Online banking in India offers enormous promise both for banks and their customers.

India accounts for around 81 million Internet users, representing a market penetration of just seven percent. For banks considering offering services online, India's potential is exciting: Internet usage in India has soared 1,520 percent since 2000.
Yet realizing the potential of online banking in India is fraught with challenges:
y

Economic, due to a global recession and increasingly competitive marketplace Cultural, as banks try to balance long -held traditions with the need to generate profit Demographic, by instituting a mass over class approach to providing bank services to all Indians Criminal, as banks and their customers face increasing threats from fraud cartels and identity thieves

Lately, it's the economic challenges that impact banks the most. India's public and private sector banks are striving to halt the escalating costs of doing business. The need to reduce operating costs has prompted banks of all kinds to find more cost effective ways to serve customers. Online banking offers a way to provide a range of services to anyone with even occasional access to the Internet. It's vastly more convenient for customers, and it's much more cost-effective than in-person tellers and call center agents. How much? An Internet banking transaction is 85 percent cheaper to process than a typical transactio n.ii So why haven't more banks engaged this potentially lucrative channel?
The Trust Problem While only 16 percent of Internet users in India are expected to be banking users in the short term, that number can grow rapidly if banks are able to establis h trust with an understandably wary public.

But Internet users know the threats are real and spreading. India is specifically targeted in roughly 10 percent of the world's phishing scams designed to lure online users to look-alike Web sites, where they are tricked into providing their personal account numbers, passwords, credit card numbers and more. In 2008, banks in India were subjected to more than 400 phishing attacks over the course of a few months. A popular technique executed by identity thieves an d e-fraud cartels, phishing scams

can be set up quickly at very low cost. On the Internet's global black market where stolen identities are bought and sold 24 hours a day e-criminals can even purchase phishing kits that enable them to create a fake W eb page that convincingly mimics a bank's log-in page. Even in the face of these threats, however, India's banks simply aren't protecting themselves or their customers. According to NASSCOM, an IT trade group based in India, more than 80 Indian banks lac k the security safeguards they need to thwart attacks from phishers and identity thieves.v
Foiling Fraudsters with Two-Factor Authentication For banks around the world, the answer to establishing trust with online customers is two-factor authentication. Also known as strong authentication, two -factor authentication goes beyond simple username -and-password sign-on, which is easily circumvented by phishers.

With two-factor authentication (2FA), each user provides not just a username and password, but also a unique one -time password (OTP) generated by a special security credential. When the bank's 2FA service provider matches the OTP to the customer, then the user is authenticated. The latest 2FA solutions are simpler and more convenient for users as well. OTP credentials are available in a variety of formats, allowing bank customers to choose the credential that best suits their lifestyle. The se include stand-alone hardware tokens, credit card-sized form factors, SMS codes for mobile phones as well as a downloadable application that turns a mobile phone into a OTP generator. Because logging on with two -factor authentication requires something the user knows (his username and password) and something he has (his 2FA credential), it is much more difficult for fraudsters to gain unauthorized access to accounts. Because of this, 2FA has been proven to be effective against unauthorized access to onl ine accounts, stopping potential fraud before customers and banks sustain financial losses. Some IT managers may have experienced 2FA in its former iteration as a costly, self-managed solution that is difficult to scale as user populations grow. Today's 2 FA solutions, however, are available as cloud -based (or managed) services that drive down per-user costs while enabling on-demand growth. Managed 2FA services allow banks and other organizations to achieve TCO savings of 40 percent on capital expenditures and operational costs, when compared to traditional on -premise solutions. Most recently, the costs and logistics of distributing 2FA credentials to millions of users have effectively been eliminated with the introduction of mobile applications

that transform mobile phones and PDAs into credentials that generate OTPs on demand. Since most online bank customers are mobile phone users, they don't have to carry an additional credential to generate an OTP for strong authentication. Instead, the device they carry all day, every day doubles as their 2FA credential, creating a new level of convenience. And the application costs them nothing.
A Relationship Built on Trust For Indian banks aiming to introduce or expand their online services, establishing trust with customers is a crucial first step. With its proven ability to keep fraudsters and identity thieves from gaining unauthorized access to customer accounts, two factor authentication should be a core part of any bank's online offering. As financial institu tions around the world already recognize, 2FA:
y

Protects banks and their customers from financial losses stemming from online account takeover. Signing on to a 2FA -protected bank Web site requires users to provide something they know and something they have a combination that e-criminals will find difficult, if not impossible, to acquire. Is cost-effective and scalable. A cloud -based 2FA solution keeps implementation and administrative costs down while enabling deployments to scale on demand. Is easy to use. A variety of 2FA credentials including mobile device-based applications that provide the ultimate in convenience make strong authentication easy for bank customers. India's banks have a promising future online but only if they provide the right safeguards against e-criminals. Those safeguards should include two -factor authentication.

