MKTNG Term Paper
MKTNG Term Paper
MKTNG Term Paper
or their representatives through devices operated either under the bank's direct control and management or under the outsourcing agreement. In other words, e-banking is the process by which a customer may perform banking transactions electronically without visiting a branch and includes the systems that enable customers of banks, individuals or businesses, to access accounts, transact business, or obtain information on financial products and services through a public or private network, including the Internet. functions of e-banking AutomatedTellerMachine(ATM): ATM is designed to perform the most important function of bank. It is operated by plastic card with its special features. The plastic card is replacing cheque, personal attendance of the customer, banking hours restrictions and paper based verification. It can provide information about customers account and also receive instructions from customersi i.e. ATM cardholders. CreditCards/DebitCards: The Credit Card holder is empowered to spend wherever and whenever he wants with his Credit Card within the limits fixed by his bank. Credit Card is a post paid card. Debit Card, on the other hand, is a prepaid card with some stored value
Smart Card: Banks are adding chips to their current magnetic stripe cards to enhance security and offer new service, called Smart Cards. Smart Cards allow thousands of times of information storable on magnetic stripe cards. In addition, these cards are highly secure, more reliable and perform multiple functions. They hold a large amount of personal information, from medical and health history to personal banking and personal preferences.
ServicesprovidedbyE-banking
Bill payment service we can make payment of electricity and telephone bills, mobile phone, credit card and insurance premium bills as each bank has tie-ups with various utility companies, service providers and insurance companies, across the country. To pay our bills, all of us need to do is complete a simple one-time registration for each biller.we can also set up standing instructions online to pay your recurring bills, automatically. Generally, the bank does not charge from customers for online bill payment.
Fund transfer we can transfer any amount from one account to another of the same or any another bank. Customers can easily send money anywhere in India. Once we login to our account, we need to mention the payees's account number, bank and the branch name also. The transfer will take place in a day or so, whereas in a traditional method, it takes about three working days. In ICICI Bank, online bill payment service and fund transfer facility are the most popular online services.
Credit card customers With the help of Internet banking, customers can not only pay their credit card bills online but also get loan on their cards. If anyone lose his/her credit card, he/she can report lost card online.
Railway pass
now a days many Indian Railways has tied up with ICICI bank anyone can now make his/her railway pass for local trains online.
Investing through Internet banking Anyone can open an FD online through funds transfer. Now investors with interlinked demat account and bank account can easily trade in the stock market and the amount will be automatically debited from their respective bank accounts and the shares will be credited in their demat account. Moreover, some banks even give the facility to purchase mutual funds directly from the online banking system.
Nowadays, most leading banks offer both online banking and demat account. Recharging your prepaid phone Now just top-up your prepaid mobile cards by logging in to Internet banking. By just selecting your operator's name, entering your mobile number and the amount for recharge, your phone is again back in action within few minutes.
Shopping With a range of all kind of products, anyone can shop online and the payment is also made conveniently through his/her account. E- banking in india
The Reserve Bank of India constituted a working group on Internet Banking. In India,the group divided the internet banking products into 3 types based on the levels of access granted. These are: 1.Information Only System: General purpose information like interest rates, branch location, bank products and their features, loan and deposit calculations are provided in the banks website. There exist facilities for downloading various types of application forms. The communication is normally done through e-mail. There is no interaction between the customer and bank's application system. No identification of the customer is done. In this system, there is no possibility of any unauthorized person getting into production systems of the bank through internet.
ii) Electronic Information Transfer System: It provides customer- specific information in the form of account balances, transaction details, and statement of accounts. Identification and authentication of the customer is done through password. The information is fetched from the bank's application system either in batch mode or off-line. The application systems cannot directly access through the internet.
iii) Fully Electronic Transactional System: It allows us bi-directional capabilities. Transactions can be submitted by the customer for online update. The system requires high degree of security and control. In this environment, web server and application systems are linked over secure infrastructure. It comprises technology covering computerization, networking and security, inter-bank payment gateway and legal infrastructure.
The entry of Indian banks into E-Banking Internet banking which is a medium of delivery of banking services and as a strategic tool for business development, has gained wide acceptance internationally and is fast catching up in India with more and more banks entering the fray. India can be said to be on the threshold of a major banking revolution with net banking having already been unveiled.At present, the total Internet users in the country are estimated at 9 lakh. However, this is expected to grow exponentially to 90 lakh by 2003. Only about 1% of Internet users did banking online in 1998. This increased to 16.7% in March 2000.* The growth potential is, therefore, immense. Further incentives provided by banks would dissuade customers from visiting physical branches, and thus get hooked to the convenience of arm-chair banking. The facility of accessing their accounts fro anywhere in the world by using a home computer with Internet connection, is particularly fascinating to Non-Resident Indians and High Networth Individuals having multiple bank accounts. Costs of banking service through the Internet form a fraction of costs through conventional methods. Rough estimates assume teller cost at Re.1 per transaction, ATM transaction cost at 45 paise, phone banking at 35 paise, debit cards at 20 paise and Internet banking at 10 paise per transaction. The cost-conscious banks in the country have therefore actively considered use of the Internet as a channel for providing services. Fully computerized banks, with better management of their customer base are in a stronger position to cross-sell their products through this channel.
