Internet Banking

ronnierules

Par 100 posts (V.I.P)
Executive Summary

Internet is increasingly used by banks as a channel for receiving instructions and delivering their products and services to their customers.

 Different banks follow different levels for providing services on internet.

 Compared to banks abroad, India banks offering online services still have a long way to go in terms of number of users and sufficient infrastructure in place.

 Various security options are in place or are being looked at; however, Certification Authority is still missing in India.

 Also there are various risks associated with internet banking such as Operational Risk, Security Risk, Cross Border Risks, Legal Risk, etc.

 The Basel Committee’s Electronic Banking Group (EBG) in late 1999, tried to develop risk management guidance for Internet banking that will guide bankers and promote effective and consistent bank supervision around the world.

 The use of Information Technology in banking enables the banks to provide Any Time Banking, Customer Service, Telebanking, Home Banking, Plastic Card Services, etc., facilities.

 However, these facilities alongwith certain advantages these have certain disadvantages too.

 Concluding this, India is on threshold of a major banking revolution with the invasion of net banking and with the concept of payment gateway coming in; banks are vying with one another for the lion’s share in the market.
 

ronnierules

Par 100 posts (V.I.P)
A. Internet Banking:-

a) Introduction: -

The delivery channels including direct dial-up connections, private networks, public networks, etc. with the popularity of computers, easy access to Internet and World Wide Web (WWW), Internet is increasingly used by banks as a channel for receiving instructions and delivering their products and services to their customers. This form of banking is generally referred to as Internet Banking, although the range of products and services offered by different banks vary widely both in their content and sophistication.

b) Banking Services through Internet: -

i. The Basic Level Service is the banks’ web sites which disseminate information on different products and services offered to customers and members of public in general. It may receive and reply to customer’s queries through e-mail;

ii. In the next level are Simple Transactional Web sites which allows customers to submit their instructions, applications for different services, queries in their account balances, etc. but do not permit any fund-based transactions on their accounts;







iii. The third level of Internet banking service are offered by Fully Transactional Web sites which allow the customers to operate on their accounts for transfer of funds, payment of different bills, subscribing to other products of the bank and to transact purchase and sale of securities, etc. The above forms of Internet banking service the customer or by new banks, who deliver banking service primarily through Internet or other electronic delivery channels as the value added services. Some of these banks are known as ‘Virtual’ banks or ‘Internet only’ banks and may not have physical presence in a country despite offering different banking services.

c) The Indian Scenario: -

The entry of India banks into Net Banking

• Internet banking, both as a medium of delivery of banking services and as a strategic tool for business development.

• At present, the total internet users in the country are estimated at 9 lakh. However, this is expected to grow exponentially to 90 lakh by 2003. Only about 1 percent of Internet users did banking online in 1998. This is increased to 16.7 percent in March 2000.
- (India Research, May 29, 2000, Kotak Securities)

• Cost of banking service through the Internet from a fraction of costs through conventional methods. Rough estimates assume teller cost at Re.1 per transaction, ATM transaction cost at 45 paise, phone banking at 35 paise, debit cards at 20 paise and Internet banking at 10 paise per transaction.
d) Product and Services Offered: -

• Banks in India are at different stages of the web-enabled banking cycle. Initially, a bank, which is not having a web site, allows its customer to communicate with it through an e-mail address communication, and is limited to a small number of branches and offices which have access to this e-mail account.

• With gradual adoption of Information Technology, the bank puts up a web site that provides general information on deposits products, application forms for downloading and e-mail option for enquiries and feedback.

• Vijaya Bank provides information on its website about its NRI and other services. Customers are required to fill in applications on the Net and can later receive loans or other products requested for at their local branch.

• A few banks provide the customer to enquire into his DEMAT account (security/shares) holding details, transaction details and status of instructions given by him. These web sites still do not allow online transactions for their customers.

• Some of the banks permit customers to interact with them and transact electronically with them. Such services include request for opening of accounts, requisition for cheque books, stop payment of cheques, viewing and printing statements of accounts, movement of funds between accounts within the same bank, querying on status or requests, instructions for opening of Letter of Credit and Bank Guarantees, etc.
• These services are being initiated by banks like ICICI Bank Ltd., Citibank, Global Trust Bank Ltd., UTI Bank Ltd., Bank of Madura Ltd., Federal Bank Ltd., etc.

• Some of the more aggressive players in this area such as ICICI Bank Ltd., HDFC Bank Ltd., UTI Bank Ltd., Citibank, Global Trust Bank Ltd., and Bank of Punjab Ltd., offer the facility of receipt, review and payment of bills online.

• The ‘Infinity’ service of ICICI Bank Ltd., also allows online real time shopping all payments to be made by customers.

• HDFC Bank Ltd., has made e-shopping online and real time with the launch of its payment gateway.

• Banks providing internet banking services have been entering into agreements with their customers setting out the terms and conditions of the services.

• The terms and conditions include information on the access through user-ID and secret password, minimum balance and charges, authority to the bank for carrying out transactions performed through the service, liability of the user and the bank, disclosure of personal information for statistical analysis and credit scoring also, non-transferability of the facility, notices and termination, etc.





e) The Future Scenario: -

• Compared to banks abroad, India banks offering online services still have a long way to go. For online banking to reach a critical mass, there has to be sufficient number of users and the sufficient infrastructure in place.

• Various security options like Line Encryption, Branch Connection Encryption, Firewalls, Digital Certificates, Automatic Sign-offs, Random Pop-ups and Disaster Recovery Sites are in place or are being looked at; there is as yet no Certification Authority in India offering Public Key Infrastructure, which is absolutely necessary for online banking.

