INTRODUCTION

Internet banking services have been operational in Malaysia since 2001. Presently, internet
banking institutions licensed under the Banking and Financial Institution Act 1989 (BAFIA) and
Islamic Banking Act 1983 are allowed to offer Internet Banking services here. There are 12
commercial banks (inclusive of Islamic banks) out of a total of 25 in Malaysia currently offering
Internet Banking services. According to the 11th Malaysia Internet Survey conducted by AC
Nielson, Internet Banking is the one of the most popular services utilized by Malaysian surfers.
The survey found out that 51 percent out of the total respondent base of 8000 used the Internet for
online banking once a month.
According to Munusamy et.al. (2012), Bank Negara Malaysia authorized all locally owned
commercial banks to embark on internet banking and Malayan Banking Berhad (Maybank) was
the first bank to initiate their online banking services to the public. In 2010, Yee and Faziharudean
stated that only those banking institutions registered under the Banking and Financial Institution
Act 1989 (BAFIA) and the Islamic Banking Act 1983 can offer internet banking to the customers.
These days, the advantages of internet banking have become more apparent to retail
banking customers. The advantages include availability, ease of use, safe time, relative advantage
and so on (Ong et al., 2014). However, although the adoption of the internet banking services
benefits the customers, many people are still reluctant to use it. The biggest obstacle of internet
banking is the security issue (Polasik & Wisniewski, 2009). The adoption of this service will be
low if customers feel that internet banking is not save and secured to use (Aliyu, Younus,
&Tasmin, 2012).
According to the National Cyber Security Agency under the Ministry of Science,
Technology and Innovation, for the first half of 2014, total of 4,117 security incidents occurred
and were investigated by them. Statistic cited from the agency’s portal in 2015 shows that out of
the total percentage of the security incidents occurred, internet fraud contributed the highest
percentage (51%) of the reported incidents for half year of 2014 and Cyber Security Malaysia
predicted that these incidents have the potential to continue to become worst. Thus, high rate of
internet fraud in Malaysia would negatively affect the attitude of the customers towards adoption
of internet banking.
 DEFINITION

a) INTERNET BANKING

Besides Munusamy et al. (2009), Hosein (2009) also defined internet banking as “an internet portal
through which customers are able to use different kinds of banking services ranging from bill
payments to making investments. Internet banking can be defined as a system that allows the
customers to perform traditional banking services such as balance enquiry, money transfer between
accounts and settling utility bills online without visiting the banks (Munusamy, Chelliah,
&Annamalah, 2012).

b) THE USAGE OF INTERNET BANKING

When the banks come out with innovative services such as internet banking, the customers are
often resistant to accept this new idea because it means that they need to learn something new or
even do something differently. Almost all new products and services introduced will encounter the
problem of getting accepted by the customers (Aliyu et al., 2012). Thus, the resistance towards
new technology is inevitable because most customers are reluctant to change their behaviour. The
research revealed that there was a negative relationship between customer’s reluctance to change
and adoption of internet banking. It was concluded that most of the Mauritians prefer the current
traditional banking system and have lack of trust towards the security of electronic banking.

c) SECURITY

According to Wang, Wang, Lin, and Tang (2003), security can be defined as the protection of
information from unsanctioned intrusions or outflows. Other scholars, Casaló, Flavián, and
Guinalíu (2008) defined security as the loss of personal data or money and errors in transactions.
Majority of the banks customers are concerned about security of personal data and monetary
transactions in the adoption of internet banking. When the banks customers feel internet banking
is not safe and secure to use, they will not consider using this new service (Aliyu et al., 2012).
Thus, the trust of banking customers towards the financial service providers play a crucial role in
influencing the customer’s acceptance and adoption of internet banking (Ong et al., 2014). The
security issue of the online transactions over the internet is a primary concern of bank customers
before using internet banking.
 BENEFITS OF INTERNET BANKING SECURITY

Internet banking is the latest in the series of technological wonders of the recent past. Internet
banking refers to systems that enable bank customers to get access to their accounts and general
information on bank products and services through the use of bank’s website, without the
intervention or inconvenience of sending letters, faxes, original signatures and telephone
confirmations. (Aleksandar Lukic, 2015) It is the types of services through which bank customers
can request information and carry out most retail banking services such as balance reporting, inter-
account transfers, bill-payment, via telecommunication network without leaving their home or
organization. It provides universal connection from any location worldwide and is universally
accessible from any internet linked computer.

