Tybbi Project

UNIVERSITY OF MUMBAI
“ INFORMATION TECHNOLOGY IN BANKING SECTOR “
BACHELOR OF BANKING AND INSURANCE
SEMISTER VI
SUBMITTED
IN PARTIAL COMPLETION OF REQUIREMENT FOR THE AWARD OF THE DGREE OF
BACHELOR OF BANKING AND INSURANCE.
BY
YASH VINOD AMBRE
ROLL NO:- 3102
UNDER GUIDANCE OF
PROF. VRUNDA YADWAD
KARNATAKA SANGHA’S
MANJUNATHA COLLEGE OF COMMERCE, THAKURLI ( E )
2020-2021
ACKNOWLEDGEMENT
It gives me immense pleasure while submitting the project report on the topic. (
information technology in banking industry ). I wish to take opportunity to express my
deep sense of gratitude to
ASST. PROF.VRUNDA YADWAD for her help in all stages of preparing project. She has
given the tremendous helping hand in completing this difficult task.
I had easy or anytime access to such knowledge and guided spirit. I fell there is ample
scope of improvement upon work of this nature and I shall be thankful if any suggestion
is offered for it’s improvement.
(Name);-
DECLARATION
I MR YASH VINOD AMBRE student of T.Y.BBI ROLL NO;- 3102 here wish to state that the
work embodied in the project entitled , “ IT IN BANKING INDUSTRY “ by me to
UNIVERSITY OF MUMBAI FOR SEMESTER-6 EXAMINATION during the Academic Year
2020-2021.
The said reports are forms of my own contribution best on actual work carried by me
under guidance and supervision of ASST.PROF.MS. VRUNDA YADWAD and PRINCIPAL
DR.V.S. ADIGAL SIR.
I further wish to state that this work is original and has not submitted for any other
degree of this or any other examination. Whenever the reference have been made to the
previous work of others, it has been clearly indicated as such and included in the
bibliography or list of references.
Your Name
ROLL NO:-
PLACE :- THAKURLI SIGNATURE OF STUDENT:
DATE :-
CERTIFICATE
This is to certify that MR. YASH VINOD AMBRE, ROLL NO:- 3102. 2020-2021 BBI
semester-6 (2019-20). He successfully completed the project on “INFORMATION
TECHNOLOGY IN BANKING INDUSTRY“ under the guidance of ASST.PROF.VRUNDA
YADWAD and PRINCIPAL DR. V.S ADIGAL.
I further declare that the information presented in this projects is true and original to the
best of my knowledge.
INTERNAL EXAMINER EXTERNAL EXAMINER
CO-ORDINATOR PRINCIPAL (COLLEGE SEAL)

TABLE OF CONTENT
1. INTRODUCTION
a) OBJECTIVES OF THE STUDY
b) LIMITATIONS OF THE STUDY
c) RESEARCH METHODOLOGY
2. E-BANKING: IN NASCENT STAGE IN INDIA
3. ELECTRONIC CHEQUES & EVIDENTIARY VALUE
4. THE FUTURE OF PLASTIC MONEY
5. LEADING ISSUES IN BANKING TECHNOLOGY
6. TECHNOLOGY & FRAUDS
7. CREDIT CARD FRAUD ON INTERNET
8. INFORMATION TECHNOLOGY RISK IN BANKING: MANAGEMENT & MEASUREMENT
9. PRIMARY DATA & ANALYSIS
10. FINDINGS & CONCLUSIONS
11. SUGGESTIONS & RECOMMENDATIONS
12. BIBLIOGRAPHY
1. INTRODUCTION
The Indian Banking system has an old age legacy. Earlier there were indigenous bankers
who consisted mainly of unorganized moneylenders, mahajans and sahukars. Later,
when British came to India they brought with themselves the concept of organized
banking. British while leaving India left behind large number of small and privately held
banks. In 1964, the first major banking reform took place when 14 banks were
nationalized. It led to the rising of Indian Public Sector Banks. The second banking reform
was witnessed in 1990s when Indian Banking Sector underwent complete change after
the recommendations of the Narsimhan Committee. Private and MNC banks entered
banks entered into the Indian Banking arena and challenged the monopoly of the PSU
banks. The Private and MNC banks brought new technologies and technology intensive
services with themselves. They rendered quality service, which PSU banks were not
providing, to service starved Indian customers. There were a series of technological
innovations and up-gradations, e.g., ATMs, Internet Banking, credit cards and online
banking, etc. Private banks and MNC banks had to At present provide something extra
and it was their service, which attracted a bulk of customer from the PSU banks. Indian
customers were lacking the world-class service in baking; they were accustomed to the
PSU (Sarkari) culture and the service of Private and MNC banks was a delight for them.
When private and MNC banks initiated the world class service to their customers and
started snatching customers from Public Sector Banks, Public sectors banks were bound
to follow the path of Private Banks. The PSU banks felt the heat and realized their mistake.
They also followed the Private Banks in their technology initiatives and services. The
Indian Banking Sector with the progress in Technology is facing the biggest challenged of
rapidly changing customer expectations against the backdrop of LPG (Localization,
Privatization and Globalization). Retail banking clients today demand more care and
extra facilities. They want more mobility of investments, interactive accounts, and better
segmentation of banking products to cater to different segmental needs, convenience and
untimely hour services. Even the PSU culture could not adjust to the pace of the new
technology and changes. At present also it is moulding and adapting itself to new needs
and the dynamism of the environment. Technology is helping the Indian Banks to cater
to customer needs in a much more efficient manner continuous and error free services to
customers. With the help of computerization and the use of modern software, which can
be called the gift of technology, the banks have been able to provide single window system
to their customers. In a single window system, all the needs of the customers are taken
care at a single counter. It is like a multipurpose counter where one can deposit cheque,
receive payments and deposit cash etc. This has been made possible only due to the use
of technology. Earlier one had to move from one counter to the other counter for different
sort of works. Thus this type of service not only helps in better customer service but also
minimizes the customer service time as it avoids duplication of work and unnecessary
hassles to the customers. With the use of technology, banks are trying to minimize there
per customer service cost. According to industry estimates, assume teller cost Re.1 per
transaction, ATM transactions cost Re.0.45, phone banking at Re.0.35, debit cards at
Re.0.20 and Internet banking at Re.0.10 per transaction. So, now the emphasis ismore on
net banking then on real banking or brick and mortar banking. Indian Banking system is
moving from real banking realm to virtual banking realm. Banks are establishing more
and more ATMs at different convenient locations and interconnecting these ATMs not
only with their networks but also with their partner banks. Network with whom they
have got mutual understanding for sharing ATMs. With the least cost of Internet banking,
banks are paying higher emphasis on Internet banking. As per IDC estimates, the total
number of registered users for Internet banking in India is over two million. But this
figure needs to be adjusted for dormant users and multiple accounts (a user having
accounts with more than one bank). India has one million active Internet Users
populations. Thus, this is just around 0.1% of the total population; to represents 15% of
the India’s Internet user (most of the people in India use internet from cyber café). Thus,
indicating that the concept of Internet banking is surely catching on. India is far behind
in the use of Internet banking than the other Asian countries like Korea and Singapore
where nearly 10% of their population is banking over the Internet but India is fast
catching up. In India, the biggest drawback for Internet banking is the Internet
penetration among the masses. We lack the infrastructure facility for providing Internet
services but with the IT ministry keen on expanding the Internet penetration the day is
not too far when greater part of our population would be using the Internet banking
facilities. In India, ICICI bank was the pioneer to introduce Internet Banking. And later
Citibank, HDFC Bank and other banks followed the suit. PSU banks have lagged far behind
in adoption of the Internet banking facilities. But State Bank of India, which entered the
arena of ATM banking quite late, was able to expand at a rapid pace and cover almost all
the cities of India. Now ATM banking has become an integral part of traditional cheque or
withdrawal based banking. These services have helped the PSU banks to maintain their
customers. Now money is transferred more in electronic form than in physical form. With
the cost of PC fast declining and the government’s initiative in providing the
infrastructural facilities for net banking and the faster developments in the
telecommunication sector would be helping in the adoption of new technology and
ITbased banking services. Some authors’ view that the Internet banking is just the
extension of the traditional banking services because it is the same service with customer
friendly technologicalinterface. So, it is the value addition to the existing services. Banks
are reaping following benefits with the use of technology:
• With low investment, banks would be able to satisfy large customer base. The
technology has allowed the banks to move from brick and mortar building to virtual
interface which cost less in comparison to the rising real estate prices which in turn leads
to increase investment. Low investment in turn helps in satisfying large client base.
• With modern facilities more and more customers get attracted to the banks and they
are viewed as technology savvy and modern or state-of-the –art banks. Brand image of
the banks also get enhanced thus building their goodwill and brand equity. Even
customers want to be associated with the brand personality of the banks.
• With the increase in quality and competition, the customers are having several choices
among which to choose instead of Hobson’s choice in some case. Now banking services
have become customer centric instead of service centric or bank centric approaches as in
earlier cases. Now, it is the customers market rather than a sellers (bankers) market. All
the services are customer driven.
• Network sharing by different banks is enabling the banks to reduce their investment
(sharing of ATMs of partner banks) and provide better services to the customers. This is
also helping them in delivering quick services and it also reduces the risk of fraudulent
practices as verification becomes quite easier and quick.
• These practices are leading to lower service cost per customer. Thus leading to enhance
profitability forthe banks, which in turn enhances the corporate image of the banks.
• With the use of technology banks are in a position to obtain the customer database with
a press of key and this helps the bank to maintain high profile customers because it is an
accepted marketing principle that 80% of the revenue are generated by 20% customers
(20:80 principle). Thus, the modern technology helps in tracking the key customers and
provides them better services or customized services.
• The alternative channels of service helps the bankers to add new products to their
portfolio and it helps them to device new products according to customer needs. The
banks can provide customized value added services or tailor-made service to each
customer based on his/her requirement, e.g., foreign money transfer service, electronic
money etc.
• It helps the banks to manage their funds in a much better way as the technology
provides round the clock interface to the outside world and thus it helps in hedging the
risk of the banks at real time. Banks are able to minimize the risk and maximize returns
by investing in different avenues and they have greater control over the fund
investments.
• Technology helps in increasing the labor productivity because it increases the output
per labor to multifold. Earlier works had to be performed manually and it used to take
days to complete in minutes or in seconds. So, it helps in updating the customer status as
well as increased labor productivity.
• The customer service cost decreases and the productivity of the staff increases and this
adds to the profitability of the banks. This helps the banks to take care of even larger
customer base and this will ultimately ass up too the bottom-line of the banks.Public
sector banks have been shy in implementing new technology brick mortar banking in
comparison to the technology driven banking while the client base of Private and MNC
banks are mostly young people who are technology-savvy and who like to interface more
with the technology than man. Aged people are not comfortable with the technological
interface. They feel complexity and uncomfortable with technology intensive services.
With the present avenues being saturated and greater competition due to the entry of
more players in the arena, the banks are diversifying into new areas where they can use
their financial expertise in financial consultancy, insurance sectors, and fee-based
earnings instead of fund-based earnings. The mushrooming of the multichannel,
multifunction, self-service electronic delivery channels is fast replacing the brick and
mortar branches (real to virtual). There is a need to redefine the business model of the
Indian banking sector so that to optimize the resources and deliver world class service in
the light of modern day technology. Today’s concept is to minimize the visit of the
customer to the bank and let him usethe technology or let technology handle him-this is
the new survival mantra in the cutthroat scenario for banks.
OBJECTIVES OF THE STUDY
The objectives of the project “The Study Of Application of Information Technology In
Banking Sector” includes the following: -

