e Banking
March 30, 2017 | Author: Swati Mann | Category: N/A
Short Description
Download e Banking...
Description
EXECUTIVE SUMMARY E-banking usage has seen an explosive growth in most of the Asian economies like India, China and Korea. In fact Korea boasts about a 70% e-banking penetration rate and with its tech-savvy populace has seen one of the most aggressive rollouts of e-banking services. Still, the main reason that E-banking scores over Internet Banking is that it enables ‘Anywhere Banking'. Customers now don't need access to a computer terminal to access their banks, they can now do so on the go – when they are waiting for their bus to work, when they are traveling or when they are waiting for their orders to come through in a restaurant. The scale at which E-banking has the potential to grow can be gauged by looking at the pace users are getting e-banking in these big Asian economies. According to the Cellular Operators' Association of India (COAI) the e-banking subscriber base in India hit 40.6 million in the August 2004. In September 2004 it added about 1.85 million more. The explosion as most analysts say, is yet to come as India has about one of the biggest untapped markets. China, which already witnessed the e-banking boom, is expected to have about 300 million e-banking users by the end of 2004. South Korea is targeted to reach about 42 million e-banking users by the end of 2005. All three of these countries have seen gradual roll-out of e-banking services, the most
2
aggressive being Korea which is now witnessing the roll-out of some of the most advanced services like using e-banking to pay bills in shops and restaurants. E-banking nowadays is the common trend here in our country. No more falling in line in banks, no more waiting tons of hours in the bank, no more days and weeks of waiting. All can be done with one card, one gadget. It’s easy, it works, and most importantly, people like it. But still, some people are having a hard time using this kind of technology mostly people who are used to do things the old traditional way. With the use of advertising, people are now motivated to use Ebanking because again, it eliminates the hassle encountered when using the old process of banking. In this paper, the group will cover security issues and different impacts regarding the traditional banking method. The group is concerned about the issues presented because the group thinks that these issues are very important and relevant today, a lot of people save money and really trust banks with their money. In addition, the group wants this research paper to be read by many students who are in no knowledge about certain issues about banking. Lastly, the group will provide and recommend different solutions about the issues regarding E-Banking. In order for customers to use their banks online services they need to have a personal computer and Internet connection. Their
3
personal computer becomes their virtual banker who will assist them in their banking errands. Attaining information about accounts and loans, Conducting transfers amongst different accounts, even between external banks, Paying bills, Buying and selling stocks and bonds by depot, Buying and selling fund shares39 These services that are offered by e-banking are changing and being improved because of the intense competition between the banks online. Banking industry must adapt to the electronics age, which in its turn is changing all the time. EFT transactions require authorization and a method to authenticate the card and the card holder. Whereas a merchant may manually verify the card holder's signature, EFT transactions require the card holder's PIN to be sent online in an encrypted form for validation by the card issuer. Other information may be included in the transaction, some of which is not visible to the card holder for instance magnetic stripe data and some of which may be requested from the card holder for instance the card holder's address or the CVV2 security value printed on the card. EFT transactions are activated during e-banking procedures. Various methods of e-banking include: Telephone banking Online banking Short Message Service SMS banking Mobile banking Interactive-TV banking. Independent of location or time, you can execute your payments and stock market orders and you get detailed information on your accounts and custody accounts.
4
INTRODUCTION The last time that technology had a major impact in helping banks service their customers was with the introduction of the Internet banking. Internet Banking helped give the customer's anytime access to their banks. Customer's could check out their account details, get their bank statements, perform transactions like transferring money to other accounts and pay their bills sitting in the comfort of their homes and offices. However the biggest limitation of Internet banking is the requirement of a PC with an Internet connection, not a big obstacle if we look at the US and the European countries, but definitely a big barrier if we consider most of the developing countries of Asia like China and India. E-banking addresses this fundamental limitation of Internet Banking, as it reduces the customer requirement to just a ebanking phone. E-banking usage has seen an explosive growth in most of the Asian economies like India, China and Korea. In fact Korea boasts about a 70% e-banking penetration rate and with its tech-savvy populace has seen one of the most aggressive rollouts of e-banking services.
5
Still, the main reason that E-banking scores over Internet Banking is that it enables ‘Anywhere Banking'. Customers now don't need access to a computer terminal to access their banks, they can now do so on the go – when they are waiting for their bus to work, when they are traveling or when they are waiting for their orders to come through in a restaurant. The scale at which E-banking has the potential to grow can be gauged by looking at the pace users are getting e-banking in these big Asian economies. According to the Cellular Operators' Association of India (COAI) the e-banking subscriber base in India hit 40.6 million in the August 2004. In September 2004 it added about 1.85 million more. The explosion as most analysts say, is yet to come as India has about one of the biggest untapped markets. China, which already witnessed the e-banking boom, is expected to have about 300 million e-banking users by the end of 2004. South Korea is targeted to reach about 42 million e-banking users by the end of 2005. All three of these countries have seen gradual roll-out of e-banking services, the most aggressive being Korea which is now witnessing the roll-out of some of the most advanced services like using e-banking to pay bills in shops and restaurants. E-banking nowadays is the common trend here in our country. No more falling in line in banks, no more waiting tons of hours in the bank, no more days and weeks of waiting. All can be done with one card, one gadget. It’s easy, it works, and most importantly, people like it. But still, some people are having a hard time using this kind of
6
technology mostly people who are used to do things the old traditional way. With the use of advertising, people are now motivated to use Ebanking because again, it eliminates the hassle encountered when using the old process of banking. In this paper, the group will cover security issues and different impacts regarding the traditional banking method. The group is concerned about the issues presented because the group thinks that these issues are very important and relevant today, a lot of people save money and really trust banks with their money. In addition, the group wants this research paper to be read by many students who are in no knowledge about certain issues about banking. Lastly, the group will provide and recommend different solutions about the issues regarding E-Banking. In order for customers to use their banks online services they need to have a personal computer and Internet connection. Their personal computer becomes their virtual banker who will assist them in their banking errands. Attaining information about accounts and loans, Conducting transfers amongst different accounts, even between external banks, Paying bills, Buying and selling stocks and bonds by depot, Buying and selling fund shares39 These services that are offered by e-banking are changing and being improved because of the intense competition between the banks online. Banking industry must adapt to the electronics age, which in its turn is changing all the time. EFT
7
transactions require authorization and a method to authenticate the card and the card holder. Whereas a merchant may manually verify the card holder's signature, EFT transactions require the card holder's PIN to be sent online in an encrypted form for validation by the card issuer. Other information may be included in the transaction, some of which is not visible to the card holder for instance magnetic stripe data and some of which may be requested from the card holder for instance the card holder's address or the CVV2 security value printed on the card. EFT transactions are activated during e-banking procedures. Various methods of e-banking include: Telephone banking Online banking Short Message Service SMS banking Mobile banking Interactive-TV banking. Independent of location or time, you can execute your payments and stock market orders and you get detailed information on your accounts and custody accounts. Financial Regulators are generally viewed as the professional party poopers at any upbeat conference like this, warning of dire consequences ahead for any who stray from the virtuous path of prudence and regulatory compliance. I will do my best to meet your possibly reasonable but miserable expectations later on. But before I do please allow me to dwell briefly on what we in the FSA consider being the potentially very positive aspects of E Commerce for firms, consumers – and even for regulators! A few examples: For Firms E Commerce brings: different and arguably lower barriers to entry;
8
opportunities for significant cost reduction; the capacity to rapidly re-engineer business processes; greater opportunities to sell cross border. Each and all of these potential benefits provides for increased competition and the ability to wrest market leadership from established players. For consumers the potential benefits are: more choice; greater competition and better value for money; more information; better tools to manage and compare information; faster service. And there are potential benefits even for regulators: better, more flexible, user friendly information for consumers and others on our own web-site; better, almost indestructible audit trails; potential to monitor advertising and advice activity more easily; more cost effective and efficient use of regulatory tools (for example the use of our extra net over the Y2K period). But of course there are also risks. The risks to firms – specifically banks I will cover later. For consumers the biggest risks are probably information overload and not understanding whom they
9
are dealing with and on what terms. This can range from dealing with a perfectly respectable company from another jurisdiction, but not understanding
for
example
the
different
legal
environment,
compensation schemes and ombudsman arrangements, through to being vulnerable to scams and frauds. For regulators one key danger is a failure to understand changing risk profiles and vulnerabilities of individual firms and also changes to market structures and interactions. Another very important risk is that our own regulatory framework could somehow inhibit desirable innovations by not adapting quickly enough. We are very conscious of this in the FSA and are trying very hard to be E-neutral (a recent example of this is the proposed Conduct of Business Sourcebook). We have also selected E-commerce as one of our regulatory themes for this year and are very active in international fore – but more of that later. India is marching towards m-commerce - a world where you can make all payments by keying in instructions on your e-banking. In India, however, there is a limitation on the availability of functions that can be deployed by banking customers. Most e-banking transactions today are ‘information-based’ -customers engage in m-banking services like balance enquiry, last three transactions, "alerts" for strange activities in bank accounts etc. Some banks like IDBI Bank are also offering bill-payment services to customers through m-banking.
10
However, actual cash transactions like fund-transfer, payment of bills at a restaurant among others have not yet been introduced in India. There are many reasons for this. Firstly, as m-banking is currently SMS-based, the transaction delivery time is not guaranteed since it is dependent on factors like SMSC (short message service centre) congestion and network strength in the area where the customer is located. Secondly, there is an issue of repudiation as till date there are no clear guidelines on wireless payments. In the very near future, one can see m-banking leaping into a new phase. With the advent of Java-enabled e-bankingdevices, the shape of m-banking services is in for a change. One would also be ensured the same amount of security and comfort as one would be when using internet banking.
DEFINITIONS Definition of E-banking
(I)
"E-banking" is a banking service for customer to make enquiry, transfer, remittance, donation, and spending and bill payment according to the customer's short message instructions sent through mobile. Result will be sent back to customer by short message.
11
(II)
"Registered Customer" refers to customers who have registered E-banking Service through www.icbc.com.cn or at ICBC business offices.
(III)
"Non-registered Customer" refers to customers who have not registered E-banking service.
(IV)
"Registered E-banking Number" is the e-banking number given and confirmed by customer when registering Ebanking Service.
(V)
"Default Payment Card" is a registered card designated by customer when registering E-banking Service. Customers do not need to input card number when making enquiry or transfer of this default payment card.
(VI)
"Payment Password" is the password set up and confirmed by customer when registering E-banking Service. Customer must enter this payment password when making enquiry, remittance, bill payment, consumption and cancellation.
E-banking Services applied through registering e-banking number or through registering e-banking number and payment password are all considered as customers' actions. Customers held responsible for the banking transactions through the above-mentioned number and password. For security purpose, customers should safely keep the ebanking and payment password. Timely stop the e-banking or cancel
12
E-banking Service once the e-banking is lost. Customers should delete the payment password from the e-banking after making transactions through E-banking. It is recommended that payment password should be different from the payment password of Internet Banking.
13
HISTORY OF E-BANKING In countries like Korea, two SIM Card is used in e-banking. One for the telephonic purpose and the other for banking. Bank account data is encrypted on a smart-card chip. About 3.3 million transactions were reported by Bank of Korea in 2004. In a move that will take the frontiers of banking transactions beyond the ATM and internet, fullfledged banking transactions through e-banking have been introduced by ICICI Bank. The bank has now kicked off a e-banking service, where a customer can replicate all transactions through e-banking similar to an internet banking transaction. Till now, customers were only able to get all information like balance in the account and ebanking alerts through e-banking. The past few years have seen customers migrating from branch banking to a host of non-branch channels like ATMs, call centre and internet banking. In case of ICICI Bank, around 55% of the transactions now happen through ATMs, 22% through the internet, 12% through call centre and the remaining through branches. Incidentally, around five years ago, transactions through internet banking was a minuscule 2%. Through the new platform Mobile, all internet banking transactions can now be done on e-banking. Customers can now transfer funds to ICICI Bank and non-ICICI Bank accounts, pay their utility bills and insurance premium and do a host of other operations. The application covers savings accounts, demat, credit card and loan accounts.
