Scribd Logo
Carica

Benvenuto in Scribd!

  • E Banking Project

    Caricato da

    Ravi Mori
    773 visualizzazioni123 pagine
    e banking

    Titolo originale

    e Banking Project

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    DOC, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    e banking

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato DOC, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    773 visualizzazioni123 pagine

    E Banking Project

    Caricato da

    Ravi Mori
    e banking

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato DOC, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 123

    Introduction

    Electronic banking is an umbrella term for the process by which a customer may perform banking transactions electronically without visiting a brick-and-mortar institution. The following terms all refer to one form or another of electronic banking: personal computer (PC) banking !nternet banking virtual banking online banking home banking remote electronic banking and phone banking. PC banking and !nternet or online banking is the most fre"uently used designations. !t should be noted however that the terms used to describe the various types of electronic banking are often used interchangeably. #lectronic banking is an activity that is not new to banks or their customers. $anks having been providing their services to customers electronically for years through software programs. These software programs allowed the user%s personal computer to dial up the bank directly. !n the past however banks have been very reluctant to provide their customers with banking via the !nternet due to security concerns. Today banks seem to be &umping on the bandwagon of !nternet banking. 'hy is there a sudden increase of bank interests in the !nternet( The first ma&or reason is because of the improved security and encryption methods developed on the !nternet. The second reason is that banks did not want to lose a potential market share to banks that were "uick to offer their services on the !nternet. )any of the banks like !C!C! *+,C !ndus!nd !+$! Citibank -lobal Trust $ank (-T$) $ank of Pun&ab and .T! were offering #-banking services. $ased on the above statistics and the analysts% comments that !ndia had a high growth potential for e-banking the players focused on increasing and improving their #-banking services. /s a part of this the banks began to collaborate with functions online.

    'hy is there a sudden increase of bank interests in the !nternet( The first ma&or reason is because of the improved security and encryption methods developed on the !nternet. The second reason is that banks did not want to lose a potential market share to banks that were "uick to offer their services on the !nternet. E-banking is defined as the automated delivery of new and traditional banking products and services directly to customers through electronic interactive communication channels. #-banking includes the systems that enable financial institution customers. !ndividuals or businesses to access accounts transact business or obtain information on financial products and services through a public or private network including the !nternet Customers access e-banking services using an intelligent electronic device. The #-banking was firstly introduced in !ndia by the !C!C! around 0112. There after many other banks like *+,C !ndus!nd bank !+$! Citibank Trust $anks .T! etc. followed the service. /s today private and foreign bank had started capturing the market through e-banking hence 3the competition is heating up and the lack of technology can make a bank loose a customer4 so now the public banks are breaking the shackles of traditional set-up and gearing up to face the competition posed by the private sector counterparts.

    The Global E-Banking Scenario


    The banking industry is e5pected to be a leading player in e-business. 'hile the banks in developed countries are working primarily via !nternet as non-branch banks banks in the developing countries use the !nternet as an information delivery tool to improve relationship with customers. !n early 6770 appro5imately 27 percent of e-business in the .8 was concentrated in the financial services sector and with the e5pected 07-fold increase of the $ritish e-business market by 6779 the share of the financial services will further increase. /round one fifth of ,inish and :wedish bank customers are banking online while in the .: according to .;CT/+ online banking is growing at an annual rate of 27 percent and the numbers of online accounts are e5pected to reach 0< million by 677=. $anks have established an !nternet presence with various ob&ectives. )ost of them are using the !nternet as a new distribution channel. ,inancial services with the use of !nternet may be offered in an e"uivalent "uantity with lower costs to the more potential customers. There may be contacts from each corner of the world at any time of day or night. This means that banks may enlarge their market without opening new branches. The banks in the .: are using the 'eb to reach opportunities in three different categories: to market information to deliver banking products and services and to improve customer relationship. In Asia the ma&or factor restricting growth of e-banking is security in spite of several countries being well connected via !nternet. /ccess to high-"uality e-banking products is an issue as well. )a&ority of banks in /sia are &ust offering basic services compared with those of developed countries. :till e-banking seems to have a future in /sia. /ccording to )c8insey survey e-banking will succeed if the basic features especially bill payment are handled well. $ill payment was the most popular feature cited by 97 percent of respondents of the survey. *owever providing this service would be difficult for banks in /sia because it re"uires a high level of security and involves arranging transactions with a variety of players.

    In India appro5imately one percent of high and middle-income group banking customers conducted banking on the !nternet in 6777 compared to < to 2 percent in :ingapore and :outh 8orea. !n 6770 a >eserve $ank of !ndia survey revealed that more than 67 ma&or banks were either offering e-banking services at various levels or planned to do so in the near future. :ome of the private banks included !C!C! $ank *+,C $ank !ndus!nd $ank !+$! $ank Citibank -lobal Trust $ank $ank of Pun&ab and .T! $ank. !n the same year out of an estimated 7.1 million !nternet user base appro5imately 0? percent were reported to be banking on the !nternet. The above statistics reveal that !ndia does have a high growth potential for e-banking. The banks have already started focusing on increasing and improving their e-banking services. /s a part of this the banks have begun to collaborate with various utility companies to enable the customers to perform various functions online. !n 6770 over <7 percent of the banks in the .: were offering e-banking services. *owever large banks appeared to have a clear advantage over small banks in the range of services they offered. :ome banks in the .: were targeting their !nternet strategies towards business customers. /part from affecting the way customers received banking services@ e-banking was e5pected to influence the banking industry structure. The economics of e-banking was e5pected to favor large banks because of economies of scale and scope and the ability to advertise heavily. )oreover e-banking offered entry and e5pansion opportunities that small banks traditionally lacked. In Europe the !nternet is accelerating the reconfiguration of the banking industry into three separate businesses: production distribution and advice. This reconfiguration is being further driven by the !nternet due to the combined impact of: The emergence of new more focused business models. ;ew technological capabilities that reduces banking relationship and transaction costs. *igh degree of uncertainty over the impact that new entrants will have on current business models.

    Though e-banking in the #urope is still in the evolutionary stage it is very clear that it is having a significant impact on traditional banking activities. .nlike in the .: though large banks in the #urope have a competitive edge due to their ability to invest heavily in new technologies they are still not ready to embrace e-banking. *ence medium-siAed banks and start-ups have an important role to play on the e-banking front if they can take concrete measures "uickly and effectively.

    The E-Banking Trends Convergence is one of the clear visible trends in the banking industry. *ere convergence does not mean offering banking broking and insurance services under one corporate name through the !nternet. !t covers different dimensions including channel delivery sales culture back-office processes and the knowledge management infrastructure all being integrated via !nternet. ,ew banks take these different dimensions into consideration. !nstead they view convergence purely as a product-centric development that will enable them to cross-sell products. / strategy that does not go beyond product convergence is bound to have some limitations. ,or e5ample imagine a situation where customer service personnel in a so called BconvergedC bank is re"uired to answer banking brokerage and insurance "uestions coming through multiple channels including the !nternet branches call centers or /T)s. This bank is unlikely to succeed since though it has e5panded the product line it has not made any efforts to broaden the skill sets of the personnel who support these channels. #ffective knowledge management is the key to the e-business success of converged banking institutions. *owever this re"uires high level of cross-organiAational cooperation and information sharing. /n effective knowledge management system will vastly improve the institutionCs ability to know its customers. >obust customer information management systems at the front-end coupled with efficient fulfillment processes can enable banks to shorten the delivery time of their products and services.

    :uccessful convergence will help them in the development of a seamless supply chain that will be transparent to the customers. /nother trend in e-banking is a shift of focus of banks from being product-centric to customer-centric. /ccess to the !nternet has put wealth management decisions and demand-side technology in customersC hands and they can dictate the types of products and services they re"uire. 'hile the !nternet has enabled banks to deliver desired productsDservices more "uickly and ine5pensively the challenge for them is to enhance customer touch using e-channels which is very important for client retention. To succeed on the !nternet banks must continually differentiate from their competitors broaden their market and provide value through their products and services. ,or e5ample 'ells ,argo had shifted 0.9 million of its traditional banking customers online within five years of the development of its transactional website. *owever the company had maintained its !nternet strategy as a complement to e5isting channels and had found that its e-banking customers were more than <7 percent less likely to leave the bank than non!nternet customers. The bank continued to enter new alliances and e5panded its web offerings to maintain its dominant position. ,inally developing &ust a me-too website would not work for banks. :everal banks are creating electronic financial communities in which customers assemble to present and pay bills while satisfying other financial and informational needs. $y bringing consumers and vendors together at one site financial institutions can leverage the trust clients have in them and act as the intermediary to ensure billers get paid and consumers get satisfactory services. East but not the least banks may conduct periodical surveys and take customer views on the simplicity and ease of operation of their websites and other ebanking initiatives.

    Indian E-banking Scenario

    /s per the international report the banking transactions on a brick and mortar banking costs around F 0.0. 'hile through /T) it costs around F 7.6? and &ust 0 percent of over the counter banking in case of !nternet banking. :tatistics such as these have woken the !ndian $anking !ndustry. Thus the !ndian banking system is seeing a fabulous change in the "uality of service provided by them. Technology is the root of this change which is implemented by the banks% to win more business from customers. /lmost all the private sector banks are moving towards e-enabling their e5isting products. *+,C $ank and !C!C! $ank have taken a lead in introducing e-banking in !ndia. !nternet banking starts from migrating e5isting products to the net. This started initially with simple functions such as getting information about interest rates checking account balances and computing loan eligibility. Then the services were e5tended to online bill payment transfer of funds between accounts and cash management services for corporates. >ecently banks started setting up payment gateways for $6$ and $6C transactions. This is to facilitate payment for e-commerce transactions by directly debiting bank accounts or through credit cards. $anks can earn a commission based income on the transaction or sale value resulting in higher other income. This could be more than the revenues they can generate from credit card transactions. Private sector banks have leveraged the !nternet effectively in taking away the customers from public sector banks and significantly increased their revenue potential. !nternet banking is &ust one manifestation of these banks% technological capabilities. They have a complete automation an electronic customer database real time transaction processing capabilities and the latest technological platforms. )anagement of these banks is very focused in using technology as a key competitive tool. The capability of the management is also visible in terms of their profitability. /mong the private sector banks *+,C $ank and !C!C! $ank have e5cellent returns on e"uity compared to their peers in the industry.

    These banks commenced operations few years and have negligible e5cess in terms of branches and employees. Therefore unlike most other banks around the world e-banking is not an added cost for them. !n fact it is e5pected to contribute significantly to their revenues and profits in years to come. Valuations show the difference Particulars * PriceD$ook value (5) PD# (5) ProfitsDemployee (>s m) !"# I#I#I SBI #orporation Bank Bank 2.1 =7.= 6.< 6.1 69.2 1.7 6.< Bank 7.1 0.0 2.7 <.< 0.0 0.G 7.0 7.=

    >evenuesDemployee (>s m) 2.0 H $ased on )arch 6770 pro&ections

    The distribution of banking business in !ndia is highly skewed both geographically and in terms of customer segment. -eographically the top 077 centres account for around ?7 percent of the loans disbursed. This are e5pected to account for mostly early !nternet users. !n terms of customer segment key focus on the asset side is the corporate sector. This segment accounts for a high share of profits of banks and is likely to be an early adapter to the !nternet. In the liability side !nternet banking is e5pected to boost customer ac"uisition and profitability significantly in the top corporate segment and in the urban highDmiddle income retail segments. /part from e-banking future prospects of e-commerce is also strong as it is set for e5plosive growth rates. /ccording to the ;/::CI)%s survey e-business transactions in !ndia are e5pected to reach to >s 06 billion by 6777-70 from >s 9.< billion in the previous year. ,or e-commerce to take off there is a need for real time financial intermediation and there are very few banks offering this in !ndia. The right combination of customer relationship and technological competency is re"uired to dominate the financial intermediation of e-commerce. 'ho else than private sector banks can provide such services( They are all set to lead the segment with a marginal competition from foreign banks. -oing forward as the share of e-commerce in the economy increases

    these banks should be able to move up their market share apart from generating higher fee based income. $ong wa% to grow Particulars !nternet users (m) :ource: ;/::CI) $ut one does wonder what difference e-banking make with only 66 percent of the !nternet uses globally utiliAing e-banking services. !n !ndia also the penetration is less than 0 percent. !t is not all win-win case for !nternet banking in !ndia. / number of uncertainties surround e-banking and e-commerce ventures. /mong the others hurdles like low !nternet penetration security issues ta5 considerations and credit issues continue to depress the growth of the segment. #ven if the government has passed the cyber laws still there is a lack of clarity about legislative aspects governing the sector and the effectiveness of the administration to track J punish cyber crimes. !t all depends on the ability of banks to enter these businesses successfully. Those banks which have already started e-banking will have to continuously update their services to retain the potential customers since any customer is &ust a click away from a competitor elsewhere. /lso one cannot afford to depend only on !nternet banking@ brick and mortar will continue to play an important role. ,or those which are yet to begin are ignoring the potential customers by remaining away from the latest technology. "&'( "&)*E 7.< 9.< 277

    #-commerce revenues (F m) =.<

    +ho offers what,

    #itibank :ee up-to-date account information Kiew transaction details Kiew account statement for up to 06 months Irder demand drafts to couriered free to over 677 locations Irder a che"ue book stop payments >e"uest a deposit Pay utility bills #-mail "ueries I#I#I Bank /ccount information L summary of account and transactions $ills payment ,unds Transfer including third-party transfers >e"uests for che"ue books stop payment account opening >eporting loss of /T)s card Inline e-shopping payments Communication with /ccount )anager PersonaliAed viewing of content updates L personal finance select articles on e-commerce !"# Bank >eal-time account information incl. transactions Transfer money between accounts $ill payment facility

    Third party funds transfer L within

    *+,C bank

    >e"uest for +e and +raftD$ankers Che"ue :top payment re"uests Ipening fi5ed-deposit accounts :ending messages to the bank via e-mail

    -ediu.s of E-banking
    Various products and ser/ices
    #lectronic banking also known electronic fund transfer (#,T) uses computer and electronic technology as a substitute for checks and other paper transactions. #,Ts are initiated through devices like cards or codes that let you or those you authoriAe access your account. )any financial institutions use /T) or debit cards and Personal !dentification ;umbers (P!;s) for this purpose. :ome use other forms of debit cards and personal !dentification ;umbers (P!;s) for this purpose. :ome use other forms of debit cards such as those that re"uire at the most your signature or a scan. The federal #lectronic ,und Transfer /ct (#,T /ct) covers some electronic consumer transactions. ,ollowing are the electronic medium by which services are generally provided by the banks as a part of e-banking services. 01 Internet Banking *1 AT- 2Auto.atic Teller -achine1 31 Phone Banking 41 -obile Banking 51 Pa%.ent #ards 2!ebits6#redit #ard1

    /ll the above mediums provide services which can be also know as 3any time any where banking4. This facilitates the customer of the bank to operate their account from any corner of the world without visiting local or any subsidiary branch of their banks. #fforts are made by the bank not only to provide the facility to the customer but also to reduce the operational cost of the bank by providing e-banking services. :o with this

    banks have to employ less staff and still would be able to deliver service to the customer round the corner. Internet Banking ;et banking is a web-based service that enables the banks authoriAed customers to access their account information. !t allows the customers to log on to the banks website with the help of bank%s issued identification and personal identification number (P!;). The banking system verifies the user and provides access to the re"uested services the rage of products and service offered by each bank on the internet differs widely in there content. )ost banks offer net banking as a value-added service. ;et banking has also led to the emergent of new banks which operate only through the internet and do not e5ists physically :uch banks are called 3virtual4 banks or 3!nternet Inly4 banks. / couple of years ago there was a belief even among bankers that customers opening new accounts wanted the online banking facility &ust to Mfeel good% and very few of them actually used that services. Today bankers believe that the trend from Mnice to have% is changing to Mneed to have% .after all it depends on how busy a person is. :ervices provided through !nternet $anking 0) account information 6) #-che"ues (Inline ,und Transfer) =) $ill Payment :ervice 9) >e"uests /nd !ntimations <) +emat /ccount share trading Account infor.ation Provides summary of all bank accounts.

    /llow transaction tracking which enables retrieval of transaction details based on che"ue number transaction amount and date. Provide account statement and transaction reports used on user-defined criteria. Customers can even download and print the statement of accounts. E-#he7ues 2 8nline "und Transfer1 Customer can transfer funds: Transfer funds between accounts even if they are in different branches% cities Customer can also transfer funds to any person having an account with the same bank anytime anywhere using third party funds transfer option. Bill Pa%.ent Ser/ice $anks $ill Pa is the easiest way to manage bills. /Dc holder can pay their regular monthly bills i.e. telephone electricity mobile phone insurance etc. at anytime anywhere for free. :aves time and effort. )ake bill payments at customer%s convenience form their home or office. Eets aDc holders check their hill amount before it is debited form their account. ;o debits to account without their knowledge. ;o more missed deadlines no more loss of interest L aDc holder can schedule their bills in advance avoid missing the bill deadlines as well as earn e5tra interest on their money. Track payment history L all payments to a biller are stored automatically for future reference. ;o "ueuing up at collection centers or writing che"ue any moreN Oust a few clicks and customers account will be debited for the e5act amount they ask. 9e7uests And Inti.ations Can electronically submit a re"uest for:

    Che"ue-book :top payment instructions Ipening a fi5ed deposit Ipening a recurring deposit !ntimate for the loss of /T) card >egister online for phone and mobile banking Che"ue status Inline application for debit card !ssue a ++ or a $anker%s che"ue form account at special rates. Oust select the account to be debited form and give details of the amount location and beneficiary. The demand draft will be couriered to aDc holder at their mailing address. Customers can get their applications for issuance of Eetters of Credit and $ank -uarantees processed online $ook your >ailways Ticket Inline !e.at Account and Share Trading !e.at Account +emat is commonly used abbreviation of M+ematerialisation% which is a process where by securities like share debentures are converted from the Mmaterial% (paper documents) unto electronic data and stored in the computer of an electronic +epository. / depository is a security Mbanks % where dematerialiAed physical securities are held in custody and form where they can be traded. This facilitates faster risk-free and low cost settlement. Share Trading !n share trading a customer can buy and sell securities online without stepping into a broker%s office. Ince the share are dematerialiAed then the trading can be done from

    home or office. /s demat aDc are directly linked to the customer%s bank aDc so there is no need to write che"ue for the payments or to fill up the slips to deposit the che"ue. /mount for the purchase and sale of securities is automatically debited or credited to their bank aDc. it also brings the same convenience while investing in )utual funds also *assle free and Paperless AT-s /utomated Teller )achines or 69-hour Tellers are electronic terminals that let you bank almost anytime. To withdraw cash make deposits or transfer funds between accounts you generally insert an /T) card and enter your P!;. :ome financial institution and /T) owners charge a fee particularly to consumers who don%t have accounts with them or on transactions at remote locations. -enerally /T)s must tell you they charge a fee and its amount on or at the terminal screen before you complete the transaction. Check the rules of our institution and /T)s you use to find out when or whether a fee is charged. !t won%t be &ust if ! start e5plaining what an /T) is. /T)s and cash dispensers are by far the largest investment ever made in electronic self-service by financial institutions. Iver .:F 97 billion has been invested in simply buying these machines and many times that in running them. There are now over 0.0 million machines operating in over 097 countries worldwide. The banks are losing the cashiers checks check cashing and even cash dispensing to the c-stores and grocery stores. They are asleep at the switch and watching more transactions walk away to convenience stores and supermarkets that provide 69 hour access and integrated transactions. /T)s do provide a larger set of functions such as check cashing ticket sales or money orders. 'e already know that cash dispensing as a dedicated function is a sustainable applications the "uestion is whether that application can be incorporated successfully into a more comple5 consumer product that offers multiple applications.