• To know the present condition of technology in Indian banking sector. • To know about
the electronic payment system.
• To know about the hackers and frauds in online banking.
• To know about the risk management policies of Indian banking sector.
• To know about the electronic banking sector.

LIMITATIONS OF THE STUDY
The scope of the project “ The Study Of Application Of Information Study In Banking
Sector” has been restricted to some extent i.e. the project does not include the following:
• Supervision of Electronic Banking by Reserve Bank Of India
• Information Technology in Banks in International Scenario
• Software Application to Protect from Hackers & Frauds
• Case Studies Related To Hackers & Frauds

RESEARCH METHODOLOGY
COLLECTION OF PRIMARY DATA:-
The primary data has been collected from various sources which are as follows:
• Questionnaire method.
• Surveys in banks.
• Surveys in banks related offices such as agent’s office etc. COLLECTION OF SECONDARY
DATA: The secondary data has been collected from various sources which are as follows:
• Various books related to information technology.
• Brochures of various banks.
• Weekly journals.
• Articles in newspapers.
SAMPLE FRAME:
The data has been analyzed using ten samples of employees of three different banks viz.,
Bank of Maharashtra, HDFC Bank and ICICI Bank.

2. E-BANKING: IN NASCENT STAGE IN INDIA
To keep pace with the changing environment worldwide, Indian banking industry is fast
adopting technology. It has embraced many new features like Internet banking, ATMs,
Phone banking etc. With the help of new technology, banks are now able to offer products
and services, which were difficult or impossible with traditional banking. But the banks
in India still have to go a long way before making themselves technology savvy.
With IT integration, a paradigm shift in the banking norms is on cards. Banking
fundamentals are thus facing major overhauls/ reengineering/ restructuring.
Two major trends have emerged in the transition of traditional banking to high-tech
banking:
➢ Advancements and restructuring through mergers, acquisition and alliances.
➢ Universal banking where one stop shop provides all related products and services
to a customer.
At this point, it should be emphasized that mergers, acquisitions, alliances, and adoption
of Universal Banking concept are just outcomes of IT-banking integration.

Banking and IT
Advancements and innovations in IT industry have created a revolution in the
communication and distribution system of various products and services through Web
networking. Networking, as we know has connected people around the globe, thus
creating a revolution in modern business activities.
Integration of these technological advances and existing banking structures has
changed and will change the definition and faces of global banking. Internet banking has
made banking a commodity where quality is measured by efficient servicing and effective
pricing and timeliness .
However, PC banking is not new. Bank of Scotland Started offering its Home Office
Banking Services (HOBS), more than a decade ago, although it was only in 1996 that it
was upgraded to make software work with the now dominant windows operating
systems. HOBS later joined hands with TSB, which in 1996 launched banking services
accessible through the CompuServe online network, nationwide.

Technology Solutions for Indian Banks
Two types of technology stock bank products are available in the market.
➢ Hardware products like ATMs and
➢ Software products like branch connectivity, cluster-banking software, and trade
finance software.
3. ELECTRONIC CHEQUES AND EVIDENTIARY VALUE
The advancement in technology has led to the creation of electronic cheques, particularly
in a business environment. Different countries have a choice of cheque systems, which
are governed by the laws applicable to each country’s jurisdiction. The authentication of
these electronic instruments is proposed to be endorsed by digital signature. In India, the
enactment of the Information Technology Act, 2000 obligated amendments to The
Negotiable Instruments Act, 1881 in order to impart legal validity to such electronic
instruments. The authors in this article elucidate the amended provisions and examine
the evidentiary value of such electronic instruments. The electronic cheque or simply the
e-cheque is gradually replacing the longstanding paper cheque. The Negotiable
Instruments (Amendments and Miscellaneous Provisions) Act, 2002 was amended to
include the phrase “electronic cheque” in the definition of a cheques in Section 6 reads as
“ A ‘cheque’ is a bill of exchange drawn on a specified banker and not expressed to be
payable otherwise than on demand and it includes the electronicform. “Explanation I. –
For the purpose of this section, the expression- “A cheque in the electronic form” means
a cheque which contains the exact mirror image of a paper cheque and is generate,
written and signed in a secure system ensuring the minimum safety standards with the
use of digital signature (with or without biometrics signature) and asymmetric
cryptosystem.” An electronic cheque simply means a cheque in the electronic form, which
is an exact replica of a physical cheque. It contains all the information that is found on a
physical cheque, but it is “signed digitally” or “endorsed”. In an attempt to provide
authentication, an apparatus commonly known as “signature” was evolved as a proof
asserting intention. This involved appending a unique identifier to a message to identify
the sender/recipient. Conventionally, handwritten signatures are affixed paper-based
cheques. These signatures affixed using ink are used as an authentication tool to identify
that the person signing the document has read and understood the contents. In the
anonymous digital world, where individuals may not actually communicate with each
other, much emphasis is placed on the authentication of the electronic information.
Therefore, it becomes necessary for evolving a secure authentication tool, which led to
the promotion of digital signatures.

DIGITAL SIGNATURE – HOW IT OPERATES
It is a data string, which associates a message in the digital form with some originating
entry. It is created and verified by means of cryptography, the branch of applied
mathematics that concerns itself with transforming messages into apparently
meaningless forms and back again. It uses a scheme or mechanism consisting of signature
generation algorithm with a method for formatting data into message to produce a digital
signature, and a related signature verification algorithm with the method to recover data
from the message to authenticate a digital signature. It is important to note that, the
Information Technology Act, 2000, in Section 3(2) provides for a particular asymmetric
cryptosystem and hash function as a means of authentication should be recognized as a
source of legal risk.The digital signature mechanism follows an “asymmetric
cryptosystem”. In this method of creating and verifying a digital signature, there are two
basic technical processes or functions: “Public key encryption”, where encryption is the
process by which information is scrambled by the use of a code and “hash”.

