Beruflich Dokumente
Kultur Dokumente
NO
1
2
chapter
Introduction of internet banking
Entry of Indian banks into net banking
4
5
6
Page no
Index
Chapter1
Introduction of internet banking
1.1
1.2
1.3
1.4
1.5
1.6
introduction
definition
History
Features
Advantages
Disadvantages
1.1 Introduction
Online banking is an electronic payment system that enables customers of a
financial institution to conduct financial transactions on a website operated by the
institution, such as a retail bank, virtual bank, credit union or building society.
Online banking is also referred as Internet banking, e-banking, virtual banking
and by other terms.
To access a financial institution's online banking facility, a customer with Internet
access would need to register with the institution for the service, and set up some
password (under various names) for customer verification. The password for online
banking is normally not the same as for telephone banking. Financial institutions
now routinely allocate customers numbers (also under various names), whether or
not customers have indicated an intention to access their online banking facility.
Customers' numbers are normally not the same as account numbers, because a
number of customer accounts can be linked to the one customer number. The
customer can link to the customer number any account which the customer
controls, which may be cheque, savings, loan, credit card and other accounts.
Customer numbers will also not be the same as any debit or credit card issued by
the financial institution to the customer.
To access online banking, a customer would go to the financial institution's secured
website, and enter the online banking facility using the customer number and
password previously setup. Some financial institutions have set up additional
security steps for access to online banking, but there is no consistency to the
approach adopted.
1.2 Definition Online banking refers to banking services where depositors can manage more
aspects of their accounts over the Internet, rather than visiting a branch or using the
telephone. Online banking typically is comprised of a secure connection to banking
information through the depositors home computer or another device.
Techopedia explains Online Banking
Online banking offers several main benefits to depositors. It provides a real-time
view of finances and eliminates the need for numerous visits to a bank teller. It can
also take the place of balancing a checkbook and other tedious tasks common to
paper-based banking. Depositors can monitor each transaction in an accessible user
interface to understand how credits, deposits, deductions and payments affect their
account's balance.
Banks that offer online banking are sometimes called "brick-to-click." Many of
these banks still provide branch services but support online options. This
distinguishes them from brick-and-mortar banks, which offer no online services.
6
1.3 History
The precursor for the modern home online banking services were the distance
banking services over electronic media from the early 1980s. The term online
became popular in the late '80s and referred to the use of a terminal, keyboard and
TV (or monitor) to access the banking system using a phone line. 'Home banking'
can also refer to the use of a numeric keypad to send tones down a phone line with
instructions to the bank. Online services started in New York in 1981 when four of
the city's major banks) offered home banking services. using the video tax system.
Because of the commercial failure of video tax these banking services never
became popular except in France where the use of video tax was subsidized by the
telecom provider and the UK, where the Pestle system was used.
When the clicks-and-bricks euphoria hit in the late 1990s, many banks began to
view Web-based banking as a strategic imperative. The attraction of banks to
online banking are fairly obvious: diminished transaction costs, easier integration
of services, interactive marketing capabilities, and other benefits that boost
7
customer lists and profit margins. Additionally, Web banking services allow
institutions to bundle more services into single packages, thereby luring customers
and minimizing overhead.
A mergers-and-acquisitions wave swept the financial industries in the mid-and late
1998s, greatly expanding banks' customer bases. Following this, banks looked to
the Web as a way of maintaining their customers and building loyalty. A number of
different factors are causing bankers to shift more of their business to the virtual
realm.
While financial institutions took steps to implement e-banking services in the mid1990s, many consumers were hesitant to conduct monetary transactions over the
web. It took widespread adoption of electronic commerce, based on trailblazing
companies such as America Online, Amazon.com and eBay, to make the idea of
paying for items online widespread. By 2000, 80 percent of U.S. banks offered ebanking. Customer use grew slowly. At Bank of America, for example, it took 10
years to acquire 2 million e-banking customers. However, a significant cultural
change took place after the Y2K scare ended. In 2001, Bank of America became
the first bank to top 3 million online banking customers, more than 20 percent of
its customer base. In comparison, larger national institutions, such as Citigroup
claimed 2.2 million online relationships globally, while J.P. Morgan Chase
estimated it had more than 750,000 online banking customers. Wells Fargo had 2.5
million online banking customers, including small businesses. Online customers
proved more loyal and profitable than regular customers. In October 2001, Bank of
America customers executed a record 3.1 million electronic bill payments, totaling
more than $1 billion. In 2009, a report by Gartner Group estimated that 47 percent
of U.S. adults and 30 percent in the United Kingdom bank online.
8
The UK's first home online banking services known as Home link was set up by
Bank of Scotland for customers of the Nottingham Building Society (NBS) in
1983. The system used was based on the UK's Pestle view link system and used a
computer, such as the BBC Micro, or keyboard (Tan data Td1400) connected to the
telephone system and television set. The system allowed on-line viewing of
statements, bank transfers and bill payments. In order to make bank transfers and
bill payments, a written instruction giving details of the intended recipient had to
be sent to the NBS who set the details up on the Home link system. Typical
recipients were gas, electricity and telephone companies and accounts with other
banks. Details of payments to be made were input into the NBS system by the
account holder via Pestle. A cheque was then sent by NBS to the payee and an
advice giving details of the payment was sent to the account holder. BACS was
later used to transfer the payment directly.
Stanford Federal Credit Union was the first financial institution to offer online
internet banking services to all of its members in October 1994.
Today, many banks are internet only banks. Unlike their predecessors, these
internet only banks do not maintain brick and mortar bank branches. Instead, they
typically differentiate themselves by offering better interest rates and more
extensive online banking features.
.
1.4 Features
We are always looking at ways of providing you with the best service
possible.With Internet Banking you have access to all the online banking features
you expect plus more, including SMS banking services and increased online
security with the BOQ Security Token.
Key features
All the key features of Internet Banking are explained for you:
balance and transaction history search
transaction history export
order new statements
Mobile banking
10
transfers
pay bills with BPAY
receive bills online with BPAY View
Pay Anyone payments
Multi Payments
Foreign currency calculator
International and RTGS payments
Open or apply for selected accounts
Daily Limits Packages for BPAY, Pay Anyone and Multi Payments
SMS banking services
extra online security with the BOQ Security Token
Business features
If you have a business, find out how Internet Banking can assist you:
payments file upload
direct debit payments and payment templates
11
13
14
Chapter 2
15
16
17
2.1 introduction
facility.