• The communication bandwidth available today in India is also not enough to meet the needs of high priority services like online banking and trading.

• Banks offering online facilities also need to calculate their downtime losses, because even a few minutes of downtime in a week could mean substantial losses.

• Users of Internet Banking Services are required to fill up the application forms online and send a copy of the same by mail or fax to the bank.

• A contractual agreement is entered into by the customer with the bank for using the Internet banking services.

• Domestic customers, for whom other access points such as ATMs, Telebanking, Personal Contact, etc. are available, are often hesitant to use the Internet banking services offered by Indian banks. Internet Banking, as an additional delivery channel, may, therefore, be attractive/ appealing as a value added service to domestic customers. Non-resident Indians, for whom, it is expensive and time consuming to access their bank accounts maintained in India find net banking very convenient and useful.

• Cyber crimes are, therefore, difficult to be identified and controlled.

• In order to promote Internet banking services, it is necessary that proper legal infrastructure is in place.

• The Department of Telecommunications (DoT) is moving fast to make available additional bandwidth, with the result that internet access will become much faster in the future.

• Reserve Bank of India has constituted a group to examine different issues relating to I-banking and recommend technology, security legal standards and operational standards keeping in view the international best practices. In the following paragraphs a generic set of risks discussed as the basis for formulating general risk control guidelines.
 

ronnierules

Par 100 posts (V.I.P)
B. Risk & Rewards:-

a) Operational Risk: -

• ‘Operational Risk’, also referred to as ‘Transactional Risk’ is the most common form of risk associated with I-banking.

• It takes them from of inaccurate processing of transactions, non-enforceability of contracts, compromises in data integrity, data privacy and confidentiality, unauthorized access / intrusion to bank’s systems and transaction, etc.

• Such risks can arise out of weaknesses in design, implementation and monitoring of banks information system.

• Besides inadequacies in technology, human factors like negligence by customers and employees, fraudulent activity of employees and crackers/ hackers, etc. can become potential source of operational risk.

b) Security Risk: -

• Security Risk arises on account of unauthorized access to a bank’s critical information stores like accounting system, risk management system, portfolio management system, etc.

• Other related risks are loss of reputation, infringing customers’ privacy and its legal implications, etc.

• Attackers could be hackers, unscrupulous vendors, disgruntled employee or even pure thrill seekers.

• In addition to external attacks banks are exposed to security risk from internal sources e.g. employee fraud. Employee being familiar with different systems and their weaknesses become potential security threats in a loosely controlled environment. They can manage to acquire the authentication data in order to access the customer accounts causing losses to the bank.

• Unless specifically protected, all data/ information transfer over the internet can be monitored or read by unauthorized persons.

c) System Architecture and Design: -

• Banks face the risk of wrong choice of technology, improper system design and inadequate control processes.

• Numerous protocols are used for communication across internet. Each protocol is designed for specific types of data transfer.

• A system allowing communications with all protocols, say HTTP (Hyper Text Transfer Protocol), FTP (File Transfer Protocol), Telnet, etc. is more prone to attack than one designed to permit say, only HTTP.

• Security related operational risk include access control, use of firewalls, cryptographic techniques, public key encryption, digital signature, etc.
d) Reputational Risk: -

• Reputational Risk is the risk of getting significant negative public opinion, which may result in a critical loss of funding or customers. Such risks arise from actions which cause major loss of the public confidence in the banks’ ability to perform critical functions or impair bank-customer relationship. It may be due to banks’ own action or due to third parties action.

• The main reasons for this risk may be system or product not working to the expectations of the customers, significant security breach (both due to internal and external attack), inadequate information to customers about product use and problem resolution procedures, significant problems with communication networks that impair customers’ access to their funds or account information especially if, there are, no alternative means of account access.

e) Legal Risk: -

• Legal risk arises from violation of, or non-conformance with laws, rules, regulations, or prescribed practices, or when the legal rights and obligations of parties to a transaction are not well established.

• A customer inadequately informed about his rights and obligations, may not take proper precautions in using Internet banking products or services, leading to disputed transactions, unwanted suits against the bank or other regulatory sanctions.


f) Cross-Border Risks: -

• Internet banking is based on technology that, by its very nature, is designed to extend the geographic reach of banks and customers. Such market expansion can extend beyond national borders. This causes various risks.

• Such considerations may expose banks to legal risks associated with non-compliance of different national laws and regulations, including consumer protection laws, record keeping and reporting requirements, privacy rules and money laundering laws.

• The foreign-based service provider or foreign participants in internet banking are sources of country risk to the extent that foreign parties become unable to fulfill their obligations due to economic, social or political factors.

g) Strategic Risk: -

• Strategic risk is the current and prospective impact on earnings or capital arising from adverse business decisions, improper implementation of decisions, or lack of responsiveness to industry changes.

• This risk is a function of the compatibility of an organization’s strategic goals, the business strategies developed to achieve those goals, the resources deployed against these goals, and the quality of implementation.

• For reducing such risk, banks need to conduct proper survey, consult experts from various fields, establish achievable goals and monitor performance.

• Also they need to analyze the availability and cost of additional resources, provision of adequate supporting staff, proper training of staff and adequate insurance coverage.

h) Other Risk: -

• Traditional banking risks such as credit risk, liquidity risk, interest rate risk and market risk are also present in internet banking.

