E-Banking

1
Internet Banking or E-Banking or
Online Banking
E-banking refers to electronic banking. It is like e-business
in banking industry. E-banking is also called as "Virtual
Banking" or "Online Banking".
Online banking (or Internet banking or E-banking)
allows customers of a financial institution to conduct
financial transactions on a secure website operated by the
institution, which can be a retail or virtual bank, credit
union or building society.
To access a financial institution's online
banking facility, a customer having
personal Internet access must register
with the institution for the service, and
set up some password (under various
names) for customer verification. The
password for online banking is normally
not the same as for telephone banking.
Financial institutions now routinely
allocate customer numbers (also under
various names), whether or not
customers intend to access their online
banking facility. Customer numbers are
normally not the same as account numbers, because a number of accounts can be linked to
the one customer number. The customer will link to the customer number any of those
accounts which the customer controls, which may be cheque, savings, loan, credit card and
other accounts. Customer numbers will also not be the same as any debit or credit card issued
by the financial institution to the customer.
To access online banking, the customer would go to the financial institution's website, and
enter the online banking facility using the customer number and password. Some financial
institutions have set up additional security steps for access, but there is no consistency to the
approach adopted.
E-Banking

2
Internet Banking in Pakistan
The State Bank of Pakistan constituted a working group on Internet Banking. The group
divided the internet banking products in Pakistan into 3 types based on the levels of access
granted. They are:
1- Information Only System
General purpose information like interest rates, branch location, bank products and their
features, loan and deposit calculations are provided in the banks website. There exist facilities
for downloading various types of application forms. The communication is normally done
through e-mail. There is no interaction between the customer and bank's application system.
No identification of the customer is done. In this system, there is no possibility of any
unauthorized person getting into production systems of the bank through internet.
2- Electronic Information Transfer System
The system provides customer- specific information in the form of account balances,
transaction details, and statement of accounts. The information is still largely of the 'read
only' format. Identification and authentication of the customer is through password.
The information is fetched from the bank's application system either in batch mode or off-
line. The application systems cannot directly access through the internet.
3- Fully Electronic Transactional System
This system allows bi-directional capabilities. Transactions can be submitted by the customer
for online update. This system requires high degree of security and control.
In this environment, web server and application systems are linked over secure
infrastructure. It comprises technology covering computerization, networking and security,
inter-bank payment gateway and legal infrastructure.
History
The precursor for the modern home online banking services were the distance banking
services over electronic media from the early 1980s. The term online became popular in the
late '80s and referred to the use of a terminal, keyboard and TV (or monitor) to access the
banking system using a phone line. Home banking can also refer to the use of a numeric
keypad to send tones down a phone line with instructions to the bank. Online services started
in New York in 1981 when four of the citys major banks (Citibank, Chase Manhattan,
Chemical and Manufacturers Hanover) offered home banking services
[1][2][3]
using the
E-Banking

3
videotext system. Because of the commercial failure of videotext these banking services
never became popular except in France where the use of videotext (Minitel) was subsidized
by the telecom provider and the UK, where the Prestel system was used.
The UK's first home online banking services were set up by Bank of Scotland for customers
of the Nottingham Building Society (NBS) in 1983. The system used was based on the UK's
Prestel system and used a computer, such as the BBC Micro, or keyboard (Tandata Td1400)
connected to the telephone system and television set. The system (known as 'Homelink')
allowed on-line viewing of statements, bank transfers and bill payments. In order to make
bank transfers and bill payments, a written instruction giving details of the intended recipient
had to be sent to the NBS who set the details up on the Homelink system. Typical recipients
were gas, electricity and telephone companies and accounts with other banks. Details of
payments to be made were input into the NBS system by the account holder via Prestel. A
cheque was then sent by NBS to the payee and an advice giving details of the payment was
sent to the account holder. BACS was later used to transfer the payment directly.
Stanford Federal Credit Union was the first financial institution to offer online internet
banking services to all of its members in October 1994.
Today, many banks are internet only banks. Unlike their predecessors, these internet only
banks do not maintain brick and mortar bank branches. Instead, they typically differentiate
themselves by offering better interest rates and more extensive online banking features.
Popular services covered under E-
Banking
The popular services covered under E-banking include
Automated Teller Machines
Credit Cards
Debit Cards
Smart Cards
Electronic Funds Transfer (EFT) System
Cheques Truncation Payment System
Mobile Banking
Telephone Banking
Investing through Internet banking
Automated Teller Machine (ATM):
E-Banking

