Posted on 10:44 AM by hamid


Online banking

Online banking (or Internet banking) allows customers to conduct financial transactions on a secure website operated by their retail or virtual bankcredit union or building society.

Features

Online banking solutions have many features and capabilities in common, but traditionally also have some that are application specific.
The common features fall broadly into several categories
  • Non-transactional (e.g., online statements, check links, cobrowsing, chat)
  • Financial Institution Administration -
  • Support of multiple users having varying levels of authority
  • Transaction approval process
  • Wire transfer
Features commonly unique to Internet banking include
  • Personal financial management support, such as importing data into personal accounting software. Some online banking platforms support account aggregation to allow the customers to monitor all of their accounts in one place whether they are with their main bank or with other institutions.

[edit]History

The precursor for the modern home online banking services were the distance banking services over electronic media from the early 1980s. The term online became popular in the late '80s and referred to the use of a terminal, keyboard and TV (or monitor) to access the banking system using a phone line. ‘Home banking’ can also refer to the use of a numeric keypad to send tones down a phone line with instructions to the bank. Online services started in New York in 1981 when four of the city’s major banks (CitibankChase ManhattanChemical and Manufacturers Hanover) offered home banking services[1] using the videotex system. Because of the commercial failure of videotex these banking services never became popular except in France where the use of videotex (Minitel) was subsidised by the telecom provider and the UK, where the Prestel system was used.
The UK's first home online banking services[2] was set up by Bank of Scotland for customers of theNottingham Building Society (NBS) in 1983[3]. The system used was based on the UK's Prestelsystem and used a computer, such as the BBC Micro, or keyboard (Tandata Td1400) connected to the telephone system and television set. The system (known as 'Homelink') allowed on-line viewing of statements, bank transfers and bill payments. In order to make bank transfers and bill payments, a written instruction giving details of the intended recipient had to be sent to the NBS who set the details up on the Homelink system. Typical recipients were gas, electricity and telephone companies and accounts with other banks. Details of payments to be made were input into the NBS system by the account holder via Prestel. A cheque was then sent by NBS to the payee and an advice giving details of the payment was sent to the account holder. BACS was later used to transfer the payment directly.
Stanford Federal Credit Union was the first financial institution to offer online internet banking services to all of its members in October 1994.[4]
Today, many banks are internet only banks. Unlike their predecessors, these internet only banks do not maintain brick and mortar bank branches. Instead, they typically differentiate themselves by offering better interest rates and online banking features.

[edit]Security

Security token devices
Protection through single password authentication, as is the case in most secure Internet shopping sites, is not considered secure enough for personal online banking applications in some countries. Basically there exist two different security methods for online banking.
  • The PIN/TAN system where the PIN represents a password, used for the login and TANs representing one-time passwords to authenticate transactions. TANs can be distributed in different ways, the most popular one is to send a list of TANs to the online banking user by postal letter. The most secure way of using TANs is to generate them by need using a security token. These token generated TANs depend on the time and a unique secret, stored in the security token (this is called two-factor authentication or 2FA). Usually online banking with PIN/TAN is done via a web browser using SSL secured connections, so that there is no additional encryption needed.
  • Signature based online banking where all transactions are signed and encrypted digitally. The Keys for the signature generation and encryption can be stored on smartcards or any memory medium, depending on the concrete implementation.
Attacks
Most of the attacks on online banking used today are based on deceiving the user to steal login data and valid TANs. Two well known examples for those attacks are phishing and pharmingCross-site scripting and keylogger/Trojan horses can also be used to steal login information.
A method to attack signature based online banking methods is to manipulate the used software in a way, that correct transactions are shown on the screen and faked transactions are signed in the background.
A recent FDIC Technology Incident Report, compiled from suspicious activity reports banks file quarterly, lists 536 cases of computer intrusion, with an average loss per incident of $30,000. That adds up to a nearly $16-million loss in the second quarter of 2007. Computer intrusions increased by 150 percent between the first quarter of 2007 and the second. In 80 percent of the cases, the source of the intrusion is unknown but it occurred during online banking, the report states.[5]
The most recent kind of attack is the so-called Man in the Browser attack, where a Trojan horsespermits a remote attacker to modify the destination account number and also the amount.
Countermeasures
There exist several countermeasures which try to avoid attacks. Digital certificates are used against phishing and pharming, the use of class-3 card readers is a measure to avoid manipulation of transactions by the software in signature based online banking variants. To protect their systems against Trojan horses, users should use virus scanners and be careful with downloaded software or e-mail attachments.
In 2001 the FFIEC issued guidance for multifactor authentication (MFA) and then required to be in place by the end of 2006.[6]