According to Aleksandar Lukic (2015), information technology developments in the

banking sector have sped up communication and transactions for clients. It is vital to extend this
banking feature to clients for maximizing the advantages for both clients and service providers.
Internet is the cheapest delivery channel for banking products as it allows the entity to reduce their
branch networks and downsize the number of service staff. The navigability of the website is a
very important part of Internet banking because it can become one of the biggest competitive
advantages of a financial entity. Due to increase in technology usage the banking sector’s
performance increases day by day.

Internet banking is becoming the indispensable part of modern day banking services. It is
notoriously difficult to predict the future, but some educated guesses can be made using past and
current experiences. In our view, the next developments in e - banking will involve new products
and services that were not feasible in traditional banking models. This could involve enabling
instant payments using mobile devices, or tools to help people manage their multi-bank financial
portfolio, simultaneously. Internet online banking may also become more viable as the
functionality of e-banking systems grows, and customers adapt to the new ways of conducting
their financial activities. (Aleksandar Lukic, 2015)

International banking might become a reality for ordinary consumers as banking payments
systems are increasingly harmonized across borders. Internet banking has the potential to be a very
rich and pleasant experience, and may provide more opportunities for banks to develop mutually
satisfying, tailor made services to enrich relationship with customers. As technology evolves, the
opportunities to extend the relationship beyond what is possible in the physical world continue to
grow and will only be limited by a bank’s ability to innovate or commitment to internet banking.

Aleksandar Lukic state that despite numerous advantages of internet banking is the issue
of security. Security is important in setting up an internet banking facility. In building up a secure
transactions systems factors that have to be considered are improving customer trust and
integrating the current services offered to the customers. Since internet banking is a new
technology that has many capabilities and also many potential problems, users are hesitant to use
the system. The number of malicious applications targeting online banking transactions has
increased dramatically in recent years.
 SECURITY THREATS IN INTERNET BANKING

Security threats can affect a financial institution through numerous vulnerabilities. No single
control or security device can adequately protect a system connected to a public network. Many
problems concerning the security of transactions are the result of unprotected data being sent
between clients and servers. The problems of the systems today are inherent within the setup of
the communications and also within the computers itself. The current focus of security is on
session-layer protocols and the flaws in end-to-end computing. A secure end-to-end transaction
requires a secure protocol to communicate over untrusted channels, and a trustee code at both
endpoints. It is really important to have a secure protocol because the trusted channels really don’t
exist in most of the environment. There are various types of attacks that e-banking can suffer. They
include:

 Social Engineering - One of the most common attacks does not involve knowledge of any
type of computer system. Tricking consumer into revealing sensitive information by posing
as a system administrator or customer service representative is known as social
engineering. Social engineers use surveillance and a consumer’s limited knowledge of
computer systems to their advantage by collecting information that would allow them to
access private accounts.

 Port Scanners - Attackers can use port scanners to ascertain entry points into a system and
use various techniques to steal information. This type of software sends signals to a
machine or router and records the message the machine responds with to ascertain
information and entry points (Cobb, 2007). The main purpose of a port scanner is to gather
information related to hardware and software that a system is running so that a plan of
attack can be developed.

 Packet Sniffers - The connection between a user’s computer and the web server can be
“sniffed” to gather an abundance of data concerning a user including credit card
information and passwords. A packet sniffer is used to gather data that is passed through a
network. It is very difficult to detect packet sniffers because their function is to capture
network traffic as they do not manipulate the data stream. The use of a Secure Socket Layer
 connection is the best way to ensure that attackers utilizing packet sniffers cannot steal
sensitive data.

