Study of Risk in Internet Banking

INTRODUCTION TO INTERNET BANKING

Meaning:
Internet Banking System is a system that has been developed in order to help clients with the daily day-to-day transactions. Internet banking systems means that clients can now do banking at the leisure of their homes. Also known as online banking, the system allows both transactional and non-transactional features. Online banking or internet banking allows customers to conduct financial transactions on a secure website operated by the retail or virtual bank. There is a sea change in the media world. While most consumers see the newspapers, the same magazines and listen to the same radio programs, behind this bland public exterior there is a seething world of innovation, acquisition, global partnership and divorces, births and deaths all of it most readily interpreted as the inevitable result of the technological revolution that is in the process of merging telephones, computers, televisions in to a single all singing, all dancing magic kit that will, very possible, change all of our lives more than we can imagine some day There are 2 ways which we can respond to this 1 is to panic, which may mean simply curling up in a corner and wishing that it would all go away. The other is to embrace the new religion with messianic fervor and go out to proclaim the millennium.

Definition of E-Banking
E-Banking is defined as the automated delivery of new and traditional banking products and services directly to customers through electronic, interactive communication channels, E-banking includes the systems that enable financial
1 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

institution customers, individuals of businesses, to access accounts, transact business, or obtain information on financial products and services through a public or private network, including the Internet. Customers access e-banking services using an intelligent electronic device, such as a personal computer, personal digital assistant, automated teller machine, Touch tone telephone. While the risks and controls are similar for the various ebanking access channels, this booklet focuses specifically on Internet-based services.

What is e-banking?
E-banking is defined as the automated delivery of new and traditional banking products and services directly to customers through electronic, interactive communication channels. E-banking includes the systems that enable financial institution customers, individuals or businesses, to access accounts, transact business, or obtain information on financial products and services through a public or private network, including the Internet. Customers access e-banking services using an intelligent electronic device, such as a personal computer (PC), personal digital assistant (PDA), automated teller machine (ATM), kiosk, or Touch Tone telephone. While the risks and controls are similar for the various e-banking access channels, this booklet focuses specifically on Internet-based services due to the Internet's widely accessible public network. Accordingly, this booklet begins with a discussion of the two primary types of Internet websites: informational and transactional.

2 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking Risk in Internet Banking

Numerous financial institutions understand that online transaction principally enhance data protection perils with little or no attention being paid towards the consequence involving further financial transaction precise perils. Controls involving the supervision of perils are developing at a slow pace when compared to the momentum at which loads of organizations are growing without the integration of risk management principles in their business arrangements. This chapter presents a general idea of a variety of risks keen to online financial transaction, with well defined methods of controlling these perils.

3 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

OBJECTIVES OF STUDY
The overall objective of the present study is to analysis the role of reach of Internet banking in India. The specific objectives of the study are enunciated below To examine the reach of internet banking To know risk involved in Internet banking To identify the level of security among customers in using Internet banking services. To understand risk management techniques used in banks To know Internet services provided by SBI Bank.

4 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

HISTORY OF INTERNET BANKING

The concept of electronic banking systems began when the first automated teller machines (ATMs) were installed in the 1970s. ATM machines allowed deposits to be made from remote locationsa convenience for customers who otherwise would have had to withdraw cash personally from their bank. According to D. K. Murthy and K. R. Venugopal in the book Indian Financial System, the advantages offered by ATM machines quickly spilled over to encompass other areas of bank services, computerizing manual systems for greater efficiency and time savings. The concept behind ATM machines gave rise to smart cards, intranet and Internet banking, EFT (electronic funds transfer) and POS (point of sale) systems, phone banking and other electronic services.

In the World:
The term online banking was first started in 80s. The term online became popular in the late 80s and referred to the use of a terminal, keyboard and TV (or monitor) to access the banking system using a phone line. Home banking can also refer to the use of a numeric keypad to send tones down a phone line with instructions to the bank. Online services started in New York in 1981 when four of the citys major banks (Citibank, Chase Manhattan, Chemical and Manufacturers Hanover) offered home banking services using the videotext system. Because of the commercial failure of videotext these banking services never became popular except in France where the us e of videotext was subsidized by the telecom provider and the UK, where the Prestel system was used.
5 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

The first home online banking services were set up by the Nottingham Building Society (NBS) located in UK in 1983. The system used was based on the UKs Prestel system and used a computer, such as the BBC Micro, or keyboard (Tan data Td1400) connected to the telephone system and television set. The system (known as Home link) allowed on-line viewing of statements, bank transfers and bill payments. In order to make bank transfers and bill payments, a written instruction giving details of the intended recipient had to be sent to the NBS who set the details up on the Home link system. Typical recipients were gas, electricity and telephone companies and accounts with other banks. Details of payments to be made were input into the NBS system by the account holder via Prestel. A cheque was then sent by NBS to the payee and an advice giving details of the payment was sent to the account holder. BACS was later used to transfer the payment directly. Stanford Federal Credit Union was the first financial institution to offer online internet banking services to all of its members in Oct, 1994. Later on it was adopted by worldwide banks.

