LAW OF BANKING AND NEGOTIABLE INSTRUMENTS

RESEARCH PAPER

Internet Banking
-A Paradigm Shift from Traditional Banking

Submitted By: Submitted To:

Gaurav Meena Ms. Garima Goswami
Registration No. - 15A054
Aravind Menon
Registration No. -15A068

GUJARAT NATIONAL LAW UNIVERSITY, GANDHINAGAR

 ACKNOWLEDGEMENTS
We would like to express our deepest gratitude to Ms. Garima Goswami, Faculty of Trust, Equity and
Fiduciary Relationship, Gujarat National Law University, for giving us the liberty for selecting this
topic for the project. Further, we express our gratitude to her for pushing us to narrow down the research
area of this project. Also, I would like to extend my gratitude to the university for providing us a round
the clock access to the internet and library without which this research could not have taken a concrete
form. Last but not the least, I express our gratitude to almighty God and our parents. It is difficult to
mention the names of all those-teachers, fellow students and others-who have helped us in collecting
information and formulating this document. Thus, I would like to thank one and all who have helped us
in our research, provided valuable inputs and support which has resulted in the compilation of this
document.
 ABSTRACT
Have you ever wanted to book your air tickets online and paused to wonder whether it is safe to book
through the Internet? Such apprehensions are natural, particularly as online shopping has become so
popular in India. Many times, people do not read the security information of the site or they miss the
essential fine print. This should not happen as online security is important when doing ecommerce
transactions. In fact, a 2008 report by E-Marketer, the project sale from E-Commerce transactions in
India is estimated to be around $90 billion by 2011.

The escalating popularity of E-Commerce has also increased the Internet users vulnerability to online
frauds and scams. With international sites like eBay and Amazon.com acquiring a sizeable customer
base in the nation over the last few years, it is essential to have a good knowledge about the security
risks associated to the transaction as well as to know the laws relating to online transactions. The paper
is aimed at presenting an analysis on risks associated with the increasing E-Transactions and at
suggesting a practical solution to secure the same.
 Table of Contents
ACKNOWLEDGEMENTS --------------------------------------------------------------------------------------- 2

ABSTRACT ------------------------------------------------------------------------------------------------------ 3

Table of Contents -------------------------------------------------------------------------------------------- 4

Chapter I: E-Banking: Nature & Concept ------------------------------------------------------------- 5

Chapter II: Internet Banking: Risks Associated ----------------------------------------------------- 14

Chapter III: Internet Banking: Legal Issues ---------------------------------------------------------- 17

Chapter IV: Internet Banking: Protection Measures ----------------------------------------------- 21

Chapter V: M - Banking: E-Bankings Extension --------------------------------------------------- 26

Chapter VI: Conclusion ----------------------------------------------------------------------------------- 29

Bibliography ------------------------------------------------------------------------------------------------- 30
 Chapter I:
E-Banking: Nature & Concept

INTRODUCTION

User adoption of a technology has become a

crucial or significant measure of the success
or effectiveness of that technology.
Revolutionary development in Information
and Communication Technology (ICT) in the
past 20 years has impacted individuals as well
as businesses in a profound way. Internet
banking is a radical technological innovation
with potential to change the structure and
nature of banking. To sustain business
competitiveness, more and more banks are transforming from their traditional approach of bricks and
mortar into a clicks and mortar one under the recent emergence of electronic commerce and business.
Customer satisfaction and customer retention are increasingly developing into key success factors in E-
Banking. Diffusion of Internet Banking is more determined by customer acceptance than by seller
offerings. Customers acceptance is a key driver determining the rate of change in the financial sector.

Before accepting Internet Banking services, users should be aware about the concept of internet banking,
the benefits of the technology, the security issues associated to the use of advancement and the risk
associated with it, which are important.
INTERNET BANKING

Internet Banking is the latest in the series of technological

wonders of the recent past. ATMs,
Tele-Banking, Internet Banking, Credit Cards and Debit Cards
have emerged as effective delivery channels for traditional
banking products. Banks know that the Internet opens up new
horizons for them and moves them from local to global
frontiers. Internet Banking refers to systems that enable bank
customers to get access to their accounts and general
information on bank products and services through the use of
banks website, without the intervention or inconvenience of sending letters, faxes, original signatures
and telephone confirmations. It is the types of services through which bank customers can request
information and carry out most retail banking services such as balance reporting, inter-account transfers,
bill- payment, etc., via telecommunication network without leaving their home/organization. It provides
universal connection from any location worldwide and is universally accessible from any internet linked
computer.

