Sunday, May 9, 2010

Future of E-banking


With the security and privacy issues resolved, the future of electronic banking can be very prosperous. The future of electronic banking will be a system where users are able to interact with their banks “worry-free” and banks are operated under one common standard. For banks, adoption of newer technologies and upgrading existing core banking solutions will be necessary to stay ahead of the game. This is aimed at addressing issues like real time responses to customer enquiries via different channels, multi- channel management and coordination. Moreover, faster deployment of technology to enhance bank operations can be done through:
Infrastructure: Hardware, data storage, integration of business processes and security systems
Communication: use of voice systems, Mobile/PDA software, instant messaging
Trading systems: greater use of electronic trading software, equities systems.

In conclusion, the speed and impact of the ICT evolution is a practical proof of Say’s Law, which states that supply creates its own demand. Successful application of ICT within the banking sector is not just a question of the technology deployment per se, but rather how effectively the banks manage the ICT infrastructure and align it with the business objectives.

Is Online Banking Safe?

Today, the security of information may be one of the biggest concerns to the Internet users. Most of the attacks on online banking are based on deceiving the user to steal login data and valid TANs (Transactional Access Number). Two well known examples for those attacks are phishing and pharming. Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. As phishing is no longer as effective as it once was, fraudsters have developed “pharming,” which is more difficult to detect. Pharming redirects users to fake sites when they try to access legitimate websites. A customer logs on, often using an address stored in his or her "favorites" folder, to what looks like a familiar internet banking site and is redirected to a fraudulent site. Cross-site scripting and key logger/Trojan horses can also be used to steal login information. The most recent kind of attack is the so-called Man in the Browser attack, where a Trojan horses permits a remote attacker to modify the destination account number and also the amount.

In August of 1995, Citibank had problems with outsiders breaking into their system. A $10 million computer fraud against Citibank was the first successful penetration by a hacker into the system which transferred trillions of dollars a day around the world. Of the $10 million dollars illegally transferred, $400,000 were not found. Many banking experts predicted that these break-ins were bound to occur with banking business being done electronically at a time when more sophisticated personal computers are available. The Citibank $10 million break-in is one example of how the system is vulnerable to hackers. Hackers have many different ways that they can try to break into the system.

Basically there exist two different security methods for online banking.

The PIN/TAN system: In this system the PIN represents a password, used for the login and TANs representing one-time passwords to authenticate transactions. TANs can be distributed in different ways, the most popular one is to send a list of TANs to the online banking user by postal letter. The most secure way of using TANs is to generate them by need using a security token. These token generated TANs depend on the time and a unique secret, stored in the security token. Usually online banking with PIN/TAN is done via a web browser using SSL secured connections, so that there is no additional encryption needed.
Signature based online banking: In this system all transactions are signed and encrypted digitally. The keys for the signature generation and encryption can be stored on smartcards or any memory medium, depending on the concrete implementation. Digital certificates are used against phishing and pharming, the use of class-3 card readers is a measure to avoid manipulation of transactions by the software in signature based online banking variants. To protect their systems against Trojan horses, users are advised to use virus scanners and be careful with downloaded software or e-mail attachments.

Risk Management- An Imperative Objective


Managing the risks and implementing controls for Internet banking is an imperative objective of the banks. The most dangerous thing is to treat the risks as a technical problem and leave it to IT management to manage. The board and senior management of banks should establish effective management control over the risks associated with e-banking activities. Senior management should ensure that they do not engage in e-banking projects unless they have necessary technical and risk management oversight expertise at all levels. They should set the tone in managing risk by establishing key delegations and reporting mechanisms, separation of duties and escalation procedures. Management should set up a formal risk assessment process in the organization and should ensure that ongoing due diligence and risk analyses are performed as the bank initiates or expands Internet banking activities. Security controls also need special attention from management because of the open nature of the Internet and the pace of technological change. The specific focus areas that will enhance internet security include the following: Authentication; Nonrepudiation; Segregation of duties.

Authentication: This means ensuring customers are verified and their identities established before conducting business over the Internet. Passwords, biometric methods, challenge-response systems, public key infrastructure are some of the ways of strengthening authentication. There is a growing trend towards single-sign-on applications, where the customer needs only a single ID to access his entire relationship.
Nonrepudiation: Banks should make certain that customers who transact on the Internet cannot later deny having originated the transactions. Using techniques like PKI (digital certificates), strong nonrepudiation can be achieved.
Segregation of duties: As in any traditional process, segregation of duties is vital to prevent perpetration of fraud by any individual.
Banks should ensure that there are appropriate measures to protect the data integrity of e-banking transactions, records and information. All e-banking transactions should generate clear audit trails, which should be archived. It is also vital to generate and protect records of customer instructions in a legally acceptable format. Management should strengthen information security controls to preserve the confidentiality and integrity of customer data by implementing methods such as Firewalls, ethical hacking tests, physical and logical access controls.