• These risks get intensified due to the very nature of internet banking on account of use of electronic channels as well as absence of geographical limits.

• Credit risk: Is the risk that a counterparty will not settle an obligation for full value, either when due or at any time thereafter. Banks may not be able to properly evaluate the creditworthiness of the customer while extending credit through remote banking procedures, which could enhance the credit risk.

• Another facility of internet banking is electronic money. It brings various types of risks associated with it. If a bank purchases e-money from an issuer in order to resell it to a customer, it exposes itself to credit risk in the event of the issuer defaulting on its obligation to redeem electronic money.

• Liquidity risk: It is important for a bank engaged in electronic money transfer activities that it ensures that funds are adequate to cover redemption and settlement demands at any particular time. Failure to do so, besides exposing the bank to liquidity risk, may even give rise to legal action and reputational risk.

i) Risk of Unfair Completion: -

• Internet banking is going to intensify the competition among various banks. The open nature of internet may induce a few banks to use unfair practices to take advantage over rivals. Any leaks at network connection or operating system, etc. may allow them to interfere in a rival bank’s system.

Thus, one can find that along with the benefits internet banking carries various risks for bank itself as well as banking system as a whole.
 

ronnierules

Par 100 posts (V.I.P)
2. Internet Banking: Challenges for Banks & Regulators





A. Internet Banking in the United States
 New Risks

B. The Basel Committee’s Electronic Banking Group

C. E-Finance Oversight

D. Security Controls

E. Legal & Reputational Risk Management
 

ronnierules

Par 100 posts (V.I.P)
A. Internet Banking in the United States: -

• An average industry estimates indicates the about 13 million US households banked online by the end of 2000 – twice as many as in the previous years.

• At the beginning of 2001, 37% of all US national banks, including nearly all of the largest national banks, were offering full transactional capabilities online – a near twofold increase in little over a year.

• Banks offering Internet-based transaction service – and there are more of them each day – should be well positioned to compete in the financial markets of the future.

 New Risks: -

• Internet banking poses risks that are different from those that bank supervisors customarily dealt with in assessing credit, market, or interest rate risk.

• First, banks must manage the unprecedented speed of technological change, and assess how it relates to their technology investments and their ability to provide consistently high-quality customer service.

• Second, bank is increasingly dependent on third parties to provide the necessary Information Technology.

• Security is another area of significant risk. So far, relatively few financial institutions have reported being victimized by online security violations.
 

ronnierules

Par 100 posts (V.I.P)
B. The Basel Committee’s Electronic Banking Group: -

• The Basel Committee on Banking Supervision has taken the lead in this area through the creation of its Electronic Banking Group (EBG) in late 1999 – a group whose members represent 17 Central Banks and Bank Supervisory Agencies.

• The major focus of the EBG’s work has been to develop risk management guidance for Internet banking that will guide bankers and promote effective and consistent bank supervision around the world.

• The EBG has identified fourteen Risk Management Principles for Electronic Banking to promote sound risk management of e-banking. These principles are intended to help banking institutions expand their existing oversight policies and processes to cover their e-banking activities.

C. E-Finance Oversight: -

• The EBG has dedicated considerable time and effort to communicating supervisory expectations and guidance for home country supervisors to oversee cross-border Internet banking activity conducted by their local institutions.

• In February of this year, the Financial Stability Forum’s Contact Group on E-Finance held its first formal meeting. This group was formed to promote enhanced information-sharing among the various international sector-based working groups dealing with e-finance supervisory issues – e-banking, e-trading, retail payments systems, e-commerce, and so on.
 

ronnierules

Par 100 posts (V.I.P)
D. Security Controls: -

• Authentication of e-banking customers.

• No repudiation and accountability for e-banking transaction of duties.

• Appropriate measures to ensure segregation of duties.

• Proper authorization controls within e-banking systems, databases and applications.

• Data integrity of e-banking transactions, records and information.

• Establishment of clear audit trails for e-banking transactions.

• Confidentiality of key bank information.

E. Legal & Reputational Risk Management: -

• Appropriate disclosure for e-banking services.

• Privacy of customer information.

• Capacity, business continuity and contingency planning to ensure availability of e-banking systems and services.

• Incident response planning. The complete EBG Report on Risk Management Principles for Electronic Banking can be obtained at the Bank for International Settlements’ web site at “www.bis.org”.
 

ronnierules

Par 100 posts (V.I.P)
3. What do Computers do in Banks?





The Different Uses of Information Technology:
a) Single Window System
b) Any Time Banking
c) Automated Teller Machines
d) Shared Payment Network System
e) Customer Service
f) Telebanking
g) Home Banking
h) Electronic Fund Transfer
i) Plastic Cards as Media for Payment
1. Credit Card
2. Debit Card
3. Smart Card
4. ATM Card
j) Intra-bank and Inter-bank Applications
 

ronnierules

Par 100 posts (V.I.P)
The Different Uses of Information Technology: -

a) Single Window System (SWS): -

• The cashier or teller who accepts the cash, keys in the data from his terminal after receipt of the amount.

• The amount is straight away posted to the system.

• If the customer wishes to update passbook the same is also updated through the security form printer/pass book printer.

• If a customer wishes to obtain a draft, the clerk keys in the details of the account to be debited and the particulars of the drafts to be issued on the machine.

• The customer’s account is debited and security form printer prints out draft and clerk can hand over the same to customer duly signed.

b) Any Time Banking: -

• This refers to banking service available 24 hours a day and 365 days a year.

• Such facility is made available to the customer through the Automated Teller machine.