Information technology developments in the banking sector have speed up communication and
transactions for clients. It is vital to extend this banking feature to clients for maximizing the advantages
for both clients and service providers. Internet is the cheapest delivery channel for banking products as
it allows the entity to reduce their branch networks and downsize the number of service staff. The
navigability of the website is a very important part of Internet Banking because it can become one of
the biggest competitive advantages of a financial entity. Bankers consider minimizes inconvenience,
minimizes cost of transactions and time saving to be important benefits and chances of government
access, chances of fraud and lack of information security to be vital risks associated with electronic
banking. Due to increase in technology usage the banking sectors performance increases day by day.
Internet Banking is becoming the indispensable part of modern day banking services.
ADVANTAGES OF INTERNET BANKING

Are customers being forced towards use of internet banking for the convenience of the banks and big
business? Or do customers really benefit from banking online? Internet banking does offer many
benefits for both banks and their customers. So the banks are doing what they can to encourage the
customers to try it. Even the customers are also appreciating the benefits associated with the services
being offered by the banks online. The advantages associated with the technological advancement are
as follows:

1. An internet banking account is simple to open and use.

You just enter a few answers to questions in a form while sitting comfortably in your own home or
office. To access your account, you establish security measures such as usernames and passwords. To
complete the set up of your account, you just print, sign and send in a form.

2. Internet banking costs less.

Because there are fewer buildings to maintain, and less involvement by salaried employees, there is a
much lower overhead costs with online banks. As per the ICICI Bank estimates, a transaction

Cost/Transaction Through Bank Branch costs Rs. 45-

50(US $ 1 - 1.12)
50
45
40 If done telephonically the cost comes
35
30 out to be Rs. 30 - 35(US $ 0.66 - 0.77)
o 25

+*

to
20 Through an ATM, it costs between Rs.
15
10
5 17 to 25 (US $ 0.37 - 0.55)
0
And through internet, it costs near
about Rs. 1 to 4(US $ 0.02 - 0.08)

Mode of Transaction
These savings allow them to offer higher interest rates on savings accounts and lower lending rates and
service charges.

Even traditional brick and mortar banks offer better deals such as free bill paying services to encourage
their customers to do their banking online.

3. Comparing internet banks to get the best deal is easy.

In a short time, you can visit several online banks to compare what they offer re savings and checking
account deals as well as their interest rates.

Other things you can easily research are what credit cards are available, credit card interest rates, loan
terms and the banks own rating with the FDIC.

4. Bouncing a check (accidentally) should be a thing of the past because you can monitor your
account online any time, day or night.

You can track your balance daily, see what checks have cleared and when and know when automatic
deposits and payments are made. This is all possible by simply going online to the banks website and
logging into your account.

5. You can keep your account balanced using your computer and your monthly statement.

Your bank account information can be downloaded into software programs such as Microsoft Money
or Quicken, making is easy to reconcile your account with just a few mouse clicks. The convenience of
the data capture online makes it much easier to budget and track where your money goes. Your internet
bank account even allows you to view copies of the checks you have written each month.

6. With the ability to view your account at anytime, it is easier to catch fraudulent activity in your
account before much damage is done.

As soon as you log into your account, you will quickly see whether there is anything amiss when you
check on your deposits and debits. If anyone writes a check or withdraws funds from your account and
you know it wasn't you, you will see it right away. This lets you get started on correcting the problem
immediately rather than having to wait a month to even have a clue it is happening as would be the case
with a traditional bank.

7. Internet banking offers a great deal more convenience than you could get from a conventional bank.
You aren't bound by 'banker's hours' and you don't have to go there physically in your car. Time is not
wasted when you have work to do because you can do your office's banking without leaving the office.
No matter where you are or what time it is, you can easily manage your money. Geographical boundaries
have no role to play in i-banking.

There are sound reasons why internet banking is growing. The economic advantages have encouraged
banks to provide an increasing range of easy to use services via the internet. Customers have found
doing business online simple and speedy and have become very comfortable with the arrangement.
Internet banking gives people more control over their money in a very convenient way that they find
enjoyable and reassuring.

BANKS STRATEGY

The factors which determine the banks

strategy to go online are:
Assets of a Bank The larger the bank
the more likely it will be to choose to
offer Internet banking;
Years in Operation - New banks are
more adaptive to new technologies and
have more probability of offering Internet Banking;
A bank that is a member of a bank holding company is more likely to offer Internet banking, because a
bank holding company can use a single Web site to provide Internet banking access to customers of the
many banks in the holding company;
Urban Locations - banks situated in urban areas are more likely to offer their customers Internet banking
than banks in non-urban areas. Banks in more densely populated areas may respond to greater customer
demand for Internet banking and to more intense competitive pressure from rival banks in the same
market;
Deposits Ratio - Banks that are less reliant on traditional sources of funding may pursue a more
aggressive overall business strategy, including the adoption of Internet banking;
Expenses Ratio - On the one hand, banks with relatively high expenses for premises and fixed assets
may view adoption of Internet banking as a way to reduce expenditures devoted to maintaining a branch
network:
On the other hand, some analysts have argued that banks without a large branch network will seize on
Internet banking as an inexpensive means to expand their customer base;
Non-fee Income Ratio - banks with lower interest income ratio would adopt Internet banking
strategically;
ROE - profitable banks will prefer Internet banking for competitive positioning and also less profitable
banks may be more willing to invest in Internet banking to improve their performance.
Rating - Rating on safety and soundness also affect decision to offer Internet banking. Research reports
indicate that Internet banking may not yet have had a big impact on the bottom line of most banks except
the newly born banks. Also, awareness and growth of e-commerce would make Internet banking as an
important factor affecting bank performance. It is logical that the profitable banks are more likely to
adopt Internet banking than others.
In the current scenario, the banks need a transformation which can be achieved through - a mindset to
adopt technology, recognizing the core competencies, an initiative from the top management to convert
the organization to outward looking and aligning roles and value propositions with the customer
segments. The suitability of technology and a careful analysis of the needs of customers are equally
important. A study revealed that the change is required in the attitude of bankers to adopt Internet
banking. The banks have to develop a sound strategy before implementing Internet banking in order to
compete in the global market place.