    !t is worth noting that due to market saturation overall /T) usage is increasing while transaction volume on a per-/T) basis is now in decline. #ash withdrawal: 'ithdraw upto >s.0< 777D- per day from your account. ,ast cash options provides the facility of withdrawing prefi5ed amounts. .ltra ,ast Cash opetion allows you to withdraw >s.=777D- in one shot. Balance En7uir%: 8now your ledger balance and available balance -ini State.ent: -et a printout of your last G transactions and your current balance. !eposit #ash 6 #he7ues : available at all full function /T)s. Customers can deposit both cash and che"ues. D Cash deposited in /T)s will be credited to the account on the same day (provided cash is deposited before the clearing) and che"ues are sent for clearing on the ne5t working day. "unds Transfer: Transfer funds from one account to another linked account in the same branch. PI; #hanges: Change the Personal !dentification ;umber (P!;) of /T) or +ebit card. Pa%.ents: The latest feature of our /T)s this functionality can be used for payment of bills making donations to temples D trusts buying internet packs airtime recharges for prepaid mobile phones and much moreP 8thers: >e"uest for a checkbook from our /T)s and our concerned branch will dispatch it such that it reaches you within 07 working days. AT- Ad/antages *4-hour access to cash

    Qou can withdraw up to >s. 07 777D- per day on your /T) Card. The fast cash option saves your time by providing the cash in denominations of >s. <77D Balance in7uir% Qour updated balance will appear on the screen and will also be printed on the transaction slip. -ini-state.ent re7uest -et details of the last 1 transactions on your account with the mini-statement along with your balance. #he7ue book re7uest :end us a re"uest for a che"ue book or account statement it will arrive at your doorstep. "unds transfer Transfer money from one of your accounts to another. !t%s easy select the acoount from which you want to transfer then indicate the amount and the accont to which your want it transferred. $oth accounts must be linked to your /T) card and customer !+. / ma5imum of < saving and < Current accounts can be linked. PI; change Qour can conveniently charge your (P!;) given at the time of opening your account) whenever you wish. :tay totally in control and ensure complete security for your /T) Card. Bill Pa% Pay your cellular telephone and electricity bills using your /T) Card. An%ti.e cash deposits

    Qour cash or che"ues can be deposited into your account and the /T) will immediately print a receipt for the same. #redit card .arket in India The card industry which is growing at the rate of 67R per annum is flooded with cards ranging from gold silver global smart to secureSSS the list is endless. ,rom &ust two players in early G7s the industry now houses over 07 ma&or players vying for a ma&or chunk of the card pie. Currently four ma&or bishops are ruling the card empire L Citibank :tandard Chartered $ank. *:$C and :tate $ank of !ndia (:$!). The industry which is catering to over =.G million card users is e5pected to double by the fiscal 677=. /ccordingly to a study conducted by :tate bank of !ndia Citibank is the dominant player having issued 0.< million cards so far. :tanch art follows way behind with 7.2? million while *ong 8ong $ank has 7.= million credit card customers. /mong the nationaliAed banks :$! tops the list with 7.6G million cards followed by $lanks of $aroda at 7.66 million. The credit card market in !ndia which started out in 01G0 is on the verge of an unprecedented boom. $etween 01G? and 6777 the market has virtually grown to over =.G million cards with almost 6<-=7R growth in new cardholders. The latest innovation in credit cards is the introduction of a magnetic slip in the card for use in withdrawing cash at the automatic teller machine (/T)) of which abut 27777 are already in e5istence in the world. !n !ndia also /T)s have made late appearance but now spreading very rapidly. /s per statistics published by >$! there are G1< /T)s in !ndia as at the end of the year 6770 but it is also regularly increasing. Ad/antages of #redit #ard

    The following are the advantages of credit cards: 0. The credit card holders need not to carry either traveler%s che"ues or cash with them and they are free from the security of cash. 6. Traveling facilities are available in hotels restaurants and airways to the card holders. =. #ach card holder gets insurance facility which is up to one lakh on ordinary insurance. 9. !t has become a status symbol. >ailway tickets are available on special windows. #5tra charges are made by the railway and the cancellation of tickets is also allowed and the amount is directly credited in the bank account of the card holder. <. The business of the card holder individuals or institution has been because the businessmen are assured for the payment as the transactions have been finaliAed on the basis of credit cards. 2. Credit cards enhance the credit of banks and the credit of new customers and consumers is enhanced. ?. +eposits in saving and current accounts increase. G. :ervice charges on credit card increase the profitability of banks. !isad/antages of #redit #ard #redit cards its own !isad/antages as discussed below: 0. Credit card is a contact in advance and if the card holder does not make payment the recovery by bank becomes difficult< 6. Card holders spend in e5cess of their incomes and it poses the problem of recovery form them. =. $ank%s profitability is adversely affected due to increase in overdraft of card holders and difficulties in repayment by them. "uture of #redit #ards

    !n !ndia this facility has increased the business activities@ middle and upper middle classes are availing this facility. !t has become popular and status symbol in our country hence the prospects of credit cards are bright. S.art #ards / smartcard resembles a credit card e5cept that it has a microchip embedded within it which allows the smartcard to store information and sometimes to even perform simple calculations. Common smartcard chips typically holds about G 777 bytes (characters) of information which enables the smartcard to perform a variety of functions such as identification storing bank account information an holding digital cash. / number of smartcards are on the market today and these are used in a wide range of applications. )onde5 has received a lot of recognition in the financial press and several banks have already conducted trials with its smartcard. 'ells ,argo J Co. a ma&or California bank based in :an ,ranscisco will issue )onde5 smartcards to all of its online banking customers in 611G a number which could reach into the hundreds of thousands. $ecause )asterCard !nternational holds a <0R stake in )onde5 it could become the defacto international standard for bank-issued smartcards. S.art #ards = The new Inno/ation / smart card is a miniaturiAed personal computer (PC) which can be used for a daAAling array of applications and also as Mdigital% cash. !t contains a microprocessor memory and tailored software. The software security system used for these cards is almost as foolproof as those used by nuclear establishments and leading international banksN :mart cards can manage security procedures using passwords and state-of-theart encryption techni"ues. ,urther identity traits such as digitiAed photos signatures and fingerprints being placed on the card make it fraud-proof.

    E-.one% #-money may be broadly defined as 3an electronic store of monetary value on a technical device used for making payments to undertakings other than the issuer on a technical device used for making payments to undertakings other than the issuer on a technical device used for making payments to undertakings other than the issuer without necessarily involving bank accounts in the transaction but acting as a prepaid bearer instrument4 (#ropean Central $ank 011G)These products could be classified in to two broad categories viA. /) Pre-paid stored value card (sometimes called 3electronic purse4) and $) Pre-paid software based product that used computer networks such as internet (sometimes referred to as 3digital cash4 or 3network money4) The stored value card scheme typically uses a microprocessor chip embedded in a plastic card while software based scheme typically specialiAed software installed in a personal computer. The stored value card could be of three types single-purpose card closed-system or limited-purpose card could be of three types single-purpose card closed-system or limited-purpose card and general-purpose or multi-purpose card. The single-purpose card generally with a magnetic chip recording the amount of fund therein is designed to facilitate only one type of transaction e.g telephone calls public transportation laundry parking facilities etc. *ere the distinguishing point is that the issuer and the service provider (acceptor ) are identical for the cards. These cards are e5pected to substitute coins and currency notes. !t is important to note that the #uropean Central $ank (#C$) has e5empted these single-purpose pre-paid cards from the purview of their policy initiatives on e-money because of their smaller denominations as well as limited risk e5posure for customers and the financial system as a whole. The closed-system or the limited-purpose cards are generally used in a small number of well-identified points of sale within a well-identified location such as

    corporateDuniversity campus. #K$ has recommended that these cards be sub&ect to lighter regulations and be issued by credit institutions. The multipurpose card on the other hand can perform variety of functions with several vendors% viA. credit card debit card stored value card identifications card repository of these cards with respect to regulatory oversight restrictions on issuers and their implications or monetary policy. These cards may reduce demand for current accounts in the bank for likely reduction in transaction costs and prudent portfolio management. Phone Banking ;ow your bank account is now &ust a phone call away. Through Phone $anking you can: Check your account balance. Check the last < transactions in your account. #n"uire on the che"ue status. *ave a mini statement fa5ed across to you. >e"uest for a che"ue book D /ccount statement. #n"uire on your ,i5ed deposits D T+:. Ipen a fi5ed deposit >e"uest for +emand +raft D )anagers Che"ues. Transfer funds amongst your linked accounts Pay utility and *+,C $ank Credit Card bills. +o a stop che"ue payments. >eport loss of your /T) D+ebit Card. Product information. #n"uire on the interest D #5change rates. Phone banking facility is available round the clock everyday in )umbai +elhi Chennai 8olkata $anglore *yderabad /hmedabad Chandigarh and Pune.

    E-age Ad/antages Securit% 'hen you use the Phone $anking facilities your transactions are completely secure. 'hen you open an account with us you are given a uni"ue Telephone !dentification ;umber (T!;) which is completely confidential. #hoose %our language Qou can choose between #nglish and *indi for guidance through the !nteractive Koice >esponse (!K>) menu of services at the time of calling the bank. Account derails6balance en7uir% -et up-to-the-second details of your :avings or Current /ccounts and your fi5ed +eposits. -et details of the last five transactions (on the !K>) which would be read out to you at the touch of a button . 'hat%s more you can even have a mini account statement of the last 1 transactions fa5ed to you. #he7ue book 6 account state.ent re7uests >egister a re"uest for statement of accounts for the current period through the !K> and the same will be mailed to you on the ne5t working day. Stop pa%.ent re7uests :top payment of a che"ue 69 hours a day. Qou have the facility to stop a single che"ue or a series of che"ues. "i>ed !eposits Qou can easily open a ,i5ed +eposit over the phone by simply authoriAing a transfer of funds from your savings /ccount. The deposits can be opened in the names of the account holders in the funding account. Qou may also book the ,i5ed +eposit in your name alone in the funding account. Qou may also book the ,i5ed +eposit in your

    name alone and maintain a sweep-in facility. Qou can also en"uire about the details of your ,i5ed +eposit or ta5 deducted at :ource if any using the Phone $anking service. This facility is available only during Phone $anking hours. 9eporting of lost AT- 6 !ebit #ard !f you happen to lose your /T)D+ebit card call your local Phone banking number right away. This facility is available 69 hours a day ? days a week. !e.and !rafts Qou can now place a re"uest for a +emand +raft or )anager%s Che"ue worth up to >s. <7 777D- per customer !+ per day on the phone. ,or *+,C $anked Preferred clients the limit is >s. 077 777D- per day. The draft or che"ue will be sent to the address on our records by courier on the ne5t working day. "und transfers !f you hold multiple accounts with us all you have to do is call in to transfer funds between accounts provided the same are linked to the same Cost !+ number. There is no fund transfer limit. Talk to a Phone Banker Qou can talk to a phone $anker for all the financial transactions and for any other account related details over the phone.

    E-Banking Transactions

    Infor.ational website !nformational websites provide customers access to general information about the financial institution and its products or services. >isk issues e5aminers should consider when reviewing informational websites include .. Potential liability and consumer violations for inaccurate or incomplete information about products services and pricing presented on the .. Potential access to confidential financial institution or customer information if the website is not properly isolated from the financial network@ .. Potential liability for spreading viruses and other malicious code to computers communicating with the institution%s website@ and .. ;egative public perception if the institution%s on-line services are disrupted or if its website is defaced or otherwise presents inappropriate or offensive material. institution%s internal

    Translational +ebsite Transactional websites provide customers with the ability to conduct transactions through the financial institution%s website by initiating banking transactions or buying products and services. $anking transactions can range from something as basic as a retail account

    balance in"uiry to a large business-to-business funds transfer. #-banking services like those delivered through other delivery channels are typically classified based on the type of customer they support.. :ince transactional websites typically enable the electronic e5change of confidential customer information and the transfer of funds services provided through these websites e5pose a financial institution to higher risk than basic informational websites. 'holesale e-banking systems typically e5pose financial institutions to the highest risk per transaction since commercial transactions usually involve larger dollar amounts. !n addition to the risk issues associated with informational websites e5aminers reviewing transactional e-banking services should consider the following issues: .. :ecurity controls for safeguarding customer information@ .. /uthentication processes necessary to initially verify the identity of new customers and authenticate e5isting customers who access e-banking services@ .. Eiability for unauthoriAed transactions@ .. Eosses from fraud if the institution fails to verify the identity of individuals or businesses applying for new accounts or credit on-line@ .. Possible violations of laws or regulations pertaining to consumer privacy antimoney laundering anti-terrorism or the content timing or delivery of re"uired consumer disclosures@ and .. ;egative public perception customer dissatisfaction and potential liability resulting from failure to process third-party payments as directed or within specified time frames lack of availability of on-line services or unauthoriAed access to confidential customer information during transmission or storage.

    E-Banking co.ponents
    #-banking systems can vary significantly in their configuration depending on a number of factors. Irganisations should choose their e-banking system configuration outsourcing relationships based on four factors: including

    .. :trategic ob&ectives for e-banking@ .. :cope scale and comple5ity of e"uipment systems and activities@ .. Technology e5pertise@ and .. :ecurity and internal control re"uirements. Irganisations may choose to support their e-banking services internally. /lternatively $anks can outsource any aspect of their e-banking systems servers) e banking-related services for Irganisations: .. /nother financial institution .. !nternet service provider .. !nternet banking software vendor or processor .. Core banking vendor or processor .. )anaged security service provider .. $ill payment provider .. Credit bureau and .. Credit scoring company. to third parties. The reside on their following entities could provide or host (i.e. allow applications to

    #-banking systems rely on a number of common components or processes. The following list includes many of the potential components and processes seen in a typical Irganisations: .. 'ebsite design and hosting .. ,irewall configuration and management .. !ntrusion detection system or !+: (network and host-based) .. ;etwork administration .. :ecurity management .. !nternet banking server .. #-commerce applications (e.g. bill payment lending brokerage)

    .. !nternal network servers .. Core processing system .. Programming support and .. /utomated decision support systems.

    These components work together to deliver e-banking services. #ach component represents a control point to consider. Through a combination of internal and outsourced solutions management has many alternatives when determining the overall system configuration for the various components of an e-banking system. *owever for the sake of simplicity this booklet presents only two basic variations. ,irst one or more technology service providers can host the e-banking application and numerous network components as illustrated in the following diagram. !n this configuration the institution%s service provider hosts the institution%s website !nternet banking server firewall and intrusion detection system. 'hile the institution does not have to manage the daily administration of these component systems its management and board remain responsible for the content

    :econd the organisation can host all or a large portion of its e-banking systems internally. / typical configuration for in-house hosted e-banking services is illustrated below. !n this case a provider is not between the !nternet access and the organisation%s core processing system. Thus the oranisation has day-to-day responsibility for system administration.

    E-Banking Support Ser/ices


    !n addition to traditional banking products and services organiAations can provide a variety of services that have been designed or adapted to support e-commerce. )anagement should understand these services and the risks they pose to the organiAation. This section discusses some of the most common support services: web linking account aggregation electronic authentication website hosting payments for e-commerce and wireless banking activities. +eb linkings

    / large number of Irganisations maintain sites on the 'orld 'ide 'eb. :ome websites are strictly informational while others also offer customers the ability to perform financial transactions such as paying bills or transferring funds between accounts. Kirtually every website contains 3weblinks.4 / weblink is a word phrase or image on a webpage that contains coding that will transport the viewer to a different part of the website or a completely different website by &ust clicking the mouse. 'hile weblinks are a convenient and accepted tool in website design their use can present certain risks. -enerally the primary risk posed by weblinking is that viewers can become confused about whose website they are viewing and who is responsible for the information products and services available through that website. There are a variety of risk management techni"ues institutions should consider using to mitigate these risks. These risk management techni"ues are for those institutions that develop and maintain their own websites as well as institutions that use third-party service providers for this function. The agencies have issued guidance on weblinking that provides details on risks and risk management techni"ues financial institutions should consider.0 Account Aggregation /ccount aggregation is a service that gathers information from many websites presents that information to the customer in a consolidated format and in some cases may allow the customer to initiate activity on the aggregated accounts. The information gathered or aggregated can range from publicly available information to personal account information (e.g. credit card brokerage and banking data). /ggregation services can improve customer convenience by avoiding multiple log-ins and providing access to tools that help customers analyAe and manage their various account portfolios. :ome aggregators use the customer-provided user !+s and passwords to sign in as the customer. Ince the customer%s account is accessed the aggregator copies the personal account information from the website for representation on the aggregator%s site (i.e. 3screen scraping4). Ither aggregators use direct data-feed arrangements with website operators

    or other firms to obtain the customer%s information. -enerally direct data feeds are thought to provide greater legal protection to the aggregator than does screen scraping. Irganisations are involved in account aggregation both as aggregators and as aggregation targets. >isk management issues e5aminers should consider when reviewing aggregation services include .. Protection of customer passwords and user !+s L both those used to access the institution%s aggregation services and those the aggregator uses to of customer information and to prevent unauthoriAed activity .. +isclosure of potential customer liability if customers share their authentication information (i.e. !+s and passwords) with third parties and Techni"ues4 issued 0 :ee the interagency guidance titled 3'eblinking: !dentifying >isks and >isk )anagement retrieve customer information from aggregated third parties L to assure the confidentiality

    .. /ssurance of the accuracy and completeness of information retrieved from the aggregated parties% sites including re"uired disclosures. /dditional information regarding management of risks in aggregation services can be found in appendi5 +. Electronic Authentication Kerifying the identities of customers and authoriAing e-banking activities are integral parts of e-banking financial services. :ince traditional paper-based and in-person identity authentication methods reduce the speed and efficiency of electronic transactions financial institutions have adopted alternative authentication methods including .. Passwords and personal identification numbers (P!;s) .. +igital certificates using a public key infrastructure (P8!) .. )icrochip-based devices such as smart cards or other types of tokens

    .. +atabase comparisons (e.g. fraud-screening applications) and .. $iometric identifiers.

