Join Our WhatsApp Group NOW!

Slots Open for Interview Growthcamp | Enroll Now
Subscribe to our Newsletter

Admissions Open for Six Weeks' Holistic Development Growthcamp- Click To Know More | Admissions Open for Six Weeks' Holistic Development Growthcamp- Click To Know More | Admissions Open for Six Weeks' Holistic Development Growthcamp- Click To Know More
E-Security In Banking Systems An Analysis

E-Security In Banking Systems An Analysis

YLCC Admin YLCC Admin
Cyber LawLegal Insights
February 5, 2022

Introduction-

The internet has had a huge influence on how we communicate and do business today. As a result of the internet, electronic commerce has emerged, allowing businesses to interact more efficiently with their customers and other firms both within and beyond their industries. One firm that is utilizing this new communication channel to reach out to its customers is the banking industry. Customers’ demands for service at any time and from any location, as well as product speed-to-market needs and more complex back-office integration challenges, are all satisfied by the e-banking system, however, this has resulted in E-frauds which is a key cause of concern because of its growing incidence, notably e-banking schemes. In terms of speed, convenience, and delivery costs, online banking and other e-banking modes are a highly handy method to the bank, but they also come with a lot of hazards. Online banking has given birth to a new risk mindset as well as new risk categories. Technology is essential in risk management as both a source and a tool. The goal of this study is to determine the current state of e-banking application security and to examine the dangers and attacks that users may encounter.

Motivations Of Electronic Banking-

The Internet continues to expand at a breakneck speed. As a result of the Internet’s growth, hundreds of thousands of people are experimenting with electronic banking. Around 700,000 to 800,000 individuals are experimenting with PC banking, according to Joshua Reymer, a Boston Consulting Group analyst, with Citibank leading the way. The ease of internet banking draws more clients as the Internet develops.

Importance of E-Banking

The major advantage of e-banking for the bank is cost savings, whereas the primary benefit for the customers is convenience. E-banking encompasses not just how one purchases on the internet, but also how one conducts financial operations. Customers were given additional freedom in terms of where and when they may bank as a result of this. Because of the numerous dangers that have lately been detected with these alternate channels, banks are required to implement more stringent security measures. For both banks and their clients, e-banking offers a variety of benefits:

  • It removes geographical restrictions for small and medium-sized banks, allowing them to conduct worldwide business without restrictions.
  • It has no time constraint, i.e., financial transactions may be done at any time of the day, week, or from anywhere they have an internet connection.
  • It allows for effective cash management and interest rate optimization.
  • It is cost-effective in terms of capital, labor time, and any other resources required to complete a transaction.
  • It has aided banks in improving data collecting, data management, and financial engineering, which has enhanced potential creditors’ capacity to assess potential borrowers’ creditworthiness and price the risk associated with those borrowers using standardized methods like credit scoring.[1]

Advantages of Electronic Banking

The usage of e-banking has several advantages. E-banking allows you to do business at any time and from any location. Customers may access their accounts at any time and from any location via websites or cards, so they don’t have to worry about bank hours or long queues. Financial transactions are no longer limited by region or time in today’s society. The simplicity with which transactions may be done with a single mouse click is the most major feature of internet banking. As a result, ‘brick and click institutions’ and ‘virtual banks’ are slowly overtaking traditional banks. Clients also save money and time since they no longer need to go to the bank for every financial transaction. Banks are expected to save money on operational expenditures such as physical infrastructure and human resources as a result of this new form of banking. The provision of better and more contemporary amenities benefits customers.) Banks can maintain their customer base if online concerns or queries are addressed swiftly and efficiently. Banks now have more time to focus on providing better and new services to their customers as a result of the reduction in mechanical work. As a result, it provides a competitive advantage to financial institutions. Due to the growing popularity of the internet, virtually all banks now provide online banking. As a result, e-banking is no longer only a marketing tool for banks; it is now a need.[2]

E-Banking in India-

Electronic banking indicators are utilized in India in a variety of ways. We will just look at the most important aspects of e-banking in this research, such as ATMs, NEFT, Debit cards, and Credit cards.

