small and mid-scale industries, online banking has made a lot of improvements to the performance of daily transactions.

Advantages of online banking Convenience: Unlike your corner bank, online banking sites never close; they're available 24 hours a day, seven days a week, and they're only a mouse click away.

Ubiquity: If you're out of state or even out of the country when a money problem arises, you can log on instantly to your online bank and take care of business, 24/7.

Transaction speed: Online bank sites generally execute and confirm transactions at or quicker than ATM processing speeds.

Efficiency: You can access and manage all of your bank accounts, including IRAs, CDs, even securities, from one secure site.

Effectiveness: Many online banking sites now offer sophisticated tools, including account aggregation, stock quotes, rate alerts and portfolio managing programs to help you manage all of your assets more effectively. Most are also compatible with money managing programs such as Quicken and Microsoft Money.

Drawback of Emerging Online Banking

A survey done in 1999, shows that although the absolute number of online bankers grew from 0.1 million to a total 6.3 million in 1998-1997, 3.1 million US adults have discontinued their use of online banking, according to Cybercitizen Finance from Cyber Dialogue.

In contrast to online banking, only 3% of investment traders who are online have discontinued trading online and 85% of current traders are satisfied with their services. As a result, the number of online traders has grown 53% from 4.0 million in July 1998 to 6.1 million in July 1999.

Disadvantages of online bankingStart-up may take time: In order to register for your bank's online

program, you will probably have to provide ID and sign a form at a bank branch. If you and your spouse wish to view and manage your assets together online, one of you may have to sign a durable power of attorney before the bank will display all of your holdings together.

Learning curve: Banking sites can be difficult to navigate at first. Plan to invest some time and/or read the tutorials in order to become comfortable in your virtual lobby.

Bank site changes: Even the largest banks periodically upgrade their online programs, adding new features in unfamiliar places. In some cases, you may have to re-enter account information.

The trust thing: For many people, the biggest hurdle to online banking is learning to trust it. Did my transaction go through? Did I push the transfer button once or twice? Best bet: always print the transaction receipt and keep it with your bank records until it shows up on your personal site and/or your bank statement.

What Makes Online Banking Secure

The customer authentication password are normally transmitted to the bank through either 40-bit or 128-bit SSL encryption technology.

The firewall security mechanism is commonly developed to keep the computer of a bank secure from bad users.

Besides three main areas of security, including password, encryption, and firewalls, banks include automatic log-off, random password generation and cracking.

Three strikes lockout is similar to a normal ATM transaction.

By monitoring traffic, the bank’s computer can detect intrusions.

Some Guidelines for Web-based Online Banking

The customer must have a personal identification number

(PIN) to login.

If no action is taken for a pre-specified time, the customer

should be automatically logged off from the online banking

service.

The page layout for online banking should be as simple as

possible.

Some services such as customizable market information,

utility bill payment, etc.

Some Guidelines for Web-based Online Banking (Cont…)

Figure: Security Measure for Online Banking

Electronic Cheque

1. CheckFree architecture

2. FSTC Electronic cheque architecture

The physical cheque processing already reached its optimum processing speed. The presence of electronic cheque gives a scope to improve efficiency of cheque settlement.

There was an initiative to transfer cheque image instead of paper cheque physically for transaction settlement.

At this moment, the electronic cheque available are:

CheckFree ArchitectureIn 1981, CheckFree started its electronic bill payment service. In September 1995, CheckFree offered the electronic cheque service, CheckFree Payment Services, on the Internet (Figure)

Figure: CheckFree architecture for electronics cheque issuance

FSTC Electronic Cheque

The electronic cheque architecture was developed by a project of Financial Services Technology Consortium (FSTC)

The electronic cheque is comprised of message integrity check, authentication and non-repudiation properties sufficient to prevent fraud against the banks and their customers.

The designed electronic cheque architecture can be compatible with a web-based transaction and/or with e-mail transaction.

Since the electronic cheque does not need real-time transaction, the e-chaque architecture can survive with network disruption and/or computer failure.

Electronic Cheque Concept

In the e-cheque architecture, the payer writes an e-cheque by structuring an electronic document with information legally required to be in a cheque and cryptographically signs it.

The payee receives the e-cheque, verifies the payer’s signature, endorses the e-cheque, writes out a deposit, and signs the deposit.

The payee’s bank verifies the payer’s and the payee’s signatures, credits the payee’s account and forwards the cheque for clearing and settlement.

The payer’s bank verifies the payer’s signature and debits the payer’s account.

Electronic Cheque Concept

Figure: E-cheque concept

The e-cheque system prevents fraud without relaying on

encryption, since widespread availability of strong standard

encryption is not available.