    The authentication methods listed above vary in the level of security and reliability they provide and in the cost and comple5ity of their underlying infrastructures. /s such the choice of which techni"ue(s) to use should be commensurate with the risks in the products and services for which they control access.6 /dditional information on customer authentication techni"ues can be found in this booklet under the heading 3/uthenticating #-$anking Customers.4 The #lectronic :ignatures in -lobal and ;ational Commerce (#-:ign) /ct establishes some uniform federal rules concerning the legal status of electronic signatures and records in commercial and consumer transactions so as to provide more legal certainty and promote the growth of electronic commerce.= The development of secure digital signatures continues to evolve with some financial institutions either acting as the certification authority for digital signatures or providing repository services for digital certificates. +ebsite osting

    :ome organisations host websites for both themselves as well as for other businesses. Irganisations that host a business customer%s website usually store or arrange for the storage of the electronic files that make up the website. These files are stored on one or more servers that may be located on the hosting financial institution%s premises. 'ebsite hosting services re"uire strong skills in networking security and programming. The technology and software change rapidly. !nstitutions developing websites should monitor the need to adopt new interoperability standards and protocols such as #5tensible )ark.p Eanguage (T)E) to facilitate data e5change among the !nternet users. >isk issues e5aminers should consider when reviewing website hosting services include damage to reputation loss of customers or potential liability resulting from: diverse population of

    .. +owntime (i.e. times when website is not available) or inability to meet .. !naccurate website content (e.g. products pricing) resulting from actions

    service levels specified in the contract of the institution%s staff or unauthoriAed changes by third parties (e.g. hackers) .. .nauthoriAed disclosure of confidential information stemming from .. +amage to computer systems of website visitors due to malicious code security breaches and (e.g. virus worm active content) spread through institution-hosted sites. Pa%.ent for E-co..erce )any businesses accept various forms of electronic payments for their products and services. ,inancial institutions play an important role in electronic payment systems by creating and distributing a variety of electronic payment instruments accepting a similar variety of instruments processing those payments and participating in clearing and settlement systems. *owever increasingly financial institutions are competing with third parties to provide support services for e-commerce payment systems. /mong the electronic payments mechanisms that financial institutions provide for e-commerce are automated clearing house (/C*) debits and credits through the !nternet electronic bill payment and presentment electronic checks e-mail money and electronic credit card payments. /dditional information on payments systems can be found in other sections of the !T *andbook. )ost organisations permit intrabank transfers between a customer%s accounts as part of their basic transactional e-banking services. *owever third-party transfers L with their heightened risk for fraud L often re"uire additional security safeguards in the form of additional authentication and payment confirmation.

    Bill Pa%.ent and Present.ent

    $ill payment services permit customers to electronically instruct their financial institution to transfer funds to a business%s account at some future specified date. Customers can make payments on a one-time or recurring basis with fees typically assessed as a 3per item4 or monthly charge. !n response to the customer%s electronic payment instructions the financial institution (or its bill payment provider) generates an electronic transaction L usually an automated clearinghouse (/C*) credit L or mails a paper check to the business on the customer%s behalf. To allow for the possibility of a paper-based transfer financial institutions typically advise customers to make payments effective =L? days before the bill%s due date. !nternet-based cash management is the commercial version of retail bill payment. $usiness customers use the system to initiate third-party payments or to transfer money between company accounts. Cash management services also include minimum balance maintenance recurring transfers between accounts and on-line account reconciliation. $usinesses typically re"uire stronger controls including the ability to administer security and transaction controls among several users within the business. *ere we discusses the front-end controls related to the initiation storage and transmission of bill payment transactions prior to their entry into the industry%s retail payment systems (e.g. /C* check processing etc.). The e5tent of front-end operating controls directly under the financial institution%s control varies with the system configuration. :ome e5amples of typical configurations are listed below in order of increasing comple5ity along with potential control considerations. .. Irganisations that do not provide bill payment services but may customers regarding security and privacy issues through the use disclosures or more conservatively e-banking agreements. .. Irganisations that rely on a third-party bill payment provider including !nternet banking providers that subcontract to third parties. direct

    customers to select from several unaffiliated bill payment providers. Caution of on-line

    - :et dollar and volume thresholds and review bill payment transactions for suspicious activity. - -ain independent audit assurance over the bill payment provider%s processing controls. - >estrict employees% administrative access to ensure that the internal controls limiting their capabilities to originate modify or delete bill payment transactions are at least as strong as those applicable to the transmitting the transaction. - >estrict by vendor contract and identify the use of any subcontractors associated with the bill payment application to ensure ade"uate oversight of underlying bill payment system performance and availability. - #valuate the ade"uacy of authentication methods given the higher risk associated with funds transfer capabilities rather than with basic account access. -.. Irganisations that use third-party software to host a bill payment internally. - +etermine the e5tent of any independent assessments or certification of the security of application source code. - #nsure software is ade"uately tested prior to installation on the live system. - #nsure vendor access for software maintenance is controlled and monitored. .. Irganisations that develop maintain and host their own bill payment system. Irganisations can offer bill payment as a stand-alone service or in combination with bill presentment. $ill presentment arrangements permit a business to submit a customer%s bill in electronic form to the customer%s organisation. Customers can view their bills by clicking on links on their account%s e-banking screen or menu. /fter viewing a bill the customer can initiate bill payment instructions or elect to pay the bill through a different payment channel. application underlying retail payment system ultimately

    !n addition some businesses have begun offering electronic bill presentment directly from their own websites rather than through links on the e-banking screens of a organisation. .nder such arrangements customers can log on to the business%s website to view their periodic bills. Then if so desired they can electronically authoriAe the business to 3take4 the payment from their account. The payment then occurs as an /C* debit originated by the business%s organisation as compared to the /C* credit originated by the customer%s organisation in the bill payment scenario described technology to initiate payments from customer accounts. Cash management applications would include the same control considerations described above but the Irganisation should consider additional controls because of the higher risk associated with commercial transactions. The ade"uacy of authentication methods becomes a higher priority and re"uires greater assurance due to the larger average dollar siAe of transactions. !nstitutions should also establish additional controls to ensure binding agreements L consistent with any e5isting /C* or wire transfer agreements L e5ist with commercial customers. /dditionally cash management systems should provide ade"uate security administration capabilities to enable the business owners to restrict access rights and dollar limits associated with multiple-user access to their accounts. Person-to-Person Pa%.ents #lectronic person-to-person payments also known as e-mail money permit consumers to send 3money4 to any person or business with an e-mail address. .nder this scenario a consumer electronically instructs the person-to-person payment service to transfer funds to another individual. The payment service then sends an e-mail notifying the individual that the funds are available and informs him or her of the methods available to access the funds including re"uesting a check transferring the funds to an account at an insured financial institution or retransmitting the funds to someone else. Person-to-person payments are typically funded by credit card charges or by an /C* transfer from the above. Irganisations should ensure proper approval of businesses allowed to use /C* payment

    consumer%s account at a financial institution. :ince neither the payee nor the payer in the transaction has to have an account with the payment service such services may be offered by an insured financial institution but are fre"uently offered by other businesses as well. :ome of the risk issues e5aminers should consider when reviewing bill payment presentment and e-mail money services include .. Potential liability for late payments due to service disruptions .. Eiability for bill payment instructions originating from someone other than the deposit account holder .. Eosses from person-to-person payments funded by transfers from credit cards or deposit accounts over which the payee does not have signature authority .. Eosses from employee misappropriation of funds held pending access instructions from the payer and .. Potential liability directing payment availability information to the wrong email or for releasing funds in response to e-mail from someone other than the intended payee.

    Technolog% in Banking
    The introduction of new technologies has radically transformed banking transactions. !n the past customers had to come physically into the bank branch to do banking transactions including transfers deposits and withdrawals. $anks had to employ several tellers to physically make all those transactions. /utomatic Teller )achines (/T)s) were then introduced which allowed people to do their banking on their own practically anytime and anywhere. This helped the banks cut down on the number of tellers and focus on managing money. The !nternet then brought another venue with which customers could do banking reducing the need for /T)s. Inline banking allowed customers to do financial transactions from their PCs at home via !nternet. ;ow with the emergence of 'ireless /pplication Protocol ('/P) technology banks can use the infrastructure and applications developed for the !nternet and move it to mobile phones. ;ow people no longer have to be tied to a desktop PC to do their banking. The '/P interface is much faster and convenient than the !nternet allowing customers to see account details transaction details make bill payments and even check credit card balance. The cost of the average payment transaction on the !nternet is minimum. :everal studies found that the estimated transaction cost through mobile phone is02 cents a fully computeriAed bank using its own software is 62 cents a telephone bank is <9 cents a bank branch F0.6? an /T) 6? cents and on the !nternet it costs &ust 0= cents. /s a result the use of the !nternet for commercial transactions started to gain momentum in 011<. )ore than 6 777 banks in the world now have transactional websites and the growth of online lending solutions is making them more cost efficient. >ecent developments are now encouraging banks to target small businesses as a separate lending category online. $anks are increasingly building payment infrastructure with various security mechanisms (::E :#T) because there is tremendous potential for profit as more and more payments

    will pass through the !nternet. *owever the challenge for banks is to offer a payments back-bone system that will be open enough to support multiple payment instruments (credit cards debit cards direct debit to accounts e-checks digital money etc.) and scalable enough to allow for a stable service regardless of the workload. The market for #lectronic $ill Presentment and Payment (#$PP) is growing. /ccording to a study 0G million households in the .: are e5pected to pay their bills online by 677= compared to 6 million households in 6770. /s more number of bill payers are getting online several banks are making efforts to find ways to meet the growing needs of #$PP. #stablished banks can emerge as key online integrators of customer bills and can capitaliAe on this high potential market. -rowing with the popularity of #$PP is also the paying of multiple bills at a single site known as bill aggregation. Iffering online bill payment and aggregation will increase the competitiveness and attractiveness of ebanking services and will allow banks to generate service-fee income from the billers. !n the $6$ segment the customer value proposition for online bill payment is more compelling. $6$ e-commerce is e5pected to grow from F972 bn in 6777 to F6.? tn by 6779 and more than half of all transactions will be routed through online $6$ marketplaces. There is a need for automated payment systems to reduce cost and human error and enhance cash-flow management. To meet this need a group of banks and nonfinancial institutions led by Citibank and 'ells ,argo have formed a company called ,inancial:ettlements)atri5 (,:)5). !t provides business buyers and sellers with access to secure payment processing invoicing and other services that participating financial services firms offer. / $6$ marketplace would provide minimum value to its customers if it &ust matches buyers and sellers leaving the financial aspects of transactions to be handled through traditional non-!nternet channels. *ence the marketplace must be capable of providing the payments processing treasury management services payablesDreceivables data flows and credit solutions to complete the full cycle of a commercial transaction on the !nternet. The web-based $6$ e-commerce offers tremendous opportunities for banks payment technology vendors and e-commerce companies to form strategic alliances. This new

    form of collaboration between partners with complementary core competencies may prove to be an effective business model for e-business. Technolog% in Banking 'e have been witnessing since about the early #ighties the phenomenon of widespread use of computers and communication technology in the industrial as well as emerging market economies. This has resulted in faster funds movement across nations and borders. -lobalisation of economies and financial liberalisation within the economies have opened new opportunities of growth for techno-savvy institutions while for the others these have resulted in shrinkage of revenues. The use of !T in the banking industry in our country has however been somewhat limited and has as a result restricted our presence in international operations. #ven in critical spheres such as those involving funds transfer and )!: based decision making there has been little evidence of proactive movement towards wholesale computerisation upnto the middle of the ;ineties *owver !ndian $anks have come to start this process after a decade or so. !t is only with the growing recognition of the need for having in place financial reforms has the interest in !T application in the banking sector in !ndia increased. $ut though the process started late computerising the vast net work of branches of several banks is planned and being e5ecuted methodically and the benefit is e5pected to be fully perceived by the year 6707. The >$! >eport on $anking published on 0<.00.6770 starts with the opening narrationU!n recent years the banking industry has been undergoing rapid changes reflecting a number of underlying developments. The most significant has been advances in communication and information technology which have accelerated and broadened the dissemination of financial information while lowering the costs of many financial activities. / second key impetus for change has been the increasing competition among a broad range of domestic and foreign institutions in providing banking and related financial services. Third financial activity has become larger relative to overall economic activity in most economies. This has meant that any disruption of the financial markets or

    financial infrastructure has broader economic ramifications than might have been the case previouslyU. The report gives a brief summary of the progress made in the usage of information technology and networking of different branches and different banks. The contents of the report are reproduced in this ,irst Page dealing with advent of e-banking in !ndia. +etailed information about each area or field of in the usage of !T is discussed in subse"uent pages. (please refer the column to the left for a sub&ect-wise Table of Contents on UComputerisationU). The te5t of the report dealing with Technology in $anking is reproduced as underPa%.ent and Settle.ent S%ste.s /s part of restructuring of the banking sector special emphasis has been accorded to improvements in payment and settlement systems. Prominent among the measures initiated in these areas include introduction of #lectronic ,unds Transfer (#,T) >eal Time -ross :ettlement :ystem (>T-:) Centralised ,unds )anagement :ystem (C,):) the ;+: and the :tructured ,inancial )essaging :olution (:,):). The :,): would be the backbone for all message-based communication over the !ndian ,inancial ;etwork (!;,!;#T) Electronic "unds Transfer 2E"T1 The #,T scheme enables transfer of funds within and across cities and between branches of a bank and across banks. The scheme which is operated by the >eserve $ank is available for funds transfer across thirteen ma&or cities in the country as on :eptember =7 6770. The facility is being e5tended to two more centres. The scheme was originally intended for small value transactions. *owever with effect from Ictober 0 6770 even large value transactions (as high as >s. 6 crore) have also been permitted. 9eal Ti.e Gross Settle.ent S%ste. 29TGS1

    The work on operationalisation of >T-: system continued during the year. The ma&or pro&ect components completed during the year included the finalisation of the design for >T-: system issue of the tender for the development of the software evaluation of the technical components of the bids received site visits and evaluation of the commercial proposals. The implementation of >T-: is targeted to be accomplished within 06 to 0< months of award of the contract for software development and implementation. #entralised "unds -anage.ent S%ste. 2#"-S1 The C,): would enable the funds and treasury managers of commercial banks to obtain the consolidated account-wise centre-wise position of their balances with all the 0? +eposit /ccounts +epartments (+/+) of the >eserve $ank. The system has been tested prior to installation and phase-wise implementation commenced from ;ovember 6770. The C,): would enable better funds management by constituent current account holders of the >eserve $ank Structured "inancial -essaging Solution 2S"-S1 /t the base of all inter-bank message transfers using the !;,!;#T is the :,):. :,): would serve as a safe secure communication carrier built with templates for transmission of intra and inter-bank messages in fi5ed message formats which would facilitate U:traight Through ProcessingU. :,): comprises the central server in the form of a hub located at the !nstitute for +evelopment and >esearch in $anking Technology (!+>$T) *yderabad and individual bank gateways to which the branches of the banks would be connected with a provision for banks to have multiple bank level gateways. The :,): would provide for all inter-bank transactions to be stored and switched at the central hub while intra-bank messages will be switched and stored by the bank gateway. /de"uate security in the form of smart card authentication apart from the Public 8ey !nfrastructure (P8!) would be an integral part of the :,):. /ll these would result in the security levels matching those of international standards. +orking Group on I.pro/e.ents in -onitoring #learing S%ste.s