INTERNET BANKING IN INDIAN SCENARIO

No. of Internet Users/Year

Year Year Year Year Year Year Year Year YearYear Year Year
1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2009 2010
Year
 Year Population Internet Users Penetration %
1998 1,09,48,70,677 14,00,000 0.10%
1999 1,09,48,70,677 28,00,000 0.30%

2000 1,09,48,70,677 55,00,000 0.50%

2001 1,09,48,70,677 70,00,000 0.70%

2002 1,09,48,70,677 165,00,000 1.60%

2003 1,09,48,70,677 225,00,000 2.10%
2004 1,09,48,70,677 392,00,000 3.60%
2005 1,11,22,25,812 506,00,000 4.50%

2006 1,11,22,25,812 400,00,000 3.60%

2007 1,12,96,67,528 420,00,000 3.70%
2009 1,15,68,97,766 810,00,000 7.00%

2010 1,17,31,08,018 810,00,000 6.90%

Standing buildings gaining height year by year in the graph were looking very good, but when we looked
at the penetration percentage, it was slight disappointing as even after two decades of the emergence of
the technology, only 7.00% population of India had adopted it and rest 93% is yet to be get acquainted
with it.

The financial products and services have become available over the Internet, which has thus become an
important distribution channel for a number of banks. Banks boost technology investment spending
strongly to address revenue, cost and competitiveness concerns.

The financial reforms that were initiated in the early 1990s and the globalization and liberalization
measures brought in a completely new operating environment to the banks. The bankers are now
offering innovative and attractive technology- based services and products such as Anywhere Anytime
Banking, TeleBanking, Internet Banking, Web Banking, Mobile Banking, etc., to their
customers to cope with the competition. The process started in the early 1980s when Reserve Bank of
India (RBI) set up two committees in quick succession to accelerate the pace of automation of operations
in the banking sector. A high- level committee was formed under the chairmanship of Dr. C.Rangarajan,
then Deputy Governor of RBI, to draw up a phased plan for computerization and mechanization in the
banking industry over a five-year time frame of 1985- 1989.The focus then was on customer service
and two models of branch automation were developed and implemented. Having gained experience in
the earlier mode of computerization, the second Rangarajan committee constituted in 1988 drew a
detailed perspective plan for computerization of banks and for extension of automation to other areas
such as funds transfer, e-mail, BANKNET, SWIFT, ATMs, i-banking, etc. The Government of India
enacted the Information Technology Act, 2000 (generally known as IT Act, 2000), with effect from 17
October 2000 to provide legal recognition to electronic transactions and other means of electronic
commerce.

Internet banking in India is currently at a nascent stage as evidenced from the above facts. While there
are scores of companies specializing in developing i- banking software, security software and website
designing and maintenance, there are few online financial service providers. ICICI bank is the first one
to have introduced i-banking during the nineties for a limited range of services such as access to account
information, correspondence and, recently, funds transfer between its branches. ICICI is also into e-
trading, thus offering a broader range of integrated services to the customer. Utility Bill Payment
Services (UBPS) has revolutionized how electricity and telephone bills are paid and virtually removed
the need for waiting in long queues for paying these bills every month. This has a greater impact than
the retail applications. The corporate sector is adequately computerized and has already recognized the
importance of e-commerce in future. Increasingly, companies are setting up websites even where there
are no immediate tangible benefits to them from doing so just to be in the race and attract customers to
their fold.

A study on the Internet users, conducted by Internet and Mobile Association of India (IAMAI), found
that about 23% of the online users prefer Internet Banking as the banking channel in India, second to
ATM which is preferred by 53%. Out of the 6,365 Internet users sampled, 35% use online banking
channels in India.

This shows that a significant number of online users do not use Internet Banking, and hence there is a
need to understand the reasons for not using it. Until the advent of ATMs, people were unaware and/or
not directly affected by the technological revolutions happening in the banking sector. ATMs became
the major revelation for customers, since it offered the facility to avoid long queues in front of the
cashiers in banks. It also provided them the flexibility of withdrawing money - anytime, anywhere.

