Online banking an insight into development security a case study based

It brings huge changes in m odem banking transaction activities and giving us a g reater opportunity to access the banking system anytim e and anyw here... Since banks handle very sensit

Online Banking

An Insight Into Development & Security

A Case study Based

for the d e g ree of

Bachelor of Com puter Science

T he w orld vvitnesses an iníbrm ation and technological revolution This revolution has

touched ev ery aspect o f p e o p le 's life including banking Such changes and developm ents

have im pacts on both custom ers and bankers It brings huge changes in m odem banking

transaction activities and giving us a g reater opportunity to access the banking system

anytim e and anyw here Hovvever, ju s t like tw o sid es o f a sam e coin, O nline b a n k in g also

has som e pro s w hich are the barriers for its developm ent O ne o f the key barriers is the

security co n ce m s associated w ith the O n l i n e banking system M any custom ers feel that

O nline b a n k i n g is n o t s e c u r e e n o u g h , a n d to i n c r e a s e its s e c u r i ty level, s o m e t e c h n i q u e s

have been applied Som e o f them are Secure Socket Layer (SSL) or tw o-factor-

authentication

T his paper explores the current d evelopm ent o f Online banking in the w orld in general

becom ing a n ew trend in banking íìeld íìgures ou t som e key challenges, especially in

term o f security and investigates som e w idely used techniques that helps im prove the

security o f O n lin e b an k in g are also co n ten ts that are m entioned in this thesis

1 w ould like to íìrst and íorem ost express m y great gratitude to m y sup ervisor MSc Trieu

Thi Van Hau from Faculty o f Inform ation T echnology, H anoi U niversity for her

enthusiastic guidance She helped stim uỉated sug gestions and encouraged m e a lot in all

the time o f research for an d vvriting o f this research

1 am particular grateíul to all the teach ers o f F acultv o f Inform ation Technology, Hanoi

U niversity w ho have taught m e vvith all en th u siasm s, the h elp íu ln ess, the caring gave m e

the chance and the possibility to com plete th is thesis I have leam t a lot precious lessons

from m y all o fy o u , n o t only in inform ation technology major

I also w ant to give m y thanks to the staffs o f library o f H anoi U niversity supported m e in

fm ding necessary m aterials Especially, 1 am obliged to thank s M rs N guyen N ga for her

assistance in her train in g and support m e in E ndnote softw are and proquest database

w hich help m e a lot in m y thesis

Last, th ough by no m eans least I am greatly indebted to m y fam ily vvhose love and

consistent support has k ept m e on the right track M y results and th is thesis are dedicated

to my parents, w ho believe in m e and \vho sacriíìced so m uch to raise me

Table of Contents

T able o f C o n te n ts V

List o f F ig u re s vii

C hap ter 1 In tro d u ctio n 1

M otiv ation 4

O b je c tiv e 5

M eth o d o lo g y 5

A n O verview o f the R est o f the D o cu m en t 6

C hap ter 2 B ackground K novvledge 7

H istory o f Online b a n k in g 7

D evelopm ent o f O n lin e ban k in g 8

C hap ter 3 - C haracteristics o f O nline B a n k in g 14

A dvantages o f Online b a n k in g 14

B eneíits for c u s to m e rs 14

B eneíìts for b a n k s 16

D isadvantages o f O n lin e b an k in g 20

C ustom ers' p ersp ectiv e 20

B anks' p e rsp e c tiv e 23

C hap ter 4 O nline B anking Security S y s te m 26

O verview about O n lin e banking s y ste m 26

Perspective o f O n lin e banking security s y s te m 29

C usto m ers' perspective o f security in O nline banking s y ste m s 30

Technical perspective o f security in O n lin e banking sy stem s 44

Security rules for cu sto m ers 52

C hapter 5 C ase S tu d v 56

Techcom bank- T he íirst bank in V ietnam ado pting tw o-factor authentication for Online banking 56

T echcom bank’s b a c k g ro u n d 56

Techcom bank*s Online banking s e rv ic e s 58

T echco m ban k's adoption high technology in security s y s te m 59

T w o-factor a u th e n tic a tio n 59

Secure Socket L a y e r-S S L 62

C hapter 6 C o n clu sio n 64

Findings o f the th e s is 64

L im itatio ns 64

Future W o rk 65

R eĩerences 66

List of Figures

Figure 1 Preferred banking method (all age g ro u p s ) 2

Figure 2 Preferred Banking M ethod 2 0 0 9 3

Figure 3 Percentage o f Internet Users W ho Bank O nlin e 9

Figure 4 O nline B anking adoption varies across E urope 10

F igure 5 O nline banking grovvs-usually, but not alw ays at the expense o f branch v isits 11 Figure 6 Grovvth in Internet B anking 12

Figure 7 Percentage o f bank w ith Internet banking services in V ietnam 2 0 0 8 13

F igure 8 Processing Cost Per T ran sac tio n 17

Figure 9 H ousehold Incom e Level and O nline B anking (2 0 0 7 ) 18

F igure 10 V ietinbank O nline B anking 31

F igure 11 V ietcom bank O nline B an k in g 32

F igure 12 H SBC O nline B anking-System -initiated iníb rm atio n 33

Figure 13 H SBC O nline Banking- Security code by T o k en 34

Figure 14 H SBC O nline Banking- Successfully lo g in 34

Figure 15 E -T o k en 35

Figure 16 Industrial and C om m ercial B ank o f China (IC B C )'s C ode C ard 36

Figure 17 Entrust G rid C a r d 37

Figure 18 Physiological characteristics 39

Figure 19 Physical characteristics 39

Figure 20 Tw o-factor A uthentication "S om e thing you know ”+ ‘‘Som ething you have” 43

