Thursday, October 3, 2019
Literature Review of E-Banking
Literature Review of E-Banking CHAPTER 2. LITERATURE REVIEW This chapter is the literature review; the purpose of this chapter is to investigate past publications by different authors. This will include textbooks, articles and online publications that could enlightened the readers more on the area of banking and internet security measures, the standard and policy used for internet banking security in the United Kingdom and more importantly, the synergistic impact of online banking and information security in the UK banking sector. Since the invention of information technology and the internet, people of different calibre are using it to improve the services efficiently and effectively. In the retail banking sector, most of the businesses have moved majority of their physical transaction processes to online transaction process. A good example of this, I own an account with the HSBC bank for over 4years now and I cannot remember the last time I went into my branch to transact business. Most of my bill payment and transfers are done through my online banking.) Irrespective of this, Lassar et al. (2005) also affirmed that financial institutions should be able to forecast and figure out how such technology will be applied by customers. Banks and Financial institutions rely upon mostly on Information Technology for their everyday activities; therefore the Information acquired by financial organisation is not used only by the organisation and their employees but also by their customers and stake holders and partners. The users who rely on these services anticipate constant possibility of direct access to organizational information (McAnally, et al 2000). Comment..Your idea is good but you are not using well structured sentences and paragraphing. We need to talk about this asap! DEFINITION OF E BANKING. The growing tendency of e banking transaction has really signalled issues on information security that are to be noted and stringently taken care of. To get this security managed, it must be a combined effort and relationship between the customers and the financial institutions. (Re-structure the above paragraph) In general, e-banking is defined as the automated delivery of new and traditional banking products and services directly to customers through electronic, interactive communication channels. E-banking includes the systems that enable financial institution customers, individuals or businesses, to access accounts, transact business, or obtain information on financial products and services through a public or private network, including the Internet which is an integral part of e-banking. (FFIEC handbook, 2006). This new development as drastically changed the phase of internet business in the United Kingdom and it is a welcome phenomenon. WHAT IS INTERNET BANKING. For quite some years now, internet banking levels have been executed to be more fficient approach through which the banking transactions are made without having o leave your place of abode or your place of work. Some of the customers have been ecognised to turn to internet banking as a result of frustrations with conventional tandard of operation and practices. Anand, (2008) said further that while some ustomers want human interaction in transaction, some of them turned to the internet acilities for security reasons. The reason is that the customer are given assurance that heir transactions are safe and secured and most of these transactions are made via the nternet explorer interface. In its report in 2009 (what report?.This is not Harvard standard of referencing), he said online bankinghas risen. 25% of all the people who responded as regards to the most preferred way to bank.Mobile bankinghas not started at all. Only 1% of the people make transaction via mobile. The figure below s hows how they stand: Online banking: 25% Branches: 21% ATM: 17% Mail: 9% Telephone: 4% Mobile: 1% Unknown: 23% Comment Can you represent this figures or percentage with a pie chart/graph or something more comprehensive? He went ahead and said more people visit the bank branch than using the online banking . The term internet banking can then be referred to as the use of internet as a secluded way of doing banking services. These services comprise the conventional ways such as account opening or funds transfer to different accounts and new banking services like payments online that is customers permission to receive and pay bills on their website. Having understood the significant importance of IT and e banking and amount of risks and threats involve in driving the business process, therefore there is need for consistent continuation of security in business, which brings about the understanding of Information security. It is a continuous process. Information security, is the process of protecting information and information system from unauthorised access, use, disclosure, disruption, modification, destruction or bombardment, it involves confidentiality, integrity and availability of various data irrespective of the form the data takes. E.g. electronic, print, written verbal or in any other forms. (ISACA and CISA Review Manual, 2006). Comment You are not given your headings titles figures e.g. 2.0, 2.1, 2.2 etc You did not give your tables title and figures either. An Overview Of Online Banking Environment in UK An increasing competitions among the financial institutions have forced many of the competitors to offer similar prices on deposits and loans, the effort for gaining competitive advantage were shifted towards no priced-factors (Akinci et.al 2004). customers and financial institutes have noted the recent revolution in UK retail banking. The conversion from traditional banking to internet banking has been effective (kolodinsky and Hogarth, 2001). Although some researchers have bated that online banking has not lived up to expectation e.g Sarel and Marmorstein (2003) and Wang et al. (2003), a lots of studies still say that internet banking is still the most wealthiest and profitable means to transact business(Mos,1998;Sheshunoff, 2000).Online banking has come to stay no doubt about that and financial institutions are ready to move on with it. Luxman (1999) for example predicted that in the nearest future that the importance of internet banking will be felt most especially in the remote areas where some bans have closed their branches Going by the survey carried out for alliance and Leicester by (VOBS survey, 2004), 2,395 UK adults were interviewed, more that half of them now bank online. 