Different types of risks associated with Internet banking A major driving force behind the rapid spread of i-banking all over the world is its acceptance as an extremely cost effective delivery channel of banking services as compared to other existing channels. Along with reduction in cost of transactions, it has also brought about a new orientation to risks and even new forms of risks to which
banks conducting i-banking expose themselves. Regulators and supervisors all over the world are concerned that while banks should remain efficient and cost effective, they must be conscious of different types of risks this form of banking entails and have systems in place to manage the same. An important and distinctive feature is that technology plays a significant part both as source and tool for control of risks. Because of rapid changes in information technology, there is no finality either in the types of risks or their control measures. Both evolve continuously. The thrust of regulatory action in risk control has been to identify risks in broad terms and to ensure that banks have minimum systems in place to address the same and that such systems are reviewed on a continuous basis in keeping with changes in technology. In the following paragraphs a generic set of risks are discussed as the basis for formulating general risk control guidelines, which this Group will address. Operational risk: Operational risk which is also referred to as transactional risk is the most common form of risk associated with e-banking. It takes the form of inaccurate processing of transactions, non enforceability of contracts, compromises in data integrity, data privacy and confidentiality, unauthorized access / intrusion to banks systems and transactions etc. Such risks can arise out of weaknesses in design, implementation and monitoring of banks information system. Besides inadequacies in technology, human factors like negligence by customers and employees, fraudulent activity of employees and crackers / hackers etc. can become potential source of operational risk. Security risk: Internet is a public network of computers which facilitates flow of data / information and to which there is unrestricted access. Banks using this medium for financial transactions must, have proper technology and systems in place to build a secured environment for such transactions. Security risk arises on account of unauthorized access to a banks critical information stores like accounting system, risk management system, portfolio management system, etc. A breach of security could result in direct financial loss to the bank. For example, hackers operating via the Internet, could access, retrieve and use confidential customer information and also can implant virus. This may result in loss of data, theft of or tampering with customer information, disabling of a significant portion of banks internal computer system thus denying service, cost of repairing these etc. Other related risks are loss of reputation, infringing customers privacy and its legal implications etc. Thus, access control is of paramount importance. Controlling access to banks system has become more complex in the Internet environment which is a public domain and attempts at unauthorized access could emanate from any source and from anywhere in the world with or without criminal intent. Attackers could be hackers, unscrupulous
vendors, disgruntled employees or even pure thrill seekers. Also, in a networked environment the security is limited to its weakest link. Therefore, it is necessary that banks critically assess all interrelated systems and have access control measures in place in each of them. In addition to external attacks banks are exposed to security risk from internal sources e.g. employee fraud. Employees being familiar with different systems and their weaknesses become potential security threats in a loosely controlled environment. They can manage to acquire the authentication data in order to access the customer accounts causing losses to the bank. Unless specifically protected, all data / information transfer over the Internet can be monitored or read by unauthorized persons. There are programs such as sniffers which can be set up at web servers or other critical locations to collect data like account numbers, passwords, account and credit card numbers. Data privacy and confidentiality issues are relevant even when data is not being transferred over the net. Data residing in web servers or even banks internal systems are susceptible to corruption if not properly isolated through firewalls from Internet. The risk of data alteration, intentionally or unintentionally, but unauthorized is real in a networked environment, both when data is being transmitted or stored. Proper access control and technological tools to ensure data integrity is of utmost importance to banks. Another important aspect is whether the systems are in place to quickly detect any such alteration and set the alert. Identity of the person making a request for a service or a transaction as a customer is crucial to legal validity of a transaction and is a source of risk to a bank. A computer connected to Internet is identified by its IP (Internet Protocol) address. There are methods available to masquerade one computer as another, commonly known as IP Spoofing. Likewise user identity can be misrepresented. Hence, authentication control is an essential security step in any e-banking system. Non-repudiation involves creating a proof of communication between two parties, say the bank and its customer, which neither can deny later. Banks system must be technologically equipped to handle these aspects which are potential sources of risk. System architecture and design Appropriate system architecture and control is an important factor in managing various kinds of operational and security risks. Banks face the risk of wrong choice of technology, improper system design and inadequate control processes. For example, if access to a system is based on only an IP address, any user can gain access by masquerading as a legitimate user by spoofing IP address of a genuine user. Numerous protocols are used for communication across Internet. Each protocol is designed for specific types of data transfer. A system allowing communication with all protocols, say HTTP (Hyper Text Transfer Protocol), FTP (File Transfer Protocol), telnet etc. is more prone to attack than one designed to permit say, only HTTP. 5.4.2 Choice of appropriate technology is a potential risk banks face. Technology which is outdated, not scalable or not proven could land the bank in investment loss, a
