From Wikipedia, the free encyclopedia
Online banking (or Internet banking or E-banking) allows customers of a financial institution to conduct financial transactions on a secure website operated by the institution, which can be a retail or virtual bank, credit union or building society.
To access a financial institution's online banking facility, a customer having personal Internet access must register with the institution for the service, and set up some password (under various names) for customer verification. The password for online banking is normally not the same as for telephone banking. Financial institutions now routinely allocate customer numbers (also under various names), whether or not customers intend to access their online banking facility. Customer numbers are normally not the same as account numbers, because a number of accounts can be linked to the one customer number. The customer will link to the customer number any of those accounts which the customer controls, which may be cheque, savings, loan, credit card and other accounts. Customer numbers will also not be the same as any debit or credit card issued by the financial institution to the customer.
To access online banking, the customer would go to the financial institution's website, and enter the online banking facility using the customer number and password. Some financial institutions have set up additional security steps for access, but there is no consistency to the approach adopted.
The UK's first home online banking services was set up by Bank of Scotland for customers of the Nottingham Building Society (NBS) in 1983. The system used was based on the UK's Prestel system and used a computer, such as the BBC Micro, or keyboard (Tandata Td1400) connected to the telephone system and television set. The system (known as 'Homelink') allowed on-line viewing of statements, bank transfers and bill payments. In order to make bank transfers and bill payments, a written instruction giving details of the intended recipient had to be sent to the NBS who set the details up on the Homelink system. Typical recipients were gas, electricity and telephone companies and accounts with other banks. Details of payments to be made were input into the NBS system by the account holder via Prestel. A cheque was then sent by NBS to the payee and an advice giving details of the payment was sent to the account holder. BACS was later used to transfer the payment directly.
Stanford Federal Credit Union was the first financial institution to offer online internet banking services to all of its members in October 1994.[4]
Today, many banks are internet only banks. Unlike their predecessors, these internet only banks do not maintain brick and mortar bank branches. Instead, they typically differentiate themselves by offering better interest rates and more extensive online banking features.
Security token device for online banking.
Security of a customer's financial information is very important, without which online banking could not operate. Financial institutions have set up various security processes to reduce the risk of unauthorised online access to a customer's records, but there is no consistency to the various approaches adopted.
The use of a secure website has become almost universally adopted.
Though single password authentication is still in use, it by itself is not considered secure enough for online banking in some countries. Basically there are two different security methods in use for online banking.
A method to attack signature based online banking methods is to manipulate the used software in a way, that correct transactions are shown on the screen and faked transactions are signed in the background.
A 2008 U.S. Federal Deposit Insurance Corporation Technology Incident Report, compiled from suspicious activity reports banks file quarterly, lists 536 cases of computer intrusion, with an average loss per incident of $30,000. That adds up to a nearly $16-million loss in the second quarter of 2007. Computer intrusions increased by 150 percent between the first quarter of 2007 and the second. In 80 percent of the cases, the source of the intrusion is unknown but it occurred during online banking, the report states.[5]
The most recent kind of attack is the so-called Man in the Browser attack, where a Trojan horse permits a remote attacker to modify the destination account number and also the amount.
In 2001 the U.S. Federal Financial Institutions Examination Council issued guidance for multifactor authentication (MFA) and then required to be in place by the end of 2006.[6]
To access a financial institution's online banking facility, a customer having personal Internet access must register with the institution for the service, and set up some password (under various names) for customer verification. The password for online banking is normally not the same as for telephone banking. Financial institutions now routinely allocate customer numbers (also under various names), whether or not customers intend to access their online banking facility. Customer numbers are normally not the same as account numbers, because a number of accounts can be linked to the one customer number. The customer will link to the customer number any of those accounts which the customer controls, which may be cheque, savings, loan, credit card and other accounts. Customer numbers will also not be the same as any debit or credit card issued by the financial institution to the customer.
To access online banking, the customer would go to the financial institution's website, and enter the online banking facility using the customer number and password. Some financial institutions have set up additional security steps for access, but there is no consistency to the approach adopted.
Contents[hide] |
[edit] Features
Online banking facilities offered by various financial institutions have many features and capabilities in common, but also have some that are application specific.- The common features fall broadly into several categories
- A bank customer can perform some non-transactional tasks through online banking, including -
- viewing account balances
- viewing recent transactions
- downloading bank statements, for example in PDF format
- viewing images of paid cheques
- ordering cheque books
- download periodic account statements
- Downloading applications for M-banking, E-banking etc.
- Bank customers can transact banking tasks through online banking, including -
- Funds transfers between the customer's linked accounts
- Paying third parties, including bill payments (see, e.g., BPAY) and telegraphic/wire transfers
- Investment purchase or sale
- Loan applications and transactions, such as repayments of enrollments
- Register utility billers and make bill payments
- Financial institution administration
- Management of multiple users having varying levels of authority
- Transaction approval process
- Some financial institutions offer unique Internet banking services, for example
- Personal financial management support, such as importing data into personal accounting software. Some online banking platforms support account aggregation to allow the customers to monitor all of their accounts in one place whether they are with their main bank or with other institutions.