61 percent now used it more than the previous couple of years. However, visiting the baking hall is very much popular with respondents preferring to go to banking and deal face to face with the banking staff for activities like paying cheques 73 percent, 20 percent withdraw cash over the counter and 20 percent will lodge on one complaints or the other. Mike Warriner (2008).said in a recent report from Forrester stated that only 31% of British adults bank online despite 75% regularly shopping online to quote Benjamin Ensor, principal analyst at Forrester Research, By international standards, the U.K. is an online banking laggard. He then goes on to say that The U.K. also has a relatively large number of quitters, with about two million people saying that they used to use online banking but have given up. WHAT IS WRONG WITH UK INTERNET BANKING According to a survey carried out by Darrell R. (2009) Medium size organizations all over the world are very much concerned about cyber threats. The number of incidents reported really justifies their doubts. At the close of mid 2009, McAfee discovered a new malware as they did in 2008 which could cause a lot of havoc in the internet world..Irrespective of this discovery; most organizations still cut their IT security budget instead of increasing it. A threat up budget down, McAfee called it security paradox. Ron C. (2009) reports that most companies in the UK are lagging behind the rest of the world in information security management practices, according to a new study from PriceWaterhouseCoopers. 7,000 security professionals all over the world was surveyed, mainly in large companies consisting of 455 in the U.K. The survey found out that British organisation emerges to be less prepared to fight the risks that tackle them in their information systems. The table below shows that U.K. lags in quite a few key areas of information security. Organisations have smaller amount CISOs in place; only 37% have a clear idea of where their data is stored. Then, nearly half (49%) do not know the number of security incidents they experienced in the preceding year. INTERNET TRANSACTION Transactions online help customers with the competence to conduct transactions via the website of the institution by introducing banking transactions or buying products and services. There are lots of transactions customers can engaged in on the internet which can be a small as basic retail account balance to a very big business funds transfer. Internet banking services, such as the ones carried out through some other means are categorised based on the type of customers they support. The following table shows some of the common retail and wholesale internet banking services offered by financial institutions. (FFIEC, 2006) Since transactional websites typically enable the electronic exchange of confidential. Customer information and the transfer of funds, services through online banking makes the financial institutions to be vulnerable to higher risk than basic. ADVANTAGES OF ONLINE BANKING. Convenience According to (Gerlach, 2000), internet banking services allow customers handle their habitual banking transaction without visiting the bank building or meeting any banks staff. No need to wait until 8 or 9 in the morning before you can get answer to your bank account request or details Customers can handle their transactions anywhere they like as long as they are connected to the internet or where there is availability of internet. However, since most banks offers 24 hours online banking services 7 days a week, internet banking can allow you to view and work with your account no matter what time or day it is. Thus, they can make payments, check balance, transfer money etc at the comfort zone of their homes or offices. Hence online banking has broken the limitations of the conventional way of banking thus provides customers swiftness and convenience. Time Saving and Money. When you visit banks, you will discover that most banks branches are always engaged with one activity and customers have to wait for a long time before attended to. This is a waste of time and energy. Luckily, some banking transactions can be handled at home or in office or anywhere that is convenient for the customers. In other words, customers do not need to wait for a long time in a long queue or go to their respective banks branch to carry out their banking business. Online banking therefore helps can help customers to save time and cost of travelling. Ease and Efficiency As long as they adhere to the simple steps to be followed by login in their information and clicking the right button, customers can able to check their accounts and know what their balance is, transfer funds and also carry out other valuable transactions. The timely check can help customers overdraft charges and also to know if the transactions they made was successful and completed. Hence, banking online helps customers to manage their account more easily and conveniently. On Time Gain and Update Information Online banking systems also provide the customers a timely updates about both their existing and new products and services, banking news and other vital information that the customers need to know or be updated with. Therefore customers can benefit some relative information at the appropriate time for them to make quick and right decisions. Profitability Fewer banking building will be maintained as a result of online banking and fewer employers will be involved there is a much lower over head with online banks. The saving they get as a result of this process allows them to give greater interest rates on savings account