Safety basics of online banking

17 Jul 2007

Growing popularity of online banking has also brought in growing threats for users, says Raj Jain, vice chairman and managing director, RS Software.

It is 9:15 am, Monday and you are standing in a queue to withdraw cash from a bank counter.There are 15 other people ahead of you in the queue. A meeting is scheduled at your office at 11:00 a.m., and, looking at the pace of the counter clerk, it seems it would be another 45 minutes before you can get to the counter.

Now you have to decide whether to put off the withdrawal for another day or to skip the meeting! Either way, you have a problem. It is a waste of effort, time, and money. On the other hand, the bank is getting crowded with more and more customers pouring in for their transactions, and the queue has become a spaghetti loop. Every face reflects dissatisfaction.

All of us experienced this in our lives at some time or the other. This is especially familiar to those who have been dealing with bank transactions all their lives. Those who have started using bank services in recent years, however, probably have a different experience.

That because nowadays people seldom go to the bank for any transaction; they prefer to go online!

Online banking (internet banking) is a term used for performing transactions over the internet through a bank''s secure website. This can be very useful, especially for banking outside office hours and banking from remote places as along as Internet access is available. In most cases, a web browser, such as Internet Explorer or Mozilla Firefox, suffices. No special software or hardware is usually needed.

Benefits of online banking

Convenience - You can use online banking 24x7x365 from home, office, cyber café or any other place using a mobile device, like your laptop or PDA.

Availability - This facility is available even when you are away from your hometown as long as Internet access is available.

Speed - The transaction speed is much higher compared to a conventional system or even ATM!

Flexibility - You can manage/operate all types of banking services, including IRAs and CDs, online.

Security - There are certain security issues in online banking, but security is going to improve over time.

Disadvantages of online banking

Initial hiccups - It may take some time to get familiar with online banking services if you are not Internet-savvy.

Gaining customer trust - Unlike traditional banking, there is no hard-copy acknowledgement of Internet transactions. This may create a trust-related problem until the idea of Internet banking takes root in the user''s mind. Despite all the convenience, customers expect proof of transaction with the seal of the bank.

"Two-fifths of the European Internet users who don''t use online banking say they are holding back because they worry about security, according to a survey of nearly 23,000 Europeans"

- Forrester Research

Online banking Security concerns
Online banking is still not fully acceptable even in developed countries because of security loopholes.

Major Online banking threats

Phishing

A Miami businessman is suing his bank for the loss of $90,000. He claims that, in February 2005, this money was stolen from his online bank account via an unauthorised transaction. Investigations have revealed that the businessman''s computer was infected with a Trojan capable of logging keystrokes.

Phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as user names, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.

Phishing is typically carried out using email or an instant message, and often directs users to give details at a website, although phone contact is used as well.

How can you minimise the risk of phishing?

Always type the full site name into your Internet browser to log on. Never click on or copy - paste the URL given in an e-mail or another site.
Verify the authenticity of e-mail requesting personal login information, such as bank account id, user name, password or PIN, by either calling the bank over phone or separately visiting the bank''s website.
Authentic bank e-mail will not request personal details or login information.
Delete all unsolicited e-mail immediately.
Change your Internet banking password on a regular basis and maintain a complex multi-character password.
Keep your anti-virus and firewalls up-to-date and perform regular scans of your computer/laptop.

Spyware and Adware

Spyware is a type of software that covertly collects user information while you are on the Internet.

Adware is a type of spyware used by marketers to track Internet users'' habits and interests for the purpose of customising future advertising material. Adware can monitor information such as the types of sites visited, articles read or the types of pop-ups and banners the user clicks on. The information is then used to customize future advertisements directed to the user, or can be sold to a third party for the same purpose.

How can you protect yourself from Spyware and Adware

Do not click on banners or pop-ups while surfing the Internet, no matter how enticing they may appear.
Carefully read the fine lines stated as "Terms and conditions" before you install free programs or subscribe to services from the Internet.
Regularly update your anti-spyware program to scan your computer.

Virus and Worms
A computer virus is software that performs unwanted operations while executed. It attaches itself to another program, like a spreadsheet or Microsoft Word. A virus is only active when the program it is attached to is active. A virus deletes files, corrupts the hard disk and system files leading to complete system malfunction. While the virus is active, resource utilization of the computer rises.

A worm is similar to a virus in terms of destructiveness but it is active by itself and does not need any other program.

How can you keep virus and worms away?

Have anti-virus installed all the time, and keep it updated with the latest virus definitions.
Schedule anti-virus scans every day.
Download and install security patches for your operating system as soon as they are available.
Do not accept attachments in e-mails from unknown sources.
Install software from trusted sources only

Trojans
A Trojan is a destructive program that poses as a harmless application. Usually a Trojan is a component of a multiple-part malicious program. The cumulative purpose of these programs is to gather information from host machines. The Trojan sitting on a machine collects data and sends them back to some remote program that is later used for a malicious purpose. Unlike viruses, Trojans do no replicate themselves and do not need a host program to attach to.

How to avoid Trojans

Do not open emails or accept attachments from unknown or unsolicited sources.
Install software from trusted sources only.
Do not click on links contained within emails from unknown sources.
Regularly scan your computer for Trojans and other malicious programs with up-to-date anti-virus software.
Use a firewall to monitor traffic to and from your computer while connected to the Internet.
Download and install security patches for your operating system as soon as they are available.

Major Online banking vulnerabilities

Banking application security

Online bank applications must be thoroughly tested for buffer overflow, cross-site scripting and SQL injection before being released or hosted.

Use of user name and password

Customers should change their passwords frequently and use strong passwords. This should not be shared with anybody.

Absence of multifactor authentication

Currently customers use only user id and password to get into the banking site. It should have multiple authentications, like RSA token and biometric, to strengthen the authentication process.

Lack of laws for cyber crime

There is a need to revise and strengthen legislation to prosecute cyber criminals. Investigation and forensic practices should gear up to collect evidence that could help to identify and prosecute a cyber. Cyber criminals are aware of the fact and taking advantage of these loopholes.