Cyber Banking

Using the Internet to perform banking functions. Also called electronic banking, virtual banking, and online banking. Cyber banking allows customers to conduct financial transactions from home, business or from the road, on a secure website operated by their retail or virtual bank.

 Consumers can use e-banking to check their accounts, pay bills online, secure a loan electronically and much more. E-banking saves users time and money. For banks it offers an inexpensive alternative to branch banking Many physical banks offer home banking services like SBI, Citibank, ICICI, HDFC etc

History
The term online became popular in the late '80s and referred to the use of a terminal, keyboard and TV (or monitor) to access the banking system using a phone line. Online services started in New York in 1981 when four of the citys major banks (Citibank, Chase Manhattan, Chemical and Manufactures Hanover) offered home banking services using the videotex system.

 The UKs first home online banking services was set up by the Nottingham Building Society (NBS) in 1983. The system allowed on-line viewing of statements, bank transfers and bill payments.

Virtual Banks
Virtual banks have no physical location, but only conduct online transactions. The world's first fully-functional virtual bank was the Security First Network Bank (SFNB) These banks were designed without a traditional banking infrastructure.

Virtual Banks around the world are: ING Direct U Bank HSBC Direct First Direct

Implementation Issues in Online Financial Transactions

Access to Banks Intranets by outsiders Many banks provide their customers with personalised service by allowing the access to the banks intranets
Using Imaging Systems Several financial institutions eg. Bank of america, citibank allow customers to view images of all their checks, invoices which are in process. For eg, in SBI transactions, before authorising the check you can see the image of the check

 Pricing Online Versus Off-Line Services Pricing issues must be taken into account for providing the different types of services. Mostly computer based banking services are offered free by banks whereas offline services prove to be costlier than online services

Features of online banking

Transactional Electronic bill payment Investment Non Transactional

Features of online banking

Transactional (e.g., performing a financial transaction such as an account to account transfer, paying a bill, wire transfer and applications apply for a loan, new account, etc.) Electronic bill payment Funds transfer between a customer's own checking and savings accounts, or to another customer's account

 Investment oppurtunities to customers like opening of D-MAT account, Insurance.

Non-transactional (e.g., online statements, chat) Bank statements, Account update.

Advantages of Online Banking

View your Transactions Online banking is the quickest way to check and see if a transaction has cleared your account. Speedy Work For the Bank Online banking is generally quicker than the transactions conducted at the ATMS or at the bank.

 No physical presence is required All banks today are encouraging customers to bank online rather than going to the bank and making transactions. 24*7 facility is available Online banking sites never close. They are available 24 hrs a day, seven days a week.

 Eliminating paper work Paying bills online does more than save trees. It also helps reduce fuel consumption by the trucks and planes that transport paper checks. Ubiquity If you are out of station or even out of country on a tour or on an official trip, If you are facing money problem, all you have to do is log on to the internet.

ATM as a part of cyber banking

Automated Teller Machines or 24-hour Tellers are electronic terminals that let you bank almost any time. To withdraw cash, make deposits, or transfer funds between accounts, you generally insert an ATM card and enter your PIN. Some financial institutions and ATM owners charge a fee, particularly to consumers who dont have accounts with them or on transactions at remote locations.

Online Billing and Bill Paying

People prefer to pay monthly bills, such as telephone, utilities, rent, credit cards, and so on, online. The recipients of such payments are equally eager to receive money online, because online payments are received much more regularly and quickly and have lower processing costs.

Payment system
Automatic transfer of funds to pay monthly utility bills. Like your gas and water bills, the bank automatically allows customer to pay these bills from there bank accounts. Paying bills from online banking accounts. Many people pay there monthly rent and other bills directly into the payees bank account.

 Person to Person direct payment. An example of this is Pay Pal, it enable a person to send funds to another individual over the internet.

Disadvantages of cyber banking

Safety concern Meant for tech savvy people Sophisticated technology Continuous up gradation

Disadvantages Contd.
Safety Concerns: In the article titled, "Is Online Banking Safe", cyber scams that may target unsuspecting customers were explored in great detail. Phishing, the presence of malicious software, keylogger issues and security concerns due to weak wireless security networks deter people from opting for Internet banking

 Because physical presence of a person is not required, that may pose a problem. Internet required sophisticated technology.

 Meant for Tech Savvy People: People belonging to the older generation may not be tech savvy and may find it difficult to adapt to online banking. Continuous up gradation is required otherwise the site will become obsolete.