vulnerable system and inefficient service with attendant operational and security risks and also risk of loss of business. 5.4.3 Many banks rely on outside service providers to implement, operate and maintain their 45 e-banking systems. Although this may be necessary when banks do not have the requisite expertise, it adds to the operational risk. The service provider gains access to all critical business information and technical systems of the bank, thus making the system vulnerable. In such a scenario, the choice of vendor, the contractual arrangement for providing the service etc., become critical components of banks security. Bank should educate its own staff and over dependencies on these vendors should be avoided as far as possible. 5.4.4 Not updating banks system in keeping with the rapidly changing technology, increases operational risk because it leaves holes in the security system of the bank. Also, staff may fail to understand fully the nature of new technology employed. Further, if updating is left entirely at customers end, it may not be updated as required by the bank. Thus education of the staff as well as users plays an important role to avoid operational risk. 5.4.5 Approaches to reduce security related operational risk are discussed in detail in Chapter-6. These include access control, use of firewalls, cryptographic techniques, public key encryption, digital signature etc. REPUTATIONAL RISK 5.5.1 Reputational risk is the risk of getting significant negative public opinion, which may result in a critical loss of funding or customers. Such risks arise from actions which cause major loss of the public confidence in the banks' ability to perform critical functions or impair bank-customer relationship. It may be due to banks own action or due to third party action. 5.5.2 The main reasons for this risk may be system or product not working to the expectations of the customers, significant system deficiencies, significant security breach (both due to internal and external attack), inadequate information to customers about product use and problem resolution procedures, significant problems with communication networks that impair customers access to their funds or account information especially if there are no alternative means of account access. Such situation may cause customer-discontinuing use of product or the service. Directly affected customers may leave the bank and others may follow if the problem is publicized. 46 5.5.3 Other reasons include losses to similar institution offering same type of services causing customer to view other banks also with suspicion, targeted attacks on a bank like hacker spreading inaccurate information about bank products, a virus disturbing banks
system causing system and data integrity problems etc. 5.5.4 Possible measures to avoid this risk are to test the system before implementation, backup facilities, contingency plans including plans to address customer problems during system disruptions, deploying virus checking, deployment of ethical hackers for plugging the loopholes and other security measures. 5.5.5 It is significant not only for a single bank but also for the system as a whole. Under extreme circumstances, such a situation might lead to systemic disruptions in the banking system as a whole. Thus the role of the regulator becomes even more important as not even a single bank can be allowed to fail. Legal risk Legal risk arises from violation of, or non-conformance with laws, rules, regulations, or prescribed practices, or when the legal rights and obligations of parties to a transaction are not well established. 5.6.2 Given the relatively new nature of Internet banking, rights and obligations in some cases are uncertain and applicability of laws and rules is uncertain or ambiguous, thus causing legal risk. 5.6.3 Other reasons for legal risks are uncertainty about the validity of some agreements formed via electronic media and law regarding customer disclosures and privacy protection. A customer, inadequately informed about his rights and obligations, may not take proper precautions in using Internet banking products or services, leading to disputed transactions, unwanted suits against the bank or other regulatory sanctions. 5.6.4 In the enthusiasm of enhancing customer service, bank may link their Internet site to other sites also. This may cause legal risk. Further, a hacker may use the linked site to defraud a bank customer. 5.6.5 If banks are allowed to play a role in authentication of systems such as acting as a Certification Authority, it will bring additional risks. A digital certificate is intended to ensure that a given signature is, in fact, generated by a given signer. Because of this, the certifying bank may become liable for the financial losses incurred by the party relying 47 on the digital certificate. Money laundering risk As Internet banking transactions are conducted remotely banks may find it difficult to apply traditional method for detecting and preventing undesirable criminal activities. Application of money laundering rules may also be inappropriate for some forms of electronic payments. Thus banks expose themselves to the money laundering risk. This may result in legal sanctions for non-compliance with know your customer laws. To avoid this, banks need to design proper customer identification and screening techniques, develop audit trails, conduct periodic compliance reviews, frame policies