 Password Cracking - Password cracking can involve different types of vulnerabilities and
decrypting techniques; however, the most popular form of password cracking is a brute
force attempt. Brute force password attacks are used to crack an individual’s username and
password for a specific website by scanning thousands of common terms, words, activities,
and names until a combination of them is granted access to a server. Brute force cracking
takes advantage of systems that do not require strong passwords, thus users will often use
common names and activities making it simple for a password cracker to gain access to a
system.

 Trojans - Trojan software is considered to be the most harmful in terms of electronic

banking security due to its ability to secretly connect and send confidential information.
These programs are developed for the specific purpose of communicating without the
chance of detection. Trojans can be used to filter data from many different clients, servers,
and database systems. Trojans can be installed to monitor emails, instant messages,
database communications, and a multitude of other services.

 Denial of Service Attacks - Denial of service attacks are used to overload a server and
render it useless. The server is asked repeatedly to perform tasks that require it to use a
large amount of resources until it can no longer function properly. The attacker will install
virus or Trojan software onto an abundance of user PC’s and instruct them to perform the
attack on a specific server. Denial of service attacks can be used by competitors to interrupt
the service of another E-Commerce retailer or by attackers who want to bring down a web
server for the purpose of disabling some type of security feature. Once the server is down,
they may have access to other functions of a server, such as the database or a user’s system.
This allows the attacker the means to install software or disable other security features.
 ISSUES OF ONLINE BANKING SECURITY

In the year of 2003 and 2004 saw the emergence of fraudulent activities pertaining to Internet
Banking or better known in the industry as “phishing”. A total of 92 phishing cases were reported
to the Malaysian Computer Emergency Response Team (MyCERT, www.mycert.org.my) in 2004.
The modus operandi of this activity is to use spoofing techniques to gain names and passwords of
account holders. The victims reported being deceived into going to a fake website where
perpetrators stole their usernames and passwords and later use the information for the perpetrators’
own advantage. Phishing is an attempt to commit fraud via social engineering. The impact is the
breach of information security through the compromise of confidential data.

The Association of Banks Malaysia (ABM) has urged both commercial banks and their
customers to be extra vigilant following reports of fraudulent email purportedly sent by banks with
Internet banking services to online customers. The fraudulent activities mentioned above are not
limited to the Malaysian banking industry. It is a worldwide problem particularly in the United
States. Based on APWG (2015), there are 2560 new unique phishing sites were reported to the
Anti Phishing Working Group (APWG) in this year. It was an increase of 47 percent over the
December 2004 figure. APWG is an industry association focused on eliminating identity theft and
fraud that result from the growing problem of phishing and email spoofing. This voluntary based
organization provides a forum to discuss phishing issues, trials and evaluations of potential
technology solutions, and access to a centralized repository of reports on phishing attacks.

The Star Online (17 December 2018) reported CIMB Bank Berhad has refuted allegations
that there was a security flaw in its online banking portal. CIMB said its online banking portal,
CIMBClicks, remains secure and all customers' transactions continue to be protected. "The bank
would like to inform that it had, over the weekend, introduced a few additional measures to
enhance the security of its CIMBClicks transactions. "Apart from ensuring that the system is now
able to accommodate passwords longer than eight characters and up to 20 characters, we have also
added the reCaptcha security measure on CIMBClicks to ensure the user is not a bot" it said in a
statement on Monday (Dec 17). Over the weekend, purported issues with CIMB's online banking
portal went viral after social media users claimed that funds from their online banking accounts
had been transferred out to online payment site PayPal. Users had also alleged that their passwords
were opened for hacking. Popular online forum Lowyat.net had also reported that serious security
flaws in CIMBClicks might have led to its accounts being hacked.