and lower lending rates and service charge. Cost Effective Internet banking cost less, this is because there are only few buildings to maintain and salaries paid to employees will be reduced as well. Since they have more to safe now and this allows them to increase their interest rate on savings account and lower lending rate and charges Easier To Catch Fraudulent Activities Since you have the opportunity of viewing your account details at anytime, it is easier to know if any fraudulent activities have gone through your account before much damage is done. Once you log into your account, you will see immediately whether there is anything wrong when you check your deposits and debits. If you do not make any transaction and you see any strange details in your account, you will see it write away and make necessary alarm to the financial institution While the internet offers miscellaneous advantages and opportunities, it also presents various security risks. Having this in mind, banks take wide measures to protect the information transmitted and processed when banking online. This comprises ensuring confidential data sent over the internet cannot be accessed on modified by unauthorised third party. But banks dont normally have influence of the systems used by the customers. The choice is entirely up to them. More over a system connected that is a pc connected to the internet for example will usually be used for a number of other applications as well. The systems used by the online banking customers are therefore exposed to risks beyond the banks control. For this reason, the bankers cannot be liable for them. Berlin, (2007). Some Dangers Faced When Using the Internet. Berlin, (2007) Third party gaining access to information transmitted or getting information under false pretences, this can be done with the aid of the following: Virus and warms: Programmes that are sent over the internet that can damage your pc when they replicate. Trojans: programmes that intercepts passwords that is not known to users that compromise computer security. Phishing: Using a fake name, website or address for fraudulent purposes. Pharming: Users being redirected to fraudulent server Root kits; An unauthorized administrative level access without the real administrator noticing through a malicious software. Their feature is almost as Trojans. Hacking: Having access to a PC via the internet when not authorised. Banks now have some numbers of measures in place that gives effective protection against attacks when information are processed by the bankers server or when information is sent over the internet. SOME SECURITY RULES WERE ALSO GIVEN Rule 1: Install security software including an up to date scanner. Additional security software has to be installed. your normal operating system standard tools alone cannot solve some security problems. F your security is not adequately in place, you run the risk of unauthorised persons gaining access to your data.e.g never save you PINs and TANs on your PC. A firewall can protect you from such attack Rule 2: Protect sensitive data when sending it over open network. Data sent over the internet may be intercepted or viewed by an unauthorised third party when the network is not secured. Banks have now taken some measure to ensure that data sent via the internet is encrypted before transmission. Rule 3: Be sure you know who you are dealing with. Not everyone on the internet are not who they claim they are. Check the URL you are in and make sure that your banks internet address is correctly spelled. Hackers impersonate someone in a position of trust to get the information they needed. This is called PHISHING. It is another technique to steal confidential code. This works by redirecting you to their own rogue server. Rule 4: Be careful with sensitive data and access media Your access code and media must be protected e.g. (PINs, chips) from unauthorised use. Do not save sensitive data such as Passwords PINs, access code, credit card numbers on your hard drive especially if the PC is not been used by you alone. This could allow third party to view your data. Rule 5: Choose a secure password. A combination of upper case and lower case letters , numbers and symbols is a typical example of a good password usually of six to eight characters. It will be difficult for anyone to guess your password. Rule 6: Only use a programme from a trustworthy source Dont download from the internet any programme into your hard drive unless you are sure of the source and that its reliable. Rule 7: Use up-to-date programme version Use your preferred internet browser and PC operating system version that is up-to-date. Rule 8: Run security checks on your PC Take a few moment to run a personal security checks before using your PC to bank online. Make sure the entire security feature that protects your computer are on. Rule 9: The security setting on your internet browser must be activated. Use Block ActiveX Control and let Java applet to run after confirmation. Do not make use of browser auto-completion function which is able to save your user name and passwords you enter and suggest matches. Rule 10: Do not make your current account available for fraudulent financial transaction. Any offers that is asking you to make your current account available for payment and other financial transaction for unknown firms and individual must be suspicious especially if they are located not within your country SOME ONLINE BANKING SCURITIES AVAILABLE Internet Security: Internet security refers to the methods used in protecting data and information in a computer from unauthorized persons. It is a serious issue in the world wide today. People who use internet should be using the internet should be well conscious of the trouble aroused as a result of it. A familiar methods used by people to guarantee information in internet are Encryption of the data Encryption of data deals with packaging up the original information into an unintelligible form that can be decoded using a certain technique. This is called cipher text. Usage of passwords -Passwords are used to avoid