In the study by IAMAI, it was found that the people are not doing financial transactions on the banks
Internet sites in India because of reasons such as security concerns (43%), preference for face-to-face
transactions (39%), lack of knowledge about transferring online (22%), lack of user friendliness (10%),
or lack of the facility in the current bank (2%).

The need is there to understand the risks associated with the technology as well as to have a look at
other issues pertaining to the non-adoption of i-banking by the customers.
 Chapter II:
INTERNET BANKING: RISKS ASSOCIATED
A major driving force behind the rapid spread of i-
banking all over the world is its acceptance as an
extremely cost effective delivery channel of banking
services as compared to other existing channels.
However, Internet is not an unmixed blessing to the
banking sector. Along with reduction in cost of
transactions, it has also brought about a new orientation
to risks and even new forms of risks to which banks
conducting i-banking expose themselves.
Regulators and supervisors all over the world are
concerned that while banks should remain efficient and
cost effective, they must be conscious of different types
of risks this form of banking entails and have systems in
place to manage the same. An important and distinctive
feature is that technology plays a significant part both as source and tool for control of risks. The broad
category of risks that are associated with the i-banking are as follows:

OPERATIONAL RISK

Operational risk, also referred to as transactional risk is the most common form of risk associated
with i-banking. It takes the form of inaccurate processing of transactions, non-enforceability of
contracts, compromises in data integrity, data privacy and confidentiality, unauthorized
access/intrusion to banks systems and transactions etc. Such risks can arise out of weaknesses in
design, implementation and monitoring of banks information system. Besides inadequacies in
technology, human factors like negligence by customers and employees, fraudulent activity of
employees and crackers/hackers etc. can become potential source of operational risk.

SECURITY RISK
Often there is thin line of difference between operational risk and security risk and both terminologies
are used interchangeably. Security risk arises on account of unauthorized access to a banks critical
information stores like accounting system, risk management system, portfolio management system, etc.
A breach of security could result in direct financial loss to the bank. For example, hackers operating via
the internet could access, retrieve and use confidential customer information and also can implant virus.
This may result in loss of data, theft of or tampering with customer information, disabling of a significant
portion of banks internal computer system thus denying service, cost of repairing these etc. Other
related risks are loss of reputation, infringing customers privacy and its legal implications etc.

In addition to external attacks banks are exposed to security risk from internal sources e.g. employee
fraud. Employees being familiar with different systems and their weaknesses become potential security
threats in a loosely controlled environment. They can manage to acquire the authentication data in order
to access the customer accounts causing losses to the bank.

The risk of data alteration, intentionally or unintentionally, but unauthorized is real in a networked
environment, both when data is being transmitted or stored.

REPUTATIONAL RISK
Reputational risk is the risk of getting significant negative public opinion, which may result in a critical
loss of funding or customers. Such risks arise from actions which cause major loss of the public
confidence in the banks' ability to perform critical functions or impair bank-customer relationship. It
may be due to banks own action or due to third party action.

LEGAL RISK
Legal risk arises from violation of, or non-conformance with laws, rules, regulations, or prescribed
practices, or when the legal rights and obligations of parties to a transaction are not well established.

Given the relatively new nature of Internet banking, rights and obligations in some cases are uncertain
and applicability of laws and rules is uncertain or ambiguous, thus causing legal risk.

Other reasons for legal risks are uncertainty about the validity of some agreements formed via electronic
media and law regarding customer disclosures and privacy protection. A customer inadequately
informed about his rights and obligations, may not take proper precautions in using Internet banking
products or services, leading to disputed transactions, unwanted suits against the bank or other
regulatory sanctions. In the enthusiasm of enhancing customer service, bank may link their Internet site
to other sites also. This may cause legal risk. Further, a hacker may use the linked site to defraud a bank
customer.

MONEY LAUNDERING RISK

As Internet banking transactions are conducted remotely banks may find it difficult to apply traditional
method for detecting and preventing undesirable criminal activities. Application of money laundering
rules may also be inappropriate for some forms of electronic payments. Thus banks expose themselves
to the money laundering risk. This may result in legal sanctions for non-compliance with know your
customer laws.

OTHER RISKS
Traditional banking risks such as credit risk, liquidity risk, interest rate risk and market risk are also
present in Internet banking. These risks get intensified due to the very nature of Internet banking on
account of use of electronic channels as well as absence of geographical limits. However, their practical
consequences may be of a different magnitude for banks and supervisors than operational and legal
risks. This may be particularly true for banks that engage in a variety of banking activities, as compared
to banks or bank subsidiaries that specialize in Internet banking.