The process of a creation and verification of digital signatures using hash algorithm
involves the following steps:
• Create a data unit that is to be signed, e.g., precisely an encircled portion of data in
digital form, which can be a text document, software or any other digital information.
• Generate hash value called “Message Digest” or “Fingerprint” of the message. A hash
function is a process that creates a relatively small number (called message digest) that
represents a much larger amount of electronic data.
• This hash value is computed from the data unit- a number using a hash algorithm, which
creates the compressed digital signature. Digital signatures use a “one way hash function”
and the important thing about such a hash value is that it is nearly impossible to derive
the original data unit without knowing the data unit used to create the hash value.
Therefore, if the data unit is changed or otherwise tampered with, the hash value will no
longer correspond to this data unit and produces an error message.
• Encrypt hash value with the private key of the signatory. Encryption is a process of
disguising a message in such a way so as to conceal its meaning and substance. It also
consists of a procedure of converting plain text to a cipher text. Hence, the plain text refers
to the original digital file, whereas the ciphertext refers to the disguised file.
• Final step in the verification process, which involves the regeneration of the hash value
on the basis of the same data unit and the same algorithm. The determined hash value is
again computed with rhea public policy key, which is then compared with the signature
attached to the data unit. If the product is matching, it will verify the signatory’s private
key, which is used to sign and guarantee that the data unit has not been altered. In this
context, digital signatures are created when the drawer of the cheque runs, the cheque
through a one-way function creatinga message digest. The private key used by the drawer
of the cheque is known only to him. The drawer encrypts the resulting message digest by
using an asymmetric cryptosystem will allow the paying banker to verify the signature
by using it to decrypt the cheque.
EVIDENTIARY VALUE OF DIGITAL SIGNATURE ON E-CHEQUES
Generally, authentication is achieved by what is known as security procedure, but from
the legal perspective, the security procedure requires to be recognized by the law as a
substitute for signature.
With the emergence of cyberspace it became necessary to amend certain provision of the
Indian Evidence Act to make electronic evidence admissible in courts of law. Accordingly,
the second schedule to the Information Technology Act has amended the Indian Evidence
Act, 1872 to remove any obstacle to the legal acceptance and validity of electronic
evidence. According to the amended Section 3 of the Evidence Act, electronic records
stand on par with paper-based documents and will be deemed as documentary evidence
in a court of law.
While Section 22(A) of the Information Technology Act amends Section 17 of the Indian
Evidence Act, 1872 to provide that oral admission as to the contents of the electronic
records are relevant, the written admission of the content of any document or electronic
record can be proved under Section 65 of the Evidence Act.
Section 39 of the Indian Evidence Act provides, “when any statement of which evidence
is given forms part of a longer statement, or is contained in a document which forms part
of a book, or is contained in part of electronic record or of a connected series of letters or
papers, evidence shall be given of so much and no more of the statement, conversation,
document, electronic record, book or series of letters or papers as the court considers
necessary in that particular case to the full understanding of the nature and effect of the
statement, and of the circumstances under which it was made.” It can be inferred from
this provision that where entry of an electronic cheque forms a part of an electronic
record, only that part which is relevant may be taken as evidence before the court. Again
what partis relevant depends on the discretion of the court. The court must exercise this
discretion judicially to determine such relevance. Accordingly, Section 5 of the
Information Technology Act 2000 prescribes, “ Where any law provides that information
or any other matter shall be authenticated by affixing the signature or any other
document shall be signed or bear the signature of any person then, not with standing any
document contained in such law, such requirement shall be deemed to have been
satisfied, if such information or matter is authenticated by means of digital signature
affixed in such manner as may be prescribed by the Central Government.” Explanation-
For the purposes of this section, “signed”, with its grammatical variations and cognate
expression, shall, with reference to a person, mean affixing of his handwritten signature
or any mark on any document and the expression “signature” shall be constructed
accordingly”. This provision explicitly explains that a digital signature is legally
recognized as the method of authentication. The authority to use digital signatures in
thegovernment and its agencies is accordedin Section 6 of the Information Technology
Act, 2000, which reads as-
“ 1) Where any law provides for-
a) This filing of any form, application or any other document with any office, authority,
body or agency owned or controlled by the appropriate government in a particular
manner.
b) The issue or grant of any license, permit, sanction or approval by whatever name
called in a particular manner.

c) The receipt or payment of money in a particular manner, then, notwithstanding
anything contained in any other law for the time beginning in force, such requirement
shall be deemed to have been satisfied if such filing, issue, grant, receipt or payment, as
the case may be, is effected by means of such electronic form as may be prescribed by the
appropriate government”.
The words in Section 6(1)(C) “ the receipt or payment of money in a particular manner …
is affected by means of such electronics forms as may be prescribed by appropriate
government” may be understood to include e-cheque.
A system of digital signature like handwritten signature is use to protect confidential
information. Form the legal perspective, two presumptions that could be raised in respect
of digital signature are:
• Signatory’s personal participation in the Act of signing or any person authorized by
him.
• The intention of the signatory to endorse or approve authorship of a text and the
fact that the signatory had been at a given place and time.
The presence of intention has an integral part of a signature is essential as lack of
intention could be raised with regard to circumstances including fraud and
unconscionable conduct.
To regulate the use of digital signature, the Central Government is empowered to lay
down rules under Section 10 of the Information Technology Act, 2000 that reads, “The
central government may, for the purposes of this Act, by rules, prescribe-
• The type of a digital signature;
• The manner and format in which the digital signature shall be affixed;
• The manner or procedure which facilitates identification of the person affixing the
digital signature; • Control processes and procedures to ensure adequate integrity,
security and confidentiality or electronic records or payments; and
• Any other matter which is necessary to give legal effect to digital signature.”
In India, evidentiary value of the digital signature has been in question for long. A genre
of evidence dominating the digital transaction world leads to be recognized by the Indian
Evidence Act, 1872, by making the necessary amendments there in.
The IT Act 2000 provides for specific evidentiary value for secure records and
secure digital signatures. Subsequently, sub-section (2) to Section 85B of the Indian
Evidence Act has been inserted to be in consonant with the IT Act to provide that, “ In any
proceedings, involving secure digital signature, the court shall presume unless the
contrary is proved that-

• The secured digital is affixed by the subscriber with the intention of signing or
approving the electronic records;
• Except in the case of a secure electronic record or a secured digital signature, nothing
in this Section shall create any presumption relating to authenticity an integrity of the
electronic record or any digital signature.”
The section limits its opinion to a secure digital signature by indicating that there shall be
no presumption relating to authenticity and integrity of a digital signature except where
it is a secure digital signature. If, by application of a security procedure agreed to by the
parties concerned it can be verified that a digital that a digital signature, at the time it was
affixed, was-
• Unique to the subscriber affixing it
• Capable of identifying such a subscriber
• Created in a manner or using means under the exclusive control of the subscriber and
is linked to the electronic record to which it relates in such a manner that if the electronics
record was altered the digital signature would be invalidated then such a digital signature
shall be deemed to be a secure digital signature. As distinct from such a secure digital
signature, Section 67A of the Indian Evidence Act provides for proof as to the digital
signature, and Section 73A prescribes the method by which such a digital signature may
be proved. According to Section 67A of the Indian Evidence Act, “ Except in case of a
secure digital signature, if the digital signature of any subscriber is alleged to have been
affixed to an electronic record the fact that such digital signature is the digital signature
of the subscriber must be proved.”
The Information Technology Act by inserting a new Sub-Section A to Section 47
recognizes opinions of third parties not relevant as evidence unless specifically provided
for Section 47A reads as, “ When the court has to form an opinion as to the digital
signature of any person, the opinion of the certifying authority, which has issued the
Digital Signature Certificate, is an relevant fact”. An opinion of third parties is in
admissible and as evidence except in certain cases when the court requires an opinion of
experts. With this insertion, opinion of third parties became relevant.

