Online Banking Systems – Security and Customer Trust Abstract Introduction to Online banking has revolutionized the way people and business used to do banking. Internet and mobile equipments have made possible for the customers to do transactions and other banking related operations, anytime, anywhere. This paper is a research done on the customer issues related to internet banking. The first part of the essay talks about the need of internet banking and the benefits both organization and the customer gain from the service.
Then it talks about the common types of risks associated with the internet banking. The final part of the essay concentrates on the customer trust and worries regarding the online banking and the general security steps to be taken to protect the system and the customer trust. Keywords: Internet/Online Banking, Customer Trust, Security, Internet 1. Introduction Introduction to Online banking has revolutionized the way people and business used to do banking. Online banking became an easier and comfortable method to carry out transactions as compared to the traditional banking practices.
Moreover introduction to mobile banking has made possible for the customers to do transactions and other banking related operations, with the help of the mobile equipments, round the clock. However, the medium chosen for online banking is the internet and all the vulnerabilities of the internet apply for the online banking systems. Even though banks providing internet banking facilities claims to have secured online systems, the customer concerns on security is still an open issue.
European Internet Security Survey conducted by Entrust (2005) reports that 83% of individuals in the UK, 72% in Germany and 80% of North Americans are concerned with identity theft attacks on their online banking accounts. Moreover, the “Get Safe Online survey” reports that despite of using various virus protection software and PC security suite, 21% of surveyed online individual users were victims of identity theft attacks and 22% for phishing (GetSafeOnline, 2009).
Online banking provides a higher level of convenience to individuals and organisations to manage their finance, but privacy protection and financial security has become an ongoing concern (Srivastava, 2009). Moreover, according to Grabner-Kr? uter and Faullant (2008) even though the number of people using the internet has increased these days, there is no considerable increase in the number of users adopting internet banking.
A survey conducted by Deutsche bank on internet banking users in Europe reveals that even though 70-80% of internet users in Norway and Finland use online banking, the proportion are just about 40% in Germany and Austria and less than 10% in Greece and Romania (Meyer, 2006). In the further research the reason for people’s reluctance for online banking will be discussed. 2. Need for Online Banking The increasing popularity of the internet has attracted more industries to do business online, and the entry of banking industry to this online world was with the introduction of online banking.
Changing technology, customer preferences and competitiveness has supplemented the need of Internet Banking for banks (Russel, 2007). Moreover online banking is considered as very powerful tools that can add value to the business and attract and retain new customers and improve competitiveness (Rotchanakitumnuai and Speece, 2003). Banks find it an advantage to have online banking as it will help to cut costs on resources and infrastructure. For example, ‘Citibank which is one of the leading financial institutions has only 4 locations in the whole of England.
All the four are in London, however the number of customers Citibank has in London is enormous’ (Management-Hub). Citibank has succeeded in building a strong customer base, with the use of online banking despite the less number of branches. Having an online banking system may reduce the number of customers approaching the bank directly thus eliminating the costly paper handling procedures and teller interactions. On a customer perspective the primary advantage with online banking service is that it is more convenient. Russel (2007) argues that customer can access their bank account 24/7.
They can perform transactions, bills payment and other provided services on their account by using a personal computer regardless of the location. Moreover the banking becomes fast, efficient and effective. The online transactions are typically performed and executed at a faster rate than ATMs (Automatic Teller Machines) and EDMs (Electronic Deposit Machines). Customer can save time and money by using the online banking facility. According to Karlonia (2009) online banking may provides other facilities besides the usual transaction services.
Features and services such as credit card application, investments management and bills payment could be made possible through the online account portal. The major concern the customers have while accessing the online banking services are about the security and trust (Grabner-Kr? uter and Faullant 2008). Russel (2007) argues that the customer particularly new customer wonders if their transaction was successful or not. He puts s suggestion that this could be overcome by providing a reference number to the customer after every transaction.
Karlonia (2009) argues that even though banks secure the online systems, from hackers and malwares, with latest encryption technologies and authentication methodologies, the concept of security could be compromised with deception techniques such as identity thefts, phishing, spam emails and other social engineering attacks. In addition to this both Karlonia (2009) and Russel (2007) points out that customer who are not familiar with using computers may find it difficult to use the online services.