At present, the total Internet users in the country are estimated at 9 lakh.
However, this is expected to grow exponentially to 90 lakh by 2003. Only
about 1% of Internet users did banking online in 1998. This increased to
16.7% in March 2000.* The growth potential is, therefore, immense. Further
incentives provided by banks would dissuade customers from visiting
physical branches, and thus get hooked to the convenience of arm-chair
banking. The facility of accessing their accounts from anywhere in the world
by using a home computer with Internet connection, is particularly
fascinating to Non-Resident Indians and High Net worth Individuals having
Global Trust Bank Ltd., UTI Bank Ltd., Bank of Madura Ltd., Federal Bank
Ltd. etc. Recent entrants in Internet banking are Allahabad Bank (for its
corporate customers through its Allnet service) and Bank of Punjab Ltd.
State Bank of India has announced that it will be providing such services
soon. Certain banks like ICICI Bank Ltd., have gone a step further within
the transactional stage of Internet banking by allowing transfer of funds by
an account holder to any other account holder of the bank.
Some of the more aggressive players in this area such as ICICI Bank Ltd.,
HDFC Bank Ltd., UTI Bank Ltd., Citibank, Global Trust Bank Ltd. and
Bank of Punjab Ltd. offer the facility of receipt, review and payment of bills
on-line. These banks have tied up with a number of utility companies. The
Infinity service of ICICI Bank Ltd. also allows online real time shopping
mall payments to be made by customers. HDFC Bank Ltd. has made eshopping online and real time with the launch of its payment gateway. It has
tied up with a number of portals to offer business-to-consumer (B2C) ecommerce transactions. The first online real time e-commerce credit card
transaction in the country was carried out on the Easy3shoppe.com shopping
mall, enabled by HDFC Bank Ltd. on a VISA card.
Banks like ICICI Bank Ltd., HDFC Bank Ltd. etc. are thus looking to
position themselves as one stop financial shops. These banks have tied up
with computer training companies, computer manufacturers, Internet
Services Providers and portals for expanding their Net banking services, and
widening their customer base. ICICI Bank Ltd. has set up a web based joint
venture for on-line distribution of its retail banking products and services on
the Internet, in collaboration with Satyam Infoway, a private ISP through a
portal named as icicisify.com. The customer base of www.satyamonline.com
portal is also available to the bank. Setting up of Internet kiosks and
20
permeation through the cable television route to widen customer base are
other priority areas in the agendas of the more aggressive players. Centurion
Bank Ltd. has taken up equity stake in the teauction.com portal, which aims
to bring together buyers, sellers, registered brokers, suppliers and
associations in the tea market and substitute their physical presence at the
auctions announced.
Banks providing Internet banking services have been entering into
agreements with their customers setting out the terms and conditions of the
services. The terms and conditions include information on the access
through user-id and secret password, minimum balance and charges,
authority to the bank for carrying out transactions performed through the
service, liability of the user and the bank, disclosure of personal information
for statistical analysis and credit scoring also, non-transferability of the
facility, notices and termination, etc.
The race for market supremacy is compelling banks in India to adopt the
latest technology on the Internet in a bid to capture new markets and
customers. HDFC Bank Ltd. with its Freedom- the e-Age Saving Account
Service, Citibank with Suvidha and ICICI Bank Ltd. with its Mobile
Commerce service have tied up with cell phone operators to offer Mobile
Banking to their customers. Global Trust Bank Ltd. has also announced that
it has tied up with cellular operators to launch mobile banking services.
Under Mobile Banking services, customers can scan their accounts to seek
balance and payments status or instruct banks to issue cheques, pay bills or
deliver statements of accounts. It is estimated that by 2003, cellular phones
will have become the premier Internet access device, outselling personal
computers. Mobile banking will further minimize the need to visit a bank
branch.
21
Compared to banks abroad, Indian banks offering online services still have
a long way to go. For online banking to reach a critical mass, there has to be
sufficient number of users and the sufficient infrastructure in place. The
Infinity product of ICICI Bank Ltd. gets only about 30,000 hits per month,
with around 3,000 transactions taking place on the Net per month through
this service. Though various security options like line encryption, branch
connection encryption, firewalls, digital certificates, automatic sign-offs,
random pop-ups and disaster recovery sites are in place or are being looked
at, there is as yet no Certification Authority in India offering Public Key
Infrastructure which is absolutely necessary for online banking. The
customer can only be assured of a secured conduit for its online activities if
an authority certifying digital signatures is in place. The communication
bandwidth available today in India is also not enough to meet the needs of
high priority services like online banking and trading. Banks offering online
facilities need to have an effective disaster recovery plan along with
comprehensive risk management measures. Banks offering online facilities
also need to calculate their downtime losses, because even a few minutes of
downtime in a week could mean substantial losses. Some banks even today
do not have uninterrupted power supply unit or systems to take care of
prolonged power breakdown. Proper encryption of data and effective use of
passwords are also matters that leave a lot to be desired. Systems and
processes have to be put in place to ensure that errors do not take place.
Users of Internet Banking Services are required to fill up the application
forms online and send a copy of the same by mail or fax to the bank. A
contractual agreement is entered into by the customer with the bank for
22
using the Internet banking services. In this way, personal data in the
applications forms is being held by the bank providing the service. The
contract details are often one-sided, with the bank having the absolute
discretion to amend or supplement any of the terms at any time. For these
reasons domestic customers for whom other access points such as ATMs,
telebanking, personal contact, etc. are available, are often hesitant to use the
Internet banking services offered by Indian banks. Internet Banking, as an
additional delivery channel, may, therefore, be attractive / appealing as a
value added service to domestic customers. Non-resident Indians for whom
it is expensive and time consuming to access their bank accounts maintained
in India find net banking very convenient and useful.
The Internet is in the public domain whereby geographical boundaries are
eliminated. Cyber crimes are therefore difficult to be identified and
controlled. In order to promote Internet banking services, it is necessary that
the proper legal infrastructure is in place. Government has introduced the
Information Technology Bill, which has already been notified in October
2000. Section 72 of the Information Technology Act, 2000 casts an
obligation of confidentiality against disclosure of any electronic record,
register, correspondence and information, except for certain purposes and
violation of this provision is a criminal offence. Notification for appointment
of Authorities to certify digital signatures, ensuring confidentiality of data, is
likely to be issued in the coming months. Comprehensive enactments like
the Electronic Funds Transfer Act in U.K. and data protection rules and
regulations in the developed countries are in place abroad to prevent
unauthorized access to data, malafide or otherwise, and to protect the
individuals rights of privacy. The legal issues are, however, being debated
23
in our country and it is expected that some headway will be made in this
respect in the near future.
