Professional Documents
Culture Documents
SEMISTER VI
SUBMITTED
BY
UNDER GUIDANCE OF
PROF. VRUNDA YADWAD
KARNATAKA SANGHA’S
2020-2021
ACKNOWLEDGEMENT
It gives me immense pleasure while submitting the project report on the topic. (
ASST. PROF.VRUNDA YADWAD for her help in all stages of preparing project. She has
I had easy or anytime access to such knowledge and guided spirit. I fell there is ample
scope of improvement upon work of this nature and I shall be thankful if any suggestion
(Name);-
DECLARATION
I MR YASH VINOD AMBRE student of T.Y.BBI ROLL NO;- 3102 here wish to state that the
2020-2021.
The said reports are forms of my own contribution best on actual work carried by me
I further wish to state that this work is original and has not submitted for any other
degree of this or any other examination. Whenever the reference have been made to the
previous work of others, it has been clearly indicated as such and included in the
Your Name
ROLL NO:-
DATE :-
CERTIFICATE
This is to certify that MR. YASH VINOD AMBRE, ROLL NO:- 3102. 2020-2021 BBI
I further declare that the information presented in this projects is true and original to the
best of my knowledge.
1. INTRODUCTION
c) RESEARCH METHODOLOGY
12. BIBLIOGRAPHY
1. INTRODUCTION
The Indian Banking system has an old age legacy. Earlier there were indigenous bankers
when British came to India they brought with themselves the concept of organized
banking. British while leaving India left behind large number of small and privately held
banks. In 1964, the first major banking reform took place when 14 banks were
nationalized. It led to the rising of Indian Public Sector Banks. The second banking reform
was witnessed in 1990s when Indian Banking Sector underwent complete change after
the recommendations of the Narsimhan Committee. Private and MNC banks entered
banks entered into the Indian Banking arena and challenged the monopoly of the PSU
banks. The Private and MNC banks brought new technologies and technology intensive
services with themselves. They rendered quality service, which PSU banks were not
innovations and up-gradations, e.g., ATMs, Internet Banking, credit cards and online
banking, etc. Private banks and MNC banks had to At present provide something extra
and it was their service, which attracted a bulk of customer from the PSU banks. Indian
customers were lacking the world-class service in baking; they were accustomed to the
PSU (Sarkari) culture and the service of Private and MNC banks was a delight for them.
When private and MNC banks initiated the world class service to their customers and
started snatching customers from Public Sector Banks, Public sectors banks were bound
to follow the path of Private Banks. The PSU banks felt the heat and realized their mistake.
They also followed the Private Banks in their technology initiatives and services. The
Indian Banking Sector with the progress in Technology is facing the biggest challenged of
Privatization and Globalization). Retail banking clients today demand more care and
extra facilities. They want more mobility of investments, interactive accounts, and better
untimely hour services. Even the PSU culture could not adjust to the pace of the new
technology and changes. At present also it is moulding and adapting itself to new needs
and the dynamism of the environment. Technology is helping the Indian Banks to cater
to customer needs in a much more efficient manner continuous and error free services to
customers. With the help of computerization and the use of modern software, which can
be called the gift of technology, the banks have been able to provide single window system
to their customers. In a single window system, all the needs of the customers are taken
care at a single counter. It is like a multipurpose counter where one can deposit cheque,
receive payments and deposit cash etc. This has been made possible only due to the use
of technology. Earlier one had to move from one counter to the other counter for different
sort of works. Thus this type of service not only helps in better customer service but also
minimizes the customer service time as it avoids duplication of work and unnecessary
hassles to the customers. With the use of technology, banks are trying to minimize there
per customer service cost. According to industry estimates, assume teller cost Re.1 per
transaction, ATM transactions cost Re.0.45, phone banking at Re.0.35, debit cards at
Re.0.20 and Internet banking at Re.0.10 per transaction. So, now the emphasis ismore on
net banking then on real banking or brick and mortar banking. Indian Banking system is
moving from real banking realm to virtual banking realm. Banks are establishing more
and more ATMs at different convenient locations and interconnecting these ATMs not
only with their networks but also with their partner banks. Network with whom they
have got mutual understanding for sharing ATMs. With the least cost of Internet banking,
banks are paying higher emphasis on Internet banking. As per IDC estimates, the total
number of registered users for Internet banking in India is over two million. But this
figure needs to be adjusted for dormant users and multiple accounts (a user having
accounts with more than one bank). India has one million active Internet Users
populations. Thus, this is just around 0.1% of the total population; to represents 15% of
the India’s Internet user (most of the people in India use internet from cyber café). Thus,
indicating that the concept of Internet banking is surely catching on. India is far behind
in the use of Internet banking than the other Asian countries like Korea and Singapore
where nearly 10% of their population is banking over the Internet but India is fast
catching up. In India, the biggest drawback for Internet banking is the Internet
penetration among the masses. We lack the infrastructure facility for providing Internet
services but with the IT ministry keen on expanding the Internet penetration the day is
not too far when greater part of our population would be using the Internet banking
facilities. In India, ICICI bank was the pioneer to introduce Internet Banking. And later
Citibank, HDFC Bank and other banks followed the suit. PSU banks have lagged far behind
in adoption of the Internet banking facilities. But State Bank of India, which entered the
arena of ATM banking quite late, was able to expand at a rapid pace and cover almost all
the cities of India. Now ATM banking has become an integral part of traditional cheque or
withdrawal based banking. These services have helped the PSU banks to maintain their
customers. Now money is transferred more in electronic form than in physical form. With
the cost of PC fast declining and the government’s initiative in providing the
infrastructural facilities for net banking and the faster developments in the
ITbased banking services. Some authors’ view that the Internet banking is just the
extension of the traditional banking services because it is the same service with customer
friendly technologicalinterface. So, it is the value addition to the existing services. Banks
• With low investment, banks would be able to satisfy large customer base. The
technology has allowed the banks to move from brick and mortar building to virtual
interface which cost less in comparison to the rising real estate prices which in turn leads
to increase investment. Low investment in turn helps in satisfying large client base.