6 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

Highest Internet User Countries in the World:

In India
Internet banking, both as a medium of delivery of banking services and as a strategic tool for business development, has gained wide acceptance internationally and is fast catching up in India with more and more banks entering this market. ICICI was the first bank in India to launch internet banking facility in the year 1997. A recent survey consisting of 46 banks, has revealed that at present, 11 banks in India are providing Internet banking services at different levels, 22 banks

7 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

propose to offer Internet banking in near future while the remaining 13 banks have no immediate plans to offer such facility.

At present, the total Internet users in the country are estimated at 2.5 Crores. About 60% of internet users use internet banking directly or indirectly. Costs of banking service through the Internet form a fraction of costs through conventional methods. Rough estimates assume teller cost at Re.1 per transaction, ATM transaction cost at 45 paise, phone banking at 35 paise, debit cards at 20 paise and Internet banking at 10 paise per transaction. The cost-conscious banks in the country have therefore actively considered use of the Internet as a channel for providing services. The Reserve Bank of India constituted a working group on Internet Banking. The group divided the internet banking products in India into 3 types based on the levels.

8 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

FEATURES OF ONLINE BANKING:

Transactional:
It involves carrying out financial transactions such as payment of bills, applying for a loan and enrollment repayments, creating a new account, invest purchase and sales and transfer of funds between a clients transactional account and a savings account.

Non transactional:
It involves downloading of financial documents like a bank statement, co browsing, checking of links and viewing of recent financial transactions such as viewing images of paid cheques.

Transaction approval process:

The Transaction Approval Process (TAP) permits an institute to make use of Access Online to endorse and review transactions through existing interior approval hierarchy and methods. The TAP utility is used to get rid of paper endorsements and effortlessly approve transactions and view endorsement record. The TAP functions elasticity also permits the client mirror his or her own interior reviewing methods, from simple to complex.

9 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

ADVANTAGES OF INTERNET BANKING

The advantages of internet banking are listed below:

Eliminates the use of paper and replaces it with computer screens. No need to stand in line at the bank; because all you have to do is log on to the internet access your account. It is safe, hassle free, saves hours of time a month. Greater reach to customers. Quicker time to market. Ability to introduce new products and services quickly and successfully. Ability to understand its customer needs. Customers are given access to information easily across any location. Greater customer loyalty. It is convenient. There are no geographical barriers. Getting quarterly statements from the bank, transferring funds to outstation. Services can be offered at a miniscule cost.

10 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

DISADVANTAGES OF INTERNET BANKING

Following are the disadvantages of Internet Banking

Risk No perceived need Lack of knowledge about the service Inaccessibility Lacking the human touch Pricing concerns IT fatigue Inertia Managerial implications The infrastructural costs of providing such services are quite high. Limited criteria in online trading. Delay in fund transfer. When server downs the whole process handicapped. Technical problems occur sometimes which affect customers badly. Late processing also sometimes in some services create a hurdle causing delay.

Late security level in the service to cope with hacking problem

11 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

SWOT Analysis of Internet Banking

The following are the strength, Weakness opportunists and threats of Internet Banking in India: Strength Aggression towards development of the existing standards of banks Strong regulatory impact by central bank to all the banks Presence of intellectual capital to face the change in implementation with good quality Fully computerized and techno savvy A person can access his account from anywhere he is A person can do banking transactions like funds transfer to any account, book ticket, bill pay at any time of the day Weakness High bank service charges. All the bank charges highly to the customers for the services provided through internet banking Poor technology infrastructure Ineffective risk measures Easy Access of internet banking account by wrong people through email ids When the server is down the whole process is handicapped Opportunities Increasing risk management expertise Advancement of technologies, strong asset base would help in bigger growth
12 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

Safety of using internet banking is robust, so more internet banking users in future The international scope of internet banking provides new growth perspectives and internet business is a catalyst for new technologies and new business processes Threats Banks provides all services through electronic computerized machines and this creates problems to the less educated people Inability to meet the additional capital requirements Huge investment in technologies Internet banking will be replaced by mobile banking

13 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

RISK INVOLVED IN INTERNET BANKING

Internet banking creates new risk control challenges for national banks. From supervisory perspective, risk is the potential that events, expected or unexpected, may have an adverse impact on the banks earnings or capital. There are generally nine categories of risks in internet banking, which are as follows: Credit Risk Interest rate Risk Liquidity Risk Price Risk Foreign exchange Risk Transaction compliance Risk Strategic Risk and Reputation Risk.