Figure 21 SSL certiíìcate o f V ietcom B ank 45

Figure 22 Secure Socket L ayer C onnection 46

Figure 23 Secure Socket L a y e r 47

Figure 24 Public- Key In ử a stru c tu re 50

Figure 25 T echcom bank Token K ey 61

Figure 26 T echcom bank w ith V eriS ign 's E V SSL C e rtiíĩc a te 63

Chapter 1 Introduction

The advent o f the Internet led to changes in business that vve can call

revoiutionary This revolution has touched every aspect o f p eo p le‘s life From the fìrst

m ain frame co m pu ters appeared in I960s (R obertson 2009), com puters and netw ork have

developed a lot T hey m ake the w orld sm aller; m ake the transaction be able to do

everyw here T he fast advancing global inform ation infrastructure (including inĩorm ation

technology and C om puter netw orks such as the Internet and telecom m unications system s)

enable the dev elop m ent o f electronic business at a global level T he nearly universal

connectivity w hich the Internet offers has m ade it an invaluable business tool This fast

em erging econom y is bringing with it rapidly changing technologies increasing

k n o w le d g e in te n s ity in a ll a r e a s o f business a n d c r e a tin g V irtual supply chains a n d n e w

íòrm s o f b usiness and S e rv ic e delivery channels E -banking is considered as a typical

exam ple o f e-b usiness solution A s th e deíinition o f Turban et al (2008, p.120) “e -

b a n k in g a ls o k n o w n a s C y b er banking, V irtual b a n k in g o r h o m e b a n k in g , includes v a r io u s

banking activ ities conducted via the Internet from hom e, business, or on the road rather

than at a physical bank location” E-banking provides custom ers w ith m any types o f

services like O nline (In tern et) B anking, Point o f Sale (PO S), A utom atic T elier M achine

(A TM ), T elephone B anking, H om e B anking/P C B anking, Interactive T V , W ireless

com m unication netvvork o r M (m obile) B anking (SM S Banking W AP Banking STK

(Sim T oolkit) B anking ) D espite o f the fact that m any o f them have been m ainly

depioyed in developed co untries because o f the requirem ent o f advanced technology,

Online banking is One o f the exceptions O n lin e b a n k in g has not only been em braced in

the developed w or!d; it is becom ing an enabling feature o f business grovvlh in the

developing vvorld In its very basic form, e-banking can m ean the provision o f

inform ation about a bank an d its services via a hom epage on the W o rId VVide W eb

(W W W ) For exam ples: im ported bank statem ents, retrieve account b alan ces M ore

s o p h is tic a te d O nline b a n k in g s e r v ic e s p r o v id e c u s to m e r a c c e s s to a c c o u n ts , th e a b ility to

move th eir m oney betvveen different accounts, and m aking paym ents o f applying for

loans via e-channels, and e v e n invest O nline (buy/sell shares and mutual f u n d s ) (Shah &

C larke 2009) It can be said that Online b anking has in recent years becom e a m ainstream

Internet activity At present, it is holding steady, increasing at the sam e pace as Internet

usage From the latest íigure that is announced by A m erican B anker A ssociations below

it cannot be denied that in all kinds o f b an k in g m ethod, Inteniet is one thai is preíerred

Figure 1 P reĩerred banking meỉhod (all agegroups)

Source: A m erican Bơnkers Association 2009

Preterred Banking Method 2009

aiìag» groups

F ig u r e 2 P r e íe r r e d B an k in g M e th o d 2009

Source: A m erican B ankers Association 2009

T oday banks can o ffer their custom ers S erv ice o f O nline banking, w hich is an

opportunity for custom er to quickly a n d eíĩiciently in anytim e, handle th e ừ private

banking routine from any C o m p u te r vvith a few clicks T he evolvem ent o f Online banking

has developed from cu stom ers going to their local bank an d handling their banking

com m issions a n d tra n sa c tio n s, to handle these tran sactio n s Online instead Since banks

handle very sensitive iníorm ation, su ch as people’s and com panies’ íínances, tliis has

lead to the rising issưes o f O nline banking security To m eet the high level o f security

expected from bank Online services, banks have taken several undertakings such as using

Socket Secure Layer (S S L ) vvhich offers antivirus and fírew all protections through their

ow n w eb sites and also better authentication process (H ines 2006), B esides, m ore and

m ore banks are using tw o -facto r au th entication processes, to m ake it harder to crack

passvvord a n d g a in u n a u th o r iz e d a c c e s s Today O n lin e b a n k in g is a p rio ritiz e d issue fo r

every bank in o rd er to retain ex istin g custom ers

F urtherm ore different banks o ffer different solutions o f Online banking w ith

different options for th eir custom ers lo sim plify everyday life In m ore detail, the

different Online b anking has different w ay s o f secu rity access to personal accounts

M otivation

A s stated before, the changes from d oing banking services in a brick and m ortar

bank to do them over th e internet instead, leads m e to w onder about w hy it is developed

and m ore and m ore grow ing like th at? W hat are beneíits and barriers that it brings to

custom ers? H ow secure it is? Is it d ev elop ed the sam e in all areas in the vvorld? T he

current situation o f it in V ietnam novv?