Dataquest India http://dqindia.ciol.com/content/top_stories/2010/110011101.asp 17th July 2011 Dr. Shekhar Kirani -----------------------------------------------------------------------------------------------------------------------------------We want to use the Internet to become a universal banking major."
- Nachiket Mor, Head of ICICI's Treasury, in March 2000. The Internet Banking Boom

In 2001, a Reserve Bank of India survey revealed that of 46 major banks operating in India, around 50% were either offering Internet banking services at various levels or planned to in the near future. According to a research report, 1 while in 2001, India's

Internet user base was an estimated 9 lakh; it was expected to reach 90 lakh by 2003. Also, while only 1% of these Internet users utilized the Internet banking services in 1998, the Internet banking user base increased to 16.7% by mid - 2000. Many of the major banks like ICICI, HDFC, IndusInd, IDBI, Citibank, Global Trust Bank (GTB), Bank of Punjab and UTI were offering Internet banking services. Based on the above statistics and the analysts' comments that India had a high growth potential for Internet banking, the players focused on increasing and improving their Internet banking services. As a part of this, the banks began to collaborate with various utility companies to enable the customers to perform various functions online. ICICI's 'Infinity,' which was already a leader in the Indian Internet banking arena, began to allow its customers to pay their online real time shopping bills. HDFC, through its 'payment gateway' feature, allowed its Internet banking customers to make online and real time payments for their purchases. HDFC also entered into tie -ups with various portals to provide these business-tocustomer (B2C) e-commerce transactions. Centurion bank acquired an equity stake in the teauction.com portal to bring together buyers, sellers, suppliers, registered brokers and associations in the tea market and eliminate the need for their physical presence at various auctions. As more banks entered Internet banking arena, the competition between the banks also increased. This compelled the banks to focus on capturing new markets and customers and adopting advanced technology on t he Internet. In the light of these developments, industry watchers remarked that Internet banking had arrived in a big way. Though it had a long way to go compared to the global standards, it was beginning to be seen as a replacement for the traditional banking set up in the future. 1] India Research, Kotak Securities, May 2000. http://www.icmrindia.org/free%20resources/casestudies/banking1.htm 17th July 2011
ABOUT INTERNET BANKING

Globally, the banking business has always been in the forefront of harnessing technology to improve its services and efficiency. Banks have been quick to adopt rapidly evolving electronic and telecommunication technologies to deliver an extensive line of value added products and services to their customers. By the early 1990s, direct dial-up connections, personal computers, tele banking and automated teller machines (ATMs) became common in most developed nations. Internet banking evolved in the mid -1990s when Internet and the World Wide Web began to catch on. Soon, many major banks in the US and Europe began to use the Internet to provide banking services.