4. THE FUTURE OF PLASTIC MONEY
Use of plastic Money is growing at an unprecedented rate in India. Lesser number of
installed Point-of sale (PoS) terminals is the major obstacle in the growth of debt cards;
smart card has many innovative features, which may spurt the use of cards in India. Smart
card is safer to use in electronic form than the present form of cards
“ Credit card business is a volume game and initially highly capital intensive.”
- A senior banker
Plastic money is growing by leaps and bounds in India. Today, many banks are offering
cards. Though the foreign banks have a dominant share, aggressive entry of the Indian
banks like SBI, ICICI and HDFC Bank may soon change the rules of the game. Today, SBI-
GE is the third largest issuer of credit cards.
The credit card market in India is projected to grow at the rate of 20-25% per annum in
the coming years. There are currently around 3.8 million credit card users compared to
3.0 million in 1990. Visa credit card grew by 46.4% in India while the growth in Asia
Pacific was only 6% for Q3 of 2003. The competition among banks has been growing and
they are offering so many add-on incentives like waiver of first year annual fee, discount
on retail stores, personal loans etc., to woo the customers. Debit card is another segment,
which is catching up fast. There are only 80,000 to 90,000 merchants having point-of-sale
(PoS) terminals installed and majority of them are located in metros, which is the major
obstacle to the growth of debit cards. To increase the usage of debit cards, banks should
concentrate on increasing installation of PoS terminals in semi-urban and rural areas.
Smart Card: A Future Card
Smart cards are the wave of the future for consumer use, commercial use and terminal
network security. Smart cards are in much wider use in Europe than in US.
A smart card is a plastic card with an imbedded computer chip that has been stored
inside the card. It has the capacity to store up to 80 times more information than other
magnetic stripe cards. This mini-computer using an intelligent chip, stores payment
information similar to a magnetic stripe card, but it also includes additional information
such as online authorization controls, credit limits, stored value (gift card), reward points
(loyalty), Personal Identification Number (PIN), etc. Smart cards can be contact less,
suggesting that the chip transfers data via a built-in antenna without physically touching
the smart card reader.
There are over 3 billion smart cards in use currently. Today, smart cards are used
worldwide and it is the most flexible payment option available in the world. Smart cards
have been used in Europe for over 10 years and now they are the accepted mode of
payment. In developing countries and continents such as Africa and Asia, the use of smart
cards has been growing rapidly. In the US, major retailers, banks and processors are
preparing to accept global cards and some are adding smart gift cards and promotional
application to build loyalty for the growth of their business. American Express and
Financial Institutions have issued over 21 million PIN-secured smart cards to their
customers. By the end of 2005, there will be over 100 million smart cards to their
customers. By the end of 2005, there will be over 100 million smart cards in use in the
United States.
In order to accept smart cards, the business must have an EMV ready smart card Point-
of-Sale (PoS) terminal. Merchants can be standalone PoS smart card terminals or smart
card readers that are integrated with cash registers. Currently, over 90% PoS terminals
are not EMV smart card ready.
Smart Cards and Internet Payment
Issues of security and fraud are major drawbacks to using credit and debit cards over the
Internet. Unlike the hand-written receipts, there are no signed sales receipts associated
with today’s ecommerce transactions. Without such evidence, it is difficult as much as
84% of all electronic commerce transactions.
At the same time, consumers are holding back on making Internet purchases due to
lingering security concerns. According to Master Card, 90% of Internet non-buyers worry
that their personal and financial information may fall into the hands of hackers. It is this
reluctance that is the real barrier to building an online business. Using smart cards along
with a strong Internet authentication will help overcome these issues. American Express,
Master Card and Visa smart cards currently support Internet authentication and payment
using built-in digital certificates and digital signatures. For smart cards to be successful,
the cardholders must connect an EMV approved smart card reader to their PCs. Smart
cards have the capacity to replace the thirty plus years old magnetic stripe cards
5. LEADING ISSUE IN BANKING TECHNOLOGY
Many Indian banks are adopting the information technology not merely as a frill, but as a
dire need. It is helping the banks in many core and diversified functions. Technology is
key business enabler in six critical areas of banks. These are augmentation profit pool,
operation efficiency, customer management, product innovation, distribution and reach,
and efficient payment and settlement system. For the success of any IT program,
integration of IT and business strategy is crucial factor.
Banking basics have undergone radical shifts, thanks to the advent of modern technology,
increasing pace of globalization and the need for stronger fundamentals to operate in the
fiercely competitive environment. The digital divide among Indian banks that was quite
discernible before the millennium has considerably narrowed down with many banks
taking to technology not merely as a frill, but as a dire necessity. Technology today
catalyzes many core and diversified functions in banks, including issues like transaction
automation and multiple delivery channels, product innovation, data warehousing and
effective MIS, secured storage mechanisms and a real-time based payment and
settlement system.
Seen in the present context, technology is a key business enabler in six critical areas of
banking.
Augmenting Profit Pool; Operational Efficiency; Customer Management; Product
Innovation; Distribution and Reach; Efficient Payment and Settlement.
Augmenting Profit Pool
Sustained profits and profitability have been major yardsticks for assessing the true
health of banks in a fiercely competitive and compelling business environment.
Technology has proved, at least in case of new generation banks and major public sector
banks to be a major profit driver. With progressive decline in interest rates, banks’
spreads have come under pressure, which per se, affects their profitability. However,
technology had a favorable effect in terms of reducing the operating cost and improving
the burden to a considerable extent. Technology also enable commissioning of new
products like Net banking, mobile banking and other forms of 24X7 banking like ATMs
and Networked services across branches likeanywhere banking, electronic funds
transfer, customer relationship management, call centers across the banks. Hi-tech and
hi-touch services, it goes without saying, have also enlarged the clientele base in banks
and commanded considerable customer loyalty. Technology has created an enabling
environment for banks to diversify into various fee-based activities like bancassurance
and funds transfer arrangements.
Operational Efficiency
Operational efficiency, in terms of optimum utilization of resources, has been one of the
most positive offshoots of technological application in banks. Thanks to greater
technological application, banking system has seen a near consistent improvement in the
intermediation efficiency and consequent decline in transaction cost. Yet, technology
application has been by and large confined, especially in the state-owned banks, towards
cost saving and improved service standards through product innovation. While savings
in cost and improvement in service quality could turn out to be short-term in nature, it is
essential that technology is leveraged as a long-term and efficient cross-functional
application. It is also time that the focus of technology shifts from product innovation to
process innovation commonly referred to as Business Process Reengineering (BRP), for
banks to gain long-term operational efficiency.

Customer Management
Technology also spells significant benefits on the realm of customer research and
management. In a predominantly buyers’ market and high propensity if customers to
switch service providers, customer management need no longer be a front office function,
but a bank-wide obsession. Many banks have duly realized the significance of such
functions and introduced new models like the High Net Worth clients’ branch, imbued
with state of the art technology, exquisite ambience and quickest possible processing of
transactions. Customer management is a very sensitive issue entity hears only from 4%
of its dissatisfied customer, while 96% of its customers quietly go away of which 91%
never come back. Technology, thus, already implemented the tech aided e-CRM
application as strategic tool to retain as well as expand theircustomer base. The bottom
line is that banking products are getting commodities and price wars are slowly leading
to a zero-sum game. In such a scenario, technology backed customer orientation will hold
the key to take service standards anywhere near to world-class.
Product Research
In the field of product research as well, technology plays a decisive role, in terms of swift
product innovation, an active R&D set up effective pricing of products to protect banks’
margins and safeguard customers’ interests. Banking product life cycles are getting
shorter day by day and more than delivery, product servicing defines competitive edge
for banks. Marked to market product processes are equally important for sustained
improvement in the value chain of services and command ‘top of the mind recall’ from
the customers. Technology also aids product profitability research and review, which
have not adequate attention in many of the banks.
Distribution Reach
The thumb rule for strategic management masters is that structure must follow strategy
in any business reorganization.Technology, thus, calls for attendant restructuring
endeavors that will be in tune with the level of technology application. For instance, many
banks need to put in a place a leaner structure and remove intermediate decision-making
tiers. That is how one can see that many of the regional outfits of banks are slowly being
dismantled while branch expansion is not being accorded the thrust it used to be given
earlier. Rightsizing of human and physical overheads is a major strategy adopted by many
banks wherein the role of the earlier brick and mortar banking is slowly getting
dissipated. In turn, devices like Internet and mobile banking. Technology, thus, facilitates
downsizing of overheads cost without compromising much on clientele reach. Public
sector in the rural and semi-urban areas. Many of these branches are not performing to
their potential mainly because of their typical business mix, cost diseconomies and lack
of technology-based services offered in these branches. Technology can facilitate the
branch rationalization exercise such as setting up mobile branches and satellite branches,
especially in the rural areas, and bring many of those into the “Performing” category
without affecting the extent of client reach.

Efficient Payment and Settlement
Innovation in technology and worldwide revolution in information and communication
technology have emerged as dynamic sources of productivity growth. This is true about
banking as well as its relationship with technology has become symbiotic fundamentally.
Payment system is probably the most important mechanism in the banking sector where
technology’s interactive dynamics is getting manifested in an increasing measure each
day.
Banking system has adopted a holistic approach for designing a modern, robust, efficient
and integrated payment system. The approach to the modernization of the payment and
settlement system has been basically three pronged – consolidation, development and
integration. Consolidation of the payment system has revolved round strengthening
computerized cheque clearing and expanding the reach of electronic clearing services
through state-of-the-art technology. Critical elements under the developmental strategy
related to the opening of new clearing houses, interconnectivity of clearing houses
through INFINET and optimizing the development of resources the Negotiated Dealing
System, Structured Financial Messaging System (SFMS) and the recently introduced Real-
TimeGross Settlement (RTGS) system. Integration is the next stage that the banking
system is currently going through which is premised on a high degree of standardization
within a bank and seamless interfaces across banks, leading to Straight Through
Processing (STP) of transaction on a regular basis. Further, cheque truncation system will
also pave way to expedite settlement of payments process.
However, so far as integration is concerned, Indian banks still have a fair distance to
traverse. In order to efficiency leverage an integrated payment and settlement systems,
banks, especially those in the public sector, need to address certain core issues
expeditiously. These include the following:
• Toning up of infrastructure in terms of standardization and build up security features
like firewalls, Intrusion Detecting System (IDS) and implementing a security policy.
• Total inter-branch connectivity.
• Popularization of electronic funds transfer mechanism.
• Institute collaborative arrangements, including outsourcing of IT expertise.
In addition to the above, banking sector is also confronted with a classic dilemma. It
relates to differentiating between and mapping the role of business vis-à-vis the role of
information technology, a feature typifying an enterprise wide technology initiative. This
is where the significance of integrating business and IT plans comes to the fore.
Integration of IT and Business Strategy
Many banks, especially those in the public sector, are embarking on a comprehensive set
of IT initiatives encompassing total branch automation, core banking solution,
networking of ATMs, Internet and mobile banking, data warehousing and a
comprehensive MIS backed decision support system. Contrary to popular perception,
such initiatives are not merely because of competitive pressure from the foreign and new
generation private banks. The avowed goal of these initiatives was to improve overall
efficiency in terms of lower intermediation cost, swifter decisionmaking process, grater
customer convenience and effective internal control, including an objective risk
management mechanism. It goes without saying that the fast pace of globalization and
progressive move towards reaching global operational benchmarks also catalyzed the
technology drive dividends to these banks although the need of the hour is to consolidate
the gains so far and address the weak links.
One such weak link relates to lack of integration between the IT strategies which, it is
felt, is applicable to many of our banks. Technology introduction can offer significant
benefits only when they are in total alignment with business strategies. Especially, in
public sector banks, a phased approach is desirable in view of the heterogeneous nature
of their branch architecture and vast area specific differentials in their branch
functioning. In the current context, business strategies may differ from bank to bank, yet
a core set of business objectively will, for sure, be common to all the banks. Such
commonalities call for at least an open technology plan, in board consonance with the
business objectives, and the same can be fine-tuned on an ongoing basis to suit the
business model.
Recently, a study was conducted by National Institute of Bank Management, at the
behest of RBI, for suggesting a methodology to integrate IT and business plans in banks.
The study has proposed an ‘Enterprise Maturity Model’, for attaining total convergence
of technology and business strategies with focus on selected, generic business
strategies. The model suggests solutions not merely for business and technology, but for
issues related to human resources and customers who form an integral part of banks’
strategic road map.