Online Banking ePayments

Online Banking ePayments (OBeP) is a type of payments network, developed by the banking industry in conjunction with technology providers, specifically designed to address the unique requirements of payments made via the Internet.[1]
Key aspects of OBeP which distinguish it from other online payments systems are:
  1. The consumer is authenticated in real-time by the consumer financial institution’s online banking infrastructure.[2]
  2. The availability of funds is validated in real-time by the consumer’s financial institution.[3]
  3. The consumer’s financial institution provides guarantee of payment to the merchant. [3]
  4. Payment is made as a credit transfer (push payment) from the consumer’s financial institution to the merchant, as opposed to a debit transfer (pull payment). [3]
  5. Payment is made directly from the consumer’s account rather than through a third-party account. [3]

  6. Privacy & Security Features

    OBeP systems protect consumer personal information by not requiring the disclosure of account numbers or other sensitive personal data to online merchants or other third parties.[4] During the checkout process, the merchant redirects the consumer to their financial institution’s online banking site where they login and authorize charges. After charges are authorized, the financial institution redirects the consumer back to the merchant site. All network communications are protected using industry standard encryption. Additionally, communications with the OBeP network take place on a virtual private network, not over the public Internet.

    [edit]Costs

    Costs associated with fraud, estimated at 1.2% of sales by online retailers in 2009[5], are reported to be dramatically reduced with OBeP, because the issuer bank is responsible for the authentication of the credit transaction and provides guaranteed funds to the merchant.[6]
    Because the merchant is not responsible for storing and protecting confidential consumer information, OBeP systems also reduce costs associated with mitigating fraud , fraud screening, and PCI audits.
    Transaction fees on Online Banking ePayments vary by network, but are often fixed, and lower than the average 1.9%[7] merchant fees associated with credit card transactions – especially for larger purchases.[8]

    [edit]Other Benefits

    [edit]For Consumers

    • use of cash-like payment encourages responsible consumerism
    • does not require set-up or registration with a third-party payments entity
    • presents familiar interface to facilitate online payment
    • awareness of funds availability

    [edit]For Merchants

    • improved sales conversion / reduced abandoned carts[9]
    • real time authorization of guaranteed ACH payment (good funds)[3]
    • offering preferred payment methods may drive repeat transactions

    [edit]For Financial Institutions

    • recapture revenue being lost to alternative payment providers[8]
    • encourages consumers to move to online banking, replacing more costly branch and telephone alternatives [8]

    [edit]Types & Implementations

    OBeP networks may be divided into two categories, based on the network architecture:
    1. Multi-Bank – requires that a merchant have a single connection to the OBeP network in order to accept payment from any participating financial institution.
    Examples include: EPSIDEALInterac OnlineGiropay, and Secure Vault Payments[10]
    2. Mono-Bank – requires that a merchant have a separate connection to each participating financial institution.
    Examples include: Nordea e-Payment[10]

    A third category, also known as “overlay payment solutions” provide a similar consumer experience to Online Banking ePayments, but violate a key tenet of the OBeP definition by requiring the consumer to share their online banking credentials with a third party. Examples include:DIRECTebanking.comsofortüberweisung.deMazoomaSafetyPayUseMyBank, andPOLi [10]

1 comments:

ramiz said...

I am happy to find your distinguished way of writing the post. Now you make it easy for me to understand and implement the concept. Thank you for the post.
banking training institute

December 10, 2019 at 9:36 AM

Post a Comment

Subscribe to: Post Comments (Atom)