• With modern facilities more and more customers get attracted to the banks and they
are viewed as technology savvy and modern or state-of-the –art banks. Brand image of
the banks also get enhanced thus building their goodwill and brand equity. Even
• With the increase in quality and competition, the customers are having several choices
among which to choose instead of Hobson’s choice in some case. Now banking services
have become customer centric instead of service centric or bank centric approaches as in
earlier cases. Now, it is the customers market rather than a sellers (bankers) market. All
• Network sharing by different banks is enabling the banks to reduce their investment
(sharing of ATMs of partner banks) and provide better services to the customers. This is
also helping them in delivering quick services and it also reduces the risk of fraudulent
• These practices are leading to lower service cost per customer. Thus leading to enhance
profitability forthe banks, which in turn enhances the corporate image of the banks.
• With the use of technology banks are in a position to obtain the customer database with
a press of key and this helps the bank to maintain high profile customers because it is an
accepted marketing principle that 80% of the revenue are generated by 20% customers
(20:80 principle). Thus, the modern technology helps in tracking the key customers and
• The alternative channels of service helps the bankers to add new products to their
portfolio and it helps them to device new products according to customer needs. The
banks can provide customized value added services or tailor-made service to each
customer based on his/her requirement, e.g., foreign money transfer service, electronic
money etc.
• It helps the banks to manage their funds in a much better way as the technology
provides round the clock interface to the outside world and thus it helps in hedging the
risk of the banks at real time. Banks are able to minimize the risk and maximize returns
by investing in different avenues and they have greater control over the fund
investments.
• Technology helps in increasing the labor productivity because it increases the output
per labor to multifold. Earlier works had to be performed manually and it used to take
days to complete in minutes or in seconds. So, it helps in updating the customer status as
• The customer service cost decreases and the productivity of the staff increases and this
adds to the profitability of the banks. This helps the banks to take care of even larger
customer base and this will ultimately ass up too the bottom-line of the banks.Public
sector banks have been shy in implementing new technology brick mortar banking in
comparison to the technology driven banking while the client base of Private and MNC
banks are mostly young people who are technology-savvy and who like to interface more
with the technology than man. Aged people are not comfortable with the technological
interface. They feel complexity and uncomfortable with technology intensive services.
With the present avenues being saturated and greater competition due to the entry of
more players in the arena, the banks are diversifying into new areas where they can use
multifunction, self-service electronic delivery channels is fast replacing the brick and
mortar branches (real to virtual). There is a need to redefine the business model of the
Indian banking sector so that to optimize the resources and deliver world class service in
the light of modern day technology. Today’s concept is to minimize the visit of the
customer to the bank and let him usethe technology or let technology handle him-this is
The scope of the project “ The Study Of Application Of Information Study In Banking
Sector” has been restricted to some extent i.e. the project does not include the following:
The primary data has been collected from various sources which are as follows:
• Questionnaire method.
• Surveys in banks.
• Surveys in banks related offices such as agent’s office etc. COLLECTION OF SECONDARY
DATA: The secondary data has been collected from various sources which are as follows:
• Weekly journals.
• Articles in newspapers.
SAMPLE FRAME:
The data has been analyzed using ten samples of employees of three different banks viz.,
To keep pace with the changing environment worldwide, Indian banking industry is fast
adopting technology. It has embraced many new features like Internet banking, ATMs,
Phone banking etc. With the help of new technology, banks are now able to offer products
and services, which were difficult or impossible with traditional banking. But the banks
in India still have to go a long way before making themselves technology savvy.
Two major trends have emerged in the transition of traditional banking to high-tech
banking:
➢ Universal banking where one stop shop provides all related products and services
to a customer.
At this point, it should be emphasized that mergers, acquisitions, alliances, and adoption
communication and distribution system of various products and services through Web
networking. Networking, as we know has connected people around the globe, thus
changed and will change the definition and faces of global banking. Internet banking has
made banking a commodity where quality is measured by efficient servicing and effective
However, PC banking is not new. Bank of Scotland Started offering its Home Office
Banking Services (HOBS), more than a decade ago, although it was only in 1996 that it
was upgraded to make software work with the now dominant windows operating
systems. HOBS later joined hands with TSB, which in 1996 launched banking services
Two types of technology stock bank products are available in the market.
finance software.
The advancement in technology has led to the creation of electronic cheques, particularly
are governed by the laws applicable to each country’s jurisdiction. The authentication of
Negotiable Instruments Act, 1881 in order to impart legal validity to such electronic
instruments. The authors in this article elucidate the amended provisions and examine
the evidentiary value of such electronic instruments. The electronic cheque or simply the
include the phrase “electronic cheque” in the definition of a cheques in Section 6 reads as
“ A ‘cheque’ is a bill of exchange drawn on a specified banker and not expressed to be
For the purpose of this section, the expression- “A cheque in the electronic form” means
a cheque which contains the exact mirror image of a paper cheque and is generate,
written and signed in a secure system ensuring the minimum safety standards with the
cryptosystem.” An electronic cheque simply means a cheque in the electronic form, which
is an exact replica of a physical cheque. It contains all the information that is found on a
cheques. These signatures affixed using ink are used as an authentication tool to identify
that the person signing the document has read and understood the contents. In the
anonymous digital world, where individuals may not actually communicate with each
Therefore, it becomes necessary for evolving a secure authentication tool, which led to
It is a data string, which associates a message in the digital form with some originating
meaningless forms and back again. It uses a scheme or mechanism consisting of signature
generation algorithm with a method for formatting data into message to produce a digital
signature, and a related signature verification algorithm with the method to recover data
from the message to authenticate a digital signature. It is important to note that, the
Information Technology Act, 2000, in Section 3(2) provides for a particular asymmetric
cryptosystem”. In this method of creating and verifying a digital signature, there are two
basic technical processes or functions: “Public key encryption”, where encryption is the
• Create a data unit that is to be signed, e.g., precisely an encircled portion of data in
digital form, which can be a text document, software or any other digital information.