W hen reading d iíĩe re n t articles a n d m ore in depth studies about the subject that I

refer to as Online banking, I find that although Online banking has a m assive grow th in the

developed areas, bu t it is still a new tren d , a new innovation in ưnderdeveloped ones,

especially in V ietnam It is clear that O n lin e banking in V ietnam is really potential with a

lot o f jo b opportunities especially in secu rity sector w hich is the m ost im portant factors

to all banks T herefore, O n lin e banking is w orthw h ile topic to study so that I can have a

deeper un derstand in g as vvell as b etter jo b o pportunities in O nline banking íìeld w hich

will be available in V ietnam in the near future

The research aim s at enrichin g the know ledge and understanding o f the

developm ent and security o f O n l i n e banking in generai Specially, the main objectives o f

this study are:

1 Investigate the h istory and the evolution o f O n l i n e banking in the w orld, and in

V ietnam in particular

2 Find o u t w hat are the advantages and disadvantages o f O nl in e banking to

custom ers and bankers

3 A ssessing security issues o f O n l i n e banking system in custom ers’ perspective as

vvell as technical perspective

4 Finally, a case study based on T echcom bank w ill be analyzed

Methodology

This paper uses the secondary research to find out the experts' opinions tovvards

t h e d e v e l o p m e n t a n d s e c u r i t y in O nline b a n k in g I a m g o i n g t o c o n d u c t o u r lite ra tu re

study through read ing other researches o f authors in all over the w orld connected with the

concept o f O n l i n e banking I w i l l s e a r c h d i f f e r e n t d a t a b a s e s f o r articles, m o r e in-depth

studies o f O n l i n e banking, read book about d iíĩeren t IT security theories and then connect

the theories w ith studies m ade o f the phenom ena o f O n l i n e banking and d iíĩeren t O n l i n e

b a n k i n g c a s e s P articularly, ỉ fo c u s o n in v e s t i g a t i n g th e current d e v e l o p m e n t o f Online

banking in the w orld as w ell as in V ietnam , benefíts and draw backs it brings to the

custom ers, especially, th e security-the m ain concem o f O n l i n e banking

W hen searching on the u n iv e rsity 's ow n database and using the key w ords O n lin e

banking, IT -security and internet banking boih in V ietnam ese and English, i cannot íìnd

any w ritten w ork o f the subject C onsequently, we needed to expand our research to

bigger a bigger database: “ proquest database" H ere I could find m any articles and m ore

in -d e p th s tu d ie s w h e n u s in g th e k e y w o rd s "O n lin e b a n k in g " a n d “ it s e c u rity ” A nother

huge source o f academ ic research that helps m e to com plete m y paper is using G oogle

scholar B esides, som e previous books are also provided for m e by m y supervisor

M Sc.T rieu Thi V an Hau

An Overvievv of the Rest of the Document

and current dev elop m ent in the vvorld and the next chapter (chapter 3) introduces the

a d v a n ta g e s as w ell a s th e d isa d v a n ta g e s that Online b a n k in g brings to the cu sto m ers In

ch ap ter 4, security-m ain co n cem o f O n lin e banking w ill be analyzed A case study on

T ech com b ank O n lin e banking, o ne o íle a d in g one in V ietnam is described in chapter 5,

an d íinally , a conclu sio n is draw n based on ílndings o f this paper

Chapter 2 Background Knovvledge

History o f Online banking

There have been signiíìcant d ev elo p m en ts in the banking services sectors in the

past 40 years D evlin (1995) stated that “ until the early 1970s functional dem arcation w as

predom inant vvith m any regulatory restrictio ns im posed O ne main consequence o f this

w as the limited com petition both do m estically and intem ationally'’ A s a result, there w as

heavy reliance on traditional branch based delivery o f financial services and little

pressure for change T his change gradually w ith deregulation o f the industry during

1980s and 1990s, during th is tim e, the increasingly im portant role o f inform ation and

com m unication tech no logies brought co m p etitio n and pressure for a faster pace o f

change

T he Internet is a relatively new channel for delivering banking services Its early

form “online banking services”, requiring a PC, m odem and softw are provided by the

íinancial services vendors w ere íìrst introduced in th e early 1980s Hovvever, it failed to

get w idespread acceptance and m ost in itiativ es o f this kind w ere discontinued (B rogdon

1999) W ith the rapid grow th o f other ty pes o f electronic services since m id 1990s banks

renew ed their interest in electronic m o des o f d elivery using the Internet T he bursting o f

the Internet bubble in early 2001 caused sp eculation that the opportunities for Internet

services had vanished T he “do t.co m " com panies and Internet players struggled for

survival during that time but e-com m erce recovered from that shock quickly and most o f

its branches including Online banking h av e been steadily, and in som e cases dram aticaily,

grow ing in m ost parts o f the w orld O ne survey conducted by the TechW ebN ew s in 2005

activity on the Internet In its survey o f Internet users it found that 13 m illion A m ericans

carry o u t som e banking activities O n l i n e

Developm ent o f O n lin e banking

U nited S tates and W estern E urope are the hom etow n o f O nline banking; therefore,

it is very easy to find th a t internet ban k in g is still m ost prevalent in the U nited States and

W estem Europe (Jellassi & Enders 2005)

A ccording to the survey conducted in 1998 by Pew Research C entre for the

People & the Press, w ay back in 1990s, vvhen few A m ericans had even heard o f the

Internet, most people still w alk to th e ir b a n k 's nearest branch to do w hatever check

cashing o r bill pay in g they c o u ld n 't do at th e corner store o r by mail few er than 1 in 9

(9% ) bill-payers had ever used O n lin e banking H ow ever, in 1995, that íìgure had ris e n to

13% and in 1998, approxim ately 15% ansxvered that they had ev er paid bills o r bankeđ

O nline

P e rc e n ta g e o f In te rn et U sers Who Bank Online

Source: P ew Internet & A m erica n L ife Proiect .lun 14 2006

B y 2000, w hen the Pew Internet & A m erican I j f e Prọịect field tlieir íĩrst survey,

the proportion o f i n t e r n e t u s e r s w ho said they e v e r d id any b a n k i n g Online had risen to

