E-banking: concepts & risk management

NLDIMSR

Contents
1. INTRODUCTION:......................................................................................................................
1.1 Banking Overview:................................................................................................................
1.2 E-Banking basics....................................................................................................................
1.3 Edge over traditional banking................................................................................................
1.4Drivers for chnage...................................................................................................................
1.5 India banks on web................................................................................................................
1.6 Evolution of E-banking..........................................................................................................
1.7 Forms of E-banking.............................................................................................................
2. E-BANKING COMPONENTS.........................................................................................
2.1 E-banking strategy...............................................................................................................
2.1 Factors influencing e-banking system..................................................................................
2.2 Host Entities.........................................................................................................................
2.3 Components and Processes..................................................................................................
3. E-BANKING SUPPORT SERVICES...............................................................................
3.1 Weblinking...........................................................................................................................
3.2 Account Aggregation............................................................................................................
3.3 Electronic Authentication.....................................................................................................
3.4 Website Hosting...................................................................................................................
3.5 Payments for E-Commerce..................................................................................................
3.5.1 Person-to-Person Payments........................................................................................
3.6 Wireless E-Banking..............................................................................................................
4. E-BANKING RISKS..........................................................................................................
4.1 Transaction/operations risk..................................................................................................
4.2 Credit risk.............................................................................................................................
4.3 Liquidity, interest rate, price/market risks............................................................................
4.4 Compliance/legal risk..........................................................................................................
4.5 Strategic risk........................................................................................................................
4.6 Reputation risk.....................................................................................................................
Page 1 of 40

E-banking: concepts & risk management

NLDIMSR

5. Risk Management........................................................................................................................
5.1Board & Management.........................................................................................................
5.2Security...............................................................................................................................
5.3Regulatory and Legal framework.......................................................................................
8. Advantages of E-Banking:..............................................................................................................
9. Challenges and road ahead:...........................................................................................................
10. Conclusion........................................................................................................................................
6. Reference .................................................................................................................................

Page 2 of 40

E-banking: concepts & risk management

NLDIMSR

INTRODUCTION
1.1 Banking Overview :
Since 1970 banking and finance have undergone nothing less than a revolution. The
structure of the industry in the mid-1990s bore little resemblance to that established in the
1930s in the aftermath of the bank failures of the Great Depression. In the 1970s and
1980s, what had been a fractured system by design became a single market, domestically
and internationally. This is largely attributed to the adoption of new technology in
banking sector
Indian banking and financial sector has witnessed blazing success and created a huge
opportunity for the Indian IT industry both in the international market and also
domestically. With the financial services sector already accounting for more than 35
percent of the Indian software and services sector, the segment is well geared-up to offer
customized financial products and services as per the Indian domestic markets
requirements
Banks are deploying IT in the following areas :
Core Banking
Automation of Branches
Delivery Channels (including ATMs, Internet Banking, Mobile Banking, Kiosks,
etc)
Treasury, Investments, Mutual Funds
Networking Infrastructure
Training
Re-Engineering and BPR
Out sourced services and Back Office work
Utility and Tax payment collections
Banks are deploying IT in the following areas :
CRM and Call Centers
Upgradation (new products and services)
Marketing

Page 3 of 40

E-banking: concepts & risk management

NLDIMSR

Security
Cash Management and Payment services
Data warehousing and Data mining
Work flow automation
MIS, EIS and DSS
Maintenance
Audit and Surveillance
Most of the big software houses do not encourage customization. Banks need
customization as each bank is unique, has different business goals and different business
mix so customization enhances operating efficiency. Re-Engineering of banking
operations, if preceded before customization provides an ideal base for extremely
successful implementation.

1.2 E-banking Basics:

E-banking is a process by which customer perform banking transaction without visiting a
brick-and-mortar institution and there is automated delivery of new and traditional
banking products and services directly to customers through electronic, interactive
communication channels. E-banking includes the systems that enable financial institution
customers, individuals or businesses, to access accounts, transact business, or obtain
information on financial products and services through a public or private network,
including the Internet through various intelligent electronic devices such as a personal
computer (PC), personal digital assistant (PDA), automated teller machine (ATM), kiosk,
or Touch Tone telephone.
The term Internet Banking or E-Banking Internet both are used as supplement. EBanking is the one of the major part of E-Financing. E-Banking is web-based Banking. In
other words E-Banking refers to the banking operations, which is done over World Wide
Web.
The advent of E-Business accompanied with technological innovations and globalization
is constantly propelling the businesses organization to redefine their business operations
in terms of value chain reengineering and restructuring business models. Likely, the
financial sector is metamorphosing under the impact of competitive, regulatory and
technological forces. The banks have put themselves in the World Wide Web to take
advantage of the internets power and reach, to cope with the accelerating pace of change
of business environment.

Page 4 of 40

E-banking: concepts & risk management

NLDIMSR

The famous quote by Bill Gates that banking is vital to a healthy economy, but banks
themselves are not highlights of the crucial nature of the electronic forces that are
affecting banks more than any other financial service provider group.
The Internet banking is changing the banking industry and is having the major effects on
banking relationships. Even the Morgan Stanley Dean Witter Internet research
emphasized that Web is more important for retail financial services than for many other
industries. Internet banking involves use of Internet for delivery of banking products &
services. It falls into four main categories, from Level 1 - minimum functionality sites
that offer only access to deposit account data - to Level 4 sites - highly sophisticated
offerings enabling integrated sales of additional products and access to other financial
services- such as investment and insurance.
E-Banking information architecture is modeled as client-server architecture. A client
operating through a PC linked to Internet opens the special E-Banking site of his bank
and then, using a set of special secure numbers, gets access to his bank accounts and has
the opportunity to consult them, as well as to make all necessary payments and transfers
form his personal accounts. When the transaction number is exhausted the bank sends
him a new set of numbers for his individual transfer sessions. In some cases the bank
provides customized software. The bank software program can also be utilized offline,
for example for preparing the payment orders offline and then making the actual order
online. The client receives all numbers separately, mainly by mail. The bank also provide
clients with similar facilities in its premises so that clients can use the bank equipment
such as an ATM or a special facility linked to the main terminal facility called Multimat,
permitting them to effect the same account examination, payment and transfer operations
without consulting the bank staff.

1.3An edge over traditional banking:

One has to approach the branch in person, to withdraw cash or deposit a cheque or
request a statement of accounts. In true Internet banking, any inquiry or transaction is
processed online without any reference to the branch (anywhere banking) at any time.
Providing Internet banking is increasingly becoming a "need to have" than a "nice to
have" service. The net banking, thus, now is more of a norm rather than an exception in
many developed countries due to the fact that it is the cheapest way of providing banking
services.
Banks have traditionally been in the forefront of harnessing technology to improve their
products, services and efficiency. They have, over a long time, been using electronic and
telecommunication networks for delivering a wide range of value added products and
services. The delivery channels include direct dial up connections, private networks,
public networks etc and the devices include telephone, Personal Computers including the

Page 5 of 40

E-banking: concepts & risk management

NLDIMSR

Automated Teller Machines, etc. With the popularity of PCs, easy access to Internet and
World Wide Web (WWW), Internet is increasingly used by banks as a channel for
receiving instructions and delivering their products and services to their customers. This
form of banking is generally referred to as Internet Banking, although the range of
products and services offered by different banks vary widely both in their content and
sophistication.
From the perspective of banking products and services being offered through Internet,
Internet banking is nothing more than traditional banking services delivered through an
electronic communication backbone, viz, Internet. But, in the process it has thrown open
issues which have ramifications beyond what a new delivery channel would normally
envisage and, hence, has compelled regulators world over to take note of this emerging
channel.

