1

E-Banking

Internet Banking or E-Banking or Online BankingE-banking refers to electronic banking. It is like e-business in banking industry. E-banking is also called as "Virtual Banking" or "Online Banking".

Online banking (or Internet banking or E-banking) allows customers of a financial institution to conduct financial transactions on a secure website operated by the institution, which can be a retail or virtual bank, credit union or building society.

To access a financial institution's online banking facility, a customer having personal Internet access must register with the institution for the service, and set up some password (under various names) for customer verification. The password for online banking is normally not the same as for telephone banking. Financial institutions now routinely allocate customer numbers (also under various names), whether or not customers intend to access their online banking facility. Customer numbers are normally not the same as account numbers, because a number of accounts can be linked to the one customer number. The customer will link to the customer number any of those accounts which the customer controls, which may be cheque, savings, loan, credit card and other accounts. Customer numbers will also not be the same as any debit or credit card issued by the financial institution to the customer.

To access online banking, the customer would go to the financial institution's website, and enter the online banking facility using the customer number and password. Some financial institutions have set up additional security steps for access, but there is no consistency to the approach adopted.

Internet Banking in Pakistan

2

E-Banking

The State Bank of Pakistan constituted a working group on Internet Banking. The group divided the internet banking products in Pakistan into 3 types based on the levels of access granted. They are: 

1- Information Only System

General purpose information like interest rates, branch location, bank products and their features, loan and deposit calculations are provided in the banks website. There exist facilities for downloading various types of application forms. The communication is normally done through e-mail. There is no interaction between the customer and bank's application system. No identification of the customer is done. In this system, there is no possibility of any unauthorized person getting into production systems of the bank through internet.

2- Electronic Information Transfer System

The system provides customer- specific information in the form of account balances, transaction details, and statement of accounts. The information is still largely of the 'read only' format. Identification and authentication of the customer is through password.

The information is fetched from the bank's application system either in batch mode or off-line. The application systems cannot directly access through the internet. 

3- Fully Electronic Transactional System

This system allows bi-directional capabilities. Transactions can be submitted by the customer for online update. This system requires high degree of security and control.

In this environment, web server and application systems are linked over secure infrastructure. It comprises technology covering computerization, networking and security, inter-bank payment gateway and legal infrastructure.

HistoryThe precursor for the modern home online banking services were the distance banking services over electronic media from the early 1980s. The term online became popular in the late '80s and referred to the use of a terminal, keyboard and TV (or monitor) to access the banking system using a phone line. ‘Home banking’ can also refer to the use of a numeric keypad to send tones down a phone line with instructions to the bank. Online services started in New York in 1981 when four of the city’s major banks (Citibank, Chase Manhattan, Chemical and Manufacturers Hanover) offered home banking services[1][2][3] using the videotext system. Because of the commercial failure of videotext these banking services never became popular except in France where the use of videotext (Minitel) was subsidized by the telecom provider and the UK, where the Prestel system was used.

3

E-Banking

The UK's first home online banking services were set up by Bank of Scotland for customers of the Nottingham Building Society (NBS) in 1983. The system used was based on the UK's Prestel system and used a computer, such as the BBC Micro, or keyboard (Tandata Td1400) connected to the telephone system and television set. The system (known as 'Homelink') allowed on-line viewing of statements, bank transfers and bill payments. In order to make bank transfers and bill payments, a written instruction giving details of the intended recipient had to be sent to the NBS who set the details up on the Homelink system. Typical recipients were gas, electricity and telephone companies and accounts with other banks. Details of payments to be made were input into the NBS system by the account holder via Prestel. A cheque was then sent by NBS to the payee and an advice giving details of the payment was sent to the account holder. BACS was later used to transfer the payment directly.

Stanford Federal Credit Union was the first financial institution to offer online internet banking services to all of its members in October 1994.

Today, many banks are internet only banks. Unlike their predecessors, these internet only banks do not maintain brick and mortar bank branches. Instead, they typically differentiate

themselves by offering better interest rates and more extensive online banking features.

Popular services covered under E-Banking The popular services covered under E-banking include

Automated Teller Machines Credit Cards Debit Cards Smart Cards Electronic Funds Transfer (EFT) System Cheques Truncation Payment System Mobile Banking Telephone Banking Investing through Internet banking 

Automated Teller Machine (ATM): 

 ATM is designed to perform the most important function of bank. It is operated by plastic card with its special features. The plastic card is replacing cheque, personal attendance of the customer, banking hour’s restrictions and paper based verification. There are debit cards. ATMs used as spring board for Electronic Fund Transfer. ATM itself can provide information about customers account and also receive instructions from customers - ATM cardholders. An ATM is an Electronic Fund Transfer terminal capable of handling cash

4

E-Banking

deposits, transfer between accounts, balance enquiries, cash withdrawals and pay bills. It may be on-line or 0ff-line. The on-line ATN enables the customer to avail banking facilities from anywhere. In off-line the facilities are confined to that particular ATM assigned. Any customer possessing ATM card issued by the Shared Payment Network System can go to any ATM linked to Shared Payment Networks and perform his transactions.