17% or ab o u t 10 m illion A m ericans O v er the next few years, internet users ram ped up a

range o f O n lin e fínancial an d transactionai activ ities, especially in the period from 2000 to

2005 as illustrated in th e graph

T he sam e result can be found in com paring to VVestem Europe M ost o f the

countries in W este m E urope have im pressively rapid innovation in technology

T herefore, O nline ban k in g is really d ev elo ped in these countries In 2005, from the graph

w e can see that m ost o f countries in E uro applied O nline internet to their daily íínancial

50%

activities U ntil n o w , inost o f citizens o f th e se co untries use O n l i n e banking instead o f

going to brick s and m ortar branch like before

O n lin e-b a n kin g a d o p tio n v a r íe s a c r o s s E u rop e

% o f i n t e r n e t u s e r s w t ì o u s e O n l i n e b a n k i n g o r b r o k e r a g e

70-80%

© -7 0 % 90-60%

DB Rê—a ~ y *VKd'* M t» ’ W D l r t y a Q a 2 » m * ' 2CCS K j ỊJ

F ig u r e 4 O n lin e B a n k in g a d o p tio n v a r ie s a c ro s s E u ro p e

Source: D tì Research Hurostat *Forrester WDỈ W orld G azetter 2005

It is clear that the grovvtli o f Internet banking has been very encouraging and

consequently íínancial institutions are actively pursuing Internet banking business It is o f

little surprise that the num ber o f custom ers banking Online is expected to increase

signiíícantly over the next few years and that not m erely in the industrial nations b u t also

in developing countries

Growth in Internet Banking

140

120

ĩ

X 100 li

Source: International Data Corporation,epavnews.com

Vietnam is a country that has qu ite rapid developm ent o f O n lin e banking, b u t is

still slow if com pared to o th er d ev elop ed zones A ccording to the report o f PhD T a

Q uang Tien, head o f IT for b anking agency at V ietnam Banking C onference 2008 in Ho

Chi M inh c ity , 11 o u t o f 41 b a n k s (ju st State a n d j o i n t s to c k , not in c lu d in g fo re ig n o n e s

and their branches), approxim ately 27 % , in V ietnam had successful used O n lin e banking

system (6/2008) with 9 services, but m any o f them for non-transactional activities:

retrieving balances, exchange rate, available balances This report also stated that num ber

o f transactions in 2007: 12.121.629 vvhile in the first 3 m onths in 2008, the num ber was:

4.836.399 A lthough it is not a huge num ber but it is a progress with a country w ith

underdeveloped iníòrm ation technology infrastructure Besides, thanks to announcem ent

o f V ietnam softw are association (N A S A ), the num ber o f V ietnam ese w ho use Internet is

incredibly increasing in the past 5 years (2004-2009) from 6.3 m illion to 20.9 million It

is predicted that th ere is still Sharp grovvth in the next 5 years and in 2014, about 4 6 %

V ietnam ese vvill use Internet From th a t a potential m arket for O n lin e banking in Vietnam

can b e seen

In V ietnam , D ong A com m ercial jo in t stock bank is considered as the pioneer for

the im plem enting Online banking in V ietnam w ith the diversity o f services, especially

O nline p a y m e n t f o r a ll t h e O n lin e v v eb site, b ill p a y m e n ts : w a te r, e le c tric Internet., a s lo n g

as the services suppliers corporate w ith this bank o r buy prepaid card, digital

Techcom bank, B ID V o r T ienP hong B ank , a new one with e-savings Service also have

O nline b a n k in g th a t a ttr a c t th e a tte n tio n o f c u s to m e rs (PCw orld V ietnam 2 0 0 9 )

Rsrcentage of Banks with Internet Banking servỉces in Vietnam 2008

(in clu d e ju s t S tate a n d jo in t s to c k banks)

Chapter 3 - Characteristics of Online Banking

Advantages of Online banking

Internet banking offers m any b en eíìts not only to banks, but th eir custom ers

M any banks and other organizations have already im plem ented o r are planning to

im plem ent it because o f the num erous potential advantages associated w ith Som e o f

th ese m ajor beneíìts are b rieíly described below:

Beneíits for customers

Turban et al (2008 pp 120) indicated that Internet b anking is extrem ely ben eíit

for custom ers because o f the convenience, savings in co sts, tim e, and its v ariety o f

choices (Share & Clark, 2009, p 14)

Convenience and time saving

B ora (2009, p.14) argued that the greatest advantage o f Internet b anking perhaps

lies in the fact that custom ers are m ore convenient an d tim e saving W hen custo m ers

vvant to m ake banking transactions w ith physical banks, they hav e to w ait in long queues,

consum e a lot o f tim e to do the paper procedure B esides there is also existence o f risk

and danger vvhen the large am ount o f m oney is brought T h e íìxed tim etable is ano th er

disadvantage that physical banks offer to the custom ers Hovvever the d ay s w hen it

required the custom ers to go to a bank to m ake íìnancial transaction have gone far avvay

C ustom ers can now bank Online in th e com fort from their hom es, their office and

