file by niusheng11


									Sr.                     TABLE OF CONTENTS              Page
No                                                     No.
1     Executive Summary                                6

2     Introduction                                     7

3     Direct Baking                                    9
         a. History of Direct Banking
         b. Features of Direct Banking

4     Direct Banking Channels                          12

4a.   Telephone Banking                                12
         i.   Seurity
         ii. Attacks
         iii. Counter-measures

4b.   Automatic Teller Machine                         15
         i.   Security
         ii. Attacks
         iii. Counter-measures

4c.   Mobile Banking                                   19
         i.   Security

4d.   Credit Cards                                     22
         i.   Security
         ii. Attacks
         iii. Counter-measures

5     Direct Banking Services Offered by Canara Bank   27

6     Cost Structure Of E-banking Transactions         32

7   Future Of Internet Banking in India   39

8   Conclusions                           59

9   Biblography                           60

                                          EXECUTIVE SUMMARY

       A bank is a financial institution licensed by a government. Its primary activities include borrowing
and lending money. Direct banking solution is a comprehensive solution for banks to directly acquire, track
and service customers, through the Internet, mobile or call center channels, in the complete absence of a
brick and mortar infrastructure

       A few years ago no self-respecting financial consultant would travel without it: the bar chart
 showing that the marginal cost of Internet banking transactions was a tiny fraction of the cost of branch
 banking. It was the chart that launched dozens of stand- alone Internet banks. As a result, European
 banks have poured billions of euros into building direct channels like the Web, upgrading branches and
 call centers, and trying to integrate all these channels. Major financial futurists predicted bright pro-
 spects to electronic banking. But after some years of excitement it appeared that the banks‘ long-awaited
 sky-rocketing profits from this area would not be yielded..

       Traditional banking was impacted greatly by the commercialization of the Internet in the early
1990s. As the Internet became more generally accessible, traditional banks began to realize its potential to
deliver services to their customers while reducing long-term operational costs. Upon realizing this,
traditional banks began to offer limited services online. The main benefit to each customer is convenience

These services mainly consists of:

      Online Customer Acquisition
      Online Service Fulfillment
      Business Process Outsourcing Services

       Most of the attacks on online banking used today are based on deceiving the user to steal login data
and valid TANs. Two well known examples for those attacks are phishing and pharming. Cross-site
scripting and keylogger/Trojan horses can also be used to steal login information.

       More and more non banking institutions are going to provide the banking functions than the
designated banks in the coming century .Banks are going to be vanished from its existing strong positions.
Financial liberalization, internationalization and technological advancement are going to further pressurize
the banks to make their struggle for existence. If a bank overcome all these pressures survival of the fittest
comes again because of the technological innovation and the type of competition in the banking industry.


A bank is a financial institution licensed by a government. Its primary activities include borrowing and
lending money. Many other financial activities were allowed over time. For example banks are important
players in financial markets and offer financial services such as investment funds.

In some countries such as Germany, banks have historically owned major stakes in industrial corporations
while in other countries such as the United States banks are prohibited from owning non-financial
companies. In Japan, banks are usually the nexus of a cross-share holding entity known as the zaibatsu. In
France, bancassurance is prevalent, as most banks offer insurance services (and now real estate services) to
their clients.

Under English common law, a banker is defined as a person who carries on the business of banking, which
is specified as:

       conducting current accounts for his customers
       paying cheques drawn on him, and
       collecting cheques for his customers.

In most English common law jurisdictions there is a Bills of Exchange Act that codifies the law in relation to
negotiable instruments, including cheques, and this Act contains a statutory definition of the term banker:
banker includes a body of persons, whether incorporated or not, who carry on the business of banking' .
Although this definition seems circular, it is actually functional, because it ensures that the legal basis for
bank transactions such as cheques do not depend on how the bank is organised or regulated.

Wider commercial role

The commercial role of banks is not limited to banking, and includes:

      issue of banknotes (promissory notes issued by a banker and payable to bearer on demand)
      processing of payments by way of telegraphic transfer, EFTPOS, internet banking or other means
      issuing bank drafts and bank cheques
      accepting money on term deposit
      lending money by way of overdraft, installment loan or otherwise
      providing documentary and standby letters of credit (trade finance), guarantees, performance
       bonds, securities underwriting commitments and other forms of off-balance sheet exposures
      safekeeping of documents and other items in safe deposit boxes
      currency exchange
      acting as a 'financial supermarket' for the sale, distribution or brokerage, with or without advice, of
       insurance, unit trusts and similar financial products.

             3)                       Direct Banking:

In Direct Banking financial services are offered by:

      Telephone banking
      Online banking
      Automated teller machines
      Mail banking
      Mobile banking

By eliminating the costs associated with bank branches, direct banks may offer higher interest rates and
lower service charges on their products than their traditional competitors.

Direct banking solution is a comprehensive solution for banks to directly acquire, track and service
customers, through the Internet, mobile or call center channels, in the complete absence of a brick and
mortar infrastructure. Built on new-generation technology, it provides an end-to-end platform that
supports the full-fledged delivery of a comprehensive range of assets and liabilities solutions, facilitated
through direct access to the customer 24/7, 365 days a year.

The solution is usually interfaced with a powerful online sales enabler infrastructure, to drive customer e-
acquisition and extend the branchless bank‘s outreach. It opens up an exciting new channel for banks to
convert prospects to profitable customers, without the support of a branch. It addresses the core banking,
CRM, wealth management and e-banking needs of the bank, this seamless banking solution is completely
equipped to support true relationship banking. It enables banking customers with real-time access to their
relationships with the bank, such as deposits, account inquiries, fund transfers, credit card and mutual fund
services. It empowers them to make utility bill payments and payments to individuals or institutions,
without investing time to access a conventional branch. In addition, the powerful alerts solution provides
multi-channel alerts, establishing strong communication links that facilitates effective relationship

Complete with pre-configured parameters and support for multi-lingual call-center operations, direct
banking solution supports rapid multi-entity rollouts that can be operational from day one. Certain
components and functions – consulting, implementation, BPO – helps the direct bank optimize efficiencies
and costs.

3a.                             History of Direct Banking:

Traditional banking was impacted greatly by the commercialization of the Internet in the early 1990s. As
the Internet became more generally accessible, traditional banks began to realize its potential to deliver
services to their customers while reducing long-term operational costs. Upon realizing this, traditional
banks began to offer limited services online.

The initial success of internet banking services provided by traditional banks led to the development of
internet-only banks or "virtual banks". These banks were designed without a traditional banking
infrastructure, a cost-saving feature that allowed many of them to offer savings accounts with higher
interest rates and loans with lower interest rates than most traditional banks.

The world's first fully-functional direct bank was the Security First Network Bank (SFNB) which began
operations on October 18, 1995. Based at Atlanta, Georgia, USA, it was the first direct bank to be insured by
the Federal Deposit Insurance Corporation (FDIC). After three years of operation, it was acquired by the
Royal Bank of Canada (RBC). Though SFNB did not make much profit in the initial years, it demonstrated
that the concept of direct banking could work.

Europe's first full-service direct bank was "First-e" launched by Enba], a Dublin-based company under the
banking license of Banque d'Escompte, France. First launched in the UK in late September 1999, it garnered
appreciable attention, resulting in more such ventures all over Europe. After about two years of operations,
it shut down its operations during the dot-com bubble bust. Though Egg Bank, launched earlier in October
1998 by Prudential plc, was touted to be a direct bank, it was not a full-service direct bank initially.

Asia's first direct bank was finatiQ – a division of the Bank of Singapore. It opened on April 3, 2000 (though
the public launch was on April 18, 2000), heralding the arrival of virtual banking in Asia.

3b.                        Features of Direct Banking

Online banking solutions have many features and capabilities in common, but traditionally also have some
that are application specific.

The common features fall broadly into several categories

      Transactional (e.g., performing a financial transaction such as an account to account transfer, paying
       a bill, wire transfer... and applications... apply for a loan, new account, etc.)
           o   Electronic bill presentment and payment - EBPP
           o   Funds transfer between a customer's own checking and savings accounts, or to another
               customer's account
           o   Investment purchase or sale
           o   Loan applications and transactions, such as repayments

      Non-transactional (e.g., online statements, check links, cobrowsing, chat)
           o   Bank statements
      Financial Institution Administration - features allowing the financial institution to manage the
       online experience of their end users
      ASP/Hosting Administration - features allowing the hosting company to administer the solution
       across financial institutions

Features commonly unique to business banking include

      Support of multiple users having varying levels of authority
      Transaction approval process
      Wire transfer

Features commonly unique to Internet banking include

      Personal financial management support, such as importing data into personal accounting software.
       Some online banking platforms support account aggregation to allow the customers to monitor all
       of their accounts in one place whether they are with their main bank or with other institutions.

                                   4) Direct Banking Channels

4a.                                Telephone banking

Telephone banking is a service provided by a financial institution which allows its customers to perform
transactions over the telephone.