They might feel uncomfortable and suspicious about doing money transaction in an untraditional way, especially if it is connected with internet. 3. Risks Associated with Internet Banking Internet banking inherits various types of the traditional banking risks in addition to the internet security risks. According to Hillman and Wong (2000), ‘online banking heightens various types of traditional banking risks that are concern to banking regulations’.
The major risks listed by Hillman and Wong (2000), in the report to the Committee on Banking and Finance Services are •Security Risks: The Risk of compromising internal systems, confidential information and privacy, by any illegal or unauthorised act to gain access to the organisation’s network, systems or the database, which could lead to financial losses. The use of computer and internet inherits the security risks and vulnerabilities to the online banking information systems (Hillman and Wong, 2000). Transaction Risk: The risk of financial losses due to issues with service or product delivery. According to Rotchanakitumnuai and Speece (2003), the slow response time of a system and the internet may lead to delay of service delivery and could probably make the consumers unsure about the transactions that were made online. •Strategic Risk: Risk to earnings and capital majorly due to a poor business decision or inappropriate system implementation of the decisions.
Ramakrishnan (2001) argues that competitiveness could pressurize the senior management to introduce or expand the online banking system without fully understanding the risks associated with the implementation against the potential return on investments. The strategic risk arises when the existing organization structure and resources lack the skill to manage and maintain the new online system. •Reputation Risk: ‘The risk of significant negative public opinion that result in a critical loss of funding or customer’ (Hillman and Wong, 2000).
In an internet banking any problems which prevents the customers to access the online system to conduct transactions, such as Denial-of-Service, availability issues, software errors and poor response, could lead to customer dissatisfaction and could affect the reputation (Ramakrishnan, 2001) •Compliance Risk: It is the risk of violating or being non-conformance with the required laws, regulations and standards. Compliance risk may negatively affect the reputation and might lead to monetary losses and reduced business opportunities (Ramakrishnan, 2001).
Over and above Ramakrishnan (2001) also have identified other risks, such as, credit risk, interest rate risk, liquidity risk, price risk and foreign exchange risk that could arise with the acceptance of internet banking. 4. Customer Trust and Security In an online environment trust has become a critical component in building economic relationships, particularly for Online banking systems (Nor, 2007). This is supported by Suh and Han (2002) who says that ‘trust is one of the most important determinants of customer acceptance of Internet Banking’.
Suh and Han (2002) argue that trust has more direct effect on a customer’s outlook than perceived user-friendliness and usefulness in the internet banking context. The medium chosen for online banking, specifically Internet has a higher perception of risk and uncertainty, which has an effect on the customer trust on performing financial activities in a virtual space. Moreover customers feel uncomfortable to provide information, particularly personal and sensitive information, to the websites due to the customer’s distrusts on Internet Security (ibid).
Suh and Han (2002) argue that this distrust is majorly due to the highly publicized security breaches and incidents happened with various financial institutes in the past. Grabner-Kr? uter and Faullant (2008) believes that internet banking has some unique characteristics which make the customer trust as a crucial attribute for the success of the system. Compared to the traditional method of in person transactions the internet banking comes with unique characteristics such as impersonal nature of the internet, application of technology and inherent uncertainty of the open technological infrastructure.
Moreover, Grabner-Kr? uter and Faullant (2008) distinguishes two dimensions of online trust in doing online business namely “hard dimension” and “soft dimension”. “Hard dimension” of online trust focuses on the functionality of the trusted objects, such as its ability to perform the required task, its competence and certainty of the outputs. The “soft dimensions” of online trust are considered as the value based motivation of the online organisation to act in interest of the online user. The attributes such as integrity, honesty, credibility and goodwill are considered in this dimension (ibid).
Rotchanakitumnuai and Speece (2003) argue that customers distrust on online internet-based systems is basically due to three reasons: security of the system, reliability of the services and distrust of the service provider, which more or less are a “soft dimension”. Even though the banks use various security features such as firewalls, encryption, call back modems, biometrics, smartcards, digital certificates and authentication mechanisms, the majority of the customers are unaware of such features and may not be technically knowledgeable to understand these security features and their benefits (Grabner-Kr? ter and Faullant, 2008). Moreover it becomes the responsibility of the financial institute to influence their customer’s in-sight of online security and privacy issues by providing proper training and with appropriate promotion activities (ibid). In-order to build trust and security for their online transaction, the banks will need to incorporate IT security features with the web sites published for online transaction. Moreover, integrating security with the systems may become a legal and regulatory requirement.