    ,ollowing the recent developments in the banking sector a 'orking -roup on C!mprovements in )onitoring of Clearing :ystemsC was constituted by the >eserve $ank to e5amine the ma&or issues pertaining to management and operation of the Clearing *ouses and make necessary recommendations. The -roup submitted the >eport in )ay 6770. The recommendations of the -roup were discussed with a select group of bankers and regulators. $ased on these discussions a roadmap has been drawn for implementation of these recommendations which fall under the following -a?or areas of control 6 .onitoring viA. a. monitoring presentations by banks@ b. monitoring returns by banks@ c. accounting of the clearing settlements@ d. formation of an !nternal -roup at each >egional Iffice of the >eserve $ank to review the trends reported by the clearing house and plan follow up action as deemed necessary@ e. formation of a central monitoring cell to monitor the trends on a national basis and provide warning signals wherever necessary@ and f. implementation of )!: to serve as early warning signals for better surveillance over the activities of the clearing member banks. The recommendations which could be implemented immediately are being taken up with the four ma&or metropolitan clearing houses managed by the >eserve $ank. /ction on implementing these at the clearing houses managed by :tate $ank of !ndia D other banks would also be taken up concurrently. I.aging of Instru.ents / process of capturing the images of the instruments as they are being processed was introduced during the year at the four metropolitan ;ational Clearing Cells managed by

    the >eserve $ank. !maging facilitates in "uicker balancing during the che"ue-processing cycle and also in reducing clearing reconciliation differences. Electronic #learing Ser/ices #mphasis on widespread usage of #lectronic Clearing :ervice (#C:) is being prescribed by the >eserve $ank to encourage non-paper based funds movement. The prime thrust areas forming part of this vital activity include the e5tension of #C: to more centres inclusion of more customers under the ambit of the scheme and provision of a centralised facility for affording payments. Indian "inancial ;etwork 2I;"I;ET1 The !;,!;#T has been operational for almost two years. :tarted as a closed user group communication network for the banking sector in !ndia the members of this network are the public sector banks. +uring the year 6777-70 the membership was opened up for other banks and financial institutions that need to communicate with one another. #o.puterisation in Public Sector Banks The progress in implementation of the directive of the Central Kigilance Commission (CKC) on the need to computerise ?7 per cent of the banking business by public sector banks before Oanuary 0 6770 revealed that as on +ecember =0 6777 0= banks had achieved the desired level. ,igures as at end of )arch 6770 indicated that 6= banks have achieved the target while two banks have computerisation levels ranging between 27 per cent and ?7 per cent and two others were at a level below 27 per cent. #he7ue #learing )agnetic !nk Character >ecognition ()!C>) based che"ue-clearing accounts for about 2< per cent of the value of che"ues processed in the country. !n addition )agnetic )edia $ased Clearing :ystems account for about 07 per cent of the remaining value while claim-based processes cover the rest of clearing. !t may be pertinent to note that growth in che"ue volumes has decelerated to 07 per cent in 6777-70 from 06 per cent during the

    previous year. This is reflective of general trends the world over indicating the migration towards electronic funds transfer mechanisms. Pro?ect on Internet Banking 'ith the popularity of PCs easy access to !nternet and 'orld 'ide 'eb (''') !nternet is increasingly used by banks as a channel for receiving instructions and delivering their products and services to their customers. This form of banking is generally referred to as !nternet $anking although the range of products and services offered by different banks vary widely both in their content and sophistication. !ifferent $e/els at +hich Internet could be @sed in Banking Ser/ices $roadly the levels of banking services offered through !;T#>;#T can be categoriAed in to three types: i. The $asic Eevel :ervice is the banks% websites which disseminate information on different products and services offered to customers and members of public in general. !t may receive and reply to customers% "ueries through e-mail ii. !n the ne5t level are :imple Transactional 'ebsites which allow customers to submit their instructions applications for different services "ueries on their account balances etc but do not permit any fund-based transactions on their accounts iii. The third level of !nternet banking services are offered by ,ully Transactional 'ebsites which allow the customers to operate on their accounts for transfer of funds payment of different bills subscribing to other products of the bank and to transact purchase and sale of securities etc. The above forms of !nternet banking services are offered by traditional banks as an additional method of serving the customer or by new banks who deliver banking services primarily through !nternet or other electronic delivery channels as the value added services. :ome of these banks are known as Mvirtual% banks or M!nternet-only% banks and may not

    have any physical presence in a country despite offering different banking services ,rom the perspective of banking products and services being offered through !nternet !nternet banking is nothing more than traditional banking services delivered through an electronic communication backbone viA !nternet. $ut in the process it has thrown open issues which have ramifications beyond what a new delivery channel would normally envisage and hence has compelled regulators world over to take note of this emerging channel. :ome of the distinctive features of i-banking are:

    !t removes the traditional geographical barriers as it could reach out to customers of different countries D legal &urisdiction. This has raised the "uestion of &urisdiction of law D supervisory system to which such transactions should be sub&ected

    !t has added a new dimension to different kinds of risks traditionally associated with banking heightening some of them and throwing new risk control challenges

    :ecurity of banking transactions validity of electronic contract customers% privacy etc. which have all along been concerns of both bankers and supervisors have assumed different dimensions given that !nternet is a public domain not sub&ect to control by any single authority or group of users

    !t poses a strategic risk of loss of business to those banks who do not respond in time to this new technology being the efficient and cost effective delivery mechanism of banking services

    / new form of competition has emerged both from the e5isting players and new players of the market who are not strictly banks.

    The >egulatory and :upervisory concerns in i-banking arise mainly out of the distinctive features outlined above. These concerns can be broadly addressed under three broad categories viA.

    i< ii< iii<

    $egal and regulator% issue Securit% and technolog% issues and Super/isor% and operational issues

    Eegal issues cover those relating to the &urisdiction of law validity of electronic contract including the "uestion of repudiation gaps in the legal D regulatory environment for electronic commerce. In the "uestion of &urisdiction the issue is whether to apply the law of the area where access to !nternet has been made or where the transaction has finally taken place. /llied to this is the "uestion where the income has been generated and who should ta5 such income. There are still no definite answers to these issues. :ecurity of i-banking transactions is one of the most important areas of concerns to the regulators. :ecurity issues include "uestions of adopting internationally accepted state-ofthe art minimum technology standards for access control encryption D decryption ( minimum key length etc) firewalls verification of digital signature Public 8ey !nfrastructure (P8!) etc. The regulator is e"ually concerned about the security policy for the banking industry security awareness and education The supervisory and operational issues include risk control measures advance warning system !nformation technology audit and re-engineering of operational procedures. The regulator would also be concerned with whether the nature of products and services offered are within the regulatory framework and whether the transactions do not camouflage money-laundering operations. The world over central bankers and regulators have been addressing themselves to meet the new challenges thrown open by this form of banking. :everal studies have pointed to the fact that the cost of delivery of banking service through !nternet is several times less than the traditional delivery methods. This alone is enough reason for banks to flock to !nternet and to deliver more and more of their services through !nternet and as soon as possible. ;ot adopting this new technology in time has the risk of banks getting edged out of competition. !n such a scenario the thrust of regulatory thinking has been to ensure that while the banks remain efficient and cost effective they must be aware of the risks

    involved and have proper built-in safeguards machinery and systems to manage the emerging risks. !t is not enough for banks to have systems in place but the systems must be constantly upgraded to changing and well-tested technologies which is a much bigger challenge. The other aspect is to provide conductive regulatory environment for orderly growth of such form of banking. Central $anks of many countries have put in place broad regulatory framework for i-banking !n !ndia too i-banking has taken roots. / number of banks have set up banking portals allowing their customers to access facilities like obtaining information "uerying on their accounts etc. :oon still higher level of online services will be made available. Ither banks will sooner than later take to !nternet banking. !n the above background >eserve $ank of !ndia constituted a 'orking -roup to e5amine different issues relating to i-banking and recommend technology security legal standards and operational standards keeping in view the international best practices. The -roup is headed by the Chief -eneral )anagerLinLCharge of the +epartment of !nformation Technology and comprised e5perts from the fields of banking regulation and supervision commercial banking law and technology. The $ank also constituted an Iperational -roup under its #5ecutive +irector comprising officers from different disciplines in the bank who would guide implementation of the recommendations. The 'orking -roup as its terms of reference was to e5amine different aspects of !nternet banking from regulatory and supervisory perspective and recommend appropriate standards for adoption in !ndia particularly with reference to the following: 0. >isks to the organiAation and banking system associated with !nternet banking and methods of adopting !nternational best practices for managing such risks. 6. !dentifying gaps in supervisory and legal framework with reference to the e5isting banking and financial regulations !T regulations ta5 laws depositor protection consumer protection criminal laws money laundering and other cross border issues and suggesting improvements in them.

    =. !dentifying international best practices on operational and internal control issues and suggesting suitable ways for adopting the same in !ndia. 9. >ecommending minimum technology and security standards in conformity with international standards and addressing issues like system vulnerability digital signature information system audit etc. <. Clearing and settlement arrangement for electronic banking and electronic money transfer@ linkages between i-banking and e-commerce 2. /ny other matter which the 'orking -roup may think as of relevance to !nternet banking in !ndia The first meeting of the 'orking -roup was held on Ouly 01 6777. The -roup held that i-banking did not mean any basic change in the nature of banking and the associated risks and returns. /ll the same being a public domain and a highly cost effective delivery channel it does impact both the dimension and magnitude of traditional banking risks. !n fact it adds new kinds of risk to banking. :ome of the concerns of the >egulatory /uthority in i-banking relate to technology standards including the level of security and uncertainties of legal &urisdiction etc. !ts cost effective character provides opportunities for efficient delivery of banking services and higher profitability and a threat to those who fail to harness it. The -roup decided to focus on above three ma&or areas where supervisory attention was needed. /ccordingly three sub-groups were formed for looking into three specific areas i. ii. iii. technology and security aspects legal aspects and regulatory and supervisory issues.

    The 'orking -roup had a number of deliberations. The views of the -roup were crystalliAed in its report which cover the following by way of its contents:

    i. ii.

    The basic structure of !nternet and its characteristics !nternational e5perience in i-banking particularly with reference to .:/ .nited 8ingdom and other :candinavian countries who are pioneers in this form of banking.

    iii. iv.

    The !ndian :cenario with reference to !-$anking. different types of risks associated with banking in general and i-banking in particular. #mphasis is given on normal risks associated with banking which gets accentuated when the services are delivered through !nternet. >isks relating to money laundering and other cross border transactions are discussed .

    v.

    Technology and security standards are discussed with emphasis onpolicy issues rather than on products and technical tools.

    vi.

    The legal environment in which i-banking transactions are carried out is an important regulatory concern. The group has identified gaps in the e5isting framework and has suggesed changes re"uired.

    vii.

    Iperational aspects like internal control early detection system !T audit technical manpower etc are also discussedalong with addressing the impact of ibanking on clearing and settlement arrangements.

    viii.

    The specific recommendations of the group were given at the end of the report.

    The report is thus a comprehensive document to covering all aspectsDconsiderations thatshould govern successful delivery of banking services through !nternet. The broad sbmissins on the working group on the above listed items and its recommendations are given in the following articles.

    +ireless Banking
    8/er/iew 'ireless banking occurs when a customer accesses a organisationCs networks through cellular phones pagers and personal digital assistants (or similar devices) via telecommunication companies% wireless networks. 'hile wireless services can e5tend the reach and enhance the convenience of an institution%s banking products and services wireless communications currently have certain limitations that tend to increase the risks associated with this delivery channel. 9isk I.plications 'ireless banking services can significantly increase a organisation%s level of transactionDoperations and strategic risks. Transaction/Operations risk L 'ireless services create a heightened level of potential operations risk due to limitations in wireless technology. :ecurity solutions that work in

    wired networks must be modified for application in a wireless environment. The transfer of information from a wired to a wireless environment can create additional risks to the integrity and confidentiality of the information e5changed. Strategic risk L Irganisation considering wireless services should carefully evaluate the significant strategic risks posed by this service delivery channel. :tandards for wireless communication are still evolving creating considerable uncertainty regarding the scalability of e5isting wireless products. IrganiAations should e5ercise e5tra diligence in preparing and evaluating the cost-effectiveness of investments in wireless technology or in decisions committing the institution to a particular wireless solution vendor or thirdparty service provider. 9isk -anag.ent >isk management of wireless-based technology solutions although similar to other electronic delivery channels may involve uni"ue challenges created by the current state of wireless services and wireless devices. :ome of these special considerations are discussed below. -essege Enctr%ption #ncryption of wireless banking activities is essential because wireless communications can be recorded and replayed to obtain information. #ncryption of wireless communications can occur in the banking application as part of the data transmission process or both. Transactions encrypted in the banking application (e.g. bank-developed for a P+/) remain encrypted until decrypted at the institution. This level of encryption is unaffected by the data transmission encryption process. *owever banking application-level encryption typically re"uires customers to load the banking application and its encryptionDdecryption protocols on their wireless device. :ince not all wireless devices provide application-loading capabilities re"uiring application level encryption may limit the number of customers who can use wireless services.

    'ireless encryption that occurs as part of the data transmission process is based upon the deviceCs operating system. / key risk-management control point in wireless banking occurs at the wireless gateway-server where a transaction is converted from a wireless standard to a secure socket layer (::E) encryption standard and vice versa. 'ireless network security reviews should focus on how institutions establish maintain and test the security of systems throughout the transmission process from the wireless device to the institutions% systems and back again. ,or e5ample a known wireless security vulnerability e5ists when the 'ireless /pplication Protocol ('/P) transmission encryption process is used. '/P transmissions deliver content to the wireless gatewayserver where the data is decrypted from '/P encryption and re-encrypted for !nternet delivery. This is often called the 3gap-in-'/P4 (e.g. wireless transport layer security (TE:) to !nternet-based TE:). This brief instant of decryption increases risk and becomes an important control point as the transaction may be viewable in plain te5t (unless encryption also occurred in the application layer). The '/P ,orum a group that oversees '/P protocols and standards is discussing ways to reduce or eliminate the gap. +AP securit% risk< Irganisations must ensure effective controls are in place to reduce security vulnerabilities and protect data being transmitted and stored. .nder the -E$/ guidelines organisations considering implementing wireless services are re"uired to ensure that their information security program ade"uately safeguards customer information. Password Securit% 'ireless banking increases the potential for unauthoriAed use due to the limited availability of authentication controls on wireless devices and higher likelihood that the device may be lost or stolen. /uthentication solutions for wireless devices are currently limited to username and password combinations that may be entered and stored in clear te5t view (i.e. not viewed as asterisks 3HHHH4). This creates the risk that authentication

    credentials can be easily observed or recalled from a device%s stored memory for unauthoriAed use. Cellular phones also have more challenging methods to enter alphanumeric passwords. Customers need to depress telephone keys multiple times to have the right character displayed. This process is complicated if a phone does asterisk password entries as the user may not be certain that the correct password is entered. This challenge may result in users selecting passwords and personal identification numbers that are simple to enter and easy to guess. Standards and Interoperabilit% The wireless device manufacturers and content and application providers are working on common standards so that device and operating systems function seamlessly. :tandards can play an integral role in providing a uniform entry point to legacy transaction systems. / standard interface would allow institutions to add and configure interfaces such as wireless delivery without having to modify or re-write core systems. !nteroperability is a critical component of mobile wireless because there are multiple device formats and communication standards that can vary the users% e5perience. +ireless Vendors Irganisations typically rely on third-party providers to develop and deliver wireless banking applications. >eliance on third parties is often necessary to gain wireless e5pertise and to keep up with technology advancements and evolving standards. Thirdparty providers of wireless banking applications include e5isting !nternet banking application providers and as well as new service providers specialiAing in wireless communications. These companies facilitate the transmission of data from the wireless device to the !nternet banking application. Iutsourced services may also include managing product and service delivery to multiple types of devices using multiple

    communication standards. !nstitutions that rely on service providers to provide wireless delivery systems should ensure that they employ effective risk management practices. Product and Ser/ice A/ailabilit% 'ireless communication 3dead Aones4 L geographic locations where users cannot access wireless systems L e5pose institutions and service providers to reliability and availability problems in some parts of the world. ,or some areas the communications dead Aones may make wireless banking an unreliable delivery system. Conse"uently some customers may view the institution as responsible for unreliable wireless banking services provided by third parties. / financial institutionCs role in delivering wireless banking includes developing ways to receive and process wireless device re"uests. !nstitutions may find it beneficial to inform wireless banking customers that they may encounter telecommunication difficulties that will not allow them to use the wireless banking products and services. !isclosers and -essege $i.itations The screen siAe of wireless devices and slow communication speeds may limit a financial institutionCs ability to deliver meaningful disclosures to customers. *owever use of a wireless delivery system does not absolve a financial institution from disclosure re"uirements. )oreover limitations on the ability of wireless devices to store documents may affect the institution%s consumer compliance disclosure obligations.0G /dditionally any institution that opts to rely upon voice recognition technology as a means to overcome the difficulty of entering data through small wireless devices should be aware of the uncertain status of voice recognition under the #-:!-; /ct.01 'ireless banking may e5pose institutions to liability under the #lectronic ,und Transfer /ct (>egulation #) for unauthoriAed activities if devices are lost or stolen. The risk e5posure is a function of the products services and capabilities the institution provides through wireless devices to its customers. ,or e5ample the loss of a wireless device with a stored access code for conducting electronic fund transfers would be similar to losing an /T) or debit card

    with a personal identification number written on it. *owever the risk to the institution may be greater depending on the types of wireless banking services offered (e.g. bill pay person-to-person payments) and on the authentication process used to access wireless banking services.

    --Banking / mobile phone e"uipped with a :mart :!) card can also act as a bank. S.art SI- card is an upgrade of the regular SI- card the basic form of identification belonging to each mobile telecommunications user. The new card adds a new optionA na.ed -8BITE$ to the e5isting menu which is enabling even friendlier accesstonumerous)obitel-:)services. The --Banking .enu includes all the basic banking ser/ices : insight into the balance on the userCs bank account L either personal or one for which the user is authoriAed@ insight into transactions made to and from the bank account@ insight into transactions performed via mobile phone@ payments of bills and money orders@ intra-bank transactions@ limit alarms at violations of the accountCs limits@ re"uesting an increased bank account limit@ depositing resources for a longer period...

    Introduction: The ne5t step in automation that !T has provided is user accessibility to his most common tasks from his mobile phone. Theoretically today everything that a desktop pc can perform can be accomplished with a combination of mobile phones and handheld devices. $ut issues like device incompatibility affordability security etc mar this theory. /nother issue that comes up is that making an e5isting application to be mobile enabled is a money and resource intensive operation. / company that has already spent a lot of money and resources getting its operations automatedDnet enabledDcomputeriAed is hesitant to invest again. Ad/antages To provide a solution that allows the users of the client to receive from an efficient way useful information through a movable-cellular device. :calability of new services that the client wants to offer his users. $y means of this proposal the client not only ac"uires a mail solution but also a prepared infrastructure to harness a marketing Uone to oneU with hisusers. To implement better and more fluid communication between the client and his users which will be able to accede to information of fast form simple and safe.

    To provide a new scheme of access to the information through end technology that will serve to give one more a more modern image of the Client and to offer a better service to

    itsusers. :): :ystem will allow to send information to the most varied client contributing an added value. *ere are some cases of shipment and more typical reception of information:

    Business i.ple.entation: implemented in retail and corporate banking as well as insurance 9etail banking ser/ices: savings account balance en"uiry savings acct - last < t5ns. che"ue book re"uest utility payment inter acct transfer #orporate banking ser/ices: current account balance en"uiry current acct - last < t5ns. che"ue book re"uest inter acct transfer #redit cards - due payment en"uiry due date minimum payment due an last date for the payment Banking - notification - bank notification to customers for payment of credit cards bank notification to customers for new products $oans6-ortgages >eception of automatic messages (n) previous days details of the loan or mortgages. Credit card >eception of automatic messages (n) previous days to the victory of the "uota. +etails about balance available in the credit card. *istory +etails of last the < transactions.