o CREDIT RISK: is the risk that a counter party will not settle an obligation for full value, either
when due or at any time thereafter. Banks may not be able to properly evaluate the credit
worthiness of the customer while extending credit through remote banking procedures, which
could enhance the credit risk.
o LIQUIDITY RISK: arises out of a banks inability to meet its obligations when they become
due without incurring unacceptable losses, even though the bank may ultimately be able to meet
its obligations. Banks dealing in electronic money face interest rate risk because of adverse
movements in interest rates causing decrease in the value of assets relative to outstanding
electronic money liabilities. Banks also face market risk because of losses in on-and-off balance
sheet positions arising out of movements in market prices including foreign exchange rates.
Banks accepting foreign currency in payment for electronic money are subject to this type of
risk.
o RISK OF UNFAIR COMPETITION: Internet banking has intensified the competition among
various banks. The open nature of Internet may induce a few banks to use unfair practices to
take advantage over rivals. Any leaks at network connection or operating system etc., may allow
them to interfere in a rival banks system.
 Chapter III:

INTERNET BANKING: LEGAL ISSUES

The legal framework for banking in India is

provided by a set of enactments, viz., the Banking
Regulations Act, 1949, the Reserve Bank of India
Act, 1934, and the Foreign Exchange Management
Act,
1999. Broadly, no entity can function as a bank in
India without obtaining a license from Reserve Bank
of India under Banking Regulations Act, 1949.
Different types of activities which a bank may
undertake and other prudential requirements are
provided under this Act. Accepting of deposit from
public by a non-bank attracts regulatory provisions under Reserve Bank of India Act 1934. Under the
Foreign Exchange Management Act 1999, no Indian resident can lend, open a foreign currency account
or borrow from a non-resident, including non-resident banks, except under certain circumstances
provided in law. Besides these, banking activity is also influenced by various enactments governing
trade and commerce, such as, Indian Contract Act, 1872, the Negotiable Instruments Act, 1881, Indian
Evidence Act, 1872, etc.

As discussed earlier, Internet banking is an extension of the traditional banking, which uses Internet
both as a medium for receiving instructions from the customers and also delivering banking services.
Hence, conceptually, various provisions of law, which are applicable to traditional banking activities,
are also applicable to Internet banking. However, use of electronic medium in general and Internet in
particular in banking transactions, has put to question the legality of certain types of transactions in the
context of existing statute. The validity of an electronic message/document authentication, validity of
contract entered into electronically, non-repudiation etc. are important legal questions having a bearing
on electronic commerce and Internet banking. It has also raised the issue of ability of banks to comply
with legal requirements/practices like secrecy of customers account, privacy, consumer protection etc.
given the vulnerability of data/information passing through Internet. There is also the question of
adequacy of law to deal with situations which are technology driven like denial of service/data
corruption because of technological failure, infrastructure failure, hacking, etc. Cross border
transactions carried through Internet pose the issue of jurisdiction and conflict of laws of different
nations.

In the course of providing Internet banking services the banks in India are facing new challenges relating
to online opening of accounts, authentication, secrecy of customers accounts, non-repudiation, liability
standards and consumer protection, etc., each of which has been examined in the context of existing
legal framework.

ONLINE OPENING OF ACCOUNT: The banks providing Internet banking service, at present are only willing
to accept the request for opening of accounts. The accounts are opened only after proper physical
introduction and verification. This is primarily for the purpose of proper identification of the customer
and also to avoid benami accounts as also money laundering activities that might be undertaken by the
customer. It is again necessary to get the protection under section 131 of the Negotiable Instruments
Act, 1881 against the charge of conversion in case of good faith and non-negligent act.

AUTHENTICATION,: One of the major challenges faced by banks involved in Internet banking is the issue
relating to authentication and the concerns arising in solving problems unique to electronic
authentication such as issues of data integrity, non repudiation, evidentiary standards, privacy,
confidentiality issues and the consumer protection. The present legal regime does not set out the
parameters as to the extent to which a person can be bound in respect of an electronic instruction
purported to have been issued by him. Generally, authentication is achieved by what is known as security
procedure. Methods and devices like the personal identification numbers (PIN), code numbers,
telephone-PIN numbers, relationship numbers, passwords, account numbers and encryption are evolved
to establish authenticity of an instruction. From a legal perspective, the security procedure requires to
be recognized by law as a substitute for signature. Different countries have addressed these issues
through specific laws dealing with digital signatures. In India, the Information Technology Act, 2000
(the "Act") in Section 3 (2) provides that any subscriber may authenticate an electronic record by
affixing his digital signature. The Act recognizes one particular technology as a means of authenticating
the electronic records (viz, the asymmetric crypto system and hash function which envelop and
transform the initial electronic record into another electronic record).

MODE OF PAYMENT UNDER THE INCOME TAX ACT, 1961: Section 40A(3) of the Income tax Act, 1961,
dealing with deductible expenses, provides that in cases where the amount exceeds Rs. 20,000/-, the
benefit of the said section will be available only if the payment is made by a crossed cheque or a crossed
bank draft. One of the services provided by the banks offering Internet banking service is the online
transfer of funds between accounts where cheques are not used, in which the above benefit will not be
available to the customers. The primary intention behind the enactment of Section 40 A of the Income
tax Act, 1961 is to check tax evasion by requiring payment to designated accounts. In the case of a funds
transfer, the transfer of funds takes place only between identified accounts, which serves the same
purpose as a crossed cheque or a crossed bank draft. Hence the concerned requires consideration for
applicable amendment.