illegal entry of data so that the entire system is protected. Creation of passwords must be in a way that the other people do not simply guess it. Methods: There are some several methods that helps in internet security. They are listed below; Firewalls:This is software that filters unlawful access in a network. It must have a correct configuration and has to be combined with proxy firewall for a protected system. Taking Backup of Data: backup of the data from the system should be taken regularly. If the computer unexpectedly crashes down or the operating system failed to boot due to virus attack, by taking the backup data will reduce the penalty. Preventing Virus Attack: Viruses can affect computer, Trojan horse, worms etc as a result of some infected files downloaded from the internet. They are programs that are installed by itself and run at any time the host programs run and cause malicious attack. Baleful Links:Those who use the internet can avoid their system from getting affected by the virus by avoiding needless links and emails.Links may lead to download files suddenly. These cause a problem to the security of the computer and therefore must be avoided. File Sharing:Both original and pirated files are joined when files are shared on the internet thereby reduces the speed of the computer. This must be prevented. Routers:Some connections are prevented by certain routers from outside from the computer. NAT (Network Address Translation) is software that does this function and its of low cost and smallest amount complexity. Preventing Spy-Ware: Internet securities are threatened by several software. Without the permission of the user some software runs along with other application. Insider threat detection sill a challenge Threats detection from inside has always been a problem, but most investments in information security still tend to focus on keeping out viruses and intruders. The possible danger of a rascal employee can regularly be discounted, mistreated or just take the risk of doing business. A new survey conducted among 600 office workers in Canary Wharf, London and Wall Street, New York, revealed that many employees have no qualms about mishandling information. One-third of them said they would steal data to help a friend find a job, and 41% admitted they had already taken data, just in case they needed it in some future employment. Ron C. (2009) The study, which was commissioned by security company Cyber-Ark Software Inc., found that customers and their contact details were the favourite files to steal, followed by plans, proposals and product information. CUSTOMERS ATTITUDE Understanding of the impact of technology based transaction system on customers perceptions and behaviour is essential. (Moutinho et al. 2000).If banks are willing to integrate new technology into their existing relationship buildng activities Asher (1999) argued that cooperate customers seems to be willing to use internet as a key medium in banks dealings. He said the evidence suggest that coperate clints have shown a preference for online banking, due to the perception of being more cost effevtiv thah conventional channels Financial institutions use this technology in service delivery may often compromise bank business relation. (Keltner 1995) in terms of higher degree of convinience and accessability. (Devlin 1995) Therfore customers perception is very high in the delivery of the electronic banking. According to Nexhmi et al.(2003). Customers participate typically is the process of enabling customers to make their services, products. It can be diversified between the types of serv ices offered, even the services providers within the same market place for intance. Meuter et al.(2000) points out that self service technologies are increasing the way in which customers interact with their providers in the creation of service outcomes and are a typical example of a market place transaction that require no personal interaction FINANCIAL INSTITUTION AD MANAGERS ATTITUDE AND APPROACH Internet banking was still in a very young stage and its entire benefits has been realised.(Nath et. al 2001). In this case, managers of financial institutions attitude towards the perceptions of electronic channels were of significant importance.(Akinci et .al( 2004). Mols (2001) state that management support and future orientation were the two most important factors which driving the introduction and expectation of the new e-channel In another study, Mols (2000) grouped the bank managers according to their attitude towards internet banking: The sceptics the nervous, the positive and the reluctant groups. In Scotland, Moutinho et.al (2002) emphasized he scotish bank managers efficiency and enhancement of customer services as to perceive advantages of internet banking. Faster easier and more reliable service to customer and the improment of the competitive position were highlighted. (Aladwani ,2001). Based on the UK evidence,Li 2001 claimed that: the integrated banking model, aroun d which traditional banks have built their strategies in the past were showing sign of fragmentation In this sense, he sumerised four emerging internet model in the UK. The first was based on accepting internet banking as a new delivery channel that was integrated with existing model. The second model is called e-banking, was based on multibanking in which the internet was the integrative component. The third model consisted of creating baby e-banks with their own e brand name and product range. The last model was seen as entirely a new business model without a physical network. Laws, Directives, Regulations and Standards Shon Harris All in One Certified Information System Security Professional Exam Guide, Fourth Edition, 2008 Different laws, directives, regulations and standards were enacted for different reasons which include data protection, software copyright, data privacy, computer misuse as well as controls on cryptography. Health and safety, prevention of fraudulent activities, personal privacy, public order, intellectual property, environment protection and national security are