\vherever th e y are W ith the help o f Internet banking they can access any iníòrm ation

regarding th e ir accounts and tran sactio n s any tim e o f the day because they are never

close available 24 hours a day seven d ay s a w eek 365 days a year This m eans that

custom ers no longer have to depend on the o ffice hours o f the bank no need to dress up

and go out to co m m ute o r driv e to a local bank branch and o f course, no need for paper

and pen for d iíĩeren t transactions, also O bv iously , internet banking has trem endously

reduced the tim e required to process b anking transactions, thereby m aking banking much

faster and m ore convenient All the serv ices like: m onitoring the accounts as well as

keeping track o f íìnancial transactions, transferring funds (both national and

intem ational), carry in g out stock trad in g, ex chang in g bonds and o ther investm ents can be

done vvithin a few m inutes All these features have m ade Internet banking ideal for

people vvho m ake a n u m b er o f íinancial tran sac tio n s each day

Better choice and cost saving for the customers

A nother added value to the cu sto m ers is the variety o f choices (Shah & Clarke,

2009, p 14) T h an k s to th e available banking íacilitie s for 24 hours a day custom ers can

receive im portant inform ation regard in g banking policies, rate o f interest o íĩered

diíTerent kinds o f bank a c c o u n ts W ith such in íbrm ation, custom ers can com pare the

services o f different bank and choose one th a t satisíies their needs and requirem ents

most

I n t e r m o f cost e ffe c tiv e O n l i n e b a n k in g e n a b le s c u sto m e rs to e n jo y b i g sav in g s

M o s t b a n k s n o rm a lly c h a rg e f e w e r fe e s vvhcn c u s to m e rs u s e their in te rn e t b a n k in g

services, som e for free like get the statem en ts O nline, m ake the bill paym ents O n lin e and

transfer fu n d s all for free It has been claim ed th a t Internet banking offers the custom ers

m ore b en eíìts at iow er cost (M ols 1998 pp 295-300)

Beneĩits for banks

In b a n k s' perspective, b en eíits offered are cost savings, attracting high value

custom ers, enhancem ent o f b an k ’s reputation and easier to expand (B rogdon 1999;

Jayaw ardhena & Foley 2000)

Cost saving

A ccording to a global survey conducted by B ooz-A lIen and H am ilton (1999), the

establishm ent o f specialized Internet ban k in g requires only $ 1-2 m illion, w hich is low er

than branch set-up T h e traditional bank"s ru nn in g cost account for 50-60% o f its

revenues, w hile the r u n n in g costs o f Internet B anking is estim ated at 15%-20% o f ỉts

r e v e n u e s It is easy to see th a t b e c a u s e O nline b a n k in g so far has re d u c e d th e o v e r h e a d

cost o f other channels such as branches w h ich require expensive buildings, sta íĩp re se n c e ,

a considerable expense for adm inistrativ e costs and paperelated to the transactions have

also been decreased

Processing Cost Per Transmission

Source: Booz-Ạllen & Ha millon, ÌP M organ (2003)

Figure 9 illustrates the cost beneíĩt A lso according to the írequently quoted Booz-

Allen and H am ilton study show ed that th e cost o f a custom er w alking into the branch and

using a teller is U SD 1.01, vvhere as the cost o f conducting the sam e transaction o n the

Internet is only a tenth o f the cost No doubt the A TM is considerably cheaper than a

teller, but even so, the Internet is nearly 3 tim es cheaper than the A TM usage In short,

replacing a teller with an Internet channel should in theory, show a 10 fold increase in the

distribution revenue for the bank This reason alone should be sufficient for banks to

encoiưage this form o f distribution channel

A t t r a c t i n t ’ h i g h v a l u e c u s t o m e r s

Ít is th e fact th a t to b a n k in g O nline re q u ir e s th e u s e rs a t le a st a C o m p u te r vvith

Internet connection, and basic knovvledge about inĩorm ation technology A s the result o f

th is , O nline bank is c o n s id e re d as a channel th a t attracts th e h ig h v a lu e custom ers fo r th e

bank It oíten gains the attention o f high p ro íit custom ers with higher than average

incom e and education levels, vvhich helps to increase the size o f revenue stream s, also

Income Level and Online Banking I 2007

S cu-rc H o rọ a-., 'Pcv l-ior-xrt C rv n o s - c o ơ n ẹ * o r m r ta m ữ z ^ ^ < ^ /T Ằ l!rO íxy._oae>Jff asc

m t n t O rrte re d Health IníormatkMì Technology • pchft.org

F ig u r e 9 H o u seh o ld In c o m e L evel a n d O n lin e B a n k in g (2007)

Source: John H orrigan “Pew Internet: O nline Shopping.”

T he survey conducted by Pevv internet (2007) in USA show ed that approxim ateiy

internet banking custom ers tend to be high incom e earners vvith greater p roíit potential

for b a n k s

E n h a n c e bank~s r e p u t a t i o n a n d e a s i e r l o e x p a n d

Successful im plem entation an O n l i n e system or the diversity o f th e services is

im portant ĩactors that help to im prove the im age o f th e bank (Shah & Clarke, 2009, p 17)

People tend to like innovation, like ch an g es that m ake the Iife com íbrtable and

convenient Thereíòre, w hen bank apply internet for its system that m eans they are doing

innovation and their custom ers will certainly be attracted T his is especially true in the

early d ay s w hen only the most innovation and fam ous bankers w ere im plem enting this

channel D espite its com m on availability today, banks still get their custom ers' attention

b y the a t t r a c t i v e and d i v e r s i í ì e d p o r t í o l i o o f P ro d u c ts and s e r v ic e s s e rv e d t h r o u g h O n l i n e

system T he m ore reputation the bank has, the m ore custom ers it will have and involve

T he easy expansion is also an ob viou s aspect that is m entioned It is no use

denying that O n lin e system m akes the national boundaries transparence Traditionally,

w hen a bank w ants to expand geographically it had to open new branches, thereby

incurring high start up and m aintenance costs H ow ever, this problem can be solved now