SECRECY OF CUSTOMER'S ACCOUNT: The existing regime

imposes a legal obligation on the bankers to maintain secrecy
and confidentiality about the customers account. The law at
present requires the banker to take scrupulous care not to
disclose the state of his customer's account except on
reasonable and proper occasions.

While availing the Internet banking services the customers are

allotted proper User ID, passwords and/or personal
identification numbers and/or the other agreed authentication procedure to access the Internet banking
service and only users with such access methodology and in accordance with the agreed procedure are
authorized to access the Internet banking services. In other words a third party would not be able to
withdraw money from an account or access the account of the customer unless the customer had
divulged his/her password in the first place.

However, if the password or the identification number is misplaced or lost or gets into the hands of the
wrong person and such person procures details about the customers account then the banker may be
faced with legal proceedings on the grounds of violation of the obligation to maintain secrecy of the
customer's accounts. This concern of the bankers is very high especially in the case of joint accounts
where both the parties share one personal identification numbers or relationship numbers and operate
the account jointly. Further, by the very nature of Internet the account of a customer availing Internet
banking services would be exposed to the risk of being accessed by hackers and inadvertent finders.

RIGHTS AND LIABILITIES OF THE PARTIES: Typically, the banker-customer relationship is embodied in
a contract entered into by them. The banks providing the Internet banking services currently enter into
agreements with their customers stipulating their respective rights and responsibilities including the
disclosure requirements in the case of Internet banking transactions, contractually. A Standard
format/minimum consent requirement to be adopted by the banks offering Internet banking facility,
could be designed by the Indian Banks Association capturing, inter alia, access requirements, duties
and responsibilities of the banks as well as customers and any limitations on the liabilities of the banks
in case of negligence and non-adherence to the terms of agreement by customers.

MAINTENANCE OF RECORDS: Section 4 of the Bankers Books Evidence Act, 1891, provides that a
certified copy of any entry in a bankers book shall in all legal proceedings be received as a prima facie
evidence of the existence of such an entry. The Banking Companies (Period of Preservation of Records)
Rules, 1985 promulgated by the Central Government requires banking companies to maintain ledgers,
records, books and other documents for a period of 5 to 8 years. A fear has been expressed as to whether
the above details of the transactions if maintained in an electronic form will also serve the above
purpose.

MISCELLANEOUS: Whether a bank can claim immunity if money is transferred unauthorized by a hacker
from a customers account, on the pretext that it had taken all reasonable and agreed network security
measures. In a traditional banking scenario, a bank has normally no protection against payment of a
forged cheque. If the same logic is extended, the bank providing I-banking may not absolve itself from
liability to the customers on account of unauthorized transfer through hacking. Similar position may
obtain in case of denial of service. Even though, The Information Technology Act, 2000 has provided
for penalty for denial of access to a computer system (Section-43) and hacking (Section - 66), the
liability of banks in such situations is not clear. The Information Technology Act, 2000, also in Section
72 has provided for penalty for breach of privacy and confidentiality. Further, Section 79 of the Act has
also provided for exclusion of liability of a network service provider for data travelling through their
network subject to certain conditions. Thus, the liability of banks for breach of privacy when data is
travelling through network is not clear. This aspect needs detailed legal examination. The issue of
ownership of transactional data stored in banks computer systems also needs further examination.

The applicability of various existing laws and banking practices to e-banking is not tested and is still in
the process of evolving, both in India and abroad. With rapid changes in technology and innovation in
the field of e-banking, there is a need for constant review of different laws relating to banking and
commerce.
 Chapter IV:

INTERNET BANKING: PROTECTION MEASURES

Protection measures can be adopted

only when one is acquainted with the
techniques adopted by the hacker to play
the fraud upon the victim. Hence it is of
prime importance to understand the way
of working.

ATTACK TECHNIQUES

Nowadays, the nature of attacks is more active rather than passive. Previously, the threats were all
passive such as password guessing, dumpster diving and shoulder surfing. Here are some of the
techniques used by the attackers today:

TROJAN ATTACK: The attacker installed a Trojan, such as key logger program, on a users computer.
This happens when users visited certain websites and downloaded programs. As they are doing this,
key logger program is also installed on their computer without their knowledge.

When users log into their banks website, the information keyed in during that session will be captured
and sent to the attacker.