    The E-Banking Strategies


    Though e-banking offers vast opportunities yet even less than one in three banks have an e-banking strategy in place. /ccording to a study less than 0< percent of banks with transactional websites will realiAe profits directly attributable to those sites. *ence banks must recogniAe the seriousness of the challenge ahead and develop a strategy that will enable them to leverage the opportunities presented by the !nternet. ;o single e-banking strategy is right for every banking company. $ut whether they adopt an offensive or a defensive posture they must constantly re-evaluate their strategy. !n the fast-paced e-economy banks have to keep up with the constantly evolving business models and technology innovations of the !nternet space. #arly e-business adopter like 'ells ,argo not only entered the e-banking industry first but also showed fle5ibility to change as the market developed. ;ot many banks have been as e-business-savvy. $ut the pressure is now building for all banks to develop sound e-business strategies that will attract and retain increasingly discriminating customers.

    The ma&or problem with the banks which have already invested huge amounts in their online initiatives is that their online offerings remain unprofitable. Though banks have enrolled some e5isting customers in their online programs they are not getting customers in large numbers. This has made banks wonder whether there is any value in the online channel. Oust enrolling customers for online banking may not be sufficient until and unless they use the site actively. $anks must make efforts to increase their site usage by customers and effectively co-ordinate the online channel with branches and call centers. Then only they will be able to derive ma5imum value that includes cost reduction crossselling opportunities and higher customer retention. Customers have some rational reasons for staying offline. :ome of these reasons include usability features of the site concerns about security and fre"uent complaints that signing up is complicated and time-consuming. $anks can solve these problems by refocusing investment on improving the siteCs basic functionality and user-friendliness and avoiding advanced features that most customers neither understand nor value. +eveloping advanced features that appeal to a relatively small numbers of customers creates far less value than strengthening core capabilities and getting customers to use them. $anks must make efforts to familiariAe customers with their sites and show them how easy and efficient the online channel is to use. !ntegrating the online channel with the rest of the bank is another important issue that banks must focus upon. This is important because nearly all the value of the online channel is realiAed offline V in cross sales completed in other channels and in cost reductions. /n actively used online channel should also serve as a medium to sell banking services for the branch staff the call center and the relationship manager. !ntegrated channels working together are far more effective than a group of channels working without any coordination. To facilitate this integration banks must formulate paths that people in various customer segments are likely to take among the channels. The interactions in each channel can then be worked around these paths. ,or e5ample a call center representative must work out which channel(s) the customer used before coming to her and which channel(s) the

    customer is likely to visit ne5t. #ach channel must have entry and e5it points that must welcome customers and then send to other channels. *ence the overall goal of banks is to create a seamless multichannel e5perience. In the other hand those banks that are planning to build their online businesses will have to understand several strategic issues like do they have the right business model for ebanking( *ow should they price their e-banking products and services( $ankers planning to move into e-banking have to e5plore different options make investments and have to develop a variety of partnerships. They have to put their time and efforts to identify the best opportunities. !n the case of traditional banks if they are too aggressive in using price incentives to build their e-business they risk the profitability of their traditional business. *owever if they do not offer sufficient price incentives for customers to bank online their efforts to build a sound e-banking business may not fructify. $anks have to be creative in rethinking organiAational structures and management processes. Traditional banks that are conservative in nature may find it difficult to attract and retain online talent. )oreover getting people in the traditional business to help build an e-enterprise would not be an easy task. To make all this happen re"uires a ma&or revision of incentive systems planning and budgeting processes and management roles. $anks can e5ploit the opportunities provided by the !nternet if they demonstrate courage use their imagination and take decisive action. 'hile most of the banks have started focusing on e-banking activities a new challenge in the form of mobile banking has emerged. )-$anking is both an additional opportunity for banks to offer their online services and an additional channel from which to access new customers and cross-sell to e5isting customers. >apidly changing lifestyles of customers and their demand for more speed and convenience has subdued the role of branch banking to a certain e5tent. 'ith the proliferation of new technologies disintermediation of traditional channels is being witnessed. $anks can go beyond their traditional role as a channel for bankingDfinancial services and can become providers of personaliAed information. They can successfully leverage m-banking to:

    Provide personaliAed products and services to specific customers and thus increase customer loyalty. #5ploit additional sources of revenue from subscriptions transactions and thirdparty referrals.

    )-$anking gives banks the opportunity to significantly e5pand their customer relationships provided they position themselves effectively. To leverage these opportunities they must form structured alliances with service affiliates and ac"uire competitive advantage in collecting processing and deploying customer information. 8nline Banking !t has always relied on Technology to increase the convenience for customers. !nternet $anking offers customers unparalleled fle5ibility time saving and a lower cost of operations. $IP has named this channel as B8nline eBankingB. 'hen customer registers himself for the Inline e$anking facility he is provided with a username and the password to logon to the same. /fter logging in to the ebanking customer can avail the following services :

    Ser/ices ,unds Transfer

    !escription The funds transfer facility allows you to transfer funds from one account to another within the same customer !+ (i.e within the same branch). :ubmit your re"uest online for a ,i5ed +eposit or a >ecurring +eposit

    ;ew >e"uest

    ,+D>+ which will be stored with the bank. Qour branch will process the re"uest within 69 hours and you can know the status of your re"uest by contacting your branch. /vailable to all customers who are registered for Inline$anking. Through

    $ill payment +emand

    epay customers can receive review and pay their bills online. epay is based on #$PP which is #lectronic $ill Presentment and Payment. :ubmit your re"uest online for a +emand +raft which will be stored with

    +raftDPay Irder Pay >e"uest ,le5i +etails T+: !n"uiry ,+ Irder

    the bank. Qour branch will process the re"uest within 69 hours and you can know the status of your re"uest by contacting your branch. :ubmit your re"uest online for a Pay Irder which will be stored with the bank. Qour branch will process the re"uest within 69 hours and you can know the status of your re"uest by contacting your branch. Kiew the details of your fle5i ,+ online. Kiew your Ta5 +educted at :ource details for your deposits /Dcs. :ubmit your re"uest online for linking your ,+ with a ,le5i ,+ which will

    Eink to ,le5i be stored with the bank. Qour branch will process the re"uest within 69 ,+ Pending >e"uest Che"ue >e"uest /ccount :ummary /ccount +etails :tanding !nstructions hours and you can know the status of your re"uest by contacting your branch. Kiew the re"uests which you have made and are still pending to be processed you can also cancel a re"uest made earlier. :ubmit your re"uest online for a Che"ue $ook which will be stored in the $ook bankCs database. Qour branch will process the re"uest within 69 hours and you can collect your Che"ue $ook from your branch through Courier or at your registered address with the $ank. Kiew the summary of balance in your account click on /Dc +etails to view details of your highlighted account. Kiew the detailed description of your account based on three criteria month range date range and all the transactions. Ine can also take print of that. :ubmit your re"uest electronically for :tanding !nstructions

    "inancial Portals
    / transformation is taking place within the finance sector. /t the customer service level the financial industry is converging. /t the operational level banks are concentrating on their own core competency aggregating and personalising both their own services and

    the services of their e5ternal providers. /t present each individual bank%s competitive advantage is built not only on superior internal performance but also on superior e5ternal networking and partnerships. /s this transformation continues many banks and other similar organisations around the world are facing this very same problem: there is no unified view of the whole financial environment. / personalised financial portal can give a bank the opportunity to provide customised windows to its suppliers staff customers and partners uniformly thus allowing them all to see the total picture of their current financial situation simultaneously. Portals are particularly important now at a time when many organisations are reevaluating their business strategies as they can deliver information anytime anywhere and on any device accurately effectively and profitably. #5plicitly the right financial portal will be a bank%s most valuable tool in meeting these 'ithout "uestion within this constantly changing and transforming market environment technology will enable a bank to best implement its business focus. :imply stated technology will offer a bank both a cost effective and fle5ible way to carry out its proposed changes. 'ith this in mind the ability to combine a deep understanding of a customer%s business with solid e5pertise in information technology creating scores of competitive high-value-added service-and-solution products. ,inance Portal is an e5cellent e5ample of core competence solution where in-depth financial business understanding has been &oined to modern component technology.

    2"inancial Portal1

    The versatility of the ,inance Portal allows the customer to personalise the content of each feature. /nd if a customer%s interests change the ,inance Portal can promptly and seamlessly both update and harmonise each feature to match. 'hatCs more by using the ,inance Portal a bank can offer personalised online-services to both their corporate and retail customers. #ven if it comes from multiple sources the ,inance Portal solution can aggregate your customer%s financial information and transactions into a personalised

    portal. Conveniently the portal can be accessed with various terminal devices whenever the end-user wants by using a secured connection. )ulti-$ank :upport: The ,inance Portal integration layer can amalgamate several core financial applications so as to provide the user with information and services from various banking and insurance back-end applications. Content )anagement :ystem !ntegration: The ,inance Portal can have access to the bank%s content management system which allows the user to monitor the recurring sub&ect matter that these organisations normally generate. Content is retrieved from the content management system based on set personalisation and customisation parameters and the user%s profile. The content management system can contain formatted content for all supported device types and languages. :ervice and !nformation Providers: Third party eCommerce services such as electronic invoices (e!nvoice) and electronic salary statements (e:alary) can be integrated into the ,inance Portal. /dditional information about rates and news from other sources for e5ample >euters can also be included as well as targeted offers for customers. The ,inance Portal supports the development of completely new business services where the business logic may be placed in the portal layer and the core financial applications of the bank are needed only for retrieving information about customers% financial matters. Accounts W /ccounts summary W /ccount details and transactions W :ingle transaction information W +efault account settings W Personal account sets for corporate users W >eal-time balances of group and single accounts W -roup account structures W Currency e5change services

    Pa%.ents W Payments summary W !nternal transfers W +omestic payments W ,oreign payments W !ntra-group payments W ,ile transfers W +ue payments and transfers W .nconfirmed payments W Payment confirmation W >e&ected payments and transfers W Payment history W $eneficiary register management #ards W Cards summary W Card details and transactions W ;ew P!; codes W :ecurity limits Agree.ent and Authorisation -anage.ent W e:ervice agreements W /greement history W /greement users and authorisation

    Portal "unctionalit% /s the ,inance Portal is based on a technical framework it can therefore offer several key services: W )ulti-language services in order to obtain user interface te5ts in various languages. W )ulti-terminal device support enabling its users to use the ,inance Portal with a wide range of different terminal devices. W )ulti-country support providing utilities that can handle multiple currencies and display such things as dates in the way that is familiar to each user. W )ulti-bank support support meaning that the ,inance Portal can integrate with several core financial applications such as Core :ystems. W Eogging services services consisting of such things as error analysis statistics clicklogging and audit trail.

    W /uthentication services services. Karious authentication mechanisms can be easily plugged into the portal. ,or e5ample supported authentication mechanisms can be onetime passwords and P8! solutions. W /uthorisation services that contain the user%s permissions to access business and chargeable services. W :ystem configuration and management services including the configuration data service and administration services. W #asy-to-use tools for software developers. !n addition to financial and technical provisions the portal presents a number of value added services: W Karious portal services various services such as menu shortcuts and content management system based help functionality. W Two-way C>) integration and user profile handling. -The ,inance Portal user%s profile is a collection of user related data which can be used within the portal personalisation and customisation parameters. The bankXs C>) system can be integrated with the ,inance Portal user profile. W Communication services services such as secure mail and push services (alerts). W Campaign management to control the display of advertisements in the portal. W Content management system integration allowing different types of content be shown in the portal either on a general basis or based on set rules that are evaluated against the user%s profile. Third party search engine integration provides users with content management system search functionality. W 'eb application integration providing a single-signol for both internal and e5ternal web applications. Personalisation and custo.iCation $ased on the ,inance Portal%s user profile attributes and values the fundamental part of the ,inance Portal solution is its range of personalisation and customiAation capabilities. $ased on the userCs characteristics personaliAation refers to the bank personalising such essential details as the interface layout and content. )ore specifically the rules of this personalisation cover both portal functionality and data handling. These rules include:

    W /vailable services and their details W .ser interface flow W .ser interface layout W Portal menus W *elp menus W Campaigns and targeted offers W Ither content Customisation refers to the users themselves customiAing each of the above-mentioned rules based on the options given to them by the bank.

    E-Banking: De% Issues and Solutions

    9isk .anage.ent in banks


    !n spite of several benefits of the !nternet in the banking industry it may prove to be a double edged sword. ,or instance banks may gain revenue advantages on the retail side by charging for services such as #$PP and may improve cross selling of products. $ut on the other hand the effect of the !nternet on the commercial side of the bank is negative. Cash managers are worried about potential revenue decreases as the processing of paper bills declines and third parties attract customers to competing services. There are fears that the !nternet is the first step on a downward spiral in commercial banking that begins with losses in cash management and lockbo5 services and ends with banks being e5cluded from the payments loop. /s #$PP becomes more popular checks and checkprocessing fees a ma&or source of bank revenues will decline. $anks will be left to handle settlements which have low margins and will be less e"uipped to offer newer and potentially more profitable services. )oreover the !nternet poses a range of risks and threats. :ome of them are: Securit% risk that may arise due to the unauthoriAed access to a bankCs key information like accounting system risk management system and portfolio management system. / breach of security could result in direct financial loss to the bank. !n addition to e5ternal attacks banks are e5posed to security risk from internal sources e.g. employee fraud. #mployees can ac"uire the authentication data in order to access the customer accounts causing losses to the bank. 8perational risks that may arise due to inaccurate processing of transactions nonenforceability of contracts compromises in data integrity data privacy and confidentiality unauthoriAed accessDintrusion to bankCs systems and transactions etc. These risks may arise due to weaknesses in design implementation and monitoring of

    banksC information system inade"uate technology negligence by customers and employees fraudulent activity by employees and hackers. $anks face the risk of wrong choice of technology improper system design and inade"uate control processes. Technology which is outdated not scalable or not proven may lead to loss of bankCs investment and risk its business. )any banks rely on outside service providers to implement operate and maintain their e-banking systems since they do not have the re"uisite e5pertise. *owever it adds to the operational risk. $egal risk arises when violation of laws rules and regulations or prescribed practices takes place or when the legal rights and obligations of parties to a transaction are not well established. These risks may also arise due to uncertainty about the validity of some agreements formed via electronic media and law regarding customer disclosures and privacy protection. #-$anking e5tends the geographic reach of banks and customers beyond national borders which may lead to cross-border risks. This risk involves legal and regulatory risks as there may be uncertainty about legal re"uirements in some countries and &urisdiction ambiguities with respect to the responsibilities of different national authorities. :uch considerations may e5pose banks to legal risks associated with non-compliance of different national laws and regulations. Cross-border transaction also involves credit risk since it is difficult to appraise an application for a loan from a customer in another country. $anks accepting foreign currencies in payment for electronic money may be sub&ected to market risk because of movements in foreign e5change rates. The risk of unauthoriCed data alteration is real in an e-banking environment both when data is being transmitted or stored. Proper access control and technological tools to ensure data integrity is of utmost importance to banks. $anksC system must be technologically e"uipped to handle these risks. 9eputational risk is the risk of getting significant negative public opinion which may result in loss of funding or customers. The main reasons for this risk may be system or product not working to the e5pectations of the customers system deficiencies security

    breach inade"uate information to customers about product use and problem resolution procedures problems with communication networks that impair customersC access to their funds or account information. This may cause the customer to discontinue the use of productDservice. /s e-banking transactions are conducted remotely banks may find it difficult to apply traditional method for detecting and preventing undesirable criminal activities which may lead to money laundering risk. /pplication of money laundering rules may also be inappropriate for some forms of electronic payments. This may result in legal problems for non-complying to Bknowing your customerC laws. :everal bankCs !T infrastructure and applications are being e5posed to system outages and cyber-attacks. !n 6777 $arclays one of $ritainCs biggest online banks was forced to shut down its website as customers were able to access each otherCs accounts. !n ;orway a hacker led to a ma&or software problem on the website of a leading national bank. These cyber-crimes demand global solutions. Though some progress has been made in this direction a lot remains to be done. ,or e5ample $ank for !nternational :ettlements has constituted a committee involving representatives of national regulators and supervisors which closely e5amine the security and reliability of electronic money. !t has called for the development of prudent risk management for e-money activities and stronger cooperation with banks to identify good practices and standards. The !nternational /ssociation of !nsurance :upervisors (!/!:) the !nternational IrganiAation of :ecurity Commissions (!I:CI) and the #uropean Commission have started similar initiatives. $anks international organiAations governments and financial institutions have to work together to manage all the risks mentioned above. !t is critical that partnerships must continue to enhance consumer trust towards e-banking. $anks conducting business online have to consider security and reliability as their first business priority for customer retention.

    The financial sector especially the banking industry in most emerging economies including !ndia is passing through a process of change. /s the financial activity has become a ma&or economic activity in most economies any disruption or imbalance in its infrastructure will have significant impact on the entire economy. $y developing a sound financial system the banking industry can bring stability within the financial markets. +eregulation in the financial sector had widened the products range in the developed markets. :ome of the new products introduced are E$Is structured transaction credit cards housing finance derivatives and various off balance sheet items. Thus new vistas have created multiple sources for banks to generate higher profits than the traditional financial intermediation. :imultaneously they have opened new areas of risk also. )any unknown issues that are intricately related to new products have e5posed banks to various risks across the globe and !ndia is no e5ception. +uring the past decade the !ndian banking industry continued to respond to the emerging challenges of competition risks and uncertainties. >isks originate in the forms of customer default funding a gap or adverse movements of markets. )easuring and "uantifying risks is neither easy nor intuitive. Iur regulators have made some sincere attempts to bring prudential and supervisory norms conforming with international bank practices with an intention to strengthen the stability of the banking system.