The senior management of banks should also establish effective Legal and Reputational Risk Management in the following ways:

Privacy: To protect the privacy of the customers Banks should articulate a privacy policy and should communicate this to customers. Customers must be allowed opt-out options, and great care must be exercised before sharing customer information with outside entities. If customers are from a different jurisdiction, then the strongest privacy law may apply.
Availability: Banks should have business continuity and contingency planning processes to help ensure continuous availability of Internet banking services. This is challenging because of the potential for high transaction volume and the demand for 24-hour, seven-day-a-week availability.
Incident response: Banks should also formulate appropriate incident response plans to detect, manage, contain and minimize problems arising from internal and external attacks. There should be clear escalation paths, a communication strategy for customers and the press and a documented chain of command. Finally, there should be a process for collecting and preserving forensic evidence after an adverse event.

Risk management of e-banking should be incorporated within the existing risk management disciplines in the organization and new control procedures should be implemented with rapid changes in technology.

E-banking risks


Many researchers expect rapid growth in customers using online banking products and services. The challenge for banks is to make sure the savings from Internet banking technology more than offset the costs and risks associated with conducting business in cyberspace. The unprecedented speed with which new technologies are being adopted, the ubiquitous and global nature of electronic networks, the integration of e-banking platforms with legacy systems and the increasing dependence of banks on third party information service providers, all dramatically amplify the magnitude of risks to which banks are exposed. Internet banking does not open up new risk categories, but rather accentuates the risks that any financial institution faces. These are some of the risks that are facilitated by internet banking:

· Strategic risk
· Transaction risk
· Compliance risk
· Reputation risk
· Information security risk
· Credit risk
· Interest rate risk
· Liquidity risk
· Price risk
· Foreign exchange risk

Spurred by competitive and peer pressures, banks may seek to introduce or expand Internet banking without an adequate cost-benefit analysis. The organization structure and resources may not have the skills to manage Internet banking. This leads to strategic risks. Most Internet banking platforms are based on new platforms which use complex interfaces to link with legacy systems, thereby increasing risk of transaction errors. Third-party providers also increase transaction risks, since the organization does not have full control over a third party. Again, the compliance risks are amplified when the customer, the bank and the transaction are in more than one country. Moreover, reputation risk also arises when a bank's reputation can be damaged by Internet banking services that are poorly executed for instance, limited availability, buggy software, and poor response. Furthermore, the information security risk is the risk to earnings and capital arising out of lax information security processes, thus exposing the institution to malicious hacker or insider attacks, viruses, denial-of-service attacks, data theft, data destruction and fraud. Internet banking also leads to credit risk as it enables customers to apply for credit from anywhere in the world and find it extremely difficult to verify the identity of the customer. Again, as it is easy to compare rates across banks, pressure on interest rates is higher, accentuating the need to react quickly to changing interest rates in the market which lead to interest rate risk. The other important risk is liquidity risk that is the risk to earnings or capital arising from a bank's inability to meet its obligations. Banks may be exposed to price risk, if they create or expand deposit brokering, loan sales or securitization programs as a result of Internet banking activities. Lastly, internet banking also facilitates the foreign exchange risk as it encourages residents of other countries to transact in their domestic currencies.

Sunday, April 25, 2010

Eight Core Capabilities for exploiting E-banking

E-banking has overturned the existing technical knowledge related to network infrastructure, service offerings, and transaction and has lead to a radical overhaul of the way of doing business for the traditional banks. In facing the change, the incumbent banks need to undergo business transformation in order to exploit E-banking. To do this, banks have to change their conventional mindsets and reconfigure their capabilities around the needs of E-banking. It requires careful coordination with the development of core capabilities in order to successfully respond to the technological and business changes.

There are eight core capabilities for exploiting E-banking:

Technical dynamic capibilities
Planning new IT-infrastructure
Enhancing transaction security
Providing value-added content
Delivering differentiated services

Business dynamic capabilities
Envisioning value propositions
Managing customer relationships
Integrating physical and virtual channels
Positioning in an attractive site

These capabilities fall into two distinct groups that must be balanced. One group relates to the capabilities to utilize the emerging IT, while the second group is associated with the capabilities for the reconfiguration of the existing business model. Banks are able to properly exploit E-banking only if they renew their technical and business capabilities. There are two implications for the incumbent banks. On the one hand, banks need to develop uniquely innovative services and products through the secure technical platform and transactional process. On the other hand, they need to established innovative business model that changes the way banks operate and how they interact with their stakeholders. Thus, the eight core capabilities acts as a blueprint for sustaining a bank’s ability to exploit E-banking.

Impact of IT: Reconfiguration of the business model…..