• Banking, being a service industry, is primarily driven by customers’ needs.


• Each customer is willing to pay a price for the services provided it is made available to him when he wants and where he wants.

• In the present day of server competition, banking services are driven by technology, which is more oriented towards providing better services to the customer.

• The concept of banking hours has been changed from the fixed 4 hours to 24 hours.

• This has been made possible through use of ATMs. Even under the manual service, the banks have stated to extend the service from the traditional 4 hours to 5 hours and even up to 12 hours say from 8 AM to 8 PM.

• Some banks have introduced the practice of Sunday Banking or Holiday Banking.

c) Automated Teller Machine (ATM): -

• ATM is a machine in the nature of a computer in general sense, but is dedicated to do certain types of specific jobs only.

• The hardware and the proprietary i.e. the software used in one machine cannot be used in one machine.







d) Shared Payment Network System (SPNS): -

• The SPNS, named SWADHAN, has been sponsored by the Indian Bank’s Association (IBA).

• It is a network of ATMs, points of sale terminals and Cash Dispensers with a view to pool the resources of the banks and underlines the spirit of competition through cooperation.

• It became operational in Mumbai on 1st February 1997 and in two years about 150 ATMs were owned and installed by 38 banks including foreign banks, public and private sector Indian commercial banks as also cooperative banks.

• The biggest advantage of the network is that the ATM cards issued by different banks can used at any member banks ATM.

• Banks can have as many ATM as they want and follow some standards set by the SPNS committee.

• The heart of the network is the Switch and its main components are: Tandem Mainframe Computer, BASE 24 Software, Motorola networking equipments and the leased lines.
 

ronnierules

Par 100 posts (V.I.P)
e) Customer Services: -

The following customer services are offered through the system:

i) Cash withdrawal (up to a specified limit)
ii) Cheque/Cash deposit (the receipt being only for the deposit of the envelope containing cash but not for the amount therein)
iii) Enquiry about balances
iv) Printing of statement of accounts
v) Request for cheque book and standing instructions.
vi) Transfer of funds
vii) PIN change

f) Telebanking: -

• From the conventional banking, where the services were provided manually across the table, it has come to a stage where the customer is not required to visit the bank enquiry of balance in the account, sending a remittance, to get a statement of account, etc.

• The concept has become so popular that in USA customers do not visit the bank for 97% of their transactions and these are done from either customer’s residence or office using a telephone or a home PC.

• In telebanking the customer is required to open the account with the bank initially by visiting the bank.

• Telebanking services are, generally, provided by the bank over the telephone on a special number.

• The number at the bank is connected to a terminal in the bank, which is either handled manually or is automated by connecting the same to the computer network.

• Where the system is automated, two types of technology are used.

g) Home Banking: -

• Under home banking the customer is served at his residence and there is no need for the customer to visit the bank’s premises for a number of routine transactions.

• If the customer needs some information the same can be got by contacting the bank over the phone as described in the telebanking.

• If the customer wants to put through transaction and wishes to see his account or to get a statement of his account, he may have to use a PC.

• This type of facility is available with a town, city or metropolitan area.

• Under such a situation the customer should have a:
 PC
 Modem
 Telephone line
 A compatible software for the home PC

• The home banking service can be broadly classified under two groups, one without using the information technology and another using information technology.
• When customer contacts the bank o the phone no specific technology is involved and the service of telebanking is provided to him.

h) Electronic Fund Transfer (EFT): -

• In India the fund transfers are basically done through Mail Transfer, Draft or Telegraphic Transfer.

• In case of Telegraphic Transfer (TT) again the Department of Telecommunication was the sole provider of Telephone, Telex and Telegram facilities.

• With the process of liberalization private operators have started providing alternative voice communication channels through mobile phones and vast communication as an alternative channels for data communication.

• It was normal for any TT to be credited to the beneficiary’s account after delay of 2 to 4 days

• The different forms of EFT prevalent in the use are:
 EFT through Electronic Data Interchange
 BANKNET
 RBINET
 IDRBT VSAT Network
 EFT from Point of Sales
 Electronic Cash
 SWIFT- Global System for Funds Transfer
 Electronic Clearing Settlement
i) Plastic Cards as Media for Payment: -

There are four types of plastic cards being used as media for making payments. These are:
1. Credit Card
2. Debit Card
3. Smart Card
4. ATM Card

1. Credit Cards: -

The credit card enables the cardholders to:
 Purchase any item like clothes, jewellery, railway/air tickets, etc.
 Pay bills for dining in a restaurant or boarding and lodging in a hotel
 Avail of any service like car rental, etc.

2. Debit Cards: -

A debit card is issued on payment of a specified amount by the issuing company like a telephone company to a customer on cash payment or on debiting his account by a bank.

Thus it is like an electronic purse, which can be read and debited by the required amount.

It may be noted that while through a credit card, the customer first makes a purchase or avails service and pays later on, but for getting the debit card, a customer has to first pay the due amount and then make a purchase or avail the service. For this reason, debit card are not as popular as credit cards.


3. Smart Cards: -

Smart Cards have a built-in microcomputer chip, which can be used for storing and processing information. For example, a person can have a smart card from a bank with the specified amount stored electronically on it. As he goes on making transactions with the help of the card, the balance keeps on reducing electronically. When the specified amount is utilized by the customer, he can approach the bank to get his card validated for a further specified amount. Such cards are used for paying small amounts like telephone calls, petrol bills, etc.