14
According to ICICI Bank ED V Vaidyanathan said, the new service will help to give more power to the customer. They can now transact from practically anywhere. He expects the new service to see transactions of over 40% over a period of time. Both GPRS and non-GPRS customers would be able to use the service. Customers will be required to enter four-digit PIN to enter the e-banking application, which will prevent unauthorized use of the service. Currently, ICICI Bank has 13 million customers, Of which, there are 2.5-million active customers. It also has 7-million registered customers for SMS alerts. The bank currently sends around 20 million alerts a month. Citi and HSBC have this service in other parts of the world. Some of these banks are now looking at launching these services here. Until now, e-banking services, which were provided by banks, have been SMS-enabled. Moreover, these were push-services like SMS alerts and balance enquiries. There have also been security concerns plaguing the introduction of such services since the SMS route, through which the information travels, is totally unsecured. Aditya Menon, Chief IT officer of Obopay India — a ebankingpayments solutions company — said many banks have been working on a mobile-payment solution. Obopay is working with six other banks to provide a service that will enable bank customers to transfer funds to anyone who has a e-bankingphone and a bank account. In fact, banks like Corporation Bank and Union Bank of India also have similar products in the pipeline.
15
The first e-banking and payment initiative was announced during 1999. The first major deployment was made by a company called Pay box (largely supported financially by Deutsche Bank). The company was founded by two young German's (Mathias Entemann and Eckart Ortwein) and successfully deployed the solution in Germany, Austria, Sweden, Spain and the UK. At about 2003 more than a million people were registered on Pay box and the company was rated by Gartner as the leader in the field. Unfortunately Deutsche Bank withdraws their financial support and the company had to reorganize quickly. All but the operations in Austria closed down. Another early starter and also identified as a leader in the field was a Spanish initiative (backed by BBVA and Telephonica), called Mobi Pago. The name was later changed to Mobi Pay and all banks and e-banking operators in Spain were invited to join. The product was launched in 2003 and many retailers were acquired to accept the special USSD payment confirmation. Because of the complex shareholding and the constant political challenges of the different owners, the product never fulfilled the promise that it had. With no marketing support and no compelling reason for adoption, this initiative is floundering at the moment. Many other large players announced initiatives and ran pilots with big fanfare, but never showed traction and all initiatives were ultimately discontinued. Some of the early examples are the famous vending machines at the Helsinki airport supported by a system from
16
Nokia. Siemens made announcements in conjunction with listed and high-flying German e-commerce company, Brocket. Brocket also won the lucrative Vodafone contract in 2002, but crashed soon afterwards when it runs out of funds. Israel (as can be expected) produced a large number of e-banking payment start-ups. Of the many, only one survived - Trivet. Others like Advantech and Patty disappeared after a number of pilots but without any successful production deployments. Initiatives in Norway, Sweden and France never got traction. France Telecom launched an ambitious product based on a special ebanking with an integrated card reader. The solution worked well, but never became popular because of the unattractive, special phone that participants needed in order to perform these payments. Since 2004, e-banking and payment industry has come of age. Successful deployments with positive business cases and big strategic impact have been seen recently.
17
ADVANTAGES AND DISADVANTAGES Advantages The biggest advantage that e-banking offers to banks is that it
significantly cuts down the costs of providing service to the customers. For example: An average teller or phone transaction costs about
$2.36 each, whereas an electronic transaction costs only about $0.10 each. Additionally, this new channel gives the bank ability to cross-sell up-sell their other complex banking products and services such as vehicle loans, credit cards etc. For service providers, E-banking offers the next surest way to
achieve growth. Countries like Korea where e-banking penetration is nearing
saturation, e-banking is helping service providers increase revenues from the now static subscriber base. Also service providers are increasingly using the complexity of their supported e-banking services to attract new customers and retain old ones.
18
Disadvantages Back in days when Internet was introduced, it was a boon to the financial industry as it reduced all volumes by opening another self service channel for servicing customers. With e-banking
that advantage is not there as already
investments are made to reduce call volumes using Internet and Internet is one of the technologies that is ever spreading in customer community. Almost 80% of the people in US already have internet connection. E-banking would be another value added service that can be provided by financial institutions, it may only bring good will. Depending on the technological direction for enabling E-
banking companies either has to spend enormous amount of money in matching customers' expectation or maintaining another stream of technology applications. Technology still has security issues and software distribution issues. The Federal Trade Commission received 301,835 fraud complaints and 214,905 identity theft complaints in 2003. Bank fraud accounted for 17 percent — more than 36,000 — of the identity theft complaints. That represents just the victims who actually filed a complaint with
19
the agency. The FTC estimate there was 10 million identity theft victims that year. Already lot of banks are either providing e-banking services or getting ready to provide e-banking services. Second we would like to evaluate what are the real potential opportunities for the bank, in spite of the negativity around the technology and business value, For sure US is yet to catch up with the number of users using e-banking. Data at customers fingertips is still a potential opportunity, not even most of the Internet banking sites are able to provide one customer view Intelligent applications that enable customers to bank, trade, make intelligent credit/investment decisions is still a sector unexplored. More than Customers bank workforce itself can benefit a lot from developing productivity applications.
20
DEVELOPMENT OF E-BANKING So, these are some of the particular risks arising in E-banking that we have hitherto identified in the UK domestic environment – though I suspect that many of my regulator colleagues outside the UK would share many of these views. I would like to move on to the international side. Supervision in today’s global environment can only ever be effective if it has an international dimension. This is especially the case with e-banking because of its non-territorial nature, the ease with which customers outside the home country can access the site and the opportunity to buy several types of product. Of course, regulators have long had to deal with the regulatory problems of international banking. They had set up mechanisms for cross-border supervision; agreements over home/host responsibilities (especially within the Community), bilateral agreement for information sharing and general standards by which they expect all banks, including those offshore territories, to abide. In principle, the expectation is that this general mechanism for international supervision will be robust enough to work just as well in the e-banking as the physical environment. Nevertheless, it will not be quite as easy as that! Inevitably the nature of e-banking raises particular issues in the application of the general approach outlined here. E-banking makes it even more necessary to develop a cohesive international approach to regulation – not only in the field of prudential regulation where Basel has made
21
much progress, but also in the areas of conduct of business for consumer protection. The Basel Committee E-Banking Group believes that Basel "should provide the international supervisory community with a broad set of advisory guidance with respect to electronic banking," thereby providing a basis for domestic regulation and supporting consumer and industry education. Globally, such guidance would assist international co-operation and act as a foundation for a coherent approach to supervising e-banking. It could facilitate international e-banking by creating consumer confidence in sound banks based in different, possibly less satisfactory, regimes and might dissuade host supervisors from imposing additional, potentially draconian, regulation on such banks. The Group identified:
Authorization,
prudential standards,
transparency,
privacy,
money laundering, and
cross border supervision
as issues on which they felt that there is need for further work, both at the analytical and policy level before any such guidance could be developed. The FSA is involved in the Basel Group and will be contributing to the work, participating in the drafting of papers and hosting both the group’s next meeting and a roundtable for its members and a number of European banks and service providers. We
22
welcome any contributions from the industry to this debate; and have indeed been actively soliciting them.
Cross-border issues There are also significant cross-border issues. We foresee difficulties for depositors identifying the jurisdiction within which e-banks offering services in the UK are based, given the potential absence of physical presence and the ability for e-banks to move to a new jurisdiction relatively rapidly. These concerns have prompted a considerable amount of debate and analysis in the international supervisory community. Within Europe home v host state supervision is a particularly important issue. Banks may tend to seek authorization wherever the tax, compliance and costs are lowest, as location will become less of a critical issue since services may easily be provided on a cross-border basis. E-banking is likely therefore to significantly increase the usage of the 2BCD passport (that is the Community equivalent of your passport, but for a bank), thereby making it even more crucial that all European regulators undertake supervision in a satisfactory (and harmonised) manner and that communication between regulators is adequate. A number of initiatives with implications for home and host state supervision are being discussed, for example the draft ecommerce and distance marketing directives and the Rome and Brussels conventions. The debate is far from being resolved and a considerable degree of uncertainty remains. For example within the e-
23
commerce Directive ‘home’ and ‘host’ have been replaced with ‘home’ and ‘country of origin’, the implications of which are as yet unclear. The current drafting (agreed at Council) is sufficiently vague to potentially allow numerous regulators to assert jurisdiction over an Internet service, thereby nullifying the main advantage of the Directive, home state regulation. However we would expect that a suitable compromise on the point will be worked out so as to avoid this outcome. Certainly this is what we at the FSA are working towards.
24
CHALLENGES AND OPPORTUNITIES E-banking is a generic term for delivery of banking services and products through electronic channels, such as the telephone, the internet, the cell phone, etc. The concept and scope of E-banking is still evolving. It facilitates an effective payment and accounting system thereby enhancing the speed of delivery of banking services considerably.
While
E-banking
has
improved
efficiency
and
convenience, it has also posed several challenges to the regulators and supervisors. Several initiatives taken by the government of India, as well as the Reserve Bank of India (RBI), have facilitated the development of E-banking in India. The government of India enacted the IT Act, 2000, which provides legal recognition to electronic transactions and other means of electronic commerce. The RBI has been preparing to upgrade itself as a regulator and supervisor of the technologically dominated financial system. It issued guidelines on risks and control in computer and telecommunication system to all banks, advising them to evaluate the risks inherent in the systems and put in place adequate control mechanisms to address these risks. The existing regulatory framework over banks has also been extended to E-banking. It covers various issues that fall within the framework of technology, security standards, and legal and regulatory issues. This book — containing 12 scholarly articles — will benefit those interested in the technological developments of E-banking in India
Electronic banking is the wave of the future. It provides enormous benefits to consumers in terms of the ease and cost of
25
transactions. But it also poses new challenges for country authorities in regulating and supervising the financial system and in designing and implementing macroeconomic policy. Electronic banking has been around for some time in the form of automatic teller machines and telephone transactions. More recently, it has been transformed by the Internet, a new delivery channel for banking services that benefits both customers and banks. Access is fast, convenient, and available around the clock, whatever the customer's location (see illustration above). Plus, banks can provide services more efficiently and at substantially lower costs. For example, a typical customer transaction costing about $1 in a traditional "brick and mortar" bank branch or $0.60 through a phone call costs only about $0.02 online. Electronic banking also makes it easier for customers to compare banks' services and products, can increase competition among banks, and allows banks to penetrate new markets and thus expand their geographical reach. Some even see electronic banking as an opportunity for countries with underdeveloped financial systems to leapfrog developmental stages. Customers in such countries can access services more easily from banks abroad and through wireless communication systems, which are developing more rapidly than traditional "wired" communication networks. The flip side of this technological boom is that electronic banking is not only susceptible to, but may exacerbate, some of the same
risks-particularly
governance,
Legal,
operational,
and
26
reputational-inherent in traditional banking. In addition, it poses new challenges. In response, many national regulators have already modified their regulations to achieve their main objectives: ensuring the safety and soundness of the domestic banking system, promoting market discipline, and protecting customer rights and the public trust in the banking system. Policymakers are also becoming increasingly aware of the greater potential impact of macroeconomic policy on capital movements. MACROECONOMIC CHALLENGES But the challenges are not limited to regulators. As the advent of e-banking quickly changes the financial landscape and increases the potential for quick ross-border capital movements, macroeconomic policymakers face several cdifficult questions. If electronic banking does make national boundaries irrelevant by facilitating capital movements, what does this imply for macroeconomic management? How is monetary policy affected when, for example, the use of electronic means makes it easier for banks to avoid reserve requirements, or when business can be conducted in foreign currencies as easily as in domestic currency? When offshore banking and capital flight are potentially only a few mouse clicks away, does a government have any leeway for independent monetary or fiscal policy?