Notwithstanding the above drawbacks, certain developments taking place at
present, and expected to take place in the near future, would create a
conducive environment for online banking to flourish. For example, Internet
usage is expected to grow with cheaper bandwidth cost. The Department of
Telecommunications (DOT) is moving fast to make available additional
bandwidth, with the result that Internet access will become much faster in
the future. This is expected to give a fillip to Internet banking in India.
The proposed setting up of a Credit Information Bureau for collecting and
sharing credit information on borrowers of lending institutions online would
give a fillip to electronic banking. The deadline set by the Chief Vigilance
Commissioner for computerization of not less than 70 percent of the bank's
business by end of January 2001 has also given a greater thrust to
development of banking technology. The recommendations of the
Vasudevan Committee on Technological Up gradation of Banks in India
have also been circulated to banks for implementation. In this background,
banks are moving in for dation on a technological upgrade large scale.
Internet banking is expected to get a boost from such developments.
Reserve Bank of India has taken the initiative for facilitating real time funds
transfer through the Real Time Gross Settlement (RTGS) System. Under the
RTGS system, transmission, processing and settlements of the instructions
will be done on a continuous basis. Gross settlement in a real time mode
eliminates credit and liquidity risks. Any member of the system will be able
to access it through only one specified gateway in order to ensure rigorous
access control measures at the user level. The system will have various
levels of security, viz., Access security, 128 bit cryptography, firewall,
24
are part of the project. Transfer of funds can be made through credit/debit/
smart cards and cheques, with the central payment switch enabling the
transactions. Banks are showing interest in this new concept, which will
facilitate inter-bank funds transfers and other e-commerce transactions, thus
highlighting the role of banks in e-commerce as intermediaries between
buyers and sellers in the whole payment process.
WAP (Wireless Application Protocol) telephony is the merger of mobile
telephony with the Internet. It offers two-way connectivity, unlike Mobile
Banking where the customer communicates to a mailbox answering
machine. Users may surf their accounts, download items and transact a
wider range of options through the cellphone screen. WAP may provide the
infrastructure for P2P (person to person) or P2M (person to merchant)
payments. It would be ideal for transactions that do not need any cash backup,
such as online investments. Use of this cutting edge technology could well
determine which bank obtains the largest market share in electronic banking.
IDBI Bank Ltd. has recently launched its WAP- based mobile phone banking
services (offering facilities such as banking enquiry, cheque book request,
statements request, details of the banks products etc).
At present, there are only 2.6 phone connections per 100 Indians, against the
world average of 15 connections per 100. The bandwidth capacity available
in the country is only 3.2 gigabits per second, which is around 60% of
current demand. Demand for bandwidth is growing by 350% a year in India.
With the help of the latest technology, Indian networks will be able to handle
40 gigabits of Net traffic per second (as compared to 10 gigabits per second
in Malaysia). Companies like Reliance, Bharti Telecom and the Tata Group
are investing billions of rupees to build fiber optic lines and telecom
infrastructure for data, voice and Internet telephony. The online population
26
has increased from just 500,000 in 1998 to 5 million in 2000. By 2015, the
online population is expected to reach 70 million. IT services is a $1.5
billion industry in India growing at a rate of 55% per annum. Keeping in
view all the above developments, Internet banking is likely to grow at a
rapid pace and most banks will enter into this area soon. Rapid strides are
already being made in banking technology in India and Internet banking is a
manifestation of this. Every day sees new tie-ups, innovations and strategies
being announced by banks. State Bank of India has recently announced its
intention to form an IT subsidiary. A sea change in banking services is on the
cards. It would, however, be essential to have in place a proper regulatory,
supervisory and legal framework, particularly as regards security of
transactions over the Net, for regulators and customers alike to be
comfortable with this form of banking.
Chapter 3
27
regulatory tool
3.5.1 adaption
3.5.2 operational risk
3.5.3 reputational risk
3.5.4 legalization
3.5.5 harmonization
3.5.6 integration
1.1 Introduction
28
Electronic banking has been around for some time in the form of automatic teller
machines and telephone transactions. More recently, it has been transformed by the
Internet, a new delivery channel for banking services that benefits both customers
and banks. Access is fast, convenient, and available around the clock, whatever the
customer's location (see illustration above). Plus, banks can provide services more
efficiently and at substantially lower costs. For example, a typical customer
transaction costing about $1 in a traditional "brick and mortar" bank branch or
$0.60 through a phone call costs only about $0.02 online.
Electronic banking also makes it easier for customers to compare banks' services
and products, can increase competition among banks, and allows banks to
penetrate new markets and thus expand their geographical reach. Some even see
electronic banking as an opportunity for countries with underdeveloped financial
systems to leapfrog developmental stages. Customers in such countries can access
services more easily from banks abroad and through wireless communication
systems,
which
are
developing
more
rapidly
than
traditional
"wired"
communication networks.
The flip side of this technological boom is that electronic banking is not only
susceptible to, but may exacerbate, some of the same risksparticularly
governance, legal, operational, and reputationalinherent in traditional banking.
In addition, it poses new challenges. In response, many national regulators have
already modified their regulations to achieve their main objectives: ensuring the
safety and soundness of the domestic banking system, promoting market
discipline, and protecting customer rights and the public trust in the banking
system. Policymakers are also becoming increasingly aware of the greater potential
impact of macroeconomic policy on capital movements.
29
In the United States, Internet banking is still concentrated in the largest banks. In
mid-2001, 44 percent of national banks maintained transactional websites, almost
double the number in the third quarter of 1999. These banks account for over 90
30
percent of national banking system assets. The larger banks tend to offer a wider
array of electronic banking services, including loan applications and brokerage
services. While most U.S. consumers have accounts with banks that offer Internet
services, only about 6 percent of them use these services.
To date, most banks have combined the new electronic delivery channels with
traditional brick and mortar branches ("brick and click" banks), but a small number
have emerged that offer their products and services predominantly, or only, through
electronic distribution channels. These "virtual" or Internet-only banks do not have
a branch network but might have a physical presence, for example, an
administrative office or non branch facilities like kiosks or automatic teller
machines. The United States has about 30 virtual banks; Asia has 2, launched in
2000 and 2001; and the European Union has severaleither as separately licensed
entities or as subsidiaries or branches of brick and mortar banks.