T oday, banks with traditional custom er base in one part o f the country o r vvorld can

a ttra c t c u s to m e r s fro m o th e r p a rts a s m o s t o f th e financial tra n s a c tio n s d o n o t r e q u ir e a

physical presence near a cu sto m er's living o r w orking place (Shah & Clarke, 2009) It is

a lso a rea so n w h y th e n u m b er o f Online c u s to m e rs is incred ib ly increasing

Disadvantages of O nline banking

Customers’ perspective

O nline banking can be a very useful and convenient tool for custom ers to m anage

their m oney T hey can access their accounts 24/7 from the com íòrt o f th eir ow n hom e or

vvorkplace, earn a very com petitive retu m and spot any ữ audulent transactions at once

There is no need for queuing o r traveling to the bank-the closet branch is ju s t a few clicks

aw ay H ow ever, O nline banking system is not perfect ju s t like the sam e coin has two

sides Just as with anything else, they need to know its trad eo íĩs to avoid unpleasant

surprises Som e o f the problem s that custom ers m ay have to face vvhen using O nline

banking are belovv:

Technical problems

A lthough the growth o f the Internet has been very fast, there is still a large

p o p u latio n not co n n ected to the Internet Lack o f C om puter literacy is p ointed out by

W alczuch et al (2000, pp 672-680) Ít is the fact that in som e countries, the m ạịority o f

households and businesses have PCs that are connected to internet On the other hand, it

is hardly believed, but true, that in o th er countries, especially in developing ones,

C o m p u te r and internet penetration are relatively low o r m oderate N either C o m p u te r nor

internet m akes O n l i n e banking im possible T h a t's w hy, in m any countries, m ost o f

c u s to m e r s u s in g b ric k - a n d -m o rta r b a n k s in s te a d o f a n O nline

A part fro m h a v in g the C o m p u te r an d internet, it is required th a t O nline c lie n ts still

applications S kills to deal w ith com puters brow sers and s e lf securities protection are

specially needed A dditionallv, another disadvantage w hich w as show ed out in

W ebintem etbanking (2009) that m ost banks upgrade th eir O nline program on a periodic

basis som etim es adding nevv íeatures and Products W hen this happens, the bank m ay

ask custom ers to re-en ter account iníbrm ation w hich can be a cause o f w orry, confusion

A nother problem ap pears w ith Internet banking vvhich is also m entioned in this article:

access S om etim es co m p uters crash o r the Internet connection disappears C ustom ers'

banks m ay need to shut dow n its w ebsite for m aintenance from tim e to tim e It typically

happens w hen custom ers need to m ake an urgent paym ent, transfer funds o r view up-to-

I f th e ir b a n k is O n lin e o n ly , t h e r e w o n 't b e a n y b a c k u p b ra n c h e s th a t c u s to m e rs c a n g o to

Perhaps they can try to h an d le m atters by phone but that can be rather difficult especially

i f they do n o t hav e any bill o r invoice to refer to

C u sto m e rs’ perceptions

B esides the problem s o f technology, custom er behavior o r perception is a

different aspect o f disadvantage o f internet banking T here are still quite a few people

w ho do not use internet banking because o f th eir ow n lack o f know ledge T hey m ay be

resistant to technology T hey m ay feel that it is too diffĩcult to leam Because young

people are exposed to com puters at an eariy age people w ho have this problem are

usually o lder (S teven 2008) A nother reason that not m any people have started using

Internet banking is because o f th eir perception; they do not trust the services o f the bank

through the net Som e hum an beings prefer to trust others like them and m ay have som e

difficulty in trusting a m achine especially in the m atters o f money Thev m av alw ays

have a đoubt about w hether th eir m oney is safe w hiie being processed through Internet

banking

No face to face contact

O ne very com m on disadvantage o f O n lin e banking is w hen a custom er has some

problem s o r queries There is no opportunity for direct interaction betvveen custom ers and

their bank Face to face contact is essential for dealing with com plex Products and certain

types o f investm ent that require careful explanation and discussion A ccording to D eepa

(2 0 0 9 )'s discussion, in a normal bank, i f one faces som e problem s, one can go to some

em ployee o f the bank to solve it Hovvever, in the case o f Internet banking, one w ill find

o n e s e lf m a k in g e n d le s s calls to the custom er S erv ice d e p a rtm e n t There h a v e b e e n c a s e s

vvhere the person is put on hold o r has been passed around from one person to another

Securitv

L ast but certainly not least, Internet banking is vulnerable to security threats It is

a vvell-knovvn fact th a t Internet banking scam s such as phishing w e b s ite s and C o m p u te r

viruses exist w hich steal u sers' identities and siphon o f f th e account-holders’ funds

(Bora, 2009) Such cases have been reported on new spapers, television and radio which

only reinforce the inherent psychological "fear’ o f using Internet banking This

discourages non-Intem et banking users from setting up Internet banking account and

current Internet banking users to think tw ice before th ey m ake their next transaction over

the Internet He also shovved that vvhile av ailing the facilities o f Internet banking O nline

u s e r s h a v e to b e v e r y careful to e n s u r e th e security o f their C o m p u te r a n d personal

in íb rm a tio n lik e th e p a s s w o r d u s e r n a m e a n d p in n u m b e r o f th e ir b a n k a c c o u n t

unauthorized u s e o f th e ir a c c o u n t b v C o m p u te r h a c k e rs Though b a n k s h a v e c o m e u p w ith

several security m easures, the cu sto m ers are also required to be a bit careíul to ensure

security and safety o f internet banking

Banks’ perspective

Availabilitv o f resource

For som e banks, lack o f íìnancial and hum an resources will be a problem because

offering the sophisticated Internet based services is an expensive prọịect requiring m ạịor

changes in IT inĩrastructure (M ols, 1998, pp 195-200) Sim ilarly, W alczuch et al.(2000)

pp 672-680 reported that the prim ary d eterren ts for businesses establishing a W eb

presence is start up costs and the co sts asso ciated w ith m ạịor organizational changes

required for such moves A suggestion w a s m entioned by M ols (1998, pp 195-200) that

there m ight be strategic partnerships betw een banks to share such costs These

partnerships could com bine to develop e-b an k in g related system s H ow ever, íinding

suitable partners in very com petitive en v iro n m en ts m ay prove diíĩicult

Risk

There are som e kinds o f risk that O n l i n e banking brings to the bank that has been

sum m arized by Steven (2008)