27 How will the choice of the exchange rate regime be
affected, and how will e-banking influence the targeted level of international reserves of a central bank Can a government afford to make any mistakes? Will the spread of electronic banking impose harsh market discipline on governments as well as on businesses? The answers to these questions fall into two emerging strands of thought. First, the technological revolution-- particularly the expansion of electronic money but also, more broadly, electronic advances in banking practices-- could result in a decoupling of households' and firms' decisions from the purely financial operations of the central bank. Thus, the ability of monetary policy to influence inflation and economic activity would be threatened. Second, as electronic banking expands, financial transaction costs can decline significantly. The result would be tantamount to a reduction in the "sand in the wheels" of the financial sector machinery, making capital flows even easier to effect, with a potential erosion of the effectiveness of domestic monetary policy. In this regard, proponents of the Tobin tax--which would tax short-term capital flows to increase their cost and, thereby, the sand in the wheels-- would feel that electronic banking makes an even more compelling case for introducing such a tax. CHALLENGES Key challenges in developing a sophisticated e-banking application
28
1. Interoperability There is a lack of common technology standards for e-banking. Many protocols are being used for e-banking – HTML, WAP, SOAP, XML to name a few. It would be a wise idea for the vendor to develop a e-banking application that can connect multiple banks. It would require either the application to support multiple protocols or use of a common and widely acceptable set of protocols for data exchange. There are a large number of different e-bankingphone devices and it is a big challenge for banks to offer e-banking solution on any type of device. Some of these devices support J2ME and others support WAP browser or only SMS. Overcoming interoperability issues however have been localized, with countries like India using portals like R-World to enable the limitations of low end java based phones, while focus on areas such as South Africa have defaulted to the USSD as a basis of communication achievable with any phone. The desire for interoperability is largely dependent on the banks themselves, where installed applications (Java based or native) provide better security, are easier to use and allow development of more complex capabilities similar to those of internet banking while SMS can provide the basics but becomes difficult to operate with more complex transactions. 2. Security
29
Security of financial transactions, being executed from some remote location and transmission of financial information over the air, are the most complicated challenges that need to be addressed jointly by e-banking application developers, wireless network service providers and the banks' IT departments. The following aspects need to be addressed to offer a secure infrastructure for financial transaction over wireless network: Physical part of the hand-held device. If the bank is offering smart-card based security, the physical security of the device is more important. Security of any thick-client application running on the device. In case the device is stolen, the hacker should require at least an ID/Password to access the application. Authentication of the device with service provider before initiating a transaction. This would ensure that unauthorized devices are not connected to perform financial transactions. User ID / Password authentication of bank’s customer. Encryption of the data being transmitted over the air. Encryption of the data that will be stored in device for later / off-line analysis by the customer.
3. Scalability & Reliability Another challenge for the CIOs and CTOs of the banks is to scaleup the e-banking infrastructure to handle exponential growth of
30
the customer base. With e-banking, the customer may be sitting in any part of the world (true anytime, anywhere banking) and hence banks need to ensure that the systems are up and running in a true 24 x 7 fashion. As customers will find e-banking more and more useful, their expectations from the solution will increase. Banks unable to meet the performance and reliability expectations may lose customer confidence. 4. Application distribution Due to the nature of the connectivity between bank and its customers, it would be impractical to expect customers to regularly visit banks or connect to a web site for regular upgrade of their ebanking application. It will be expected that the e-banking application itself check the upgrades and updates and download necessary patches (so called Over the Air updates). However, there could be many issues to implement this approach such as upgrade / synchronization of other dependent components. 5. Personalization It would be expected from the e-banking application to support personalization such as: Preferred Language Date / Time format Amount format Default transactions Standard Beneficiary list
31
Alert.
IMPACT
OF
E-BANKING
TRADITIONAL SERVICES
ON
32
One of the issues currently being addressed is the impact of ebanking on traditional banking players. After all, if there are risks inherent in going into e-banking there are other risks in not doing so. It is too early to have a firm view on this yet. Even to practitioners the future of e-banking and its implications are unclear. It might be convenient nevertheless to outline briefly two views that are prevalent in the market. The view that the Internet is a revolution that will sweep away the old order holds much sway. Arguments in favor are as follows: E-banking transactions are much cheaper than branch or even
phone transactions. This could turn yesterday’s competitive advantage - a large branch network, into a comparative disadvantage, allowing e-banks to undercut bricks-and-mortar banks. This is commonly known as the "beached dinosaur" theory. E-banks are easy to set up so lots of new entrants will arrive.
‘Old-world’ systems, cultures and structures will not encumber these new entrants. Instead, they will be adaptable and responsive. E-banking gives consumers much more choice. Consumers will be less inclined to remain loyal. E-banking will lead to an erosion of the ‘endowment effect’ currently enjoyed by the major UK banks.
33
Deposits will go elsewhere with the consequence that these banks will have to fight to regain and retain their customer base. This will increase their cost of funds, possibly making their business less viable. Lost revenue may even result in these banks taking more risks to breach the gap. Portal providers, are likely to attract the most significant share of banking profits. Indeed banks could become glorified marriage brokers. They would simply bring two parties together – e.g. buyer and seller, payer and payee. The products will be provided by monoclines, experts in their field. Traditional banks may simply be left with payment and settlement business – even this could be cast into doubt. Traditional banks will find it difficult to evolve. Not only will they be unable to make acquisitions for cash as opposed to being able to offer shares, they will be unable to obtain additional capital from the stock market. This is in contrast to the situation for Internet firms for whom it seems relatively easy to attract investment. There is of course another view which sees e-banking more as an evolution than a revolution. E-banking is just banking offered via a new delivery channel. It simply gives consumers another service (just as ATMs did). Like ATMs, e-banking will impact on the nature of branches but will not remove their value. Traditional banks are starting to fight back. The start-up costs of an e-bank are high. Establishing a trusted brand is very costly as it requires significant advertising expenditure in addition to the purchase of expensive technology (as security and privacy are key to gaining customer approval). E-banks have already found that retail banking only becomes profitable once a large critical
34
mass is achieved. Consequently many e-banks are limiting themselves to providing a tailored service to the better off. Nobody really knows which of these versions will triumph. This is something that the market will determine. However, supervisors will need to pay close attention to the impact of e-banks on the traditional banks, for example by surveillance of: strategy customer levels earnings and costs advertising spending margins funding costs merger opportunities and threats. Before talking about the issues of risks and responses to E banking, I would like to spend a little time considering the wider question of what the e-banking revolution might mean for the future. I take "E" to mean anything electronic whether it be Internet, television, telephone or all three. One of the issues currently being addressed is the impact of ebanking on traditional banking players. After all, if there are risks inherent in going into e-banking there are other risks in not doing so. It is too early to have a firm view on this yet. Even to practitioners the future of e-banking and its implications are unclear. It might be convenient nevertheless to outline briefly two views that are prevalent in the market. The view that the Internet is a revolution that will sweep away the old order holds much sway. Arguments in favor are as follows Ebanking transactions are much cheaper than branch or even phone transactions. This could turn yesterday’s competitive advantage - a large branch network - into a comparative disadvantage, allowing e-
35
banks to undercut bricks-and-mortar banks. This is commonly known as the "beached dinosaur" theory. E-banks are easy to set up so lots of new entrants will arrive. ‘Old-world’ systems, cultures and structures will not encumber these new entrants. Instead, they will be adaptable and responsive. E-banking gives consumers much more choice. Consumers will be less inclined to remain loyal. E-banking will lead to an erosion of the ‘endowment effect’ currently enjoyed by the major UK banks. Deposits will go elsewhere with the consequence that these banks will have to fight to regain and retain their customer base. This will increase their cost of funds, possibly making their business less viable. Lost revenue may even result in these banks taking more risks to breach the gap. Portal providers are likely to attract the most significant share of banking profits. Indeed banks could become glorified marriage brokers. They would simply bring two parties together – e.g. buyer and seller, payer and payee. The products will be provided by monoclines, experts in their field. Traditional banks may simply be left with payment and settlement business – even this could be cast into doubt. Traditional banks will find it difficult to evolve. Not only will they be unable to make acquisitions for cash as opposed to being able to offer shares, they will be unable to obtain additional capital from the stock market. This is in contrast to the situation for Internet firms for whom it seems relatively easy to attract investment. There is of course another view which sees e-banking more as an evolution than a revolution. E-banking is just banking offered via a new delivery
36
channel. It simply gives consumers another service (just as ATMs did). Like ATMs, e-banking will impact on the nature of branches but will not remove their value. Experience in Scandinavia (arguably the most advanced ebanking area in the world) appears to confirm that the future is ‘clicks and mortar’ banking. Customers want full service banking via a number of delivery channels. The future is therefore ‘Martini Banking’ (any time, any place, anywhere, anyhow). Traditional banks are starting to fight back. The start-up costs of an e-bank are high. Establishing a trusted brand is very costly as it requires significant advertising expenditure in addition to the purchase of expensive technology (as security and privacy are key to gaining customer approval). E-banks have already found that retail banking only becomes profitable once a large critical mass is achieved. Consequently many ebanks are limiting themselves to providing a tailored service to the better off. Nobody really knows which of these versions will triumph. This is something that the market will determine. However, supervisors will need to pay close attention to the impact of e-banks on the traditional banks, for example by surveillance of:
strategy
customer levels
earnings and costs
37
advertising spending
margins
funding costs
Merger opportunities and threats, both in the UK and abroad.
RISKS IN E-BANKING There are risks involved in e-banking. They are as follows:
38 1) Strategic Risk –
A financial institution’s board and management should understand the risks associated with e-banking services and evaluate the resulting risk management costs against the potential return on investment prior to offering e-banking services. Poor e-banking planning and investment decisions can increase a financial institution’s strategic risk. On strategic risk E-banking is relatively new and, as a result, there can be a lack of understanding among senior management about its potential and implications. People with technological, but not banking, skills can end up driving the initiatives. E-initiatives can spring up in an incoherent and piecemeal manner in firms. They can be expensive and can fail to recoup their cost. Furthermore, they are often positioned as loss leaders (to capture market share), but may not attract the types of customers that banks want or expect and may have unexpected implications on existing business lines. Banks should respond to these risks by having a clear strategy driven from the top and should ensure that this strategy takes account of the effects of e-banking, wherever relevant. Such a strategy should be clearly disseminated across the business, and supported by a clear business plan with an effective means of monitoring performance against it. On strategic risk E-banking is relatively new and, as a result, there can be a lack of understanding among senior management about its potential and implications. People with technological, but not banking, skills can end up driving the initiatives. E-initiatives can spring up in an incoherent and piecemeal
39
manner in firms. They can be expensive and can fail to recoup their cost. Furthermore, they are often positioned as loss leaders (to capture market share), but may not attract the types of customers that banks want or expect and may have unexpected implications on existing business lines.