and procedures to spot and report suspicious activities in Internet transactions. Cross border risks Internet banking is based on technology that, by its very nature, is designed to extend the geographic reach of banks and customers. Such market expansion can extend beyond national borders. This causes various risks. It includes legal and regulatory risks, as there may be uncertainty about legal requirements in some countries and jurisdiction ambiguities with respect to the responsibilities of different national authorities. Such considerations may expose banks to legal risks associated with non-compliance of different national laws and regulations, including consumer protection laws, record-keeping and reporting requirements, privacy rules and money laundering laws.If a bank uses a service provider located in another country, it will be more difficult to monitor it thus, causing operational risk. Also, the foreign-based service provider or foreign participants in Internet banking are sources of country risk to the extent that foreign parties become unable to fulfil their obligations due to economic, social or political factors. 5.8.4 Cross border transaction accentuates credit risk, since it is difficult to appraise an application for a loan from a customer in another country compared to a customer from a familiar customer base. Banks accepting foreign currencies in payment for electronic money may be subjected to market risk because of movements in foreign exchange rates. Strategic Risk This risk is associated with the introduction of a new product or service. Degree of this risk depends upon how well the institution has addressed the various issues related to development of a business plan, availability of sufficient resources to support this plan, credibility of the vendor (if outsourced) and level of the technology used in comparison to the available technology etc. For reducing such risk, banks need to conduct proper survey, consult experts from various fields, establish achievable goals and monitor performance. Also they need to analyse the availability and cost of additional resources, provision of adequate supporting staff, proper training of staff and adequate insurance coverage. Due diligence needs to be observed in selection of vendors, audit of their performance and establishing alternative arrangements for possible inability of a vendor to fulfil its obligation . Besides this, periodic evaluations of new technologies and appropriate consideration for the costs of technological upgradation are required. Other risks Traditional banking risks such as credit risk, liquidity risk, interest rate risk and market
risk are also present in Internet banking. These risks get intensified due to the very nature of Internet banking on account of use of electronic channels as well as absence of geographical limits. However, their practical consequences may be of a different magnitude for banks and supervisors than operational, reputational and legal risks. This may be particularly true for banks that engage in a variety of banking activities, as compared to banks or bank subsidiaries that specialize in Internet banking. Credit risk is the risk that a counter party will not settle an obligation for full value, either when due or at any time thereafter. Banks may not be able to properly evaluate the credit worthiness of the customer while extending credit through remote banking procedures, which could enhance the credit risk. Presently, banks generally deal with more familiar customer base. Facility of electronic bill payment in Internet banking may cause credit risk if a third party intermediary fails to carry out its obligations with respect to payment. Proper evaluation of the creditworthiness of a customer and audit of lending process are a must to avoid such risk. Another facility of Internet banking is electronic money. It brings various types of risks associated with it. If a bank purchases e-money from an issuer in order to resell it 49 to a customer, it exposes itself to credit risk in the event of the issuer defaulting on its obligation to redeem electronic money,. Liquidity Risk arises out of a banks inability to meet its obligations when they become due without incurring unacceptable losses, even though the bank may ultimately be able to meet its obligations. It is important for a bank engaged in electronic money transfer activities that it ensures that funds are adequate to cover redemption and settlement demands at any particular time. Failure to do so, besides exposing the bank to liquidity risk, may even give rise to legal action and reputational risk. Similarly banks dealing in electronic money face interest rate risk because of adverse movements in interest rates causing decrease in the value of assets relative to outstanding electronic money liabilities. Banks also face market risk because of losses in on-and-off balance sheet positions arising out of movements in market prices including foreign exchange rates. Banks accepting foreign currency in payment for electronic money are subject to this type of risk. . Risk of unfair competition: Internet banking is going to intensify the competition among various banks. The open nature of Internet may induce a few banks to use unfair practices to take advantage over rivals. Any leaks at network connection or operating system etc., may allow them to interfere in a rival banks system. Thus one can find that along with the benefits, Internet banking carries various risks for bank itself as well as banking system as a whole. The rapid pace of technological
innovation is likely to keep changing the nature and scope of risks banks face. These risks must be balanced against the benefits. Supervisory and regulatory authorities are required to develop methods for identifying new risks, assessing risks, managing risks and controlling risk exposure. But authorities need to keep in consideration that the development and use of Internet banking are still in their early stages, and policies that hamper useful innovation and experimentation should be avoided. Thus authorities need to encourage banks to develop a risk management process rigorous and comprehensive enough to deal with known risks and flexible enough to accommodate changes in the type and intensity of the risks.