Internet banking is a web -based service that enables the bank's authorized customers to access their account information. It allows the customers to log on to the bank's website with the help of a bank -issued identification and a personal identification number (PIN). The banking system verifies the user and provides access to the requested services. The ran ge of products and services offered by each bank on the Internet differs widely in their content. Most banks offer Internet banking as a value-added service. Internet banking has also led to the emergence of new banks, which operate only through the Intern et and do not exist physically. Such banks are called 'Virtual' banks or 'Internet only' banks. The products and services offered by the banks on the Internet can be divided into three types: " Information Kiosks: It includes providing information regardi ng various products and services offered by the bank to its customers and others in general. The bank's site receives and answers queries of customers through e -mails. " Basic Internet Banking: It includes enabling customers to open new accounts, check account balance and pay utility bills. " E-commerce Banking: Banks function as electronic market places (e -market place) enabling customers to use their accounts for money transfers, bills payment, purchase and sale of securities and online real time purchase s and payments. In a typical Internet banking transaction, customers' requests for online banking information are passed on from Web server to the bank's Internet banking server through the WWW interface. These requests pass through a firewall [1] before they reach the Internet banking server. Due to the use of SSL technology [2], only authenticated requests reach the Internet banking server. The customer information database is stored on a bank's server, which is protected by the use of various security tools in addition to the firewall technology. The WWW interface is the only media of communication with the Internet banking server and Internet banking server is the only media of communication with the customer database, thus ensuring the safety of opera tion and customer data. When the customer requests reach the Internet banking server it passes the requests to the bank server hoarding customer database. The database provides the required information to the Internet banking server, which is in turn passe d on to the web server, through the firewall, from where the customer is able to access it (Refer Figure I).This sort of architecture, known as the 'three -tiered architecture' (comprising of a web server, Internet banking server and customer database protected by firewalls) creates a controlled environment, which allows quick incorporation of Internet security technologies. A security analyzer constantly monitors login attempts and recognizes failures that could indicate a possible unauthorized attempt to log into an account. When such trends are observed, steps are automatically taken to prevent that account from being used.

INTERNET BANKING TRANSACTION MECHANISM ICICI - INTERNET BANKING INITIATIVES HURDLES IN INTERNET BANKING

A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls a re frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages that enter or leave the Intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. Data security between the customer's web server and the bank's web server is handled through a security protocol called Secure Sockets Layer (SSL). SSL provides data encryption, data integrity and ser ver authentication for an Internet connection. http://www.icmrindia.org/free%20resources/casestudies/banking2.htm The most significant benefit of Internet banking is the ready accessibility of bank accounts at all times. The inconvenience of visiting and waiting at the banks is also eliminated. This result in, enhanced customer satisfaction, reduced customer attrition and increased customer base. Internet banking considerably reduces transaction costs for the banks. According to a study conducted by consultants Booz -Allen & Hamilton, the cost of an average transaction on the Internet is as low as 13 cents, compared to $ 1.07 through the branch, 54 cents through the telephone and 27 cents through the ATM. The study also stated that Internet banking helped banks reduce the branch load and attract future customers.
[2]

[1]

Ref: http://www.icmrindia.org/images/image002.jpg Internet Banking Transaction Mechanism

Source: ICMR. In India, the cost of one banking transaction through the Internet amounted to 10 paise to the bank, as compared to Re.1 through a branch, 45 paise through an ATM, 35 paise through phone banking and 20 paise through debit cards.The low transaction costs and the promising picture painted by analysts induced many banks in India to introduce Internet banking services during the late 1990s. However, only few of them succeeded in moving beyond the launch of the website. ICICI's Internet banking service 'Infinity' became the most recognized and popular service in the country, providing a wide range of products and services.
ICICI - INTERNET BANKING INITIATIVES HURDLES IN INTERNET BANKING

http://www.icmrindia.org/free%20resources/casestudies/banking3.htm
ICICI - INTERNET BANKING INITIATIVES

ICICI bank was incorporated as a commercial banking compan y, by the Industrial Credit and Investment Corporation of India (ICICI) [1] , in May 1994. The first ICICI branch was started in June 1994 at Chennai. The bank provides an array of domestic and international banking services to enable national and international trade and business, investment and foreign exchange and treasury services. Right from its inception the bank focused more on incorporating advanced technology. The bank operated the largest chain of ATMs in the country, which amounted to more than 450 in 2000. All the bank's branches were fully computerized and networked through V-SAT[2] technology. By 1999, the number of branches increased to 65 and the bank plans to have over 200 branches by the end of 2002. In April 2000, ICICI became the first Indian bank to be listed on the New York Stock Exchange.. ICICI was always regarded as one of the best private banks to foster advanced technologies in the banking sector. As part of its technology drive, in 1997, ICICI launched 'Infinity,' the first Indian Internet banking service. The service was launched to reduce transaction cost and offer convenient banking to customers. This meant enabling the customers to access their bank account and make transactions at any time. ICICI realized that to make Infinity a success, it would have to invest heavily in sound Internet banking e-commerce technology. During 1995-99, ICICI invested Rs 50 million in online banking technology solutions.In 1997, ICICI bought the 'BankAway'[3] software from Infosys. BankAway was an e-commerce solution that provided the bank a platform to offer an integrated financial services portal to the