Banks should respond to these risks by having a clear strategy driven from the top and should ensure that this strategy takes account of the effects of e-banking, wherever relevant. Such a strategy should be clearly disseminated across the business, and supported by a clear business plan with an effective means of monitoring performance against it. 2) Business risks –
Business risks are also significant. Given the newness of ebanking, nobody knows much about whether e-banking customers will have different characteristics from the traditional banking customers. They may well have different characteristics. This could render existing score card models inappropriate, this resulting in either higher rejection rates or inappropriate pricing to cover the risk. Banks may not be able to assess credit quality at a distance as effectively as they do in face to face circumstances. It could be more difficult to assess the nature and quality of collateral offered at a distance, especially if it is located in an area the bank is unfamiliar with (particularly if this is overseas). Furthermore
40
as it is difficult to predict customer volumes and the stickiness of edeposits (things which could lead either to rapid flows in or out of the bank) it could be very difficult to manage liquidity. Of course, these are old risks with which banks and supervisors have considerable experience but they need to be watchful of old risks in new guises. In particular risk models and even processes designed for
traditional
banking
may
not
be
appropriate.
Transaction/operations risk - Transaction/Operations risk arises from fraud, processing errors, system disruptions, or other unanticipated events resulting in the institution’s inability to deliver products or services. This risk exists in each product and service offered. The level of transaction risk is affected by the structure of the institution’s processing environment, including the types of services offered and the complexity of the processes and supporting technology. In most instances, e-banking activities will increase the complexity of the institution’s activities and the quantity of its transaction/operations risk, especially if the institution is offering innovative services that have not been standardized. Since customers expect e-banking services to be available 24 hours a day, 7 days a week, financial institutions should ensure their e-banking infrastructures contain sufficient capacity and redundancy to ensure reliable service availability. Even institutions that do not consider e-banking a critical financial service due to the availability of alternate processing channels, should carefully consider customer expectations and the potential impact of service disruptions on customer satisfaction and loyalty.
41
The key to controlling transaction risk lies in adapting effective polices, procedures, and controls to meet the new risk exposures introduced by e-banking. Basic internal controls including segregation of duties, dual controls, and reconcilements remain important. Information security controls, in particular, become more significant requiring
additional
processes,
tools,
expertise,
and
testing.
Institutions should determine the appropriate level of security controls based on their assessment of the sensitivity of the information to the customer and to the institution and on the institution’s established risk tolerance level. Business risks are also significant. Given the newness of e-banking, nobody knows much about whether e-banking customers will have different characteristics from the traditional banking customers. They may well have different characteristics – eg I want it all and I want it now. This could render existing score card models inappropriate, thus resulting in either higher rejection rates or inappropriate pricing to cover the risk. Banks may not be able to assess credit quality at a distance as effectively as they do in face to face circumstances. It could be more difficult to assess the nature and quality of collateral offered at a distance, especially if it is located in an area the bank is unfamiliar with (particularly if this is overseas). Furthermore as it is difficult to predict customer volumes and the stickiness of e-deposits (things which could lead either to rapid flows in or out of the bank) it could be very difficult to manage liquidity. 3) Credit risk –
42
Generally, a financial institution’s credit risk is not increased by the mere fact that a loan is originated through an e-banking channel. However, management should consider additional precautions when originating and approving loans electronically, including assuring management information systems effectively track the performance of portfolios originated through e-banking channels. The following aspects of on-line loan origination and approval tend to make risk management of the lending process more challenging. If not properly managed, these aspects can significantly increase credit risk. Verifying the customer’s identity for on-line credit applications and executing an enforceable contract; Monitoring and controlling the growth, pricing, underwriting standards, and ongoing credit quality of loans originated through e-banking channels; Monitoring and oversight of third-parties doing business as agents or on behalf of the financial institution (for example, an Internet loan origination site or electronic payments processor); Valuing collateral and perfecting liens over a potentially wider geographic area; Collecting loans from individuals over a potentially wider geographic area; Monitoring any increased volume of, and possible concentration in, out-of-area lending. Liquidity, interest rate, price/market risks - Funding and investmentrelated risks could increase with an institution’s e-banking initiatives depending on the volatility and pricing of the acquired deposits. The Internet provides institutions with the ability to market their products and services globally. Internet-based advertising programs can effectively match yield-focused investors with potentially highyielding deposits. But Internet-originated deposits have the potential to attract customers who focus exclusively on rates and may provide a
43
funding source with risk characteristics similar to brokered deposits. An institution can control this potential volatility and expanded geographic reach through its deposit contract and account opening practices, which might involve face-to-face meetings or the exchange of paper correspondence. The institution should modify its policies as necessary to address the following e-banking funding issues:
Potential increase in dependence on brokered funds or other highly rate-sensitive deposits;
Potential acquisition of funds from markets where the institution is not licensed to engage in banking, particularly if the institution does not establish, disclose, and enforce geographic restrictions;
Potential impact of loan or deposit growth from an expanded Internet market, including the impact of such growth on capital ratios;
Potential increase in volatility of funds should e-banking security problems negatively impact customer confidence or the market’s perception of the institution.
This changing financial landscape brings with it new challenges for bank management and regulatory and supervisory authorities. The major ones stem from increased cross-border transactions resulting from drastically lower transaction costs and the greater ease of banking activities, and from the reliance on technology to provide banking services with the necessary security.
44 4) Operations risk-
The reliance on new technology to provide services makes security and system availability the central operational risk of electronic banking. Security threats can come from inside or outside the system, so banking regulators and supervisors must ensure that banks have appropriate practices in place to guarantee the confidentiality of data, as well as the integrity of the system and the data. Banks' security practices should be regularly tested and reviewed by outside experts to analyze network vulnerabilities and recovery preparedness. Capacity planning to address increasing transaction volumes and new technological developments should take account of the budgetary impact of new investments, the ability to attract staff with the necessary expertise, and potential dependence on external service providers. Managing heightened operational risks needs to become an integral part of banks' overall management of risk, and supervisors need to include operational risks in their safety and soundness evaluations. There are three types of operation risks. They are as follows: volume forecasts management information systems and Outsourcing.
Accurate volume forecasts have proved difficult - One of the key challenges encountered by banks in the Internet environment is how to predict and manage the volume of customers that they will obtain. Many banks going on-line have significantly misjudged volumes.
45
When a bank has inadequate systems to cope with demand it may suffer reputational and financial damage, and even compromises in security if extra systems that are inadequately configured or tested are brought on-line to deal with the capacity problems. As a way of addressing this risk, banks should:
undertake market research,
adopt systems with adequate capacity and scalability,
undertake proportionate advertising campaigns, and
Ensure that they have adequate staff coverage and develop a suitable business continuity plan.
In brief, this is a new area, nobody knows all the answers, and banks need to exercise particular caution. The second type of operations risk concerns management information systems. Again this is not unique to E-banking. I have seen many banks venture into new areas without having addressed management information issues. Banks may have difficulties in obtaining adequate management information to monitor their eservice, as it can be difficult to establish/configure new systems to ensure that sufficient, meaningful and clear information is generated. Such information is particularly important in a new field like ebanking. Banks are being encouraged by the FSA to ensure that management have all the information that they require in a format that they understand and that does not cloud the key information with superfluous details.
46
Finally, a significant number of banks offering e-banking services outsource related business functions, e.g. security, either for reasons of cost reduction or, as is often the case in this field, because they do not have the relevant expertise in-house. Outsourcing a significant function can create material risks by potentially reducing a bank’s control over that function. Outsourcing is of course neither new nor unmanageable but banks should be mindful of the FSA’s guidance on outsourcing, which addresses these risks. 5) Regulatory riskBecause the Internet allows services to be provided from anywhere in the world, there is a danger that banks will try to avoid regulation and supervision. What can regulators do? They can require even banks that provide their services from a remote location through the Internet to be licensed. Licensing would be particularly appropriate where supervision is weak and cooperation between a virtual bank and the home supervisor is not adequate. Licensing is the norm, for example, in the United States and most of the countries of the European Union. A virtual bank licensed outside these jurisdictions that wishes to offer electronic banking services and take deposits in these countries must first establish a licensed branch. Determining when a bank's electronic services trigger the need for a license can be difficult, but indicators showing where banking services originate and where they are provided can help. For example, a virtual bank licensed in country X is not seen as taking deposits in country Y if customers make their deposits by posting checks to an address in country X. If a customer makes a deposit at an automatic
47
teller machine in country Y, however, that transaction would most likely be considered deposit taking in country. Regulators need to establish guidelines to clarify the gray areas between these two cases. 6) Legal riskElectronic banking carries heightened legal risks for banks. Banks can potentially expand the geographical scope of their services faster through electronic banking than through traditional banks. In some cases, however, they might not be fully versed in a jurisdiction's local laws and regulations before they begin to offer services there, either with a license or without a license if one is not required. When a license is not required, a virtual bank--lacking contact with its host country supervisor--may find it even more difficult to stay abreast of regulatory
changes.
As
a
consequence,
virtual
banks
could
unknowingly violate customer protection laws, including on data collection and privacy, and regulations on soliciting. In doing so, they expose themselves to losses through lawsuits or crimes that are not prosecuted because of jurisdictional disputes. Money laundering is an age-old criminal activity that has been greatly facilitated by electronic banking because of the anonymity it affords. Once a customer opens an account, it is impossible for banks to identify whether the nominal account holder is conducting a transaction or even where the transaction is taking place. To combat money laundering, many countries have issued specific guidelines on identifying customers. They typically comprise recommendations for verifying an individual's identity and address before a customer
48
account is opened and for monitoring online transactions, which requires great vigilance. In a report issued in 2000, the Organization for Economic Cooperation and Development's Financial Action Task Force raised another
concern.
With
electronic
banking
crossing
national
boundaries, whose regulatory authorities will investigate and pursue money laundering violations? The answer, according to the task force, lies in coordinating legislation and regulation internationally to avoid the creation of safe havens for criminal activities. 7) Reputational riskBreaches of security and disruptions to the system's availability can damage a bank's reputation. The more a bank relies on electronic delivery channels, the greater the potential for reputational risks. If one electronic bank encounters problems that cause customers to lose confidence in electronic delivery channels as a whole or to view bank failures as system wide supervisory deficiencies, these problems can potentially affect other providers of electronic banking services. In many countries where electronic banking is becoming the trend, bank supervisors have put in place internal guidance notes for examiners, and many have released risk-management guidelines for banks. This is considerably heightened for banks using the Internet. For example the Internet allows for the rapid dissemination of information which means that any incident, either good or bad, is common knowledge within a short space of time. The speed of the Internet considerably
49
cuts the optimal response times for both banks and regulators to any incident. Any problems encountered by one firm in this new environment may affect the business of another, as it may affect confidence in the Internet as a whole. There is therefore a risk that one rogue e-bank could cause significant problems for all banks providing services via the Internet. This is a new type of systemic risk and is causing concern to e-banking providers. Overall, the Internet puts an emphasis on reputational risks. Banks need to be sure that customers’ rights and information needs are adequately safeguarded and provided for. Breaches of security and disruptions to the system's availability can damage a bank's reputation. The more a bank relies on electronic delivery channels, the greater the potential for reputational risks. If one electronic bank encounters problems that cause customers to lose confidence in electronic delivery channels as a whole or to view bank failures as system wide supervisory deficiencies, these problems can potentially affect other providers of electronic banking services. In many countries where electronic banking is becoming the trend, bank supervisors have put in place internal guidance notes for examiners, and many have released risk-management guidelines for banks. Reputational risks also stem from customer misuse of security precautions or ignorance about the need for such precautions. Security risks can be amplified and may result in a loss of confidence in electronic delivery channels. The solution is consumer education--a process in which regulators and supervisors can assist. For example, some bank supervisors provide links on their websites allowing
50
customers to identify online banks with legitimate charters and deposit insurance. They also issue tips on Internet banking, offer consumer help lines, and issue warnings about specific entities that may be conducting unauthorized banking operations in the country. Money laundering is an age-old criminal activity that has been greatly facilitated by electronic banking because of the anonymity it affords. Once a customer opens an account, it is impossible for banks to identify whether the nominal account holder is conducting a transaction or even where the transaction is taking place. To combat money laundering, many countries have issued specific guidelines on identifying customers. They typically comprise recommendations for verifying an individual's identity and address before a customer account is opened and for monitoring online transactions, which requires great vigilance.