Credit Cards/Debit Cards:

The Credit Card holder is empowered to spend wherever and whenever he wants with his Credit Card within the limits fixed by his bank. Credit Card is a post paid card.  Debit Card, on the other hand, is a prepaid card with some stored value. Every time a person uses this card, the Internet Banking house gets money transferred to its account from the bank of the buyer. The buyers account is debited with the exact amount of purchases.

An individual has to open an account with the issuing bank which gives debit card with a Personal Identification Number (PIN). When he makes a purchase, he enters his PIN on shops PIN pad. When the card is slurped through the electronic terminal, it dials the acquiring bank system - either Master Card or VISA that validates the PIN and finds out from the issuing bank whether to accept or decline the transactions. The customer can never overspend because the system rejects any transaction which exceeds the balance in his account. The bank never faces a default because the amount spent is debited immediately from the customer’s account.

Smart Card

Banks are adding chips to their current magnetic stripe cards to enhance security and offer new service, called Smart Cards. Smart Cards allow thousands of times of information storable on magnetic stripe cards. In addition, these cards are highly secure, more reliable and perform multiple functions. They hold a large amount of personal information, from medical and health history to personal banking and personal preferences.

 Electronic Funds Transfer (EFT) System

You can transfer any amount from one account to another of the same or any another bank. Customers can send money anywhere in India. Once you login to your account, you need to mention the payees’ account number, his bank and the branch. The transfer will take place in a day or so, whereas in a traditional method, it takes about three working days.

Investing through Internet banking

You can now open an FD online through funds transfer. Now investors with interlinked account and bank account can easily trade in the stock market and the amount will be automatically debited from their respective bank accounts and the shares will be credited in their account. Moreover, some banks even give you the facility to purchase mutual funds directly from the online banking system.

5

E-Banking

Nowadays, most leading banks offer both online banking and account. However if you have your account with independent share brokers, then you need to sign a special form, which will link your two accounts.

Shopping

With a range of all kind of products, you can shop online and the payment is also made conveniently through your account.

SecuritySecurity of a customer's financial information is very important, without which online banking could not operate. Financial institutions have set up various security processes to reduce the risk of unauthorized online access to a customer's records, but there is no consistency to the various approaches adopted.

The use of a secure website has become almost universally adopted.

Though single password authentication is still in use, it by itself is not considered secure enough for online banking in some countries. Basically there are two different security methods in use for online banking.

The PIN/TAN system where the PIN represents a password, used for the login and TANs representing one-time passwords to authenticate transactions. TANs can be distributed in different ways; the most popular one is to send a list of TANs to the online banking user by postal letter. The most secure way of using TANs is to generate them by need using a security token.

Another way to provide TANs to an online banking user is to send the TAN of the current bank transaction to the user's (GSM) mobile phone via SMS. The SMS text usually quotes the transaction amount and details; the TAN is only valid for a short period of time. Especially in Germany, Austria and The Netherlands, many banks have adopted this "SMS TAN" service as it is considered very secure.

Signature based online banking where all transactions are signed and encrypted digitally. The Keys for the signature generation and encryption can be stored on smartcards or any memory medium, depending on the concrete implementation.

6

E-Banking

AttacksMost of the attacks on online banking used today are based on deceiving the user to steal login data and valid TANs. Two well known examples for those attacks are phishing and pharming. Cross-site scripting and key logger/Trojan horses can also be used to steal login information.

A method to attack signature based online banking methods is to manipulate the used software in a way, that correct transactions are shown on the screen and faked transactions are signed in the background.

A 2008 U.S. Federal Deposit Insurance Corporation Technology Incident Report, compiled from suspicious activity reports banks file quarterly, lists 536 cases of computer intrusion, with an average loss per incident of $30,000. That adds up to a nearly $16-million loss in the second quarter of 2007. Computer intrusions increased by 150 percent between the first quarter of 2007 and the second. In 80 percent of the cases, the source of the intrusion is unknown but it occurred during online banking, the report states.

The most recent kind of attack is the so-called Man in the Browser attack, where a Trojan horse permits a remote attacker to modify the destination account number and also the amount.