Recommendations 6.4.1 Security Organization: Organizations should make explicit security plan and document it. There should be a separate Security Officer / Group dealing exclusively with information systems security. The Information Technology Division will actually implement the computer systems while the Computer Security Officer will deal with its security. The Information Systems Auditor will audit the information systems. 6.4.2 Access Control: Logical access controls should be implemented on data, systems, application software, utilities, telecommunication lines, libraries, system software, etc. Logical access control techniques may include user-ids, passwords, smart cards or other biometric technologies. 6.4.3 Firewalls: At the minimum, banks should use the proxy server type of firewall so that there is no direct connection between the Internet and the banks system. It facilitates a high level of control and in-depth monitoring using logging and auditing tools. For sensitive systems, a stateful inspection firewall is recommended which thoroughly inspects all packets of information, and past and present transactions are compared. These generally include a real-time security alert. 6.4.4 Isolation of Dial Up Services: All the systems supporting dial up services through modem on the same LAN as the application server should be isolated to prevent intrusions into the network as this may bypass the proxy server. 6.4.5 Security Infrastructure: At present, PKI is the most favored technology for secure Internet banking services. However, it is not yet commonly available. While PKI infrastructure is strongly recommended, during the transition period, until IDRBT or Government puts in the PKI infrastructure, the following options are recommended 1. Usage of SSL, which ensures server authentication and the use of client side certificates issued by the banks themselves using a Certificate Server. 2. The use of at least 128-bit SSL for securing browser to web server communications and, in addition, encryption of sensitive data like passwords in transit within the enterprise itself. 6.4.6 Isolation of Application Servers: It is also recommended that all unnecessary services
on the application server such as ftp, telnet should be disabled. The application server 72 should be isolated from the e-mail server. 6.4.7 Security Log (audit Trail): All computer accesses, including messages received, should be logged. All computer access and security violations (suspected or attempted) should be reported and follow up action taken as the organizations escalation policy. 6.4.8 Penetration Testing: The information security officer and the information system auditor should undertake periodic penetration tests of the system, which should include: 1. Attempting to guess passwords using password-cracking tools. 2. Search for back door traps in the programs. 3. Attempt to overload the system using DdoS (Distributed Denial of Service) & DoS (Denial of Service) attacks. 4. Check if commonly known holes in the software, especially the browser and the email software exist. 5. The penetration testing may also be carried out by engaging outside experts (often called Ethical Hackers). 6.4.9 Physical Access Controls: Though generally overlooked, physical access controls should be strictly enforced. The physical security should cover all the information systems and sites where they are housed both against internal and external threats. 6.4.10 Back up & Recovery: The bank should have a proper infrastructure and schedules for backing up data. The backed-up data should be periodically tested to ensure recovery without loss of transactions in a time frame as given out in the banks security policy. Business continuity should be ensured by having disaster recovery sites where backedup data is stored. These facilities should also be tested periodically. 6.4.11 Monitoring against threats: The banks should acquire tools for monitoring systems and the networks against intrusions and attacks. These tools should be used regularly to avoid security breaches. 6.4.12 Education & Review: The banks should review their security infrastructure and security policies regularly and optimize them in the light of their own experiences and changing technologies. They should educate on a continuous basis their security personnel and also the end-users. 6.4.13 Log of Messages: The banking applications run by the bank should have proper record keeping facilities for legal purposes. It may be necessary to keep all received and sent 73 messages both in encrypted and decrypted form. (When stored in encrypted form, it should be possible to decrypt the information for legal purpose by obtaining keys with owners consent.) 6.4.14 Certified Products: The banks should use only those security solutions/products which are properly certified for security and for record keeping by independent agencies (such as IDRBT).
6.4.15 Maintenance of Infrastructure: Security infrastructure should be properly tested before using the systems and applications for normal operations. The bank should upgrade the systems by installing patches released by developers to remove bugs and loopholes, and upgrade to newer versions which give better security and control. 6.4.16 Approval for I-banking: All banks having operations in India and intending to offer Internet banking services to public must obtain an approval for the same from RBI. The application for approval should clearly cover the systems and products that the bank plans to use as well as the security plans and infrastructure. RBI may call for various documents pertaining to security, reliability, availability, auditability, recoverability, and other important aspects of the services. RBI may provide model documents for Security Policy, Security Architecture, and Operations Manual. 6.4.17 Standing Committee: RBI may set up a standing Committee to monitor security policy issues and technologies, to review prescribed standards, and to make fresh recommendations on a regular basis.
Internet Banking and Money Laundering: One of the major concerns associated with Internet Banking has been that the Internet banking transactions may become untraceable and are incredibly mobile and may easily be anonymous and may not leave a traditional audit trail by allowing instantaneous transfer of funds. It is pertinent to note that money-laundering transactions are cash transactions leaving no paper trail. Such an apprehension will be more in the case of use of electronic money or e-cash. In the case of Internet Banking the transactions are initiated and concluded between designated accounts. Further Section 11 of the proposed Prevention of Money Laundering Bill, 1999 imposes an obligation on every Banking Company, Financial Institution and intermediary to maintain a record of all the transactions or series of transactions taking place within a month, the nature and value of which may be prescribed by the Central Government. These records are to be maintained for a period of five years from the date of cessation of the transaction between the client and the banking company or the financial institution or the intermediary. This would apply to banks offering physical or Internet banking services. This will adequately guard against any misuse of the Internet banking services for the purpose of money laundering. Further the requirement of the banking companies to preserve specified ledgers, registers and other records for a period of 5 to 8 years, as per the Banking Companies (Period of Preservation of Records) Rules, 1985 promulgated by the Central Government also adequately takes care of this concern. 7.9.1. Maintenance of Records: Section 4 of the Bankers Books Evidence Act, 1891,
