Technology-Based Banking Products & Services

Download as ppt, pdf, or txt
Download as ppt, pdf, or txt
You are on page 1of 15

Technology-based Banking Products & Services

Balance inquiry Transaction


Electronic Finder Automated

information Funds transfer Cash Management Bill payment Bill presentment Loan applications Stored Value

clearinghouse (ACH) transactions Internet Payments Wireless Banking Certification Authority Data Storage

Internet Banking
First Bank in India to launch website
1996 First Bank in India to launch Internet Banking - 1997 First Bank in India to launch online bill payment-1999 Only Bank in India with million online customers Monthly average transactions per online customer- 7

Internet Banking - Statistics


117% increase in transaction volume
since April 2001 More than 1 million contacts in February 2002 Coverage across 100 locations in the country 103% increase in internet banking registrants since April 01 84% increase in transactions since April 01

Channel Usage
Call Centre 4%
Internet 4%

Branch 41%

Call Centre 6%

Internet 5%

Cops 7%

Branch 35%

ATM 51%

Apr 2001
Br an ch Cash Tr an sact i o n s Jan-02 18% Apr-01 19% No n Cash Tr an sact i o n s Jan-02 41% Apr-01 50% A TM 82% 81% 33% 39%

ATM 47%

Jan 2002
Net Nil Nil 9% 6% 7% 5% 10% Nil COPS

Cal l Cen t r es

Key Technology Risks

Vendor Risk Issues Security, Data Integrity, and Confidentiality Authentication, Identity Verification, and

Authorization Strategic and Business Risks Business Continuity Planning Permissibility, Compliance, Legal Issues, and Computer Crimes Cross Border and International Banking

Outsourcing Trends

TowerGroup estimates banks outsource over


85% of their information technology Consolidation of tech. companies and core processors Weak or negative earnings of new tech providers Banks are postponing new technology investments, but still investing in proven technologies

Outsourcing Guidance

Key elements of the risk management

process: Risk assessment Due diligence in selecting service provider Contract requirements Oversight of service provider

Regardless of the decision to outsource, the bank remains ultimately responsible.

Security and Privacy


Increases

in security events and vulnerabilities According to 2001 FBI/CSI survey, 70% reported that the Internet is the point of cyber attacks, up from 59% in 2000 Gramm-Leach-Bliley Act of 1999 requires banks to establish administrative, technical & physical safeguards to protect the privacy of customers nonpublic customer records and information

Reported Security Incidences & Vulnerabilities


Unauthorized Activity Incidents Increasing
70,000 60,000 50,000 40,000 30,000 20,000 10,000 3,410 3,570 4,132 4,755 11,345 27,890 64,230

0 2000

2001

2002

2003

2004

2005

2006

Number of New Systems Vulnerabilities


9,000 6,100 7,000 8,000 7,000 5,500 6,000 5,000 4,150 4,000 2,275 3,000 2,000 417 1,090 1,000 0 1999 2000 2001 2002 2003 2004 2005

7,600 8,076

Source: CERT/CC -- statistics are not limited to the banking industry and include all reported incidents

2006

2007

Key Elements of Security Program


Reviewing physical and logical security: Review intrusion detection and response

capabilities to ensure that intrusions will be detected and controlled Seek necessary expertise and training, as needed, to protect physical locations and networks from unauthorized access Maintain knowledge of current threats facing the bank and the vulnerabilities to systems Assess firewalls and intrusion detection programs at both primary and back-up sites to make sure they are maintained at current industry best practice levels

Key Elements of Security Program


Reviewing physical and logical security (contd): Verify the identity of new employees,

contractors, or third parties accessing your systems or facilities. If warranted, perform background checks. Evaluate whether physical access to all facilities is adequate. Work with service provider(s) and other relevant customers to ensure effective logical and physical security controls.

Authentication
Reliable customer authentication is imperative for
E-banking Effective authentication can help banks reduce fraud, reputation risk, disclosure of customer information, and promote the legal enforceability of their electronic agreements Methods to authenticate customers: Passwords & PINS Digital certificates Physical devices such as tokens Biometric identifiers

Computer Crime

Internet banking and payment systems


may allow for new ways to conduct illegal and fraudulent activities Unauthorized access to deny service or

re-direct a website Identity theft resulting in unauthorized or illegal use of account information Money laundering Phony Internet banks

Cross Border and International E-Banking

Information revolution around the globe and


borderless reach of the Internet

Increase in global partnerships/alliances Risks to U.S banks from cross border Ebanking without adequate care
Unlicensed activities? Understanding application of local prudential and customer
protection laws & regulations? Expertise?

Risks to U.S. consumers of dealing with


foreign Internet banks

Cross Border and International E-Banking

Published studies on e-banking risk and risk

management issues available at www.bis.org or www.occ.treas.gov Developing guidance on cross border, e-banking risks
and aggregation

Information sharing and training

You might also like