But the challenges are not limited to regulators. As the advent of e-banking quickly
changes the financial landscape and increases the potential for quick cross-border
capital movements, macroeconomic policymakers face several difficult questions.
If electronic banking does make national boundaries irrelevant by facilitating
capital movements, what does this imply for macroeconomic management?
How is monetary policy affected when, for example, the use of electronic
means makes it easier for banks to avoid reserve requirements, or when
31
one, the markets will provide the answer, possibly at a high economic cost. Further
research on policy-related issues in the period ahead is therefore critical. ities or as
subsidiaries or branches of brick and mortar banks.
3.4.2 Legal risk. Electronic banking carries heightened legal risks for banks.
Banks can potentially expand the geographical scope of their services faster
through electronic banking than through traditional banks. In some cases, however,
they might not be fully versed in a jurisdiction's local laws and regulations before
they begin to offer services there, either with a license or without a license if one is
not required. When a license is not required, a virtual banklacking contact with
its host country supervisormay find it even more difficult to stay abreast of
regulatory changes. As a consequence, virtual banks could unknowingly violate
customer protection laws, including on data collection and privacy, and regulations
on soliciting. In doing so, they expose themselves to losses through lawsuits or
crimes that are not prosecuted because of jurisdictional disputes.
Money laundering is an age-old criminal activity that has been greatly facilitated
by electronic banking because of the anonymity it affords. Once a customer opens
an account, it is impossible for banks to identify whether the
34
There are four key tools that regulators need to focus on to address the new
challenges posed by the arrival of e-banking.
3.5.1 Adaptation. In light of how rapidly technology is changing and what the
changes mean for banking activities, keeping regulations up to date has been, and
continues to be, a far-reaching, time-consuming, and complex task. In May 2001,
the Bank for International Settlements issued its "Risk Management Principles for
Electronic Banking," which discusses how to extend, adapt, and tailor the existing
risk-management framework to the electronic banking setting. For example, it
recommends that a bank's board of directors and senior management review and
approve the key aspects of the security control process, which should include
measures to authenticate the identity and nominal account holder is conducting a
transaction or even where the transaction is taking place. To combat money
laundering, many countries have issued specific guidelines on identifying
customers. They typically comprise recommendations for verifying an individual's
identity and address before a customer account is opened and for monitoring online
transactions, which requires great vigilance.
In a report issued in 2000, the Organization for Economic Cooperation and
Development's Financial Action Task Force raised another concern. With electronic
banking crossing national boundaries, whose regulatory authorities will investigate
and pursue money laundering violations? The answer, according to the task force,
lies in coordinating legislation and regulation internationally to avoid the creation
of safe havens for criminal activities.
banking. Security threats can come from inside or outside the system, so banking
regulators and supervisors must ensure that banks have appropriate practices in
place to guarantee the confidentiality of data, as well as the integrity of the system
and the data. Banks' security practices should be regularly tested and reviewed by
outside experts to analyze network vulnerabilities and recovery preparedness.
Capacity planning to address increasing transaction volumes and new
technological developments should take account of the budgetary impact of new
investments, the ability to attract staff with the necessary expertise, and potential
dependence on external service providers. Managing heightened operational risks
needs to become an integral part of banks' overall management of risk, and
supervisors need to include operational risks in their safety and soundness
evaluations.
37
Chapter 4
Types of internet banking
4.1
Informational I.B
38
4.2
4.3
communicative I.B
Transactional I.B
4.4
4.4.1
operational risk
credit risk
liquidity risk
effective, they must be conscious of different types of risks this form of banking
entails and have systems in place to manage the same. An important and distinctive
feature is that technology plays a significant part both as source and tool for
control of risks. Because of rapid changes in information technology, there is no
finality either in the types of risks or their control measures. Both evolve
continuously. The thrust of regulatory action in risk control has been to identify
risks in broad terms and to ensure that banks have minimum systems in place to
address the same and that such systems are reviewed on a continuous basis in
keeping with changes in technology. In the following paragraphs a generic set of
risks are discussed as the basis for formulating general risk control guidelines,
which this Group will address.
43
communication with all protocols, say HTTP , FTP , telnet etc. is more prone to
attack than one designed to permit say, only HTTP.
Choice of appropriate technology is a potential risk banks face. Technology which
is outdated, not scalable or not proven could land the bank in investment loss, a
vulnerable system and inefficient service with attendant operational and security
risks and also risk of loss of business.
Many banks rely on outside service providers to implement, operate and maintain
their e-banking systems. Although this may be necessary when banks do not have
the requisite expertise, it adds to the operational risk. The service provider gains
access to all critical business information and technical systems of the bank, thus
making the system vulnerable. In such a scenario, the choice of vendor, the
contractual arrangement for providing the service etc., become critical components
of banks security. Bank should educate its own staff and over dependencies on
these vendors should be avoided as far as possible.
Not updating banks system in keeping with the rapidly changing technology,
increases operational risk because it leaves holes in the security system of the
bank. Also, staff may fail to understand fully the nature of new technology
employed. Further, if updating is left entirely at customers end, it may not be
updated as required by the bank. Thus education of the staff as well as users plays
an important role to avoid operational risk.
Approaches to reduce security related operational risk are discussed in detail in
Chapter-6. These include access control, use of firewalls, cryptographic techniques,
public key encryption, digital signature etc.
Reputational risk is the risk of getting significant negative public opinion, which
may result in a critical loss of funding or customers. Such risks arise from actions
which cause major loss of the public confidence in the banks' ability to perform
critical functions or impair bank-customer relationship. It may be due to banks
own action or due to third party action.
The main reasons for this risk may be system or product not working to the
expectations of the customers, significant system deficiencies, significant security
breach (both due to internal and external attack), inadequate information to
customers about product use and problem resolution procedures, significant
problems with communication networks that impair customers access to their
funds or account information especially if there are no alternative means of
account access. Such situation may cause customer-discontinuing use of product or
the service. Directly affected customers may leave the bank and others may follow
if the problem is publicized.
Other reasons include losses to similar institution offering same type of services
causing customer to view other banks also with suspicion, targeted attacks on a
bank like hacker spreading inaccurate information about bank products, a virus
disturbing banks system causing system and data integrity problems etc.