• Generate hash value called “Message Digest” or “Fingerprint” of the message. A hash
function is a process that creates a relatively small number (called message digest) that
• This hash value is computed from the data unit- a number using a hash algorithm, which
creates the compressed digital signature. Digital signatures use a “one way hash function”
and the important thing about such a hash value is that it is nearly impossible to derive
the original data unit without knowing the data unit used to create the hash value.
Therefore, if the data unit is changed or otherwise tampered with, the hash value will no
• Encrypt hash value with the private key of the signatory. Encryption is a process of
disguising a message in such a way so as to conceal its meaning and substance. It also
consists of a procedure of converting plain text to a cipher text. Hence, the plain text refers
to the original digital file, whereas the ciphertext refers to the disguised file.
• Final step in the verification process, which involves the regeneration of the hash value
on the basis of the same data unit and the same algorithm. The determined hash value is
again computed with rhea public policy key, which is then compared with the signature
attached to the data unit. If the product is matching, it will verify the signatory’s private
key, which is used to sign and guarantee that the data unit has not been altered. In this
context, digital signatures are created when the drawer of the cheque runs, the cheque
through a one-way function creatinga message digest. The private key used by the drawer
of the cheque is known only to him. The drawer encrypts the resulting message digest by
using an asymmetric cryptosystem will allow the paying banker to verify the signature
the legal perspective, the security procedure requires to be recognized by the law as a
With the emergence of cyberspace it became necessary to amend certain provision of the
Indian Evidence Act to make electronic evidence admissible in courts of law. Accordingly,
the second schedule to the Information Technology Act has amended the Indian Evidence
Act, 1872 to remove any obstacle to the legal acceptance and validity of electronic
evidence. According to the amended Section 3 of the Evidence Act, electronic records
stand on par with paper-based documents and will be deemed as documentary evidence
in a court of law.
While Section 22(A) of the Information Technology Act amends Section 17 of the Indian
Evidence Act, 1872 to provide that oral admission as to the contents of the electronic
records are relevant, the written admission of the content of any document or electronic
Section 39 of the Indian Evidence Act provides, “when any statement of which evidence
is given forms part of a longer statement, or is contained in a document which forms part
papers, evidence shall be given of so much and no more of the statement, conversation,
document, electronic record, book or series of letters or papers as the court considers
necessary in that particular case to the full understanding of the nature and effect of the
statement, and of the circumstances under which it was made.” It can be inferred from
this provision that where entry of an electronic cheque forms a part of an electronic
record, only that part which is relevant may be taken as evidence before the court. Again
what partis relevant depends on the discretion of the court. The court must exercise this
Information Technology Act 2000 prescribes, “ Where any law provides that information
or any other matter shall be authenticated by affixing the signature or any other
document shall be signed or bear the signature of any person then, not with standing any
document contained in such law, such requirement shall be deemed to have been
For the purposes of this section, “signed”, with its grammatical variations and cognate
expression, shall, with reference to a person, mean affixing of his handwritten signature
or any mark on any document and the expression “signature” shall be constructed
a) This filing of any form, application or any other document with any office, authority,
manner.
b) The issue or grant of any license, permit, sanction or approval by whatever name
anything contained in any other law for the time beginning in force, such requirement
shall be deemed to have been satisfied if such filing, issue, grant, receipt or payment, as
the case may be, is effected by means of such electronic form as may be prescribed by the
appropriate government”.
The words in Section 6(1)(C) “ the receipt or payment of money in a particular manner …
information. Form the legal perspective, two presumptions that could be raised in respect
him.
• The intention of the signatory to endorse or approve authorship of a text and the
fact that the signatory had been at a given place and time.
unconscionable conduct.
To regulate the use of digital signature, the Central Government is empowered to lay
down rules under Section 10 of the Information Technology Act, 2000 that reads, “The
central government may, for the purposes of this Act, by rules, prescribe-
• The manner and format in which the digital signature shall be affixed;
• The manner or procedure which facilitates identification of the person affixing the
• Any other matter which is necessary to give legal effect to digital signature.”
In India, evidentiary value of the digital signature has been in question for long. A genre
of evidence dominating the digital transaction world leads to be recognized by the Indian
The IT Act 2000 provides for specific evidentiary value for secure records and
secure digital signatures. Subsequently, sub-section (2) to Section 85B of the Indian
Evidence Act has been inserted to be in consonant with the IT Act to provide that, “ In any
proceedings, involving secure digital signature, the court shall presume unless the
• Except in the case of a secure electronic record or a secured digital signature, nothing
in this Section shall create any presumption relating to authenticity an integrity of the
The section limits its opinion to a secure digital signature by indicating that there shall be
parties concerned it can be verified that a digital that a digital signature, at the time it was
affixed, was-
• Created in a manner or using means under the exclusive control of the subscriber and
is linked to the electronic record to which it relates in such a manner that if the electronics
record was altered the digital signature would be invalidated then such a digital signature
shall be deemed to be a secure digital signature. As distinct from such a secure digital
signature, Section 67A of the Indian Evidence Act provides for proof as to the digital
signature, and Section 73A prescribes the method by which such a digital signature may
be proved. According to Section 67A of the Indian Evidence Act, “ Except in case of a
secure digital signature, if the digital signature of any subscriber is alleged to have been
affixed to an electronic record the fact that such digital signature is the digital signature
recognizes opinions of third parties not relevant as evidence unless specifically provided
for Section 47A reads as, “ When the court has to form an opinion as to the digital
signature of any person, the opinion of the certifying authority, which has issued the
admissible and as evidence except in certain cases when the court requires an opinion of
installed Point-of sale (PoS) terminals is the major obstacle in the growth of debt cards;
smart card has many innovative features, which may spurt the use of cards in India. Smart
card is safer to use in electronic form than the present form of cards
“ Credit card business is a volume game and initially highly capital intensive.”