In India, a smart card, suiting Indian banking environment, is being developed and tested at IIT, Mumbai, in collaboration with the RBI and SBI. The card is being used as an experimental tool for promoting cashless society in and around the IIT Campus. The latest smart card being developed will combine all the features of electronic purses, credit cards and ATM cards.

4. ATM Cards: -

The card contains a PIN (Personal Identification Number) which is selected by the customer or conveyed to the customer and enables him to withdraw cash up to the transaction limit for the day. He can also deposit cash or cheque.
 

ronnierules

Par 100 posts (V.I.P)
j) Intra-Bank & Inter-Bank applications: -

Computerization is now all pervasive in banks. Almost all the activities in a bank can be performed more efficiently with the help of computers. Broadly, we can divide the applications of computerization in banks in two types:

I. Intra-Bank Applications: -

i) Funds transfer and payment message
ii) Banks owned ATM/Credit Card and other application on the corporate network
iii) Inter-Branch Reconciliation
iv) Quick disposal of loan/investment proposal
v) Funds information from clearing centers to the fund management office for optimal allocation of funds.
vi) Cash Management Product
vii) Treasury Management
viii) Any Branch Banking
ix) Asset Liability Management
x) E-mail
xi) Software distribution in the bank
xii) Organizational bulletin boards may contain the following:
a. Circulars
b. Newsletters, phone and address directories
c. Undesirable parties
d. Missing security items
e. Confidential circular on attempted frauds.
xiii) Human Resources Development and Personnel Administration
xiv) Auditing and Inspecting computerized branches using the network
xv) Organizational database may include:
a. Statutory returns
b. Control returns
c. Standardized returns
xvi) Management Information Systems:
a. Borrower’s profile
b. Branch profile
c. Employee analysis
d. Product/service profile
e. Business profile of branches.
xvii) Apart from providing efficient service to customers the financial network will also fulfill the following objectives:
a. Timely information to top management
b. Helping in development of new products
c. Speedy communication among branches and with the controlling offices.

II. Inter-Bank Applications: -

i) Electronic Funds Transfer:
a. Retail EFT (Small value credit transfer) on net settlement basis.
b. Wholesale EFT (Large value credit transfer) on Real Time Gross Settlement (RTGS) basis for time critical payments.
ii) Clearing and settlement systems for securities – Delivery vs. Payment (DVP). The final delivery of securities will occur if and only if final payment occurs.

iii) Transferring balance from net settlement systems to RTGS Server at periodic intervals. The net obligation could be from:
a. Local paper-based clearing
b. Inter-city paper-based clearing (including IT discounting facilities)
c. Bulk payments – ECS (Debit, Credit, RAPID) including intercity.
d. Shared ATM networks
e. Smart cards and other pre-paid/pre-authorized debit cards
iv) Exchange of defaulting borrowers list among RBI and banks
v) EDI services to the extent they pertain to payment cycle to EDI (Electronic Data Interchange)
vi) Consolidation of current account balance from the existing DAD (Deposit Accounts Department in RBI Offices) applications synchronously/asynchronously to facilitate balance enquiry by banks on all India/center-wise basis and if necessary to activate transfer of funds among DADs at different centers.
vii) Reporting of government account transactions
viii) Reporting of BSR (Basic Statistical Returns) etc. to RBI
ix) Asset Liability Management
x) Intranet in RBI to enable banks to get circulars, press releases etc.
xi) Returns to be submitted by the banks to Departments of Banking Supervision (DBS) for off-site supervision and monitoring.
 

ronnierules

Par 100 posts (V.I.P)
4. Credit Card Frauds





A. Credit Card Frauds
a) Meaning
b) Aware of Credit Card
c) Advantages of Credit Card
d) Credit Card Frauds


B. The Prevention of Frauds
a) Duplicate Card
b) White plastics
c) Banker’s Role
d) Cyber Laws
e) Altering Sale terminals
f) Internet Relays
g) Monitoring Deposit
h) Risk Management
i) Central Credit Card Clearing House
j) Loss of Credit Cards in Transit
k) Fraud Consciousness
l) Physical Evidence
m) Check the handwriting
 

ronnierules

Par 100 posts (V.I.P)
A. Credit Card Frauds: -

a) Meaning: -

A credit card is a money transaction device without using cash or fiduciary documents.

b) Aware of Credit Card: -

The credit card, as already seen, is a money transaction device. The institutions issuing the credit card give the card holders authority to obtain money, goods, services or any other thing of value, on credit. They guarantee payment of debit so raised. These institutions are banks and other financial institutions, clubs and travel agencies and departmental stores, etc. Credit Cards, Bob Cards, Master Cards, Visa Cards, express Cards, Euro Cards have wide circulation. Some of them have wide circulation. Some of them have world-wide circulation.

c) Advantages of Credit Cards: -

Following types of safety measures are being introduced increasingly in the credit card manufacture. They can be adopted with advantages:

1. Simultaneous printing on both sides of the cards; creating some superimposed graphics, patterns, digits or writings.
2. Multi-layered laminates incorporating lateen images which may distinguish the genuine from the forged.
3. Intricate graphics and distinctive letter and digit designs.
4. Laser printing to engrave the letter and digits on the credit card.
5. Three dimensional insignia, logo of high artistic quality on the credit card.
6. Encoded information track in magnetic inks on magnetic stripe.
7. Cards inserted in the imprinter head, designed and manufactured to rigid specification to permit limited tolerance to admit only genuine credit cards.
8. Secure Signature Panel.
9. 3- Dimensional hologram.
10. U.V. fluorescent images and designs.
11. Micro printing
12. Optically illusive figures, designs, etc.
13. Heavy duty embossing logo.

d) Credit Card Frauds: -

Credit card frauds manifest themselves in a number of ways:
1. Genuine cards are manipulated.
2. Genuine cards are altered.
3. Counterfeit cards are created.
4. Fraudulent telemarketing is done with credit cards.
5. Genuine cards are obtained on fraudulent applications in the names/addresses of other persons and used.