Possible measures to avoid this risk are to test the system before implementation,
back-up facilities, contingency plans including plans to address customer problems
during system disruptions, deploying virus checking, deployment of ethical
hackers for plugging the loopholes and other security measures.
It is significant not only for a single bank but also for the system as a whole.
Under extreme circumstances, such a situation might lead to systemic disruptions
45
in the banking system as a whole. Thus the role of the regulator becomes even
more important as not even a single bank can be allowed to fail.
4.4.5.Legal risks
Legal risk arises from violation of, or non-conformance with laws, rules,
regulations, or prescribed practices, or when the legal rights and obligations of
parties to a transaction are not well established.
Given the relatively new nature of Internet banking, rights and obligations in some
cases are uncertain and applicability of laws and rules is uncertain or ambiguous,
thus causing legal risk.
Other reasons for legal risks are uncertainty about the validity of some agreements
formed via electronic media and law regarding customer disclosures and privacy
protection. A customer inadequately informed about his rights and obligations, may
not take proper precautions in using Internet banking products or services, leading
to disputed transactions, unwanted suits against the bank or other regulatory
sanctions.
In the enthusiasm of enhancing customer service, bank may link their Internet site
to other sites also. This may cause legal risk. Further, a hacker may use the linked
site to defraud a bank customer.
If banks are allowed to play a role in authentication of systems such as acting as a
Certification Authority, it will bring additional risks. A digital certificate is
intended to ensure that a given signature is, in fact, generated by a given signer.
Because of this, the certifying bank may become liable for the financial losses
incurred by the party relying on the digital certificate.
46
47
48
(a) Credit risk is the risk that a counter party will not settle an obligation for full
value, either when due or at any time thereafter. Banks may not be able to properly
evaluate the credit worthiness of the customer while extending credit through
remote banking procedures, which could enhance the credit risk. Presently, banks
generally deal with more familiar customer base. Facility of electronic bill
payment in Internet banking may cause credit risk if a third party intermediary fails
to carry out its obligations with respect to payment. Proper evaluation of the
creditworthiness of a customer and audit of lending process are a must to avoid
such risk.
9.3 Another facility of Internet banking is electronic money. It brings various types
of risks associated with it. If a bank purchases e-money from an issuer in order to
resell it to a customer, it exposes itself to credit risk in the event of the issuer
defaulting on its obligation to redeem electronic money,.
49
(b) Liquidity Risk arises out of a banks inability to meet its obligations when
they become due without incurring unacceptable losses, even though the bank may
ultimately be able to meet its obligations. It is important for a bank engaged in
electronic money transfer activities that it ensures that funds are adequate to cover
redemption and settlement demands at any particular time. Failure to do so, besides
exposing the bank to liquidity risk, may even give rise to legal action and
reputational risk.
Similarly banks dealing in electronic money face interest rate risk because of
adverse movements in interest rates causing decrease in the value of assets relative
to outstanding electronic money liabilities. Banks also face market risk because of
losses in on-and-off balance sheet positions arising out of movements in market
prices including foreign exchange rates. Banks accepting foreign currency in
payment for electronic money are subject to this type of risk.
. Risk of unfair competition: Internet banking is going to intensify the competition
among various banks. The open nature of Internet may induce a few banks to use
unfair practices to take advantage over rivals. Any leaks at network connection or
operating system etc., may allow them to interfere in a rival banks system.
Thus one can find that along with the benefits, Internet banking carries various
risks for bank itself as well as banking system as a whole. The rapid pace of
technological innovation is likely to keep changing the nature and scope of risks
banks face. These risks must be balanced against the benefits. Supervisory and
regulatory authorities are required to develop methods for identifying new risks,
assessing risks, managing risks and controlling risk exposure. But authorities need
to keep in consideration that the development and use of Internet banking are still
in their early stages, and policies that hamper useful innovation and
50
51
Chapter 5
RISK MANAGEMENT
PRINCIPLES
52
5.1 Meaning
5.1 The risk management principles set five broad and overlapping categories of
issues: Board and Management Oversight; Security Controls; Outsourcing
Management, Legal and Reputational Risk Management and Management of Cross
Border Activities. They are summarized below and discussed more specially.
5.2 The board of directors and senior management are responsible for developing
the authorized institutions business strategy and establishing an effective
management oversight over risks. Therefore they are expected to take an
explicit, informed and documented strategic decision as to whether and how
the authorized institution is to provide electronic banking services. They
Should also decide on the specific accountabilities, policies and controls to
address risks, as well as the review and approval of the key aspects of the
authorized institutions security control process and a process for managing
risks associated with outsourcing relationships and third-party dependencies.
5.3 The substance of the security control processes of authorized institutions
should include the establishment of appropriate authorization privileges and
authentication measures, logical and physical access controls, adequate
infrastructure security to maintain appropriate boundaries and restrictions on
both internal and external user activities and data integrity of transactions,
records and information. The existence of clear audit trails for all electronic
banking transactions should be ensured and measures to preserve confidentiality of
data and records should be appropriate with the sensitivity of such information.
Authorized institutions should maintain an ongoing awareness of attack threats and
train their staff in the technology controls they use and the relevant rules. Security
awareness training is also important for all users, including customers of
authorized institutions.
53
5.4 Some authorized institutions may rely on another unit of the same group (e.g.
head office) and outside service providers to operate and maintain systems or
business processes that support their electronic banking services. With increased
reliance upon partners and third party service providers, it lessens authorized
institutions direct control on electronic banking functions. Moreover, as electronic
banking applications and services have become more technologically advanced and
have grown in strategic importance, it may lead to increased risk concentrations
upon a small number of specialized third party vendors and service providers.
These factors underscore the need for a comprehensive and ongoing evaluation of
outsourcing relationship and other external dependencies. Therefore steps should
be taken to ensure that authorized institutions existing risk management processes,
security control process, due diligence and oversight processes for outsourcing
relationships are appropriately evaluated and modified to accommodate electronic
banking services.
5.5 Authorized institutions generally have a clear responsibility to provide their
customers with a level of comfort regarding information disclosures, protection of
customer data and business availability. To minimize and protect themselves
against legal and reputation risks associated with electronic banking activities,
authorized institutions should make adequate disclosure of information on their
web sites, take appropriate measures to ensure adherence to customer privacy
requirements and deliver electronic banking services on a consistent and timely
basis in accordance with high customer expectations for constant and rapid
availability and potentially high transaction demand. Authorized institutions should
have the ability to deliver electronic banking services to all end-users and be able
to maintain such availability in all circumstances. Effective incident response
mechanisms are also critical to minimize operational, legal and reputation risks
arising from unexpected events, including internal and external attacks, that may
54
affect the provision of electronic banking systems and services. To meet customers
expectations, authorized institutions should therefore have effective capacity,
business continuity and contingency planning. Authorized institutions should also
develop appropriate incident response plans, including communication strategies,
that ensure business continuity, control reputation risk and limit liability associated
with disruptions in their electronic banking services.