Page 6 of 40

E-banking: concepts & risk management

NLDIMSR

1.4Drivers of change
Information technology is considered as the key driver for the changes taking place
around the world. The transformation from the traditional banking to e-banking has been
a leap change. The evolution of e-banking started from the use of Automatic Teller
Machines (ATMs) and telephone banking (tele-banking), direct bill payment, electronic
fund transfer and the revolutionary online banking. The future of electronic banking
would be more interactive i.e., TV banking. Finland is the first country in the world to
have taken a lead in e-banking. In India, ICICI Bank initiated e-banking services during
1997 under the brand name Infinity. It has been forecasted that among all categories,
online banking is the future of electronic financial transactions. The rise in e-commerce
and internet in enhancing online security transformation and sensitive information has
been the core reason for the penetration of online banking in everyday life. The shift
towards the involvement of the customers in the financial service with the help of
technology, especially internet, has helped in reducing costs of financial institutions as
well as clients/customers who use the service at anytime and from virtually anywhere
with access to an internet connection.
Advantages previously held by large financial institutions have shrunk considerably. The
Internet has leveled the playing field and afforded open access to customers in the global
marketplace. Internet banking is a cost-effective delivery channel for financial
institutions. Consumers are embracing the many benefits of Internet banking. Access to
one's accounts at anytime and from any location via the World Wide Web is a
convenience unknown a short time ago. Thus, a bank's Internet presence transforms from
'brouchreware' status to 'Internet banking' status once the bank goes through a technology
integration effort to enable the customer to access information about his or her specific
account relationship. The six primary drivers of Internet banking includes, in order of
primacy are:
Improve customer access
Facilitate the offering of more services
Increase customer loyalty
Attract new customers
Provide services offered by competitors
Reduce customer attrition

1.5 Indian banks on web

Indias banking sector is growing at a fast pace. India has become one of the most
preferred banking destinations in the world. The Bank credit is growing at 30% per
annum and there is an ever-expanding middle class of between 250 and 300 million
people (larger than the population of the US) in need of financial services. All this

Page 7 of 40

E-banking: concepts & risk management

NLDIMSR

enables double-digit returns on most asset classes which is not so in a majority of other
countries. Foreign banks in India achieving a return on assets (ROA) of 3%, their keen
interest in expanding their businesses is understandable even more so when compared
with the measly 1% average ROA for the Top 1000 banks in the world. Banks outsource
over 85% of their information technology also they are postponing new technology
investments, but still investing in proven technologies
The banking industry in India is facing unprecedented competition from non-traditional
banking institutions, which now offer banking and financial services over the Internet.
The deregulation of the banking industry coupled with the emergence of new
technologies, are enabling new competitors to enter the financial services market quickly
and efficiently.
Indian banks are going for the retail banking in a big way. However, much is still to be
achieved. Throughout the country, the Internet Banking is in the nascent stage of
development (only 50 banks are offering varied kind of Internet banking services).
In general, these Internet sites offer only the most basic services. 55% are so called 'entry
level' sites, offering little more than company information and basic marketing materials.
Only 8% offer 'advanced transactions' such as online funds transfer, transactions & cash
management services. Foreign & Private banks are much advanced in terms of the
number of sites & their level of development.

1.6 Evolution
Since the late 1990s E-Banking has developed from virtual insignificance to tens of
millions of users worldwide However, E-Banking is the product of different generations
of electronic transactions. The current web-based internet or E-Banking is the latest of
several generations of systems: Automated Teller machine (ATMs), Phone Banking, PC
or House Banking. Automated teller machines (ATMs) were the first well-known
machines to provide electronic access to customers where as in phone banking, users call
their banks computer system on their ordinary phone and use the phone keypad to
perform banking transactions.
PC banking superseded phone banking and allowed users to interact with their bank by
means of a computer with a dial-up modem connection to the phone network. Phone and
PC banking entailed maintenance costs associated with keeping up to date with diverse
modems and with avoiding prohibitively complex installation procedures. After those
generations Deutsche Bank launched the very first Internet banking project in Latin
America in 1996 and Citibank has developed a special e-toolkit across all its branches
worldwide. E-Banking uses the web browser for the user interface and the Internet for
data transfer and download of software, and so has a potential for reducing maintenance
costs. For users, E-Banking provides current information, 24-hours-a-day access to
Page 8 of 40

E-banking: concepts & risk management

NLDIMSR

banking services. The primary services provided by e-banks are transferring money
among ones own accounts, paying bills, and checking account balances. Loans,
brokering, share trading, service bundling, and a host of other financial services are being
added to these primary services E-Banking is widely used in. Banks are gearing up their
communications infrastructure to obtain a competitive edge from E-Banking, which is
fast becoming a reality in India. E-Banking is fast becoming a strategic necessity for most
commercial banks, as competition increases from private banks and NBFIs. The product
had priority over place banks can generate revenue through increased account access
fees, and benefit from promotional opportunity to cross-sell products such as credit cards
and loans. Due to the relative newness of this rapidly growing industry, banks as well as
consumers had serious concerns about the security of Internet access to client accounts,
which was the biggest challenge.
Consumers are increasingly looking for services they can access from a single entry
point. Awareness of competition has motivated banks to move aggressively in seeking
alliances and establishing joint ventures to maintain their claim to this part of the
Ecommerce infrastructure. Like there are alliances in the ATM network, Group Network,
Money Transfer Network etc. This is also creating segmentation of networks where the
customers of this networks sometimes unable to access to others network. Consumer
behavior in banking changed partly as a result of changes in the amount of spare time
available to individuals. Mobility, independence of time and place, and flexibility has
become key words in consumer banking. The key features of the Internet such as 24
hour availability, almost immediate access, and the absence of physical borders. Indeed,
the Internet has been one of the key drivers in promoting E-Commerce in the banking
sector. The opportunities for banks in the Internet arena are varied despite this plethora of
opportunities, threats to the e-banks abound. One major threat to banks is the Internet
only virtual banks. With US$ 2 million, one can set up a fully-functional, Internet Only
bank and provide payment services on the Internet.
The Internet banks serve also as gateways offering identification and authorization
services to a number of third party service providers. There are user-friendly
opportunities for conducting business over the Internet with telephone companies, Energy
Company, tax board and other institutions. Demand for those services influences also the
usage rates of Internet banks. Banks for the consumers and is a win-win situation for the
banks and service providers.
It is evident that banks can obtain an advantage by exploiting their existing, ECommerce-ready infrastructure, through leveraging it on the Internet, but this opportunity
must be seen in the context of a highly competitive, rapidly-moving market-place in
which new rivals are emerging from many different directions.

Page 9 of 40

E-banking: concepts & risk management

NLDIMSR

Theoretical security concerns the level of security that is technically possible; whereas
effective security concerns the level of security achieved in practice, and is typically
lower than theoretical security. User adoption of E-Banking is affected by perceived
security. This supports a view of security as crucial to the overall usability of E-Banking
systems.