ATM Automated Teller Machines, or ATMs, are a type of contemporary machine that allows people to access money daily without having to physically visit a bank. Because consumers may withdraw money from any of the bank’s ATMs at any time, the system is known as “Any Time Money” or “Anywhere Money.” The most popular method of immediately delivering cash is to utilize an ATM.

NEFT– National Electronic Funds Transfer (NEFT) is an acronym for National Electronic Funds Transfer. It is a national payment system that allows for one-to-one money transfers. Funds may be electronically moved between any two NEFT-enabled bank accounts using NEFT. It was created in November 2005 in the nation to help people and businesses with their transfer needs. NEFT fund transfers are paid in hourly batches, with 12 settlements taking place on weekdays between 8:00 AM and 7:00 PM. “Several other unique features are available in the system, including accepting cash for originating transactions, initiating transfer requests without any minimum or maximum amount limitations, facilitating one-way transfers to Nepal, receiving confirmation of the date/time of credit to the beneficiaries accounts, and so on.” (RBI). India’s digital economy and online payment system are expanding. According to RBI data, 928 million transactions worth 60 trillion rupees were processed through NEFT in 2014-15, compared to 661 million transactions worth 44 trillion rupees in 2016.

Debit Cards- A debit card is a type of plastic money that may be used to make purchases. It saves the cardholder time by eliminating the need to carry paper money.) Customers may make purchases without spending cash by swiping their cards. When debit cards are utilized, money is taken straight from the user’s bank account. They do not, however, give credit. Customers can also use ATMs with debit cards. When a consumer establishes a savings account with a bank in India, the majority of banks issue debit cards. As a result, they are quite simple to get. Banks may also promote an ATM-debit card, which functions similarly to a debit card. Debit cards are typically favored over cash while traveling out of town (or out of the country) since they are easier to carry. They are preferable to credit cards since they do not allow you to spend more money than you have in your account. As a result, no one is allowed to be in debt. Furthermore, unlike credit cards, there are no interest charges associated with their use. Because money is deducted instantaneously when the card is used, the cardholder must have sufficient funds in their account to make transactions; otherwise, the transaction would be denied. Because the money is pulled quickly, there is a higher chance of things going wrong with the transaction because the bank will not put money back into the account.

Credit Cards- Credit cards are a type of plastic money that enables the bearer to purchase goods and services on a credit basis. The cards are provided by banks, and when the cardholder swipes the card for a purchase, he is given a line of credit, allowing him to make purchases on credit that will be returned to the bank later. There are several benefits to using this kind of banking. The most significant benefit is the convenience of not having to carry cash because transactions may be made using cards. Transactions are accurately documented, which aids in the keeping of reliable records. Banks may also provide additional savings when credit cards are used at specific restaurants, stores, or online programs. The most common concern about using a credit card is that it will lead to greater spending than is necessary. Furthermore, there is a danger of fraud if the card is stolen or if the card information is given without permission.[3]

Concerns of Electronic Banking-

E-banking is becoming the norm rather than the exception for banks. However, despite the numerous benefits that make banking convenient and straightforward for clients, there are certain challenges and hurdles that must be overcome. Electronic Banking is a new technology with great advantages but also many potential drawbacks, therefore users are hesitant to accept it. The following are a few of them:

Government– The Electronic Banking system, in the eyes of the government, is a danger to antitrust rules. Electronic Banking also raises questions regarding bank reserve requirements, deposit insurance, and consumer protection legislation related to electronic money transfers.

Business– Businesses are particularly concerned about this new kind of communication. Because companies handle the majority of big-money transfers, they are concerned about the security of their funds. At the same time, these companies evaluate the possible time and cost savings connected with this system (making cash deposits and withdrawals, for which some banks impose fees). Another issue of the firm is the client. Businesses assess the likelihood that a sufficient number of potential customers would refuse to make a transaction if the firm refused to accept a certain payment method (e.g. electronic cash and electronic check). As a result, there would be a decrease in sales. Customers will have more purchasing power if this technique becomes widely utilized, increasing pressure on firms to allow consumers to use electronic money transfers.[4]

Banks– The internet and the IT revolution have opened the path for the banking industry to adapt to the need for quick and easy banking. Banking and transactions through the internet, mobile, ATM, and other means have become quick and painless thanks to the legal recognition granted by the IT Act of 2000. Nonetheless, the advent of the internet revolution and growth has provided scammers with a new platform to operate on. With a significant shift in the mode of banking, and a stronger integration of technology into the current idea of banking, fraudsters have had more opportunities to conduct frauds on clients.