It is feared that with the expansion of E-Commerce, M-Commerce, and Internet facilities being available on massive scale, the fraudulent fund freaking via credit cards will increase tremendously. The shape it takes will be limited only by the ingenuity of the future.
 

ronnierules

Par 100 posts (V.I.P)
B. The Prevention of Frauds:-

a) Duplicate Card: -

The duplicate fraudulent credit cards are those where the defrauders have made sincere efforts to duplicate the original cards through photo-mechanical processes.

They follow the footsteps of the original manufactures of the genuine credit cards to produce as close a replica of the genuine card as possible, employing similar materials and similar processes of printing and embossing, besides magnetic encodings.

b) White Plastic: -

The counterfeit credit cards known as ‘white plastics’ are imitations of credit cards in general aspect.

c) Banker’s Role: -

The credit card industry is one of the fastest growing activities of the banking industry. The artist has to be there (where the money is). The banks have to suffer losses.

d) Cyber Laws: -

Information Technology Ministry be approached for stringent laws against credit card crimes.





e) Altering Sales terminals: -

Internet E-Mail should be utilized on the pattern of Hot Box organized about a decade ago suitably modified to benefit from the advances the information technology has made since them.

f) Internet Relays: -

Computers should be pressed into service via internet connection by suitably upgrading the Television System Vertical blanking Intervals for notifying the fraudulent cards in the market.

g) Monitoring Deposit: -

Monitoring system can help locate the unscrupulous merchants who use or allow the use of ‘white plastics’ and fraudulent cards, knowing full well their fraudulent nature for making a fast back.

h) Risk Management: -

To meet the menace one of the top card companies has imitated risk management service to identify these high risk centers where daily all the inter-change transactions of the areas are scrutinized and the credit card number are checked against those which have been declared fraudulent, stolen or lost.









i) Central credit Card Clearing House: -

There should be a joint list of credit card holders on central basis with their addresses and other details, if any. New applicants to any bank for credit cards should be checked: -
• If he is holding card from other issuers.
• If he has held a card at other times. If so, when? Why did he discontinue?
• If he has applied to more than one credit card issuers
• The new card holder’s business transactions should be watched for some time.

j) Loss of Credit cards in Transit: -

It must be prevented.

It is simple for either the customer to collect personally or the banker should deliver it personally, or it should be sent by courier and confirmation obtained on telephone, in addition to the paper receipt.

k) Fraud Consciousness: -

The problem of credit card frauds must be brought to the notice of users as well as of the servers at sale terminals.

Proper training in the check up of the credit card in its various aspects has no substitute and in view of the huge issues the same is indispensable.





l) Physical Evidence: -

Immediately on the discovery of fraud all the physical evidence available should at once be taken into possession and the case reported to the police for investigation.

m) Check the Handwriting: -

Handwriting (in signatures) is available on sale drafts and on credit cards. The comparison of hand-writing inter se and with that of the suspect and of genuine card holders, can lead to the identity or non-identity of alleged writer.
 

ronnierules

Par 100 posts (V.I.P)
5. Banks Control in Online Banking





A. Will Banks Control Online Banking?: -
a) Internet Banking in India
b) Real threats
c) Online


B. Banking in the Cyber world: -
a) Internet Purchases without Payment Gateways
b) Risk of Gateway
 

ronnierules

Par 100 posts (V.I.P)
A. Will Banks Control Online Banking?: -

a) Internet Banking in India: -

Online banking is expected to explode in the next few years. We will be entering the age of non-physical exchange of cash aided by complete transparency leading to perfectly competitive electronic market place and inevitably to customer supremacy. Growth in online banking will be driven by the following reasons:

• Increasing access to low cost electronic services
• Emergence of open standards in the banking industry
• Improved customer awareness
• Entry of global majors in the market
• Integration of banking services with e-commerce and emergence of e-cash
• Convenient international transactions as Internet eliminates geographic boundaries
• Shift from one-stop shopping to unbundled product purchases











 Internet Banking – An Overview: -

Internet Banking sites can be segregated into four categories from Level I, which offer just minimum functionalities such as access to one’s deposit account data, to Level IV sites that offer sophisticated services. To be successful, an Internet bank must offer:

• High rates on deposits
• 24 hour access
• Free checking and bill payment facilities with rebates on ATM surcharges
• Credit cards with low rates
• Simple and easy online applications for all accounts including personal loans
• Innovative products
• High quality customer service

b) Real Threats: -

• A majority of leading online brokers are beginning to offer banking products and services as part of their overall offers.

• They are actively seeking to capture “excess” balances in existing checking and saving accounts by offering better rates.

• There are other threats to banks as well. Several leading system providers have developed “bank-in-a-box” solution – unbranded, electronic, full-service, virtual-bank system – that can be bought, branded, and offered to consumer by any authorized company that wishes to provide banking service.
c) Online: -

An online service that merely mimics an offline one has a second problem as well; it doesn’t give customers an adequate inducement to move a significant portion of their banking online.

As a result, most customers tend to tend to treat online banking as no more than an extra channel to check their balance and transaction histories, and they continue to do the rest of their business at the ATM or the teller window.