provides that a certified copy of any entry in a bankers book shall in all legal proceedings be received as a prima facie evidence of the existence of such an entry. The Banking Companies (Period of Preservation of Records) Rules, 1985 promulgated by the Central Government requires banking companies to maintain ledgers, records, books and other documents for a period of 5 to 8 years. A fear has been expressed as to whether the above details of the transactions if maintained in an electronic form will also serve the above purpose. The Group is of the considered opinion that that this has been adequately taken care of by Section 7 and Third Schedule of the Information Technology Act, 2000. 7.10.1 Inter-Bank Electronic Funds Transfer: The Electronic Funds Transfer via the Internet, 82 in its present form is provided only between accounts with the same bank. The transaction is effected by the originator who gives the electronic payment order to one branch of a bank offering the Internet banking facility ("the Sending Branch"). The electronic instruction is processed by the backend software of the branch to confirm the account number and the persons identification and instruction is issued by the Sending Branch to the branch having the account of the beneficiary ("Beneficiary Branch") to credit the account of the beneficiary. The Sending Branch debits the account of the originator at its end. At present there is no clearing mechanism in place for settlement of inter-bank electronic funds transfer. The entire gamut of electronic funds transfer and the legal issues and risks involved in the same are currently being examined by a committee set up by the Reserve Bank of India. The 4th Schedule to the Information Technology Act, 2000 has amended the Reserve Bank of India Act. 1934 empowering the Reserve Bank of India to regulate electronic funds transfer between banks and banks and other financial institutions. 7.11.1 Miscellaneous: During the course of deliberations, the Group discussed certain issues where the legal position is not clear but have a bearing on Internet banking. Certain issues have also not been addressed by the Information Technology Act, 2000. Such issues are briefly discussed below. The Consumer Protection Act 1986 defines the rights of consumers in India and is applicable to banking services as well. The issues of privacy, secrecy of consumers accounts and the rights and liabilities of customers and banks, etc. in the context of Internet banking have been discussed in earlier paragraphs. In cases where bilateral agreements defining customers rights and liabilities are adverse to consumers than what are enjoyed by them in the traditional banking scenario, it is debatable whether such agreements are legally tenable. For example, whether a bank can claim immunity if money is transferred unauthorizedly by a hacker from a customers account, on the pretext that it had taken all reasonable and agreed network security measures. In a traditional banking scenario, a bank has normally no protection against payment of a forged cheque. If the same logic is extended, the bank providing I-banking may not absolve itself from liability to the customers on account of unauthorized transfer
through hacking. Similar position may obtain in case of denial of service. Even though, The Information Technology Act, 2000 has provided for penalty for denial of access to a 83 computer system (Section-43) and hacking (Section 66), the liability of banks in such situations is not clear. The Group was of the view that the banks providing Internet banking may assess the risk and insure themselves against such risks. 7.11.2 There was no specific enactment in India which protects privacy of customers. Bankers secrecy obligation mostly followed from different case laws. In UK, the Data Protection Act 1984 specifically prohibits personal data from being disclosed for purposes other than for which the data is held. This prohibits use of customer data relating to their spending habits, preferences etc., for any commercial purpose. The Office of the Comptroller of Currency have also issued directions to US banks enforcing customers privacy. The Information Technology Act, 2000, in Section 72 has provided for penalty for breach of privacy and confidentiality. Further, Section 79 of the Act has also provided for exclusion of liability of a network service provider for data travelling through their network subject to certain conditions. Thus, the liability of banks for breach of privacy when data is travelling through network is not clear. This aspect needs detailed legal examination. The issue of ownership of transactional data stored in banks computer systems also needs further examination. 7.11.3 The applicability of various existing laws and banking practices to e-banking is not tested and is still in the process of evolving, both in India and abroad. With rapid changes in technology and innovation in the field of e-banking, there is a need for constant review of different laws relating to banking and commerce. The Group, therefore, recommends that the Reserve Bank of India may constitute a multi disciplinary high level standing committee to review the legal and technological requirements of e-banking on continual basis and recommend appropriate measures as and when necessary. 84 Chapter- 8- Regulatory and supervisory concerns 8.1 Banking on the Internet provides benefits to the consumer in terms of convenience, and to the provider in terms of cost reduction and greater reach. The Internet itself however is not a secure medium, and thus poses a number of risks of concern to regulators and supervisors of banks and financial institutions. World over, regulators and supervisors are still evolving their approach towards the regulation and supervision of Internet banking. Regulations and guidelines issued by some countries include the following. 1. Requirement to notify about web site content 2. Prior authorization based on risk assessment made by external auditors 3. On-site examination of third party service providers 4. Off-site policing the perimeters to look for infringement.