The suggestions in the study promise to be useful benchmarks for banks in their complete
switchover to the virtual mode. Application of the model can help banks to develop
effective Executive Information System as effective decision support, integration of
varied workflow processes, objective customer analysis and most importantly, devise
simulative and real-time based tools to track business, profits and profitability. Effective
and an objective technology application system will also enable a business process
reengineering mechanism that will considerably enhance the real technological
capabilities of banks.
Core Banking Solution
In the light of ongoing emphasis on business process reengineering, one comes across
many banks assiduously pursuing a centralized server-based system, better known as
Core Banking Solution (CBS). CBS offers, among others, benefits like privilege of single
window service to customer in order to facilitate a shift from “customer of the branch” to
“customer of the bank” concept, online transfer of funds, longer business hours, lower
transaction costs, slimmer staff structure at branches, effective monitoring of business,
comprehensive MIS as a policy support and above al, improved visibility of the banks
implementing CBS. A robust MIS also supports vital functions like ALM, risk management,
product profitability and customer profitability analyses leading ultimately to efficient

portfolio management in banks. CBS also leads to significant mileage in terms of staff and
other overhead costs. Staff rendered surplus on account of CBs can also be put for
marketing and recovery functions, which warrant dedicated staff in the present context.
One major issue in CBS relates to security aspects and a host of operational risks that
banks are confronted with. Be it system failure or planned hacking or any kind of human
error, centralized system is perennially susceptible to failure which may prove to be
endemic across the financial system and result in vital data erosion. Retrieval of the same
may also cost dearly to the banks and theirassociates. Security aspects like implementing
a robust security policy, firewalls, IDS are, therefore, indispensable for preventing any
systematic problem. There are even cases where multi-point security has not been able
to check the fraudulent practices. Thus, security aspects need to be examined threadbare
before putting core banking in place.

6. TECHNOLOGY AND FRAUDS ATM CRIMES FRAUDS:
ATM crimes and frauds are rising throughout the world.
ATM industry and money other organizations are fighting with them in many ways like,
by issuing security tips, making ATMs more innovative etc. In India, where the use of
ATMs is growing by exponential, banks have to take benefit from international
experiences and safeguard their customers from frauds.
ATM crimes and frauds are mounting day by day. Even though they make up a small
percentage of criminal activities they are not less important. Criminals are raiding
millions every year.
Popular Ways to Card Frauds:
Some of the popular techniques used to carry out ATM crime are:
➢ Through Card Jamming ATM’s card reader is tampered with in order to trap a
customer’s card. Later on the criminal removes the card
➢ Card Skimming is the illegal way of stealing the card’s security information from
the card’s magnetic stripe.
➢ Card Swapping, through this customer’s card is swapped for another card without
the knowledge of cardholder.

➢ Website Spoofing, fictitious site is made which looks authentic to the user and
customers are asked to give their here a new card number, PIN and other
information, which are used to reproduce the card for removing the cash.
Global Measures to Fight the Frauds
To guard against these frauds ‘The Global ATM Security Alliance (GASA)’, which was
formed in June 2003, has issued the customers guide and some tips to prevent against
card-related frauds.
The World’s Top 20 tips for ATM Use to Enhance the ATM customer Experience and
Security
CHOOSING AN ATM
Tip 1: Where possible, use ATMs with which you are most familiar. Alternatively, choose
well-lit, well-placed ATMs where you feel comfortable.
Tip 2: Scan the whole ATM area before you approach it. Avoid using the ATM altogether
if there are any suspicious-looking individuals around or if it looks too isolated or unsafe.
Tip 3: Avoid opening your purse, bag or wallet while in the queue for the ATM. Have your
card ready in your hand before you approach the ATM.
Tip 4: Notice if anything looks unusual or suspicious about the ATM indicating it might
have been altered. If the ATM appears to have any attachments to the card slot or keypad,
do not use it. Check for unusual instructions on the display screen and for suspicious
blank screens. If you suspect that the ATM has been interfered with, proceed to another
ATM and inform the bank.
Tip 5: Avoid ATMs which have messages or signs fixed to them indicating that the screen
directions have been changed, especially if the message is posted over the card reader.
Banks and other ATMowners will not put up messages directing you to specific ATMs, nor
would they direct you to use an ATM, which has been altered.
USING AN ATM .
Tip 6: Is especially cautious when strangers offer to help you at an ATM, even if your card
is stuck or you are experiencing difficulty with the transaction. You should not allow
anyone to distract you while you are at the ATM.
Tip 7: Check that other individuals in the queue keep an acceptable distance from you. Be
on the lookout for individuals who might be watching you enter your PIN. Tip 8: Stand
close to the other ATM and shield the keypad with your when keying in your PIN (you
may wish to use the knuckle of your middle finger to key in the PIN).
Tip 9: Follow the instructions on the display screen, e.g., do not key in your PIN until the
ATM request you to do so.
Tip 10: If you feel the ATM is not working normally, press the cancel key and withdraw
your card and then proceed to another ATM, reporting the matter to your financial
institution.
Tip 11: Never force your card into the card slots.
Tip 12: Keep your printed transaction record so that you can compare your ATM receipts
to your monthly statement.
Tip 13: IF your card gets jammed, retained or lost, or if you are interfered with at an ATM,
report this immediately to the bank and/or police using the help line provided or nearest
phone.
Tip 14: Do not be in a hurry during the transaction, and carefully secure your card and in
your wallet, handbag or pocket before leaving the ATM.
MANAGING YOUR ATM USE
Tip 15: memorize your PIN (if you must write it down, do so in a distinguished manner
and never carry it with your card).
Tip 16: NEVER disclose your PIN to anyone, whether to family member, bank staff or
police.
Tip 17: Do not use obvious and guessable numbers for your date of birth.
Tip 18: Change your PIN periodically, and, if you think it may have been compromised,
change it immediately.
Tip 19: Set your daily ATM withdrawal limit at your branch at levels you consider
reasonable.
Tip 20: Regularly check your account balance and bank statements and report any
discrepancies to your bank immediately.

While the ATM industry is aggressively addressing ATM-related frauds and crimes, few
in the industry know about these extraordinary efforts. Some of the important works are
given below:
o From time to time the Electronic Funds Transfer Association (EFTA) with
the help of ATMIA is publishing tips on PIN security.
o To combat the cross-border crimes, GASA is working in association with
Interpol, the Metropolitan Police Flying Squad for New Scotland Yard and
leading card issuers.
o ATMIA is educating the people and ATM industry about most effective way
of fighting ATM crimes and frauds and honoring with award that
contributes significantly counter the fraud.
o Fair Isaac Card Alert – it is a service, which analyzes millions of daily
transaction, identifies the suspicious transactions and sends the card
number and related information of suspicious transaction to the concerned
bank. This services has helped alot in solving many card-related frauds
including high-profile skimming cases.
o Leading ATM manufacturers are producing innovative ATMs, which are
helping to counter the frauds. Biometric technology is one of the examples,
which removes the need of Personal Identification Numbers (PINs).

o Biometric systems identify or authenticate a person’s identity using
different alternatives like face expressions, fingerprint, hand geometry,
voice, retina, etc.
INTERNET BANKING AND FRAUDS
Fraudsters are using innovative ways like Web and Mail spoofing, attacking the bank’s
server etc. to break the security walls and commit fraud. There is a need for
arrangements, which help presence of integrity, confidentiality and authorization of
information.
“Thieves are not born, but made out of opportunities”
This quote exactly reflects the present environment related to technology, where it is
changing very fast. By the time regulators come up with preventive measures to protect
customers from innovative frauds, either the environment itself changes or new
technology emerges. This helps criminals to find new areas to commit the fraud.
Some common Internet banking frauds and their causes have been discussed here.
o Attacking the Bank’s Server
In this case, the fraudster takes control of the server of the bank and by visiting the bank’s
website carries out transaction through impersonation.
These attacks are due to bad programming, which mostly prevail in general purpose
software. Such attacks are called bufferover-flow attacks. Due to buffer-over-flow defects
in the software, fraudster can use the commands on the server without providing
essential information like password etc.
o Mail Spoofing
In the mail spoofing or e-mail forgery, the fraudster sends the information to bank
customers in such a form that it seems that information is from the authentic bank source.
One such incident happened with ICICI Bank customers to disclose passwords and other
information. The e-mail said:
“For security purpose your account has been randomly chosen for verification. To verify
your account information we are asking you to provide us with all the data we are
requesting. Otherwise, we will not be able to verify your identity and access to your
account will be denied. Please click on the link below to get to the ICICI secure page and
verify your account details. Thank you.”