reasons why the regulations can be implemented in governments and private sectors. The violation of these regulations has a severe punishment attached to them which may range from fine to jail term of up to ten years or more depending on the gravity of the crime committed. Examples of the regulations that governs information usage and protection are discussed briefly below The Sarbanes-Oxley Act (SOX) The SOX was enacted in 2002 as a result of the corporate scandals and fraud that threatened the economy of United States of America. This is also known as the Public Company Accounting Reform and Investor Protection Act of 2002 that applied to companies that publicly trading on United States market. How organizations must track, manage and report on financial information was provided for in the SOX requirements. Processes and controls must be in place to protect data because of the organizations reliance on computer equipment and electronic storage for transacting and archiving data, the section 404 of SOX is directly applied to information technology. Chief Financial Officer (CFO), Chief Executive Officer (CEO) and others can be jailed if the law is violated. The Computer Fraud and Abuse Act This act is the primary U.S federal antihacking statute that was written in 1986 and amended in 1996.Prohibition was made on seven forms of activities and was made federal crimes: The knowing access of computers of the federal government to obtain classified information without authorization or in excess of authorization.. The intentional access of computer to obtain information from a financial institution, the federal government, or nay protected computer involved in interstate or foreign communications without authorization or through use of excess of authorization. The intentional and unauthorized access of computers of the federal government, or computers used by or for government when the .access affects the governments use of that computer. The knowing access of a protected computer without authorization or in excess of authorization with the intent to defraud. Knowingly causing the transmission of a program, information, code, or command and, as a result of such conduct, intentionally causing damage without authorization to a protected computer. The knowing trafficking of computer passwords with the intent to defraud. The transmission of communications containing threats to cause damage to a protected computer. The penalty for breaching this act ranges from felonies to misdemeanors with corresponding small to large fines and jail sentences. Employee Privacy Issues For a company to be adequately protected, various employee privacy issues must be considered within the organization. Organization must understand what it can and cannot monitor as a result of different state with different privacy laws. Organization must state it in its policy that monitoring in any form are done within the organization to prevent being sued by employee for invading their privacy. This is considered the best way in which organization can protect itself. Payment Card Industry Data Security Standard (PCI DSS) The advent of internet and computer technology led to the increase in identity theft and credit card fraud which gives opportunity to millions to be stolen at once. Stabilizing customer trust in credit card as a safe way of conducting transaction and to curb the problem, a proactive step was taking by the credit card industry. The standard affects any entity that processes, transmits, stores or accepts credit data. The PCI Data Security Standard is made up of 12 main requirements that are broken down into six major categories. They are A Secured Network must be built and maintained. Requirement 1: To protect cardholder data, a firewall configuration must be installed and maintained Requirement 2: Ensure that systems passwords and other security parameters are not in vendors supplied defaults. Data of Cardholder must be protected. Requirement 3: Stored data of cardholder must be protected. Requirement 4: Across open and public networks, cardholder data must be encrypted in transmission Vulnerability Management Program must be maintained. Requirement 5:Anti-virus software must be used and updated regularly. Requirement 6: Secured systems and applications must be developed and maintained. Access Control Measures must be strong in its implementation. Requirement 7: Based on Business need-to-know, cardholder data access must be restricted. Requirement 8: Every individual having access to computer must be given a unique ID. Requirement 9: Physical access to cardholder data must be adequately restricted. Monitoring and Testing of Networks must be carried out regularly Requirement 10: All access to network resources and cardholder data must be tracked and monitored. Requirement 11: Security systems and processes must be regularly tested. An Information Security Policy must be developed and maintained. Requirement 12: A policy that addresses information security must be maintained The violation of the standard does not lead to jail term but may result in financial penalties or revocation of merchant status within the credit card industry because PCI DSS is a private sector initiative. 2.5 Database Security, Compliance and Audit by Charles Le Grand and Dan Sarel. Information Systems Control Journal Vol 5, 2008. Grand and Sarel (2008), states what it takes to adequately protect the database to ensure that compliance is met. It also provides information for auditing purposes. The objectives for ensuring database access control were also exploded by the authors. On the conclusion note of the article the authors said that the simple goal of ensuring database security is to ensure that only authorized individuals have access and all access is monitored. To limit access to only people whose jobs require it, access protection must apply to identifying the sensitive data elements: the methods for managing user credentials and access rights: and the records of who accessed what, when and what they did with it. Insider
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.