ONLINE BANKING By Ainsley Wirekoon Online Banking (or Internet Banking) is a system which allows customers to conduct financial transactions on a secure website operated by their bank. Internet banking gives you access to your personal and business accounts online anytime, anywhere. It's the perfect way to do your banking whether from home, office or when traveling because the service is available 24 hours a day throughout the year. Internet banking gives you the freedom to choose your own banking hours giving you greater control of your finances. Internet banking refers to systems that enable bank customers to access accounts and general information on bank products and services through a personal computer (PC) or other intelligent device. Internet banking products and services can include wholesale products for corporate customers as well as retail and fiduciary products for normal customers. The Internet, as an enabling technology, has made banking products and services available to more customers and eliminated geographic and proprietary systems barriers. Some examples of wholesale products and services include: Cash management. Wire transfer. Automated clearing house (ACH) transactions. Cheque presentment and payment. Examples of retail and fiduciary products and services include: Balance inquiry. Funds transfer. Downloading transaction information. Loan applications. Investment activity. Cheque presentment and payment. Other value-added services. FEATURES Online banking solutions have many features and capabilities which are common but some features differ from bank to bank. The common features are as follows: Transactional (performing financial transactions such as transfer between accounts, bill payments, payment of utility bills, wire transfers, applying for loans, etc) Non-transactional (i.e. online statements, check balances, etc) Administration - features allowing the financial institution to manage the online experience of their end users. Personal financial management such as allowing customers to monitor their accounts and view the transactions. Features commonly unique to business banking are: Support of multiple users having varying levels of authority Transaction approval process Wire transfer History The term online became popular in the late '80s and referred to the use of a terminal, keyboard and monitor to access the banking system using a phone line. Online services started in New York in 1981 when four of the city’s major banks (Citibank, Chase Manhattan, Chemical and Manufacturers Hanover) offered home banking services using the videotex system. Because of the commercial failure of videotex these banking services never became popular except in France where the use of videotex was subsidized by the telecom provider. In UK the Prestel system was used. Security Protection through password authentication is not considered secure enough for personal online banking applications in most countries including Sri Lanka. There are two different security methods for online banking. The PIN/TAN system where the PIN represents a password, used for login and TAN representing one-time passwords to authenticate transactions. The most secure way of using TANs is to generate them by using a security token. These token generated TANs depend on the time and a unique secret code, stored in the security token (this is called two-factor authentication or 2FA). Usually online banking with PIN/TAN is done via a web browser using SSL secured connections, so that there is no additional encryption needed. Signature based online banking where all transactions are signed and encrypted digitally. The Keys for the signature generation and encryption can be stored on smartcards or any memory medium, depending on the concrete implementation. Attacks Most of the attacks on online banking used today are based on deceiving the user to steal login data and valid TANs. Two well known examples for those attacks are phishing and pharmimg. Cross-site scripting and key logger/Trojan horses can also be used to steal login information. A method to attack signature based online banking methods is to manipulate the used software in a way, that correct transactions are shown on the screen and faked transactions are signed in the background. Countermeasures There exist several countermeasures which try to avoid attacks. Digital certificates are used against phishing and pharming. The use of class-3 card readers is a measure to avoid manipulation of transactions by the software in signature based online banking variants. To protect their systems against Trojan horses, users should use virus scanners and be careful with downloaded software or e-mail attachments. As the use of the internet continues to expand, more banks and thrifts are using the web to offer products and services or otherwise enhance communications with consumers.