Most telephone banking use an automated phone answering system with phone keypad response or voice
recognition capability. To guarantee security, the customer must first authenticate through a numeric or
verbal password or through security questions asked by a live representative (see below). With the obvious
exception of cash withdrawals and deposits, it offers virtually all the features of an automated teller
machine: account balance information and list of latest transactions, electronic bill payments, funds
transfers between a customer's accounts, etc.

Usually, customers can also speak to a live representative located in a call centre or a branch, although this
feature is not guaranteed to be offered 24/7. In addition to the self-service transactions listed earlier,
telephone banking representatives are usually trained to do what was traditionally available only at the
branch: loan applications, investment purchases and redemptions, chequebook orders, debit card
replacements, change of address, etc.

Banks which operate mostly or exclusively by telephone are known as phone banks.


             i) Security

Protection through single password authentication, as is the case in most secure Internet shopping sites, is
not considered secure enough for personal online banking applications in some countries. Basically there
exist two different security methods for online banking.

         The PIN/TAN system where the PIN represents a password, used for the login and TANs
          representing one-time passwords to authenticate transactions. TANs can be distributed in different
          ways, the most popular one is to send a list of TANs to the online banking user by postal letter. The
          most secure way of using TANs is to generate them by need using a security token. These token
          generated TANs depend on the time and a unique secret, stored in the security token (this is called
          two-factor authentication or 2FA). Usually online banking with PIN/TAN is done via a web
          browser using SSL secured connections, so that there is no additional encryption needed.
         Signature based online banking where all transactions are signed and encrypted digitally. The Keys
          for the signature generation and encryption can be stored on smartcards or any memory medium,
          depending on the concrete implementation.

             ii) Attacks

Most of the attacks on online banking used today are based on deceiving the user to steal login data and
valid TANs. Two well known examples for those attacks are phishing and pharming. Cross-site scripting
and keylogger/Trojan horses can also be used to steal login information.

A method to attack signature based online banking methods is to manipulate the used software in a way,
that correct transactions are shown on the screen and faked transactions are signed in the background.

A recent FDIC Technology Incident Report, compiled from suspicious activity reports banks file quarterly,
lists 536 cases of computer intrusion, with an average loss per incident of $30,000. That adds up to a nearly
$16-million loss in the second quarter of 2007. Computer intrusions increased by 150 percent between the
first quarter of 2007 and the second. In 80 percent of the cases, the source of the intrusion is unknown but it
occurred during online banking, the report states.

The most recent kind of attack is the so-called Man in the Browser attack, where a Trojan horses permits a
remote attacker to modify the destination account number and also the amount.

          iii)   Counter measures

There exist several countermeasures which try to avoid attacks. Digital certificates are used against
phishing and pharming, the use of class-3 card readers is a measure to avoid manipulation of
transactions by the software in signature based online banking variants. To protect their systems
against Trojan horses, users should use virus scanners and be careful with downloaded software
or e-mail attachments.

In 2001 the FFIEC issued guidance for multifactor authentication (MFA) and then required to be in
place by the end of 2006.

4b)                        Automated teller machine

An automated teller machine (ATM) is a computerized telecommunications device that provides the
customers of a financial institution with access to financial transactions in a public space without the need
for a human clerk or bank teller. On most modern ATMs, the customer is identified by inserting a plastic
ATM card with a magnetic stripe or a plastic smartcard with a chip, that contains a unique card number
and some security information, such as an expiration date or CVC (CVV). Security is provided by the
customer entering a personal identification number (PIN).

Using an ATM, customers can access their bank accounts in order to make cash withdrawals (or credit card
cash advances) and check their account balances as well as purchasing mobile cell phone prepaid credit.
ATMs are known by various other names including automated transaction machine, automated banking
machine, money machine, bank machine, cash machine, hole-in-the-wall, cashpoint, Bancomat (in various
countries in Europe and Russia), Multibanco (after a registered trade mark, in Portugal), and Any Time
Money (in India).


          i) Security

Security, as it relates to ATMs, has several dimensions. ATMs also provide a practical
demonstration of a number of security systems and concepts operating together and how various
security concerns are dealt with.

Transactional secrecy and integrity

The security of ATM transactions relies mostly on the integrity of the secure cryptoprocessor: the ATM
often uses commodity components that are not considered to be "trusted systems".

Encryption of personal information, required by law in many jurisdictions, is used to prevent fraud.
Sensitive data in ATM transactions are usually encrypted with DES, but transaction processors now usually
require the use of Triple DES.[33] Remote Key Loading techniques may be used to ensure the secrecy of the
initialization of the encryption keys in the ATM. Message Authentication Code (MAC) or Partial MAC may
also be used to ensure messages have not been tampered with while in transit between the ATM and the
financial network.

Customer identity integrity

There have also been a number of incidents of fraud by Man-in-the-middle attacks, where criminals have
attached fake keypads or card readers to existing machines. These have then been used to record customers'
PINs and bank card information in order to gain unauthorized access to their accounts. Various ATM
manufacturers have put in place countermeasures to protect the equipment they manufacture from these

Alternate methods to verify cardholder identities have been tested and deployed in some countries, such as
finger and palm vein patterns, iris, and facial recognition technologies. However, recently, cheaper mass
production equipment has been developed and being installed in machines globally that detect the
presence of foreign objects on the front of ATMs, current tests have shown 99% detection success for all
types of skimming devices

           ii) Attack

As with any device containing objects of value, ATMs and the systems they depend on to function are the
targets of fraud. Fraud against ATMs and people's attempts to use them takes several forms.

The first known instance of a fake ATM was installed at a shopping mall in Manchester, Connecticut in
1993. By modifying the inner workings of a Fujitsu model 7020 ATM, a criminal gang known as The
Bucklands Boys were able to steal information from cards inserted into the machine by customers

In a variation of this, WAVY-TV reported an incident in Virginia Beach of September 2006 where a hacker
who had probably obtained a factory-default admin password for a gas station's white label ATM caused
the unit to assume it was loaded with $5 USD bills instead of $20s, enabling himself—and many subsequent
customers—to walk away with four times the money they said they wanted to withdraw.

ATM behavior can change during what is called "stand-in" time, where the bank's cash dispensing network
is unable to access databases that contain account information (possibly for database maintenance). In order
to give customers access to cash, customers may be allowed to withdraw cash up to a certain amount that
may be less than their usual daily withdrawal limit, but may still exceed the amount of available money in
their account, which could result in fraud.

            iii)      Counter-measure

In an attempt to prevent criminals from shoulder surfing the customer's PINs, some banks draw privacy
areas on the floor.

For a low-tech form of fraud, the easiest is to simply steal a customer's card. A later variant of this approach
is to trap the card inside of the ATM's card reader with a device often referred to as a Lebanese loop. When
the customer gets frustrated by not getting the card back and walks away from the machine, the criminal is
able to remove the card and withdraw cash from the customer's account.

Another simple form of fraud involves attempting to get the customer's bank to issue a new card and
stealing it from their mail.

Some ATMs may put up warning messages to customers to not use them when it detects possible

The concept and various methods of copying the contents of an ATM card's magnetic stripe on to a
duplicate card to access other people's financial information was well known in the hacking communities
by late 1990

In an attempt to stop these practices, countermeasures against card cloning have been developed by the
banking industry, in particular by the use of smart cards which cannot easily be copied or spoofed by un-
authenticated devices, and by attempting to make the outside of their ATMs tamper evident. Older chip-
card security systems include the French Carte Bleue, Visa Cash, Mondex, Blue from American Express and
EMV '96 or EMV 3.11. The most actively developed form of smart card security in the industry today is
known as EMV 2000 or EMV 4.x.

In February 2009, a group of criminals used counterfeit ATM cards to steal $9 million from 130 ATMs in 49
cities around the world all within a time period of 30 minutes

Card cloning and skimming can be detected by the implementation of magnetic card reader heads and
firmware that can read a signature embedded in all magnetic stripes during the card production process.
This signature known as a "MagnePrint" or "BluPrint" can be used in conjunction with common two factor
authentication schemes utilized in ATM, debit/retail point-of-sale and prepaid card applications.

4c)                                Mobile banking

Mobile banking (also known as M-Banking, mbanking, SMS Banking etc.) is a term used for performing
balance checks, account transactions, payments etc. via a mobile device such as a mobile phone. Mobile
banking today (2007) is most often performed via SMS or the Mobile Internet but can also use special
programs called clients downloaded to the mobile device.