- A senior banker
Plastic money is growing by leaps and bounds in India. Today, many banks are offering
cards. Though the foreign banks have a dominant share, aggressive entry of the Indian
banks like SBI, ICICI and HDFC Bank may soon change the rules of the game. Today, SBI-
The credit card market in India is projected to grow at the rate of 20-25% per annum in
the coming years. There are currently around 3.8 million credit card users compared to
3.0 million in 1990. Visa credit card grew by 46.4% in India while the growth in Asia
Pacific was only 6% for Q3 of 2003. The competition among banks has been growing and
they are offering so many add-on incentives like waiver of first year annual fee, discount
on retail stores, personal loans etc., to woo the customers. Debit card is another segment,
which is catching up fast. There are only 80,000 to 90,000 merchants having point-of-sale
(PoS) terminals installed and majority of them are located in metros, which is the major
obstacle to the growth of debit cards. To increase the usage of debit cards, banks should
Smart cards are the wave of the future for consumer use, commercial use and terminal
network security. Smart cards are in much wider use in Europe than in US.
A smart card is a plastic card with an imbedded computer chip that has been stored
inside the card. It has the capacity to store up to 80 times more information than other
magnetic stripe cards. This mini-computer using an intelligent chip, stores payment
information similar to a magnetic stripe card, but it also includes additional information
such as online authorization controls, credit limits, stored value (gift card), reward points
(loyalty), Personal Identification Number (PIN), etc. Smart cards can be contact less,
suggesting that the chip transfers data via a built-in antenna without physically touching
There are over 3 billion smart cards in use currently. Today, smart cards are used
worldwide and it is the most flexible payment option available in the world. Smart cards
have been used in Europe for over 10 years and now they are the accepted mode of
payment. In developing countries and continents such as Africa and Asia, the use of smart
cards has been growing rapidly. In the US, major retailers, banks and processors are
preparing to accept global cards and some are adding smart gift cards and promotional
application to build loyalty for the growth of their business. American Express and
Financial Institutions have issued over 21 million PIN-secured smart cards to their
customers. By the end of 2005, there will be over 100 million smart cards to their
customers. By the end of 2005, there will be over 100 million smart cards in use in the
United States.
In order to accept smart cards, the business must have an EMV ready smart card Point-
of-Sale (PoS) terminal. Merchants can be standalone PoS smart card terminals or smart
card readers that are integrated with cash registers. Currently, over 90% PoS terminals
Issues of security and fraud are major drawbacks to using credit and debit cards over the
Internet. Unlike the hand-written receipts, there are no signed sales receipts associated
At the same time, consumers are holding back on making Internet purchases due to
lingering security concerns. According to Master Card, 90% of Internet non-buyers worry
that their personal and financial information may fall into the hands of hackers. It is this
reluctance that is the real barrier to building an online business. Using smart cards along
with a strong Internet authentication will help overcome these issues. American Express,
Master Card and Visa smart cards currently support Internet authentication and payment
using built-in digital certificates and digital signatures. For smart cards to be successful,
the cardholders must connect an EMV approved smart card reader to their PCs. Smart
cards have the capacity to replace the thirty plus years old magnetic stripe cards
Many Indian banks are adopting the information technology not merely as a frill, but as a
dire need. It is helping the banks in many core and diversified functions. Technology is
key business enabler in six critical areas of banks. These are augmentation profit pool,
and efficient payment and settlement system. For the success of any IT program,
Banking basics have undergone radical shifts, thanks to the advent of modern technology,
increasing pace of globalization and the need for stronger fundamentals to operate in the
fiercely competitive environment. The digital divide among Indian banks that was quite
discernible before the millennium has considerably narrowed down with many banks
taking to technology not merely as a frill, but as a dire necessity. Technology today
catalyzes many core and diversified functions in banks, including issues like transaction
automation and multiple delivery channels, product innovation, data warehousing and
effective MIS, secured storage mechanisms and a real-time based payment and
settlement system.
Seen in the present context, technology is a key business enabler in six critical areas of
banking.
Sustained profits and profitability have been major yardsticks for assessing the true
Technology has proved, at least in case of new generation banks and major public sector
banks to be a major profit driver. With progressive decline in interest rates, banks’
spreads have come under pressure, which per se, affects their profitability. However,
technology had a favorable effect in terms of reducing the operating cost and improving
products like Net banking, mobile banking and other forms of 24X7 banking like ATMs
and Networked services across branches likeanywhere banking, electronic funds
transfer, customer relationship management, call centers across the banks. Hi-tech and
hi-touch services, it goes without saying, have also enlarged the clientele base in banks
environment for banks to diversify into various fee-based activities like bancassurance
Operational Efficiency
Operational efficiency, in terms of optimum utilization of resources, has been one of the
technological application, banking system has seen a near consistent improvement in the
application has been by and large confined, especially in the state-owned banks, towards
cost saving and improved service standards through product innovation. While savings
in cost and improvement in service quality could turn out to be short-term in nature, it is
application. It is also time that the focus of technology shifts from product innovation to
Technology also spells significant benefits on the realm of customer research and
switch service providers, customer management need no longer be a front office function,
but a bank-wide obsession. Many banks have duly realized the significance of such
functions and introduced new models like the High Net Worth clients’ branch, imbued
with state of the art technology, exquisite ambience and quickest possible processing of
transactions. Customer management is a very sensitive issue entity hears only from 4%
of its dissatisfied customer, while 96% of its customers quietly go away of which 91%
never come back. Technology, thus, already implemented the tech aided e-CRM
application as strategic tool to retain as well as expand theircustomer base. The bottom
line is that banking products are getting commodities and price wars are slowly leading
to a zero-sum game. In such a scenario, technology backed customer orientation will hold
Product Research
In the field of product research as well, technology plays a decisive role, in terms of swift
product innovation, an active R&D set up effective pricing of products to protect banks’
margins and safeguard customers’ interests. Banking product life cycles are getting
shorter day by day and more than delivery, product servicing defines competitive edge
for banks. Marked to market product processes are equally important for sustained
improvement in the value chain of services and command ‘top of the mind recall’ from
the customers. Technology also aids product profitability research and review, which
Distribution Reach
The thumb rule for strategic management masters is that structure must follow strategy
endeavors that will be in tune with the level of technology application. For instance, many
banks need to put in a place a leaner structure and remove intermediate decision-making
tiers. That is how one can see that many of the regional outfits of banks are slowly being
dismantled while branch expansion is not being accorded the thrust it used to be given
earlier. Rightsizing of human and physical overheads is a major strategy adopted by many
banks wherein the role of the earlier brick and mortar banking is slowly getting
dissipated. In turn, devices like Internet and mobile banking. Technology, thus, facilitates
sector in the rural and semi-urban areas. Many of these branches are not performing to
their potential mainly because of their typical business mix, cost diseconomies and lack
of technology-based services offered in these branches. Technology can facilitate the
branch rationalization exercise such as setting up mobile branches and satellite branches,
especially in the rural areas, and bring many of those into the “Performing” category
technology have emerged as dynamic sources of productivity growth. This is true about
banking as well as its relationship with technology has become symbiotic fundamentally.