1.7 Forms of E-banking

The following terms all refer to one form or another of electronic banking: personal
computer (PC) banking, Internet banking, virtual banking, online banking, home banking,
remote electronic banking, and phone banking. PC banking and Internet or online
banking are the most frequently used designations. It should be noted, however, that the
terms used to describe the various types of electronic banking are often used
interchangeably.
Corporate e - Banking
corporate e-banking is a comprehensive, corporate and small business banking solution
providing a single unified view of corporate banking relationships across asset and
liability products, limits, trade finance and cash management. It is designed to support
multiple channels including the Internet and mobile, and can be interfaced with disparate
host systems and third-party applications. This empowers banks to provide their
corporate customers anytime anywhere access to real-time consolidated information
The solution is built on new-generation industry standard technologies J2EE and .NET.
Key features:

Accounts and Transfers

Electronic Invoice Presentment & Payment (EIPP)

Payments

Collections Management

Liquidity Management

Reconciliation Reporting

Trade Finance
Consumer e-banking
Consumer e-banking solution is a proven Internet banking and mobile banking solution
for retail banking customers. Built on new-generation technology, it provides a single
unified view of the customer's many relationships with the bank. The solution provides
high flexibility for customization and robust security features.

Page 10 of 40

E-banking: concepts & risk management

NLDIMSR

This solution can be interfaced with any core banking solution directly or through an
industry standard middleware. It provides banking customers real time access to their
relationships with the bank such as account inquiries, fund transfers, credit cards, mutual
funds payments and remittances. It enables them to make payments to individuals or
institutions, and other general payments online. Consumer Internet Banking, with its
ability to reach each and every nook and cranny of the world holds great importance for a
nation like India, where conventional Banking services are out of reach for a large
proportion of the masses. But to make it a success it requires more than just an adequate
internet enabling infrastructure
Key features:

Core Module

Payments Module

Credit Card and Mutual Fund Modules

Electronic Bill Payment and Presentment (EBPP) Module

Alerts Module

Security Features

Mobile Banking

To date, more banks have established an advertising presence on the Internet primarily
in the form of informational or interactive web sitesthan have created transactional web
sites. However, a number of Banks that do not yet offer transactional Internet banking
services have indicated on their web sites that they will offer such banking activities in
the future.
Although Internet banks offer many of the same services as do traditional brick-andmortar Banks, analysts view Internet banking as a means of retaining increasingly
sophisticated customers, of developing a new customer base, and of capturing a greater
share of depositor assets. A typical Internet bank site specifies the types of transactions
offered and provides information about account security.
Because Internet banks generally have lower operational and transactional costs than do
traditional brick-and-mortar banks, they are often able to offer low-cost checking and
high-yield Certificates of deposit. Internet banking is not limited to a physical site; some
Internet banks exist without physical branches, for example, Telebank (Arlington,
Virginia) and Banknet (UK). Further, in some cases, web banks are not restricted to
conducting transactions within national borders and have the ability to make transactions
involving large amounts of assets instantaneously.

Page 11 of 40

E-banking: concepts & risk management

NLDIMSR

E-Banking Competitiveness
E-Banking is developing gradually and it is getting acceptance globally. But, whether this
field is lucrative for entry can be judged by industry and competitive analysis. Like other
industry, Porters Five Forces Model of Competition can also be applied to understand EBanking competitiveness.
Rivalry among Competing Parties
As there is no single internet only bank exist in this world, the current rivalry among the
competitor or banks in the banking industry should be considered. Banking institutions
are countering their competitors by leveraging E-Commerce technologies and various
service offerings online this is a major shift from the early days of Electronic Funds
Transfer (EFT), when large organizations introduced electronic banking to simplify the
management of their salary and payroll problems.

Banks are leveraging it as a distribution channel to offer complex products at the same
quality they can provide from their physical branches, at a lower cost, to more potential
customers, without boundaries. E-Banking is used to augment their current value chain,
offering new product and compete for the customers.
New Entrants
At present, the entry barriers to Internet banking appear to be much higher for new
entrants than was the case during the early days of this type of banking. The barriers stem
from customer attitudes and the very nature of banking services and products. The
traditional banks with a strong customer base have a competitive advantage over
newcomers.
Buyers
The Internet has leveled the playing field: the bargaining power of consumers is
increasing, switching costs are becoming lower (with Internet banking gaining
momentum), and consumer loyalties are harder to retain. Some specific factors that have
conspired to create the new competitive environment for banking include: changing
consumer needs and perceptions, globalization, technological innovations, and
competition from non-banking entities

Page 12 of 40

E-banking: concepts & risk management

NLDIMSR

2. E-BANKING COMPONENTS
2.1 E-Banking Strategy
Several model of E-Business were tried by different banks all over the world to get them
involved in the E-Banking vicinity. The most used E-Business model were Internet Only,
Brick-and-Click or Click-and-Mortar. However, Internet Only model failed to survive.
Security First Net Bank (SFNB) which was formed in 1996 in the US and claims to be
the first Internet-only bank in the world. But it was acquired by the Royal Bank of
Canada in 1998 suggesting that customers may still want the comfort of a physical
presence. The present trend is Brick and Click or Click and Mortar, where banks serve
their customers through internet having physical operations simultaneously. Progress in
information technology has reduced transportation costs transaction cost and thus
suggests that the Internet enabled banks to offer low-cost, high value-added financial
services. Although price incentives can play significant role in getting customers online
the service needs to be based on quality rather than price only. Developing technological
solutions should was not done with a product or line of business in focus but with a
customer relationship focus with integrated delivery of products and services. Success or
failure in Internet banking is greatly determined by the integration of technology
infrastructure with the business processes.
E-Banking World Wide
Since its inception, Internet banking has experienced strong and sustained growth. World
Bank report on leapfrogging in e-finance pointed out that the three countries with
impressive progress in information technology in this sense are Estonia, Republic of
Korea and Brazil. Creation of the worlds leading electronic banking systems has been
done at a remarkably low cost compared to other world-class internet banks
The share of United States households using Internet banking will increase to 55 billion
users by 2010. Growth in this area has been driven by traditional banks, which have used
the online channel to generate customer loyalty and improve their operating margins.
All banks offering E-Banking also offer security for transactions using firewalls, virus
protection, 128 bit (or higher) encryption, verification by means of digital certificate and
state limits to customer liability for unauthorized use of access codes. In Asia one of the
most impressive records has been achieved by the Republic of Korea. Internet banking in
that country has increased at a rapid pace. The Republic of Korea is also leading in online
brokerage and in mobile banking. In South-East Asia Internet banking is also developing
rapidly in Thailand, Malaysia, and Singapore and to a lesser extent, in the Philippines.
Apart from North and South Africa the Sub Saharan Africa is the region that is seriously
lagging behind in Internet banking, although it is giving to the rest of the world the good
Page 13 of 40

E-banking: concepts & risk management

NLDIMSR

example of microfinance developments. Banking is likely to be a significant component

of the product delivery and customer strategy of the strategic marketing plans of cuttingedge MFIs in the future.
2.2 Factors influencing e-banking system
E-banking systems can vary significantly in their configuration depending on a number
of factors. Financial institutions should choose their e-banking system configuration,
including outsourcing relationships, based on four factors:

Strategic objectives for e-banking;

Scope, scale, and complexity of equipment, systems, and activities

Technology expertise

Security and internal control requirements.

