chapter 7 online banking. online banking online banking isn't out to change your money habits....
TRANSCRIPT
Chapter 7
Online Banking
Online Banking• Online banking isn't out to change your money habits. It simply uses
today's technology to give you the option of bypassing the time-consuming, paper-based aspects of traditional banking in order to manage your finances more quickly and efficiently.
• Origin of online bankingThe advent of the Internet and the popularity of personal computers presented both an opportunity and a challenge for the banking industry.
• For years, financial institutions have used powerful computer networks to automate millions of daily transactions; today, often the only paper record is the customer's receipt at the point of sale. Now that its customers are connected to the Internet via personal computers, banks envision similar economic advantages by adapting those same internal electronic processes to home use.
Scope of Online Banking
• It is now widely believed that online banking will ultimately change the face of banking industry, slicing margins and weakening customer loyality.
• The Web has made it cheaper to deliver online banking services, and easier to do comparative shopping. It is also believed that the web will lead to a revolution in consumer banking.
• It is almost certainly the way most banking will be conducted in the not-too-distant future
Early Adopters of Online Banking Services
The existing online services available can be categorized according to the following:
Basic servicesChecking account balanceTransferring funds among accountsPayments of bills electronically
Advance servicesApplication for loansTrading stocks for mutual fundsViewing images of cheques and deposits
Client-based packaged software
The bank concerned supports a special software for the client. The client software connects the bank’s software using a modem and a phone line.
Some benefits are overshadowed when the client switches to a new bank which requires a new software and re-entry of data.
Internet-based
The general security-enabled Internet browser is enough to carry out online transactions with the bank. Its portability and low cost are offset by fewer features are less versatility.
The approaches to connect online banking are:
Early Adopters of Online Banking Services (Cont…)
Benefits of Online Banking
The online banking services are available seven days a week, 24 hours a day. The transactions are executed and conformed faster, as compared to ATM ( automatic teller machine) transactions.
For the small and mid-scale industries, online banking has made a lot of improvements to the performance of daily transactions.
Advantages of online banking Convenience: Unlike your corner bank, online banking sites never close; they're available 24 hours a day, seven days a week, and they're only a mouse click away.
Ubiquity: If you're out of state or even out of the country when a money problem arises, you can log on instantly to your online bank and take care of business, 24/7.
Transaction speed: Online bank sites generally execute and confirm transactions at or quicker than ATM processing speeds.
Efficiency: You can access and manage all of your bank accounts, including IRAs, CDs, even securities, from one secure site.
Effectiveness: Many online banking sites now offer sophisticated tools, including account aggregation, stock quotes, rate alerts and portfolio managing programs to help you manage all of your assets more effectively. Most are also compatible with money managing programs such as Quicken and Microsoft Money.
Drawback of Emerging Online Banking
A survey done in 1999, shows that although the absolute number of online bankers grew from 0.1 million to a total 6.3 million in 1998-1997, 3.1 million US adults have discontinued their use of online banking, according to Cybercitizen Finance from Cyber Dialogue.
In contrast to online banking, only 3% of investment traders who are online have discontinued trading online and 85% of current traders are satisfied with their services. As a result, the number of online traders has grown 53% from 4.0 million in July 1998 to 6.1 million in July 1999.
Disadvantages of online bankingStart-up may take time: In order to register for your bank's online
program, you will probably have to provide ID and sign a form at a bank branch. If you and your spouse wish to view and manage your assets together online, one of you may have to sign a durable power of attorney before the bank will display all of your holdings together.
Learning curve: Banking sites can be difficult to navigate at first. Plan to invest some time and/or read the tutorials in order to become comfortable in your virtual lobby.
Bank site changes: Even the largest banks periodically upgrade their online programs, adding new features in unfamiliar places. In some cases, you may have to re-enter account information.
The trust thing: For many people, the biggest hurdle to online banking is learning to trust it. Did my transaction go through? Did I push the transfer button once or twice? Best bet: always print the transaction receipt and keep it with your bank records until it shows up on your personal site and/or your bank statement.
What Makes Online Banking Secure
The customer authentication password are normally transmitted to the bank through either 40-bit or 128-bit SSL encryption technology.
The firewall security mechanism is commonly developed to keep the computer of a bank secure from bad users.
Besides three main areas of security, including password, encryption, and firewalls, banks include automatic log-off, random password generation and cracking.
Three strikes lockout is similar to a normal ATM transaction.
By monitoring traffic, the bank’s computer can detect intrusions.
Some Guidelines for Web-based Online Banking
The customer must have a personal identification number
(PIN) to login.
If no action is taken for a pre-specified time, the customer
should be automatically logged off from the online banking
service.
The page layout for online banking should be as simple as
possible.
Some services such as customizable market information,
utility bill payment, etc.
Some Guidelines for Web-based Online Banking (Cont…)
Figure: Security Measure for Online Banking
Electronic Cheque
1. CheckFree architecture
2. FSTC Electronic cheque architecture
The physical cheque processing already reached its optimum processing speed. The presence of electronic cheque gives a scope to improve efficiency of cheque settlement.
There was an initiative to transfer cheque image instead of paper cheque physically for transaction settlement.
At this moment, the electronic cheque available are:
CheckFree ArchitectureIn 1981, CheckFree started its electronic bill payment service. In September 1995, CheckFree offered the electronic cheque service, CheckFree Payment Services, on the Internet (Figure)
Figure: CheckFree architecture for electronics cheque issuance
FSTC Electronic Cheque
The electronic cheque architecture was developed by a project of Financial Services Technology Consortium (FSTC)
The electronic cheque is comprised of message integrity check, authentication and non-repudiation properties sufficient to prevent fraud against the banks and their customers.