5. Prohibition on hyper links to non bank business sites 6. Specification of the architecture In some countries supervisors have followed a hands-off approach to regulation of such activities, while others have adopted a wait and watch attitude. This chapter suggests approaches to supervision of Internet banking activities, drawing upon the best international practices in this area as relevant to the Indian context. 8.2 Major supervisory concerns 8.2.1 These concerns can be clubbed into the following: 1. Operational risk issues 2. Cross border issues 3. Customer protection and confidentiality issues 4. Competitiveness and profitability issues 8.2.2 Operational risk issues The open architecture of the Internet exposes the banks systems to decide access through the easy availability of technology. The dependence of banks on third party providers places knowledge of banks systems in a public domain and leaves the banks dependent upon relatively small firms which have high turnover of personnel. Further, there is absence of conventional audit trails as also relative anonymity of transactions 85 due to remote access. It is imperative that security and integrity of the transactions are protected so that the potentiality for loss arising out of criminal activities, such as fraud, money laundering, tax evasion etc. and a disruption in delivery systems either by accident or by design, are mitigated. The supervisory responses to manage operational risk matters include issue of appropriate guidance on the risk (including outsourcing risk) control and record maintenance, issue of minimum standards of technology and security appropriate to the conduct of transactional business, extension of know your customer rules for transactions on the Internet, and insistence on appropriate and visible disclosure to inform customers of the risks that they face on doing business on the Internet. 8.2.3 Cross border issues The Internet knows no frontiers, and banks can source deposits from jurisdiction where they are not licensed or supervised or have access to payment systems. Customers can Potentiality Park their funds in jurisdictions where their national authorities have no access to records. The issues of jurisdiction, territoriality and recourse become even more blurred in the case of virtual banks. Cross border issues would also come into play where banks choose to locate their processing centres, records or back up centres in different jurisdictions. While country - specific approaches are being adopted at the national level, the Group on e-banking set up by the Basle Committee on Banking Supervision (BCBS) is engaged in bringing about harmonization in approaches at an international level.
8.2.4 Customer protection and confidentiality issues: The loss of customer confidentiality may pose a reputation risk to banks and the banking system as a whole. Transacting business on the Internet exposes data being sent across the Internet to interception by unauthorized agents, who may then use the data without the approval of the customers. There has also been incidence where glitches have developed in web sites permitting customers to access each others accounts. To address these risks, customers need to be educated through adequate disclosures of such risks. 8.2.5 Competitiveness and profitability issues: While Internet banking is expected to substantially reduce the cost of doing transactions 86 in the long run, the limited business being done on the Internet has yet to pay for the infrastructure in which banks have invested. This includes the tie up with technology companies in setting up payment gateways, portals and Internet solutions and the alliance with other businesses for cross-selling products. The coming years may however see a scenario where the margins of conventional banks come under pressure because of competition from Internet banking, including virtual banks, which need no infrastructure expenses. These issues have to be kept in mind by supervisors while deciding their approach to e-banking. 8.3 Broad regulatory framework It would be necessary to extend the existing regulatory framework over banks to Internet banking also. Such an approach would need to take into account the provisions of both the Banking Regulation Act 1949 and the Foreign Exchange Management Act, 1999. 1. Only such banks which are licensed and supervised in India and have a physical presence here should be permitted to offer Internet banking products to residents of India. 2. These products should be restricted to account holders only and should not be offered in other jurisdictions. 3. The services should only offer local currency products and that too by entities who are part of the local currency payment systems. 4. The in-out scenario where customers in cross border jurisdictions are offered banking services by Indian banks (or branches of foreign banks in India) and the outin scenario where Indian residents are offered banking services by banks operating in cross-border jurisdictions are generally not permitted and this approach should be carried over to Internet banking also. 5. The existing exceptions for limited purposes under FEMA i.e. where resident Indians have been permitted to continue to maintain their accounts with overseas banks etc., would however be permitted transactions. 6. Overseas branches of Indian banks would be permitted to offer Internet banking
services to their overseas customers subject to their satisfying, in addition to the host supervisor, the home supervisor in keeping with the supervisory approach outlined in 87 the next section. 7. This extension of approach would apply to virtual banks as well. Thus, both banks and virtual banks incorporated outside the country and having no physical presence here would not, for the present, be permitted to offer Internet services to Indian depositors.
Review of literature 1. Ayo, C. K, 2Adewoye J. O, and 1Oni A. A. Department of Computer and Information Sciences, Covenant UniversityOta, Nigeria,Department of Management Sciences, Ladoke Akintola University of Technology Ogbomoso, Nigeria, conducted a research on implementation of e banking in Nigeria. In Nigeria the most widely used instrument of e banking is ATM card i.e. automatic teller machine. With the adoption of e-Banking by all the banks in Nigeria the volume of cash circulation has continued to increase pre-andpost bank recapitalization/consolidation exercise.25 banks that survived the exercise were found lately to have depleted their capital base and have lost credibility before the consumers, e-Banking implementation not with standing. Therefore in this research the author reviewed the state of e banking implementation and also evaluate the influence of trust on the adoption of e-Payment using an extended technology acceptance model (TAM). The author also investigated organizational, reputation, perceived risk and perceived trust in the management of banks as a factor for enhancing customer loyalty.the conclusion of this research reveal that perceived usefulness are not only antecedent to ebanking acceptance, they are also factors to retain customers to the use of e-banking system such as organizational,reputation,perceived risk and trust.
Banking is topic, practice, business or profession almost as old as the very existence of man, but literarily it can be rooted deep back the days of the Renaissance (by the Florentine Bankers). It has sprouted from the very primitive Stone-age banking, through the Victorian-age to the technology-driven Google-age banking, encompassing automatic teller machines (ATMs), credit and debit cards, correspondent and internet banking. Credit risk has always been a vicinity of concern not only to bankers but to all in the business world because the risks of a trading partner not fulfilling his obligations in full on due date can seriously jeopardize the affaires of the other partner. The axle of this study is to have a clearer picture of how banks manage their credit risk. In this light, the study in its first section gives a background to the study and the second part is a detailed literature review on banking and credit risk management tools and assessment models. The third part of this study is on hypothesis testing and use is made of a simple regression model. This leads us to conclude in the last section that banks with good credit risk management policies have a lower loan default rate and relatively higher interest income.