F irs tly , O perational Risk: it arises f r o m f r a u d P r o c e s s i n g e r r o r s svstem f a i l u r e

a n d a n y o th e r u n e x p c c te d e v e n ts th a t m ig h t p rc v e n t b a n k s t'rom d e liv e r in g th e ir S erv ices

as ordinary

S eco nd ly , Strategic Risk: lt is deíìned as the current and íuture im pact on

earnings or Capital arising from negative business decisions, im proper im plem entation o f

decisions o r lack o f responsive to industry changes As entering into internet banking,

bank is not assured with success considering the adoption w ill be vulnerable to higher

strategic risk

L astly , security: Internet security is still one o f the m ajor issues hindering the

grovvth o f Internet related trade Since the Internet is an open netvvork, high security risks

are involved with íìnancial transactions, especially in internet banking (Han & Noh

1 9 9 9 ) W arw ick e t ai (2 0 0 2 , p p 2 1 -3 1 ) , d e s c rib e d th e s e c u rity o f O nline b a n k in g a s th e

preservation o f coníìdentiality, integrity, authorized use and availability o f inform ation

A s th e result o f it, they have to use m any techniques to m ake internet banking more

secure and im m une to harm íul attacks S om e o f them are offering a variety o f services

based on a 128 encryption security protocol called Secure Sockets Layer (SSL) or

m essage encryption, o r Secret Key C ry p to g rap h y In a speech o f director o f the M inistry

o f Public Security‘s inform ation Technology departm ent, N guyen T he V iet, he stated that

2008 w as a year o f red alert for netw ork security for the w orld, including V iet N am , as

crim inal hackers íirst identiíìed and then took advantage o f num erous netw ork security

failures As a result, the iníbrm ation technology system s o f m ore and m ore financial

enterprises and banks w ere attacked N um erous w eb sites w ere seriously dam aged in

2008 and the fìrst three m onths o f 2009 It‘s estim ated that 60 m illion com puters will be

the v ictim s o f netvvork crim es that cau se the loss o f thousands o f billion dong this vear

To im plem ent and m aintain the secure sysiem is very com plicated and requires high tech

That is w hy; secure is alw ays the first issu e th a t banks have to pay attention when th ey

d e v e l o p t h e i r O n lin e netvvork

Chapter 4 Online Banking Security System

Overvievv about O n lin e banking system

E -com m erce has brought a new m om entous tum in g-po in t in ou r dai ly lives One

o f its s o lu tio n s is O nline b a n k in g w h ic h b rin g s h u g e c h a n g e s in m o d e m b a n k in g

transaction activ ities and gives u s a greater opportunity to access the banking system

anytim e and anyw here E specially , it allovvs us to easily and conveniently carry out

banking activities such as ch ecking account balances, tran sĩerring m oney, transacting

w ith credit cards, and so forth O bviously, the O nline banking system p rovides people

vvith quick transaction activities and also helps banks increase th eir effìciency H ow ever,

th e re a r e m any f a c to rs w hich h a v e aíT ected th e g ro w th o f O nline b a n k in g , in c lu d in g

usability, trustw orthiness, brand reputation, custom er satisfaction, security and so on In

up a reputation for good custom er satisfaction and m aintain custom er loyalty H ow ever,

they are not en ou gh to m ake the custom ers change their transaction habit and rely heavily

on O nline banking B ecause o f the suspectation o f securities issues, it is considered as

param ount (Jo ris 2002) W innie et al (2002) agreed w ith the idea that the security o f

O nline b a n k in g is th e m o s t im p o rta n t a s p e c t, c o m p a r e d to o th e r fa c to rs s u c h as e a s e -

of-use up-to-date inform ation brand reputation and so forth T h ereíore it seem s that the

security o f the O nline banking system is the most im portant issue that banks need to

urg ently address T he main purpose o f the O n lin e banking system is to provide a

s e c u r e a n d re m o te d e liv e r y c h a n n e l fo r b a n k in g s e r v ic e s to a lio w c u s to m e rs to

easily and quickly m anage their bank accounts, so banks must alvvays put the

security o f O n lin e banking before o th er factors It is clear that m any clients feel that

O nline b a n k in g is n o t s e c u re e n o u g h , a n d to in c re a s e its s e c u rity le v e ls , m a n y b a n k s

sim ply add m ore identity-checking steps o r put on m ore security m easures to som e extent

to give u s e r the im p re s s io n o f a secure O n lin e b a n k in g sy ste m (Zhang 2008)