REGULATORY TOOLS AND SECURITY There are four key tools that regulators need to focus on to address the new challenges posed by the arrival of e-banking. AdaptationIn light of how rapidly technology is changing and what the changes mean for banking activities, keeping regulations up to date has been, and continues to be, a far-reaching, time-
51
consuming, and complex task. In May 2001, the Bank for International
Settlements
issued
its
"Risk
Management
Principles for Electronic Banking," which discusses how to extend, adapt, and tailor the existing risk-management framework to the electronic banking setting. For example, it recommends that a bank's board of directors and senior management review and approve the key aspects of the security control process, which should include measures to authenticate the identity and authorization of customers, promote non repudiation of transactions, protect data integrity, and ensure segregation of duties within e-banking systems, databases, and applications. Regulators and supervisors must also ensure that their staffs have the relevant technological expertise to assess potential changes in risks, which may require significant investment in training and in hardware and software.
Legalization-
New
methods
for
conducting
transactions,
new
instruments, and new service providers will require legal definition, recognition, and permission. For example, it will be essential to define an electronic signature and give it the same legal status as the handwritten signature. Existing legal definitions and permissions--such as the legal definition of a
52
bank and the concept of a national border--will also need to be rethought. Harmonization-
International
harmonization
of
electronic
banking
regulation must be a top priority. This means intensifying crossborder cooperation between supervisors and coordinating laws and regulatory practices internationally and domestically across different regulatory agencies. The problem of jurisdiction that arises from "borderless" transactions is, as of this writing, in limbo. For now, each country must decide who has jurisdiction over electronic banking involving its citizens. The task of international harmonization and cooperation can be viewed as the most daunting in addressing the challenges of electronic banking. Integration-
This is the process of including information technology issues and their accompanying operational risks in bank supervisors' safety and soundness evaluations. In addition to the issues of privacy and security, for example, bank examiners will want to know how well the bank's management has elaborated its business plan for electronic banking. A special challenge for regulators will be supervising the functions that are outsourced to third-party vendors.
53
Security is one of the most discussed issues around e-banking. E-banking increases security risks, potentially exposing hitherto isolated systems to open and risky environments. Security breaches essentially fall into three categories; breaches with serious criminal intent
(fraud,
theft
of
commercially
sensitive
or
financial
information), breaches by ‘casual hackers’ (defacement of web sites or ‘denial of service’ - causing web sites to crash), and flaws in systems design and/or set up leading to security breaches (genuine users seeing / being able to transact on other users’ accounts). All of these threats have potentially serious financial, legal and reputational implications. Many banks are finding that their systems are being probed for weaknesses hundreds of times a day but damage/losses arising from security breaches have so far tended to be minor. However some banks could develop more sensitive "burglar alarms", so that they are better aware of the nature and frequency of unsuccessful attempts to break into their system. The most sensitive computer systems, such as those used for high value payments or those storing highly confidential information, tend to be the most comprehensively secured. One could therefore imply that the greater the potential loss to a bank the less likely it is to occur, and in general this is the case. However, while banks tend to have reasonable perimeter security, there is sometimes insufficient segregation between internal systems and poor internal security. It may be that someone could breach the lighter security around a low value system. It is easy to overemphasize the security risks in e-banking. It must be remembered that the
54
Internet could remove some errors introduced by manual processing (by increasing the degree of straight through processing from the customer through banks’ systems). This reduces risks to the integrity of transaction data (although the risk of customers incorrectly inputting data remains). As e-banking advances, focusing general attention on security risks, there could be large security gains. Financial institutions need as a minimum to have: a strategic approach to information security, building best
practice security controls into systems and networks as they are developed a proactive approach to information security, involving
active testing of system security controls (e.g. penetration testing), rapid response to new threats and vulnerabilities and regular review of market place developments sufficient staff with information security expertise active use of system based security management and monitoring tools strong business information security controls. These are the issues line supervisors will be raising with their banks as part of their on-going supervision. Security issues are a major source of concern for everyone both inside and outside the
55
banking industry. E-banking increases security risks, potentially exposing hitherto isolated systems to open and risky environments. Both the FSA and banks need to be proactive in monitoring and managing the security threat. Security breaches essentially fall into three categories; breaches with serious criminal intent (e.g. fraud, theft of commercially sensitive or financial information), breaches by ‘casual hackers’ (e.g. defacement of web sites or ‘denial of service’ - causing web sites to crash), and flaws in systems design and/or set up leading to security breaches (e.g. genuine users seeing / being able to transact on other users’ accounts). All of these threats have potentially serious financial, legal and reputational implications. Many banks are finding that their systems are being probed for weaknesses hundreds of times a day but damage/losses arising from security breaches have so far tended to be minor. However some banks could develop more sensitive "burglar alarms", so that they are better aware of the nature and frequency of unsuccessful attempts to break into their system. The most sensitive computer systems, such as those used for high value payments or those storing highly confidential information, tend to be the most comprehensively secured. One could therefore imply that the greater the potential loss to a bank the less likely it is to occur, and in general this is the case. However, while banks tend to have reasonable perimeter security, there is sometimes insufficient segregation between internal systems and poor internal security. It may be that someone could breach the lighter security around a low value system, e.g. a bank’s retail web site, and gain entry to a high
56
value system via the bank’s internal network. We are encouraging banks to look at the firewalls between their different systems to ensure adequate damage limitation should an external breach occur. As ever though, the greatest threat so far has been from the enemy within – i.e. your own employees, contractors and so on. It is easy to overemphasize the security risks in e-banking. It must be remembered that the Internet could remove some errors introduced by manual processing (by increasing the degree of straight through processing from the customer through banks’ systems). This reduces risks to the integrity of transaction data (although the risk of customer’s incorrectly inputting data remains). As e-banking advances, focusing general attention on security risks, there could be large security gains.
So what should banks be doing? Our view is that to deal with these emerging threats effectively, financial institutions need as a minimum to have: a strategic approach to information security, building best practice security controls into systems and networks as they are developed a proactive approach to information security, involving active testing of system security controls (e.g. penetration testing), rapid response to new threats and vulnerabilities and regular review of market place developments sufficient staff with information security expertise
57
active use of system based security management and monitoring tools strong business information security controls These are the issues line supervisors will be raising with their banks as part of their on-going supervision; or, for new applicants, will need to be given adequate assurances about.
TYPES OF E-BANKING: Following are the types of e-banking Internet banking Mobile banking ATM Telephone banking
Internet Banking: Internet banking refers to the use of the Internet as a remote delivery channel for banking services. Such services include traditional ones, such as opening a deposit account or transferring
58
funds, among different accounts, and new banking services, such as electronic bill payment, allowing customers to receive and pay bills via a bank’s website. Banks offer Internet banking in two main ways. An established bank with physical offices can establish a website and offer Internet banking to its customers in addition to its traditional delivery channels. A second alternative is to establish a “virtual,” “branchless,” or “Internet-only” bank. The computer server that lies at the heart of a virtual bank may be located in an office that serves as the legal address of such a bank, or at some other location. Virtual banks may offer their customers the ability to make deposits and withdraw funds via ATMs or other remote delivery channels owned by other institutions.
Features: Internet banking has following features 1) Time and Space-
By eliminating the limitations of time and distance, electronic financial transactions can make cross-border transactions easier and thus make it possible to provide services to customers on a global scale.
In effect, online finance may eventually lead to
complete globalization of financial services, making the national borders irrelevant. 2) Electronic financial transactionsElectronic financial transactions have helped create new services such as the “virtual financial site” that includes services
59
crossing the traditional borders between financial services as well as “aggregation” that allows consumers to obtain consolidated information about their financial accounts in one place.
Electronic bill presentment and payment - EBPP
Funds transfer between a customer's own checking and savings accounts, or to another customer's account
Investment purchase or sale
Loan applications and transactions, such as repayments
3) SecuritySince electronic financial transactions, especially those in online retail banking, are being conducted on open networks centered on the Internet, many challenges arise in terms of transaction security, consumer protection and privacy.
The
existing systems of financial regulation and supervision are being amended to reflect the changes in technology. Online banking user interfaces are secure sites and traffic of all information including the password - is encrypted, making it next to impossible for a third party to obtain or modify information after it is sent. However, encryption alone does not rule out the possibility of hackers gaining access to vulnerable home PCs and intercepting the password as it is typed in (keystroke logging). There is also the danger of password cracking and physical theft of passwords written down by careless users. Many online banking services therefore impose a second layer of security. Strategies vary, but a common method is the use of transaction numbers, or TANs, which are essentially single use
60
passwords. Another strategy is the use of two passwords, only random parts of which are entered at the start of every online banking session. This is however slightly less secure than the TAN alternative and more inconvenient for the user. A third option is providing customers with security token devices capable of generating single use passwords unique to the customer's token (this is called two-factor authentication or 2FA). Another option is using digital certificates, which digitally sign or authenticate the transactions, by linking them to the physical device (e.g. computer, mobile phone, etc). Other banks have responded not with security tokens or digital certificates, but by setting up a combination of controls that recognize a customer's computer, ask additional challenge questions for risky behavior, and monitor for fraud lucent behavior 4) Electronic Fund TransferElectronic funds transfer or EFT refers to the computer-based systems used to perform financial transactions electronically. The term is used for a number of different concepts:
cardholder-initiated transactions, where a cardholder makes use of a payment card
electronic payments by businesses, including salary payments
electronic check (or cheque) clearing
5) Card Based EFT-
61
EFT may be initiated by a cardholder when a payment card such as a credit card or debit card is used. This may take place at an automated teller machine (ATM) or point of sale (EFTPOS), or when the card is not present, which covers cards used for mail order, telephone order and internet purchases. Transaction types A number of transaction types may be performed, including the following: Sale: where the cardholder pays for goods or service. Refund: where a merchant refunds an earlier payment made
by a cardholder. Withdrawal: the cardholder withdraws funds from their
account, e.g. from an ATM. The term Cash Advance may also be used, typically when the funds are advanced by a merchant rather than at an ATM. Deposit: where a cardholder deposits funds to their own
account (typically at an ATM). Cashback: where a cardholder withdraws funds from their
own account at the same time as making a purchase. Inter-account transfer: transferring funds between linked
accounts belonging to the same cardholder Payment: transferring funds to a third party account Inquiry: a transaction without financial impact, for instance
balance inquiry, available funds inquiry, linked accounts inquiry, or request for a statement of recent transactions on the account.
62 Administrative:
this covers a variety of non-financial
transactions including PIN change. The transaction types offered depend on the terminal. An ATM would offer different transactions from a POS terminal, for instance Online banking puts the power of banking into the hands of the customer and allows the customers to self-service themselves with all their banking needs, just as customers have become used to getting money from an ATM instead of going to the cash desk in the bank.
With this online service, customers can view their
account details, review their account history, transfer funds, order checks, pay bills, re-order checks and get in touch with the customer care department of the bank. In most cases, there is no special software to install other than a web browser and many banks do not charge for this service
Mobile Banking: Mobile banking is a term used for performing balance checks, account transactions, payments etc. via a mobile device such as a mobile phone. Mobile banking today (2008) is most often performed via SMS or the Mobile Internet but can also use special programs downloaded to the mobile device. Mobile Banking can be said to consist of three inter-related concepts:
Mobile Accounting
Mobile Brokerage
Mobile Financial Information Services
63
Most services in the categories designated Accounting and Brokerage are transaction-based. The non-transaction-based services of an informational nature are however essential for conducting transactions The accounting and brokerage services are therefore offered invariably
in combination
with information
services.
Information services, on the other hand, may be offered as an independent module.