A vicious offering increase the banks’ total costs. This makes the banks reluctant to make further large investments in the online channel, which thus, does nothing to move customers away from tellers and ATMs.

In fact, consumers didn’t stop using tellers to the extent that banks has hoped, but they also used ATMs so frequently that the reduction in cost per use was more than offset by the higher volume of transactions.

The study of Information Systems through broadband connection, through satellite, through a network or through a view chat.

This online information system provides information about all aspects, Information providing on the demand of the subscriber.

This online information system may be of study program, a graduation program or sharing of data through internets, extranet and internet.
 

ronnierules

Par 100 posts (V.I.P)
B. Banking in the Cyber world: -

a) Internet Purchases without Payment Gateway: -

The dangers are three-fold:

• Since a manual process requires human intervention, risk of information leakage exists.
• No exchange of Digital ID, so no authentication of the merchant – risk of bogus merchant.
• No exchange of Digital Certificate to authenticate card holder – risk of repudiation of transaction by the card holder.

The benefits which the user would get by using the Internet payment gateway are:

• Card details travel encrypted on the Net (if encryption facility available on the gateway).
• On-line status of order, if the gateway has on-line authorization.
• Secure Merchant identification, so that fraudulent web sites posing as genuine merchants get weeded out.

 What’s a Payment Gateway?

A payment gateway is software that supports multiple payment models simultaneously in a safe and secure manner.

Funds can be transferred through credit, debit and smart cards, cheques, electronic payment wallets and even direct debits through a central payment switch.

Put simply, a payment gateway enables on-line commercial transactions on the internet on a secure system, which have firewalls against hacking.
b) Risk of Gateways: -

• Currently, in India – HDFC Bank and ICICI – have launched payment gateways for Business to Customer (B2C) transactions.

• Payments can be effected through credit cards or through directly debiting the account of the customers of the respective banks.

• Some payment mechanisms on the Internet are not safe, as they are in the open-loop where a merchant portal can see the credit card number.

• This is unsafe for credit card holder and is susceptible to fraud as his number can be physically seen.

• The dust is yet to settle in the B2C payment gateways, but action is already heating up in the business to business (B2B) arena.

• Besides HDFC Bank and ICICI, Global Tele-System and a few other non-bank companies are toying the idea of launching payment gateways for inter bank and B2B transactions.

• No prizes for guessing who they are targeting, Nationalized banks, of course.
 

ronnierules

Par 100 posts (V.I.P)
6. ICICI Bank: A Case Study




A. ICICI Bank and Sify for Online Distribution of Retail Banking Products & Services.

In a major development in the Internet world, ICICI Bank, the banking subsidiary of ICICI Ltd. (NYSE: IC and IC.D) and Satyam Infoway Ltd. (NASDAQ: SIFY) announced the setting up of a new “.COM” company for on-line distribution of retail banking products and services on the Internet. This landmark agreement marks the coming together of India’s first Internet Banking provider, ICICI Bank, and India’s largest private ISP and mega-Portal, Satyam Infoway, to create a unique partnership between a major Bank and a mega-Portal. The marriage between banking and portals is expected to be a win-win potent combination, which is expected to result in improved customer orientation, lower distribution cost, long-term customer relationships with ease of banking wherever and whenever the customer wants it and enhanced profitability. The range of retail banking products to be distributed through the portal would include savings accounts, current accounts, fixed deposits, bill payments and other retail banking products that ICICI Bank may offer through this on-line channel.


The surge in demand for e-commerce related services stems from the rapid growth in Internet penetration in the country and a fundamental change in the business paradigm. The two companies would therefore also explore several opportunities to complement each other’s strengths to capitalist on the opportunities in e-commerce. This would include providing a platform for trade facilitation and payments over the Internet using innovative banking products of ICICI Bank. SIFY has a buyer to seller ordering/selling website, SeekandSource.com, which is on-line except for the payments that are still physical. ICICI Bank has developed an Internet based ‘business to business’ payment module for purchasers and sellers to effect payments online. A synergistic offering of these two products would be made so that such customers/users can complete the entire transaction and payments online.

The two companies would expect to co-operate wherever feasible to extend the reach and channels for distribution of financial products from ICICI Bank and Internet products from SIFY. ICICI Bank, as a part of its “Click and Brick” strategic focus would set up ATMs at the Satyam Access Points and Cyber Cafes, thereby increasing its reach across the country. It would also offer Satyam Internet terminals at its branches, enabling visitors to surf the Internet, thereby attracting new customers to branches. The two companies shall examine further business opportunities, which would effectively synergies the financial services strength of ICICI Bank and its Affiliates and the technological expertise of Satyam Infoway and its Affiliates. ICICI Bank and Satyam Infoway through this partnership will play a strategic role in providing revolutionary e-commerce solutions in India.

The memorandum of understanding was signed today between Mr. H.N Sinor, Managing Director & CEO of ICICI Bank and Mr. R. Ramraj, Managing Director of Satyam Infoway.

ICICI is a diversified financial services company offering a wide range of products and services to corporate and retail customers in India. ICICI Bank, a subsidiary company has been the pioneer of Internet banking in India. ICICI Bank has been gearing itself for the opportunities that would be created from the e-Commerce revolution.