    E-BA;DI;G 9ISDS Transactional68perational 9isk TransactionDIperations risk arises from fraud processing errors system disruptions or other unanticipated events resulting in the institution%s inability to deliver products or services. This risk e5ists in each product and service offered. The level of transaction risk is affected by the structure of the institution%s processing environment including the types of services offered and the comple5ity of the processes and supporting technology. !n most instances e-banking activities will increase the comple5ity of the institution%s activities and the "uantity of its transactionDoperations risk especially if the institution is offering innovative services that have not been standardiAed. :ince customers e5pect ebanking services to be available 69 hours a day ? days a week financial institutions should ensure their e-banking infrastructures contain sufficient capacity and redundancy to ensure reliable service availability. #ven institutions that do not consider e-banking a critical financial service due to the availability of alternate processing channels should carefully consider customer e5pectations and the potential impact of service disruptions on customer satisfaction and loyalty. The key to controlling transaction risk lies in adapting effective polices procedures and controls to meet the new risk e5posures introduced by e-banking. $asic internal controls including segregation of duties dual controls and reconcilements remain important. !nformation security controls in particular become more significant re"uiring additional processes tools e5pertise and testing. !nstitutions should determine the appropriate level of security controls based on their assessment of the sensitivity of the information to the customer and to the institution and on the institution%s established risk tolerance level. #redit 9isk -enerally a financial institution%s credit risk is not increased by the mere fact that a loan

    is originated through an e-banking channel. *owever management should consider additional precautions when originating and approving loans electronically including assuring management information systems effectively track the performance of portfolios originated through e-banking channels. The following aspects of on-line loan origination and approval tend to make risk management of the lending process more challenging. !f not properly managed these aspects can significantly increase credit risk. .. Kerifying the customer%s identity for on-line credit applications and e5ecuting an enforceable contract@ .. )onitoring and controlling the growth pricing underwriting standards and ongoing credit "uality of loans originated through e-banking channels@ .. )onitoring and oversight of third-parties doing business as agents or on behalf of the financial institution (for e5ample an !nternet loan origination site or electronic payments processor)@ .. Kaluing collateral and perfecting liens over a potentially wider geographic area@ .. Collecting loans from individuals over a potentially wider geographic area@ and .. )onitoring any increased volume of and possible concentration in out- ofarea lending.

    $i7uidit%A Interest rateA Price6-arket share 9isk ,unding and investment-related risks could increase with an institution%s e-banking

    initiatives depending on the volatility and pricing of the ac"uired deposits. The !nternet provides institutions with the ability to market their products and services globally. !nternet-based advertising programs can effectively match yield-focused investors with potentially high-yielding deposits. $ut !nternet-originated deposits have the potential to attract customers who focus e5clusively on rates and may provide a funding source with risk characteristics similar to brokered deposits. /n institution can control this potential volatility and e5panded geographic reach through its deposit contract and account opening practices which might involve face-to-face meetings or the e5change of paper correspondence. The institution should modify its policies as necessary to address the following e-banking funding issues: .. Potential increase in dependence on brokered funds or other highly ratesensitive deposits@ .. Potential ac"uisition of funds from markets where the institution is not licensed to engage in banking particularly if the institution does not establish disclose and enforce geographic restrictions@ .. Potential impact of loan or deposit growth from an e5panded !nternet market including the impact of such growth on capital ratios@ and .. Potential increase in volatility of funds should e-banking security problems negatively impact customer confidence or the market%s perception of the institution. #o.plience6$egal 9isk Compliance and legal issues arise out of the rapid growth in usage of e-banking and the differences between electronic and paper-based processes. #-banking is a new delivery channel where the laws and rules governing the electronic delivery of certain financial institution products or services may be ambiguous or still evolving. :pecific regulatory and legal challenges include

    .. .ncertainty over legal &urisdictions and which state%s or country%s laws govern a specific e-banking transaction .. +elivery of credit and deposit-related disclosuresDnotices as re"uired by law or regulation .. >etention of re"uired compliance documentation for on-line advertising applications statements disclosures and notices@ and .. #stablishment of legally binding electronic agreements. Eaws and regulations governing consumer transactions re"uire specific types of disclosures notices or record keeping re"uirements. These re"uirements also apply to ebanking and federal banking agencies continue to update consumer laws and regulations to reflect the impact of e-banking and on-line customer relationships. :ome of the legal re"uirements and regulatory guidance that fre"uently apply to e-banking products and services include .. :olicitation collection and reporting of government monitoring information on applications and loans as re"uired by #"ual Credit Ipportunity /ct (>egulation $) and *ome )ortgage +isclosure /ct (>egulation C) regulations@ .. /dvertising re"uirements customer disclosures or notices re"uired by the >eal #state :ettlement Procedures /ct (>#:P/) Truth in Eending (>egulation Y) and Truth !n :avings (>egulation ++) and ,air *ousing regulations@ .. Proper and conspicuous display of ,+!C or ;C./ insurance notices@

    .. Conspicuous webpage disclosures indicating that certain types of investment brokerage and insurance products offered have certain associated risks including not being insured by federal deposit insurance (,+!C or ;C./)@ .. Customer identification programs and procedures as well as record retention and customer notification re"uirements re"uired by the $ank :ecrecy /ct@ .. Customer identification processes to determine whether transactions are prohibited by the Iffice of ,oreign /sset Control (I,/C) and when necessary whether customers appear on any list of known or suspected terrorists or terrorist organiAation provided by any government agency@ .. +elivery of privacy and opt-out notices by hand by mail or with customer acknowledgement of electronic receipt@ .. Kerification of customer identification suspicious activity report (:/>)@ and .. >ecord retention re"uirements of the #"ual Credit Ipportunity /ct (>egulation $) and ,air Credit >eporting /ct regulations. !nstitutions that offer e-banking services both informational and transactional assume a higher level of compliance risk because of the changing nature of the technology the speed at which errors can be replicated and the fre"uency of regulatory changes to address e-banking issues. The potential for violations is further heightened by the need to ensure consistency between paper and electronic advertisements disclosures and notices. /dditional information on compliance re"uirements for e-banking can be found on the agencies%. Stratagic 9isk reporting and record keeping

    re"uirements of the $ank :ecrecy /ct ($:/) including re"uirements for filing a

    / financial institution%s board and management should understand the risks associated with e-banking services and evaluate the resulting risk management costs against the potential return on investment prior to offering e-banking services. Poor e-banking planning and investment decisions can increase a financial institution%s strategic risk. #arly adopters of new e-banking services can establish themselves as innovators who anticipate the needs of their customers but may do so by incurring higher costs and increased comple5ity in their operations. Conversely late adopters may be able to avoid the higher e5pense and added comple5ity but do so at the risk of not meeting customer demand for additional products and services. !n managing the strategic risk associated with e-banking services financial institutions should develop clearly defined e-banking ob&ectives by which the institution can evaluate the success of its e-banking strategy. !n particular financial institutions should pay attention to the following: .. /de"uacy of management information systems ()!:) to track e-banking usage and profitability@ .. Costs involved in monitoring e-banking activities or costs involved in overseeing e-banking vendors and technology service providers@ .. +esign delivery and pricing of services ade"uate to generate sufficient customer demand@ .. >etention of electronic loan agreements and other electronic contracts in a format that will be admissible and enforceable in litigation@ .. Costs and availability of staff to provide technical support for interchanges involving multiple operating systems devices@ .. Competition from other e-banking providers@ and web browsers and communication

    .. /de"uacy of technical operational compliance or marketing support for ebanking products and services. 9eputation 9isk /n institution%s decision to offer e-banking services especially the more comple5 transactional services significantly increases its level of reputation risk. :ome of the ways in which e-banking can influence an institution%s reputation include .. Eoss of trust due to unauthoriAed activity on customer accounts .. +isclosure or theft of confidential customer information to unauthoriAed parties (e.g. hackers) .. ,ailure to deliver on marketing claims .. ,ailure to provide reliable service due to the fre"uency or duration of service disruptions .. Customer complaints about the difficulty in using e-banking services and the inability of the institution%s help desk to resolve problems and .. Confusion between services provided by the financial institution and services provided by other businesses linked from the website.

    9ISD -A;AGE-E;T 8" E-BA;DI;G Acti/ities /s noted in the prior section e-banking has uni"ue characteristics that may increase an institution%s overall risk profile and the level of risks associated with traditional financial services particularly strategic operational legal and reputation risks. These uni"ue ebanking characteristics include .. :peed of technological change .. Changing customer e5pectations .. !ncreased visibility of publicly accessible networks (e.g. the !nternet) .. Eess face-to-face interaction with financial institution customers .. ;eed to integrate e-banking with the institution%s legacy computer systems .. +ependence on third parties for necessary technical e5pertise and .. Proliferation of threats and vulnerabilities in publicly accessible networks. )anagement should review each of the processes discussed in this section to adapt and e5pand the institution%s risk management practices as necessary to address the risks posed by e-banking activities. 'hile these processes mirror those discussed in other booklets of the !T *andbook they are discussed below from an e-banking perspective. ,or more detailed information on each of these processes. Board and -anage.ent 8/ersite The board of directors and senior management are responsible for institution%s e-banking business strategy which should include .. The rationale and strategy for offering e-banking services informational transactional or e-commerce support@ .. / cost-benefit analysis risk assessment and due diligence process for evaluating e-banking processing alternatives including third- party providers@ including developing the

    .. -oals and e5pectations that management can use to measure the e-banking strategy%s effectiveness@ and .. /ccountability for the development and maintenance of risk management policies and controls to manage e-banking risks and for the audit of e-banking activities. E-Banking Strateg% ,inancial institution management should choose the level of e-banking services provided to various customer segments based on customer needs and the institution%s risk assessment considerations. !nstitutions should reach this decision through a boardapproved e-banking strategy that considers factors such as customer demand competition e5pertise implementation e5pense maintenance costs and capital support. :ome institutions may choose not to provide e-banking services or to limit e-banking services to an informational website. ,inancial institutions should periodically reevaluate this decision to ensure it remains appropriate for the institution%s overall business strategy. !nstitutions may define success in many ways including growth in market share e5panding customer relationships e5pense reduction or new revenue generation. !f the financial institution determines that a transactional website is appropriate the ne5t decision is the range of products and services to make available electronically to its customers.? To deliver those products and services the financial institution may have more than one website or multiple pages within a website for various business line.

    #ost Benefit anal%sis and Asses.ent ,inancial institutions should base any decision to implement e-banking products and services on a thorough analysis of the costs and benefits associated with such action. :ome of the reasons institutions offer e-banking services include .. Eower operating costs .. -reater geographic diversification

    .. !mproved or sustained competitive position .. !ncreased customer demand for services and .. ;ew revenue opportunities.

    The individuals conducting the cost-benefit analysis should clearly understand the risks associated with e-banking so that cost considerations fully incorporate appropriate risk mitigation controls. 'ithout such e5pertise the cost-benefit analysis will most likely underestimate the time and resources needed to properly oversee e-banking activities particularly the level of technical e5pertise needed to provide competent oversight of inhouse or outsourced activities. !n addition to the obvious costs for personnel hardware software and communications the analysis should also consider .. Changes to the institution%s policies procedures and practices@ .. The impact on processing controls for legacy systems@ .. The appropriate networking architecture security e5pertise and software tools to maintain system availability and to protect and respond to unauthoriAed access attempts@ .. The skilled staff necessary to support and market e-banking services during e5panded hours and over a wider geographic area including possible e5panded market and cross-border activity@ .. The additional e5pertise and )!: needed to oversee e-banking vendors or technology service providers@ .. The higher level of legal compliance and audit e5pertise needed to support technology-dependent services@ .. #5panded )!: to monitor e-banking security usage and profitability and to measure the success of the institution%s e-banking strategy@ .. Cost of insurance coverage for e-banking activities@ .. Potential revenues under different pricing scenarios@ .. Potential losses due to fraud@ and .. Ipportunity costs associated with allocating capital to e-banking efforts.

    -onitoring and Accountabilit% Ince an institution implements its e-banking strategy the board and management should periodically evaluate the strategy%s effectiveness. / key aspect of such an evaluation is the comparison of actual e-banking acceptance and performance to the institution%s goals and e5pectations. :ome items that the institution might use to monitor the success and cost effectiveness of its e-banking strategy include .. >evenue generated .. 'ebsite availability percentages .. Customer service volumes .. ;umber of customers actively using e-banking services .. Percentage of accounts signed up for e-banking services and .. The number and cost per item of bill payments generated. 'ithout clearly defined and measurable goals management will be unable to determine if e-banking services are meeting the customers% needs as well as the institution%s growth and profitability e5pectations. !n evaluating the effectiveness of the institution%s e-banking strategy the board should also consider whether appropriate policies and procedures are in effect and whether risks are properly controlled. .nless the initial strategy establishes clear accountability for the development of policies and controls the board will be unable to determine where and why breakdowns in the risk control process occurred. Audit /n important component of monitoring is an appropriate independent audit function. ,inancial institutions offering e-banking products and services should e5pand their audit coverage commensurate with the increased comple5ity and risks inherent in e-banking

    activities. ,inancial institutions offering e-banking services should ensure the audit program e5pands to include .. :cope and coverage including the entire e-banking process as applicable (i.e. network configuration and security interfaces to legacy systems providers)@ .. Personnel with sufficient technical e5pertise to evaluate security threats and controls in an open network (i.e. the !nternet)@ and .. !ndependent individuals or companies conducting the audits without conflicting e-banking or network security roles. -anaging 8utsourcing 9elationships The board and senior management must provide effective oversight institutions ensure the following practices are in place: .. #ffective due diligence in the selection of new service providers that considers financial condition customer satisfaction@ .. 'ritten contracts with specific provisions protecting the privacy and security of an institution%s data the institution%s ownership of the data the right to audit security and controls and the ability to monitor the "uality of service limit the institution%s potential liability for acts of the service provider and terminate the contract@ .. /ppropriate processes to monitor vendor%s ongoing performance service and "uality security controls financial condition and contract compliance@ and .. )onitoring reports and e5pectations including incidence response notification. e5perience e5pertise technological compatibility and of third-party regulatory compliance internal controls and support activities performed by third-party

    vendors providing e-banking services and support. #ffective oversight re"uires that

    !ue diligence of 8utsourcing / key consideration in preparing an e-banking cost-benefit analysis is whether the financial institution supports e-banking services in-house or outsources support to one or more third parties (i.e. a technology service provider or T:P). Transactional e-banking is typically a front-end system that relies on a programming link called an interface to transfer information and transactions between the e-banking system and the institution%s core processing applications (e.g. loans deposits asset management). :uch interfaces can be between in-house systems outsourced systems or a combination of both. This fle5ibility allows institutions to select those products and services that best meet their ebanking needs but it can also complicate the vendor oversight process when multiple vendors are involved. Choosing to use the services of one or more T:Ps can help financial institutions manage costs obtain necessary e5pertise e5pand customer product offerings and improve service "uality. *owever this choice does not absolve financial institutions from understanding and managing the risks associated with T:P services. !n fact service providers may introduce additional risks and interdependencies that financial institutions must understand and manage. . >egardless of whether an institution%s e banking services are outsourced or processed in-house the institution should periodically review whether this arrangement continues to meet current and anticipated future needs.

    #ontracts for third part% Ser/ices /s with all outsourced financial services institutions must have a formal contract with the T:P that clearly addresses the duties and responsibilities of the parties involved. !n the past some institutions have had informal security e5pectations for software vendors or !nternet access providers that had never been committed to writing. This lack of clear responsibilities and consensus has lead to breakdowns in internal controls and allowed

    security incidents to occur.. !nstitutions should tailor these recommendations to e-banking services as necessary. :pecific e5amples of e-banking contract issues include .. >estrictions on use of nonpublic customer information collected or stored by the T:P@ .. >e"uirements for appropriate controls to protect the security of customer information held by the T:P@ .. :ervice-level standards such as website 3up-time 4 hyperlink performance customer service response times etc.@ .. !ncident response plans including notification responsibilities to respond to website outage defacement unauthoriAed access or malicious code@ .. $usiness continuity plans for e-banking services including alternate processing lines backup servers emergency operating procedures etc.@ .. Performance of and access to vulnerability assessments penetration tests and financial and operations audits@ .. Eimitations on subcontracting of services either domestically or internationally@ .. Choice of law and &urisdiction for dispute resolution and access to information by the financial institution and its regulators@ and .. ,or foreign-based vendors or service providers (i.e. country of residence is different from that of the institution) in addition to the above items options triggered by increased risks due to adverse economic or developments in the vendor%s or service provider%s home country. 8/ersight and .onitoring of third part% ,inancial institutions that outsource e-banking technical support must provide sufficient oversight of service providers% activities to identify and control the resulting risks. The key to good oversight typically lies in effective )!:. *owever for )!: to be effective the financial institution must first establish clear performance e5pectations. 'herever possible these e5pectations should be clearly documented in the service contract or an addendum to the contract. #ffective and timely )!: can alert the serviced institution to contract political

    developing service financial or security problems at the vendor Z problems that might re"uire e5ecution of contingency plans supporting a change in vendor or in the e5isting service relationship. The type and fre"uency of monitoring reports needed varies depending on the comple5ity of the services provided and the division of responsibilities between the institution and its service provider(s). :ervice providers can build )!: capabilities into the administrative modules of their application provide on-line reports or they can G >e"uired in each of the /gencies% privacy regulations. The regulations are comparable to and consistent with one another. provide periodic written reports. :ome e5amples of items that might be tracked by ebanking monitoring reports are listed below: E-banking ser/ice a/ailabilit%< :tatistics regarding the fre"uency and duration of service disruptions including the reasons for any service disruptions (maintenance e"uipmentDnetwork problems security incidents etc.)@ 3up time4 and 3down time4 percentages for website and e-banking services@ and volume and type of customers. Acti/it% le/els and ser/ice /olu.es< ;umber of accounts serviced payment activity by number number and percentage of new active or inactive accounts@ breakdown of intrabank transfers by number dollar siAe and account type@ bill average dollar and recurring versus one-time payments@ volume of associated /C* returns and re&ects fee breakdown by source and type@ and activity on informational website usage by webpage viewed. Perfor.ance efficienc%. >eports might include average response times by time of day (including complaints about slow response)@ bill payment activity by check versus /C*@ server capacity utiliAation@ customer service contacts by type of in"uiry and average time to resolution@ and losses from errors fraud or repudiated items. website access problems reported by e-banking

    Securit% incidents. Kolume of re&ected log-on attempts password any physical security breaches. resets attempted and successful penetration attempts number and type of trapped viruses or other malicious code and