2.3 Host Entities

Financial institutions may choose to support their e-banking services internally.
Alternatively, financial institutions can outsource any aspect of their e-banking systems to
third parties. The following entities could provide or host (i.e., allow applications to
reside on their servers) e-banking-related services for financial institutions:

Another financial institution

Internet service provider

Internet banking software vendor or processor

Core banking vendor or processor

Managed security service provider

Bill payment provider

Credit bureau

Credit scoring company.

Page 14 of 40

E-banking: concepts & risk management

NLDIMSR

2.4 Components and Processes

E-banking systems rely on a number of common components or processes. The following
list includes many of the potential components and processes seen in a typical institution:

Website design and hosting

Firewall configuration and management

Intrusion detection system or IDS (network and host-based),

Network administration,

Security management,

Internet banking server

E-commerce applications

Internal network servers

Core processing system

Programming support

Automated decision support systems

These components work together to deliver e-banking services. Each component

represents a control point to consider. Through a combination of internal and outsourced
solutions, management has many alternatives when determining the overall system
configuration for the various components of an e-banking system. One or more
technology service providers can host the e-banking application and numerous network
components as illustrated in the following diagram. In this configuration, the institutions
service provider hosts the institutions website, Internet banking server, firewall, and
intrusion detection system. While the institution does not have to manage the daily
administration of these component systems, its management and board remain
responsible for the content, performance, and security of the e-banking system.

Page 15 of 40

E-banking: concepts & risk management

NLDIMSR

[close]
Figure 1: Third-Party Provider Hosted E-Banking Diagram
This diagram illustrates the transaction flow for one possible configuration where the
bank relies on a technology service provider to host its Internet banking application.
(i) Internet banking customer sends an e-banking transaction through their Internet
Service Provider (ISP) via a phone, wireless, or broadband connection.
(ii) The customers ISP routes the transaction through the Internet and sends it to the ebanking service provider's ISP, which routes it to the provider.
(iii) The transaction enters the provider's network through a router, which directs the ebanking transaction through a firewall to the application running on the Internet banking
server.
(iv) The website server and Internet banking server may have host-based intrusion
detection system (IDS) software monitoring the server and its files to provide alerts of
potential unauthorized modifications.
(v) Network IDS software may reside at different points within the network to analyze
the message for potential attack characteristics that suggest an intrusion attempt.

Page 16 of 40

E-banking: concepts & risk management

NLDIMSR

(vi) The Internet banking application processes the transaction against account balance
data through a real time connection to the core banking system or a database of account
balance data, which is updated periodically from the core banking system.
(vii) The Internet banking server has a firewall filtering Internet traffic from its internal
network.

3. E-BANKING SUPPORT SERVICES

In addition to traditional banking products and services, financial institutions can provide
a variety of services that have been designed or adapted to support e-commerce.
Management should understand these services and the risks they pose to the institution.
Common E-Banking Services
Some of the common retail and wholesale e-banking services offered by financial
institutions are:
Retail Services
1. Account management
2. Bill payment and presentment
3. New account opening
4. Consumer wire transfers
5. Investment/Brokerage services

Page 17 of 40

E-banking: concepts & risk management

NLDIMSR

6. Loan application and approval

Wholesale Services
1. Account management
2. Cash management
3. Small business loan applications, approvals, or advances
4. Commercial wire transfers
5. Business-to-business payments
Employee benefits/pension administration

3.1 Weblinking
A large number of financial institutions maintain sites on the World Wide Web. Some
websites are strictly informational, while others also offer customers the ability to
perform financial transactions, such as paying bills or transferring funds between
accounts.
Virtually every website contains weblinks. A weblink is a word, phrase, or image on a
webpage that contains coding that will transport the viewer to a different part of the
website or a completely different website by just clicking the mouse. While weblinks are
a convenient and accepted tool in website design, their use can present certain risks.
Generally, the primary risk posed by weblinking is that viewers can become confused
about whose website they are viewing and who is responsible for the information,
products, and services available through that website. There are a variety of risk
management techniques institutions should consider using to mitigate these risks. These
risk management techniques are for those institutions that develop and maintain their own
websites, as well as institutions that use third-party service providers for this function.
The agencies have issued guidance on weblinking that provides details on risks and risk
management techniques financial institutions should consider.

3.2 Account Aggregation

Account aggregation is a service that gathers information from many websites, presents
that information to the customer in a consolidated format, and, in some cases, may allow
the customer to initiate activity on the aggregated accounts. The information gathered or
aggregated can range from publicly available information to personal account
information (e.g., credit card, brokerage, and banking data). Aggregation services can
improve customer convenience by avoiding multiple log-ins and providing access to tools
Page 18 of 40

E-banking: concepts & risk management

NLDIMSR

that help customers analyze and manage their various account portfolios. Some
aggregators use the customer-provided user IDs and passwords to sign in as the customer.
Once the customers account is accessed, the aggregator copies the personal account
information from the website for representation on the aggregators site (i.e., screen
scraping). Other aggregators use direct data-feed arrangements with website operators or
other firms to obtain the customers information. Generally, direct data feeds are thought
to provide greater legal protection to the aggregator than does screen scraping.

3.3 Electronic Authentication

Reliable customer authentication is imperative for E-banking. Effective authentication
can help banks reduce fraud, reputation risk, disclosure of customer information, and
promote the legal enforceability of their electronic agreements verifying the identities of
customers and authorizing e-banking activities are integral parts of e-banking financial
services. Since traditional paper-based and in-person identity authentication methods
reduce the speed and efficiency of electronic transactions, financial institutions have
adopted alternative authentication methods, including:

Methods to authenticate customers:

Passwords & PINS
Digital certificates & PKI
Physical devices such as tokens
Biometric identifiers
The authentication methods listed above vary in the level of security and reliability they
provide in the cost and complexity of their underlying infrastructures. As such, the choice
of which technique(s) to use should be commensurate with the risks in the products and
services for which they control access. The Electronic Signatures in Global and National
Commerce (E-Sign) Act establishes some uniform federal rules concerning the legal
status of electronic signatures and records in commercial and consumer transactions so as
to provide more legal certainty and promote the growth of electronic commerce. The
development of secure digital signatures continues to evolve with some financial
institutions either acting as the certification authority for digital signatures or providing
repository services for digital certificates.

Page 19 of 40

E-banking: concepts & risk management

NLDIMSR

Figure 2: Snapshot showing login page of HDFC banks e-banking website

Page 20 of 40

E-banking: concepts & risk management

NLDIMSR

Figure 3: HDFC banks webpage showing account details

3.4 Website Hosting

Some financial institutions host websites for both themselves as well as for other
businesses. Financial institutions that host a business customers website usually store, or
arrange for the storage of, the electronic files that make up the website. These files are
stored on one or more servers that may be located on the hosting financial institutions
premises. Website hosting services require strong skills in networking, security, and
programming. The technology and software change rapidly. Institutions developing
websites should monitor the need to adopt new interoperability standards and protocols
such as Extensible Mark-Up Language (XML) to facilitate data exchange among the
diverse population of Internet users.