Mail spoofing happens due to lack of criteria to verify the source address authenticity.
Anyone can set up a mail server and can forge a mail posing as an authentic source.
o Web Spoofing
In Web Spoofing, customers of the bank are lured to log in at the fraudster’s website,
which is similar to the bank’s website. Once the customer provides sensitive information,
they can be stolen easily by the fraudster, who uses the stolen sensitive information like
password and username etc., to carry out the transaction on the bank as a real customer.
In the whole case, the only loser is the customer because he does not have any means to
prove that it was not he who did those transactions, but the fraudster.
Ignorance of the customer to intercept Universal Resource Locator (URL) is the major
cause of Web spoofing. Look at the following two URLs
• http://secure.bankname.com/carloanfind/carloans.asp
• http://secure.bankname.com? @569857125/carloanfind/carloans.asp
It is very difficult for a normal customer to understand the difference between these two
URLs. He can be easily cheated because the first URL will drive him to the original site
while the second one to the fraudster’s site.

Denying Service from Bank’s Server
The fraudster’s intent here is not to commit any fraud but to create inconvenience for the
banks. The customer here literally cannot access the services of the bank.
Intervention of fraudster’s with Transmission Control Protocol/Internet Protocol
(TCP/IP), the computer communication languages, Router Poisoning that help the
customers to reach different parts of the network and Domain Name System (DNS)
service, that helps the two computers to communicate through IP number are some
reasons for such inconvenience.
It is clear that to plug all the loopholes is very difficult for any regulator. This is a
challenge to the mission of fast automation. It is essential on the part of the banks, the
regulators and the service providers to create a source and safe automation environment
that has the confidence and trust of the customers.
7. CREDIT CARD FRAUD ON INTERNET
Credit card fraud has become regular on Internet. All the agencies involved in the
transaction, cardholders, online merchants and the card issuers suffer losses. However,
it is the online merchant who suffers the most. This article examines the nature of credit
card fraud, types of credit card frauds, and the effects. This article also discusses the
preventive measures. Internet commerce is growing very fast. From a customer base of
28.8 million spending US$12 bn in 1999, Internet Commerce has grown exponentially
during the past few years and is still growing. But, unfortunately, the growth is not on the
expected lines. The credit card fraud, which has become common, has retarded the
ecommerce growth. A 1999 survey by US National consumer’s league reported that 7%
of customers were victims of the credit card fraud; recent surveys indicate that one out
of three online customers have become victims to this kind of fraud. Customers, credit
card companies, banks and merchants are battling this problem; still this crime is on
ascendancy.
Common Types of Card Frauds
There are different types of frauds involving credit cards. The fraudulent activities start
from the application process itself.
Application Fraud:
In application fraud, the fraudster obtains personal confidential information of the other
person needed in the credit card applications, like social security number, date of birth
using a variety of means. Internet search engines and databases are making these tasks
easier. Using this information, he fills in an application for a credit card and after receiving
it, uses it as if he is the true holder. The person in whose name the card is issued might
come to know about this only after the damage is done.
Counterfeit Cards:
In this, a criminal gains access to a valid card number and other information. For
example, the salesperson at the supermarket briefly takes possession of the customer’s
card during payment process, which he runs on a terminal. But without the knowledge of
the cardholder, the salesman can also run it on another machine, which can capture all
the details in the card. Using this information and tools like embossing machines, a
fraudster can create a counterfeit card. This process is known as ‘skimming’ and simple
hand-held devices are now available for the purpose. Further, the information skimmed
can also be used for purchases on the Internet or Telephone.
Account Takeover: In account takeover, the fraudster first all the personal confidential
information about the other person. Then impersonating as the other person, he informs
the bank that there is a change in his residential or office address. Next, he informs them
that his credit card is lost and request for a new card on the new address. After receiving
the card, the criminal successfully takes over the account.
Stolen and Lost Cards:

By far, this is the most common form of fraud in the market place. When the criminal has
access to a stolen or lost card, he also gains access to all the personal information. Apart
from using this card fraudulently, the criminal can also use the information to‘broaden’
the fraud by applying for new cards or fabricating new ones.
Other Forms:
From the point of view of a merchant, credit card frauds can be divided into three ways.
There are organized fraud, opportunistic fraud and cardholder fraud. The advantages
offered by Internet are also attracting the criminals in a big way. In an organized criminal
activity, the gang’s obtain credit cards using any of the means discussed above. They
normally identify a drop location like a vacant house or warehouse, spend the card up to
the maximum limit, and ask the merchandise to be dropped at this selected location.
These gangs have a thorough understanding of the system and take advantage of the fact
that there is normally a time gap of more on to the next card. Opportunistic fraud is
committed normally by amateurs who get an opportunity of handling credit cards, like
waiters in restaurants. Cardholder fraud involves the cardholder himself who might
claim that he never placed the order or he never received the goods. It could also involve
one of his family members or friends who used the card without his knowledge.
Bust Out Fraud:
According to Daniel Buttafogo of Juniper, an Internet-based credit card company, in this
fraud, true customers gradually build up as much available credit card and then ‘bust out’
with large purchases of items that could easily resold like jewelry or draw large cash
advances etc. Here the fraudster will draw bad checks on one account to pay when this
cannot be done any longer, the customer does a vanishing act. This kind of fraud is the
most difficult to catch, as the customer exhibits exemplary behavior till the last moment.
Friendly Fraud / Denial of Receiving Product:
Friendly fraud occurs when the actual cardholder carries out a transaction but later
denies or claims that his card was stolen or used without his authorization. Customers
might deny receipt or signing or even ordering the product.
Nature of E-Commerce Transactions:
In e-commerce transaction, face-to-face contact between the merchant and customer is
absent and this causes most of the creditcard frauds. In online transactions, after filling
in the online order form, the customer is expected to give his credit card number to
conclude the transaction. In real world, after the purchase, the customer hands over the
credit card, which the merchant swipes using a terminal. The merchant also obtains the
signature of the customer on the credit card receipt. He also verifies the charge
authorization. In case of fraudulent use of a card like using a stolen card, the merchant or
the customer are reimbursed by the credit card company. In online transactions, the card
is not present during the transaction and there is no signature of the customer on the
receipt. These transaction, treated as card not present transactions, in which the card
issuing companies do not reimburse the merchant. In reality, speed, which is the most
important benefit of the Internet, facilitates the fraud. A physical transaction takes
several minutes; where as Internet transaction takes only a few seconds. Real-time
transaction reduces the overheads, but at the same time, increase the number of
fraudulent transactions. For example, a fraudster can give the same fraudulent card
number to a number of e-business sites simultaneously and there is no way the merchants
can know about it.
8. INFORMATION TECHNOLOGY RISK IN BANKING:
MANAGEMENT & MEASUREMENT
Information Technology (IT) is not merely a technical function, but a management
process, which needs to be managed effectively. To measure the IT risk in banks there are
various methodologies available. All of them at large follow the same primary steps like
threat analyst etc. for technology risk assessment; American Banker Association has
recommended various resources.
Risk management approach had widely the baseline approach in which a baseline/
standard set of polices and practices are followed in taking business decision without
considering the criticality of the business asset or decision. In business sense, risk is the
probability of getting loss from taking or not taking a business decision. The loss can be
tangible or intangible. Risks can be avoided, controlled, shared, transferred and accepted.
Risks can be controlled through objectives, policies and procedures.
Risk management approach enables the management to give appropriate treatment to
the business assets and decisions based on their criticality to business goals and business
continuity. While the basic concepts remain the same, Information Technology
introduces new vulnerabilities as well as new techniques for risk management.As such,
technology risk management, while following the fundamentals, needs to address these
new vulnerabilities.
Technology Risk Management
Information Technology Risk is the risk that can arise due to use or non-use of technology
in business or for business. The primary objective of an organization and its ability to
conduct business. The business of IT in business is to see that the business continues. IT
risks management has to ensure that this purpose is achieved. As such IT risk
management process should not be treated as a mere technical function carried out by
the IT people and should not just confine to IT assets. It is essentially a management
function. However, the role of IT people is also vital because IT security and IT risk
management are interrelated and an effective risk management process is an important
component of a successful IT security program.
The broad objective of performing IT risk management is to enable the organization to
achieve its business goals by better securing the IT systems and enabling management to
make well-informed risk management decisions in areas where technology is involved.
IT risk management is to the process that helps to balance the operational and economic
costs of risk mitigation measures and achieve gains by protecting the IT systems and data
that support their organization’s goals. A well-structured risk management methodology,
when used effectively, can help management identify appropriate controls for providing
the mission-essential security capabilities.
Various organizations worldwide have come out with risk management frameworks,
policies, standards and principles that are quite useful in IT risk management and
measurement.
The committee set up Bank for International Settlement (BIS) has identified fourteen Risk
Management Principles for Electronic Banking to help banking institutions expand their
existing risk management policies and processes to cover their electronic banking
activities.
Similarly, the Committee of sponsoring Organizations of the Tread way Commission
(COSO) Board and Project Advisory Council took on the responsibility to expand and
address theremodeled components of internal control. The end product of this is the
COSO Enterprise Risk Management (ERM) Framework.
The Information Systems Audit and Control Association (ISACA) has developed a
framework called Control Objectives for Information and related Technologies (COBIT)
which helps in IT risk management.
The ERM and COBIT frameworks provide a useful evaluation tool for informing
management, directors and other stakeholders about a process, procedure and policy to
identify, measure, prioritize and respond to finding risk.
In India, RBI has been providing much guidance in this area to Indian banks. There is a
good number of references and guidelines provide in the reports of various RBI
Committees. The report of the RBI Committee on computer audit provide a
comprehensive checklist covering many technology-related areas, which is useful in
Technology Risk Assessment.