Payment system is probably the most important mechanism in the banking sector where
day.
Banking system has adopted a holistic approach for designing a modern, robust, efficient
and integrated payment system. The approach to the modernization of the payment and
settlement system has been basically three pronged – consolidation, development and
computerized cheque clearing and expanding the reach of electronic clearing services
through INFINET and optimizing the development of resources the Negotiated Dealing
System, Structured Financial Messaging System (SFMS) and the recently introduced Real-
TimeGross Settlement (RTGS) system. Integration is the next stage that the banking
within a bank and seamless interfaces across banks, leading to Straight Through
Processing (STP) of transaction on a regular basis. Further, cheque truncation system will
However, so far as integration is concerned, Indian banks still have a fair distance to
banks, especially those in the public sector, need to address certain core issues
like firewalls, Intrusion Detecting System (IDS) and implementing a security policy.
In addition to the above, banking sector is also confronted with a classic dilemma. It
relates to differentiating between and mapping the role of business vis-à-vis the role of
is where the significance of integrating business and IT plans comes to the fore.
Integration of IT and Business Strategy
Many banks, especially those in the public sector, are embarking on a comprehensive set
such initiatives are not merely because of competitive pressure from the foreign and new
generation private banks. The avowed goal of these initiatives was to improve overall
management mechanism. It goes without saying that the fast pace of globalization and
progressive move towards reaching global operational benchmarks also catalyzed the
technology drive dividends to these banks although the need of the hour is to consolidate
One such weak link relates to lack of integration between the IT strategies which, it is
felt, is applicable to many of our banks. Technology introduction can offer significant
benefits only when they are in total alignment with business strategies. Especially, in
public sector banks, a phased approach is desirable in view of the heterogeneous nature
of their branch architecture and vast area specific differentials in their branch
functioning. In the current context, business strategies may differ from bank to bank, yet
a core set of business objectively will, for sure, be common to all the banks. Such
commonalities call for at least an open technology plan, in board consonance with the
business objectives, and the same can be fine-tuned on an ongoing basis to suit the
business model.
behest of RBI, for suggesting a methodology to integrate IT and business plans in banks.
The study has proposed an ‘Enterprise Maturity Model’, for attaining total convergence
strategies. The model suggests solutions not merely for business and technology, but for
issues related to human resources and customers who form an integral part of banks’
switchover to the virtual mode. Application of the model can help banks to develop
varied workflow processes, objective customer analysis and most importantly, devise
simulative and real-time based tools to track business, profits and profitability. Effective
and an objective technology application system will also enable a business process
capabilities of banks.
In the light of ongoing emphasis on business process reengineering, one comes across
Core Banking Solution (CBS). CBS offers, among others, benefits like privilege of single
window service to customer in order to facilitate a shift from “customer of the branch” to
“customer of the bank” concept, online transfer of funds, longer business hours, lower
comprehensive MIS as a policy support and above al, improved visibility of the banks
implementing CBS. A robust MIS also supports vital functions like ALM, risk management,
other overhead costs. Staff rendered surplus on account of CBs can also be put for
marketing and recovery functions, which warrant dedicated staff in the present context.
One major issue in CBS relates to security aspects and a host of operational risks that
banks are confronted with. Be it system failure or planned hacking or any kind of human
endemic across the financial system and result in vital data erosion. Retrieval of the same
may also cost dearly to the banks and theirassociates. Security aspects like implementing
a robust security policy, firewalls, IDS are, therefore, indispensable for preventing any
systematic problem. There are even cases where multi-point security has not been able
to check the fraudulent practices. Thus, security aspects need to be examined threadbare
ATM industry and money other organizations are fighting with them in many ways like,
by issuing security tips, making ATMs more innovative etc. In India, where the use of
ATM crimes and frauds are mounting day by day. Even though they make up a small
percentage of criminal activities they are not less important. Criminals are raiding
Some of the popular techniques used to carry out ATM crime are:
➢ Through Card Jamming ATM’s card reader is tampered with in order to trap a
➢ Card Skimming is the illegal way of stealing the card’s security information from
➢ Card Swapping, through this customer’s card is swapped for another card without
customers are asked to give their here a new card number, PIN and other
information, which are used to reproduce the card for removing the cash.
To guard against these frauds ‘The Global ATM Security Alliance (GASA)’, which was
formed in June 2003, has issued the customers guide and some tips to prevent against
card-related frauds.
The World’s Top 20 tips for ATM Use to Enhance the ATM customer Experience and
Security
CHOOSING AN ATM
Tip 1: Where possible, use ATMs with which you are most familiar. Alternatively, choose
Tip 2: Scan the whole ATM area before you approach it. Avoid using the ATM altogether
if there are any suspicious-looking individuals around or if it looks too isolated or unsafe.
Tip 3: Avoid opening your purse, bag or wallet while in the queue for the ATM. Have your
Tip 4: Notice if anything looks unusual or suspicious about the ATM indicating it might
have been altered. If the ATM appears to have any attachments to the card slot or keypad,
do not use it. Check for unusual instructions on the display screen and for suspicious
blank screens. If you suspect that the ATM has been interfered with, proceed to another
Tip 5: Avoid ATMs which have messages or signs fixed to them indicating that the screen
directions have been changed, especially if the message is posted over the card reader.
Banks and other ATMowners will not put up messages directing you to specific ATMs, nor
would they direct you to use an ATM, which has been altered.
USING AN ATM .