The designed electronic cheque architecture can be compatible with a web-based transaction and/or with e-mail transaction.
Since the electronic cheque does not need real-time transaction, the e-chaque architecture can survive with network disruption and/or computer failure.
Electronic Cheque Concept
In the e-cheque architecture, the payer writes an e-cheque by structuring an electronic document with information legally required to be in a cheque and cryptographically signs it.
The payee receives the e-cheque, verifies the payer’s signature, endorses the e-cheque, writes out a deposit, and signs the deposit.
The payee’s bank verifies the payer’s and the payee’s signatures, credits the payee’s account and forwards the cheque for clearing and settlement.
The payer’s bank verifies the payer’s signature and debits the payer’s account.
Electronic Cheque Concept
Figure: E-cheque concept
The e-cheque system prevents fraud without relaying on
encryption, since widespread availability of strong standard
encryption is not available.
Fraud Prevention and Privacy Issues
The features used in e-cheque to prevent frauds are:
1. Duplicate detection
2. Payee identification
3. Electronic account number
4. Cryptography attached invoices
Fraud Prevention and Privacy Issues
Duplicate detection:Each cheque is guaranteed to be unique by the operation of the e-
cheque book.
Payee identification:The cheque book that provides for cheque to be made out to the payee’s bank has information which uniquely identifies the payee.
Electronic account number:The account in the account block is a randomly chosen number assigned by the bank for the purpose of writing and depositing e-cheques.
Cryptography attached invoices:Invoice and attachment blocks can be sent with the e-cheque blocks to provide the details for the purpose of the payment.
The privacy of transmission can be achieved by placing the e-cheque inside an encrypted envelop according to the e-cheque architecture.
Electronic Cash
Electronic cash is still under research and watch list.
Electronic cash, broadly defined, includes both smart card based tokens of value and digital coins.
As the digital cash is represented by a series of bits, it is easier to copy. The bank has to ensure that any copies of the digital cash created by a valid user or by a hostile third party, will be unspendable, or at least very easy to detect.
Smart Card e-cash
Smart card e-cash uses an active computing device resided normally in a plastic casing similar to a magnetic-stripe card.
Smart cards have evolved from three generations.
1st generation: needs physical contact of a card to complete the transaction2nd generation: upgraded to the proximity cards, where the data exchange needs no contact but some infrared or magnetic emission to perform as the communication media.3rd generation: adds the features like numeric key pad, display panel driven by solar or battery power on the top of a proximity card.
Basic smart card’s formation can be classified as:
1. Unprotected memory cards- Simple application code to specify both money and the
user identity are engraved.- It is mainly used as pre-paid phone card.
2. Wired logic memory cards, and- This type of card contains hard-wired data protection.- Re-loadable smart cards used in certain hand phones.
3. Microprocessor cards.- Have 8-bit microprocessor with the OS in ROM along
with a working RAM and ROM
Smart Card e-cash (Cont…)
Smartcard1. Card that contains encapsulated
electronics and can be used for various forms of electronic commerce (and other things)
2. The Private key is generated in the crypto module residing in the smart card.
3. The key is kept in the memory of the smart card.
4. The key is highly secured as it doesn’t leave the card, the message digest is sent inside the card for signing, and the signatures leave the card.
5. The card gives mobility to the key and signing can be done on any system. (Having smart card reader)
Prepaid smartcard options
• Memory card– Memory plus password/PIN protection
• Shared-secret– Mutual authentication of any terminal sharing the secret
• Signature-carrying– Carries signatures created by institution
• Signature-creating– Hardware to create signature based on secret key
Smartcard merits
• Memory– Closed system: single institution– No authentication of terminal
• Shared-secret– Requires encapsulated module in terminal, one
to carry each card secret– One secret per institution implies that all cards
of that institution can be compromised
Smartcard merits (con’t)
• Signature– Terminals need only public keys– Easy to handle multiple institutions
• All but signature-carrying have unique card identity, and hence institutions can invade privacy by linking transactions
Hard vs. digital cash
Withdraw
Deposit
Digital cash010110101101010111010110101011010110101011010110101011010101101010110111101011111011010000000110101010110101
Since digital cash is represented by data, it is easily replicated. How do we prevent:
•Counterfeiting?
•Multiple spending?
What is a digital cash token?
Unique identifier
Value attribute
Bank digital signature
Bitstring
Preventscounterfeiting
Preventsspending more than once
Financial institution perspectiveConsumer’s demand deposit
Branch ATM Digital branch
Currency in wallet
Currency in smartcard
Merchant
Merchant’s demand deposit
Vault cash Digital cashliability
Payment
Deposit
Withdrawal
May returnas moredigital cash
Digital cash must be deposited
Consumer wallet Consumer smartcard
Merchant Merchant
Hard currency
Spend Deposit
Digital cash
Deposit
Withdrawas newdigital cash
Possible characteristics of digital cash
• Anonymity of consumer– Merchant knows who paid, but that information
is not inherent to the digital cash itself– Financial institution knows what merchant
deposited
• Attribution of cheating– Double spending
• Authorized traces
Computer e-cash
Computer e-cash or cyber cash is stored in the computer hard disk.
The transaction of this form of cash can be performed over a modem and the Internet.
In this format of e-cash, the user collects tokens securely from a monetary institution and retains them in the computer.
Users can withdraw e-cash from a bank and use them to pay other users.
Each e-cash coin has a randomly generated serial number.
Some e-cash deployment policies such as Mondex, can use combined smart card and off-line computer network to perform e-cash transfer.
Ecash is a patented e-cash transaction policy by DigiCash of Holland.
E-cash techniques
Thank You