Page 21 of 40

E-banking: concepts & risk management

NLDIMSR

3.5 Payments for E-Commerce

Many businesses accept various forms of electronic payments for their products and
services. Financial institutions play an important role in electronic payment systems by
creating and distributing a variety of electronic payment instruments, accepting a similar
variety of instruments, processing those payments, and participating in clearing and
settlement systems. However, increasingly, financial institutions are competing with third
parties to provide support services for e-commerce payment systems. Among the
electronic payments mechanisms that financial institutions provide for e-commerce are
automated clearing house (ACH) debits and credits through the Internet, electronic bill
payment and presentment, electronic checks, e-mail money, and electronic credit card
payments.
Most financial institutions permit interbank stransfers between a customers accounts as
part of their basic transactional e-banking services. However, third-party transfers with
their heightened risk for fraud often require additional security safeguards in the form
of additional authentication and payment confirmation.
3.5.1 Bill Payment and Presentment
Bill payment services permit customers to electronically instruct their financial institution
to transfer funds to a businesss account at some future specified date. Customers can
make payments on a one-time or recurring basis, with fees typically assessed as a per
item or monthly charge. In response to the customers electronic payment instructions,
the financial institution (or its bill payment provider) generates an electronic transaction
usually an automated clearinghouse (ACH) credit or mails a paper check to the business
on the customers behalf. To allow for the possibility of a paper-based transfer, financial
institutions typically advise customers to make payments effective 37 days before the
bills due date.
Internet-based cash management is the commercial version of retail bill payment.
Business customers use the system to initiate third-party payments or to transfer money
between company accounts. Cash management services also include minimum balance
maintenance, recurring transfers between accounts and on-line account reconciliation.
Businesses typically require stronger controls, including the ability to administer security
and transaction controls among several users within the business.
The extent of front-end operating controls directly under the financial institutions control
varies with the system configuration. Some examples of typical configurations are listed
below in order of increasing complexity, along with potential control considerations.

Page 22 of 40

E-banking: concepts & risk management

NLDIMSR

1. Financial institutions that do not provide bill payment services, but may direct
customers to select from several unaffiliated bill payment providers.
-Caution customers regarding security and privacy issues through the use of on-line
disclosures or, more conservatively, e-banking agreements
2. Financial institutions that rely on a third-party bill payment provider including Internet
banking providers that subcontract to third parties.
-Set dollar and volume thresholds and review bill payment transactions for suspicious
activity
-Gain independent audit assurance over the bill payment providers processing controls.
-Restrict employees administrative access to ensure that the internal controls limiting
their capabilities to originate, modify, or delete bill payment transactions are at least as
strong as those applicable to the underlying retail payment system ultimately transmitting
the transaction.
-Restrict by vendor contract and identify the use of any subcontractors associated with
the bill payment application to ensure adequate oversight of underlying bill payment
system performance and availability.
-Evaluate the adequacy of authentication methods given the higher risk associated with
funds transfer capabilities rather than with basic account access
3. Financial institutions that use third-party software to host a bill payment application
internally.
-Determine the extent of any independent assessments or certification of the security of
application source code.
-Ensure software is adequately tested prior to installation on the live system
-Ensure vendor access for software maintenance is controlled and monitored.
4. Financial institutions that develop, maintain, and host their own bill payment system
Financial institutions can offer bill payment as a stand-alone service or in combination
with bill presentment. Bill presentment arrangements permit a business to submit a
customers bill in electronic form to the customers financial institution. Customers can
view their bills by clicking on links on their accounts e-banking screen or menu. After

Page 23 of 40

E-banking: concepts & risk management

NLDIMSR

viewing a bill, the customer can initiate bill payment instructions or elect to pay the bill
through a different payment channel.
In addition, some businesses have begun offering electronic bill presentment directly
from their own websites rather than through links on the e-banking screens of a financial
institution. Under such arrangements, customers can log on to the businesss website to
view their periodic bills. Then, if so desired, they can electronically authorize the
business to take the payment from their account. The payment then occurs as an ACH
debit originated by the businesss financial institution as compared to the ACH credit
originated by the customers financial institution in the bill payment scenario described
above. Institutions should ensure proper approval of businesses allowed to use ACH
payment technology to initiate payments from customer accounts.
Cash management applications would include the same control considerations described
above, but the institution should consider additional controls because of the higher risk
associated with commercial transactions. The adequacy of authentication methods
becomes a higher priority and requires greater assurance due to the larger average dollar
size of transactions. Institutions should also establish additional controls to ensure
binding agreements consistent with any existing ACH or wire transfer agreements
exist with commercial customers. Additionally, cash management systems should provide
adequate security administration capabilities to enable the business owners to restrict
access rights and dollar limits associated with multiple-user access to their accounts.
3.5.2 Person-to-Person Payments
Electronic person-to-person payments, also known as e-mail money, permit consumers to
send money to any person or business with an e-mail address. Under this scenario, a
consumer electronically instructs the person-to-person payment service to transfer funds
to another individual. The payment service then sends an e-mail notifying the individual
that the funds are available and informs him or her of the methods available to access the
funds including requesting a check, transferring the funds to an account at an insured
financial institution, or retransmitting the funds to someone else. Person-to-person
payments are typically funded by credit card charges or by an ACH transfer from the
consumers account at a financial institution. Since neither the payee nor the payer in the
transaction has to have an account with the payment service, such services may be
offered by an insured financial institution, but are frequently offered by other businesses
as well.

3.6 Wireless E-Banking

Page 24 of 40

E-banking: concepts & risk management

NLDIMSR

Wireless banking is a delivery channel that can extend the reach and enhance the
convenience of Internet banking products and services. Wireless banking occurs when
customers access a financial institution's network(s) using cellular phones, pagers, and
personal digital assistants (or similar devices) through telecommunication companies
wireless networks. Wireless banking services in the United States typically supplement a
financial institution's e-banking products and services.
Wireless devices have limitations that increase the security risks of wireless-based
transactions and that may adversely affect customer acceptance rates. Device limitations
include reduced processing speeds, limited battery life, smaller screen sizes, different
data entry formats, and limited capabilities to transfer stored records. These limitations
combine to make the most recognized Internet language, Hypertext Markup Language
(HTML), ineffective for delivering content to wireless devices. Wireless Markup
Language (WML) has emerged as one of a few common language standards for
developing wireless device content. Wireless Application Protocol (WAP) has emerged as
a data transmission standard to deliver WML content.

4. E-BANKING RISKS
4.1 TRANSACTION/OPERATIONS RISK
Transaction/Operations risk arises from fraud, processing errors, system disruptions, or
other unanticipated events resulting in the institutions inability to deliver products or
services. This risk exists in each product and service offered. The level of transaction risk
is affected by the structure of the institutions processing environment, including the
types of services offered and the complexity of the processes and supporting technology.
In most instances, e-banking activities will increase the complexity of the institutions
activities and the quantity of its transaction/operations risk, especially if the institution is
offering innovative services that have not been standardized. Since customers expect ebanking services to be available 24 hours a day, 7 days a week, financial institutions
should ensure their e-banking infrastructures contain sufficient capacity and redundancy
to ensure reliable service availability. Even institutions that do not consider e-banking a
critical financial service due to the availability of alternate processing channels, should
carefully consider customer expectations and the potential impact of service disruptions
on customer satisfaction and loyalty.
The key to controlling transaction risk lies in adapting effective polices, procedures, and
controls to meet the new risk exposures introduced by e-banking. Basic internal controls
including segregation of duties, dual controls, and reconcilements remain important.
Information security controls, in particular, become more significant requiring additional

Page 25 of 40

E-banking: concepts & risk management

NLDIMSR

processes, tools, expertise, and testing. Institutions should determine the appropriate level
of security controls based on their assessment of the sensitivity of the information to the
customer and to the institution and on the institutions established risk tolerance level.