    Vendor stabilit% [uarterly or annual financial reports number of new or departing customers changes in systems or e"uipment and employee turnover management positions. Eualit% Assurance. Performance audit results penetration tests and vulnerability assessments including servicer actions to address any identified deficiencies. Infor.ation Securit% Progra. #-banking introduces information security risk management challenges. ,inancial institution directors and senior management should ensure the information security program addresses these challenges and takes the appropriate actions. .. #nsure compliance with the 3-uidelines #stablishing :tandards for :afeguarding Customer !nformation4. .. #nsure the institution has the appropriate security e5pertise for its e-banking platform. .. !mplement security controls sufficient to manage the uni"ue security risks confronting the institution. Control considerations include o Ingoing awareness of attack sources scenarios and techni"ues@ statistics including any changes in

    o .p-to-date e"uipment inventories and network maps@ o >apid identification and mitigation of vulnerabilities@ o ;etwork access controls over e5ternal connections@ o *ardened systems with unnecessary or vulnerable services or files disabled or removed@ o .se of intrusion detection tools and intrusion response procedures@ o Physical security of all e-banking computer e"uipment and media@ and o $aseline security settings and usage policies for employees accessing the e banking system or communicating with customers. .. .se verification procedures sufficient to ade"uately identify the individual asking to conduct business with the institution. .. .se authentication methods sufficient to verify individuals are authoriAed to use the institution%s systems based on the sensitivity of the data or connected systems. .. +evelop policies for notifying customers in the event of a security breach effecting their confidential information. .. )onitor and independently test the effectiveness of the institution%s security program. !nformation security is essential to a financial institution%s ability to deliver e-banking services protect the confidentiality and integrity of customer information and ensure that accountability e5ists for changes to the information and the processing and communications systems. +epending on the e5tent of in-house technology a financial institution%s e-banking systems can make information security comple5 with numerous networking and control issues. Securit% Guidlines ,inancial institutions must comply with the 3-uidelines #stablishing :tandards for :afeguarding Customer !nformation4 (guidelines) as issued pursuant to the -rammL EeachL$liley /ct of 0111 (-E$/). 07 'hen financial institutions introduce e-banking or related support services management must re-assess the impact to customer information

    under the -E$/. The guidelines re"uire financial institutions to .. #nsure the security and confidentiality of customer information@ .. Protect against any anticipated threats or haAards to the security or integrity of such information@ and .. Protect against unauthoriAed access to or use of such information that could result in substantial harm or inconvenience to any customer. The guidelines outline specific measures institutions should consider in implementing a security program. These measures include .. !dentifying and assessing the risks that may threaten consumer information@ .. +eveloping a written plan containing policies and procedures to manage and control these risks@ .. !mplementing and testing the plan@ and .. /d&usting the plan on a continuing basis to account for changes in technology the sensitivity of customer information and internal or information security. The guidelines also outline the responsibilities of management to oversee the protection of customer information including the security of customer information maintained or processed by service providers. Iversight of third-party service providers and vendors is discussed in this booklet under the headings 3$oard and )anagement Iversight4 and 3)anaging Iutsourcing >elationships.4 /dditional information on the guidelines can be found in the !T *andbook%s 3)anagement $ooklet.4 The !T *andbook%s 3!nformation :ecurity $ooklet4 presents additional information on the risk assessment process and information processing controls. !n order to perform a risk assessment a financial institution gathers information about the internal and e5ternal environment analyAes that information and provides a hierarchical list of risks to be mitigated. This assessment guides the testing program indicating which controls should be sub&ect to more fre"uent or rigorous testing. e5ternal threats to

    The guidelines re"uired by the -E$/ apply to customer information stored in electronic form as well as paper-based records. #5amination procedures specifically addressing compliance with the -E$/ guidelines can be accessed through the agency websites listed in the reference section of this booklet. /lthough the guidelines supporting -E$/ define customer as 3a consumer who has a customer relationship with the institution 4 management should consider e5panding the written information security program to cover the institution%s own confidential records as well as confidential information about its commercial customers. Infor.ation Securit% #ontrols :ecurity threats can affect a financial institution through numerous vulnerabilities. ;o single control or security device can ade"uately protect a system connected to a public network. #ffective information security comes only from establishing layers of various control monitoring and testing methods. 'hile the details of any control and the effectiveness of risk mitigation depend on many factors in general each financial institution with e5ternal connectivity should ensure the following controls e5ist internally or at their T:P. .. Ingoing knowledge of attack sources scenarios and techni"ues. ,inancial institutions should maintain an ongoing awareness of attack membership in information-sharing entities such as the !nformation :haring and /nalysis Center (,:-!:/C) Coordination Center private mailing lists and other sources. /ll defensive measures are based on capabilities and goals as well as the probability of attack. .. .p-to-date e"uipment inventories and network maps. ,inancial institutions should have inventories of machines and software sufficient to support timely security updating and audits of authoriAed e"uipment and software. !n addition institutions should understand and document the connectivity between various network components including remote users internal databases and gateway servers to third parties. !nventories of hardware and the software on each system threats through ,inancial :ervices !nfragard the C#>T security information

    knowledge of the attacker%s

    can accelerate the institution%s response to newly discovered vulnerabilities and support the proactive identification of unauthoriAed devices or software. .. >apid response capability to react to newly discovered vulnerabilities. ,inancial institutions should have a reliable process to become aware of new vulnerabilities and to react as necessary to mitigate the risks posed bynewly discovered vulnerabilities. :oftware is seldom flawless. :ome ofthose flaws may represent security vulnerabilities and the financialinstitution may need to correct the software code using temporary fi5es sometimes called a 3patch.4 !n some cases management may mitigate therisk by reconfiguring other computing devices. ,re"uently the financialinstitution must respond rapidly because a widely known vulnerability issub&ect to an increasing number of attacks. .. ;etwork access controls over e5ternal connections. ,inancial institutions should carefully control e5ternal access through all channels including remote dial-up virtual private network connections gateway servers or wireless access points. Typically firewalls are used to enforce an institution%s policy over traffic entering the institution%s network. ,irewalls are also used to create a logical buffer called a 3demilitariAed Aone 4 or +)Y where servers are placed that receive e5ternal traffic. The +)Y is situated between the outside and the internal network and prevents direct access between the two. ,inancial institutions should use firewalls to enforce policies regarding acceptable traffic and to screen the internal network from directly receiving e5ternal traffic. .. :ystem hardening. ,inancial institutions should 3harden4 their systems prior to placing them in a production environment. Computer e"uipment and software are fre"uently shipped from the manufacturer with default configurations and passwords that are not sufficiently secure for a financial institution environment. :ystem 3hardening4 is the process of removing or disabling unnecessary or insecure services and files. / number of organiAations have current efforts under way to develop security benchmarks for various vendor systems. ,inancial institutions should assess their systems against these standards when available.

    .. Controls to prevent malicious code. ,inancial institutions should reduce the risks posed by malicious code by among other things educating employees in safe computing practices installing anti-virus software on servers and desktops maintaining up-to-date virus definition files and configuring their systems to protect against the automatic e5ecution of malicious code. )alicious code can deny or degrade the availability of computing services@ steal alter or insert information@ and destroy any potential evidence for criminal prosecution. Karious types of malicious code e5ist including viruses worms and scripts using active content. .. >apid intrusion detection and response procedures. ,inancial institutions should have mechanisms in place to reduce the risk of undetected system intrusions. Computing systems are never perfectly secure. 'hen a security failure occurs and an attacker is 3in4 the institution%s system only rapid detection and reaction can minimiAe any damage that might occur. Techni"ues used to identify intrusions include intrusion detection systems (!+:) for the network and individual servers (i.e. host computer) automated log correlation and analysis and the identification and analysis of operational anomalies.

    .. Physical security of computing devices. ,inancial institutions should mitigate the risk posed by unauthoriAed physical access to computer e"uipment through such techni"ues as placing servers and network devices in areas that are available only to specifically authoriAed personnel and restricting administrative access to machines in those limited access areas. /n attacker%s physical access to computers and network devices can compromise all other security controls. Computers used by vendors and employees for remote access to the institution%s systems are also sub&ect to compromise. ,inancial institutions should ensure these computers meet security and configuration re"uirements regardless of the controls governing remote access.

    .. .ser enrollment change and termination procedures. ,inancial institutions should have a strong policy and well-administered procedures to positively identify authoriAed users when given initial system access (enrollment) and thereafter to limit the e5tent of their access to that re"uired for business purposes to promptly increase or decrease the degree of access to mirror changing &ob responsibilities and to terminate access in a timely manner when access is no longer needed. .. /uthoriAed use policy. #ach financial institution should have a policy that addresses the systems various users can access the activities they are authoriAed to perform prohibitions against malicious activities and unsafe computing practices and conse"uences for noncompliance. /ll internal system users and contractors should be trained in and acknowledge that they will abide by rules that govern their use of the institution%s system. .. Training. ,inancial institutions should have processes to identify monitor and address training needs. #ach financial institution should train their personnel in the technologies they use and the institution%s rules governing the use of that technology. Technical training is particularly important for those who oversee the key technology controls such as firewalls intrusion detection and device configuration. :ecurity awareness training is important for all users including the institution%s ebanking customers. .. !ndependent testing. ,inancial institutions should have a testing plan that identifies control ob&ectives@ schedules tests of the controls used to meet those ob&ectives@ ensures prompt corrective action where deficiencies are identified@ and provides independent assurance for compliance with security policies. :ecurity tests are necessary to identify control deficiencies. /n effective testing plan identifies the key controls then tests those controls at a fre"uency based on the risk that the control is not functioning. :ecurity testing should include

    independent tests conducted by personnel without direct responsibility for security administration. /dverse test results indicate a control is not functioning and cannot be relied upon. ,ollow-up can include correction of the specific control as well as a search for and correction of a root cause. Types of tests include audits security assessments vulnerability scans and penetration tests. Authentication E-banking #usto.ers #-banking introduces the customer as a direct user of the institution%s technology. Customers have to log on and use the institution%s systems. /ccordingly the financial institution must control their access and educate them in their security responsibilities. 'hile authentication controls play a significant role in the internal security of an organiAation this section of the booklet discusses authentication only as it relates to the e-banking customer. Authenticating ;ew #usto.ers Kerifying a customer%s identity especially that of a new customer is an integral part of all financial services. Consistent with the .:/ P/T>!IT /ct federal regulations re"uire that by Ictober 0 677= each financial institution must develop and implement a customer identification program (C!P) that is appropriate given the institution%s siAe location and type of business.0= The C!P must be written incorporated into the institution%s $ank :ecrecy /ctD/nti-)oney Eaundering program and approved by the institution%s board of directors. The C!P must include risk-based procedures to verify the identity of customers (generally persons opening new accounts). Procedures in the program should describe how the bank will verify the identity of the customer using documents nondocumentary methods or a combination of both. The procedures should reflect the institution%s account opening processes L whether face-to-face or remotely as part of the institution%s e-banking services.

    /s part of its no documentary verification methods a financial institutions may rely onthird parties to verify the identity of an applicant or assist in the verification. The financial institution is responsible for ensuring that the third party uses the appropriate level of verification procedures to confirm the customer%s identity. ;ew account applications submitted on-line increase the difficulty of verifying the application information. )any institutions choose to re"uire the customer to come into an office or branch to complete the account opening process. !nstitutions conducting the entire account opening process through the mail or on-line should consider using third-party databases to provide .. Positive verification to ensure that material information provided by an applicant matches information available from third-party sources .. Eogical verification to ensure that information provided is logically consistent and .. ;egative verification to ensure that information provided has not previously been associated with fraudulent activity (e.g. an address previously associated with a fraudulent application). Authenticating E>isting #usto.ers !n addition to the initial verification of customer identities the financial institution must also authenticate its customers% identities each time they attempt to access their confidential on-line information. The authentication method a financial institution 06 ,,!#C -uidance: /uthentication in an #lectronic $anking #nvironment (Ouly =7 6770). chooses to use in a specific e-banking application should be appropriate and 3commercially reasonable4 in light of the risks in that application. 'hether a method is a commercially reasonable system depends on an evaluation of the circumstances. ,inancial institutions should weigh the cost of the authentication method including technology and procedures against the level of protection it affords and the value or sensitivity of the transaction or data to both the institution and the customer. 'hat

    constitutes a commercially reasonable system may change over time as technology and standards evolve. /uthentication methods involve confirming one or more of three factors: .. :omething only the user should know such as a password or P!;@ .. :omething the user possesses such as an /T) card smart card or token@ or .. :omething the user is such as a biometric characteristic like a fingerprint or iris pattern. /uthentication methods that depend on more than one factor are typically more difficult to compromise than single-factor systems therefore suggesting a higher reliability of authentication. ,or e5ample the use of a customer !+ and password is considered single factor authentication since both items are something the user knows. / common e5ample of two-factor authentication is found in most /T) transactions where the customer is re"uired to provide something the user possesses (i.e. the card) and something the user knows (i.e. the P!;). :ingle factor authentication alone may not be ade"uate for sensitive communications high dollar value transactions or privileged user access (i.e. network administrators). )ulti-factor techni"ues may be necessary in those cases. !nstitutions should recogniAe that a single factor system may be 3tiered4 (e.g. multiple passwords) to enhance security without the implementation of a true two-factor system. Password Ad.inistration +espite the concerns regarding single-factor authentication many e-banking services still rely on a customer !+ and password to authenticate an e5isting customer. :ome security professionals criticiAe passwords for a number of reasons including the need for passwords whose strength places the password beyond the user%s ability to comply with other password policies such as not writing the password down. Password-cracking software and log-on scripts can fre"uently guess passwords regardless of the use of

    encryption. Popular acceptance of this form of authentication rests on its ease of use and its adaptability within e5isting infrastructures. / 3tiered4 single factor authentication system would include the use of multiple levels of a single factor (e.g. the use of two or more passwords or P!;s employed at different points in the authentication process). Tiering may not be as strong as two-factor authentication because the means used to steal the first password may be e"ually effective against the second password. ,inancial institutions that allow customers to use passwords with short character length readily identifiable words or dates or widely used customer information (e.g. :ocial :ecurity numbers) may be e5posed to e5cessive risks in light of the security threats from hackers and fraudulent insider abuse. :tronger security in password structure and implementation can help mitigate these risks. /nother way to mitigate the risk of scripted attacks is to make the user !+ more random and not based on any easily determined format or commonly available information. There are three aspects of passwords that contribute to the security they provide: password secrecy password length and composition and administrative controls. Password secrec%< The security provided by password-only systems depends on the secrecy of the password. !f another party obtains the password he or she can perform the same transactions as the intended user. Passwords can be compromised because of customer behavior or techni"ues that capture passwords as they travel over the !nternet. /ttackers can also use well-known weaknesses to gain access to a financial institutionCs (or its service provider%s) !nternet-connected systems and obtain password files. $ecause of these vulnerabilities passwords and password files should be encrypted when stored or transmitted over open networks such as the !nternet. The system should prohibit any user including the system or security administrator from printing or viewing unencrypted passwords. !n addition security administrators should ensure password files are protected

    and closely monitored for compromise because if stolen an attacker may be able to decrypt an encrypted password file. ,inancial institutions need to emphasiAe to customers the importance of protecting the passwordCs confidentiality. Customers should be encouraged to log off unattended computers that have been used to access on-line banking systems especially if they used public access terminals such as in a library institution lobby or !nternet cafe. Password length and composition. The appropriate password length and composition depends on the value or sensitivity of the data protected by the password and the ability of the user to maintain the password as a shared secret. Common identification items Z for e5ample dictionary words proper names or social security numbers Z should not be used as passwords. Password composition standards that re"uire numbers or symbols in the se"uence of a password in con&unction with both upper and lower case alphabetic characters provide a stronger defense against password-cracking programs. :electing letters that do not create a common word but do create a mnemonic Z for e5ample the first letter of each word in a favorite phrase poem or song Z can create a memorable password that is difficult to crack. :ystems linked to open networks like the !nternet are sub&ect to a greater number of individuals who may attempt to compromise the system. /ttackers may use automated programs to systematically generate millions of alphanumeric combinations to learn a customerCs password (i.e. 3brute force4 attack). / financial institution can reduce the risk of password compromise by communicating and enforcing prudent password selection providing guidance to customers and employees and careful protection of the password file. Password ad.inistration controls. 'hen evaluating password-based e-banking systems management should consider whether the authentication system%s control capabilities are consistent with the financial institutionCs security policy. This includes evaluating such areas as password length and composition re"uirements incorrect log-on lockout password e5piration repeat password usage and encryption re"uirements as well as the types of activity monitoring

    and e5ception reports in use. #ach financial institution must evaluate the risks associated with its authentication methods given the nature of the transactions and information accessed. ,inancial institutions that assess the risk and decide to rely on passwords should implement strong password administration standards. Ad.inistrati/e #ontrols #-banking presents new administrative control re"uirements and potentially increases the importance of e5isting controls. )anagement must evaluate its administrative controls to ma5imiAe the availability and integrity of e-banking systems. #-banking information can support identity theft for either fraud at the sub&ect institution or for creating fraudulent accounts at other institutions. !nstitutions should consider the ade"uacy of the following controls: .. :egregation of e-banking duties to minimiAe the opportunity for employee fraud@ .. +ual-control procedures especially for sensitive functions like encryption key retrieval or large on-line transfers@ .. >econcilement of e-banking transactions@ .. :uspicious activity reviews and fraud detection with targeted review of unusually large transaction amounts or volumes@ .. Periodic monitoring to detect websites with similar names possibly established for fraudulent purposes@ .. #rror checks and customer guidance to prevent unintentional errors@ .. /lternate channel confirmations to ensure account activity or maintenance changes are properly authoriAed@ and .. $usiness disruption avoidance strategies and recovery plans. #-banking activities are sub&ect to the same risks as other banking processes. *owever the processes used to monitor and control these risks may vary because of e-banking%s heavy reliance on automated systems and the customer%s direct access to the institution%s

    computer network. :ome of the controls that help assure the integrity and availability of e-banking systems are discussed below.

