internet and mobile banking

7/28/2019 Internet and Mobile Banking

1/53

Presented by:Arpit Macwan

Hardik chavdaKartik Tosar

Vaibhav Parmar


2/53

IntroductionWith the popularity of PCs, easy access to Internet and

World Wide Web (WWW), Internet is increasinglyused by banks as a channel for receiving instructionsand delivering their products and services to theircustomers.

This form of banking is generally referred to as

Internet Banking, although the range of products andservices offered by different banks vary widely both intheir content and sophistication.


3/53

Broadly, the levels of banking services offered through INTERNET

can be categorized in to three types:(i) The Basic Level Service is the banks websites which disseminateinformation on different products and services offered tocustomers and members of public in general. It may receive andreply to customers queries through e-mail,

(ii) In the next level are Simple Transactional Websites which allowcustomers to submit their instructions, applications for differentservices, queries on their account balances, etc, but do not permitany fund-based transactions on their accounts,

(iii) The third level of Internet banking services are offered by FullyTransactional Websites which allow the customers to operate ontheir accounts for transfer of funds, payment of different bills,subscribing to other products of the bank and to transact

purchase and sale of securities, etc.


4/53

From the perspective of banking products and services

being offered through Internet, Internet banking isnothing more than traditional banking services deliveredthrough an electronic communication backbone, viz,Internet.

But, in the process it has thrown open issues which haveramifications beyond what a new delivery channel wouldnormally envisage and, hence, has compelled regulatorsworld over to take note of this emerging channel.


5/53

Central Banks of many countries have put in placebroad regulatory framework for i-banking.

In India, too i-banking has taken roots. A number ofbanks have set up banking portals allowing theircustomers to access facilities like obtaininginformation, querying on their accounts, etc.

Soon, still higher level of online services will be madeavailable. Other banks will sooner than later, take toInternet banking.


6/53

Internet Banking - a new medium


7/53

E-Commerce: E-commerce involves individuals and business

organizations exchanging business information andinstructions over electronic media using computers,telephones and other telecommunication equipments.

Such form of doing business has been in existence eversince electronic mode of data / information exchange

was developed, but its scope was limited only as amedium of exchange of information between entitieswith a pre-established contractual relationship.


8/53

The size of the market has grown enormously astechnically, one can access the products and servicesfrom any part of the world.

So does the potential competition. The methods ofreaching out to customers, receiving the response and

offering services have a new, simpler and efficientalternative, now, that is, Internet.

The cost of advertisement, offer and delivery ofservices through Internet has reduced considerably,

forcing most companies to rework their strategies toremain in competition.


9/53

Another way of classifying the e-commerce is by thetargeted counterpart of a business, viz, whether thecounterpart is a final consumer or another business inthe distribution chain.

Accordingly, the two broad categories are:

Business-to-Consumer (B2C) and

Business-to-Business (B2B).


10/53

The Growth of Internet Banking

and common products: Internet Banking is a product of e-commerce in the

field of banking and financial services.

In what can be described as B2C domain for banking

industry, Internet Banking offers different onlineservices like balance enquiry, requests for chequebooks, recording stop-payment instructions, balancetransfer instructions, account opening and other forms

of traditional banking services Banks are also offering payment services on behalf of

their customers who shop in different e-shops, e-mallsetc.


11/53

Considering the volume of business e-commerce,particularly in B2B domain, has been generating, it is

natural that banking would position itself in anintermediary role in settling the transactions andoffering other trade related services.

This is true both in respect of B2C and B2B domains.

Besides, the traditional role of financial intermediaryand settlement agents, banks have also exploited newopportunities offered by Internet in the fields of

integrated service providers, payment gateway services,etc.


12/53

In B2B scenario, a new form of e-commerce marketplace is emerging where various players in the

production and distribution chain are positioningthemselves and are achieving a kind of integration inbusiness information flow and processing leading toefficiencies in the entire supply chain and across

industries. Banks are positioning themselves in such a market in

order to be a part of the financial settlements arisingout of transactions of this market and providingwholesale financial services.


13/53

With the integration of business information flow andhigher degree of transparency, the banks and other

financial services institutions have lost some of theinformation advantage they used to enjoy and factor into pricing of their products.

However, such institutions have the advantage of longstanding relationships, goodwill and brand, which areimportant sources of assurance in a virtual market.

Banks are in fact, converting this goodwill into a

business component in e-commerce scenario inproviding settlement and other financial services.Some banks have also moved to providing digitalcertificates for transactions through e-markets.