[edit] History
The precursor for the modern home online banking services were the distance banking services over electronic media from the early 1980s. The term online became popular in the late '80s and referred to the use of a terminal, keyboard and TV (or monitor) to access the banking system using a phone line. ‘Home banking’ can also refer to the use of a numeric keypad to send tones down a phone line with instructions to the bank. Online services started in New York in 1981 when four of the city’s major banks (Citibank, Chase Manhattan, Chemical and Manufacturers Hanover) offered home banking services[1][2][3] using the videotex system. Because of the commercial failure of videotex these banking services never became popular except in France where the use of videotex (Minitel) was subsidised by the telecom provider and the UK, where the Prestel system was used.The UK's first home online banking services was set up by Bank of Scotland for customers of the Nottingham Building Society (NBS) in 1983. The system used was based on the UK's Prestel system and used a computer, such as the BBC Micro, or keyboard (Tandata Td1400) connected to the telephone system and television set. The system (known as 'Homelink') allowed on-line viewing of statements, bank transfers and bill payments. In order to make bank transfers and bill payments, a written instruction giving details of the intended recipient had to be sent to the NBS who set the details up on the Homelink system. Typical recipients were gas, electricity and telephone companies and accounts with other banks. Details of payments to be made were input into the NBS system by the account holder via Prestel. A cheque was then sent by NBS to the payee and an advice giving details of the payment was sent to the account holder. BACS was later used to transfer the payment directly.
Stanford Federal Credit Union was the first financial institution to offer online internet banking services to all of its members in October 1994.[4]
Today, many banks are internet only banks. Unlike their predecessors, these internet only banks do not maintain brick and mortar bank branches. Instead, they typically differentiate themselves by offering better interest rates and more extensive online banking features.
[edit] Security
The use of a secure website has become almost universally adopted.
Though single password authentication is still in use, it by itself is not considered secure enough for online banking in some countries. Basically there are two different security methods in use for online banking.
- The PIN/TAN system where the PIN represents a password, used for the login and TANs representing one-time passwords to authenticate transactions. TANs can be distributed in different ways, the most popular one is to send a list of TANs to the online banking user by postal letter. The most secure way of using TANs is to generate them by need using a security token.[citation needed] These token generated TANs depend on the time and a unique secret, stored in the security token (two-factor authentication or 2FA). Usually online banking with PIN/TAN is done via a web browser using SSL secured connections, so that there is no additional encryption needed.
- Another way to provide TANs to an online banking user is to send the TAN of the current bank transaction to the user's (GSM) mobile phone via SMS. The SMS text usually quotes the transaction amount and details, the TAN is only valid for a short period of time. Especially in Germany, Austria and The Netherlands, many banks have adopted this "SMS TAN" service as it is considered very secure.
- Signature based online banking where all transactions are signed and encrypted digitally. The Keys for the signature generation and encryption can be stored on smartcards or any memory medium, depending on the concrete implementation.
[edit] Attacks
Most of the attacks on online banking used today are based on deceiving the user to steal login data and valid TANs. Two well known examples for those attacks are phishing and pharming. Cross-site scripting and keylogger/Trojan horses can also be used to steal login information.A method to attack signature based online banking methods is to manipulate the used software in a way, that correct transactions are shown on the screen and faked transactions are signed in the background.
A 2008 U.S. Federal Deposit Insurance Corporation Technology Incident Report, compiled from suspicious activity reports banks file quarterly, lists 536 cases of computer intrusion, with an average loss per incident of $30,000. That adds up to a nearly $16-million loss in the second quarter of 2007. Computer intrusions increased by 150 percent between the first quarter of 2007 and the second. In 80 percent of the cases, the source of the intrusion is unknown but it occurred during online banking, the report states.[5]
The most recent kind of attack is the so-called Man in the Browser attack, where a Trojan horse permits a remote attacker to modify the destination account number and also the amount.
[edit] Countermeasures
There exist several countermeasures which try to avoid attacks. Digital certificates are used against phishing and pharming, the use of class-3 card readers is a measure to avoid manipulation of transactions by the software in signature based online banking variants. To protect their systems against Trojan horses, users should use virus scanners and be careful with downloaded software or e-mail attachments.In 2001 the U.S. Federal Financial Institutions Examination Council issued guidance for multifactor authentication (MFA) and then required to be in place by the end of 2006.[6]
[edit] See also
- Current account
- Enhanced Telephone
- Guide to E-payments
- Mobile banking
- On-line and off-line
- SMS Banking
- Telephone banking
[edit] References
- ^ Cronin, Mary J. (1997). Banking and Finance on the Internet, John Wiley and Sons. ISBN 0-471-29219-2 page 41 from Banking and Finance on the Internet. Retrieved 2008-07-10..
- ^ "The Home Banking Dilemma". Retrieved 2008-07-10.
- ^ "Computer Giants Giving a Major Boost to Increased Use of Corporate Videotex". Communications News. 1984. Retrieved 2008-07-10.
- ^ "Stanford Federal Credit Union Pioneers Online Financial Services." (Press release). 1995-6-21.
- ^ Security Flaws in Online Banking Sites Found to be Widespread Newswise, Retrieved on July 23, 2008.
- ^ OCC 2005-35
[edit] External links
 | Wikibooks has a book on the topic of: E-Commerce and E-Business |
- Boni, K.; Tsekeris, C. (2007): “Electronic Banking”, in Ritzer, G. (ed.), Blackwell Encyclopedia of Sociology, Blackwell Reference Online.
- Gandy, T. (1995): “Banking in e-space”, The banker, 145 (838), pp. 74–76.
- Tan, M.; Teo, T. S. (2000): “Factors influencing the adoption of Internet banking”, Journal of the Association for Information Systems, 1 (5), pp. 1–42.
No comments:
Post a Comment