Mobile banking can offer services such as the following:

Account Information

   1. Mini-statements and checking of account history
   2. Alerts on account activity or passing of set thresholds
   3. Monitoring of term deposits
   4. Access to loan statements
   5. Access to card statements
   6. Mutual funds / equity statements
   7. Insurance policy management
   8. Pension plan management
   9. Status on cheque, stop payment on cheque
   10. Ordering check books
   11. Balance checking in the account
   12. Recent transactions
   13. Due date of payment (functionality for stop, change and deleting of payments)
   14. PIN provision, Change of PIN and reminder over the Internet
   15. Blocking of (lost, stolen) cards

Payments, Deposits, Withdrawals, and Transfers

   1. Domestic and international fund transfers
   2. Micro-payment handling
   3. Mobile recharging
   4. Commercial payment processing
   5. Bill payment processing
   6. Peer to Peer payments
   7. Withdrawal at banking agent
   8. Deposit at banking agent

Especially for clients in remote locations, it will be important to help them deposit and withdraw funds at
banking agents, i.e., retail and postal outlets that turn cash into electronic funds and vice versa. The
feasibility of such banking agents depends on local regulation which enables retail outlets to take deposits
or not.

A specific sequence of SMS messages will enable the system to verify if the client has sufficient funds in his
or her wallet and authorize a deposit or withdrawal transaction at the agent. When depositing money, the
merchant receives cash and the system credits the client's bank account or mobile wallet. In the same way
the client can also withdraw money at the merchant: through exchanging sms to provide authorization, the
merchant hands the client cash and debits the merchant's account.


    1. Portfolio management services
    2. Real-time stock quotes
    3. Personalized alerts and notifications on security prices


   1. Status of requests for credit, including mortgage approval, and insurance coverage
   2. Check (cheque) book and card requests
   3. Exchange of data messages and email, including complaint submission and tracking
   4. ATM Location

Content Services

   1. General information such as weather updates, news
   2. Loyalty-related offers
   3. Location-based services

Based on a survey conducted by Forrester, mobile banking will be attractive mainly to the younger, more
"tech-savvy" customer segment. A third of mobile phone users say that they may consider performing some
kind of financial transaction through their mobile phone. But most of the users are interested in performing
basic transactions such as querying for account balance and making bill payment

     i. Security

Security of financial transactions, being executed from some remote location and transmission of financial
information over the air, are the most complicated challenges that need to be addressed jointly by mobile
application developers, wireless network service providers and the banks' IT departments.

The following aspects need to be addressed to offer a secure infrastructure for financial transaction over
wireless network :

     1. Physical part of the hand-held device. If the bank is offering smart-card based security, the physical
        security of the device is more important.
     2. Security of any thick-client application running on the device. In case the device is stolen, the hacker
        should require at least an ID/Password to access the application.
     3. Authentication of the device with service provider before initiating a transaction. This would ensure
        that unauthorized devices are not connected to perform financial transactions.
     4. User ID / Password authentication of bank‘s customer.
     5. Encryption of the data being transmitted over the air.
     6. Encryption of the data that will be stored in device for later / off-line analysis by the customer.

4d)                                   Credit Card

A credit card is part of a system of payments named after the small plastic card issued to users of the
system. It is a card entitling its holder to buy goods and services based on the holder's promise to pay for
these goods and services The issuer of the card grants a line of credit to the consumer (or the user) from
which the user can borrow money for payment to a merchant or as a cash advance to the user.

A credit card is different from a charge card, where a charge card requires the balance to be paid in full
each month. In contrast, credit cards allow the consumers to 'revolve' their balance, at the cost of having
interest charged. Most credit cards are issued by local banks or credit unions, and are the shape and size
specified by the ISO/IEC 7810 standard as ID-1.

How credit cards work

This article may be too long to comfortably read and navigate. Please consider splitting content into sub-
articles and using this article for a summary of the key points of the subject. (May 2009)

Credit card

An example of the front in a typical credit card:

   1. Issuing bank logo
   2. EMV chip on "smart cards"
   3. Hologram
   4. Credit card number
   5. Card brand logo
   6. Expiry Date
   7. Cardholder's name

An example of the reverse side of a typical credit card:

   1. Magnetic Stripe
   2. Signature Strip
   3. Card Security Code

Credit cards are issued after an account has been approved by the credit provider, after which cardholders
can use it to make purchases at merchants accepting that card.

When a purchase is made, the credit card user agrees to pay the card issuer. The cardholder indicates
consent to pay by signing a receipt with a record of the card details and indicating the amount to be paid or
by entering a personal identification number (PIN). Also, many merchants now accept verbal
authorizations via telephone and electronic authorization using the Internet, known as a 'Card/Cardholder
Not Present' (CNP) transaction.

Electronic verification systems allow merchants to verify that the card is valid and the credit card customer
has sufficient credit to cover the purchase in a few seconds, allowing the verification to happen at time of
purchase. The verification is performed using a credit card payment terminal or Point of Sale (POS) system
with a communications link to the merchant's acquiring bank. Data from the card is obtained from a
magnetic stripe or chip on the card; the latter system is in the United Kingdom and Ireland commonly
known as Chip and PIN, but is more technically an EMV card.

Other variations of verification systems are used by ecommerce merchants to determine if the user's
account is valid and able to accept the charge. These will typically involve the cardholder providing
additional information, such as the security code printed on the back of the card, or the address of the

Each month, the credit card user is sent a statement indicating the purchases undertaken with the card, any
outstanding fees, and the total amount owed. After receiving the statement, the cardholder may dispute
any charges that he or she thinks are incorrect (see Fair Credit Billing Act for details of the US regulations).
Otherwise, the cardholder must pay a defined minimum proportion of the bill by a due date, or may choose
to pay a higher amount up to the entire amount owed. The credit issuer charges interest on the amount
owed if the balance is not paid in full (typically at a much higher rate than most other forms of debt). Some
financial institutions can arrange for automatic payments to be deducted from the user's bank accounts,
thus avoiding late payment altogether as long as the cardholder has sufficient funds.

Benefits to customers

The main benefit to each customer is convenience. Compared to debit cards and checks, a credit card allows
small short-term loans to be quickly made to a customer who need not calculate a balance remaining before
every transaction, provided the total charges do not exceed the maximum credit line for the card. Credit
cards also provide more fraud protection than debit cards. In the UK for example, the bank is jointly liable
with the merchant for purchases of defective products over £100.[3]

Additionally, carrying a credit card may be a convenience to some customers, as it eliminates the need to
carry any cash for most purposes.


           i) Security

Credit card security relies on the physical security of the plastic card as well as the privacy of the credit
card number. Therefore, whenever a person other than the card owner has access to the card or its number,
security is potentially compromised. Once, merchants would often accept credit card numbers without
additional verification for mail order purchases. It's now common practice to only ship to confirmed
addresses as a security measure to minimise fraudulent purchases. Some merchants will accept a credit
card number for in-store purchases, whereupon access to the number allows easy fraud, but many require
the card itself to be present, and require a signature. A lost or stolen card can be cancelled, and if this is
done quickly, will greatly limit the fraud that can take place in this way. For internet purchases, there is
sometimes the same level of security as for mail order (number only) hence requiring only that the
fraudster take care about collecting the goods, but often there are additional measures. European banks can
require a cardholder's security PIN be entered for in-person purchases with the card.

The PCI DSS is the security standard issued by The PCI SSC (Payment Card Industry Security Standards
Council). This data security standard is used by acquiring banks to impose cardholder data security
measures upon their merchants.

A smart card, combining credit card and debit card properties. The 3 by 5 mm security chip embedded in
the card is shown enlarged in the inset. The contact pads on the card enable electronic access to the chip.

The low security of the credit card system presents countless opportunities for fraud. This opportunity has
created a huge black market in stolen credit card numbers, which are generally used quickly before the
cards are reported stolen.

The goal of the credit card companies is not to eliminate fraud, but to "reduce it to manageable levels". [10]
This implies that high-cost low-return fraud prevention measures will not be used if their cost exceeds the

potential gains from fraud reduction - as would be expected from organisations whose goal is profit

           ii) Attack and Counter-measures:

Most internet fraud is done through the use of stolen credit card information which is obtained in
many ways, the simplest being copying information from retailers, either online or offline. Despite
efforts to improve security for remote purchases using credit cards, systems with security holes
are usually the result of poor implementations of card acquisition by merchants. For example, a
website that uses SSL to encrypt card numbers from a client may simply email the number from
the webserver to someone who manually processes the card details at a card terminal.

Naturally, anywhere card details become human-readable before being processed at the acquiring
bank, a security risk is created. However, many banks offer systems where encrypted card details
captured on a merchant's web server can be sent directly to the payment processor.

Controlled Payment Numbers which are used by various banks such as Citibank (Virtual Account
Numbers), Discover (Secure Online Account Numbers, Bank of America (Shop Safe), 5 banks
using eCarte Bleue and CMB's Virtualis in France, and Swedbank of Sweden's eKort product are
another option for protecting one's credit card number.

These are generally one-time use numbers that front one's actual account (debit/credit) number,
and are generated as one shops on-line. They can be valid for a relatively short time, for the actual
amount of the purchase, or for a price limit set by the user. Their use can be limited to one
merchant if one chooses. The effect of this is the users real account details are not exposed to the
merchant and its employees. If the number the merchant has on their database is compromised, it
would be useless to a thief after the first transaction and will be rejected if an attempt is made to
use it again.