Technology Risk Assessment/Measurement
Risk assessment/measurement is a process used to identify and evaluate risks and their
potential effect/exposure. Risk exposureis equal to the amount of probability multiplied
with impact on business.
Risk management covers three processes: Risk assessment, risk mitigation, and
evaluation. Risk assessment is the first process in the risk management methodology and
also is necessary for the extent of the potential threat and the risk associated with an IT
system throughout is System Development Life Cycle (SDLC). The output of IT risk
assessment process helps to identify appropriate controls for reducing or eliminating risk
during the risk mitigation process.
Unlike financial risk, technology risk cannot be easily quantified or measured. But, banks
can gain financial and operational benefits by conducting an effective Technology Risk
Assessment (TRA). These include enhancing corporate governance over IT activities,
proactively identifying vulnerabilities and implementing risk business imperatives, and
efficiently using corporate risk management resource, including audit, in ensuring a cost-
benefit control environment.

Threats to an IT system must be analyzed in conjunction with the potential
vulnerabilities and the controls in place for the IT system to determine the likelihood of
a future adverse event and its impact. Impact refers to the magnitude of harm that could
be caused by a threat. The level of impact is governed by the potential impact on
organizational goals and, in turn, determines the level of criticality of an IT
asset/resource.
Technology Risk Assessment (TRA) Methodologies
The quality of the technology risk assessment affects the effectiveness of risk-based
decision of management. With the increasing interest in operational risk management
and concerns about corporate governance, may proprietary enterprise riskmanagement
methods/solutions came in the market to help banks to meet the assessment challenge.
Since these methodologies are mostly developed for and by traditional risk managers,
they are generally weak in areas relating to technology, although they provide an
adequate perspective from a credit, financial, and environmental standpoint.
Risk assessment methodology generally follows the following primary steps:

• Threat and Vulnerability Identification
• Probability/Likelihood Determination
• Impact Analysis
• Risk Determination
• Control Recommendations
• Results Documentation
Technology Risk Assessment (TRA) methodologies are not much different from general
risk assessment methodologies and they, too, follow these steps. However, the risk
assessment tools would be different in case of technology risk because to assess
adequately and to prioritize technology risk, the risk assessment tools must be
supplemented with methodologies specifically geared to technology.
As in the case of enterprise risk assessment tools, ready-made methods and tools
developed by vendors can be used for TRA also. However, a number of challenges are
involved in using these ready made tools like vendor methodologies which may not
continuously update the TRA throughout the year due to the costs involved; the
outsourced methodology/tool may not understand the bank’s specific issues, etc.
The American Bankers Association lists the following recommended resources for TRAs:
• International Standards Organization (ISO) 17799 (ISO Standards)
• Control Objectives for Information Technology (COBIT)
• SysTrust
• Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE)
• National Institute of Standards and Technology (NIST)
These resources are inexpensive to implement and serve the purpose in most cases. They
are based on extensive research from government and professional security experts and
are vendor neutral. These methodologies enjoy excellent reputation among corporate
governance experts.
A summary description of each of the above TRA methods is as follows:
ISO Standards
The ISO along with the International Electro-technical Commission forms the specialized
system for worldwide standardization. The stated purpose of the ISO standards is to
“provide a common basis for developing organizational security standards and effective
security management practice and to provide confidence in inter organizational
dealings.” Originally, developed in Britain, it is a favored TRA approach in Europe. The
standard is often referenced and leveraged by other prominent methods and covers 10
areas namely, Security policy, Communications and operations management,
Organizational security, Access control, Asset classification and control, System
development and maintenance, Personal security, Business continuity management,
Physical and environment security, and Compliance.
COBIT
COBIT has been developed as a generally applicable and accepted standard for good IT
security and control practices that provides a reference framework for IT governance.
COBIT is sponsored by the IT Governance Institute, established by the Information
Systems Audit and Control Association (ISACA), and addresses risk from both the
business and technology perspectives. It is an internationally recognized tool,
incorporating both operation management and audit concerns, which have been adopted
in organizations including the US House of Representatives, Charles Schwab & Co., and
Swift.
The framework compromises 34 high-level control objectives belonging to four domains.
For each control objective, audit procedures and management guidelines are provided.
The latter guidelines uniquely provide COBIT with a business management perspective;
maturity models, critical success factors, key goal indicators, and key performance
indicators are provided for each of the high-level control objectives.
COBIT focuses on processes and their ownership. It provides excellent methodology for
various parts of an organization to have the same perspective at IT risk management.
However, COBIT is more of a general assessment tool and detailed issues are to be
considered in the form of audit programs. As such some consider it to be too theoretical.
Sys Trust
The American Institute of Certified Public Accountants (AICPA) and the Canadian
Institute of Chartered Accountants (CICA) introduced a service to provide assurance on
the reliability of systems. The purpose of this service, known as Sys Trust, is to increase
the comfort of management, customers and business partners with the systems that
support a business or particular activity. The service considers four principles to evaluate
whether a system is reliable.
• Availability: The system is available for operation and use at times set forth in service
level statements or agreements.
• Security: The system is protected against unauthorized physical and logical access.
• Integrity: System processing is complete, accurate, timely and authorized.
• Maintainability: The system can be updated when required in a manner that continues
to provide for system availability, security and integrity.
Although, SysTrust was not necessarily developed as a risk management tool, many
organizations have found that the SysTrust principles could be adopted as an effective RA
tool since the principle provide a stake holder’s perspective on the impact of technology
on business activities. The AICPA/CICA is currently considering a new version of the
SysTrust tool that would also incorporate e-commerce activities. Under the revision, five
principles would replace the four above. Principles consider would include security,
availability, processing integrity, online privacy and confidentiality.
SysTrust provides good high-level questions for an overview on overall reliability but
may not provide detailed methods for intended objectives. It is more of an executive level
assessment perspective rather than at operational level. However, it also has provision
for third party assessment and covers security also.
OCTAVE
Developed by the Software Engineering Institute (SEI) at Carnegie Mellon University,
OCTAVE is a comprehensive, selfdirected approach to TRA. It differs from traditional

TRAs in that it first determines which information assets really need to be protected and
then evaluates the technology infrastructure to determine the vulnerability of those
assets. OCTAVE presents an exciting TRA to ORMs because the SEI is home to the CERT
alerts and other information relating to managing security vulnerabilities. This
robustness of tools, workshops, and publications relating to OCTAVE significantly
enhances an effective assessment by the ORM.
Specially, OCTAVE uses a three-phased approach to identify the technology risk
management needs of an enterprise:
• Build asset-based threat profiles: Identify important information assets, the threats to
those assets, security and current risk mitigation strategies.
• Identify infrastructure vulnerabilities: Examine technology infrastructure for
vulnerabilities that can be compromised.
• Develop security strategy and plans: Based on the results of the first two phases,
develop a strategy-based on business priorities to mitigate risks.
OCTAVE is a full methodology with supporting tools and leverages from a combination of
academic research and industry practices but, it is geared to larger institutions and the
use of it without formal training is difficult.