Trends in mobile banking: The advent of the Internet has revolutionized the way the financial
services
industry
conducts
business,
empowering
organizations with new business models and new ways to offer 24x7 accessibility to their customers. The ability to offer financial transactions online has also created new players in the financial services industry, such as online banks, online brokers and wealth managers who offer personalized services, although such players still account for a tiny percentage of the industry. Over the last few years, the mobile and wireless market has been one of the fastest growing markets in the world and it is still growing at a rapid pace. According to the GSM Association and Ovum, the number of mobile subscribers exceeded 2 billion in September 2005, and now exceeds 2.5 billion (of which more than 2 billion are GSM).According to a study by financial consultancy Clement, 35% of online banking households will be using mobile banking by 2010, up from less than 1% today. Upwards of 70% of bank center call volume is projected to come from mobile phones. Mobile banking will eventually allow users to make payments at the
64
physical point of sale. "Mobile contact less payments” will make up 10% of the contact less market by 2010.Many believe that mobile users have just started to fully utilize the data capabilities in their mobile phones. In Asian countries like India, China, Indonesia and Philippines, where mobile infrastructure is comparatively better than the fixed-line infrastructure, and in European countries, where mobile phone penetration is very high (at least 80% of consumers use a mobile phone), mobile banking is likely to appeal even more. This opens up huge markets for financial institutions interested in offering value added services. .Mobile devices, especially smart phones, are the most promising way to reach the masses and to create “stickiness” among current customers, due to their ability to provide services anytime, anywhere, high rate of penetration and potential to grow. Features: Mobile banking can offer services such as the following: Account Information Alerts on account activity or passing of set thresholds 1. Monitoring of term deposits 2. Access to loan statements 3. Access to card statements 4. Mutual funds / equity statements 5. Insurance policy management 6. Pension plan management 7. Status on cheque, stop payment on cheque
65
Payments & Transfers 1. Domestic and international fund transfers 2. Micro-payment handling 3. Mobile recharging 4. Commercial payment processing 5. Bill payment processing 6. Peer to Peer payments Investments 1. Portfolio management services 2. Real-time stock quotes 3. Personalized alerts and notifications on security prices Support 1. Status of requests for credit, including mortgage approval, and insurance coverage 2. Check (cheque) book and card requests 3. Exchange of data messages and email, including complaint submission and tracking 4. ATM Location Content Services 1. General information such as weather updates, news 2. Loyalty-related offers 3. Location-based services Based on a survey conducted by Forrester, mobile banking will be attractive mainly to the younger, more "tech-savvy" customer segment. A third of mobile phone users say that they may consider
66
performing some kind of financial transaction through their mobile phone. But most of the users are interested in performing basic transactions such as querying for account balance and making bill payment.
ATM: An automated teller machine (ATM) is a computerized telecommunications device that provides the customers of a financial institution with access to financial transactions in a public space without the need for a human clerk or bank teller. On most modern ATMs, the customer is identified by inserting a plastic ATM card with a magnetic stripe or a plastic smartcard with a chip, that contains a unique card number and some security information. Security is provided by the customer entering a personal identification number (PIN). Mechanical cash dispenser was developed and built by Luther George Simian and installed in 1939 in New York City by the City Bank of New York, but removed after 6 months due to the lack of customer acceptance. The ATM got smaller, faster and easier over the years. Thereafter, the history of ATMs paused for over 25 years, until De La Rue developed the first electronic ATM, which was installed first in Enfield Town in North London on 27 June 1967 by Barclays Bank.. This instance of the invention is credited to John Shepherd-Barron, although various other engineers were awarded patents for related
67
technologies at the time. Shepherd-Barron was awarded an OBE in the 2005 New Year's Honors List. The first person to use the machine was Rag Varney of "On the Buses" fame, a British Television programmed from the 1960s. The first ATMs accepted only a singleuse token or voucher, which was retained by the machine. These worked on various principles including radiation and low-coercively magnetism that was wiped by the card reader to make fraud more difficult. The idea of a PIN stored on the card was developed by the British engineer John Rose in 1965. ATMs first came into wide UK use in 1973; the IBM 2984 was designed at the request of Lloyds Bank. The 2984 CIT (Cash Issuing Terminal) was the first true Cash point, similar in function to today's machines; Cash point is still a registered trademark of Lloyds TSB in the U.K. All were online and issued a variable amount which was immediately deducted from the account. A small number of 2984s were supplied to a
USA bank.
Using
customers can access their
an
ATM,
bank accounts in order to make cash withdrawals (or credit card cash advances) and check their account balances. ATMs are known by various casual terms including automated banking machine, money machine, cash machine, hole-in-the-wall.
68
Telephone banking: The Enhanced Telephone is a telephone developed by Citibank in the late 1980s for customers to do banking and other financial transactions from their home. The official launch date was February 26-27, 1990.The first version of the Enhanced Telephone, the 99A model, was beige and featured a monochrome CRT screen. Because of its chunky appearance, several developers dubbed it the "sawed-off ski boot. The physical hardware was manufactured by Transaction Technologies Incorporated (TTI).The second version of the Enhanced Telephone, the P100 model, was manufactured by Philips Electronics and featured an LCD screen and sleeker styling. The font was developed by Bit stream Inc. Software for the Enhanced Telephone was written in a proprietary language called HAL (Home Application Language).The Enhanced Telephone ultimately failed to become a viable product because by the time it was introduced, home banking via PCs was becoming more common. As the World Wide Web became popular in the early 1990s, the Enhanced Telephone was rendered obsolete. The Philips P100 phone lived on and to this day variations of it are used for other applications Online lenders make loans to consumers via computer websites, online. Online lenders generally provide loan information,
69
application forms, email or instant message assistance right on their website. The online applications are generally transmitted over an encrypted web page for security. Ideally an online lender will provide a telephone number prominently offering offline assistance to consumers also Telephone banking is a service provided by a financial institution which allows its customers to perform transactions over the telephone. Most telephone banking uses an automated phone answering system with phone keypad response or voice recognition capability. To guarantee security, the customer must first authenticate through a numeric or verbal password or through security questions asked by a live representative (see below). With the obvious exception of cash withdrawals and deposits, it offers virtually all the features of an automated teller machine: account balance information and list of latest transactions, electronic bill payments, funds transfers between a customer's accounts, etc. Usually, customers can also speak to a live representative located in a call centre or a branch, although this feature is not guaranteed to be offered 24/7. In addition to the selfservice transactions listed earlier, telephone banking representatives are usually trained to do what was traditionally available only at the branch: loan applications, investment purchases and redemptions, cheque book orders, debit card replacements, change of address, etc. Banks which operate mostly or exclusively by telephone are known as phone bank.
70
MARKETING FOR E-BANKING E-banking is poised to become the big killer e-banking application arena. However, Banks going e-banking the first time need to tread the path cautiously. The biggest decision that Banks need to make is the channel that they will support their services on. E-banking through an SMS based service would require the lowest amount of effort, in terms of cost and time, but will not be able to support the full breath of transaction-based services. However, in markets like India where a bulk of the e-banking population users' phones can only support SMS based services, this might be the only option left. On the other hand a market heavily segmented by the type and complexity of e-banking usage might be good place to roll of WAP based e-banking applications. A WAP based service can let go of the need to customize usability to the profile of each e-banking, the tradeoff being that it cannot take advantage of the full breadth of features that a e-banking might offer.
71
E-banking application standalone clients bring along the burden of supporting multiple e-banking device profiles. According to the Gartner Group, a leading wireless computing consulting organization, e-banking services will have to support a minimum of 50 different device profiles in the near future. However, currently the best user experience, depending on the capabilities of a e-banking, is possible only by using a Standalone client. E-banking has the potential to do to the e-banking what E-mail did to the Internet. E-banking Application based banking is poised to be a big m-commerce feature, and if South Korea's foray into mass ebanking is any indication, e-banking could well be the driving factor to increase sales of high-end e-banking. Nevertheless, Bank's need to take a hard and deep look into the e-banking usage patterns among their target customers and enable their e-banking services on a technology with reaches out to the majority of their customers.
72
DIFFERENCE BETWEEN TRADITIONAL AND E BANKING: Internet banking works much like traditional banking. The primary difference is you are accessing your account and information, making payments and reconciling statements using your computer rather than paper or the phone to complete transactions. Instead of going down to your local branch office when you bank online you can accomplish multiple tasks at once with the click of a button. Online banking is rapidly becoming more and more popular as consumers recognize the advantages online banking has to offer. For one most banks charge fewer fees if you take advantage of their online banking services. You can also stop receiving paper statements if you like in many cases and conduct 95% of your business over the Web when you take advantage of Internet banking The E-banking-Service will only be available for e-banking and data connections which meet the required specifications and configurations as may be specified by the Bank from time to time and you agree to procure and maintain a e-banking and data connection which meet these requirements at your own expense. User Guidance on the operation of the E-banking-Service will be made available to you. You must follow all relevant User Guidance
73
whenever you access or operate the E-banking-Service. The Bank may inform you from time to time about changes to the way you should access or operate the E-banking-Service. You must observe all such changes when accessing or operating the E-banking-Service. The E-banking Services are intended to be available 7 days a week, 24 hours a day but there is no warranty that the same will be available at all times. You further agree that the Bank shall be entitled at any time, at the Bank's sole discretion and without prior notice, to temporarily suspend the operation of the E-banking-Service for updating, maintenance and upgrading purposes, or any other purpose whatsoever that the Bank deems fit, and in such event, the Bank shall not be liable for any loss, liability or damage which may be incurred as a result.
74
TRENDS IN E-BANKING The advent of the Internet has revolutionized the way the financial
services
industry
conducts
business,
empowering
organizations with new business models and new ways to offer 24x7 accessibility to their customers. The ability to offer financial transactions online has also created new players in the financial services industry, such as online banks, online brokers and wealth managers who offer personalized services, although such players still account for a tiny percentage of the industry. Over the last few years, the e-banking and wireless market has been one of the fastest growing markets in the world and it is still growing at a rapid pace. According to the GSM Association and Ovum, the number of e-banking subscribers exceeded 2 billion in September 2005, and now exceeds 2.5 billion (of which more than 2 billion are GSM). According to a study by financial consultancy Clement, 35% of online banking households will be using e-banking by 2010, up from less than 1% today. Upwards of 70% of bank center call volume is projected to come from e-banking. E-banking will eventually allow users to make payments at the physical point of sale. "E-banking contact less payments” will make up 10% of the contact less market by 2010.[2] Many believe that e-banking users have just started to fully utilize the data capabilities in their e-banking. In Asian countries like
75
India, China, Bangladesh, Indonesia and Philippines, where ebanking infrastructure is comparatively better than the fixed-line infrastructure,
and
in
European
countries,
where
e-banking
penetration is very high (at least 80% of consumers use a e-banking), e-banking is likely to appeal even more. This opens up huge markets for financial institutions interested in offering value added services. With e-banking technology, banks can offer a wide range of services to their customers such as doing funds transfer while traveling, receiving online updates of stock price or even performing stock trading while being stuck in traffic. According to the German e-banking operator Mobilcom, e-banking will be the "killer application" for the next generation of e-banking technology. E-banking devices, especially smart phones, are the most promising way to reach the masses and to create “stickiness” among current customers, due to their ability to provide services anytime, anywhere, high rate of penetration and potential to grow. According to Gartner, shipment of smart phones is growing fast, and should top 20 million units (of over 800 million sold) in 2006 alone. In the last 4 years, banks across the globe have invested billions of dollars to build sophisticated internet banking capabilities. As the trend is shifting to e-banking, there is a challenge for CIOs and CTOs of these banks to decide on how to leverage their investment in internet banking and offer e-banking, in the shortest possible time.