A lso according to the paper presented at the l'*' International C oníerence on

applications and Principles o f Iníbrm ation Science o f Zhang (2008), a recent survey on

the O n lin e banking system in A m erica, shovved that around h a lf o f A m ericans are

vvorried a b o u t the v u ln e r a b ility o f th e ir Online b a n k i n g , and a r o u n d a third o f the

re s p o n d e n ts d o n o t c o m p le te ly tru s t O nline b a n k in g d u e to th e la c k o f s e c u rity

m easures A nother study, perĩorm ed by TN S Sofres™ (2008)- leading the world in

custom m arket research iníorm ation group- also show s that only a fifth o f the study

participants felt “positive” about the security in any o f the digital technology they use,

indicating that the vast m ạịority o f A m ericans rem ain very wary

Security plays an im portant role in e-business in general and in Online banking in

speaking, includes coníidentiality, authentication and integrity Each o f them is deíìned

clearly by Jelassi (2005 pp 606-609) C oníidentiality refers to the invisibility o f a

m essage to non-authorized parties B esides physical assess protection, the main m easures

to achieve coníidentiality are encryption and digital signatures A uthentication is

achieved when a sender can be correctly and uniquely linked to a m essage or request i.e

vvhen there is a p ro o f that a person or an entity is in fact the party it declares to be

C om m only, this is done through the use o f log-on passvvorđs Yet, authentication requires

previous identiflcation to validate the passw ord correctness not the identity o f the

transm itters hence the risk o f revealed o r stolen password In practice authentication is

im plem ented using m ainly PIN/TA N based system s and digital signatures D ifferent from

coníìdentiality and authentication, integrity is achieved w hen the content o f the m essage

(eg An em ail m essage o r paym ent data) is unchanged It is im plem ented through the use

o f digital signatures o r cryptographic hash sum s, vvith the latter being able to reveal

content changes caused by C o m p u te r virus

clients have the right to access th eir account inform ation, e.g., an unexpected

eavesdropper should not see iníbrm ation about a particular user H ence, authorized use

allow s the bank to detect the operation by unauthorized users Integrity m eans the data

stored in the bank should be identically m aintained during any operation such as aíter

transĩerring m oney, checking balances and so on A vailability ensures that the custom er

can access their account and check the in íòrm ation anytim e and anyw here

Yet, in this paper, I see security from tw o view points; One is the technical

perspective and the other is the cu sto m er's perspective W hilst these tw o view points are

m ostly in line w ith each other, in the O n lin e banking ĩield, the tw o stakeholders (i.e

the bank and the custom er) m ay have different perceptions o f security T he bank alw ays

tries to em ploy m ore secure and sophisticated techniques to protect its Online banking

system , vvhich strongly im plies the technical perspective: vvhereas custom ers do not care

vvhal k in d C)f te c h n iq u e s a r e u se d to p r o te c t th e ir a c c o u n t, b u t c o n c c m w ith h o w th e y fee]

about w h eth er o r not the system is secure A lso these sophisticated and technical security

m easures are m ostly invisible to cu stom ers so the custom ers m ay not be entirely sure o f

vvhether o r not the technical sop histication is necessary T hat is, security from the

technical perspective is used to en sure the coníidentiality, integrity, availability and

authorized use o f inform ation In co ntrast, security from a custom er‘s view does not

seem to b e th e s a m e S im ply p ut, it is a b o u t the p e r c e p tio n o f O nline b a n k in g security,

regardless o f the sophisticated secu rity m easures

Perspective o f Online banking security system

T h e users' perception o f th e security m easures m ight not be as sophisticated as in

term o f tc c h n ic a l v ie w s It vvould b c m in im a l from the tc c h -sa v v y feelin g s (Z h a n g 2008)

They are m ore concerned about id entity theft, íòrgotten passw ords, and identiíìcation

hacking and so on It is no t surp risin g th a t not all the users o f banking O n lin e are expert at

technology T h ereíò re, w h at they co n ce m about the security o f an O n lin e banking system

ju st like the face o f technology: w h at they can see and w hat they can do from the

interaction w ith th e w eb site interface o f th e O n lin e banking or by w hat way they can log

into th e O n l i n e banking system T hat íò c u ses m ainly on the identity-checking m ethod in

initiating th eir con nectio ns w ith th e bank servers In this light, the technical perspective

o f the O n l i n e banking system here is n o t th e m ajor concem o f the users’ activity Identity

c h e c k in g in th e O nline b a n k in g sy stem c a n b e d iv id e d into tw o c a te g o rie s: o n e is u

ser-initiated vs system ser-initiated and o th e r new identity-checking m ethods like biom etric

id e n tiíic a tio n te c h n o lo g ie s o r p h y s ic a l c h a r a c te r is tic s

Custom ers' perspective of security in O n lin e banking systems

User-initiated vs svstem initiated technique

A s th e d eíìn tio n o f Z h ang (20 08), the term “id en tity -ch eck in g '’ describes the

v v h o le p r o c e s s o f c h e c k i n g t h e i d e n t i t y o f a p e r s o n o r e n t i t y In the O n l i n e b a n k i n g

system , th e identity-checking p rocess b eg in s w ith the logon p rocedure to control access

to the cu sto m er acc o u n ts and personal inĩorm ation, norm ally includ ing the cu sto m er

"u sem am e passw o rd ” and so on It is reíered as the user-initiated T h at m eans th e

custom ers en ter their acco u n t nam e an d passw ord to log into the system For exam ple,

vvhen the custo m ers log in the O n l i n e ban k in g system o f th e V ietinbank, th ey w ill use

th e ir u sem am e th a t th ey register and th e passxvord w ill b e provided for them A íte r th at,

th ey w ill ch an g e th eir p assw ord It is user-initiated

Source: htip : eh.icb.com vn reta ìl Loein.do?aclion Ịòrm & ỉaniĩ vi VN

O n the other h an d, system -in itiated is also used by som e O n l i n e banks Som e

system -initiated inform ation like passw o rd (w hich is provided by the systern o f bank, not

inititated b y the u ser w hich is different from the user nam e and passw ord tliat is speciíĩed

by the custom ers)