NIST
The Information Technology Laboratory (ITL) at the NIST in USA is a body, which
provides technical leadership for the nation’s measurement and standards
infrastructure. These include developing standards and guidelines for the cost-effective
security and privacy of sensitive unclassified information in federal computer systems.
Like the other organizations mentioned previously, NIST provides a detailed checklist of
IT-related risk mitigation strategies that should be assessed as a part of a TRA. In addition
to its detailed coverage of security issues, the checklist enables to determine if risk is
managed by using five “levels of effectiveness”.
1. Control objectives documented in a security policy.
2. Security controls documented as procedures.
3. Procedures have been implemented.
4. Procedures and security controls are tested and reviewed.
5. Procedures and security controls are fully integrated in to a comprehensive program.
However, this is mostly followed by big government organizations and following these
methodologies could be too burdensome in a smaller organization.

9. PRIMARY DATA & ITS ANALYSIS
The primary data has been collected through surveys in banks (questionnaire) viz., Bank
of Maharashtra, ICICI bank, HDFC bank.
Q.1) I.T. in banks is much more advanced than traditional banking?
BANK OF ICICI HDFC
MAHARASHTRA
AGREE 96% 98% 100%
DISAGREE 3% 2% 0%
FIFTY-FIFTY 1% 0% 0%
EXPLANATION: - It is cleared from questionnaire method that every one agrees to the
statement “I.T. in banks is much more advance than traditional banking”. Approximately
ninety eight percent of bank employees agree to the above statement.
Q.2) The ratio of online transaction v/s manual transaction. 1:2 2:1 Equal Can’t Say
ANALYSIS: -
BANK OF ICICI HDFC
MAHARASHTRA
1:2 30% 0% 0%
2:1 60% 100% 100%
EQUAL 0% 0% 0%
Can’t Say 10% 0% 0%
EXPLANATION: - According to the above data collected it is clear that approximately ten
percentage of employees says that the ratio of online transaction v/s manual transaction
is 1:2, eighty sevenpercentage says it is 2:1, zero percent says it is equal & three percent
cant say anything.
Q.3) Information technology in banks encouraging online frauds.
Yes No To some extent
ANALYSIS: -
BANK OF ICICI HDFC
MAHARASHTRA
YES 90% 92% 98%
NO 6% 5% 1%
TO SOME EXTENT 4% 3% 1%
EXPLANATION: - According to the above data collected it is clear that approximately
ninety three percent of employees says yes, four percent says no and three percent says
to some extent
Q.4) Type of banking facility that will be friendly to illiterate customer.
Online banking Manual-banking Both ANALYSIS: -

BANK OF ICICI HDFC
MAHARASHTRA
ONLINE BANKING 2% 0% 0%
MANAUAL 97% 98% 100%
BANKING
BOTH 1% 2% 0%
ninety seven percent of employees says that manual banking type of facility is friendly to
illiterate customers, two percent says online banking and one percent says both online as
well as manual banking is friendly to the illiterate customers.
Q.5) In what way I.T. in banks affects the work of the employees.
Increases the work Decreases the work Same at both levels
ANALYSIS: -
BANK OF ICICI HDFC
MAHARASHTRA
INCREASES TH 45% 30% 40%
WORK
DECREASES 50% 63% 55%
BANKING
BOTH 5% 7% 5%
thirty eight percent says I.T. in banks increases the work of the employees, fifty six
percent says decreases the work and six percent says it is same at both the levels.
Q.6) Does I.T. in banks increasing the cost of banking operations / banking transaction.
Yes No Equal
ANALYSIS: -
BANK OF ICICI HDCF
MAHARASHTRA
YES 98% 94% 100%
NO 2% 5% 0%
EQUAL 0% 1% 0%
eighty seven percent of employees says yes i.e. I.T. increases the cost of banking
operations or banking transactions, two percent says no and one percent says equal.
10. FINDINGS AND CONCLUSIONS
According to the survey conducted in Bank of Maharashtra, ICICI Bank & HDFC Bank, the
following points are concluded:
1. I.T. in banking sector is much more advanced than traditional banking.
2. Online transactions are widely used than manual transactions.
3. Manual banking facility is more friendly to illiterate customers.
4. I.T. in banks to some extents reduces the work of employees.
5. I.T. in banks to some extent encourages online frauds.
6. Online banking is much more costlier than manual banking. It increases the cost
of banking operations
7. Online banking facility can lead to progress of the banking sector.

11. SUGGESTIONS AND RECOMMENDATIONS
1. Some highly advanced softwares / programs should be implemented in banking
sector in order to prevent hackers and frauds.
2. Online banking operations cost or banking transaction cost should be reduced so
that middle class customer can have access to online banking facility.
3. Further research can be done in topics related to this project viz., software
application in banking sector, technology and frauds.
4. Awareness programs related to online banking for middle class people.
BIBLIOGRAPHY
REFERENCE RELATED TO BOOKS
• Katuri Nageshwara Rao & Yashpaul Pahuja, (2005), ‘IT IN BANKS – EMERGING
TRENDS’
• Kamlesh k Bajaj & Debjani Nag, ‘ELECTRONIC COMMERCE- THE CUTTING EDGE OF
BUSINESS’, Delhi, Tata McGraw Hill Publishing Co. Ltd.
JOURNALS AND MAGAZINES

• Ravi Kumar Sharma, ‘PROFESSIONAL BANKER’, Nov.2005.
RESEARCH REPORTS
• THE EFFECT OF INFORMATION AND COMMUNICATION ON THE BANKING SECTOR
AND PAYMENT SYSTEM
-BY ARBUSSA REIXACH
• INTERNET BANKING
COMPTROLLERS HANDBOOK
INTERNET
• www.banknetindia.com
• www.microsoft.co

Tybbi Project

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Tybbi Project

Uploaded by

Copyright:

Available Formats

UNIVERSITY OF MUMBAI

“ INFORMATION TECHNOLOGY IN BANKING SECTOR “

BACHELOR OF BANKING AND INSURANCE

IN PARTIAL COMPLETION OF REQUIREMENT FOR THE AWARD OF THE DGREE OF

BACHELOR OF BANKING AND INSURANCE.

YASH VINOD AMBRE

ROLL NO:- 3102

MANJUNATHA COLLEGE OF COMMERCE, THAKURLI ( E )

information technology in banking industry ). I wish to take opportunity to express my

deep sense of gratitude to

given the tremendous helping hand in completing this difficult task.

is offered for it’s improvement.

work embodied in the project entitled , “ IT IN BANKING INDUSTRY “ by me to

UNIVERSITY OF MUMBAI FOR SEMESTER-6 EXAMINATION during the Academic Year

under guidance and supervision of ASST.PROF.MS. VRUNDA YADWAD and PRINCIPAL

DR.V.S. ADIGAL SIR.

bibliography or list of references.

PLACE :- THAKURLI SIGNATURE OF STUDENT:

semester-6 (2019-20). He successfully completed the project on “INFORMATION

TECHNOLOGY IN BANKING INDUSTRY“ under the guidance of ASST.PROF.VRUNDA

YADWAD and PRINCIPAL DR. V.S ADIGAL.

INTERNAL EXAMINER EXTERNAL EXAMINER

CO-ORDINATOR PRINCIPAL (COLLEGE SEAL)

a) OBJECTIVES OF THE STUDY

b) LIMITATIONS OF THE STUDY

2. E-BANKING: IN NASCENT STAGE IN INDIA

3. ELECTRONIC CHEQUES & EVIDENTIARY VALUE

4. THE FUTURE OF PLASTIC MONEY

5. LEADING ISSUES IN BANKING TECHNOLOGY

6. TECHNOLOGY & FRAUDS

7. CREDIT CARD FRAUD ON INTERNET

8. INFORMATION TECHNOLOGY RISK IN BANKING: MANAGEMENT & MEASUREMENT

9. PRIMARY DATA & ANALYSIS

10. FINDINGS & CONCLUSIONS

11. SUGGESTIONS & RECOMMENDATIONS

who consisted mainly of unorganized moneylenders, mahajans and sahukars. Later,

providing, to service starved Indian customers. There were a series of technological

rapidly changing customer expectations against the backdrop of LPG (Localization,

segmentation of banking products to cater to different segmental needs, convenience and

telecommunication sector would be helping in the adoption of new technology and

are reaping following benefits with the use of technology:

customers want to be associated with the brand personality of the banks.

the services are customer driven.

practices as verification becomes quite easier and quick.

provides them better services or customized services.

well as increased labor productivity.

their financial expertise in financial consultancy, insurance sectors, and fee-based

earnings instead of fund-based earnings. The mushrooming of the multichannel,

the new survival mantra in the cutthroat scenario for banks.

OBJECTIVES OF THE STUDY

The objectives of the project “The Study Of Application of Information Technology In

Banking Sector” includes the following: -

the electronic payment system.

• To know about the hackers and frauds in online banking.

• To know about the risk management policies of Indian banking sector.

• To know about the electronic banking sector.

• Supervision of Electronic Banking by Reserve Bank Of India

• Information Technology in Banks in International Scenario

• Software Application to Protect from Hackers & Frauds

• Case Studies Related To Hackers & Frauds

COLLECTION OF PRIMARY DATA:-

• Various books related to information technology.

• Brochures of various banks.