Here, the attacker uses the Trojan as an agent to piggyback information from the users computer to
his backyard and make any fraudulent transactions whenever he wants.
 MAN-IN-THE-MIDDLE ATTACK: Here, the attacker creates a fake website and catches the attention
of users to that website. Normally, the attacker was able to trick the users by disguising their identity
to make it appear that the message was coming from a trusted source. Once successful, instead of going
to the designated website, users do not realize that they actually go to the fraudsters website. The
information keyed in during that session will be captured and the fraudsters can make their own
transactions at the same time.
Original Website

Step 2 (victim access accesses the attackei website)

WWW
Website Step 1 (attacker sends spoof email)

Attacker \ lctim

STRIKING A BALANCE

Presently, Internet banking customers only need a computer with access to Internet to use Internet
banking services. Customers can access their banking accounts from anywhere in the world. Each
customers is provided a login ID and a password to access the service. It is indeed easy and convenient
for customers. However, the use of password does not provide adequate protection against Internet
fraud such as phishing. The problem with password is that when it has been compromised, the
fraudsters can easily take full control of online transactions. In such cases, the password is no longer
works as an authentication token because we cannot be sure who is behind the keyboard typing that
password in. However, easy access and convenience should not be at the expense and mercy of the
security of information. This is important in order to ensure the confidentiality of information and that
it is not being manipulated or compromised by the fraudsters.
There are several methods of ensuring a more secure Internet banking:

MINIMUM REQUIREMENT: TWO FACTOR AUTHENTICATION

Based on the above method, the security measures in place are not adequate to prevent fraud. The
current method of using only one factor of authentication definitely has its weaknesses. The security
aspects of Internet banking need to be strengthened. At minimum, a two-factor authentication should
be implemented in order to verify the authenticity of the information pertaining to Internet banking
services.

The first authentication factor can be the use of passwords and the second authentication factor can be
the use of tokens such as a smartcard.

The above security measures will greatly minimize the incidents of Internet banking fraud. The
smartcard here provides a second layer of authentication. This will stop a perpetrator even if he
manages to obtain the users password.

Intercepted passwords cannot be used if fraudsters do not have the Smartcard. Besides addressing
fraudulent activities, this can install customers confidence in Internet banking.

ADDITIONAL REQUIREMENT: THREE FACTOR AUTHENTICATION

However, for a better security, a three factor authentication process should be considered. The third
authentication factor is the use of biometric such as iris or thumbprint recognition. This ascertains who
one is, biologically. This method of authentication has been introduced by the Employee Provident
Fund (EPF) for its members, but is limited to getting the latest statements of a member.

With a three-factor authentication a more secure method can be implemented - a password to ascertain
what one knows, a token (smartcard) to ascertain what one has, and biometric recognition (for example
fingerprint or thumbprint) to ascertain who one biologically is. As such, if passwords have been
compromised, fraudsters need to get through another two levels of authentication to access a
customers account. This would be difficult, if not totally impossible.
EFFORTS BY LEGAL FRATERNITY

It is essential to know the laws relating to online transactions

in order to protect yourself from being defrauded and in
order to convict the criminal, in case of being victimized.
The Information Technology (IT) Act enacted a separate
clause for governing ecommerce transactions.

The validity of electronic transactions is established under

the IT Act. The act establishes that an ecommerce transaction is legal if the offer and acceptance are
made through a reasonable mode. For instance, a communication sent by an offeror to an offeree
through indirect means, such as an email that passes multiple servers and spam mails, is not regarded
as a reasonable mode under the IT act.

Reasonable modes of acceptance in an ecommerce transaction are:

Direct mail from the offeree to the offeror.
Acceptance by conduct, which is pressing an Accept button to an offer.

Additionally, the IT act governs the revocation of an ecommerce offer and acceptance. An ecommerce
transaction is said to be complete when the offeror receives acknowledgment of the receipt of the offer.
Besides, an offeror has the liberty to terminate an offer, provided its acceptance has not been
communicated by the offeree.

The Information Technology (Amended) Act, ITAA, was amended in 2008 to increase security of e-
commerce transactions, with special provisions for legal recognition of digital signatures and
electronic documents. Section 43A (Compensation for Failure to Protect Data) of ITAA holds
ecommerce companies accountable for protection of personal data.

[43A. Compensation for failure to protect data.--

Where a body corporate, possessing, dealing or handling any sensitive personal data or
information in a computer resource which it owns, controls or operates, is negligent in
 implementing and maintaining reasonable security practices and procedures and thereby
causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to
pay damages by way of compensation to the person so affected.

Explanation.-- For the purposes of this section,--

(i) "body corporate" means any company and includes a firm, sole
proprietorship or other association of individuals engaged in commercial or
professional activities;

(ii) "reasonable security practices and procedures" means security practices

and procedures designed to protect such information from unauthorised access,
damage, use, modification, disclosure or impairment, as may be specified in an
agreement between the parties or as may be specified in any law for the time
being in force and in the absence of such agreement or any law, such reasonable
security practices and procedures, as may be prescribed by the Central
Government in consultation with such professional bodies or associations as it
may deem fit;

(iii) "sensitive personal data or information" means such personal information

as may be prescribed by the Central Government in consultation with such
professional bodies or associations as it may deem fit.]