Tip 6: Is especially cautious when strangers offer to help you at an ATM, even if your card
is stuck or you are experiencing difficulty with the transaction. You should not allow
Tip 7: Check that other individuals in the queue keep an acceptable distance from you. Be
on the lookout for individuals who might be watching you enter your PIN. Tip 8: Stand
close to the other ATM and shield the keypad with your when keying in your PIN (you
may wish to use the knuckle of your middle finger to key in the PIN).
Tip 9: Follow the instructions on the display screen, e.g., do not key in your PIN until the
Tip 10: If you feel the ATM is not working normally, press the cancel key and withdraw
your card and then proceed to another ATM, reporting the matter to your financial
institution.
Tip 11: Never force your card into the card slots.
Tip 12: Keep your printed transaction record so that you can compare your ATM receipts
Tip 13: IF your card gets jammed, retained or lost, or if you are interfered with at an ATM,
report this immediately to the bank and/or police using the help line provided or nearest
phone.
Tip 14: Do not be in a hurry during the transaction, and carefully secure your card and in
Tip 15: memorize your PIN (if you must write it down, do so in a distinguished manner
Tip 16: NEVER disclose your PIN to anyone, whether to family member, bank staff or
police.
Tip 17: Do not use obvious and guessable numbers for your date of birth.
Tip 18: Change your PIN periodically, and, if you think it may have been compromised,
change it immediately.
Tip 19: Set your daily ATM withdrawal limit at your branch at levels you consider
reasonable.
Tip 20: Regularly check your account balance and bank statements and report any
in the industry know about these extraordinary efforts. Some of the important works are
given below:
o From time to time the Electronic Funds Transfer Association (EFTA) with
Interpol, the Metropolitan Police Flying Squad for New Scotland Yard and
o ATMIA is educating the people and ATM industry about most effective way
of fighting ATM crimes and frauds and honoring with award that
bank. This services has helped alot in solving many card-related frauds
Fraudsters are using innovative ways like Web and Mail spoofing, attacking the bank’s
server etc. to break the security walls and commit fraud. There is a need for
information.
This quote exactly reflects the present environment related to technology, where it is
changing very fast. By the time regulators come up with preventive measures to protect
customers from innovative frauds, either the environment itself changes or new
technology emerges. This helps criminals to find new areas to commit the fraud.
Some common Internet banking frauds and their causes have been discussed here.
o Attacking the Bank’s Server
In this case, the fraudster takes control of the server of the bank and by visiting the bank’s
These attacks are due to bad programming, which mostly prevail in general purpose
software. Such attacks are called bufferover-flow attacks. Due to buffer-over-flow defects
in the software, fraudster can use the commands on the server without providing
o Mail Spoofing
In the mail spoofing or e-mail forgery, the fraudster sends the information to bank
customers in such a form that it seems that information is from the authentic bank source.
One such incident happened with ICICI Bank customers to disclose passwords and other
“For security purpose your account has been randomly chosen for verification. To verify
your account information we are asking you to provide us with all the data we are
requesting. Otherwise, we will not be able to verify your identity and access to your
account will be denied. Please click on the link below to get to the ICICI secure page and
Anyone can set up a mail server and can forge a mail posing as an authentic source.
o Web Spoofing
In Web Spoofing, customers of the bank are lured to log in at the fraudster’s website,
which is similar to the bank’s website. Once the customer provides sensitive information,
they can be stolen easily by the fraudster, who uses the stolen sensitive information like
password and username etc., to carry out the transaction on the bank as a real customer.
In the whole case, the only loser is the customer because he does not have any means to
prove that it was not he who did those transactions, but the fraudster.
Ignorance of the customer to intercept Universal Resource Locator (URL) is the major
• http://secure.bankname.com/carloanfind/carloans.asp
• http://secure.bankname.com? @569857125/carloanfind/carloans.asp
It is very difficult for a normal customer to understand the difference between these two
URLs. He can be easily cheated because the first URL will drive him to the original site
The fraudster’s intent here is not to commit any fraud but to create inconvenience for the
banks. The customer here literally cannot access the services of the bank.
(TCP/IP), the computer communication languages, Router Poisoning that help the
customers to reach different parts of the network and Domain Name System (DNS)
service, that helps the two computers to communicate through IP number are some
It is clear that to plug all the loopholes is very difficult for any regulator. This is a
challenge to the mission of fast automation. It is essential on the part of the banks, the
regulators and the service providers to create a source and safe automation environment
Credit card fraud has become regular on Internet. All the agencies involved in the
transaction, cardholders, online merchants and the card issuers suffer losses. However,
it is the online merchant who suffers the most. This article examines the nature of credit
card fraud, types of credit card frauds, and the effects. This article also discusses the
preventive measures. Internet commerce is growing very fast. From a customer base of
28.8 million spending US$12 bn in 1999, Internet Commerce has grown exponentially
during the past few years and is still growing. But, unfortunately, the growth is not on the
expected lines. The credit card fraud, which has become common, has retarded the
of customers were victims of the credit card fraud; recent surveys indicate that one out
of three online customers have become victims to this kind of fraud. Customers, credit
card companies, banks and merchants are battling this problem; still this crime is on
ascendancy.
There are different types of frauds involving credit cards. The fraudulent activities start
Application Fraud:
In application fraud, the fraudster obtains personal confidential information of the other
person needed in the credit card applications, like social security number, date of birth
using a variety of means. Internet search engines and databases are making these tasks
easier. Using this information, he fills in an application for a credit card and after receiving
it, uses it as if he is the true holder. The person in whose name the card is issued might
Counterfeit Cards:
In this, a criminal gains access to a valid card number and other information. For
example, the salesperson at the supermarket briefly takes possession of the customer’s
card during payment process, which he runs on a terminal. But without the knowledge of
the cardholder, the salesman can also run it on another machine, which can capture all
the details in the card. Using this information and tools like embossing machines, a
fraudster can create a counterfeit card. This process is known as ‘skimming’ and simple
hand-held devices are now available for the purpose. Further, the information skimmed
Account Takeover: In account takeover, the fraudster first all the personal confidential
information about the other person. Then impersonating as the other person, he informs
the bank that there is a change in his residential or office address. Next, he informs them
that his credit card is lost and request for a new card on the new address. After receiving
access to a stolen or lost card, he also gains access to all the personal information. Apart
from using this card fraudulently, the criminal can also use the information to‘broaden’
Other Forms:
From the point of view of a merchant, credit card frauds can be divided into three ways.