Satyam Infoway Ltd. Is the leading integrated Internet and e-commerce company operating in India. Satyam Online, the most comprehensive portal site of Indian origin is one of the key offerings from SIFY in the business to consumer segment. Recently it entered into an agreement to acquire India World Communications Private Limited, which would result in the integration of India World’s popular websites like samachar.com, khel.com and khoj.com with SIFY’s portals. The combined portal would be the largest India related Internet portal.
 

ronnierules

Par 100 posts (V.I.P)
B. Recent E-Mail Fraud:-

ONLINE fraudsters targeted ICICI Bank customers through spam mail that asked them to disclose passwords and other information, but the bank said no financial loss was reported so far.

E-mails from `[email protected]' with the subject `Important information from ICICI Bank' and `Official information from ICICI Bank' started circulating from Monday. Once opened, the mail asked customers to click on a link.

"For security purposes your account has been randomly chosen for verification. To verify your account information we are asking you to provide us with all the data we are requesting. Otherwise we will not be able to verify your identity and access to your account will be denied. Please click on the link below to get to the ICICI secure page and verify your account details. Thank you," the e-mail said.

The ingenuity of the e-mail is striking as when clicked on the link, it opens a Web page that is an exact replica of ICICI Bank's and simultaneously opens the bank Web site.

Customers were asked to key in their identification number, login and fund transfer passwords. The link, however, didn't work on Wednesday.
An ICICI Bank spokesman said so far no financial loss was reported because of the fraud. "It's not easy to say how many of our customers have got it. First, we felt it will be a large number. But now our assessment is it's a small number," the spokesman said.

ICICI Bank sent e-mail to its customers, warning them about the fraud and urging not to respond to such mails. "Such fraudulent communication may also be sent via SMS or the phone," the bank said.

The ICICI Bank spokesman said the bank has alerted the cyber crime cells about the spam mails. But the origin of the spam mail had not been traced, he said.

Such fraudulent mails are becoming rampant across the world as Internet banking has grown in popularity.
 

ronnierules

Par 100 posts (V.I.P)
C. Online fraud: 60-yr-old seeks police action against ICICI Bank officials:-

Karve Nagar resident Vinod Malhotra suffered a loss of Rs 95,000, which was transferred through 19 phone bank transactions in just two minutes.

While cyber criminals are on the prowl, the increasing number of online fraud has also put a question mark on the security system of banks. Vinod Malhotra, a 60-year-old citizen from Karve Nagar, who lost Rs 95,000 to an online fraud, gave a letter to the Shivajinagar police station requesting the investigation officer, police sub inspector S B Ghorpade, to book the ICICI Bank authorities in the case.

The police have so far booked Bhavin Gunwantilal Kakadia of Chira Bazaar, Mumbai. That is because Malhotra’s money was transferred into Kakadia’s account on June 2. But Malhotra has alleged that the loss occurred because ICICI Bank failed to protect his account.

Malhotra received a fraudulent e-mail on April 18, carrying a logo of ICICI Bank, seeking his credit card account details. Taking it to be genuine request, the elderly citizen submitted the details. He then sent an e-mail to ICICI Bank to check if they had actually sought the information.

On April 20, the bank replied that it was a fraudulent email. But on April 21, fraudsters used his credit card for booking tickets worth Rs 4,000 for Adlabs theatre, Mumbai. On April 21, the credit card was again used for online shopping worth Rs 3,083 through a US-based website.


Malhotra received the customary SMS alert about this transaction. He immediately contacted the bank and submitted details of the illegal transactions. The bank replied that it was a “phishing” attack. The bank then blocked his credit card and issued a new one, assuring him that his account would be protected properly.

But again on June 2, Rs 95,000 was transferred from his savings account. A stunned Malhotra filed a complaint with the Kothrud police on June 3.
The case was transferred to Shivajinagar police station since his account was with the Shivajinagar branch of ICICI Bank. “When I went to the bank with the police, a senior officer from the Operations Department said that money was transferred from my savings account through phone banking,” said Malhotra.

“The officer said that my mobile number was changed from the system. The fraudster replaced it with an Airtel mobile number from Punjab and then transferred money to Kakadia’s account through 19 phone banking transactions of Rs 5,000 each in just two minutes,” he added. “The money was further transferred to a private business firm’s account in Mumbai and withdrawn by the fraudster using cheques,” he added.

Malhotra said that he had given his mobile phone number to ICICI Bank only for receiving SMS alerts on account details. “I never used the net banking and phone banking facility. I don’t even remember the passwords required for these facilities. So there was no chance of me submitting the passwords to any phishing mail or person. I believe the fraud could have been avoided if ICICI Bank had not failed to keep vigilance on its internal security system,” he said.
Malhotra communicated with K V Kamath, the MD and CEO of the bank, requesting him to investigate the case and repay his money. After a 30-day internal investigation, ICICI Bank replied that it was not at fault and would not compensate for the loss. So Malhotra lodged a First Information Report (FIR) with the police on July 12. On Tuesday, the bank replied that his case would be re-investigated.

When contacted, ICICI Bank Head (Corporate Communications) Charudutta Deshpande said, “ICICI Bank has a fool-proof security system. But we don’t doubt the genuineness of our customers. Proper investigations will be done.”

Police Sub-Inspector Ghorpade said, “We have dispatched a team to Mumbai for investigations. But there is not much progress because the bank has not yet given us complete information about the suspects.” “We have not yet booked the ICICI bank officials. But we would be interrogating bank officials if required,” he said.

Pune police Cyber Committee Coordinator Sudam Choure said, “There have been cases in the past where secret information was leaked from banks. Usually, the bank employees on contract basis or courier companies were involved in the frauds. There is need for the banks to increase their internal security system.”
 
Top