Challenges of cyber banking

Security Systems Development and Life Cycle Management Performance Return on investment Identity Theft

Banking Risks
Same inherent risk and issues as Internet Banking, primary risks affected
Strategic Transaction Reputation Compliance

Strategic Risk
Determining wireless banking role in delivering products and services Defining risk versus reward goals and objectives Implementing emerging e-banking strategies
Rapidly changing technology standards

Transaction Risk
There are various kinds of transaction risks in cyber space like On line fund transfer done by some one else on your behalf. You yourself do fund transfer but to some phishing site. Stop payment of a cheque is made by someone else. Site not working properly.

1. 2. 3. 4.

 Unproven standards can have security weaknesses Encourage customers to use good PIN/Password management practices

Reputation Risk
Reliability of delivery network
Customer acceptance of no-service due to telecommunications issues when they are in areas they expect service - Consumer Expectations Processing and handling of interrupted transactions

Integration of wireless applications with existing products and services

Reputation Contd.
This kind of risk is mostly considered in case of HNI (High Net Worth Individual/ High Net Worth Income) client. Because they give bank huge interest as well as business. Bank do not want to let them down.

Compliance Issues
Disclosures The various risk removal methods used by the bank should be compliable to the government.
They should not violate the rules of the country. Privacy concerns for customers.

Risk in Cyber Space

Fraudulent practices Cyber squatting Email Spamming Money Laundering First Party Risk Third Party Risk

Fraudulent practices
Many people are involved only in doing fraud. Like they make virus, spyware, trojan horse etc.

Cyber squatting
It means a person can subscribe to a domain name which may be the name of a brand. After that the person can demand more money to the brand, if he will sell that domain name. Eg. Nike, Coke

Email Spamming
Fraud email can be sent to a persons email address. Whether a person wants them or not.

Money Laundering
Money can be sent via the internet from one part of the world to the other part of the world. This is a good way of making white money from black money.

Cyber Intelligence
It is defined as the various methodologies used by a company to eliminate risk in cyber space. It includes many things

Firewall
A firewall is a set of programs, located at a network server that protects the resources of a private network from users from other networks. (The term also implies the security policy that is used with the programs.) An enterprise with an intranet that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to.

Virus Scanners and IDS

Virus is defined as a computer program that do unwanted things. It may replicates itself many times or it may delete important data. Meaning of IDS Intrusion Detection System, is a security system that detects inappropriate or malicious activity on a computer or network. An Intrusion Detection System (IDS) is used to determine if a computer network or server has experienced an unauthorized intrusion. An IDS works like a burglar alarm system. If it detects a possible intrusion, the IDS system will send out an alert or warning which would prompt an administrator to perform further investigation which might include computer forensics and prosecution.

Authentication
Authentication is the process of determining whether someone is, what it is pretended to be. Authentication is commonly done through the use of logon passwords. Knowledge of the password is assumed to guarantee that the user is authentic. Each user registers initially has an assigned or self-declared password. On each subsequent use, the user has to state that password. The weakness in this system for transactions is that passwords can often be stolen, accidentally revealed, or forgotten. That may pose a problem.

Encryption
Encryption is a process of translating a message, called the Plaintext, into an encoded message, called the Ciphertext. This is usually accomplished using a secret Encryption Key and a cryptographic Cipher. Two basic types of Encryption are commonly used: Symmetric Encryption, where a single secret key is used for both encryption and decryption. Asymmetric Encryption, where a pair of keys is used -- one for Encryption and the other for Decryption.

Active content filter

A type of malware that uses common, dynamic scripting languages (e.g. Java, JavaScript, Active X, or Visual Basic). Vulnerabilities in the scripting language are exploited to carry malicious code, which could be downloaded through a Web browser and executed on a local system without the user's knowledge or consent. Malicious active content can be used for many criminal activities, including to deliver viruses and worms, send email, record information from the local user, or to redirect users or content. Active content is also called mobile code.

 Active Content Filter (ACF) removes potentially malicious active content (JavaScript, Java) from application content that is displayed in a browser that interprets DHTML. The ACF runs over any application content over which users have control, such as e-mail bodies and subjects or calendar entries. Filtering of mail messages, for example, occurs every time a user opens a message for viewing, replying, or forwarding. The original content of the message is stored in the database and the content is filtered on the fly.

OCTAVE
Operationally Critical Threat, Asset, and Vulnerability Evaluation. It is a suite of tools, techniques, and methods for risk-based information security strategic assessment and planning. The OCTAVE methods are self-directedSmall teams of organizational personnel across business units and IT work together to address the security needs of the organization. flexibleEach method can be tailored to the organization's unique risk environment, security and resiliency objectives, and skill level.

Chief Security Officer

Chief Security Officer means the person responsible for the organization's entire security posture which is digital. CSOs also frequently own or participate closely in related areas such as business continuity planning, loss prevention and fraud prevention, and privacy.