Fraud Prevention and Privacy Issues

The features used in e-cheque to prevent frauds are:

1. Duplicate detection

2. Payee identification

3. Electronic account number

4. Cryptography attached invoices

Fraud Prevention and Privacy Issues

Duplicate detection:Each cheque is guaranteed to be unique by the operation of the e-

cheque book.

Payee identification:The cheque book that provides for cheque to be made out to the payee’s bank has information which uniquely identifies the payee.

Electronic account number:The account in the account block is a randomly chosen number assigned by the bank for the purpose of writing and depositing e-cheques.

Cryptography attached invoices:Invoice and attachment blocks can be sent with the e-cheque blocks to provide the details for the purpose of the payment.

The privacy of transmission can be achieved by placing the e-cheque inside an encrypted envelop according to the e-cheque architecture.

Electronic Cash

Electronic cash is still under research and watch list.

Electronic cash, broadly defined, includes both smart card based tokens of value and digital coins.

As the digital cash is represented by a series of bits, it is easier to copy. The bank has to ensure that any copies of the digital cash created by a valid user or by a hostile third party, will be unspendable, or at least very easy to detect.

Smart Card e-cash

Smart card e-cash uses an active computing device resided normally in a plastic casing similar to a magnetic-stripe card.

Smart cards have evolved from three generations.

1st generation: needs physical contact of a card to complete the transaction2nd generation: upgraded to the proximity cards, where the data exchange needs no contact but some infrared or magnetic emission to perform as the communication media.3rd generation: adds the features like numeric key pad, display panel driven by solar or battery power on the top of a proximity card.

Basic smart card’s formation can be classified as:

1. Unprotected memory cards- Simple application code to specify both money and the

user identity are engraved.- It is mainly used as pre-paid phone card.

2. Wired logic memory cards, and- This type of card contains hard-wired data protection.- Re-loadable smart cards used in certain hand phones.

3. Microprocessor cards.- Have 8-bit microprocessor with the OS in ROM along

with a working RAM and ROM

Smart Card e-cash (Cont…)

Smartcard1. Card that contains encapsulated

electronics and can be used for various forms of electronic commerce (and other things)

2. The Private key is generated in the crypto module residing in the smart card.

3. The key is kept in the memory of the smart card.

4. The key is highly secured as it doesn’t leave the card, the message digest is sent inside the card for signing, and the signatures leave the card.

5. The card gives mobility to the key and signing can be done on any system. (Having smart card reader)

Prepaid smartcard options

• Memory card– Memory plus password/PIN protection

• Shared-secret– Mutual authentication of any terminal sharing the secret

• Signature-carrying– Carries signatures created by institution

• Signature-creating– Hardware to create signature based on secret key

Smartcard merits

• Memory– Closed system: single institution– No authentication of terminal

• Shared-secret– Requires encapsulated module in terminal, one

to carry each card secret– One secret per institution implies that all cards

of that institution can be compromised

Smartcard merits (con’t)

• Signature– Terminals need only public keys– Easy to handle multiple institutions

• All but signature-carrying have unique card identity, and hence institutions can invade privacy by linking transactions

Hard vs. digital cash

Withdraw

Deposit

Digital cash010110101101010111010110101011010110101011010110101011010101101010110111101011111011010000000110101010110101

Since digital cash is represented by data, it is easily replicated. How do we prevent:

•Counterfeiting?

•Multiple spending?

What is a digital cash token?

Unique identifier

Value attribute

Bank digital signature

Bitstring

Preventscounterfeiting

Preventsspending more than once

Financial institution perspectiveConsumer’s demand deposit

Branch ATM Digital branch

Currency in wallet

Currency in smartcard

Merchant

Merchant’s demand deposit

Vault cash Digital cashliability

Payment

Deposit

Withdrawal

May returnas moredigital cash

Digital cash must be deposited

Consumer wallet Consumer smartcard

Merchant Merchant

Hard currency

Spend Deposit

Digital cash

Deposit

Withdrawas newdigital cash

Possible characteristics of digital cash

• Anonymity of consumer– Merchant knows who paid, but that information

is not inherent to the digital cash itself– Financial institution knows what merchant

deposited

• Attribution of cheating– Double spending

• Authorized traces

Computer e-cash

Computer e-cash or cyber cash is stored in the computer hard disk.

The transaction of this form of cash can be performed over a modem and the Internet.

In this format of e-cash, the user collects tokens securely from a monetary institution and retains them in the computer.

Users can withdraw e-cash from a bank and use them to pay other users.

Each e-cash coin has a randomly generated serial number.

Some e-cash deployment policies such as Mondex, can use combined smart card and off-line computer network to perform e-cash transfer.

Ecash is a patented e-cash transaction policy by DigiCash of Holland.

E-cash techniques

Thank You