Role of RBI in curbing Banking Frauds– The Reserve Bank of India mandated that banks disclose fraud incidents in 1970. The banks are responsible for combating fraud, while the RBI serves as an adviser. The RBI has regularly issued instructions and guidance to banks regarding the essential safeguards and preventative measures against fraud. Banks are also being given information on unethical borrowers and linked parties who have committed frauds against other banks so that they may be cautious when dealing with them.

The Reserve Bank of India (RBI) had recommended banks take precautions due to a rise in the number of cyber fraud cases.

(i)Introducing minimum checks and balances, such as two-factor authentication for “card not present” transactions;

(ii) converting all strip-based cards to chip-based cards for improved security;

(iii) issuing debit and credit cards only for domestic use unless specifically requested by the customer;

 (iv) imposing a threshold limit on international debit/credit card usage;

(v) a continuous evaluation of card transaction patterns in collaboration with consumers; and

(vi) providing SMS notifications for card transactions, and so on, to reduce the impact of such attacks on both banks and customers.

The Reserve Bank of India has repeatedly counseled banks on ways to minimize fraud. Unfortunately, despite the RBI’s many preventive efforts, the number of frauds and cyber frauds has not decreased.[5]

Technology– Some technical challenges must be overcome to enable effective and secure banking transactions. The following are the major areas:

  • Security- The primary concern of Internet-based industries is transaction security. The lack of security could lead to serious consequences. The security issue, as well as possible attacks due to insufficient protections, will be discussed further in the following section. Many customers still refuse to use e-banking services because they do not believe e-banking or online banking is secure. Phishing, spamming, spyware, internet theft, and other online banking frauds are still prevalent and a barrier to e-banking expansion. These security issues must be addressed to regain customers’ trust.
  • Anonymity- It’s tough to track down the perpetrator of a cyber scam since it takes place behind a computer screen, especially if the fraud is detected late. It’s tough to track down the perpetrator of a cyber scam since it takes place behind a computer screen, especially if the fraud is detected late. Because it is a subset of the security issue, the privacy issue will be explored later in the Privacy Technology section. Strengthening the privacy technology will protect the sender’s personal information while also improving the security of the transaction.
  • Authentication- Although encryption can assist to protect transactions, it’s also critical to ensure that no one on either end of the transaction tampers with the data. There are two methods for ensuring that the message remains unaltered. The safe Hash algorithm, which is described as “a check that secures data against most modification,” is one type of verification. The data produced by the Hash algorithm is sent by the transmitter. The receiver repeats the calculation and double-checks the results to ensure that everything arrived in working order. There has been a shift in the message if the two findings vary.

Security Risk in Electronic Banking-

Internet banking security includes both computer and communication security. The goal of computer security is to safeguard computing resources from misuse and illegal access, as well as to protect data from damage, disclosure, and alteration. The goal of communication security is to keep data safe while it is being transmitted across a computer network or in a distributed system. Personal data and identification, as well as passwords, are usually associated with personal property, confidentiality, and may pose security risks if exposed. Illegal access to and use of private information can lead to identity theft and asset theft, among other things. Phishing, Malware, lotto fraud, and the list goes on and on when it comes to data security breaches. Individual privacy is violated by these security breaches. As a result, it’s critical to include non-repudiability, which implies that a trusted third party that possesses the identity certificates may attest to the sender’s and receiver’s identities.