Therefore, when an ecommerce company fails to protect personal data of its customers or is negligent
in maintaining and implementing reasonable security practices, and if this result in wrongful loss of
an online buyer, the laws are clear that its body corporate is wholly liable to pay the damages by means
of monetary compensation. This provision is equally applicable upon banks as well and if in case any
customer faces any loss due to loss of data or any other way due to negligence of bank, the customer
is liable to be compensated and it shall be bank, which shall compensate the customer.
 Chapter V:
M - BANKING: E-BANKINGS EXTENSION
Internet Banking helped give the
customer's anytime access to their
banks.
Customers could check out their
account details, get their bank
statements, perform transactions like
transferring money to other accounts
and pay their bills sitting in the
comfort of their homes and offices.

However the biggest limitation of

Internet banking is the requirement of a PC with an Internet connection, however, not a big obstacle
if we look at the US and the European countries, but definitely a big barrier if we consider most of the
developing countries of Asia like China and India. Mobile banking addresses this fundamental
limitation of Internet Banking, as it reduces the customer requirement to just a mobile phone.

Mobile usage has seen an explosive growth in most of the Asian economies like India, China and
Korea.

The main reason that Mobile Banking scores over Internet Banking is that it enables Anywhere
Anytime Banking'. Customers don't need access to a computer terminal to access their bank accounts,
now the can do so on-the-go while waiting for the bus to work, travelling or when they are waiting for
their orders to come through in a restaurant.
MOBILE BANKING SERVICES

Banks offering mobile access are mostly supporting some or all of the following services:

ACCOUNT INFORMATION
Mini-statements and checking of account history
Alerts on account activity or passing of set thresholds
Monitoring of term deposits
Access to loan statements
Access to card statements
Mutual funds/equity statements
Insurance policy management
Pension plan management

PAYMENTS & TRANSFERS

Domestic and international fund transfers
Micro-payment handling
Mobile recharging
Commercial payment processing
Bill payment processing

INVESTMENTS
Portfolio management services
Real-time stock quotes
Personalized alerts and notifications on security prices

SUPPORT
 Status of requests for credit, including mortgage approval, and insurance coverage
Check (cheque) book and card requests

ADVANTAGES AND DISADVANTAGES OF M-BANKING

Mobile is banking is nothing but the notional extension of internet banking and therefore all the
advantages and risks associated with the e-banking may be associated with m-banking as well.
However, the major advantage which this technology possesses over internet banking is that of no
requirement of computer and installed internet connection. This service may be enjoyed on handset,
carried by almost every person in todays era. In this mobile era, where the person usually carries
more than one handset or the mobile connection, the growth of m-banking is expected to rise at a
greater pace than as compared to that of i-banking. One can assert so at least for the developing
economy like India where mobile phone subscribers are increasing day by day.
 Chapter VI:
CONCLUSION

Hurdles are meant to be crossed over. The risk

associated with the technology should not be a hurdle
which one fails to cross over. One must appraise the use
of technology without bothering about the risks and
issues concerned with i-banking. However, that does not
at all means that one should not take due care while
transacting online, just in order to move ahead to adopt
the technological advancement; as this may result into
huge losses to the user.

Therefore, it is recommended not to stop yourself from

adopting the technological advancement, as that may result in failure to be advanced, but it is also
recommended to take necessary measures in order to protect your interest, protect your hard earned
money, protect your reputation, to save time and on the same hand to remain advanced.
 Bibliography

ACTS, GUIDELINES, REGULATIONS AND TREATIES:

The Banking Regulation Act,
The Reserve Bank of India Act,
The Foreign Exchange Management Act,
The Information Technology Act, 2000
The Information Technology (Amendment) Act, 2008
The Income Tax Act,
The Consumer Protection Act, 1986
The UNCITRAL Model Law on International Trade

WEBSITES:

http://www.itnewsafrica.com/?p=3332
http://www.lawisgreek.com/ecommerce-transaction-laws-in-india/
www.legalservicesindia.com
www.rbi.org.in
http://www.infogile.com/pdf/Mobile Banking.pdf
http://www.scribd.com/doc/6566854/The-Future-of-Wireless-Banking-
PDF
www.oocities.org/kstability/student/internet-banking/internet-
banking.html
www.uti.bme.hu/data/segedanyag/123/e-commerce 200837.pdf
www.scribd.com/doc/22356535/Risk-in-E-Banking-PDF
www.antimoneylaundering.net/public/?q=node/22
www.legalhelpindia.com/information-technology-act.html
www.legalserviceindia.com/article/l288-Breach-of-privacv-&-
Confidentiality-.html
www.scribd.com/doc/14551666/Internet-Banking-Hurdles-and-Solutions
www.internetworldstats.com/asia.htm
 www.indianmba.com/Faculty Column/FC908/fc908.html
www.mmaglobal.com/mbankingoverview.pdf
www.fao.org/docs/up/easypol/520/3-4
mobilebanking 149EN.pdf
www.nokia.com/NOKIA COM 1/Corporate Responsibility/Society
/Expanding Horizons/Sub
http://www.arraydev.com/commerce/iibc/current.asp
www.correctbanking.com
http://www.budde.com.au/Research/Digital-Economy-E-Commerce-and-M-
Commerce- Insights.html