5.6 The Internet greatly facilitates an authorized institutions ability to distribute
products and services over virtually unlimited geographic territories. If an
authorized institution in one jurisdiction provides such cross border transactional
on-line banking products and services to residents of another jurisdiction without
any licensed physical presence in the host jurisdiction, it is subjected to
increased legal, regulatory and country risk due to the substantial differences that
may exist between jurisdictions with respect to licensing, supervision and customer
protection requirements. To avoid inadvertent non-compliance with a foreign
countrys laws or regulations, as well as to manage relevant country risk factors,
authorized institutions contemplating cross border electronic banking operations
need to fully explore these risks before undertaking such operations and effectively
manage them.
to identify, assess, monitor and control the risks associated with electronic banking.
For this reason, amongst others, the board and senior management should:
(a) conduct adequate up-front strategic review and thorough analysis of the costs,
benefits and risks before:
reaching the decisions to integrate electronic banking activities into the
corporate strategic goals;
establishing the authorized institutions risk appetite; and
choosing the level 3 of such services.
(b) assess the feasibility of the business plans and ascertain that the authorized
institution has sufficient financial, human and technical resources and expertise
(which may include in-house or outsourced expertise) as well as adequate risk
management and internal control procedures to provide electronic banking
services;
(c) establish policies and procedures that are fit for purpose to assess, monitor
and control the risks associated with electronic banking in a timely manner. These
include the establishment of:
key delegations and reporting mechanisms including the necessary escalation
procedures for incidents that impact the authorized institutions safety, soundness
or reputation;
where applicable, control measures to ensure compliance with the due diligence
requirements for non-face-to-face customers stipulated in relevant supervisory
guidelines (e.g. the AMCMs Anti-Money Laundering and Combating
the
56
(d) maintain a strong security control system for electronic banking activities in
order to manage and minimize security risks caused by potential internal and
external security threats.
(e) establish a comprehensive and ongoing due diligence and oversight process for
managing the authorized institutions outsourcing relationships and other third
party dependencies supporting electronic banking.
(f) put in place effective legal and reputational risk management controls, including
customer protection and education, information disclosures and a viable business
recovery and continuity plan throughout the authorized institution to ensure
continued availability of electronic banking services and to manage unexpected
events, including internal.
Typically, electronic banking services can be broadly categorized into three levels:
(i) informational, which provides the marketing information about an authorized
institutions products and services; (ii) simple transactional, which allows some
interaction between the authorized institutions system and the customer and which
may be limited to account inquiry, loan applications, static file updates, and
submission of information by customers, but do not permit any account transfers;
and (iii) advanced transactional, which allows customers to electronically transfer
funds to/from their accounts, pay bills, and conduct other transactions online etc.
and external attacks that may hamper the provision of electronic banking services
and (g) put in place effective management controls for its cross-border electronic
banking activities, if any.
5.2.2 In view of the constant changes occurring in the electronic banking
environment, the board and senior management should on a regular basis review
the relevant policies and procedures to ascertain that they are both appropriate and
timely to the nature and scope of electronic banking activities.
The board and senior management should assess the financial impact of the
57
58
5.3.2 To address and control the relevant risks and security threats in electronic
banking, the security control system of authorized institutions should meet with the
following objectives:
(a) Authentication. Authorized institutions should use reliable and appropriate
authentication methods to validate and verify the identity and authorization of their
electronic banking customers. The authentication method an authorized institution
chooses to use in a specific electronic banking application should be appropriate
and reasonable in light of the managements assessment of the risks in that
application. An authorized institution should weigh the cost of the authentication
method, including technology and procedures, against the level of protection it
affords and the value or sensitivity of the transaction or data to both itself and the
customers. Authorized institutions should also note that the constituents of a
reasonable system might change over time as technology and standard evolve. In
basic terms, the process of authentication is to validate the claimed identify of the
customer by verifying one or more of the three factors of what the customer
knows (usually a password or personal identification number), what the
customer has (such as a smart card, a security token or digital certificate) and
what the customer is (such as a biometric characteristic like a fingerprint or iris
pattern). Authentication methods that depend on more than one factor are typically
more difficult to compromise than single-factor system4 and would thereby
suggest a higher reliability authentication. The use of single factor authentication
alone is generally considered not adequate for sensitive communications, high
value transactions, third party transfers or privileged user access (i.e., network
administrators). Multi-factor techniques are necessary in those cases unless there
are adequate security measures, risk mitigating controls (e.g. in some authorized
institutions, third-party transfers are restricted to accounts that have been pre-
59
(c) Data and transaction integrity. Data integrity refers to the assurance that
information transmitted, processed or stored is not altered without authorization.
Failure to maintain the data integrity of transactions, records and information can
expose authorized institutions to financial losses as well as to substantial legal and
reputation risks. Authorized institutions should therefore ensure that appropriate
measures are in place to ascertain the accuracy, completeness and reliability of
information processed, transmitted, or stored. The common practices used to
maintain data integrity within an electronic banking environment include:
electronic banking transactions should be conducted in a manner that makes
them highly resistant to tampering throughout the entire process;
60
which they are not privileged. Authorization and access rights should base on job
responsibility and the necessity to have them to fulfill ones duties. In principle:
no person by virtue of rank or position should have any intrinsic right to access
confidential data, applications, system resources or facilities. Only employees with
proper authorization should be allowed to access confidential information and use
system resources solely for legitimate purposes;
no one should have concurrent access to both production systems and backup
systems, particularly data files and computer facilities; and
any person who needs to access backup files or system recovery resources
should be duly authorized for a specific reason and a specified time only.
applied customer identification process at the outset of its relationship with the
customer, in accordance with the AMCMs AML/CFT Guideline for Financial
Institutions .technologies to maintain confidentiality and integrity of sensitive
information, in particular customer information, while it is being transmitted over
the internal and external networks and also when it is stored inside the authorized
institutions internal systems. Cryptographic technologies can be used to protect
the confidentiality and integrity of sensitive information. Authorized institutions
should choose cryptographic technologies that are appropriate to the sensitivity and
importance of information and the extent of protection needed and, only those that
are making use of internationally recognized cryptographic algorithms where the
strengths of the algorithms have been subjected to extensive tests.