Besides that, on 27 March 2019, The Star Online reported that a Maybank spokesperson
explained that the service interruption occurred earlier this afternoon owing to a technical issue
which affected MEPS, TAC and some cards related transactions conducted via the bank’s
electronic banking channels. “As of now, the issue has been resolved and services are back to
normal. We apologize for the inconvenience caused and would like to thank our customers for
their patience and understanding," the spokesperson said in a statement to The Star.Maybank has
issued a statement on its official social media accounts to inform customers that it’s currently
facing intermittent service disruption. Many customers too have posted on Twitter that they are
having issues with sending money, for instance, via Instant Transfer, and even receiving
Transaction Authorisation Code (TAC).
 CONCLUSION

As a result of the growth of the internet, electronic commerce has immerged and offers tremendous
market potential for today’s business. One industry that has benefited from this new
communication channel is the banking industry. Electronic banking is offering its customers with
a wide range of services. Customers are now able to interact with their banking accounts as well
as make financial transactions from virtually anywhere without time restrictions. E-banking is
offered by many banking institutions due to pressure from competitions.

Today, it is believed that people make the difference to information technology and
security development and that training on the ethical, legal and security aspects of information
technology usage should be ongoing at all levels within organizations. The future of electronic
banking will be a system where users are able to interact with their banks “worry-free” and banks
are operated under one common standard. Most research studies have indicated that the common
problem affecting information security and privacy of customers is eservices provider’s lack of
security control which allows damaging privacy losses.

The providers of Internet banking services must be more responsive security requirements.
While there is no doubt that Internet banking transaction should have layered protection against
security threats, the providers should approach security considerations as part of their service
offerings. Currently, there are no formal processes being put in place to determine the level of
security provided by these service providers and to what minimum standards they should be. Local
financial institutions should consider the above-mentioned recommendations to ensure
confidentiality of customer information

Apart from that, another problem is the subsequent misuse of consumers’ confidential
information, as in identity theft. These may affect customer’s confidence toward online business
transaction in a variety of privacy risk assessments by consumers. Current technology allows for
secure site design. It is up to the development team to be both proactive and reactive in handling
security threats, and up to the consumer to be vigilant when doing business online.
 REFERENCES

Pikkarainen, T., Pikkarainen, K., Karjaluoto, H., & Pahnila, S. (2004). Consumer acceptance
of online banking: an extension of the technology acceptance model. Internet research, 14(3), 224-
235.

Hole, K. J., Moen, V., & Tjostheim, T. (2006). Case study: Online banking security. IEEE
Security & Privacy, 4(2), 14-20.

Nilsson, M., Adams, A., & Herd, S. (2005, April). Building security and trust in online
banking. In CHI'05 Extended Abstracts on Human Factors in Computing Systems (pp. 1701-
1704). ACM.

Claessens, J., Dem, V., De Cock, D., Preneel, B., & Vandewalle, J. (2002). On the security of
today’s online electronic banking systems. Computers & Security, 21(3), 253-265.

Mannan, M., & Van Oorschot, P. C. (2008, July). Security and usability: the gap in real-world
online banking. In Proceedings of the 2007 Workshop on New Security Paradigms (pp. 1-14).
ACM.

Aladwani, A. M. (2001). Online banking: a field study of drivers, development challenges, and
expectations. International Journal of Information Management, 21(3), 213-225.

Edge, K., Raines, R., Grimaila, M., Baldwin, R., Bennington, R., & Reuter, C. (2007, January).
The use of attack and protection trees to analyze security for an online banking system. In 2007
40th Annual Hawaii International Conference on System Sciences (HICSS'07) (pp. 144b-144b).
IEEE.

Ezeoha, A. E. (2005). Regulating internet banking in Nigeria: problems and challenges–Part

1. Journal of Internet Banking and Commerce, 10(3), 1-5.

Hernández-Murillo, R., Llobet, G., & Fuentes, R. (2010). Strategic online banking
adoption. Journal of Banking & Finance, 34(7), 1650-1663

Aliyu, A. A., Rosmain, T., & Takala, J. (2014). Online banking and customer service delivery
in Malaysia: data screening and preliminary findings. Procedia-Social and Behavioral
Sciences, 129, 562-570.