The same system of controls can be used on standard real plastic as well. For example if a
consumer has a chip and pin (EMV) enabled card they can limit that card so that it be used only at
point of sale locations (i.e restricted from being used on-line) and only in a given territory (i.e only
for use in Canada). This technology provides the option for banks to support many other controls
too that can be turned on and off and varied by the credit card owner in real time as circumstances

change (i.e, they can change temporal, numerical, geographical and many other parameters on
their primary and subsidiary cards).

Apart from the obvious benefits of such controls: from a security perspective this means that a
customer can have a chip and pin card secured for the real world, and limited for use in the home
country assuming it is totally chip and pin. In this eventuality a thief stealing the details will be
prevented from using these overseas in non chip and pin (EMV) countries. Similarly the real card
can be restricted from use on-line so that stolen details will be declined if this tried.

Then when card users shop online they can use virtual account numbers. In both circumstances an
alert system can be built in notifying a user that a fraudulant attempt has been made which
breaches their parameters, and can provide data on this in real time. This is the optimal method of
security for credit cards, as it provides very high levels of security, control and awareness in the
real and virtual world. Furthermore it requires no changes for merchants at all and is attractive to
users, merchants and banks, as it not only detects fraud but prevents

The Federal Bureau of Investigation and U.S. Postal Inspection Service are responsible for
prosecuting criminals who engage in credit card fraud in the United States, but they do not have
the resources to pursue all criminals. In general, federal officials only prosecute cases exceeding
US $5,000 in value. Three improvements to card security have been introduced to the more
common credit card networks but none has proven to help reduce credit card fraud so far.

First, the on-line verification system used by merchants is being enhanced to require a 4 digit
Personal Identification Number (PIN) known only to the card holder. Second, the cards
themselves are being replaced with similar-looking tamper-resistant smart cards which are
intended to make forgery more difficult. The majority of smart card (IC card) based credit cards
comply with the EMV (Europay MasterCard Visa) standard. Third, an additional 3 or 4 digit Card
Security Code (CSC) is now present on the back of most cards, for use in "card not present"
transactions. See CVV2 for more information

      5. Direct Banking Services offered by Canara Bank

5a) Canara Bank Internet Banking:

Canara Bank Internet Banking brings the Bank to your fingertips. The entire retail Banking
facilities by Canara Bank India are now just a click away. Canara Bank net Banking services are
available to the Core Banking customers only. This facility has expanded the business of the Bank
in both retail and corporate sectors. Now the customers can access their Canara Bank accounts
online 24 x 7 totally free of cost and get complete account details with just a click irrespective of
the                               time                           and                            place.

Any user having his/ her account in any of the Canara Bank CBS branches is eligible for Canara
Bank online Bank account. The application for opening an online Banking account is available at
all Canara Bank branches and also online on the official website mentioned below. A demo
Banking system has also been provided to guide new users about Canara Bank online Banking

The available facilities with your Canara Bank online Banking account are:

         Complete account info for savings, current, loan account or term deposits
         Summary of past transactions
         Online funds transfer
         Applications for term deposits
         Modification of standing instructions directed to your account
         Loan repayments
         Requests for new Cheque Books, Account Statements, Demand Drafts and Pay Orders
         Enquiries of ongoing interest rates on various loans, deposits and the corresponding service
          charges, Forex rates and more.

5b) Canara Bank ATM Locations:

Canara Bank ATM service or Any Time Money service provides you access to your bank account
for quick withdrawals and deposits 24 hours a day. Through the Canara Bank ATMs you can get
instant cash subject to certain limits on per day transactions, get mini-statement to check your
recent few transactions, get mobile recharge & top ups, book your air tickets, get instant VISA
money transfer, deposit cheques and cash in sealed envelopes into the Canara Bank ATM
terminals and for the Canara Bank CBS Branches‘ customers, funds transfer facilities are also

The Canara Bank ATM facility can be availed through an ATM cum debit card. This card
combines the features of an ATM card into a credit card. You can shop at various merchant
establishments using your Canara Bank ATM Cum Debit Card similar to your Cancard. Any
Canara Bank customers having a SB account, CA account or OD account with Canara Bank is
eligible for the ATM cum Debit card. The per day transaction limit for Canara Bank ATM Cum
Debit Card is Rs. 20, 000 at POS merchant establishments and Rs. 20, 000 again at Canara Bank or
other bank‘s ATM. The card expires in five years from the issuing date. Besides its own ATM
network, Canara bank provides an ATM association with other major banks in India to provide a
more convenient solution to the customers. These include: Allahabad Bank , Andhra Bank,
Corporation Bank, ICICI Bank , IDBI, Oriental Bank Of Commerce, PNB, J & K Bank, SBI and
many more.

The Canara Bank ATM locations are spanning the country with multiple branches in all major
cities in India. The Canara Bank ATMs in cities like Bangalore, Chennai, Delhi, Mumbai,
Hyderabad, Pune, Kolkata, Noida, Gurgaon and other upcoming cities of India have helped bring
the bank closer to the customers and has reduced the queues for daily cash deposit and
withdrawal transactions from the Canara Bank branches.

5c) Canara Bank Credit Cards

Canara Bank Credit Cards are better known by the name of Cancard. Get the convenience of
coverage of more than 2600 branches and a nationwide ATM network with your Canara Bank
credit card. It is acceptable at all international VISA and MasterCard accepting merchant
establishments. Besides the international and national coverage, Cancard has 24 service centres in
all major cities in the country. Canara Bank is the only institution carrying an ISO 9001:2000
certification for the card services.Canara Bank Credit Card is available to everyone with the basic
requirement       being      only      Rs.     60,     000      per      annum          gross   income.

The features of Canara Bank Credit Cards include:

      The easy and quick documentation and application procedures have made it a popular
       product among all credit card users.
      The credit limit can vary between 30% of the gross annual income upto a maximum of Rs. 3
      The free-credit period is pre-decided by Canara Bank that can be between 20 – 50 days.
      Cash withdrawals of upto 50% of the credit limit are allowed at a service charge of Rs. 30
       per thousand at over 450 branches and all Canara Bank ATMs spread across India.
      No interest rate is charged on the cash withdrawn if the dues are duly filled within the set
      Revolving payments system can be chosen that offers payment of only 5 % of the due bill
       amount and carrying over the balance at nominal interest rates.
      Lost card liability restricted to just Rs. 1,000 only from the reporting time.
      Free lost card replacement.
      Complementary insurance cover.

5d) Canara Bank Online Trading

Canara Bank online trading facility is provided in association with Canara Bank's wholly owned
subsidiary Gilt Securities Trading Corporation Limited (GSTCL). Head quartered at Mumbai, the
firm pledges to provide most secure online trading transactions to the Canara Bank customers.
The first step for availing this online share trading facility by India's most trusted bank is getting a
3-in-one account that amalgamates a Canara Bank demat account, operative banking account in
any of the Canara Bank CBS branches and trading account with GSTCL. Get a completely hassle-
free trading experience anywhere and anytime.

As you order to buy a product, then only will the charges be debited to your bank account and not
prior to it. The profits and money earned from sale of securities is credited to your Canara bank
account online.The facilities you get with Canara bank online trading account include intra day
trading, buy in today sell out tomorrow, subscription to various IPO's, Mutual funds investments
and cash & carry facility.

6) Cost Structure of e-banking Transactions:

6.1. Unit costs for transactions through different channels

The main goal of any company is to maximize profits for it owners, and banks are no exception.
Automated e-banking services offer a perfect opportunity for minimizing costs

The main goal of any company is to maximize profits for its owners, and banks are no exception.
Automated e-banking services offer a perfect opportunity for minimizing costs

According to a survey by Booz, Allen and Hamilton (1996), an estimated cost providing the
routine business of a full-service branch in the USA is $1.07 per transaction, compared to 54 cents
for telephone banking, 27 cents for ATM and 1.5 cents for Internet banking. In the Nordea Bank,
Finland, one online transaction costs the bank an average of mere 11 cents, compared to $1 per
transaction in the branch (Dynamo…, 2001). The difference in net cost between the US and Finnish
banks can be explained by Finland‘s smaller population and the scale effect in case of the USA.
Forrester research (June 2003) covered Europe‘s largest banks and found that on average online
transactions cost 14 times less than those made by branch tellers‘.

According to the ABC calculations data provided by Hansabank, the relative costs of simple
domestic payments through different bank distribution channels are as follows online bank
payments are 12.5 times cheaper, offline bank payments are 30 times cheaper, and direct debit is
50 times cheaper than traditional transactions concluded in the branch network. The largest
distribution channel for payments is the online bank (34% of all payments). The second biggest
channel is the offline bank – 33%, and the third is direct debit – 20%.