Security System for Online Banking in India-

  • Users id & Transaction Password– In the early 1980s, New York became the first city to provide online banking using a user id and a text password. A consumer must register with a unique id and password for user verification to utilize online banking services. The new User id must be between 6 and 19 characters long, and the password must be between 8 and 17 characters long, with at least two alpha and two numeric characters. Security data may be specified for email addresses, Security Queries, Authentication Passphrases, and Computer Registration. Users may now access and use internet banking services to their full potential.
  • OTP– Using a Mobile Phone for a One-Time Password (OTP) Service Personal Internet Banking was introduced in Japan in 2007. This is an authentication service that uses a one-time password (OTP) in addition to a standard ID and password for personal identification. By downloading special password-generation software on their mobile phone, users may use this OTP for greater security during online transactions. In addition to their regular ID and password, users can complete authentication by entering an OTP provided by the mobile phone application. Each user’s one-time password is unique, and a new password is created every minute. Even if a third party obtains the password fraudulently, it cannot be utilized once it has expired.
  • QRP– Quick Response Protocol, or QRP, is a secure authentication method that employs two-factor authentication by combining a password with a camera-equipped mobile phone, which serves as an authentication token. For encrypted data, it is both safe and simple to use. For usage on untrusted systems, it is an extremely secure protocol.
  • Biometric- Biometrics are utilized only for safe ATM transactions. The use of a biometric method such as an iris/retinal scan, hand geometry, or fingerprint scan can substantially increase overall security in such a transaction. Customers just need to register their biometric data at a bank location. They will then be able to withdraw money from an ATM by just entering their biometric password, date of birth, and PIN.
  • OTP & QR Code– The system with the combination of OTP and QR code was created to reduce the threat of phishing and to validate user identification. The QR-code may be read by the user’s mobile device, bypassing the vulnerability of the standard password-based method. The use of a one-time password (OTP) hidden inside a QR code improves security.
  • Grid Authority Card-Grid authority Card is a card that aids in the prevention of fraud at the first stage, ensuring that fraud does not occur. In this method, the client enters his or her credit card information as well as the Grid Characters on the credit card’s linked grid card. The alphabets are connected with the numeric numbers written on the grid card. The user interface program via which the consumer connects to the Payment Gateway through a secure internet connection generates these grid codes at random. If a credit card is stolen or misplaced, no one can make online payments without the Grid Card. It aids in the abolition of internet scams.
  • E-Token– When signing on to Internet Banking, the E-Secure Token adds an extra layer of protection. The secure Token offers a “One-Time-PIN” (OTP) that should be used in conjunction with a login and password to access Internet Banking services. Because each OTP is only good for one session, the E-Secure Token should be used to create an OTP for each login. To get a login OTP, the user must turn on his E-Secure Token by pressing the On/Off button. He must next input his four-digit secret pin. The login OTP will be shown on the user’s E-Secure Token LCD screen message.
  • Security Question– The verification procedure for Internet Banking customers was enhanced by decreasing the number of possibilities to correctly answer security challenge questions based on research for multifactor authentication (MFA) and fraud risk mitigation. Users could previously choose three security challenge questions to be shown during MFA and had up to five chances to answer them successfully. The first security challenge question was provided to the user, and he or she had two chances to respond correctly. If the user did not offer the proper response, the user was provided with a second safety challenge question, and he or she was given two chances to provide the correct answer. If the user still couldn’t reply correctly, the third safety challenge question was offered, and the user only had one chance to respond correctly. If the user was unable to correctly answer the questions, the user was locked out of Internet Banking until customer support unlocked or reset the MFA configuration for the user.
  • SMS Banking– SMS Banking is a service that allows consumers to obtain account information via their mobile phone. Push and pull messages are used to operate SMS banking services. Push messages are ones that a bank chooses to send to a user’s phone without the user requesting the information first. Poll messages are those that are initiated by the client to get information, use a mobile phone, or complete a bank account transaction. SMS banking offers a variety of services such as account balance inquiry, transaction inquiry, cheque status inquiry, and password change. To use this SMS banking service, the user must first enroll at his or her bank’s branch.
  • Secure Connection– For a safe connection during any sort of online transaction, various banks use different types of security algorithms and protocols.[6]

Attacks & Compromises

When a bank’s system is linked to the Internet, an attack could come from anywhere at any time. Before the business can be reliably conducted on the Internet, some level of security must be established. An assault might take the following forms:

  • The invader may only be able to obtain illegal access.
  • When an intruder obtains access to data, he or she destroys, corrupts, or otherwise changes it.
  • The intruder gets access and takes control in part or whole, sometimes denying privileged users access.
  • Instead of gaining access, the intruder forges communications from your system.
  • Instead of gaining access, the intruder uses malicious operations to cause the network to crash, reboot, and hang.

