Internet banking, web banking or online banking refers to an electronic payment system. This allows financial institutions or bank customers to conduct various financial transactions through the internet. Online banking is a component of the core banking system and is different from branch banking, which is the traditional method of accessing banks’ services.
Various services such as obtaining statements, viewing account balances, making payments, checking latest transactions, transferring money between accounts are provided by internet banking software.
A customer will first have to register himself with the financial institution for gaining access to the online banking services. He will have to go through a customer verification process and set up various credentials and password. Mobile or Telephone banking has different credentials than online banking. A customer number is assigned by the financial institution to the customer, regardless of whether the customer has intentions of using the online banking service or not. Customer numbers are different from account number, because a single customer number can be linked to multiple account numbers. Any account linked with the financial institution can be linked to a customer number, however the number of accounts which can be accessed to, may be limited such as, savings, credit card, cheque and, loans. By using the previously set up credentials and customer number, customer can use the online banking facility by visiting the bank or financial institution’s website.
Different financial transactions which a customer can carry out are determined by the financial institution. These typically include financing loans, obtaining loans, funds transfer between customer’s account and other accounts, obtaining account balances and, list of latest transactions. Some banks impose restrictions on the amount which can be transacted. Banks also allow customers to download bank statement copies, which customers can print out. Various banks also provide customers with the option to download transactions into their accounting software. Financial institutions also provide customers with the facility to stop payment on a cheque, advice change of address, order a cheque book, report credit card loss, statements and various other actions.
Features of online banking:
Various online banking facilities have common capabilities and features, as well as application specific features. Several categories exist for common features:
Online banking allows customers to perform non-transactional tasks, such as:
- Viewing latest transactions, account balances and paid cheques.
- Order cheque books.
- Downloading account statements, bank statement and various applications for E-banking, M-banking.
Online banking can provide customers for performing different transaction, such as:
- Investment sale or purchase
- Paying third parties, including third party fund transfer (FAST) and bill payments (BPAY)
- Credit card application
- Making bill payments and registering utility billers
- Loan transactions and applications, including enrollment repayments.
- Transferring funds between linked customer’s accounts.
Security issues concerning online banking:
Online banking is impossible to operate without protecting customer’s financial information. Various security measures are used by banks and financial institutions to safeguard a customer’s records from unauthorized access. Different approaches are adopted for these purposes such as, accessing secure website for carrying out transactions. In various countries, it is not considered safe to use single password authentication for online banking.
Online banking uses two different security methods:
- First is the PIN/TAN system. PIN is user login password whereas TAN is one-time password used for authenticating transactions. Security tokens can generate TANs, depending on the information stored in the security token and the time (2FA or two-factor authentication). Postal letters can also be used to distribute a TANs list to online banking customers.
TANs containing a list of recent transactions can be sent as SMS to the online banking customer. Transactional details and amounts are included in the SMS text. This TAN is valid only for a small duration. Banks in the Netherland, Austria and Germany provide “SMS TAN” service. Banks also provide “PhotoTAN” service, where a QR code image (generated by the bank) is sent to the online banking user’s smartphone device. Additional encryption is not necessary for internet banking with PIN/TANs because they are performed through web browsers which have secured SSL connections.
- The second method is signature based online banking in which all the transactions are encrypted and signed digitally. Different memory mediums, such as smartcards can be used to store signature encryption and generation keys.
Malicious software can attack and steal an online banking user’s valid TANs and login information. Pharming and Phising are the two well known attacking methods used for gaining unauthorized access to a user’s financial information. Trojan horses/keyloggers and cross-site scripting are used for stealing user login information.
By manipulating software used by the online banking user, signature based online banking is attacked. The screen displays correct transactions while fake transactions occur in the background. Trojan horse attacks the online banking user with a man-in-the-browser attack. The attacker can modify the amount in the internet browser and the account number.
Fraudsters use social engineering and malwares to persuade a user to himself transfer the money to them on grounds of false claims ( like asking the user to “test transfer” or claiming that some money has been accidently transferred to the users account and must be transferred back.