The comparison of the results for payment expenses in the traditional and e-channels is
summarized in Figure 9. According to ABC results, Hansabank bank transfers cost structure
between different channels is quite similar to the respective results in other Estonian banks (Union
Bank, Toomla 2003) as well as the results for 13 European banks‘ average (Forrester Research June
2003). According to the ABC calculations data provided by Hansabank, the relative costs for cash
withdrawal through different bank distribution channels are as follows: ATM withdrawal is 10
times cheaper than the same service concluded in the branch network. The biggest distribution
channel for cash withdrawal is ATM, where 97% of all cash withdrawals are effected.

Cost components of e-banking transactions compared to the traditional channels In order to
understand the cost structure of e-banking transactions, a detailed analysis of unit cost
components has to be conducted. The following transactions in ebanking and traditional channels
are analyzed in this article Cost components for a Domestic payment By ―domestic payment‖ we
mean a bank transfer in the home currency of a particular country. The biggest distribution
channels for domestic payments are online (34%) and offline banks (33%):

The expenses for the domestic payment unit cost (comparable to 100% for branch payment) can be
split into the following unit cost components

By ―Development‖, business and IT development is meant. In case of a simple bank product, as a
domestic payment is, the development is mostly performed for channels, and not for products.
Higher IT development expenses occur in Online bank channels, while in Operator Phone bank
mostly business development is performed. Under ―Marketing‖ expenses we mea costs for
managing client relations, as well as the channels‘ marketing expenses (for example, online bank
marketing expenses). These expenses do not vary amongst different payment channels, as they are
mostly connected with the client segment.

By ―Human Resource related‖ expenses we mean costs that are connected with human-channels
management and overall human involvement. In the ATM channel, these expenses are connected
with ATM administration, such as daily monitoring for paper and money supply. In the branch
and Call center, there are costs for payments processing by tellers, the tellers‘ time for transaction-
making, the branch management and personnel training. Online banking involves the expenses for
client support (back-office personnel and client managers, responsible for online bank clients‘
support and problem solving). T operational expenses‖ we mean IT-related expenses for the

maintenance of the channel, client and product. In the ATM channel, these expenses are mostly
ATM terminal‘s fixed assets depreciation costs (67%) and communication lines maintenance (14%).

In branch channel, the major IT expense is ―Light teller‖ application, which is the application for
the teller‘s transactions. The retail online bank ( channel‘s IT expenses consist of the
following items: servers and communication lines (50%), software (14%) and storage (22%). The
corporate online bank‘s ( expenses involve mostly spending on servers and
communication lines (63%), and software (23%). The offline bank‘s – Telehansa – IT operational
expenses are mostly connected with internal maintenance (31%) and communications line costs
(16%). The call center channel‘s major IT operational expense is on software (70%), servers (13%)
and Phone bank operators‘ work application for entering transactions (Light Teller) expenses (8%).
The weight of every particular cost element for domestic payment in different channels is
presented in the Table

For ATM payment, the most important part of expenses is associated with fixed assets – automatic
teller machine rent or depreciation, ATM installation costs, maintenance of machine software and
hardware. For direct debit, it was actually impossible to calculate IT operational expenses with
sufficient quality.

Direct debit payments are effected in the so-called ―automatic channel‖ in the bank‘s core, so we
were not able to split the use of IT servers and other resources by this channel. For branch and Call
center payments most of the costs are connected with Human resource activities expenses.
―Branch activities‖ represent branch network and call center personnel expenses (remuneration,

management, work-place expenses, branch network and call center fixed assets depreciation) and
also the payment processing activity performed by the branch and call center personnel in order to
submit and re-check outgoing payments submitted to the branch.

The Call center‘s IT expenses are high due to software maintenance that was developed internally
by the bank. The online bank channel has two major cost elements: (1) servers depreciation and
communication lines for online bank application and (2) storage cost (at present, the history of 3
years‘ transactions is available online to clients). The Offline bank solution was developed
internally and therefore there are not any external license or maintenance fees for this channel, so
most of the unit cost for domestic payment in the offline bank arise from other-than IT areas (for
example, marketing and business development).

As appears from Tables 5 and 6, in the traditional or manguided channels the biggest expenses
come from service personnel activities; the major cost component for electronic channels payments
lies in IT operational expenses. IT operational expenses can be explained as follows: • ―Servers &
communication‖ cost includes depreciation of servers and communication lines where the
particular bank application is running. • ―Software‖ cost includes software bought from outside
(different modules or partial development from third parties) and license and maintenance fees of
the software platform on which a particular channel works. • ―Storage‖ cost includes the cost of
information volumes available online to clients. • ―Internal IT maintenance‖ cost includes
personnel expenses of different IT departments (System Administration, IT Services Maintenance,
IT Help Desk, monitoring departments). Some steps for reducing IT operational expenses in online
channels can be taken by: 1. Decreasing the storage expenses by shortening the information query
history available online.

For example, if 95% of all information of account queries is made for the up to 1-year history
period, then holding 3-year period information in online-archives can be extremely inefficient and
expensive. Information storage can be then moved to offlinearchives, thus queries for older info
can be made offline. 2. Decreasing the ―first-page‖ information can decrease required server
volumes. In Hansabank with the first log-in to the online bank, the client sees not only his/her
account statement, but also loan balances, credit card balances, pension account balances and so

on. For the online bank application, opening this first page requires a lot of servers‘ power to
retrieve this information to the client‘s screen.

The solution can be to show the first log-in page with as little information as possible, and further
queries for clients can be based on the client‘s request. Cost components for cash withdrawal By
―cash withdrawal‖ we mean taking cash out of the customer‘s own account in home currency. The
biggest distribution channel for cash withdrawal is ATM, where 97% of all cash withdrawals are
made. The expenses for cash withdrawal unit cost (comparable to 100% for cash withdrawal in the
branch) can be split into the following unit cost components

Under the ―development‖ cost component there is business development of the work-process of
cash withdrawal in different channels. ―Fee‖ is the fee paid by the bank for joint ATM usage
service: in case a Hansabank‘s client uses an ATM of another bank, Hansabank has to pay a fee for
the joint usage service. Cash withdrawal from an ATM also has a fee for joint cash withdrawal
with credit card, payable to the issuer of the credit card. By ―Human Resource related‖ expenses
we mean costs that are connected with human-channels management and overall human

In the ATM channel, these expenses are connected with ATM administration (30%) and Cash
incasso service bought from the third party (70%). In the branch there are tellers‘ time costs for
entering cash transactions data (86%) and counting cash (11%). Under ―IT operational expenses‖
in the ATM channel these expenses are mostly ATM terminal‘s fixed assets depreciation costs
(66%) and communication lines maintenance (13%). By ―Marketing‖ expenses we mean costs for
managing relations with clients.

7) The future of Internet Banking in India

           i) Introduction

       Banks and financial institutions in India are in the process of Web-enabling their services in
order to offer Internet banking services to its customers.

   It's the new generation of banking in India. Most private and MNC banks have already setup an
elaborate Internet banking infrastructure. And this exercise has provided them numerous benefits like:

      Greater reach to customers
      Quicker time to market
      Ability to introduce new products and services quickly and successfully
      Ability to understand its customers needs
      Customers are given access to information easily across any location
      Greater customer loyalty

       The Internet banking is changing the banking industry and is having the major effects on
banking relationships. Even the Morgan Stanley Dean Witter Internet research emphasized that Web is
more important for retail financial services than for many other industries. Internet banking involves
use of Internet for delivery of banking products & services. It falls into four main categories, from
Level 1 - minimum functionality sites that offer only access to deposit account data - to Level 4 sites -
highly sophisticated offerings enabling integrated sales of additional products and access to other
financial services- such as investment and insurance. In other words a successful Internet banking
solution offers

       · Exceptional rates on Savings, CDs, and IRAs
       · Checking with no monthly fee, free bill payment and rebates on ATM
       · Credit cards with low rates
       · Easy online applications for all accounts, including personal loans and
       · 24 hour account access
       · Quality customer service with personal attention

      Internet banking is changing the banking industry and is having the major effects on banking
relationships. Banking is now no longer confined to the branches were one has to approach the branch
in person, to withdraw cash or deposit a cheque or request a Statement of accounts.

      In true Internet banking, any inquiry or transaction is processed online without any reference to
the branch (anywhere banking) at any time. Providing Internet banking is increasingly becoming a
"need to have" than a "nice to have" service.

          The net banking, thus, now is more of a norm rather than an exception in many developed
countries due to the fact that it is the cheapest way of providing banking services.

      Internet banking refers to the use of the Internet as a remote delivery channel for banking
services. Such services include traditional ones, such as opening a deposit account or transferring
funds among different accounts, and new banking services, such as electronic bill presentment and
payment (allowing customers to receive and pay bills on a bank‘s Web site). Banks offer Internet
banking in two main ways. An existing bank with physical offices can establish a Web site and offer
Internet banking to its customers as an addition to its traditional delivery channels. A second
alternative is to establish a ―virtual,‖ ―branchless,‖ or ―Internet-only‖ bank. The computer server that
lies at the heart of a virtual bank may be housed in an office that serves as the legal address of such a
bank, or at some other location. Virtual banks may offer their customers the ability to make deposits
and withdraw funds via ATMs or other remote delivery channels owned by other institutions


          ii) The impact of E-transaction and authentication issues in banking

       It's hardly great news that there has been tremendous growth in the use of the Internet and
other electronic facilities to process financial transactions. According     to   the   Federal Deposit
Insurance Corp., transactional Web sites have more than doubled each year for the past six years,
growing from one in 1995 to nearly 2,500 in 2000.