Credit Risk:
Credit risk is the risk to earnings or capital arising from an obligors failure to meet the terms of any contract with the bank or otherwise to perform as agreed. Credit risk is found in all activities where success depends on counterparty, issuer, or borrower performance. It arises any time bank funds are extended, committed, invested, or otherwise exposed through actual or implied contractual agreements, whether on or off the banks balance sheet. Internet banking provides the opportunity for banks to expand their geographic range. Customers can reach a given institution from literally anywhere in the world. In dealing with customers
14 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

over the Internet, absent any personal contact, it is challenging for institutions to verify the bonfires of their customers, which is an important element in making sound credit decisions.

Interest Rate Risk:

Interest rate risk is the risk to earnings or capital arising from movements in interest rates. The following are the types of interest rate risk.

Reprising Risk:
Interest rate risk arises from differences between the timing of rate changes and the timing of cash flows.

Basis Risk:
Interest rate risk arises from changing rate relationships yield curves affecting bank activities. among different

Yield Curve Risk:

Interest rate risk arises from changing rate relationships across the spectrum of maturities and

Options Risk:
Interest rate risk arises from interest-related options products. embedded in bank

15 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

Liquidity Risk
Liquidity risk is the risk to earnings or capital arising from a banks inability to meet its obligations when they come due, without incurring unacceptable losses. Liquidity risk includes the inability to manage unplanned changes in funding sources. Liquidity risk also arises from the failure to recognize or address changes in market conditions affecting the ability of the bank to liquidate assets quickly and with minimal loss in value. Internet banking can increase deposit volatility from customers who maintain accounts solely on the basis of rate or terms.

Price Risk
Price risk is the risk to earnings or capital arising from changes in the value of traded portfolios of financial instruments. This risk arises from market making, dealing, and position taking in interest rate, foreign exchange, equity, and commodities markets. Banks may be exposed to price risk if they create or expand deposit brokering, loan sales, or securitization programs as a result of Internet banking activities. Appropriate management systems should be maintained to monitor, measure, and manage price risk if assets are actively traded.

Foreign Exchange Risk:

Foreign exchange risk is present when a loan or portfolio of loans is denominated in a foreign currency or is funded by borrowings in another currency. In some cases, banks will enter into multi-currency credit commitments that permit borrowers to select the currency they prefer to use in each rollover period. Foreign exchange risk can be intensified by political, social, or economic developments. The consequences can be unfavorable if one of the currencies involved becomes
16 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

subject to stringent exchange controls or is subject to wide exchange-rate fluctuations.

Transaction Risk:
Transaction risk is the current and prospective risk to earnings and capital arising from fraud, error, and the inability to deliver products or services, maintain a competitive position, and manage information. Transaction risk is evident in each product and service offered and encompasses product Internet Banking development and delivery, transaction processing, systems development, computing systems, complexity of products and services, and the internal control environment. A high level of transaction risk may exist with Internet banking products, particularly if those lines of business are not adequately planned, implemented, and monitored. Banks that offer financial products and services through the Internet must be able to meet their customers expectations. Customers who do business over the Internet are likely to have little tolerance for errors or omissions from financial institutions that do not have sophisticated internal controls to manage their Internet banking business.

Compliance Risk:
Compliance risk is the risk to earnings or capital arising from violations of, or nonconformance with, laws, rules, regulations, prescribed practices, or ethical standards. Compliance risk also arises in situations where the laws or rules governing certain bank products or activities of the banks clients may be ambiguous or untested. Compliance risk exposes the institution to fines, civil money penalties, payment of damages, and the voiding of contracts. Compliance risk can lead to a diminished reputation, reduced franchise value, limited business
17 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

opportunities, reduced expansion potential, and lack of contract enforceability. Most Internet banking customers will continue to use other bank delivery channels.

Strategic Risk:
Strategic risk is the current and prospective impact on earnings or capital arising from adverse business decisions, improper implementation of decisions, or lack of responsiveness to industry changes. This risk is a function of the compatibility of an organizations strategic goals, the business strategies developed to achieve those goals, the resources deployed against these goals, and the quality of implementation. Management must understand the risks associated with Internet banking before they make a decision to develop a particular class of business. In some cases, banks may offer new products and services via the Internet. It is important that management understand the risks involved in the decisions. Before introducing the Internet banking product, management should consider whether the product and technology are consistent with tangible business objectives in the banks strategic plan. The bank also should consider whether adequate expertise and resources are available to identify, monitor, and control risk in the Internet banking business.