3. Arne Floh Horst Treiblmaier Department of Marketing Department of Information Systems Vienna University of Economics Vienna University of Economics and Business Administration and Business Administration [email protected] [email protected] ABSTRACT At first sight the Internet is the ideal medium for carrying out banking activities due to its cost savings potential and speed of information transmission. From a technological and costdriven standpoint it may seem quite logical for banks to shift as many banking activities online as possible. At the same time, the question of how to foster customer loyalty arises when the relationship between the bank and the user becomes a virtual one. This paper investigates the importance of antecedents of online loyalty such as trust, quality of the Web site, quality of the service and overall satisfaction. Rather than investigating which factors drive customers to use online banking instead of offline banking, this paper addresses the problem of how to keep customers online and loyal to a specific supplier. A survey among more than 2,000 customers of an Austrian online bank was conducted and a structural equation modeling approach was used to gain important insights into how customer retention in the online banking business can be ensured. Satisfaction and trust were identified as important antecedents of loyalty. Additionally, the moderating role of consumer characteristics (gender, age, involvement, perceived risk and technophobia) was supported by the data. Keywords: Loyalty, E-Banking, Structural Equation Modeling, Multigroup Analysis
4. A proposed model of e-trust for electronic banking Shumaila Y. Yousafzai, John G. Pallister, Gordon R. Foxall Cardiff Business School, Cardiff University, Aberconway Building, Colum Drive, Cardiff CF10 3EU, UK Abstract With the phenomenal growth of B2C e-commerce, most industries including banking and financial services sector have been influenced, in one way or another. Several studies suggest that customers have not adopted B2C e-commerce in the same degree primarily because of risk concerns and trust-related issues. This paper extends an area of information systems research into a marketing of financial services context by looking into the element of trust and risk in e-banking. A conceptual model of trust in e-banking is proposed with two main antecedents that influence customers trust: perceived security and perceived privacy. The antecedent variables are moderated by the perceived trustworthiness attributes of the bank, which includes benevolence, integrity and competence. Trust is being defined as a function of the degree of risk involved in the ebanking transaction, and the outcome of trust is proposed to be reduced perceived risk, leading to positive intentions towards adoption of e-banking.
Keywords: Electronic banking; Trust; Perceived risk 5.Gunajit Sarma1 and Pranav Kumar Singh2,* 1Department of Humanities and Social Sciences, Central Institute of Technology, Kokrajhar, Assam783370, India 2Department of Computer Science & Engineering, Central Institute of Technology, Kokrajhar, Assam783370, India * Corresponding author, e-mail: ([email protected]) (Received: 17-11-2010; Accepted: 3-12-2010) Abstract: Todays world is one with increasing online access to services. One part of this which is growing rapidly is Internet Banking. This is very convenient and the ready access to the Internet in all first world countries , coupled with the cost Savings from closing bank branches , is driving the operation and adoption of these services. Internet banking allows customers to conduct financial transactions on a secure website operated by their retail or
virtual bank, credit union or building society. This paper mainly focused on providing banking services to customers using web with highly secured technology. Implementing technology is the responsibility of management. We are highlighting the points towards the use of biometric technology in internet banking system for risk management of banks regular activities through authentication.
6.Dr Ahmad Kaleem Associate Professor Department of Business Administration Lahore School of Economics, Lahore, Pakistan. Email: [email protected]
Abstract Electronic distribution channels have gained increasing popularity in recent years. It provides alternatives for faster delivery of banking services to a wider scope of customers. This study aims to collect the SMEs owners/executives/managers perceptions towards the potential benefits and the risks associated to electronic banking in Pakistan. Data is collected through primary sources which are examined via frequency analysis and mean score analysis. The results indicate that SMEs use banks mainly for depositing cheques and cash, withdrawing cash and transferring funds. They least use banks for transactions related to foreign exchange and credit. SMEs are well aware about the presence of electronic banking in a country and 62.30% of the respondents regularly use this facility for financial transactions purposes. The study identifies payment of utility bills, complaint handling and daily account report as most desired facilities from SMEs. Which also perceive electronic banking as tools for time saving, facilitates quick response and minimizes risk of carrying cash. SMEs further believe that electronic banking increases chances of government access to public data, chances of fraud and chances of data losses.
The study also segregates the data into electronic banking (EB) users and non-users basis to identify discrepancies in their perceptions towards the available financial services or facilities. EB users consider minimizes inconvenience as most desired benefit while EB non-users consider funds transferring and providing up to date information as important benefits of electronic banking. Lastly, EB users think heavy costs for services as an additional risk associated to electronic banking.