       This growth is a reflection of the fact that over the past few years, financial leaders have been
considering various ways in which to allow their customers to transact business using the Internet.
This objective is now reaching beyond the financial services industry into non-electronic business
segments, such as the building supply industry. Furthermore, this growth is likely to continue to climb
as the number of Internet users, Internet connection speed, and the number of transactional Web sites
continues to increase. The number of adults using PC banking is also growing. With this growth, there
is an increased awareness of the benefits of using online transaction processing, thereby fueling the
thought that all business should be electronically facilitated.

       Gartner predicts that worldwide business-to-business (B2B) e-commerce will total $3.6 trillion by
2003 and $8.5 trillion in 2005. Online financial activity had a slower start, but has had steady growth,
from 6 million users in 1998 to 27.5 million users in 2000. During 2000, only 30 percent of the Internet-
capable households were using some form of Internet banking, indicating that there is tremendous
room for increased use.

          iii) The e-Commerce Value Chain

       Consider that the consumer and the merchant are on either ends of the electronic commerce
value chain, with the authentication network and transaction processor (bank) in the middle. Banks
have traditionally been the trusted agents, have the largest customer base, and have received the
initial benefits from electronic commerce. Value has begun a steady migration to the ends of the value
chain. Customers can receive and pay bills from one point using products from multiple issuers.
Merchants can influence and enhance the consumer experience by providing innovative and time-
saving means of doing business. Merchants can add value to the payment process, for example, by
offering discounted prices for electronic payment.

       Merchants can also reduce their costs by receiving electronic payments, which results in
reducing and sometimes eliminating the need for data entry, as well as reducing the error rate and
the time to investigate and correct the data. By increasing and effectively managing cash flow,
merchants may also be able to reduce costs associated with lines of credit.

           iv) Trends in the Use of Electronic Transactions

       Financial institutions are developing new means of processing their current transaction base.
Two traditional areas of service have been check processing and lockbox services. These areas are also
undergoing transformation to electronic processing functionality.

           v) Cheque Truncation

       Almost every individual and business has used, and possibly still uses, checks to initiate
payment for goods or services. A trend currently in development is called check truncation. In this
payment processing method, a payment starts as a check and ends up as an electronic payment
transaction. These transaction services operate as follows:

       •     At the point of sale (POS), the merchant's clerk rings the sale and swipes the customer's
           check in a magnetic ink code reader (MICR).

       •     The MICR information and the related transaction (sale) information are transmitted to a
           site where the MICR information is converted into electronic transaction format.

       •     A request is sent to the paying bank for verification, and an approval transaction is returned
           from the bank to the store POS system.

       •    The customer signs the authorization document, and the clerk voids and returns the
           customer‘s check.

          vi) Lockbox Truncation

       Many businesses contract with banks and other financial institutions to provide lockbox
services. These services provide a central collection point and faster processing for payments. Lockbox
truncation works as follows:

      •     The billing merchant or service provider notifies the customer of the truncation service
          and obtains authorization for use.

      •     The customer mails the check payment to the vendor.

      •     The vendor captures the cheque and other information from the MICR line on the

      •     Vendor truncates the check (using the service described with POS systems) and transmits
          payment as an automated clearinghouse (ACH) debit transaction.

      •     The entry flows through the ACH network and is posted to the customer account.

      These types of services enable the financial institutions to electronically process traditionally
generated transactions, thus speeding up payment


       Financial institutions may wish to provide some increased level of assurance that the
information contained on their Web sites is protected from unauthorized use or loss due to unforeseen
circumstances. An independent review of management's assertions related to these areas may provide
customers with that desired level of assurance. Many organizations are obtaining these reviews from
certified public accountants and other consulting organizations. The resulting certification is often
evidenced by a seal that is placed on the financial institution or merchant Web site which, when

accessed, indicates the assertions made, the process followed for the certification, and qualification
information about the certification issuing firm.

               viii)   e-Transaction Authentication Issues

        Transaction authentication has been a topic of discussion since early in the evolution of e-
commerce. Use of digital signatures is becoming widely accepted and has attracted the attention of

               ix) Digital Signatures

        On October 1, 2000, the Electronic Signatures in National and Global Commerce Act was signed.
This act states that an agreement, contract, or transaction signed electronically is enforceable in a
court of law. Accordingly, financial services institutions can now legally transact business using
electronic signatures, allowing transactions such as mortgages, funds transfers, opening and closing of
accounts, benefits enrollment, and beneficiary designations to occur in an electronic environment.
        The law defines an electronic signature as "an electronic sound, symbol, or process attached to
or logically associated with a contract or other record and executed or adopted by a person with the
intent to sign the record." Fortunately, the legislation does not attempt to define acceptable technologies
except to indicate that the technologies must be mutually acceptable to the transacting parties. Since a
valid signature can be as simple as a digital image of a signature (enabled through an electronic pen
and pad) or as complex as today's public key infrastructure (PKI) and associated encryption methods,
the technology decision maker must define relevant business objectives and understand the risks,
such as cost and unauthorized use associated with alternative implementations.
        There are possible additional benefits to the implementing organization. These include
reduced transaction timelines, reduction in paper processing costs, facilitation of customer migration
to the Internet as a business channel, and increased online transaction security.

      When compared to physical signatures, e-signature technologies are, in general, a more secure
authentication method. Many financial institutions are studying the possible implementation of a
public key infrastructure (PKI) system that will allow them to exchange electronic information
securely with unknown parties.

      PKI is the delivery channel for public key cryptography, a method that allows the parties to a
transaction to keep a communication private through the use of a two-part key made up of public
and private components. To encrypt messages, the published public keys of the recipients are used.
To decrypt the messages, the recipients use their unpublished private keys, known only to them.
Quite simply, if the signer's private key is not compromised, which can happen by releasing the
password or allowing access to the device containing the private key, a document cannot be
digitally signed

          x) Definition of Broadband

      There is no universal definition of broadband. For the purpose of monitoring the growth of
broadband uptake, as well as in the interest of consumers, each country needs to specify minimum
characteristics of a broadband connection. Normally, broadband means a high speed, reliable, on-
demand internet connectivity. Various organizations like the ITU, OECD and international
regulators specify the minimum download speed of a broadband connection ranging from 256
Kbps to 2 Mbps or higher.

      Most of the stakeholders, in response to the Authority‘s consultation process, have
suggested that a broadband connection should be a fast enough, always on connection capable of
quick data download along with video conferencing. The Authority also recognizes that while a
definition for broadband speeds may be fixed today, it may change over time as applications and
bandwidth needs change, meaning that broadband today could be narrowband tomorrow.

          xi) Goals for Broadband and Internet Penetration

      For the widespread availability of broadband and internet access, the consultation process
solicited responses from stakeholders in respect to targets to be set for the next 5 years.
Suggestions were made that at least 25% of existing copper local loops (10+ million) should be
converted to broadband connections. The ISPAI suggested an ambitious target for internet and
broadband subscribers, basing their estimate on the proliferation of access technologies, new
avenues to provide services, and significant decreases in the cost of providing these services and
of access devices. On the other hand, the incumbent operators suggested a conservative target.

        In      this       regard,        the       CII       study‘s        targets         are      in

Table                                                                               below.

        Internet and Broadband access are widely recognized as catalysts for economic and social
development of a country. Availability of broadband services at affordable price levels will
contribute to higher GDP growth rates, provide for a larger and more qualified labor force, and
make that labor pool more efficient. Additionally, by promoting establishment of such
infrastructure, social initiatives benefit because of the significantly reduced cost related to building
access to citizen services, and the cost saved in training and educating users. While other
countries, like the US, are speaking of delivering ―universal, affordable access to broadband‖ for
all of their citizens, India needs to quickly create the environment for stimulating explosive initial
growth. Without the right interventions, the current market offerings – dial-up connectivity. It is
universally accepted that widespread broadband adoption accelerates GDP growth... An analysis
by the Confederation of Indian Industry National Broad band Economy Committee shows that the
total present value (2004) of benefit to the Indian economy due to growth from broadband is
expected to be US$90 billion for the years 2010 – 2020, with an 11% additional growth in labor
productivity. This activity is expected to launch new business lines and increased efficiency in
existing businesses, leading to direct employment of 1.8 million and total employment of 62
million by 2020.