Reputation Risk:
Reputation risk is the current and prospective impact on earnings and capital arising from negative public opinion. This affects the institutions ability to establish new relationships or services or continue servicing existing relationships. This risk may expose the institution to litigation, financial loss, or a decline in its customer base. Reputation risk exposure is present throughout the organization and includes the responsibility to exercise an abundance of caution in
18 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

dealing with customers and the community. A banks reputation can be damaged by Internet banking services that are poorly executed or otherwise alienate customers and the public. Well-designed marketing, including disclosures, is one way to educate potential customers and help limit reputation risk. A national bank should not market the banks Internet banking system based on features or attributes the system does not have. National banks should carefully consider how connections to third parties are presented on their Web sites. Hypertext links are often used to enable a customer to link to a third party. Such links may reflect an endorsement of the third partys products or services in the eyes of the customer. It should be clear to the customer when they have left the bank s Web site so that there is no confusion about the provider of the specific products and services offered or the security and privacy standards that apply. National banks need to be sure that their business continuity plans include the Internet banking business.

19 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

RISK MANAGEMENT PRINCIPLES

The risk should be assessed based on the category of client, the organizations transactional abilities, the importance and worth of the amassed data to the organization and client, the simplicity of using the scheme and with degree and magnitude of transactions. Running the risks and putting into practice controls for online banking schemes tags along very similar standards with likewise procedures of managing risks. Leaving this to Information Technology (IT) to manage or indulging it as a technical setback can be a very unsafe thing to do. As above listing of risks have suggested, there is a need for a top managerial role in order to effectively monitor and combat these risks.

Board and management oversight:

The top managerial staff of the banking institution is obliged to ensure the effective management of all forms of risks associated with online banking and also ensure accountability and policy control in the execution of activities related to Ebanking. Also the top managerial officers should maximize to the fullest the opportunities attached to online banking such as garnering of profits and to fulfill the main goals and objectives of the institution. An unmistakable intention sets the tone for a healthy risk position. It is the responsibility of high ranking officers to evaluate and endorse the transactional report of the online banking as lack of evaluation could result into a big problem for the institution. The report should be tactically analyzed and should be subjected to affordable cost auditing. Also, top managerial officers should not be involved in e-banking enterprise unless they are highly horned in risk
20 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

management. Also the top managerial staff of any banking institution should decide the method of risk management, reporting approaches and intensification methods. An official risk analyses group should be appointed by the top managerial staff in line with accountability, risk evaluation, alleviation and recognition. Also top managerial staff should ensure thorough analyses of online banking before it is embarked upon.

Legal and reputational risk management:

Legal and reputational risk management can be divided into the following: Privacy: There should be a privacy rule from the bank and this must be communicated to all prospective clients. Clients have to be given the opportunity to withdraw whenever required and this should be laced with different alternatives of choice. Also client permission should be sought before dissemination of information to external parties. Finally if clients are from different locales, the strongest privacy law is therefore applicable. Availability: Business stability and emergency planning strategy which guarantees ease of accessibility of online banking services to customers must be included by the banking institution. This however is highly demanding based on the 24 h provision of services and accessibility to customers and also the amount of transactions carried out. Incident response: There should be the creation of s device which identifies, contain and handles promptly difficulties that might arise both internally and externally. There should be a communication blueprint for clients by whom they can
21 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

channel their complaints and the use of intensification pathways. Finally a medium by which forensic evidence is protected in the case an assault should be created. Excel Spreadsheet for Risk Assessment for Policies, Training for Risk Assessment, Cover Sheet, Vendor Oversight, Assignment Sheet, amongst others are instruments created from a range of data resources to carry out risk evaluation on data safekeeping and/or Online banking. The worksheets cuts across instructing matters, agreement issues, board and management supervision and risk evaluations for guarding principles from a variety of disaster recuperation to wire transfers. The risks that crops up from online banking are not limited to protection of information but can be seen to have its own effects on other areas of the banking system. There is a need for the integration of risk management by top managerial staff and this should be done in accordance with already existing regulatory mechanisms in the organization. In cases of technological modifications, control processes are expected to be upgraded. When it comes to human resource risk management in online banking, cautious methods should be practiced to prevent existing and past members of staff, service providers, vendors and those who possess a key understanding of the internal workings of the banks systems, operations and inner controls that have a major advantage over external attackers from carrying out attacks on the banks clients.

22 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

GUIDELINES
Simple Guidelines for Safe Internet banking Banking:
On no account utilize communal terminals like cyber cafes when you are carrying out banking transactions online. The peril of compromise while making use of a wireless connection is to a large extent greater. Clients should carry out online banking transactions through a wireless connection provided that they are completely assured of the connection safety. Clients should be certain that their spyware and anti-virus applications are up to date and it is advisable to perform regular system scans. Clients should on no account log into a banking site via a link. Alternatively, clients should type out the address of the banks website into the browser bar. Clients should never access any other web site when they are logged into an online banking site; they should be sure as to ascertain that there is only one window open. Clients should choose their user name and password cautiously. Both password and user name shouldn't be easy for anyone to deduce and they should be changed regularly. Clients computer software should be updated regularly. Clients should check for the padlock logo on the lesser right hand side of the browser window (it shows that the website is secured). Once a client is done with his or her Online banking, the client should log out and close the browser window. On no account should a client give out his or her password on the Internet (via emails) or through the phone to anybody.
23 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking RBI Guidelines on Internet Banking:

In June 2001 banks were advised to seek prior approval of Reserve Bank of India before offering transactional services on the Internet. The position has since been reviewed and RBI has advised on 20th July 2005 that while the offering of Internet Banking services will continue to be governed by the provisions of the above circular, no prior approval of the Reserve Bank of India will be required by banks for offering Internet Banking services. Banks should, however, ensure compliance with the following conditions: The Internet Banking policy has been approved by the Banks Board. The policy fits into the banks overall Information Technology and Information Security policy and ensures confidentiality of records and security systems. Policy takes into account operational risk. The policy clearly lays down the procedure to be followed in respect of Know Your Customer" requirements, and The policy broadly meets the parameters laid down in the earlier circular.

24 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

RISK MANAGEMENT TECHNIQUES UNDERTAKEN BY BANKS

Financial institutions should have a technology risk management process to enable them to identify, measure, monitor, and control their technology risk exposure.

Risk management of new technologies has three essential elements:

The planning process for the use of the technology. Implementation of the technology. The means to measure and monitor risk.

The risk planning process:

The risk planning process is the responsibility of the board and senior management. They need to possess the knowledge and skills to manage the banks use of Internet banking technology and technology-related risks. The board should review, approve, and monitor Internet banking technology-related projects that may have a significant impact on the banks risk profile. They should determine whether the technology and products are in line with the banks strategic goals and meet a need in their market. Senior management should have the skills to evaluate the technology employed and risks assumed. Periodic independent evaluations of the Internet banking technology and products by auditors or consultants can help the board and senior management fulfill their responsibilities.

Implementing the technology

25 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

Implementing the technology is the responsibility of management. Management should have the skills to effectively evaluate Internet banking technologies and products, select the right mix for the bank, and see that they are installed appropriately. If the bank does not have the expertise to fulfill this responsibility internally, it should consider contracting with a vendor who specializes in this type of business or engaging in an alliance with another provider with complementary technologies or expertise

Measuring and monitoring risk

Measuring and monitoring risk is the responsibility of management. Management should have the skills to effectively identify, measure, monitor, and control risks associated with Internet banking. The board should receive regular reports on the technologies employed, the risks assumed, and how those risks are managed. Monitoring system performance is a key success factor. As part of the design process, a national bank should include effective quality assurance and audit processes in its Internet banking system. The bank should periodically review the systems to determine whether they are meeting the performance standards.

26 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

PROBLEMS & SOLUTION IN INTERNET BANKING

Financial institutions, their card associations, and vendors are working to develop an Internet payment infrastructure to help make electronic commerce secure. Many in the banking industry expect significant growth in the use of the Internet for the purchase of goods and services and electronic data interchange. The banking industry also recognizes that the Internet must be secure to achieve a high level of confidence with both consumers and businesses. Sound management of banking products and services, especially those provided over the Internet, is fundamental to maintaining a high level of public confidence not only in the individual bank and its brand name but also in the banking system as a whole. Key components that will help maintain a high level of public confidence in an open network environment include: Security Authentication Privacy Availability Security Threat: Security is an issue in Internet banking systems. Some national banks allow for direct dial-in access to their systems over a private network while others provide network access through the Internet. Although the publicly accessible Internet generally may be less secure, both types of connections are vulnerable to interception and alteration. For example, hardware or software sniffers can

27 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

obtain passwords, account numbers, credit card numbers, etc. without regard to the means of access. Solution: National banks therefore must have a sound system of internal controls to protect against security breaches for all forms of electronic access. Firewalls are frequently used on Internet banking systems as a security measure to protect internal systems and should be considered for any system connected to an outside network. Firewalls are a combination of hardware and software placed between two networks through which all traffic must pass, regardless of the direction of flow. They provide a gateway to guard against unauthorized individuals gaining access to the banks network.

Authentication Threat: Authentication is another issue in Internet banking system. Transactions on the Internet or any other telecommunication network must be secure to achieve a high level of public confidence. In cyberspace, as in the physical world, customers, banks, and merchants need assurances that they will receive the service as ordered or the merchandise as requested, and that they know the identity of the person they are dealing with. Solution: Banks typically use symmetric (private key) encryption technology to secure messages and asymmetric (public/private key) cryptography to authenticate parties. Asymmetric cryptography employs two keys a public key and a private key. These two keys are mathematically tied but one key cannot be deduced from the other. For example, to authenticate that a message coming from the sender, the
28 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

sender encrypts the message using their private key. Only the sender knows the private key. But, once sent, the message can be read only using the senders public key. Since the message can only be read using the senders public key, the receiver knows the message came from the expected sender. Privacy: Privacy is a consumer issue of increasing importance. National banks that recognize and respond to privacy issues in a proactive way make this a positive attribute for the bank and a benefit for its customers. Public concerns over the proper versus improper accumulation and use of personal information are likely to increase with the continued growth of electronic commerce and the Internet. Providers who are sensitive to these concerns have an advantage over those who do not. Availability: Availability is another component in maintaining a high level of public confidence in a network environment. All of the previous components are of little value if the network is not available and convenient to customers. Users of a network expect access to systems 24 hours per day, seven days a week. Among the considerations associated with system availability are capacity, performance monitoring, redundancy, and business resumption. National banks and their vendors who provide Internet banking products and services need to make certain that they have the capacity in terms of hardware and software to consistently deliver a high level of service.