76
The proliferation of the 3G (third generation of wireless) and widespread implementation expected for 2003–2007 will generate the development of more sophisticated services such as multimedia and links to m-commerce services. Internet banking is gaining ground. Banks increasingly operate websites through which customers are able not only to inquire about account balances and interest and exchange rates but also to conduct a range of transactions. Unfortunately, data on Internet banking are scarce, and differences in definitions make cross-country comparisons difficult. Even so, one finds that Internet banking is particularly widespread in Austria, Korea, the Scandinavian countries, Singapore, Spain, and Switzerland, where more than 75 percent of all banks offer such services (see chart). The Scandinavian countries have the largest number of Internet users, with up to one-third of bank customers in Finland and Sweden taking advantage of e-banking. In the United States, Internet banking is still concentrated in the largest banks. In mid-2001, 44 percent of national banks maintained transactional websites, almost double the number in the third quarter of 1999. These banks account for over 90 percent of national banking system assets. The larger banks tend to offer a wider array of electronic banking services, including loan applications and brokerage services. While most U.S. consumers have accounts with banks that offer Internet services, only about 6 percent of them use these services. To date, most banks have combined the new electronic delivery channels with traditional brick and mortar branches ("brick and click"
77
banks), but a small number have emerged that offer their products and services predominantly, or only, through electronic distribution channels. These "virtual" or Internet-only banks do not have a branch network but might have a physical presence, for example, an administrative office or nonbranch facilities like kiosks or automatic teller machines. The United States has about 30 virtual banks; Asia has 2, launched in 2000 and 2001; and the European Union has several-either as separately licensed entities or as subsidiaries or branches of brick and mortar banks
78
E-BANKING, BENEFIT FOR RURAL INDIA Thousands of people from rural areas across 12 states are likely to get their social security pension and wages paid under the National Rural Employment Guarantee Act (NREGA) scheme with the help of mobiles over the coming few months. In Andhra Pradesh alone, for instance, 250,000 people have registered for e-banking services. The state government is rolling out a programmed to enroll three million people by the end of 2008. E-banking pilots and full-scale operations are being conducted across 12 states, and the entire ecosystem is being managed by the government with the help of the Reserve Bank of India, banks, leading telecom operators and technology implementation partners. The ecosystem is important since banking regulations in India currently do not allow cash for exchange of another 'unit' such as 'airtime' in the case of mobiles. Only banks and the Indian Post (through money orders) are currently allowed such transfers. E-banking, which is catching up fast in the cities and hinterland, is not only helping the government to take a step forward towards fulfilling its aim of having one bank account for every household, but also saving it crores of rupees by way of reduced transaction costs.
79
While the government incurs a transaction cost of Rs 12-13 for every Rs 100 it shells out, e-banking helps it reduce the cost to a mere Rs 2. RBI estimates that around 40 per cent of Indians lack access to formal financial services and is largely 'unbanked'. For instance, the AP government has tied up with banks like the State Bank of [Get Quote] India [Get Quote], Union Bank of India [Get Quote], Axis Bank, Andhra Bank [Get Quote], State Bank of Hyderabad, Andhra Pradesh Garmin Vikas Bank, and Punjab National Bank [Get Quote]. A Little World (ALW), a technology implementation partner, has collaborated with NXP Semiconductors to design a e-banking for the AP government that encloses an RFID card, and works with ALW's micro-banking platform ZERO. The e-banking acts as a branch of the bank by storing a database of customers. It also has a smartcard, which biometrically stores the identity of the customer such as name, address, photograph, fingerprint templates and relevant details of the savings or loan accounts held by the issuing bank. Customers get a secure electronic identity via phone or smartcard, while agents take deposits and dispense cash. ALW works with the banks on a revenue-sharing basis.
80
Anurag Gupta, founder director & CEO of ALW, says: "We have carried out pilot projects with SBI in villages located in some of the most inaccessible and difficult terrains of the country such as Pithoragarh in Uttarakhand, Mizoram, Meghalaya, and remote villages in Andhra Pradesh." Lokanath Panda, director, ALW, also pointed out that SBI had tied up with the Indian Post to extend banking services especially in unbanked/under-banked areas. "Select post offices will make available to the public SBI's deposit and loan products, and ALW is the technology partner." ALW is also conducting a pilot programme with SKS Microfinance and the Bank of India to provide a e-banking service that works on BSNL SIM cards. New Delhi-based Ekgaon Technologies too has developed a system for tracking transactions made by self-help groups. It has partnered with the likes of CARE, World Vision and the World Bank to conduct a pilot, which it plans to extend to 14 Indian states. Bharti Airtel [Get Quote], too, is in the process of tying up with two leading banks to extend its e-bankingremittance services to rural areas, according to its president (E-bankingServices), Sanjay Kapoor.
81
Airtel has already partnered with the Indian Farmers' Fertilizers Cooperative Limited (IFFCO) to set up IFFCO Kisan Sanchar Limited in Rajasthan. Under this initiative, the cooperative department will provide ebankinghandsets to farmers at marginal price through its outlets in the rural areas. These handsets would be loaded with green SIM cards, which will flash daily updates on agricultural practices and weather forecast free of cost. While he did not provide details, Kapoor hinted that the partnership deal would be extended to e-banking services too. Kapoor reasons that with 55 per cent of the mobiles being internet-enabled, ebanking would help bridge the digital divide. Reliance Communications [Get Quote], on its part, allows ICICI Bank [Get Quote] account holders with Reliance handsets (even the low-end Rs 1,000 ones - with or without Internet connectivity) to make intra-bank (to ICICI account holders) money transfers. It has already tied up with HDFC [Get Quote] to offer Reliance mPay - a virtual credit card.
E-BANKING SUGGESTION Micro payments
82
In the more affluent economies, a good infrastructure for a cashless environment is already prevalent and most people have bank accounts and access to both debit and credit facilities. These factors are incentives in the developing countries to move the population at large away from cash with introductions of low cost solutions such as micro-payments to further efficiency gains. SMART Money The service was launched in December 2000 in co-operation with First E-Bank, which has since been acquired by Banco de Oro, and MasterCard, one of the world’s leading payment services providers. According to SMART, SMART Money was the world’s first re-loadable electronic cash wallet, linked together by their cellular network. Once cash has been transferred to the SMART Money account, it can be used in thousands of shops and restaurants. The cash value can also be used to load airtime, pay utility bills, or transfer money from one SMART Money card to another.
G-Cash The service was launched in October 2004, with an initial set of three anchors services; international and domestic remittance, P2P
83
(phone-to-phone or person-toperson) transfers and payments for retail purchases. With G-Cash, all of Globe’s subscribers are mCommerce-enabled. As users do not need to have a card or bank account to be part of the service, G-Cash is able to provide MCommerce capability to a previously underserved segment of the market, including those who currently do not do banking. Unlike Smarts approach whereby it operates the service jointly with BDO, GLOBE on its own maintains records of all transactions and arranges settlement between the retailers and the G-Cash customers. G-Cash provides services through close to 4,900 retail outlets nationwide and more than 500 G-Cash partners. E-banking Remittance
Migrant remittances, which are personal flows from migrants to their friends and families, have become a major source of external development finance, and in the process, play an effective role in reducing poverty. Capitalizing on the benefits of such a system, remittance services can become cheaper and more convenient, thus improving financial access of migrants, their beneficiaries and the financial intermediaries in the origin countries.
Microfinance through E-banking Technology
Currently, a major constraint to microfinance is the high cost of operating in remote areas. Many institutions are now working
84
toward low-cost delivery options such as Internet banking and cashless transactions to help the rural poor. The e-bankingdevices that could be a more efficient tool for such transactions. For people in such rural areas, using computers is often a problem due to faulty Internet connections and frequent power failures. Hence, providing micro credits through a e-bankingplatform (SMS-based) could be the best way to reach out to the poor.
RBI GUIDELINES FOR E-BANKING
85
The Reserve Bank of India on Friday released its final operative guidelines for e-banking. The central bank has decided to keep the limit on the ticket-size for e-banking at Rs 2,500 per transaction, and Rs 5,000 per day. Banks have also been allowed to put in place a monthly transaction limit, depending on the bank’s risk perception of the customer. While the guidelines will enable lenders such as State Bank of India and Axis Bank to go ahead with their launch of mobile-banking services, the central bank has decided to restrict the services only to holders of debit and credit cards. The card user base in the country is 80 million, with 55 million debit card users and 25 million credit card users.
Only
Indian rupee-based domestic services shall be provided on the mobile- payment platform, and the use of mobile-banking for cross-border transactions have been strictly prohibited. Banks which are based, licensed and supervised in India will be allowed to offer such services. Further, only banks which have implemented the core banking platform will be allowed to offer e-banking. At the same time, the RBI has recommended that all e-banking transactions are validated through a two-factor authentication system, thereby complying with the latest security and encryption standards.
PROGRESS OF E-BANKING
86
If technological revolution is at its peak, One of the important sectors of the economy where technology is at it helm of affairs with respect to customer service is banking. Over the years has banking rise above from a traditional brick-and mortar model of customers queuing for services in the banks to modern day banking where banks can reach at any point for their services. In today’s business, technology has been on the predominant indicators of growth and competitiveness. Entry of new banks resulted in a paradigm shift in the ways of banking. The banking industry today is in the midst of an IT revolution. The combination of regulatory and competitive reasons have led to increasing importance of total banking automation in the banking Industry. . Information Technology has basically been used under two different avenues in banking. One is Communication and Connectivity and other is Business Process Reengineering, both basically focusing on increasing its customer reach. Information technology enables sophisticated product
development,
better
market
infrastructure,
implementation of reliable techniques for control of risks and helps the financial intermediaries to reach geographically distant and diversified markets The latest revolution seems to happen with
87
respect to e-banking an attempt to leverage on the synergies of ebanking technology in telecom and information technology in the banking services. Today, Banks have welcomed wireless and e-banking technology into their boardroom to offer their customers the freedom of paying bills, planning payments while stuck in traffic jams, to receive updates on the various marketing efforts while present at a party to provide more personal and intimate relationships. Ebanking can be classified as Push vs. Pull and Transaction vs. Enquiry that is briefly given below Push Based, Pull Based o Transaction some of the other features where e-banking has lent its hand are Fund Transfer & Bill Payment where the customers have the freedom of maintaining account through mobile. E-banking has also welcomed other financial services like share trading. The
latest
Information
technology
revolution
enables
sophisticated Enquiry Based banking services for Credit/Debit Alerts. Some of the other outcomes of the Revolution in the banking industry are Minimum Balance Alerts, Account Balance Enquiry, Account Statement Enquiry, Cheque Status Enquiry, Cheque Book Requests and Bill Payment Alerts. The last time that technology had a major impact in helping banks service their customers was with the introduction of the Internet banking. However the biggest limitation of Internet banking is the requirement of a PC with an Internet connection, not a big obstacle if we look at the US and the European countries, but definitely a
88
big barrier if we consider most of the developing countries of Asia like China and India. E-banking addresses this fundamental limitation of Internet banking, as it reduces the customer Requirement to just a e-banking. E-banking usage has seen an explosive growth in most of the Asian economies like India, China and Korea. The main reason that E-banking scores over Internet banking is that it enables ‘Anywhere Banking'. Customers now don't need access to a computer terminal to access their banks, they can now do so on the go – when they are waiting for their bus to work, when they are traveling or when they are waiting for their orders to come through in a restaurant. The scale at which E-banking has the potential to grow can be gauged by looking at the pace users are getting e-banking in these big Asian economies. Revolution of E-banking phones in banking service. According to the Cellular Operators’ Association of India (COAI) the e-banking subscriber base in India crossed the 50 million mark in October 2005, which stood at 50.87 million. The explosion as most analysts say, the worldwide number of cellular subscribers will surpass 2 billion in 2005—up from 11M in 1990 and 750M in 2000. Worldwide cellular subscribers are forecasted to reach 3.2B by the end of 2010.Among the leaders in e-banking technologies, most aggressive being Korea which is now witnessing the roll-out of some of the most advanced services using 3G technologies, like using e-banking phones to pay bills in shops and restaurants. The growth of e-banking technology over the last few years has enriched the progress of the e-banking services.