For example the Central Bank of Mauritius has published guidelines to be followed, by banks operating in Mauritius, while implementing an internet banking system (BOM, 2007). Ramakrishnan (2001) argues that due to the open nature of internet and rapid technological changes special focus need to be given on authentication, non-repudiation and segregation of duties. Authentication means to authenticate or establish the identity of the customer prior to giving access to perform an online transaction. According to Tubin (2005) the three types of authentication used in the industry which is something the user •knows (such as a password) has (such as secure ID Token) •is (such as biometric identification) The most widely used authentication is the “something the user knows” authentication, which is called as single-factor authentication. Single-factor authentication is very easy to use and administer, but are more prone to social engineering attacks such as phishing. Tubin (2005) suggests that having a two-factor authentication will enhance the security of the system as the hacker or the criminals who want to intrude into the system will require “something a user has” or “something a user is” in addition to is password or PIN.
Even though stronger authentication improves security, it comes with some drawbacks. For the organization it adds costs for the hardware, administration and education. And users may find it inconvenient, burdensome and intrusive. Tubin (2005) argues that however considering the threat of online fraud and risk of financial lose makes two-factor authentication an “easier pill to swallow”. Non- repudiation is the assurance that an entity cannot later deny originating data or transaction. Moreover it is an ability to prove that a transaction originated and both the sender and receiver cannot deny the dispatch and receipt of the message.
A strong non-repudiation can be achieved with the use of digital certificates using Public Key Infrastructure (PKI) (Ramakrishnan, 2001). Hardware security equipments such as firewalls, IDS (Intrusion Detection System), IPS (Intrusion Prevention System) and DMZ (Demilitarized Zone), and software applications such as antivirus and antispyware are effective against know vulnerabilities in the internet. The organization will require updating the systems with regular software patches to keep the systems secure from new vulnerabilities (Tubin, 2005). Moreover the customer should be kept alert of the common identity theft and phishing attacks.
For example, according to BOM (2007), every bank in Mauritius should have a webpage to educate the customer on internet banking, particularly with their rights and responsibilities and on how to protect their information while performing an online transaction. As per BOM (2007), the customers need to agree the terms and condition of the internet banking services, they should be informed about the risks involved in using online banking, awareness should be provide on customers rights and responsibility and customer have to be educated on their roles to maintain security. 5.
Conclusion Online banking comes with many advantages both to the bank and the customers. It enhances the way for banks to do business as it helps to increase the customer base and reduce the operational cost. Moreover customers are benefited with fast transaction at anytime, anywhere, with lower fees compared to that of traditional banking. However it is observed that the growth rate of internet users using online banking is not increased as expected. The two critical reason researchers consider for this is lack of trust by customer on using online services and security concerns.
Customers are uncertain about the functionality and the security of the online banking systems. Moreover security attacks such as malwares, phishing, identity thefts and other technical vulnerabilities has negatively affected the customer confidence on using Online Services. In-order to overcome this situation it is evident that bank should have a secured website for the internet banking and moreover it should frequently educate the users on security and privacy issues in-order to build their trust. 6. References Central Bank of Mauritius (BOM), (2007), “Guideline on Internet Banking”, Available: http://bom. intnet. mu/? d=90713 , Accessed on 26/01/2010 Entrust, (2005), “European Internet Security Survey”, Available: http://download. entrust. com/resources/download. cfm/22193/european-internet-security-survey-overview. pdf/? start , Accessed on 24/01/2010 GetSafeOnline, (2009), “Unsuspecting job hunters launder millions for online criminals”, Available: http://www. getsafeonline. org/nqcontent. cfm? a_id=1515 ,Accessed on 25/01/2010 Grabner-Krauter, S. , and Faullant, R. (2008),”Consumer acceptance of internet banking: the influence of internet trust,” International Journal of bank marketing, 26(7), 483-504. Hillman, R. J. and Wong,K. ,