29 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

INTRODUCTION OF STATE BANK OF INDIA (SBI)

Company profile State bank of India is the nations largest and oldest bank. Tracing its roots back some 200 years to the British East India Company (and initially established as the Bank of Calcutta in 1806), the bank operates more than 15,000 branches within India, where it also owns majority stakes in six associate banks. State Bank of India (SBI) has more than 80 offices in nearly 35 other countries, including multiple locations in the US, Canada, and Nigeria. The bank has other units devoted to capital markets, fund management, factoring and commercial services, credit cards, and brokerage services. The Reserve Bank of India owns about 60% of State bank of India.

30 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

SERVICES PROVIDED BY SBI INTERNET BANKING

Online SBI State Bank of India is Indias largest bank with a branch network of over 11000 branches and 6 associate banks located even in the remotest parts of India. State Bank of India (SBI) offers a wide range of banking products and services to corporate and retail customers. Online SBI is the Internet banking portal for State Bank of India. The portal provides anywhere, anytime, online access to accounts for State Banks Retail and Corporate customers. The application is developed using the latest cutting edge technology and tools. The infrastructure supports unified, secure access to banking services for accounts in over 11,000 branches across India.

Retail Banking:The Retail banking application is an integration of several functional areas, and enables customers to: Issue Demand Drafts online Transfer funds to own and third party accounts Credit beneficiary accounts using the VISA Money Transfer, RTGS/NEFT feature Generate account statements Setup Standing Instructions Configure profile settings Use tax for online tax payment Use pay for automatic bill payments Interface with merchants for railway and airline reservations

31 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

Corporate Banking:The Online SBI corporate banking application provides features to administer and manage corporate accounts online. The corporate module provides roles such as Regulator, Admin, Up loader, Transaction Maker, Authorizer, and Auditor.

These roles have access to the following functions:

Manage users, define rights and transaction rules on corporate accounts Access accounts in several branches with a single sign-on mechanism Upload files to make bulk transactions to third parties, supplier, vendor and tax collection authorities. Use online transactional features such as fund transfer to own accounts, third party payments, and draft issues Make bill payments over the Internet. Authorize, modify, reschedule and cancel transactions, based on rights assigned to the user Generate account statement Enquire on transaction details or current balance Value added services: Tax payments to central and state governments through site to site integration. Supply Chain Finance( e-VFS- Electronic Vendor Finance Scheme) Direct Debit Facility E Collection Facilities Core Banking Transactions Internet Bank transactions for incoming RTGS/NEFT Transactions Internet banking transactions for SBI and associate banks

32 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

Debit facility where suppliers can directly debit their customers account through internet banking. Other online services: E-Ticketing SBI E-Tax Bill Payment RTGS/NEFT E-Payment Fund Transfer Third Party Transfer Demand Draft Cheque Book Request Account Opening Request Account Statement Transaction Enquiry Donation

E-Ticketing :You can book your railway, air and bus tickets online through Online SBI. To book your train ticket, just log on to irctc.co.in and create an ID there at if you do not have one. Submit your travel plan and book the ticket(s)-either i-ticket (where the delivery of tickets will be made at your address) or E-tickets (wherein after successful payment transactions, an e-ticket is generated which can be printed any time. For an e-ticket, the details of photo identity card will be required to be filled in).And selects State Bank of India in the payment options. You will be
33 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

redirected to Internet Banking site of SBI. After submitting the respective ID and password, you can select your account. After a successful debit, Railways will generate the ticket. E-ticket can be printed by you whereas i-ticket will be dispatched by IRCTC at the given address. Service charges @ Rs.10/- per transaction shall be levied in addition to the cost of the ticket. Cancellation of Eticket can be done by logging on to IRCTCs site; refund amount will be credited to your account directly within 2-3 days. For cancellation of i-ticket, you shall be required to submit your ticket at a computerized counter of Railways and on cancellation; the amount shall be credited back to your account. To book other forms of tickets the procedure is same. The customer is only needs to go to the respective website and follow the necessary instruction.