There are organized fraud, opportunistic fraud and cardholder fraud. The advantages
offered by Internet are also attracting the criminals in a big way. In an organized criminal
activity, the gang’s obtain credit cards using any of the means discussed above. They
normally identify a drop location like a vacant house or warehouse, spend the card up to
the maximum limit, and ask the merchandise to be dropped at this selected location.
These gangs have a thorough understanding of the system and take advantage of the fact
that there is normally a time gap of more on to the next card. Opportunistic fraud is
committed normally by amateurs who get an opportunity of handling credit cards, like
waiters in restaurants. Cardholder fraud involves the cardholder himself who might
claim that he never placed the order or he never received the goods. It could also involve
one of his family members or friends who used the card without his knowledge.
Bust Out Fraud:
fraud, true customers gradually build up as much available credit card and then ‘bust out’
with large purchases of items that could easily resold like jewelry or draw large cash
advances etc. Here the fraudster will draw bad checks on one account to pay when this
cannot be done any longer, the customer does a vanishing act. This kind of fraud is the
most difficult to catch, as the customer exhibits exemplary behavior till the last moment.
Friendly fraud occurs when the actual cardholder carries out a transaction but later
denies or claims that his card was stolen or used without his authorization. Customers
absent and this causes most of the creditcard frauds. In online transactions, after filling
in the online order form, the customer is expected to give his credit card number to
conclude the transaction. In real world, after the purchase, the customer hands over the
credit card, which the merchant swipes using a terminal. The merchant also obtains the
signature of the customer on the credit card receipt. He also verifies the charge
authorization. In case of fraudulent use of a card like using a stolen card, the merchant or
the customer are reimbursed by the credit card company. In online transactions, the card
is not present during the transaction and there is no signature of the customer on the
receipt. These transaction, treated as card not present transactions, in which the card
issuing companies do not reimburse the merchant. In reality, speed, which is the most
important benefit of the Internet, facilitates the fraud. A physical transaction takes
several minutes; where as Internet transaction takes only a few seconds. Real-time
transaction reduces the overheads, but at the same time, increase the number of
fraudulent transactions. For example, a fraudster can give the same fraudulent card
number to a number of e-business sites simultaneously and there is no way the merchants
process, which needs to be managed effectively. To measure the IT risk in banks there are
various methodologies available. All of them at large follow the same primary steps like
threat analyst etc. for technology risk assessment; American Banker Association has
Risk management approach had widely the baseline approach in which a baseline/
standard set of polices and practices are followed in taking business decision without
considering the criticality of the business asset or decision. In business sense, risk is the
probability of getting loss from taking or not taking a business decision. The loss can be
tangible or intangible. Risks can be avoided, controlled, shared, transferred and accepted.
the business assets and decisions based on their criticality to business goals and business
continuity. While the basic concepts remain the same, Information Technology
introduces new vulnerabilities as well as new techniques for risk management.As such,
technology risk management, while following the fundamentals, needs to address these
new vulnerabilities.
Information Technology Risk is the risk that can arise due to use or non-use of technology
in business or for business. The primary objective of an organization and its ability to
conduct business. The business of IT in business is to see that the business continues. IT
risks management has to ensure that this purpose is achieved. As such IT risk
management process should not be treated as a mere technical function carried out by
the IT people and should not just confine to IT assets. It is essentially a management
function. However, the role of IT people is also vital because IT security and IT risk
achieve its business goals by better securing the IT systems and enabling management to
IT risk management is to the process that helps to balance the operational and economic
costs of risk mitigation measures and achieve gains by protecting the IT systems and data
when used effectively, can help management identify appropriate controls for providing
Various organizations worldwide have come out with risk management frameworks,
policies, standards and principles that are quite useful in IT risk management and
measurement.
The committee set up Bank for International Settlement (BIS) has identified fourteen Risk
Management Principles for Electronic Banking to help banking institutions expand their
existing risk management policies and processes to cover their electronic banking
activities.
(COSO) Board and Project Advisory Council took on the responsibility to expand and
address theremodeled components of internal control. The end product of this is the
The Information Systems Audit and Control Association (ISACA) has developed a
framework called Control Objectives for Information and related Technologies (COBIT)
The ERM and COBIT frameworks provide a useful evaluation tool for informing
management, directors and other stakeholders about a process, procedure and policy to
In India, RBI has been providing much guidance in this area to Indian banks. There is a
good number of references and guidelines provide in the reports of various RBI
Risk assessment/measurement is a process used to identify and evaluate risks and their
Risk management covers three processes: Risk assessment, risk mitigation, and
evaluation. Risk assessment is the first process in the risk management methodology and
also is necessary for the extent of the potential threat and the risk associated with an IT
system throughout is System Development Life Cycle (SDLC). The output of IT risk
assessment process helps to identify appropriate controls for reducing or eliminating risk
Unlike financial risk, technology risk cannot be easily quantified or measured. But, banks
can gain financial and operational benefits by conducting an effective Technology Risk
efficiently using corporate risk management resource, including audit, in ensuring a cost-
vulnerabilities and the controls in place for the IT system to determine the likelihood of
a future adverse event and its impact. Impact refers to the magnitude of harm that could
asset/resource.
The quality of the technology risk assessment affects the effectiveness of risk-based
methods/solutions came in the market to help banks to meet the assessment challenge.
Since these methodologies are mostly developed for and by traditional risk managers,
they are generally weak in areas relating to technology, although they provide an
• Probability/Likelihood Determination
• Impact Analysis
• Risk Determination
• Control Recommendations
• Results Documentation
Technology Risk Assessment (TRA) methodologies are not much different from general
risk assessment methodologies and they, too, follow these steps. However, the risk
adequately and to prioritize technology risk, the risk assessment tools must be
As in the case of enterprise risk assessment tools, ready-made methods and tools
developed by vendors can be used for TRA also. However, a number of challenges are
involved in using these ready made tools like vendor methodologies which may not
continuously update the TRA throughout the year due to the costs involved; the
outsourced methodology/tool may not understand the bank’s specific issues, etc.