          These estimates are based on CII‘s goals of achieving at least 10 million subscribers by 2010
and 32 – 39 million by 2020.3 The Authority is proposing higher goals in this recommendation. In
India‘s quest to become a leading knowledge-based society, widespread adoption of ICT services,
especially broadband will play a key role. Many countries worldwide have had success in driving
growth in this area, as discussed in the Authority‘s consultation paper. Key comparative indicators
show that India still has significant scope to grow. Please refer to Table below.

            Parameters                Korea    Malaysia     China        India
No. of PCs per 100                     78.6        15          2.8         0.8
No. of cable TVs per 100 persons       43           0          9           6

No. of fixed telephone/100 persons     51         18.5        18.0         3.9

No. of mobile phones Access &          75         43.9        18.3         2.6
Infrastructure per 100 persons
GDP (US$ Per capita)                  10,000      4,000       965         465
No. of internet connections per 100    26          12          2.5         0.4
no. of users per 100 persons           65.5        34          6.2         1

No. of broadband /100 persons          255         0.4         1.4        0.02

Charges for broadband                  30          29          16          20

per month (US$)
Charges per 100 kbps Broadband per     0.25       7.61        3.07        15.63
month (US$)
Import duty on the                    Local        ----       Local       38 %

South Korea (henceforth Korea) continues to present a shining example of the results possible
when the appropriate steps are taken to create an environment for growth, and the government
and corporate sector work in partnership to deliver that growth. As recently as 1996, Korea had
internet subscriber penetration under 2%, and broadband reached close to 1% penetration only in
1999. In the five years since, though, broadband has become a way of life for Koreans, and
permeates everything they do.

Today, almost 1.8.This success can also be replicated in India. The CII has estimated that
investments of at least US$2.6 billion by 2010 and US$5.35 billion by 2020 will be needed to
achieve the goals they have set for broadband services. 8 This includes investment in urban
networks, domestic and international backhaul, content delivery mechanisms, content and
application development, and rural build-out. The content and applications would include a full

gamut of services including education, health, governance, local language web content, and new
broadband-based entertainment like games and videos.

At today‘s levels, though, Indians are expected to pay 60 times more than subscribers in Korea for
the same throughput, which translates to 1,200 times more when considering affordability
measures based on GDP per capita comparison. For this magnitude of investment to occur, the
appropriate regulatory environment and policies need to be established so that the discrepancy in
pricing between India and Korea can be eliminated. Once this happens, only then will there be
successful growth and business models in internet and broadband services.

       An Open Sky policy should be adopted for VSAT operators, similar to what is available to
ISP‘s and broadcasters. VSAT service providers should be allowed to work directly with any
international satellite.

       The regulation for a minimum size for a VSAT dish should be removed to allow operators
further cost savings and increased operational efficiencies by taking advantage of available
technologies. Additionally, throughput restrictions on VSAT services, for both up-link to the
satellite and downlink to remote-stations, should be completely removed. SACFA clearance
should ensure that the interference levels are within acceptable limits.

Banking in the next century:

      More and more non banking institutions are going to provide the banking functions than
the designated banks in the coming century .Banks are going to be vanished from its existing
strong positions. Financial liberalization, internationalization and technological advancement are
going to further pressurize the banks to make their struggle for existence. If a bank overcome all
these pressures survival of the fittest comes again because of the technological innovation and the
type of competition in the banking industry.

      Banks also need to revitalize their fee income flows to supplement and supplant if
necessary their net interest margin for which they are required to reemphasis risk management on
a daily basis .Banks are forced to give up isolated approaches to the challenges of competition
profitably and risk management .Strategic panning has superseded the isolated approaches. The
need for sound conceptual and technical skills has been seared into every bankers mind. For banks
to survive profitable they have to improve the operational methods with latest hi-tech financial
modeling content.

Banks to focus on latest trends:

   In the developing countries like India, Banks should have a long foresighted vision on
developments of banking operations. It has to observe what is happening in the developed
countries and what is going to happen in India in near future with the following four trends

   1. Financial Liberalisation
   2. Disinternmediation
   3. Globalisation
   4. Technological innovation

Financial liberalization

       Financial liberalization leads to the rise of non banks like finance companies, mutual funds,
investment banks, insurance companies and even non-financial firms as purveyors of liquidity
and risk management services.

       Disintermediation erodes banks' share and role because banks evolved within a culture of
very cautions credit risk-taking. This culture has been encouraged or even demanded by
regulators for which banks have erected expensive credit, audit and risk management
departments. The rise of secondary markets for bank loans not only helps satisfy the liquidity
needs of non-traditional investors but also conscripts banks' role.

         Globalisation is a result of liberalization and disintermediation. It encourages
consolidation and concentration within the industry. Mergers and acquisitions will be anointed on
the industry and a large number of small banks disappear into a small number of large banks.

        Technological innovation has rendered "information" as a serious input in the financial
services industry. Home banking, banking by e-mail, the rise of electronic money, the increased
use of electronic highway, etc., though remain unmatched by non bank competition, and have to
become banks' forte for survival.

       In the late 1990s, the plastic cards market in India, comprising credit cards, smart cards,
debit cards, charge cards, stored value cards and others picked up momentum like never before,
growing at an annual rate of 25%.

       Though initially, there were only two players, (HDFC and Citibank), the debit card market
base grew considerably through 1999 and reached the 3 million mark in March 2000). The usage
figures indicated a very healthy growth of the market in future, as seven out of 10 cardholders
were reportedly using their card regularly. The annual spending through debit cards in India
reached over Rs.5 billion. The growth of debit cards was all the more impressive considering the
fact that credit cards, introduced in the country in the early 1980s, had managed to reach the 100
million-user base level only in 2000. Thus, the debit card user base had reached one-third of the
credit card user base in just around one - tenth of the time.

              The global card market is dominated by two US-based players, Visa and Master
Card. Visa introduced its first credit card, Bank of America card in 1958, which went on to become
a great success, acquiring universal merchant acceptance. Visa's card base increased significantly
through the decades and reached the one billion mark in 2000. MasterCard International was
established in the 1970s. The first MasterCard was issued in 1988, in Soviet Union. By 2000,
MasterCard was issued in 1988, in Soviet Union. By 2000, Master Card had over 30 offices around
the world in various countries like India, Thailand, Chile, US, China, Europe, South Korea, Taiwan
and others.

       In the 1990s, having covered a majority of US and European markets, Master Card and Visa
shifted their focus to the East, especially the Asia Pacific region. By 2000, MasterCard and Visa had
established their debit cards as well in the Asia Pacific region. In 2000, Visa debit cards reached the
48 million mark in the Asia Pacific region, while the MasterCard debit card base touched the 37
million mark. MasterCard's credit card base touched 80 million during the period.

       Credit cards are electronic cards that enable the holders to pay for their purchases without
physically carrying cash. The issuer of the cards gives a short-term loan to the cardholders,
enabling them to make purchases and pay for them later, by giving them an interest free credit
period of 30 to 50 days. Credit cards bear many numbers that stand for different features. Usually,
the first digit in the credit card number denotes the card system it uses, for example, the digit 3
stands for travel / entertainment cards, 4 for Visa cards and 5 for Master Card. The structure of the
card number differs with the card system. For example Diners Club card numbers start with 38
and American Express card numbers with 37. For American Express, digits three and four signify
card type and currency, five to eleven, the account number, twelve to fourteen, the card number in
the account and fifteen, the check digit. Similarly for Visa, digits two to six denote the bank code,
seven to twelve, the account number and thirteen to sixteen, a check digit.

       The reverse side of the credit card carries the magnetic stripe, also known as a magnetic
stripe. The magnetic stripe is built from minute iron-based magnetic particles embedded in a
plastic like film. Each particle is a bar magnet, about 20 millionths of an inch in size. The tiny bar
magnets can be magnetized in both the north and south directions, which enables writing of the
stripe. The stripe contains three tracks, each track one-tenth of an inch wide. The ISO / IEC
standard 7811 is the typical magnetic stripe technology used by the banks. Generally, credit cards
only use tracks one and two. The third track is a read / write track that includes the encrypted
Personal Identification Number (PIN), currency units, country code and the amount authorized.
This third track is used less as its usage is not standardized among banks.

 A credit card transaction requires five players to execute the transaction - a cardholder, a
merchant or sale outlet, the merchant acquirer (an acquirer is the firm that segregates credit
authentication requests and guarantees payment to the merchants), the card issuer (bank or other
organization that issued the card to the holder) and the card scheme network. A typical
transaction involving a credit card takes place is in the following manner:

     When a purchase is paid for by a credit card, the merchant sends details of the transaction to
   the merchant acquirer.

     The acquirer controls all card transactions of the merchant, regardless of which organization
   issued the card.

     The acquirer credits the merchant's account with the amount of the purchase or transaction
   along with a nominal service fee.

     Details of the transaction are transferred to the organization that issued the card, at times
   through the card scheme networks.