SBI E-Tax:You can pay your taxes online through SBI E-Tax. This facility enables you to pay TDS, Income tax, Indirect tax, Corporation tax, Wealth tax, Estate Duty and Fringe Benefits tax. Click the e-Tax link in the home page. You are displayed with a page with two links one is for Direct Tax and the other is for Indirect Tax. Click the Direct Tax link. You will be redirected to the NSDL site where you can select an online challenge based on the tax you wish to pay. Provide the PAN, name and address, assessment year, nature of payment and bank name. On selecting the bank name as SBI and submitting the form, you will be redirected to the Internet Banking site. After submitting the respective ID and password, you can select your account for making payment of taxes. After payment is successful you can print the E-Receipt for the payment. The E-receipt can be printed at a later date also and the same can be retrieved from by navigating to Enquiries > Find Transactions > Status Enquiries > Click on the respective transaction to print the tax receipt. The
34 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

procedure is same for indirect tax, in case of indirect tax you are redirected to the website of CBEC (Central Board of Excise and Customs).

Bill Payment :It is a simple and convenient service for viewing and paying your bills online. No more late payments No more queues No more hassles of depositing cheques Using the bill payment the user can view and Pay various bills online, directly from your SBI account. The user can pay telephone, electricity, insurance, credit cards and other bills from the comfort of your house or office, 24 hours a day, 365 days a year. Simply logon to (http://www.onlinesbi.com) with his credentials and register the biller to which you want to pay, with all the bill details. Once the bill is uploaded by the biller, the user can make payment online within just few steps. The user can also set up Auto Pay instructions with an upper limit to ensure that your bills are paid automatically whenever they are due. The upper limit ensures that only bills within the specified limit are paid automatically, thereby providing the customer with complete control over all these bill payments. The e-PAY service is available in various cities across the country and you can now make payments to several billers in your region.

RTGS/NEFT :You can transfer money from your State Bank account to accounts in other banks using the RTGS/NEFT service. The RTGS (Real Time Gross Settlement) system facilitates transfer of funds from accounts in one bank to another on a "Real Time" and on "Gross Settlement" basis. This system is the fastest possible
35 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

interbank money transfer facility available through secure banking channels in India. RTGS transaction requests will be sent to RBI immediately during working hours post working hours requests are registered and sent to RBI on next working day. The user can also schedule a transaction for a future date. The customer can transfer an amount of Rs.1 lac and above minimum using RTGS (Real Time Gross Settlement) system. NEFT stands for National Electronic Funds Transfer. NEFT facilitates transfer of funds to the credit account with the other participating bank. RBI acts as the service provider and transfers the credit to the other banks account. NEFT transactions are settled in batches based on the following Timings settlements on weekdays At 09:00, 11:00, 12:00, 13:00, 15:00 and 17:00 hrs. Settlements on Saturdays At 09:00, 11:00 and 12:00 hrs. All the above timings are based on Indian Standard Time (IST) only.

E-Payment :The customer can pay his insurance premium, mobile phone bills and also you can purchase mutual fund units by coming from the billers website and selecting state bank of India in the payment option in order to avail this facility.LIC PREMIUM: For paying premium of LIC policy the customer can logon to www.licindia.com and register his policy details. When the premium is due State Bank of India should be selected in the make payment option.SBI Mutual FUND: The customer can invest in the SBI Mutual Fund schemes online. He should logon to www.sbimf.com and select the scheme in which he want to make investment in the payment option select State Bank of India. CCAVENUES: Now the customer can enjoy shopping at the CCA venue Shopping Mall and purchase from a wide
36 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

variety of products and services through CCA venue Certified Vendors. He can make payments for your purchases using your Internet enabled SBI accounts. Fund Transfer :The Funds Transfer facility enables the user to transfer funds within his accounts in the same branch or other branches. The user can transfer aggregating Rs.1lakh per day to own accounts in the same branch and other branches. To make a funds transfer, the user should be an active Internet Banking user with transaction rights. Funds transfer to PPF account is restricted to the same branch. The user has to just log on to retail section of the Internet Banking site with his credentials and select the Funds Transfer link under Payments/Transfers tab. The user can see all his online debit and credit accounts. Select the debit account from which the user wish to transfer funds and the credit account into which the amount is to be credited. Enter the amount and remarks. The remarks will be displayed in his accounts statement for this transaction. The user will be displayed the last five funds transfer operations on his accounts. On confirming the transaction, the user will be displayed a confirmation page with the details of the transaction and the option to submit or cancel the funds transfer request. A reference number will be generated for his record.

Third Party Transfer:The user can transfer funds to his trusted third parties by adding them as third party accounts. The beneficiary account should be any branch SBI. Transfer is instant. The user can do any number of Transactions in a day for amount aggregating Rs.1lakh.To transfer funds to third party having account in SBI, the user need to add and approve a third party, the user need to register his mobile
37 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

number in personal details link under profile section. The user will receive a One Time SMS password on his mobile phone to approve a third party. If the user do not have a mobile number, third party approval will be handled by his branch. Only after approval of third party, the user will be able to transfer funds to the third party. The user can set limits for third party transactions made from his accounts or even set limits for individual third parties.