E-banking has changed the trajectory of the IT application for the banking industry and has evolved a different business model. The differences between the business model of traditional and E- banking can be seen in the five important dimensions: value proposition, market scope, cost structure, profit potential, and value network.
Value Proposition: Traditional banking has realized the value arising out of localization, reduced risk, improved trust and brand embeddedness. Traditional banks have tried to establish a physical presence in a geographical location in order to serve local customers and to build customer trust. Additionally, banks situated in a community participated in local social networks that enhanced trust and brand impression. On the other hand, e-banking has eliminated the physical and geographic boundaries and time limitations of traditional banking. It has provided consumers with efficient time-saving, high speed financial services online and provided a channel to develop long-term customer relationships. Thus, e-banking has realized the value propositions of efficiency, convenience, customization, and market extension.
Market Scope: The market scope refers to the geographic areas and market segments to which the value should be offered. In terms of geographic areas, the market scope of traditional banking was restricted within physical marketplace where customers were mainly functionally computer illiterate. In contrast, e-banking consumers are mainly seasoned internet user and IT-literates. Internet users are generally modern young people and well educated. Therefore, to exploit the new customer base and increase the existing market share, the incumbent banks are seeking to attract and capture the potential clients as early as possible.
Cost Structure: E-banking is driven largely by the prospects of operating costs minimization and operating revenue maximization. In contrast to traditional banking, e-banking is cheaper and it handles transaction process automatically. E-banking has resulted in lower transaction and production costs but due to the electronic channel, the investments in IT and the costs of security management and financial content creation are higher than that in traditional banking. It also requires extra marketing investment to attract potential customers. On the other hand, in case of traditional banking which was rooted in branch-based networking and paid-for infrastructure provided by third-party vendors, high entry and start-up costs were the most prominent barriers for entrants. Thus, the cost structures of both banking models are different.
Profit Potential: In the traditional banking context, banks received their revenues sources directly from over-the-counter products and services they offer. In terms of e-banking, the expenses of labor, facilities, premises, and back-office paper work are minimized and the transactional commissions, servicing charge, advertising revenue, and financial information subscriptions are sources of extra revenue. Now, mobile e-banking also offers tremendous profit potential by providing mobile financial services to attract the mobile consumers. In fact, it is apparent that many banks are motivated to implement e-banking by forces relating to the maximization of the earning through increased market scope and improved customer relationship due to product delivery convenience and service customization. Therefore, e-banking could reap profits from the successful exploitation of the synergies of innovative financial services and appropriate marketing and pricing strategies via virtual channel.
Value Network: The value network describes the position of a bank within the business linking suppliers and customers, identifying potential competitors. The position of banks is mainly an intermediary in the value network of the banking industry. In the past, the value network mainly involved the consumers and financial institutions relating to the bank’s branch network. In contrast, e-banking has blurred the boundaries between banks and other industries. Banks have an opportunity for “re-intermediation” in the banking industry by developing e-banking. The new opportunities has brought new challenges as the branch network has been downsized, the traditional value network has been broken up, the competition among banks has intensified, and non-financial companies have introduced financial functions as part of their online offerings. For example, insurance companies diversify into banking, and retail e-commerce companies provide banking products. Consequently, the arrival of e-banking has accelerated the reconfiguration of the value network in banking industry.

Traditional Banking --->E-banking: Variation in technological knowledge

New information technologies and emerging business forces have triggered a new wave of financial innovation in the banking industry in the form of electronic banking. To explore the nature and real impact of IT on the banking sector, it is imperative to know how technological knowledge has changed from traditional banking to e-banking.The key differences between the traditional bricks-and-mortar banking and e-banking in the IT-infrastructure can be summarized in the Table format shown above.

Before the emergence of e-banking, the IT-infrastructure in banking shifted from mainframe to PCs, to client/server. The traditional IT-architectures were embodied in desktop computing and wired networking architecture, which was supported by proprietary electronic network like wide area network (WAN) and value-added network (VAN). The electronic data interchange (EDI) provided computer-to-computer exchange of standardized electronic transaction documents and data. The value added networks provided higher security features and quarantined bandwidth. The traditional IT architecture was meant to support transaction functions within banks and did not provide much information because of limited bandwidth, platform dependency, and multiple software licenses. On the other hand, e-banking is embodied in Internet-based computing and wired or wireless networking, which is supported by a standard protocol. By relying on the open infrastructure and standardized protocol, the Internet provides an interoperable and worldwide networking model. Contrary to the limited bandwidth of the private network, the capacity of public Internet is abundant and nearly free. Moreover, the World Wide Web (WWW) can support the transmission of multimedia data.

The application platform of traditional banking is also different from e-banking. Based on the application platform, the web-based e-banking applications can be characterized as intense hypermedia systems. The e-banking applications are frequently multifunctional systems that integrates with existing front office, back office, and legacy information systems within the bank and often need to connect with trading partners and external stakeholders. To develop an e-banking application we require a combination of web site development techniques such as content and user interface design together with object-oriented Information systems development techniques.

Thus, internet technology has overturned the IT-infrastructure of branch-based networking and triggered changes in the knowledge about networking, data transmission, computing platform, interoperability, and system design. These novel online services are likely to be significant in differentiating e-banking from traditional retail banking. Today, the technological knowledge of traditional banking is becoming obsolete and banking industry is embracing new and advanced technology.