89
Technologies like IVR, SMS, WAP, J2ME, and J2EE & BREW have revolutionized the use the e-banking phones in banking services. Though all the above predictions on cellular base, the Use of ebanking technology with respect to banking services is at a very infant stage. There are a lot of challenges and issues relating to content, security, coverage, technology and connectivity speed are to be sorted out with respect to e-banking technologies. Objectives of the Report:1. To study the technological readiness in relation to the challenges faced by the players particularly the banks with respect to e-banking in order to enhance global competitiveness by embracing technology and banking services.2. To study and awareness, expectation and acceptance levels of the Customers with respect to its use and effectiveness of e-banking
E-BANKING STATUS IN INDIA Today there are a lot of financial institutions providing various financial services: banks, internet banks, payment systems and so on. But competition always existed and today it is more than just
90
existing: it's fierce as never before. In view of this fact, new and new services are appearing. Some of them are good, while other ones are not. But there is one service that hit the bull's eye: ebanking. So today this industry is developing in a fly pace. In India e-banking also found its admirers and develops greatly. Two important yet quite unrelated events in the evolution of ebanking payments in India occurred in 2008. First, the new credit policy of the RBI came along with guidelines for facilitating e-banking payments. Second, Dr Raghu Raghuraman's CSFR report states that ''E-banking is the most promising front end technology'' for broadening the access of finance in the country. These two taken together are defining moments in the (a) recognition of e-banking now as an accepted channel for banking & commerce, and (b) clearing the way for its rapid and mass deployment across the country by the Financial sector. Technology related regulations can never keep up with the fast pace nature of tech innovations and progress, nor fully define it. Regulation here has to have a light touch, so as not to throttle innovation, yet which serves public interest. The use of e-banking for financial and non financial transactions has had a chequered past. Several initiatives over the last ten years
91
(overseas) have come and gone, and as we speak several more initiatives into the future related to NFC, contact less are emerging. The difference between now and then is that mobiles have come along way. They find themselves in the hands of a third of humanity, and have pipped the internet in penetration! Several initiatives in Sub Saharan Africa, Eastern Europe and Far East have been popular and working well for the last few years. So its time has come, and the RBI guidelines are the recognition of homegrown initiatives over the last year or so which have pioneered the new paradigm. E-banking payments are a wireless consumer product or service. In short a benefit - convenience, as is, search, escalators, ATM's, etc. Methods and approaches for e-banking commerce will differ across region, country and even service providers. As each stakeholder has its own assessment of what works best and what value proposition appeals to the consumer. The key takeaways from the guidelines are that appropriate levels of security and safeguards need to be adopted. Those already have been done by all banks which do deploy these services. So, whether it be a SMS, USSD, GPRS, Smart phone, WAP - all such delivery mediums are acceptable. Basic principles of PIN management, customer confidentiality, KYC, ALM, customer registration, risk mitigation, consumer protection, etc are applicable. Just as they would apply to credit
92
cards, ATM cards, ATM's, collection boxes, internet banking, internet e commerce, telephone banking, cheque books, bank web site, etc. Which is not to say that there is a fool proof system for any of these, but they are as 'safe' as long they generate enough 'trust' and convenience to offset perception (and actual) of risk so as to be pervasive in the financial system. After all a wallet with cash is only as safe as you keep it. Neither cash nor wallet can be pilfer (tamper) proof! Indian banks and payment service providers have been by and large dovetailing their e-banking payment initiatives under the umbrella of e-banking even before the guidelines were out. The banking system has already been in conformity with these suggested guidelines, which now have the sanction of the Reserve Bank. Banks' own operating experience and other payments a system prevalent have provided the necessary grist for the RBI mill, and as time goes on hopefully these will evolve and become far more enabling for stakeholders, rather than favor one approach or another or cripple themselves in strangulated regulations. On the financial inclusion side if we go strictly by Dr Raghuraman's recommendations of creating a 'national electronic financial inclusion system' (NEFIS) then the backbone of such a system would be its is ability to carry out small value transactions (Rs100) at limited transaction cost (sub Re1). And the only way that can be
93
done on a mass acceptable basis is via SMS, which is the single most pervasive feature in e-banking technology revolution, cutting across all SEC's, geographies, handset vendors, MNO;s etc. .
CORPORATE EXAMPLE OF E-BANKING IN INDIA Barclay Bank launched Hello Money
94
Barclays Bank recently launched ‘Hello Money’, a e-banking service that enables one to do an entire range of things — enquiry, funds transfer, bill payments and requests for financial statements. Until this product arrived, the best ‘e-banking’ one could do was to check bank balance or phone-in instructions to the banker. But with Hello Money, a customer of Barclays can, for example, pay his electricity bills via the e-banking. Click a few keys and the account is debited, the bill is paid — all without any human interface. Over time, Barclays intends to enlarge the scope of this service to include payments to a whole lot of other things, such as for purchase of an air ticket. ANZ Bank has launched a new e-banking ANZ Bank has launched a new Java- based e-banking application to give ANZ customers the opportunity to perform a selection of banking transactions from their e-banking. Registered ANZ customers will be able to make payments and transfer money from their accounts using M-Banking and request statements as SMS messages. To ensure the security of its customers' accounts, ANZ have implemented SSL (Secure Sockets Layer) encryption similar to regular Internet banking, and transactions from an account can only be performed on a single pre- registered ebanking handset and only after password authentication.
95
CASE STUDIES LG Telecom, South Korea In terms of the evolution of services being offered on e-banking applications, South Korea is showing the way.
96
The big push came when LG Telecom Ltd., the smallest of Korea's three e-banking service providers teamed up with the Kookmin bank to launch the ‘Bank on' service. Under this scheme e-banking users were able to use smart chips embedded in cell phones for accessing all of the transaction and enquiry based services. The chip-based service automated the authentication of users when they accessed their bank's financial services to make the whole process much faster and convenient. The icing on the cake came with the ability of these chip enabled cell phones to be used simultaneously as cash cards. By October 2004 there were already about 100,000 infrared readers adapted to take payment directly from e-banking handsets in Korea. Users can now use their cell phones to pay for everything, from restaurant bills, travel tickets, merchandise and even haircuts.
Reliance Infocomm, India When Reliance Infocomm, India rolled out its CDMA network, (at the time the e-banking market in India was still in its infancy, and data services were almost never heard off) it made sure that all handsets supported Java. The Reliance application platform, also known as R-World brought Java compatibility even to the lower end phones.
97
Reliance used a novel way to overcome the memory limitations of lower-end
e-banking
which
hampered
deploying
of
multiple
standalone J2ME based clients. Instead of storing applications statically on their cell phones, users access a single menu based application called R-World, which connects them to the Reliance servers. Using the menu based user interface, e-banking users select the application, which they want to run and download them over-theair to their cell phones. These applications are then executed locally on the mobiles. From mid-2004 Reliance tied up with two of the popular private sector banks, HDFC and ICICI, to provide a host of their enquiry and transaction
based
e-banking
services
through
its
R-World
environment.
CONCLUSION For service providers, E-banking offers the next surest way to achieve growth. Countries like Korea where e-banking penetration is
98
nearing saturation, e-banking is helping service providers increase revenues from the now static subscriber base. Also service providers are increasingly using the complexity of their supported e-banking services to attract new customers and retain old ones. For the fact is that one day, in most of the world emerging markets, more people will use e-banking telephones than use fixed telephone lines. Businesses that are based on e-banking financial serviced will thus be a natural fit for these economies. What is more, there is no need to wait for the next generation e-banking networks; these businesses can be built using today's technology. But to capture this significant opportunity, financial firms and telecommunications companies will have to forge partnerships with one another and, possibly, with merchants and retail chains as well.
While electronic banking can provide a number of benefits for customers and new business opportunities for banks, it exacerbates traditional banking risks. Even though considerable work has been done in some countries in adapting banking and supervision regulations, continuous vigilance and revisions will be essential as the scope of e-banking increases. In particular, there is still a need to establish greater harmonization and coordination at the international level. Moreover, the ease with which capital can potentially be moved between banks and across borders in an electronic environment creates a greater sensitivity to economic policy management. To understand the impact of e-banking on the conduct of economic policy, policymakers need a solid analytical foundation. Without one, the markets will provide the answer, possibly at a high economic cost.
99
Further research on policy-related issues in the period ahead is therefore critical. In conclusion e-banking creates issues for banks and regulators alike. For their part, banks should: Have a clear and widely disseminated strategy that is driven from the top and takes into account the effects of e-banking, together with an effective process for measuring performance against it. Take into account the effect that eprovision will have upon their business risk exposures and manage these accordingly. Undertake market research, adopt systems with adequate capacity and scalability, undertake proportional advertising campaigns and ensure that they have adequate staff coverage and a suitable business continuity plan. Ensure they have adequate management information in a clear and comprehensible format. Take a strategic and proactive approach to information security, maintaining adequate staff expertise, building in best practice controls and testing and updating these as the market develops. Make active use of system based security management and monitoring tools. Ensure that crisis management processes are able to cope with Internet related incidents. One of the benefits that banks experience when using e-banking is increased customer satisfaction. This due to that customers may access their accounts whenever, from anywhere, and they get involved more, this creating relationships with banks. Banks should provide their customers with convenience, meaning offering service through several distribution channels (ATM, Internet, physical branches) and have more functions available online. Other benefits are expanded product offerings and
100
extended geographic reach. This means that banks can offer a wider range and newer services online to even more customers than possible before. The benefit which is driving most of the banks toward ebanking is the reduction of overall costs. With e-banking banks can reduce their overall costs in two ways: cost of processing transactions is minimized and the numbers of branches that are required to service an equivalent number of customers are reduced. With all these benefits banks can obtain success on the financial market. But ebanking is a difficult business and banks face a lot of challenges. And so in conclusion e-banking creates issues for banks and regulators alike. For our part we will continue our work, both national and international, to identify and remove any unnecessary barriers to ebanking. For their part, banks should: Have a clear and widely disseminated strategy that is driven from the top and takes into account the effects of e-banking, together with an effective process for measuring performance against it. Take into account the effect that eprovision will have upon their business risk exposures and manage these accordingly. Undertake market research, adopt systems with adequate capacity and scalability, undertake proportional advertising campaigns and ensure that they have adequate staff coverage and a suitable business continuity plan. Ensure they have adequate management information in a clear and comprehensible format. Take a strategic and proactive approach to information security, maintaining adequate staff expertise, building in best practice controls and testing and updating these as the market develops. Make active use of system based security management and monitoring tools. Ensure that crisis management processes are able to cope with
101
Internet related incidents. I started my talk today by noting potential benefits as well as the risks in e-banking. I end in the same way. Certainly there are risks. But there are also opportunities, and significant potential benefits for consumers, banks and regulators. We see no problems in principle with mitigating and managing the risks both for new entrants and existing players. As regulators we need to ensure that our approaches are adequate to deal with the risks without getting in the way of the innovations and benefits that E-banking brings to firms and consumers. We are very mindful of this as we develop our rules and guidance but will be looking also to you in the industry to help us to achieve the right balance
BIBLIOGRAPHY http:/www.bis.org/pub/bcbs76.htm
102
http:/www.allbusiness.com/technology/technologyservice/278931-1.html E-banking in India – challenges and opportunities by Uppal, R.K and Jantana, Rimpi Business objects learning solution to power e- business intelligence, editura business object 2001
View more...
Comments