4.2 CREDIT RISK

Generally, a financial institutions credit risk is not increased by the mere fact that a loan
is originated through an e-banking channel. However, management should consider
additional precautions when originating and approving loans electronically, including
assuring management information systems effectively track the performance of portfolios
originated through e-banking channels. The following aspects of on-line loan origination
and approval tend to make risk management of the lending process more challenging. If
not properly managed, these aspects can significantly increase credit risk.
Verifying the customers identity for on-line credit applications and executing an
(i) enforceable contract;
Monitoring and controlling the growth, pricing, underwriting standards, and ongoing
(ii) credit quality of loans originated through e-banking channels;
Monitoring and oversight of third-parties doing business as agents or on behalf of the
(iii) financial institution (for example, an Internet loan origination site or electronic
payments processor);
(iv)
(v)

Valuing collateral and perfecting liens over a potentially wider geographic area;
Collecting loans from individuals over a potentially wider geographic area; and

Monitoring any increased volume of, and possible concentration in, out-of-area
(vi) lending.

4.3 LIQUIDITY, INTEREST RATE, PRICE/MARKET RISKS

Funding and investment-related risks could increase with an institutions e-banking
initiatives depending on the volatility and pricing of the acquired deposits. The Internet
provides institutions with the ability to market their products and services globally.
Internet-based advertising programs can effectively match yield-focused investors with
potentially high-yielding deposits. But Internet-originated deposits have the potential to
attract customers who focus exclusively on rates and may provide a funding source with
risk characteristics similar to brokered deposits. An institution can control this potential
volatility and expanded geographic reach through its deposit contract and account
opening practices, which might involve face-to-face meetings or the exchange of paper

Page 26 of 40

E-banking: concepts & risk management

NLDIMSR

correspondence. The institution should modify its policies as necessary to address the
following e-banking funding issues:

(i) Potential increase in dependence on brokered funds or other highly rate-sensitive

deposits
(ii) Potential acquisition of funds from markets where the institution is not licensed to
engage in banking, particularly if the institution does not establish, disclose, and
enforce geographic restrictions;
(iii) Potential impact of loan or deposit growth from an expanded Internet market,
including the impact of such growth on capital ratios; and
(iv) Potential increase in volatility of funds should e-banking security problems
negatively impact customer confidence or the markets perception of the institution.

4.4 COMPLIANCE/LEGAL RISK

Compliance and legal issues arise out of the rapid growth in usage of e-banking and the
differences between electronic and paper-based processes. E-banking is a new delivery
channel where the laws and rules governing the electronic delivery of certain financial
institution products or services may be ambiguous or still evolving. Specific regulatory
and legal challenges include:

(i) Uncertainty over legal jurisdictions and which states or countrys laws govern a
specific e-banking transaction,
(ii) Delivery of credit and deposit-related disclosures/notices as required by law or
regulation,
(iii) Retention of required compliance documentation
applications, statements, disclosures and notices; and

for on-line advertising,

(iv) Establishment of legally binding electronic agreements.

Laws and regulations governing consumer transactions require specific types of
disclosures, notices, or record keeping requirements. These requirements also apply to ebanking, and federal banking agencies continue to update consumer laws and regulations
to reflect the impact of e-banking and on-line customer relationships. Some of the legal

Page 27 of 40

E-banking: concepts & risk management

NLDIMSR

requirements and regulatory guidance that frequently apply to e-banking products and
services include:

(i)

Solicitation, collection and reporting of government monitoring information on

applications and loans, as required by Equal Credit Opportunity Act (Regulation B)
and Home Mortgage Disclosure Act (Regulation C) regulations;

(ii)

Advertising requirements, customer disclosures, or notices required by the Real

Estate Settlement Procedures Act (RESPA), Truth in Lending (Regulation Z), and
Truth In Savings (Regulation DD) and Fair Housing regulations;

(iii) Proper and conspicuous display of FDIC or NCUA insurance notices;

(iv) Conspicuous webpage disclosures indicating that certain types of investment,
brokerage, and insurance products offered have certain associated risks, including
not being insured by federal deposit insurance (FDIC or NCUA);
(v)

Customer identification programs and procedures, as well as record retention and

customer notification requirements, required by the Bank Secrecy Act;

(vi) Customer identification processes to determine whether transactions are prohibited

by the Office of Foreign Asset Control (OFAC) and, when necessary, whether
customers appear on any list of known or suspected terrorists or terrorist
organization provided by any government agency;
(vii) Delivery of privacy and opt-out notices by hand, by mail, or with customer
acknowledgement of electronic receipt;
(viii) Verification of customer identification, reporting, and record keeping requirements
of the Bank Secrecy Act (BSA), including requirements for filing a suspicious
activity report (SAR); and
(ix) Record retention requirements of the Equal Credit Opportunity Act (Regulation B)
and Fair Credit Reporting Act regulations.
Institutions that offer e-banking services, both informational and transactional, assume a
higher level of compliance risk because of the changing nature of the technology, the
speed at which errors can be replicated, and the frequency of regulatory changes to
address e-banking issues. The potential for violations is further heightened by the need to
ensure consistency between paper and electronic advertisements, disclosures, and notices.

Page 28 of 40

E-banking: concepts & risk management

NLDIMSR

4.5 STRATEGIC RISK

A financial institutions board and management should understand the risks associated
with e-banking services and evaluate the resulting risk management costs against the
potential return on investment prior to offering e-banking services. Poor e-banking
planning and investment decisions can increase a financial institutions strategic risk.
Early adopters of new e-banking services can establish themselves as innovators who
anticipate the needs of their customers, but may do so by incurring higher costs and
increased complexity in their operations. Conversely, late adopters may be able to avoid
the higher expense and added complexity, but do so at the risk of not meeting customer
demand for additional products and services. In managing the strategic risk associated
with e-banking services, financial institutions should develop clearly defined e-banking
objectives by which the institution can evaluate the success of its e-banking strategy. In
particular, financial institutions should pay attention to the following:

(i)

Adequacy of management information systems (MIS) to track e-banking usage and

profitability;

(ii) Costs involved in monitoring e-banking activities or costs involved in overseeing ebanking vendors and technology service providers;
(iii) Design, delivery, and pricing of services adequate to generate sufficient customer
demand;
(iv) Retention of electronic loan agreements and other electronic contracts in a format
that will be admissible and enforceable in litigation;
(v) Costs and availability of staff to provide technical support for interchanges involving
multiple operating systems, web browsers, and communication devices;
(vi) Competition from other e-banking providers; and
(vii) Adequacy of technical, operational, compliance, or marketing support for e-banking
products and services.

4.6 REPUTATION RISK

Page 29 of 40

E-banking: concepts & risk management

NLDIMSR

An institutions decision to offer e-banking services, especially the more complex

transactional services, significantly increases its level of reputation risk. Some of the
ways in which e-banking can influence an institutions reputation include:

(i) Loss of trust due to unauthorized activity on customer accounts

(ii) Disclosure or theft of confidential customer information to unauthorized parties (e.g.,
hackers)
(iii) Failure to deliver on marketing claims
(iv) Failure to provide reliable service due to the frequency or duration of service
disruptions
(v) Customer complaints about the difficulty in using e-banking services and the
inability of the institutions help desk to resolve problems
(vi) Confusion between services provided by the financial institution and services
provided by other businesses linked from the website.