4
ATM is designed to perform the most important function of bank. It is operated by plastic
card with its special features. The plastic card is replacing cheque, personal attendance of the
customer, banking hours restrictions and paper based verification. There are debit cards.
ATMs used as spring board for Electronic Fund Transfer. ATM itself can provide
information about customers account and also receive instructions from customers - ATM
cardholders. An ATM is an Electronic Fund Transfer terminal capable of handling cash
deposits, transfer between accounts, balance enquiries, cash withdrawals and pay bills. It may
be on-line or 0ff-line. The on-line ATN enables the customer to avail banking facilities from
anywhere. In off-line the facilities are confined to that particular ATM assigned. Any
customer possessing ATM card issued by the Shared Payment Network System can go to any
ATM linked to Shared Payment Networks and perform his transactions.
Credit Cards/Debit Cards:
The Credit Card holder is empowered to spend wherever and whenever he wants with his
Credit Card within the limits fixed by his bank. Credit Card is a post paid card. Debit Card,
on the other hand, is a prepaid card with some stored value. Every time a person uses this
card, the Internet Banking house gets money transferred to its account from the bank of the
buyer. The buyers account is debited with the exact amount of purchases.
An individual has to open an account with the issuing bank which gives debit card with a
Personal Identification Number (PIN). When he makes a purchase, he enters his PIN on
shops PIN pad. When the card is slurped through the electronic terminal, it dials the acquiring
bank system - either Master Card or VISA that validates the PIN and finds out from the
issuing bank whether to accept or decline the transactions. The customer can never overspend
because the system rejects any transaction which exceeds the balance in his account. The
bank never faces a default because the amount spent is debited immediately from the
customers account.
Smart Card
Banks are adding chips to their current magnetic stripe cards to enhance security and offer
new service, called Smart Cards. Smart Cards allow thousands of times of information
storable on magnetic stripe cards. In addition, these cards are highly secure, more reliable and
perform multiple functions. They hold a large amount of personal information, from medical
and health history to personal banking and personal preferences.
Electronic Funds Transfer (EFT) System
You can transfer any amount from one account to another of the same or any another bank.
Customers can send money anywhere in India. Once you login to your account, you need to
mention the payees account number, his bank and the branch. The transfer will take place in
a day or so, whereas in a traditional method, it takes about three working days.
Investing through Internet banking
E-Banking

5
You can now open an FD online through funds transfer. Now investors with interlinked
account and bank account can easily trade in the stock market and the amount will be
automatically debited from their respective bank accounts and the shares will be credited
in their account. Moreover, some banks even give you the facility to purchase mutual
funds directly from the online banking system.
Nowadays, most leading banks offer both online banking and account. However if you have
your account with independent share brokers, then you need to sign a special form, which
will link your two accounts.

Shopping
With a range of all kind of products, you can shop online and the payment is also
made conveniently through your account.
Security
Security of a customer's financial information is very important, without which online
banking could not operate. Financial institutions have set up various security processes to
reduce the risk of unauthorized online access to a customer's records, but there is no
consistency to the various approaches adopted.
The use of a secure website has become almost universally adopted.
Though single password authentication is still in use, it by itself is not considered secure
enough for online banking in some countries. Basically there are two different security
methods in use for online banking.
The PIN/TAN system where the PIN represents a password, used for the login and TANs
representing one-time passwords to authenticate transactions. TANs can be distributed in
different ways; the most popular one is to send a list of TANs to the online banking user by
postal letter. The most secure way of using TANs is to generate them by need using a security
token.
Another way to provide TANs to an online banking user is to send the TAN of the current
bank transaction to the user's (GSM) mobile phone via SMS. The SMS text usually quotes the
transaction amount and details; the TAN is only valid for a short period of time. Especially in
Germany, Austria and The Netherlands, many banks have adopted this "SMS TAN" service
as it is considered very secure.
E-Banking

6
Signature based online banking where all transactions are signed and encrypted digitally. The
Keys for the signature generation and encryption can be stored on smartcards or any memory
medium, depending on the concrete implementation.
Attacks
Most of the attacks on online banking used today are based on deceiving the user to steal
login data and valid TANs. Two well known examples for those attacks are phishing and
pharming. Cross-site scripting and key logger/Trojan horses can also be used to steal login
information.
A method to attack signature based online banking methods is to manipulate the used
software in a way, that correct transactions are shown on the screen and faked transactions
are signed in the background.
A 2008 U.S. Federal Deposit Insurance Corporation Technology Incident Report, compiled
from suspicious activity reports banks file quarterly, lists 536 cases of computer intrusion,
with an average loss per incident of $30,000. That adds up to a nearly $16-million loss in the
second quarter of 2007. Computer intrusions increased by 150 percent between the first
quarter of 2007 and the second. In 80 percent of the cases, the source of the intrusion is
unknown but it occurred during online banking, the report states.
The most recent kind of attack is the so-called Man in the Browser attack, where a Trojan
horse permits a remote attacker to modify the destination account number and also the
amount.