customers. It offered access to account information, bill payment, cash management, trade finance and online shopping. 'Infinity' was initially targeted at the non -resident Indians (NRIs) to enable them to manage their bank accounts in India through the Internet. According to the bank's sources, Infinity helped to increase the business generated from NRI customers from Rs 300 million in 1997 to Rs 1.4 billion in 1998. The service was also aimed at individuals in the age group of 30 to 50 years working in the corporate sector and proficient in using technology. However, over the next few years, the bank enhanced its services to attract other customers as well. As a result, by early 2000, ICICI had over 110,000 Internet banking customers. In the first half of 2000, ICICI's Internet banking customer base touched 275,000.

On account of the growing competition in the Internet banking sector, ICICI focused on enhancing and extending its business -to-business (B2B) and B2C services through tie-ups and acquisitions. The bank entered into a 50 -50 joint venture with Satyam Infoway[4] in December 1999 to offer retail banking products and services on the Internet. R. Ramraj, Managing Director, Satyam Infoway, said, "I CICI bank has many corporate clients and the idea is to develop e -commerce on a B2B platform where payments will be facilitated through ICICI. The alliance is going to give a big fillip to B2B." Infinity's services included account information, funds trans fer, bill payments, online Real-Time e-shopping payments; communication with bank manager, various customized services. The products were targeted at two different customers: individuals and small businesses, and corporates having an annual turnover of ove r Rs 500 million. In the first half of 2000, ICICI introduced new Internet banking products for school and college students. Kid -e-bank was introduced to help children between 5 -12 years to open an account and check the account balance on the Internet. Bank@campus was a service for students to enable services like ATMs, Smart Card, educational loans etc. It was launched across the country in many campuses. As part of its B2C programs, ICICI tied up with 10 shopping malls all over India. This allowed customers to shop and pay bills online from their accounts. It also tied up with 24 billing companies across 11 cities, including Bharat Sanchar Nigam Ltd. (BSNL) for bill payment. The bank also offered mutual funds related services to its customers. It also tied up with automobile major Ford, for local delivery of its car 'Ikon' against orders placed on the Internet. In 2000, ICICI bank acquired the Bank of Madura. Bank of Madura (BoM). BoM was amalgamated with ICICI bank from March 10, 2001, as a part of wh ich, ICICI

acquired BoM's customer base of 1.2 million. However, analysts felt the biggest gain was BoM's IT-savvy employees. By 2001, ICICI bank had emerged as one of the leading providers of Internet banking services in India. The bank was reportedly moving towards becoming a full-fledged e-commerce company in a couple of years. Nachiket Mor, Head of ICICI Treasury said, "The Seven -Eleven supermarket chain in Japan has recently applied for a banking license. This is the way world is moving. If supermarkets get into banking, then it is also time for banks to get into the selling of consumer durables."
HURDLES IN INTERNET BANKING

[1] ICICI is a leading financial services company, established by the Government of India, in 1955, to promote industrial development in the country. [2] Very Small Aperture Terminal (VSAT) refers to an earthbound station used in satellite communications of data, voice and video signals. A VSAT consisted of a transceiver that was placed outdoors in direct line of sight to the satellite and a device that was placed indoors to interface the transceiver with the end user's communications device such as a PC. [3]BankAway was the first Internet banking solution in India and was installed at four out of the six leading banks in the country offering Internet banking services. It was featured in a study, 'Ranking of International Internet Banking Solutions' by Meridien Research, USA. BankAway was the only solution from Asia Pacific to be featured in the report. [4]Satyam Infoway or Sify was a Chennai-based subsidiary of Satyam Computer Services. Sify focused on providing Internet solutions like ISP operations, cybercafes and e-commerce consultancy. http://www.icmrindia.org/free%20resources/casestudies/banking4.htm
THE FUTURE

Despite the rosy predictions and increased corporate activity, the Indian Inte rnet banking system is facing many hurdles. The problems include operational risks, security risks, system architecture risks, reputational risks and legal risks (See Exhibit I for Problems in Internet Banking). Apart from the security issues, there are a host of other problems like:
y y y

" PC user base in India is extremely low compared to global standards. The Internet user base is limited. Lack of infrastructure to advanced technology based banking services.

y y y

The absence of a regulatory framework for Internet banking transactions in India. The mindset of the Indian consumer, who prefers personal interactions and is not very comfortable, doing transactions through the Internet. Limited awareness about the potential of Internet banking on the part of banks.