Cracking has become extremely difficult, but not impossible, thanks to modern security measures. Furthermore, if the system is not set properly or new patches are not deployed, hackers may exploit a security flaw to break into the system. On the Internet, there is a wealth of information on security holes and how to repair them. This information should be kept up to date by the system administrator.

Common cracking attacks include:

  • E-Mail Bomb– This is a method of harassment. A conventional e-mail bomb is just a sequence of messages delivered to your inbox (perhaps thousands). The attacker’s goal is to stuff the mailbox with junk mail.
  • Denial-of-Service(DoS) Attacks– DoS attacks can take down the whole network (or at least the hosts that use TCP/IP) for a short period. DoS attacks are a serious threat to IP implementations. As a result, they can appear on any platform, and a single DoS attack may be effective against multiple operating systems. Many denial-of-service (DoS) attacks are well-known and well-documented. Available fixes must be implemented.
  • Sniffer Attacks– Sniffers are network packet capturing devices. They are made up of both hardware and software. Sniffers function by turning on promiscuous mode on the network interface. All computers on the network can ‘hear’ the traffic going through in normal circumstances, but they will only reply to data directed directly to them. However, if the computer is set to promiscuous mode, it can record all network packets and frames. Passwords and other sensitive information can be captured by sniffers. Because sniffers are passive programs, they are exceedingly difficult to detect. For this, an encrypted session is an excellent option. An attacker will be unable to use encrypted data if it is sniffed. However, not all programs come with built-in encryption.
  • Holes– Any flaw in hardware, software, or policy that allows attackers to gain unauthorized access to your system is referred to as a hole. Routers, client and server software, operating systems, and firewalls are examples of network technologies that might contain flaws.[7]

Conclusion-

Fraud costs the banking industry and, as a result, the Indian economy a lot of money. With the introduction of e-banking systems, banks are now required to implement more stringent security measures. Frauds should be quickly reported to the Reserve Bank, following its categorization and criteria, to decrease, if not eradicate, fraud and cyber fraud in the country. Strict penalties should be imposed on banks that fail to report such occurrences or take an excessive amount of time to do so. Furthermore, improving Know Your Customer (KYC) rules is essential since it stops people with criminal intent from ever accessing the bank. Another important component is increasing client awareness and informing them about the security measures to follow, especially while doing online transactions, utilizing ATMs, and so forth. Additionally, banks should create internal rules and security processes, as well as fraud investigation and reporting, to reduce fraud risks. By adopting a few extra measures, banks and customers may successfully reduce fraud instances. There are numerous potential difficulties linked with this nascent business owing to the inadequacy of the security procedures. Many companies have created numerous solutions in both software-based and hardware-based systems to mitigate possible security risks. Software-based solutions are more popular than hardware-based solutions since they are easier to distribute and less costly. The security and privacy features of electronic banking must be addressed for it to continue to expand. Electronic banking might have a bright future if security and privacy concerns are addressed.

[1] Gautam L et al, E-Banking in India : issues and challenges, Sch J Econ Bus Manag 54-56 (2014).

[2]5 Ms. Jasdeep Kaur, Growth of E-Banking in Inida, IJRFM 93 ( May 5, 2017)

[3] Ibid, 91-93

[4] Yi-Jen Yang, The Security of Electronic Bnaking

[5] Varun Tripati, Frauds and Cyber Frauds in Banking Sector (2014).

[6]3 Samir Pakojwar & Dr. N.J. Uke, Security in Online Banking Services- A compararative study, IJIRSET 16852-16854 (2014).

 

YLCC would like to thank Priyanshi Singh for her valuable insights in this article.


Related Posts
error: Content Protected
Close
Search

Hit enter to search or ESC to close