The American Bankers Association lists the following recommended resources for TRAs:
• SysTrust
These resources are inexpensive to implement and serve the purpose in most cases. They
are based on extensive research from government and professional security experts and
are vendor neutral. These methodologies enjoy excellent reputation among corporate
governance experts.
ISO Standards
The ISO along with the International Electro-technical Commission forms the specialized
system for worldwide standardization. The stated purpose of the ISO standards is to
“provide a common basis for developing organizational security standards and effective
security management practice and to provide confidence in inter organizational
standard is often referenced and leveraged by other prominent methods and covers 10
COBIT
COBIT has been developed as a generally applicable and accepted standard for good IT
security and control practices that provides a reference framework for IT governance.
Systems Audit and Control Association (ISACA), and addresses risk from both the
incorporating both operation management and audit concerns, which have been adopted
in organizations including the US House of Representatives, Charles Schwab & Co., and
Swift.
For each control objective, audit procedures and management guidelines are provided.
The latter guidelines uniquely provide COBIT with a business management perspective;
maturity models, critical success factors, key goal indicators, and key performance
COBIT focuses on processes and their ownership. It provides excellent methodology for
However, COBIT is more of a general assessment tool and detailed issues are to be
considered in the form of audit programs. As such some consider it to be too theoretical.
Sys Trust
The American Institute of Certified Public Accountants (AICPA) and the Canadian
the reliability of systems. The purpose of this service, known as Sys Trust, is to increase
the comfort of management, customers and business partners with the systems that
support a business or particular activity. The service considers four principles to evaluate
• Availability: The system is available for operation and use at times set forth in service
• Security: The system is protected against unauthorized physical and logical access.
• Integrity: System processing is complete, accurate, timely and authorized.
• Maintainability: The system can be updated when required in a manner that continues
Although, SysTrust was not necessarily developed as a risk management tool, many
organizations have found that the SysTrust principles could be adopted as an effective RA
tool since the principle provide a stake holder’s perspective on the impact of technology
SysTrust tool that would also incorporate e-commerce activities. Under the revision, five
principles would replace the four above. Principles consider would include security,
SysTrust provides good high-level questions for an overview on overall reliability but
may not provide detailed methods for intended objectives. It is more of an executive level
assessment perspective rather than at operational level. However, it also has provision
OCTAVE
assets. OCTAVE presents an exciting TRA to ORMs because the SEI is home to the CERT
• Build asset-based threat profiles: Identify important information assets, the threats to
• Develop security strategy and plans: Based on the results of the first two phases,
OCTAVE is a full methodology with supporting tools and leverages from a combination of
academic research and industry practices but, it is geared to larger institutions and the
The Information Technology Laboratory (ITL) at the NIST in USA is a body, which
infrastructure. These include developing standards and guidelines for the cost-effective
Like the other organizations mentioned previously, NIST provides a detailed checklist of
IT-related risk mitigation strategies that should be assessed as a part of a TRA. In addition
to its detailed coverage of security issues, the checklist enables to determine if risk is
However, this is mostly followed by big government organizations and following these
The primary data has been collected through surveys in banks (questionnaire) viz., Bank
MAHARASHTRA
DISAGREE 3% 2% 0%
FIFTY-FIFTY 1% 0% 0%
EXPLANATION: - It is cleared from questionnaire method that every one agrees to the
statement “I.T. in banks is much more advance than traditional banking”. Approximately
Q.2) The ratio of online transaction v/s manual transaction. 1:2 2:1 Equal Can’t Say
ANALYSIS: -
BANK OF ICICI HDFC
MAHARASHTRA
1:2 30% 0% 0%
EQUAL 0% 0% 0%
EXPLANATION: - According to the above data collected it is clear that approximately ten
percentage of employees says that the ratio of online transaction v/s manual transaction
is 1:2, eighty sevenpercentage says it is 2:1, zero percent says it is equal & three percent
ANALYSIS: -
BANK OF ICICI HDFC
MAHARASHTRA
NO 6% 5% 1%
TO SOME EXTENT 4% 3% 1%
ninety three percent of employees says yes, four percent says no and three percent says
to some extent
MAHARASHTRA
ONLINE BANKING 2% 0% 0%
BANKING
BOTH 1% 2% 0%
ninety seven percent of employees says that manual banking type of facility is friendly to
illiterate customers, two percent says online banking and one percent says both online as
Q.5) In what way I.T. in banks affects the work of the employees.
ANALYSIS: -
BANK OF ICICI HDFC
MAHARASHTRA
WORK
BANKING
BOTH 5% 7% 5%
thirty eight percent says I.T. in banks increases the work of the employees, fifty six
percent says decreases the work and six percent says it is same at both the levels.
Q.6) Does I.T. in banks increasing the cost of banking operations / banking transaction.
Yes No Equal
ANALYSIS: -
BANK OF ICICI HDCF
MAHARASHTRA
NO 2% 5% 0%
EQUAL 0% 1% 0%
eighty seven percent of employees says yes i.e. I.T. increases the cost of banking
operations or banking transactions, two percent says no and one percent says equal.
10. FINDINGS AND CONCLUSIONS
According to the survey conducted in Bank of Maharashtra, ICICI Bank & HDFC Bank, the
6. Online banking is much more costlier than manual banking. It increases the cost
of banking operations
that middle class customer can have access to online banking facility.
3. Further research can be done in topics related to this project viz., software
BIBLIOGRAPHY
• Katuri Nageshwara Rao & Yashpaul Pahuja, (2005), ‘IT IN BANKS – EMERGING
TRENDS’
• Kamlesh k Bajaj & Debjani Nag, ‘ELECTRONIC COMMERCE- THE CUTTING EDGE OF
RESEARCH REPORTS
• INTERNET BANKING
COMPTROLLERS HANDBOOK
INTERNET
• www.banknetindia.com
• www.microsoft.co