      Authentication is a key step in the processing of a credit card transaction. The process of
authentication includes verifying the identity of the holder, ascertaining whether the cardholder is
within the stipulated credit limit and checking other related information. The process includes the
following steps:

     When the credit card is swiped through the card reader, the Electronic Data Capture (EDC)
   software on the point-of-sale (POS) terminal dials a stored telephone number through a
   modem to call the acquirer. On obtaining the credit-card authentication request, the acquirer
   company checks the transaction, with help of the data on the magnetic stripe, for the merchant
   identification, valid card number, credit-card limit, balance on the card and its expiration date.
   Single dial-up (telephone) transactions are processed at a speed of 1,200 to 2,400 bps and the
   direct Internet attachment uses even higher speeds.

     For authentication the cardholder is required to enter his / her personal identification
   number (PIN) using the keypad. The PIN is present in an encrypted form either in the bank's
   database or on the card itself. The conversion system used in this type of cryptography is
   known as one-way, which means, it is easy to decrypt the PIN when the bank code and the
   cardholders PIN are given, but technically impossible to decrypt it when only the bank code is
   given. The one-way technology ensures the safety of the bank's computer files. The
   communication between the bank's central computer and the ATM3 is also encrypted.

     Once the transaction is authenticated, the Electronic Funds Transfer at the Point of Sale
   machine records the authentication on the sales voucher.

          xii) Smart cards

       Smart cards were first introduced in France in 1984. A Smart card is a credit card sized
plastic card containing an integrated circuit chip, with memory capacity and high computing
ability. In a smart card permanent data is stored in non-volatile memory and to an extent into
volatile memory. Smart card's self-containment enables it to work independent of other external
resources, thus offering high security protection and authentication. The smart card serves many
purposes - it can serve as an identity card for a cardholder, a medical card that contains the
medical history of the holder and as a credit card / debit card, facilitating off-line transactions. In
future single card, with the help of a multi-functional smart card, is expected to replace the
conventional magnetic strip card. The single card is referred to as an electronic purse or a wallet.

       The smart card principally contains a plastic card that has an integrated circuit and a
printed circuit. The principal ability of the smart card lies in its circuit chip (made of silicon),
which includes a microprocessor, non static random access memory (RAM) and read only
memory (ROM) and electrically erasable programmable read only memory (EEPROM). The
EEPROM works even in the absence of power. The smart card is programmed to ask for user
authentication before it provides access to the data.

       The working of the smart card involves many aspects of encryption, along with the
authentication process similar to the credit cards. The microprocessor embedded in the card and

the encryption technology help in the functioning of the card. The transaction in which a smart
card is used involves the following steps:

              The cardholder has to establish his identify every time a transaction is made.

                  For identity verification, the card and the card reader exchange a sequence of
          encrypted signs / countersigns to confirm the identity.

              After the identity has been verified, the transaction is executed in encrypted form to
          prevent discrepancies or fraud. Major advantages provided by the smart card
          technology as compared to magnetic-stripe technology include :

              Enhanced security that makes it impossible to tamper with the data on the card, and
          the capability of the card to verify the authenticity of the cardholders.

              Higher storage capacity than cards using traditional magnetic - stripe technology.

              Ability to the card to divide storage area and apply separate security to each area.

              Services as a multiple purpose card and connect the cardholder with various service-

          xiii)     Smart Cards – Future plastic money

       While companies were putting in place various measures to address security issues, the
debit card market was having a smooth run in India. After being introduced in the mid 1990s,
debit cards acquired popularity and user acceptance at a rapid pace. A major reason for the quick
popularity gained by debit cards was the absence of the credit component that resulted in
elimination of interest charges or monthly card bills.

       By 2001, many banks had replaced their standard ATM cards with new ones that also
included the debit card features. However, industry analysts believed that the Indian plastic
money market would pick up real momentum once smart cards became popular and widely
available. The memory and processing capacity of a smart card is around 10-times greater than
that of conventional magnetic-stripe cards. A smart card is capable of performing various
applications that eliminates the need to carry different cards for different purposes.

         Though growth in the market for smart cards was very slow, most analysts agreed that
with their advanced technologies and the corresponding benefits, it would not be long before
smart cards established themselves in India. In late 200i, most of the companies had announced
plans to convert their credit / debit cards to smart cards by replacing the magnetic stripes in them
with computer chips and incorporating latest encryption technologies.

         Important structural changes and major policy initiatives over the last few years have
resulted in a new financial architecture that consists of two well-developed wholesale and retail
markets. The new financial landscape has presented customers with greater opportunities and
bargaining power - redefining how banks and non-banks approach the marketplace and each

         Today, customers obtain customized solutions, choose modes of access and define the way
they want to conduct business - often getting banks and non-banks to collaborate and form new
value networks to service them. They actively seek new opportunities arising out of market
developments and reforms. More recently, they have attempted to use capital account
liberalization to explore new possibilities - be it deposits, investments in capital and money
markets, or capital transfer in local and global markets.

         At the turn of the century, there were over a hundred scheduled commercial banks, several
hundred more cooperative banks, Non-Banking Financial Companies (NBFCs), and other financial
institutions in India. Most of these organisations were seen to be offering vanilla banking services
with minimal differentiation. A few years ago, the banking industry could be classified into
specific categories like public sector, private sector, foreign banks, etc. Barely half a decade later
the scenario could not be more different. Far from the earlier days, where too many banks
attempted to operate in both markets, only a few large players have been able to sustain servicing
a broad range of customers, providing the entire range of service across both wholesale and retail

       Other players have limited their activities to one-market alone or focused on specific
opportunities across both markets, due to a combination of market and regulatory pressures.
Marginal players have been forced to reduce their range of activities, sell branches and assets, and
in some cases, transform themselves to become service providers to banks. Some players, existing
and new, have opted to become financial consolidators, offering a single window access to
multiple financial products, managing customer relationships and experience. As a result, the
banking industry today can easily be divided among a few large full-service banks, which are
competing for market dominance, and the rest, which include some niche players specializing in
product categories and customer segments, and a group of survivors who manage customer access
and / or service other financial intermediaries.

Financial Sector Reform

       The central regulator took a series of steps over the last few years, including adopting
international accounting standards, strengthening the financial system and improving supervision
and governance. In a bid to promote India as a regional financial centre, `special licenses‘ or
`restricted licenses' were permitted. These licenses attempted to move away from the one-size-fits-
all banking license towards offering licenses to carry out specific activities such as investment
banking, debt restructuring, offshore banking and credit card issuance. This enabled banks and
non-banks to build a portfolio of activities around their competence and choice rather than
attempt broad market participation, as was the case before.

Raising the Sustenance Barrier

       Strong prudential and supervisory norms along with new Basel Committee guidelines
required many Indian Banks to bring in additional capital, and conform to rising regulatory
standards. Through a series of market driven actions and regulator interventions, the banks had to
merge, reduce scope and scale of operations or transform themselves to adopt new roles.

Government Divestment

       The government's decision to divest its stake in most public sector banks (PSBS), either
through the capital markets or through strategic sales, forced most public sector banks to develop

a business case for their existence. Some PSBs had foreseen the impending changes and had taken
initiatives to build upon their core strengths of reach and a large customer base. They invested in
technology and changed the way they were doing business to emerge stronger and more efficient.
A few PSBs that had not reacted quickly to these changes, found business unsustainable and had
to divest operations i.e., branches and portfolios selectively, or in some cases, merged their
operations with stronger bank


       The banking scenario in 2009-10 could be similar to the one presented above, which
requires banks to be proactive and adopt a range of measures to shape their future:

      Anticipate and prepare for regulatory change

      Focus on identifying core competence and migrate to a business model of choice.

       Build an optimal operating model by understanding which activities to retain collaborate
   and outsource.

      Go beyond compliance to use risk management as a critical decision support tool.

       Create and sustain customer, investor and regulator confidence by adopting international
   accounting standards and improving corporate governance.

       The no of internet users and the developing technology paved the super highway to
   internet banking.

       The comfort and the security play a vital role in switching from the traditional banking
   system to modern 24/7 net banking.

       Increasing usage of mobile phones is going to revolutionize the banking culture in near

      Carrying money in the form of plastic cards which is widely accepted every where to buy
   any thing is quite safe and give peace of mind to users is widely accepted.


   Books, Reports and Magazines

   1)Cronin, Mary J. (1997). Banking and Finance on the Internet, John Wiley and Sons.
   ISBN:0471292192 page 41 from "Banking and Finance on the Internet".

   2) Kotler.P ‗‘ Mapping the future Market place‘ in R Gibson (ed.,) Rethinking the future,
Nicholas brealy Pub., London 1997, pp26-29

   3)Indian Banking System: The current state and the road ahead.
     Federation of Indian Chambers of Commerce and Industry.

   4) Tiwari, Rajnish; Buse, Stephan and Herstatt, Cornelius (2006): Mobile Banking as Business
   Strategy: Impact of Mobile Technologies on Customer Behaviour and its Implications for Banks, in:
   Technology Management for the Global Future


   Official websites of the Canara Bank


To top