5.3.3 The security controls of authorized institutions may involve the use of
hardware and software tools and other security measures to deter unauthorized
access to all critical electronic banking systems, servers, networks, databases and
applications. In addition to the fulfillment of the objectives to safeguard the
authenticity and confidentiality of data and operating processes authorized
institutions should ensure an appropriate level of application security, put in place
infrastructure that conform to industry sound practices and implement other
controls sufficient to manage the unique security risks confronting them. The
relevant control considerations include but not limited to:
(a) ongoing awareness of attack sources, scenarios, and techniques;
(b) up-to-date equipment inventories and network maps;
(c) rapid identification and mitigation of vulnerabilities;
(d) network access controls over external connections;
(e) use of intrusion detection tools and intrusion response procedures; and
(f) physical security of all electronic banking computer equipment and media.
63
messages
on
customer
statements,
promotional
leaflets,
and
circumstances when frontline staff communicate with customers etc.) and oblige
them of their responsibilities to take reasonable measures.
5.3.6 The advice to customers on the need to take precautionary measures against
fraudulent websites and e-mails is particularly important. It has been noted that one
tactic frequently used by fraudsters is to send out emails that are purporting to be
sent by an authorized institution. The email normally requests the recipients to
make connection to a fake website via an embedded hyperlink and to trick the
recipients into revealing sensitive information such as electronic banking account
login names and passwords. The advice to be given by authorized institutions
should therefore include a reminder that customers should not access electronic
banking accounts through hyperlinks embedded in emails or Internet search
engines. Authorized institutions should keep themselves alert of the existence of
any fraudulent websites and should have made clear to their customers that they
would not ask for sensitive account and personal information via emails. In case
64
authorized institutions find any fraudulent website that looks similar to their own,
they are expected to:
(a) report the case to the Judiciary Police with advice to the AMCM;
(b) issue a press release to clarify that they have no connection with the fraudulent
website and, in case there were emails containing hyperlink to the fraudulent
website, that they have not sent such emails; and
(c) ask the customers who have conducted financial transactions through the
website to contact them for remedial actions.
5.4 OUTSOURCING MANAGEMENT
5.4.1 It has become quite common for authorized institutions to outsource certain
parts or all of their electronic banking operations, to an affiliate or third party
For example, to install anti-virus,
computers, to update the anti-virus and firewall products with security patches or
newer versions on a regular basis etc. The operations to be outsourced may
include the operating of software application, web site hosting and development,
Internet access, and customer service or call-centre maintenance etc.
In the case of stored value card schemes, the specific operations to be outsourced
may include, for example, balance enquiry functions, the uploading of value to the
cards and the transfer of value that has been service providers. Whatever the
reasons for outsourcing, authorized institutions should note that their
responsibilities and accountabilities would not be diminished or relieved by the
outsourcing of their operations. Specifically, their duty to maintain secrecy under
the Financial System Act, the Personal Data Protection Law and other statutory
provisions will continue to apply to them after outsourcing. Authorized institutions
should therefore provide effective oversight of the service providers activities to
identify and control the resulting risks and to ensure that their outsourcing
arrangements are in compliance with relevant statutory requirements. Authorized
65
internationally; and
(h) choice of law and jurisdiction for dispute resolution and access to information
by the authorized institution and relevant regulators.
5.4.4 Authorized institutions should require service providers to implement
security policies, procedures and controls that are at least as stringent as the
authorized institutions would expect for their own operations. They should also
require service providers to develop and implement viable contingency and
business continuity plans to ensure the continuity of their service and performance.
Such plans should be reviewed, updated and tested regularly by the service
providers in accordance with changing technological conditions and operational
requirements.
5.4.5 On a regular basis authorized institutions should conduct due diligence
reviews to evaluate whether service providers are capable of delivering the level of
performance, able to maintain an adequate level of security, and keep abreast of the
rapidly changing technology. Appropriate processes should also be established to
monitor the service providers financial condition, and contract compliance.
Authorized institutions should track the performance of the services provided
and/or any security problems or the service providers financial conditions through
online or periodic written reports from service providers. The information to be
required includes, but not limited to the following:
(a) Availability of service e.g. statistics regarding the frequency and duration
of service disruption (including the reasons for disruptions), up time and down
time percentages; and volume and type of access problems reported by customers;
(b) level and volumes of activities e.g. number of accounts serviced, web
pages viewed, number and percentage of new, active or inactive accounts; and
type, number and value of transactions;
67
the authorized institutions customer privacy and security policy and security
measures and reasonable precautions customers should take when accessing their
online accounts.
the jurisdictions to which the authorized institution intends to provide electronic
banking services or, conversely, the jurisdictions to which it does not intend to
provide its products and services; and
other information that may be appropriate or required by specific jurisdictions.
72
5.8.2 The Basel Committee has defined the provision of transactional online
products or services by an institution in one jurisdiction to residents of another
jurisdiction as cross border electronic banking. Given the developments affecting
issues of legal jurisdiction and choice of laws considerations with respect to crossborder commerce, institutions that engage in cross-border
for the different levels of electronic banking services. electronic banking may face
increased legal risk. Specifically, unless institutions conduct adequate due
diligence they run the risk of potential noncompliance with different laws and
regulations, including applicable consumer protection laws, advertising and
disclosure laws, record-keeping and reporting requirements, privacy rules and antimoney laundering laws in foreign jurisdictions.
5.8.3 Accordingly, prior to engaging in cross-border electronic banking activities,
all authorized institutions operating in Macao should prior consult the
AMCM, which needs to be satisfied that authorized institutions have:
(a) Conducted adequate and appropriate risk assessment and due diligence to
ensure that they can adequately manage the attendant risks and that they comply
with the laws and regulations of the foreign jurisdictions at which the electronic
banking services are directed; and
(b) Established an effective and ongoing risk management program for assessing,
controlling and monitoring risks arising from cross-border electronic banking
activities.