5. RISK MANAGEMENT
The Basel Committee on Banking Supervision expects such risks to be recognized,
addressed and managed by banking institutions in a prudent manner according to the
fundamental characteristics and challenges of e-banking services. These characteristics
include the unprecedented speed of change related to technological and customer service
innovation, the ubiquitous and global nature of open electronic networks, the integration
of e-banking applications with legacy computer systems and the increasing dependence
of banks on third parties that provide the necessary information technology. While not
creating inherently new risks, the Committee noted that these characteristics increased
and modified some of the traditional risks associated with banking activities, in particular
strategic, operational, and legal and reputation risks, thereby influencing the overall risk
profile of banking.
Based on these conclusions, the Committee considers that while existing risk
management principles remain applicable to e-banking activities, such principles must be
tailored, adapted and, in some cases, expanded to address the specific risk management
challenges created by the characteristics of e-banking activities. Setting detailed risk

Page 30 of 40

E-banking: concepts & risk management

NLDIMSR

management requirements in the area of e-banking might be counter-productive, if only

because these would be likely to become rapidly outdated because of the speed of change
related to technological and customer service innovation. The Committee has therefore
preferred to express supervisory expectations and guidance in the form of Risk
Management Principles in order to promote safety and soundness for ebanking activities,
while preserving the necessary flexibility in implementation that derives in part from the
speed of change in this area.
The Risk Management Principles fall into three broad, and often overlapping, categories
of issues that are grouped to provide clarity: Board and Management Oversight; Security
Controls; and Legal and Reputation Risk Management
5.1Board and Management Oversight:
Principles:
1. Effective management oversight of e-banking activities: The Board of Directors and
senior management should establish effective management oversight over the risks
associated with e-banking activities, including the establishment of specific
accountability, policies and controls to manage these risks.
2. Establishment of a comprehensive security control process: The Board of Directors and
senior management should review and approve the key aspects of the bank's security
control process.
3. Comprehensive due diligence and management oversight process for outsourcing
relationships and other third-party dependencies: The Board of Directors and senior
management should establish a comprehensive and ongoing due diligence and oversight
process for managing the bank's outsourcing relationships and other third-party
dependencies supporting ebanking.
Because the Board of Directors and senior management are responsible for developing
the institutions business strategy and establishing an effective management oversight
over risks, they are expected to take an explicit, informed and documented strategic
decision as to whether and how the bank is to provide ebanking services. The initial
decision should include the specific accountabilities, policies and controls to address
risks, including those arising in a cross-border context. Effective management oversight
is expected to encompass the review and approval of the key aspects of the banks
security control process, such as the development and maintenance of a security control
infrastructure that properly safeguards e-banking systems and data from both internal and
external threats. It also should include a comprehensive process for managing risks
associated with increased complexity of and increasing reliance on outsourcing
relationships and third-party dependencies to perform critical e-banking functions

Page 31 of 40

E-banking: concepts & risk management

NLDIMSR

5.2SECURITY
Key Elements of Security Program
Reviewing physical and logical security:
a. Review intrusion detection and response capabilities to ensure that
intrusions will be detected and controlled
b. Seek necessary expertise and training, as needed, to protect physical
locations and networks from unauthorized access
c. Maintain knowledge of current threats facing the bank and the
vulnerabilities to systems
d. Assess firewalls and intrusion detection programs at both primary and
back-up sites to make sure they are maintained at current industry best
practice levels.
e. Verify the identity of new employees, contractors, or third parties
accessing your systems or facilities. If warranted, perform background
checks. Review succession plans for key employees and delegations of
authority in the event of a crisis.
f. Evaluate whether physical access to all facilities is adequate.
g. Work with service provider(s) and other relevant customers to ensure
effective logical and physical security controls.

Security Issues in E-Banking

Page 32 of 40

E-banking: concepts & risk management

NLDIMSR

Firewall protection

Internet banking and payment systems may allow for new ways to conduct illegal and
fraudulent activities According to 2001 FBI/CSI survey, 70% reported that the Internet is
the point of cyber attacks. Banks are required to establish administrative, technical &
physical safeguards to protect the privacy of customers nonpublic customer records and
information
The security of an Internet banking model must be addressed at three levels. The first
concern is the security of customer Information as it is sent from the customer's PC to the
Web server. The second area concerns the security of the environment in which the
Internet banking server and customer information database reside. Finally, security
measures must be in place to prevent unauthorized users from attempting to log into the
online banking section of the Web site.
Law cannot possibly be expected to keep pace with changes in technology. The recent
debacle of virtual voyeurism has brought out, amongst other things, the inadequacy and
vulnerability of the laws governing use of internet. Fixing liability, recording and
reproducing evidence, ascertaining jurisdiction are problems which show little sign of
easing. Concerns over security and misuse pertaining to e-banking activity have been
mounting as more banks in India foray into electronic banking. E-banking activities
involve not just banks and their customer, but numerous third parties too. Information
held by banks about their customers, their transactions etc changes hands several times.
It is impossible for banks to retaining information solely within their own computer
networks, let alone a single jurisdiction is impossible. Risks pertaining leakage,

Page 33 of 40

E-banking: concepts & risk management

NLDIMSR

tampering or blocking of data are sufficiently high to warrant adequate legal and
technical protection. India has no law on data protection leave alone a law governing an
area as specific as protection of data in electronic banking. Information security in ebanking presents two main areas of risk: preventing unauthorized transactions and
maintaining integrity of customers transactions. Data protection falls in the latter
category.

5.3 REGULATORY AND LEGAL FRAMEWORK:

While E-banking has improved efficiency and convenience, it has also posed several
challenges to the regulators and supervisors. Several initiatives taken by the government
of India, as well as the Reserve Bank of India (RBI), have facilitated the development of
E-banking in India. The government of India enacted the IT Act, 2000, which provides
legal recognition to electronic transactions and other means of electronic commerce. The
RBI has been preparing to upgrade itself as a regulator and supervisor of the
technologically dominated financial system. It issued guidelines on risks and control in
computer and telecommunication system to all banks, advising them to evaluate the risks
inherent in the systems and put in place adequate control mechanisms to address these
risks. The existing regulatory framework over banks has also been extended to Ebanking. It covers various issues that fall within the framework of technology, security
standards, and legal and regulatory issues.
Data protection laws primarily aim to safeguard the interest of the individual whose data
is handled and processed by others. Interests are usually expressed in terms of privacy,
autonomy and/or integrity. Data protection laws are framework laws providing rather
diffused general rules for such processing and making allowances for developing detailed
norms as and when the need arises. Such legislation typically regulates all or most stages
of the data protection cycle including registration, storage, retrieval, and dissemination of
personal data.
The Indian Information Technology Act, 2000, basically a framework law, makes
hacking a punishable offence under Section 66. Breach of information security is
implicitly recognized as a penal offence in the form hacking. The appropriate
government (central/state) is empowered to declare any computer, computer system
or computer network as a protected system. A ten year prison term and a hefty fine
await any person who secures access to the secured computer system in contravention
of the provisions of the law.