14/53

International andIndian Scenario


15/53


16/53

India internet user ratio : 10.1 for every 100 people for2011 as per world bank.


17/53

Internet Banking E-banking came into being in UK and USA in 1920s.

It became prominently popular during 1960s throughelectronic funds transfers and credit cards.

The credit of launching internet banking in India goesto ICICI Bank.

Citibank and HDFC Bank followed with internetbanking services in 1999.


18/53


19/53

Mobile Banking On November 22nd 2010.

The National Payment Corporation of India

launched Interbank Mobile Payment Service (IMPS) inIndia


20/53


21/53


22/53

Details of Interbank Mobile Payments1).Need A Bank Account: Both Receiver and Sender

2).Mobile Money ID: The Mobile Money Identifier (MMID) is a seven digit

random number

Issued by the bank

Customer can have more than one account linked tothe mobile number each account will have a separateMMID.


23/53

3).Real Time? :-According to IMPS, the funds should betransferred within 15-30 seconds.

4).Medium:Its up to banks to choose their medium SMS, USSD(Unstructured Supplementary ServiceData), mobile application etc, as long as they stick to

RBIs mobile banking guidelines.


24/53


25/53

How It Work? Step 1: Remitter sends instruction from his/her mobile

through his/her bank provided application or SMS.The remitter can only use a registered mobile number

for remitting.

Step 2: Remitting bank validates the details of the

remitter and debits his/ her account. This transactionis sent by the remitting bank to NPCI.


26/53

Step 3: Transaction is passed by NPCI to thebeneficiary bank. Beneficiary Bank validates thedetails of the beneficiary customer, credits the

account, sends confirmation NPCI about transactionstatus and sends a sms to the beneficiary customerinforming him of the credit.

Step 4: NPCI sends the transaction status to remittingbank which in turn informs the status of thetransaction to the Remitter.


27/53

Step 5: Remitting bank send a sms confirmation of thetransaction to the remitting customer.


28/53


29/53

Types of risks associated with

Internet banking

Operational risk :

Operational risk, also referred to as transactional riskis the most common form of risk associated with i-banking. It takes the form of inaccurate processing oftransactions, non enforceability of contracts,

compromises in data integrity, data privacy andconfidentiality, unauthorized access / intrusion tobanks systems and transactions etc.


30/53

Security risk:

Internet is a public network of computers which facilitatesflow of data / information and to which there isunrestricted access. Banks using this medium for financialtransactions must, therefore, have proper technology andsystems in place to build a secured environment for such

transactions.

Security risk arises on account of unauthorized access to abanks critical information stores like accounting system,risk management system, portfolio management system,etc. A breach of security could result in direct financial lossto the bank. For example, hackers operating via theInternet, could access, retrieve and use confidentialcustomer information and also can implant virus.


31/53

Reputational risk

Reputational risk is the risk of getting significantnegative public opinion, which may result in a criticalloss of funding or customers. Such risks arise fromactions which cause major loss of the public

confidence in the banks' ability to perform criticalfunctions or impair bank-customer relationship. Itmay be due to banks own action or due to third partyaction.


32/53

Legal risk

Legal risk arises from violation of, or non-conformancewith laws, rules, regulations, or prescribed practices,or when the legal rights and obligations of parties to atransaction are not well established.


33/53

Money laundering risk

As Internet banking transactions are conductedremotely banks may find it difficult to applytraditional method for detecting and preventingundesirable criminal activities. Application of money

laundering rules may also be inappropriate for someforms of electronic payments. Thus banks exposethemselves to the money laundering risk. This mayresult in legal sanctions for non-compliance with

knowyour customer laws.


34/53

Security in Internet Banking


35/53

Why Security ?

Internet banking is increasingly becoming popular inIndia.

However, Internet banking is a risky venture and Indiamust be prepared to deal with the risks associated withit.

The increasing cases of ATM frauds, online banking

frauds, credit cards frauds, etc have shaken theconfidence of Indian consumers in Internet banking inIndia.


36/53

Encryption Standards

When looking at the informational side of privacy,encryption is an important component to understand.

Encryption in itself is a useful tool for protecting datathat is highly personal in nature and is being stored,used in a transaction, or shared across multipledatabases.

The quality of encryption is judged by the ability toprevent an outside party from determining the originalcontent of an encrypted message.


37/53

Encryption standard for Banking

Banking: Report on Internet Banking by the Reserve Bankof India 22 June 2001:

"All transactions must be authenticated using a user IDand password. *SSL/128 bit encryption must be used as theminimum level of security.