The issue of banks not being ready to realize the full benefits of Internet banking was aptly summed up by a critic, "Much of what is now on display at bank websites is an embarrassment, to put it politely. The average site has information about certain products, e-mail contacts of bank department, perhaps the Chairman's annual general meeting speech as well. A mere information booth. This is definitely not Internet banking." However, banks are working towards addressing these problems. The security issues can be tackled by having the bank's systems technologically equipped to evade operational and security risks. Reputational risks can be prevented by testing of the system before implementation, developing contingency plans (to handle system disruptions, syste m hackers, security lapses and virus attacks) and creating back-up facilities. Legal and cross -border risks can be avoided through proper customer identification devices, information screening techniques, periodic reviews on compliance with various laws, and gaining knowledge of various national laws (applicable) and guide the customers through their cross -border dealings. Apart from ensuring the security of the Internet -based transactions, ICICI is taking steps to overcome the other hurdles. The bank is t ying up with computer manufacturers to make PCs available to customers at low prices. The bank also plans to tie-up with Sify to place its ATMs in Sify cybercafes. In 2000, ICICI opened Internet kiosks (cabins) at its ATMs to enable easy Internet access to its customers for banking. Many other banks are also adopting such practices. Analysts claim that Internet banking holds lots of potential with the emergence of growing Internet awareness among customers, integration of banking services with e -commerce service, the increasing reach of the Internet and the entry of global players in the banking sector. Even the Reserve Bank of India has come out with Internet banking related guidelines (Refer Exhibit II). With ICICI already having decided to make the Inter net an integral part of its future business plans and other banks reportedly following suit, Internet banking seems poised to become an important part of the Indian banking sector in the years to come.
QUESTIONS FOR DISCUSSION:

1. Analyze the major changes that took place in the Indian banking sector with the advent of Internet banking and discuss its advantages and disadvantages. 2. Explain how a typical Internet banking transaction is conducted and discuss the need for secure system architecture, in the light of various risks associated with Internet banking? 3. "Technology advancement in banking helps high net worth customers and big corporates, but not the average middle -class customers." Do you agree with the above statement? Give reasons to support your answer. 4. Discuss the future of Internet banking in India, keeping in view its moderate growth since its inception.
ADDITIONAL READINGS & REFERENCES: 1. Bannerjee Gunjan, Harnessing the IT Advantage, Computers Today, November 1997. 2. Mookerjee Nivedita, Internet Banking Still In The Evolution Stage, Financial Express, July 1998. 3. Strategies For Success, Financial Express, October 1999. 4. Thampi Praveen S. and Basu Indrajit, Snakes And Ladders, Computers Today, November 1999. 5. Jodhi Anurag, ICICI Sets Target For Infinity, Eyes 1-lakh Users, November 1999. 6. Rajadhyaksha Niranjan, Internet Banking Is Here, Effective Executive, April 2000. 7. Joshi Anurag, Payment Gateways - Opening New Vistas, Financial Express, May 2000. 8. Jha Neeraj, B2B Opportunities Are Huge, Financial Express, July 2000. 9. Jha Neeraj, New Initiatives In Net Banking, Financial Express July 2000. 10. Ghani AH., Unraveling The Intricacies Of Online Banking Initiatives, Financial Express July 2000. 11. Jha Neeraj, Departmental Stores And Portals Might Become Banks, Financial Express, July 2000. 12. Singh Rahul, Pvt. Banks Take Net Banking Act To Higher Gear, February 2001. 13. Farias Sandeep and Parikh Vaibhav, A Click In Time Saves Nine, The Economic Times, June 2001. 14. Internet Banking: Risks and Rewards, Professional Banker, August 2001. 15. Kamesam Vepa, Changing Faces Of Banking: Banking And Technology, Professional Banker, December 2001. 16. www.icici.com 17. www.banknetindia.com

http://www.icmrindia.org/free%20resources/casestudies/banking5.htm

-------------------------------------------------------------------------------------------------------------------------------------