Question

Gather information regarding the Internet banking objectives of the bank, the strategy used to achieve the objectives and the way that the bank is using Internet technology in the relationships with its customers?

Answer 1

Internet banking has become a mainstream and even a primary electronic delivery channel for a large number of banks. Their customers regularly log into the banks’ websites to access their accounts to conduct a wide range of banking transactions for personal and business purposes. However, the popularity and world-wide accessibility of internet banking have attracted a growing list of internet hacking threats and exploits.

Customer protection is of paramount importance in internet banking.The bank must ensure that a customer is properly identified and authenticated before access to sensitive customer information or online banking functions is permitted. Sensitive customer information includes customer personal particulars or account details that could be used to identify a customer.

In past years, internet security threats were usually of a passive nature involving mainly eavesdropping and password guessing. In recent years, direct attacks on banking systems and customer PINs have become increasingly widespread. Through targeted attacks such as phishing, fake websites,spamming, viruses, worms, trojan horses, trapdoors, keylogging, spyware and middleman infiltration, customer PINs are under constant threats from various types of systems vulnerabilities, security flaws, exploits and scams.

The essence of two-factor authentication technology is the availability of a wide range of security tools, devices, techniques and procedures to counter the cyber threats and attacks described above. As an integral part of the two-factor authentication architecture,banks should also implement appropriate measures to minimise exposure to a middleman attack which is more commonly known as a man-in-the-middle attack (MITMA).

Distributing software via the internet is becoming increasingly popular.However, in the context of internet banking, downloading and running software codes, plug-ins, applets, ActiveX programs and other executable files from anonymous or unverifiable sources is possibly one of the riskiest actions a

customer could do on his personal computer. The threats and risks associated with downloading are significant if the customer could not be reasonably sure that the software is genuine and that it has not been tampered with even if it were from a legitimate source in the first instance. Many incidents have occurred where internet users have been deceived by hackers into downloading trojans,backdoors, viruses and other errant so ftware which cause malicious damage and harmful consequences.

Banks should not distribute software to their customers via the internet or through a web-based system unless they can provide adequate security and safeguards for the customers.This would imply that customers can verify the provenance and integrity of the downloaded software and authenticate the bank's digital signature incorporated in the software using a digital certificate provided by the bank. In return, the bank is also able to check the authenticity and integrity of the software being used by the customers.