*SSL (Secure Sockets Layer) is the standard securitytechnology for establishing an encrypted link between aweb server and a browser. This link ensures that all datapassed between the web server and browsers remainprivate and integral.


38/53

Case : Phishing Fraud (RBI)

Reserve Bank of India - Register Your Online BankingAccount With OTP Service.

http//www.forexample.com


39/53


40/53


41/53

Technology and Security Standards

For Internet Banking Computer networking & Internet

The purpose of computer networking is sharing ofcomputing resources and data across the wholeorganization and the outside world.

To standardize on communications between systems,the International Organization of Standards

developed the OSI model (the Open SystemInterconnection Reference Model) in 1977. The OSIbreaks up the communication process into 7 layers anddescribe the functions and interfaces of each layer.


42/53

Application architecture

The information required to be logged should includeLogin/Logout information, location and time of failedattempts, changes in status, status of any resource,changes in system status such as shutdowns,initializations and restart; file accesses, change to fileaccess control lists, mail logs, modem logs, networkaccess logs, web server logs, etc. The log files must beprotected and archived regularly and securely.


43/53

Security and Privacy Issues

The aim of computer security is to preserve computingresources against abuse and unauthorized use, and toprotect data from accidental and deliberate damage,disclosure and modification. The communicationsecurity aims to protect data during the transmissionin computer network and distributed system.

Various means such as authentication, dataconfidentiality, security audit trial can be used forchecking issues related to security.


44/53

Firewalls

The connection between internal networks and theoutside world must be watched and monitoredcarefully by a gatekeeper of sorts. Firewalls do this job.Otherwise, there is a risk of exposing the internalnetwork and systems, often leaving them vulnerableand compromising the integrity and privacy of data.Firewalls are a component or set of components thatrestrict access between a protected network and theoutside world(i.e., the Internet).


45/53

Certification Authorities and Digital Certificates:

Certificate Authorities and Digital Certificates areemerging to further address the issues ofauthentication, non-repudiation, data privacy andcryptographic key management. A CertificateAuthority (CA) is a trusted third party that verifies theidentity of a party to a transaction.


46/53

Secure Socket Layer (SSL):

SSL is designed to make use of TCP to provide areliable end-to-end secure service. The SSL servershave digital certificates issued by CertifyingAuthorities so that the clients can authenticate theservice provider (a bank in our case). The servers use apassword /PIN/digital certificate to authenticateclients. . Once the clients and server haveauthenticated each other, they establish a session keyfor encryption of messages


47/53

Tools:

Tools are extremely useful in monitoring andcontrolling networks, systems and users. Some of thesystem administration and network management toolsare Scanners, Sniffers, Logging and Audit tools.


48/53

Recommendations

Security Organization: Organizations should make explicitsecurity plan and document it. There should be a separateSecurity Officer / Group dealing exclusively withinformation systems security. The Information Technology

Division will actually implement the computer systemswhile the Computer Security Officer will deal with itssecurity.

Access Control: Logical access controls should beimplemented on data, systems,application software,

utilities, telecommunication lines, libraries, systemsoftware, etc. Logical access control techniques mayinclude user-ids, passwords, smart cards or other biometrictechnologies.


49/53

Isolation of Dial Up Services:All the systemssupporting dial up services through modem on thesame LAN as the application server should be isolated

to prevent intrusions into the network as this maybypass the proxy server.

Ethical Hackers:Banks must increasingly employethical hackers so as to find out loop-holes as soon aspossible.


50/53

Isolation of Application Servers: It is alsorecommended that all unnecessary services on theapplication server such as ftp, telnet should be

disabled. The application server should be isolatedfrom the e-mail server.

Security Log (audit Trail):All computer accesses,

including messages received, should be logged. Allcomputer access and security violations (suspected orattempted) should be reported and follow up actiontaken as the organizations escalation policy.


51/53

Penetration Testing: The information security officer andthe information system auditor should undertake periodicpenetration tests of the system, which should include:

Attempting to guess passwords using password-crackingtools.

Search for back door traps in the programs.

Attempt to overload the system using DdoS (Distributed

Denial of Service) & DoS(Denial of Service) attacks. Check if commonly known holes in the software, especially

the browser and the e mail software exist.


52/53

Back up & Recovery:

The bank should have a proper infrastructure andschedules for backing up data. The backed-up datashould be periodically tested to ensure recoverywithout loss of transactions in a time frame as givenout in the banks security policy. Business continuityshould be ensured by having disaster recovery sites,

where backed-up data is stored. These facilities shouldalso be tested periodically.


53/53

internet and mobile banking

Documents