    Internal #ontrols
    Segregation of duties< #-banking support relies on staff in the service provider%s operations or staff in the institution%s bookkeeping customer service network administration or information security areas. *owever no one employee should be able to process a transaction from start to finish. !nstitution management must identify and mitigate areas where conflicting duties create the opportunity for insiders to commit fraud. ,or e5ample network administrators responsible for configuring servers and firewalls should not be the only ones responsible for checking compliance with security policies related to network access. Customer service employees with access to confidential customer accountinformation should not be responsible for daily reconcilements of e-banking transactions. !ual controls. :ome sensitive transactions necessitate making more than one employee approve the transaction before authoriAing the transaction. Earge electronic funds transfers or access to encryption keys are e5amples of two e-banking activities that would typically warrant dual controls. 9econcile.ents< #-banking systems should provide sufficient accounting reports to allow employees toreconcile individual transactions to daily transaction totals. :uspicious activity. ,inancial institutions should establish fraud detection controls that could prompt additional review and reporting of suspicious activity. :ome potential concerns to

    consider include false or erroneous application information large check deposits on newe-banking accounts unusual volume or siAe of funds transfers multiple new accounts with similar account information or originating from the same !nternet address and unusual account activity initiated from a foreign !nternet address. :ecurity-and fraudrelated events may re"uire the filing of a :/> with the ,inancial Crimes Si.ilar website na.es. ,inancial institutions should e5ercise care in selecting their website name(s) in order to reduce possible confusion with those of other !nternet sites. !nstitutions should periodically scan the !nternet to identify sites with similar names and investigate any that appear to be posing as the institution. :uspicious sites should be reported to appropriate criminal and regulatory authorities. Error checks< #-banking activities provide limited opportunities for customers to ask "uestions or clarify their intentions regarding a specific transaction. !nstitutions can reduce customer confusion and the potential for unintended transactions by re"uiring written contracts e5plaining rights and responsibilities by providing clear disclosures and on-line instructions or help functions and by incorporating proactive confirmations into the transaction initiation process. In-line instructions help features and proactive confirmations are typically part of the basic design of an e-banking system and should be evaluated as part of the initial due diligence process. In-line forms can include error checks to identify common mistakes in various fields. Proactive confirmations can re"uire customers to confirm their actions would enter the amount and date of payment and specify the intended recipient. $ut before accepting the customer%s instructions for processing the system might re"uire the customer to review the instructions entered and then confirm the instruction%s accuracy by clicking on a specific bo5 or link.

    Alternate channel confir.ations. ,inancial institutions should consider the need to have customers confirm sensitive transactions like enrollment in a new on-line service large funds transfers account maintenance changes or suspicious account activity. Positive confirmations for sensitive on-line transactions provide the customer with the opportunity to help catch fraudulent activity. ,inancial institutions can encourage customer participation in fraud detection and increase customer confidence by sending confirmations of certain high-risk activities through additional communication channels such as the telephone e-mail or traditional mail.

    Business #ontinuit% #ontrol


    #-banking customers often e5pect 69-hour availability. :ervice interruptions can significantly affect customers if the institution offers more than the most basic services. ,or e5ample customer bill payment transactions may not be paid on time. +ue to the potential impact on customers and customer service financial institutions should analyAe the impact of service outages and take steps to decrease the probability of outages and minimiAe the recovery time if one should occur. :ome considerations include .. Conducting a business impact analysis of e-banking services that defines the minimum level of service re"uired and establishes recovery-timeob&ectives@ .. $uilding redundancy into critical network components to avoid single points of failure@ .. .pdating business continuity plans to address e-banking@ .. +eveloping customer communication plans prior to an outage@ .. >eviewing the compatibility of key third parties% business continuity plans@ and .. Periodically testing business resumption capabilities to determine if ob&ectives can be met.

    $ased on activity volumes number of customer effected and the availability of alternate service channels (branches checks etc.) some institutions may not consider e-banking services as 3mission critical3 warranting a high priority in its business continuity plan. )anagement should periodically reassess this decision to ensure the supporting rationale continues to reflect actual growth and e5pansion in e-banking services.

    $egal and #o.plience Issues


    $ecause e-banking limits face-to-face interaction and the paperbased e5change of information with customers e-banking introduces new compliance or legal risks.!nstitutions should .. Clearly identify the official name of the financial institution providing the ebanking services@ .. Properly disclose their customer privacy and security policies on their websites@ and .. #nsure that advertisements notices and disclosures are in compliance with applicable statutes and regulations including the #-:ign /ct. ,inancial institutions should comply with all legal re"uirements relating to e-banking including the responsibility to provide their e-banking customers with appropriate disclosures and to protect customer data. ,ailure to comply with these responsibilities could result in significant compliance legal or reputation risk for the financial institution.

    Trade na.es on the Internet


    ,inancial institutions may choose to use a name different from their legal name for their e-banking operations. :ince these trade names are not the institution%s official corporate title information on the website should clearly identify the institution%s legal name and physical location. This is particularly important for websites that solicit deposits since persons may inadvertently e5ceed deposit insurance limits.

    .. +isclose clearly and conspicuously in signs advertising and similar materials that the facility is a division or operating unit of the insured institution@ .. .se the legal name of the insured institution for legal documents certificates of deposit signature cards loan agreements account statements checks drafts and other similar documents@ and .. Train staff of the insured institution regarding the possibility of customer confusion with respect to deposit insurance. +isclosures must be clear prominent and easy to understand. #5amples of how !nternet disclosures may be made conspicuous include using large font or type that is easily viewable when a page is first opened@ inserting a dialog page that appears whenever a customer accesses a webpage@ or placing a simple graphic near the top of the page or in close pro5imity to the financial institution%s logo. These e5amples are only some of the possibilities for conspicuous disclosures given the available technology. ,ront-line employees (e.g. call center staff) should be trained to ensure that customers understand these disclosures and mitigate confusion associated with multiple trade names. +ebsite contents ,inancial institutions can take a number of steps to avoid customer confusion associated with their website content. :ome e5amples of information a financial institution might provide to its customers on its website include .. The name of the financial institution and the location of its main office(and branch offices if applicable)@ .. The identity of the primary financial institution supervisory authority responsible for the supervision of the financial institutionCs main office@

    .. !nstructions on how customers can contact the financial institution%s customer service center regarding service problems complaints suspected misuse of accounts etc.@ .. !nstructions on how to contact the applicable supervisor to file consumer complaints@ and .. !nstructions for obtaining information on deposit insurance coverage and the level of protection that the insurance affords including links to the ,+!C or ;C./ websites at http:DDwww.fdic.gov or www.ncua.gov respectively. #usto.er Pricing and #onfidentialit% )aintaining the privacy of a customer%s information is one of the cornerstones upon which trust in the ..:. banking system is based. )isuse or unauthoriAed disclosure of confidential customer data may e5pose a financial institution to customer litigation or action by regulatory agencies. To meet e5pectations regarding the privacy of customer information financial institutions should ensure that their privacy policies and standards comply with applicable privacy laws and regulations particularly the privacy re"uirements established by -E$/. The regulation implementing -E$/%s re"uirements also describes standards on electronic disclosures that apply if an institution elects to display its privacy policy on its website. Transaction -onitoring and #usto.er !isclosers The general re"uirements and controls that apply to paper-based transactions also apply to electronic financial services. Consumer financial services regulations generally re"uire that institutions send provide or deliver disclosures to consumers as opposed to merely making the disclosures available. ,inancial institutions are permitted to provide such disclosures electronically if they obtain consumers% consent in a manner consistent with the re"uirements of the federal #lectronic :ignatures in -lobal and ;ational Commerce /ct (the #-:ign /ct). The ,ederal >eserve $oard has issued interim rules providing guidance on how the #-:ign /ct applies to the consumer financial services and fair

    lending laws and regulations administered by the $oard.0< *owever mandatory compliance with the interim rules was not re"uired at the time of this booklet%s publication.02 ,inancial institutions may provide electronic disclosures under their e5isting policies or practices or may follow the interim rules until the $oard issues permanent rules. 'hen disclosures are re"uired to be in writing the #-:ign /ct re"uires that financial institutions generally must obtain a consumer%s affirmative consent to provide disclosures electronically. .nder the #-:ign /ct a consumer must among other things provide such consent electronically and in a manner that reasonably demonstrates that he or she can access the electronic record in the format used by the institution. !n addition the institution must advise customers of their right to withdraw their consent for electronic disclosures and e5plain any conditions conse"uences or fees triggered by withdrawing such consent. :

    Internet "inance
    !nternet has touched almost all aspects of our lives. The emergence of e-commerce has revolutioniAed the way we live shop entertain and interact. Therefore it should not come as a surprise if it tries to influence the way we save and the way we invest. Today when the customer is king and the service providers are rushing to pay obeisance to the king financial service providers cannot be left behind. !n their "uest to differentiate their services and gain competitive advantage over their competitors the financial service providers are trying to provide their services to the customers in the comfort of their homes. The !nternet has emerged as a convenient channel for these service providers. Eiving in !ndia we might find these ideas too far fetched but the truth is that !nternet has changed the way these services are delivered particularly in countries where the !nternet penetration is high. The different ways in which !nternet is trying to revolutioniAe the delivery of the financial services and products are given below: -

    8nlineBrokerage Inline $roking is emerging as another field where traditional service providers are likely to face tough competition from the +ot Coms. !n Taiwan and 8orea =7R of the stock trading has already moved online. This is posing a threat to the traditional ,ull-:ervice $rokerages. $y leveraging the power of the web Charles :chwab has emerged as a ma&or threat to ,ull-:ervice brokers like )errill Eynch. !n order to preempt the moves into these areas by new players many $anks have already tied up with Inline $rokerages. The $anks have entered the e-trading business. :ince many banks are also +epositary participants they have tied up with e-traders so that a customer is able to buy or sell shares online and make and receive payments through the ;et.

    !n !ndia *+,C $ank has tied up with !nvestsmart.com and is offering its services to all the clients of the brokerage. !C!C! $ank has gone a step ahead and launched !C!C!+irect.com. These banks have become e5clusive providers of banking and depositaryDcustodial services to the clients of these online brokerages. 8nline !eli/er% of "inancial Products The $anks have started offering banking services like checking your account status fund transfer ordering demand drafts and writing out che"ues via the net. :oon these will formonly a small part of the total array of services being offered by them. These$anks haveembarked on a number of new initiatives to protect their stronghold and to leverage the net. They are offering value-added services to their customers and at the same time are trying to get into $6C and $6$ e-commerce. They are even trying to get their finger into various transactions between the -overnment on one side and the business and the customer on the other. $anks are trying to become a part of the online value chain. ,or e5ample they are trying to tie up with corporates so as to become a part of their supply chain and enable electronic transfer of funds between the different components of :upply

    Chain. They are doing this by acting as an intermediary between the corporations and their vendors by enabling online transactions at one place. :ome $anks are trying to setup portals for routing payments like #5cise +uty and :ales Ta5. ;ot content with that $anks are setting up secure payment gateways to tap the $6C online market. $anks have taken the application process for personal loans car loans and mortgage online. They plan to offer other financial products like $onds and )utual ,unds through their financial service portal. This strategy is aimed by pre-empting the entry of new startups into this business. /nother bit of the ;et strategy involves providing infrastructure for $6C as well as $6$ e-commerce. $anks are setting up secure payment gateways that will allow online retail shops to obtain instant credit card verifications. Ince the buyer hits the pay button at a $6C portal the buyerCs credit card details will get encrypted and travel securely to the Kisa or )asterCard approval system through the bankCs payment gateway. The banks are also setting up their own shopping portals. *+,C has a stake in a portal called easy6buy.com where *+,C bank customers can buy using their bank account number. ,ederal $ank has similar arrangements with >ediff.com and ,abmart.com. !C!C! has setup )agiccart.com an e-tailing site. /t the $6$ end $anks are offering ;et $anking service that allows electronic fund transfers among a company its vendors and dealers. /nother service being targeted at this segment is cash management. This will reduce the float which is present in physical processing of the payments. The $anks are also trying to integrate their systems with the #>PD:upply Chain system of their clients. This will enable the bank to benefit from the movement towards e-

    procurement. #-Procurement involves making transactions online and processing the payment electronically.

    #ase Stud% = I#I#I


    !C!C! is one of the leading private sector banks in !ndia which combines financial strength with a reputation forinnovation and a universal culture that embraces change. In )arch =0 6776 !C!C! formally merged with !C!C!bank and emerged as !ndiaCs first .niversal $ank. !C!C! banks retail distribution network continues to e5pand and itnow has 971 branches and e5tension counters and 0 722 /T): across about 697 locations (!C!C! 6776 a). The strategy of !C!C! bank after the merger with !C!C! Etd. is that of building a diversified portfolio. The merged entity will continue to be into pro&ect finance and the focus will be to tap the potential in retail financing. ($usiness line /pril 0 6776). !C!C! bank offers a wide spectrum of domestic and international banking services to facilitate trade investment cross border business treasury and foreign e5change services (.nnithan and :watman). !C!C! bank hasbeen "uick to realiAe that #- banking has changed from a somewhat e5perimental delivery vehicle into anincreasingly mainstream one for delivery of broad spectrum of banking products and services. $asic #- banking services are rapidly changing from competitive differentiator to competitive necessity. The group has leveraged on a number of tie-ups to come up with its various offering. ,or its !nternetbanking offering the !C!C! bank uses !nfinity from !nfosys for its credit card business its uses Kision Plus from Pay:ys .:/ for '/P services the tie-up with cellular service providers Irange and /irtel helps reach out to these users while the '/P technology is being implemented by the in-house !C!C! !nfotech service. To leverage the ;etfor its marketing initiatives !C!C! bank and :atyam !nfo way have &ointly set up a UCI)U company to promotebanking products on the ;et. The bank has also entered into agreements with leading corporate like $PE >ediff.com. .sha )artin and

    Tata Communications for $ to C solutions in a bid to further strengthen its !nternetbanking product offering and services. /lso !C!C! has &oined hands with a consortium led by Compa" to take the lead in offering a solution to the !ndian ecommerce community. This consortium offers a $6$ and $6C e- commerce payment gateway within !ndia. The $ank has been offering phone banking free of charge and was first to launch an !nternet $anking service in the country named !nfinity. (!C!C! 6777). !nfinity now provides a host of online banking solutions to retail as well as corporate customers. !C!C!Cs constant endeavour in providing more value to the customers has resulted in !nfinity being the front-runner amongst online banking offerings in the country. /lso in keeping with the customers need for increased security Corporate !nfinity now provides multiple levels of authentication besides user !+D password and includes security tokens (!C!C! 6777 L 70 /nnual >eport). !C!C! also strives to be a center for leading research on financial engineering in !ndia particularly in the area of valuation of securities risk management and derivatives. $y leveraging on the groups resources !C!C! provides custom tailored solution that can support even the most comple5 business strategy (!C!C! 6777(b)). !C!C! is now moving all its operations into the era of Cvirtual integrationC. ;ot only has this drastically reduced costs but it has also increased and improved its services to customers. )oney 6 !ndia offers a uni"ue facility by !C!C! of transferring funds to !ndia. /dditional modules were added-gifting and reminders to broaden its scope and enhance !C!C!Cs relationship with customers (!C!C! /nnual report 6777 L70). The table below gives the :'IT analysis of !C!C!. S+8T Anal%sis of I#I#I

    Thus !C!C! has been able to use technology to provide value-added service to its customers during the last few years. ,or !C!C! technology is an integral part of their business. *owever their overall progress could have been smoother but for certain internal and e5traneous factors and also a pressure on spreads due to a competitive market (/nnual report 6777 L70). #onclusion #-banking has become a necessary survival weapon and is fundamentally changing the banking industry worldwide. To day the click of the mouse offers customers banking services at a much lower cost and also empowers them with unprecedented freedom in choosing vendors for their financial service needs. ;o country today has a choicewhether to implement #-banking or not given the global and competitive nature of the economy. $anks have to upgrade and constantly think of new innovative customiAed packages and services to remain competitive. The invasion of banking by technology has created an information age and commoditiAation of banking services. $anks have come to realiAe that survival in the new e-economy depends on delivering some or all of their banking services on the !nternet while continuing to support their traditional infrastructure. The rise of #-banking is redefining business relationships and the most successful banks will be those that can truly strengthen their relationship with

    their customers. 'ithout any doubt the international scope of # banking provides new growth perspectives and !nternet business is a catalyst for new technologies and new business processes. 'ith rapid advances in telecommunication systems and digital technology #-banking has become a strategic weapon for banks to remain profitable. !t has been transformed beyond what anyone could have foreseen 6< years ago. *owever banks are uncertain about the regulatory framework for conducting #-business and the regulatory and ta5ation issues for governing cyberspace presents formidable problems. +eveloping such a system is not easy as the !nternet is not organiAed geographically and it is almost meaningless to refer to a website as national or local. /ny successful attempt at governing cyberspace will involve significant international cooperation. Ta5 issues are being dealt with through I.#.C.+ codes along with intergovernmental cooperation. The !ndian e5perience of #-banking is gradually merging with its international counterparts. 'hile the private sector and foreign banks have been fast in adopting !nternet technology in client servicing there is a gradual trend for the ma&or public sectors and numerous cooperative units to move in the same direction. / mi5 of policy support and security assurance should propel further #-banking adoption in !ndia.

    0.

    :tart early with simple user-friendly robust and highly scalable services. .se the same secure mobile password in all devices and channels (including contact centers) for both identification and transaction confirmation. !nclude all services in the same portal to gain economies of scope and repetition. !ntroduce new services gradually to keep up user interest. )ake e$anking a part of branch banking in order to motivate the local personnel to sell the service. Provide the same services and user logic to both private and corporate customers to gain not only the reuse advantages of technology and branding but also the economy of repetition. Eet your corporate and private users meet each other in the !nternet bank via such thins as mall-like link collection (available to merchants using the bankCs services). .se both real-life situations and interest based personalisation and customisation to provide users with targeted offers.

    6.

    =.

    9.

    <.

    2.

    ?.

    Glossar%

    Bibliograph%

    +ebsites www.rbi.org.in www.sans.orgDrr www.technologyforfinance.comDwhitepaper.asp www.bankersonline.com www.indianinfoline.com www.banknetindia.com www.checkfreei-series.com www.icfai.com www.icici.com www.e"uitymaster.com www.siliconindia.com www.laws9india.com www.e5presscomputeronline.com

    Books E-banking FGlobal Perspecti/esG I#"AI 2Banking Series1

    B%: Vi/ek Gupta Internet Banking FThe Second +a/eG b% San?i/ Singhal

    Potrebbero piacerti anche