5.8.4 These authorized institutions are also expected to define and generally
mitigate their due diligence obligations by posting on their websites a disclaimer
that limits their on-line products and services to only the residents of specified
jurisdictions10, although the legal effect of such a disclaimer might be somewhat
uncertain. In addition, they should provide sufficient disclosure on their websites to
73
74
75
76
(f) an electronic banking strategy, which clearly outline the policies, practices and
procedures that address and control all of the risks associated with electronic
banking, has been developed and documented;
(g) the effectiveness of the implementation plan will be monitored on an ongoing
basis and updated periodically to take account of changes in technology, legal
developments and the business environment including external and internal threats
to information security; and
(h) relevant risks are monitored on an ongoing basis.
5.10.4 The AMCM will, in the course of its onsite examinations and offsite
reviews, determine as appropriate the adequacy of authorized institutions risk
management of electronic banking services based on the requirements set out in
this Guideline. Meanwhile, authorized institutions that are already offering
electronic banking services are expected to ensure that their existing systems,
including the arrangement for independent assessments, are in compliance with
this Guideline
Guideline.
77
Chapter 6
Internet Banking in India Guidelines
6.1 Introduction
6.2 Technology and security stander
6.3 Legal issue
78
thoroughly inspects all packets of information, and past and present transactions
are compared. These generally include a real time security alert.
e. All the systems supporting dial up services through modem on the same LAN as
the application server should be isolated to prevent intrusions into the network as
this may bypass the proxy server.
f. PKI (Public Key Infrastructure) is the most favored technology for secure
Internet banking services. However, as it is not yet commonly available, banks
should use the following alternative system during the transition, until the PKI is
put in place:
1. Usage of SSL (Secured Socket Layer), which ensures server authentication and
use of client side certificates issued by the banks themselves using a Certificate
Server. 2. The use of at least 128-bit SSL for securing browser to web server
communications and, in addition, encryption of sensitive data like passwords in
transit within the enterprise itself.
g. It is also recommended that all unnecessary services on the application server
such as FTP (File Transfer Protocol), telnet should be disabled. The application
server should be isolated from the e-mail server.
h. All computer accesses, including messages received, should be logged. Security
violations (suspected) should be reported and follow up action taken should be
kept in mind while framing future policy. Banks should acquire tools for
monitoring systems and the networks against intrusions and attacks. These tools
should be used regularly to avoid security breaches. The banks should review their
security infrastructure and security policies regularly and optimize them in the light
of their own experiences and changing technologies. They should educate
their security personnel and also the end-users on a continuous basis.
The information security officer and the information system auditor should
undertake periodic penetration tests of the system, which should include:
80
81
6.4
As recommended by the Group, the existing regulatory framework over banks will
be extended to Internet banking also. In this regard, it is advised that
1.Only such banks which are licensed and supervised in India and have a physical
presence in India will be permitted to offer Internet banking products to residents
of India. Thus, both banks and virtual banks incorporated outside the country and
having no physical presence in India will not, for the present, be permitted to offer
Internet banking services to Indian residents.
2 The products should be restricted to account holders only and should not be
offered in other jurisdictions.
3. The services should only include local currency products.
4. The in-out scenario where customers in cross border jurisdictions are offered
banking services by Indian banks and the out-in scenario where Indian residents
are offered banking services by banks operating in cross-border jurisdictions are
generally not permitted and this approach will apply to Internet banking also. The
existing exceptions for limited purposes under FEMA i.e. where resident Indians
have been permitted to continue to maintain their accounts with overseas banks
etc., will, however, be permitted.
5. Overseas branches of Indian banks will be permitted to offer Internet banking
services to their overseas customers subject to their satisfying, in addition to the
host supervisor, the home supervisor. Given the regulatory approach as above,
banks are advised to follow the following instructions:
83
F .Only institutions who are members of the cheque clearing system in the country
Will be permitted to participate in Inter-bank payment gateways for Internet
payment. Each gateway must nominate a bank as the clearing bank to settle all
transactions. Payments affected using credit cards, payments arising out of cross
border e-commerce transactions and all intra-bank payments (i.e., transactions
involving only one bank) should be excluded for settlement through an inter-bank
payment gateway.
g. Inter-bank payment gateways must have capabilities for both net and gross
settlement. All settlement should be intra-day and as far as possible, in real time.
h. Connectivity between the gateway and the computer system of the member bank
should be achieved using a leased line network (not through Internet) with
appropriate data encryption standard. All transactions must be authenticated.
Once, the regulatory framework is in place, the transactions should be digitally
certified by any licensed certifying agency. SSL / 128 bit encryption must be used
as minimum level of security. Reserve Bank may get the security of the entire
infrastructure both at the payment gateways end and the participating institutions
end certified prior to making the facility available for customers use.
I .Bilateral contracts between the payee and payees bank, the participating banks
and service provider and the banks themselves will form the legal basis for such
transactions. The rights and obligations of each party must be clearly defined and
should be valid in a court of law.
j. Banks must make mandatory disclosures of risks, responsibilities and liabilities
of the customers in doing business through Internet through a disclosure template.
The banks should also provide their latest published financial results over the net.
k. Hyperlinks from banks website often raise the issue of reputational risk. Such
links should not mislead the customers into believing that banks sponsor any
85
86
CONCLUSION
Thus reaching to the conclusion of my project I observe that Traditional banks
offer many service to their customers including, accepting customer money
deposits, providing various banking services to customers, and making loan to
individuals and companies. Compared with traditional channels of offering
banking services through physical branches, e-banking uses the Internet to deliver
traditional banking services to their customers, such as opening accounts,
transferring funds, and electronic bill payment. E-banking can be offered in two
main ways. First, an existing b a n k w i t h physical offices can also establish
an online site and offer e-banking services to its customers in addition to the
regular channel. For example, Citibank is a leader in e-banking, offering walk-in,
face-to-face banking at its branches throughout many parts of the world as
well as e-banking services through the World Wide Web. Generally, e-banking
is provided without extra cost to customers. Customers are attracted by the
convenience of e-banking through the Internet, and in turn, banks can operate more
efficiently when customers perform transactions by themselves rather than going to
a branch and dealing with a branch representative. E-banking services are
delivered to customers through the Internet and the web using Hypertext
Markup Language (HTML).
In
order
to
use
E-banking
electronic
signatures
bill
took
effect,
88
BIBLOGRAPHY
enm.wikipedia.org (wiki) online bank.
www.bis.org/pab/bcbs98.htm
http/banking service .com94
#sthash./prgw7t.dpuf
www.infotechlead.com
www.silicon india.com:81
http:/.ehow.com/list6949866 types-internet banking
iamshahman.Word press. Com/../type of e-banking
89
90
91
92
93