8. ADVANTAGE OF E-BANKING

Page 34 of 40

E-banking: concepts & risk management

NLDIMSR

1. It removes the traditional geographical barriers as it could reach out to customers of

different countries / legal jurisdiction. This has raised the question of jurisdiction of law /
supervisory system to which such transactions should be subjected, It gives worldwide
connectivity.
2. It has added a new dimension to different kinds of risks traditionally associated with
banking, heightening some of them and throwing new risk control challenges,
3. Lower operating costs
4. A new form of competition has emerged both from the existing players and new
players of the market who are not strictly banks so there is Improved or sustained
competitive position.
5. Increased customer demand for services
6. New revenue opportunities
7. Availability of inquiry and transaction services around the clock;
8. Easy access to transaction data, both recent and historical; and Direct customer control
of international movement of funds without intermediation of financial institutions in
customers jurisdiction.

9. CHALLENGES AND ROAD AHEAD

Challenges:
Information technology analyst firm, the Meta Group, recently reported that "financial
institutions who don't offer home banking by the year 2000 will become marginalized."
By the year of 2002, a large sophisticated and highly competitive Internet Banking
Market will develop which will be driven by
Demand side pressure due to increasing access to low cost electronic
services.
Emergence of open standards for banking
Growing customer awareness and need of transparency.

functionality.

Page 35 of 40

E-banking: concepts & risk management

NLDIMSR

Global players in the fray

Close integration of bank services with web based E-commerce or even

disintermediation of services through direct electronic payments (E- Cash).

More convenient international transactions due to the fact that the Internet
along with general deregulation trends eliminates geographic boundaries.

Move from one stop shopping to 'Banking Portfolio' i.e. unbundled

product purchases.
Certainly some existing brick and mortar banks will go out of business. But that's because
they fail to respond to the challenge of the Internet. The Internet and it's underlying
technologies will change and transform not just banking, but all aspects of finance and
commerce. It represents much more than a new distribution opportunity. It will enable
nimble players to leverage their brick and mortar presence to improve customer
satisfaction and gain share. It will force lethargic players who are struck with legacy cost
basis, out of business-since they are unable to bring to play in the new context.

MAIN CONCERNS IN INTERNET BANKING

In a survey conducted by the Online Banking Association, member institutions rated
security as the most important issue of online banking. There is a dual requirement to
protect customers' privacy and protect against fraud. Online Banking via the World Wide
Web provides an overview of Internet commerce and how one company handles secure
banking for its financial institution clients and their customers. Some basic information
on the transmission of confidential data is presented in Security and Encryption on the
Web. PC Magazine Online also offers a primer: How Encryption Works. A multi-layered
security architecture comprising firewalls, filtering routers, encryption and digital
certification ensures that your account information is protected from unauthorized access:
Firewalls and filtering routers ensure that only the legitimate Internet users are allowed
to access the system.

Page 36 of 40

E-banking: concepts & risk management

NLDIMSR

Encryption techniques used by the bank (including the sophisticated public key
encryption) would ensure that privacy of data flowing between the browser and the
Infinity system is protected.

Digital certification procedures provide the assurance that the data you receive is from
the Infinity system.
The main disadvantage of e-banking is the security problems that surround it. It's a fact
that making transactions online poses a much bigger risk compared to making
transactions in a physical branch. This is due to the hacking problems and identity theft.
Addition to these risks, technical difficulties could also arise. Sometimes the bank's
website goes down, and if this happens it will be a hassle for the customer because he/she
has to go to a branch or make phone calls- which is usually busy due to other customers
also making a call. Another case that has happened was an unpredicted rise in customer
that the servers of the bank were not able to cope with. A customer may also run into a
bad service. Sometimes you might wait a while for your checks to clear and you certainly
can't do anything about it if it is online.
Surprisingly, technical issues do not appear to be the major constraint in the successful
adoption of electronic banking initiatives. Developing and promoting a value proposition
to the customer that is high enough to match the flexibility and accessibility of cash. It
becomes vital to design products that offer a balance between competitive pricing,
functionality and sufficient access points for basic transactions like deposits and
withdrawals of cash.
10. CONCLUSION AND RECOMMENDATIONS
Web based banking service or E-Banking, the latest generation of electronic
banking transactions, has opened up new window of opportunity to the existing
banks and financial institutions.. Since its evolution in 90 th decade, it is having
unprecedented growth. The E-Banking sector is highly prohibitive for the new
entrants although the inception cost is lower with high growth rate. The brand
preference of the customer, existing network, physical existence, security and
safety, supplier bargaining power, substitute product of non-banking sectors have
made the way thorny. However, new comer with innovative idea and strategy
definitely can make position in this sector. The analysis of the evolution and
present status of E-Banking make us some room to make commandments for the
government, new entrants and existing e-banks for effective utilization of the
opportunity to accelerate the economic growth.

Page 37 of 40

E-banking: concepts & risk management

NLDIMSR

Internet penetration is a major factor for the growth of E-Banking. There is a

strong positive correlation between Internet usage and E-Banking usage.
However, Internet penetration alone does not guarantee online banking
penetration. In this situation, companies can give incentives, subsidizing the
surfing cost, free training, multiple access facility (web, telephone, ATM etc.),
motivation programs to the user and the population as a whole.

Standard or Common and Mature technology is always a problem in this Hi-Tech

age. Setting up electronic banking requires substantial investments and it is very
complicated to move from old technologies to new ones. Thus banks can
cooperate closely in the field of developing standards to offer services to third
parties.

E-Banks must take aggressive marketing effort. It has been seen that the
marketing efforts made to promote Estonian Internet banking have been
continuous and aggressive in different media channels and in bank branches.
Innovative products, which have been promoted extensively, have a higher chance
of success in the market than similar products without the communications
support.

All of the efforts to establish an internet only model E-Banking of business has
not been succeed yet. Thus there must be a physical existence of the bank and EBanking could be an extent to that operation. It will give the customers an
impression of security and safety. Besides analysis showed that the senior citizens
all over the world like to account with brick and mortar banks. Avoiding them, the
e-banks would loose a large portion of their customers.

E-Banks must try to expand their network as soon as possible. As more and more
third party will involve in the network, they could attack more customers.

Page 38 of 40

E-banking: concepts & risk management

NLDIMSR

Governments main role is enhancing the enabling environment, as it is known

that the direct intervention into financial markets may have poor results. In
general, a laissez faire approach to the regulation and supervision of the economic
policy will foster positive attitudes nationwide.

The e-banks must try to achieve critical mass. Achieving critical mass is key
success factor in electronic banking development. This can be achieved when
there is substantial Internet penetration and banks are able to provide services,
which have very broad demand. In this case, the satisfied users will serve as
endorsers and marketers of the service. The power of person-to-person
communication and word of mouth can never be underestimated.

References:
1. Risk Management in Electronic Banking: Concepts and Best Practices by Jayaram
Kondabagil
2.http://www.ffiec.gov/ffiecinfobase/booklets/e_banking/ebanking_00_intro_def.ht

ml
3.http://www.fdic.gov

4.http://www.banknetindia.com/banking/ibkgintro.htm
5.www.ncua.gov

Page 39 of 40

E-banking: concepts & risk management

NLDIMSR

6. A Survey of Electronic Cash, Electronic Banking and Internet Gaming report

By FINCEN (http://www.bankersonline.com/technology/gurus_tech081803d.html )
7. Consumer protection in electronic banking (e-banking), e-commerce.

Retrieved March 10,2009 from http://jlplaw.com/blog/consumer-protectioninelectronice-banking-commerce/

8. E-Banking - Impact, Risks, Security. Retrieved March 10,2009 from
http://steconomice.uoradea.ro/anale/volume/2008/v4-managementmarketing/280.pdf

Page 40 of 40