Demand Draft:The Internet Banking application enables the user to register demand drafts requests online. The user can get a demand draft from any of his Accounts (Savings Bank, Current Account, Cash Credit or Overdraft). The user can set limits for demand drafts issued from his accounts or use the bank specified limit for demand drafts. The user can opt to collect the draft in person at his branch, quoting a reference to the transaction. A printed advice can also be obtained from the site for his record.

Cheque Book Request:The user can request for a cheque book online. Cheque book can be requested for any of his Savings, Current, Cash Credit, and Over Draft accounts. The user can opt for cheque books with 25, 50 or 100 cheque leaves. The user can either collect it from branch or request his branch to send it by post or courier. The user can opt to get the cheque book delivered at his registered address or the user can provide an alternate address. Cheque books will be dispatched within 3 working days from the date of request to the requested destination by the user. The user can just log on to retail section of the Internet Banking site with his credentials and select the Cheque Book link under Requests tab. The user can view all his
38 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

transaction accounts. Select the account for which the user require a cheque book; enter the number of cheque leaves required and the mode of delivery. Then, submit the same.

Account Opening Request:Online SBI enables the user to open a new account online. The user can apply for a new account only in branches where he already has an account. He should have an INB-enabled account with transaction right in the branch. Funds in an existing account are used to open the new account. He can open Savings, Current, Term Deposit and Recurring Deposit accounts of Residents, NRO and NRE types. He has to enter retail section of the Internet Banking site with his using his ID and select the New Account link under Requests tab. He can see all types of accounts. Select the account and account type he wishes to open and submit the same. Then, he needs to select the branch and enter the initial amount to open the account. He can select any of his accounts for debiting the initial amount. Then, submit the transaction. His new account opening request will be processed by the branch.

Account Statement :The Internet Banking application can generate an online, downloadable account statement for any of the users accounts for any date range and for any account mapped to his username. The statement includes the transaction details, opening, closing and accumulated balance in the account. The user can generate the online account statement for any date range or for any month and year. The account statement can be viewed online, printed or downloaded as an Excel or

39 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

PDF file. He also has the option to select the number of records displayed in each page of the statement. The options are 25, 50, 75, 100 and all.

Transaction Enquiry:Online SBI provides features to enquire status of online transactions. The user can view and verify transaction details and the current status of transactions. The users VISA transactions can also be viewed separately. He has to just log onto retail section of the Internet Banking site with his credentials and select the Status Enquiry link under the Enquiries tab. The user will be displayed all online transactions he had performed.

Demat Account Statement:Online SBI enables the user to view Demat account statement and maintain such accounts. The bank acts as your depository participant. In the third party site, you can mark a lien on your Demat accounts and use the funds to trade on stock using funds in your SBI savings account. The user can view Demat account details, and generate the following statements: statement of holding, statement of transactions, statement of billing.

Donation:The user can make donation to religious and charitable institution by using Internet Banking of SBI. He has to just log on to http://www.onlinesbi.com/ with his credentials and go to Payment and transfer and click on make donation link. After selecting the debit account, the user has to select the religious/charitable institution to which he wants to offer donation. After successful payment he can print an E-receipt for the donation made.
40 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

SWOC ANALYSIS OF SBI INTERNET BANKING

Strengths: Greater reach to customers Quicker time to market Ability to introduce new products and services quickly and successfully Ability to understand its customers needs Customers are given access to information easily across any location Greater customer loyalty Easy online application for all accounts, including personal loans and mortgage 24 hours account access Quality customer service with personal attention Weaknesses: Lack of awareness among the existing customers regarding internet banking Obsolesce of technology take place very soon specially in terms of security on internet. Procedure for applying for id and password for using services related to internet banking takes time. Lack of knowledge is found regarding internet banking in employees of SBI Implementation of newer technology is little bit complicated Employees needs training to obtain knowledge regarding I-banking

41 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

Opportunities: Approximately 95% of customers are not using internet banking. Core competency can be achieved in terms of banking if focus is made on awareness of internet banking can become 1st virtual bank of India. Concentration of various services should be made using internet banking Challenges: Maintaining Business Edge over competitors in the context of sameness in IT infrastructure Multiple vendor support is necessary for working of highly complex technology Maintaining secured IT infrastructure for business operations Alternative must be there in case of failure of system

42 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

FINDINGS
The main findings of the study are presented herewith. In the users ratio of internet banking 65% of customers are using this service. The services that are mostly used by maximum customers are transactions, online trading, bill payment, shopping etc. The mode of the cash deposit in bank is for use to online transaction cash, cheque & e-banking. More banks are connecting to the any software company to running the Ebanking service. In these services the SBI banks is top in service of Ebanking. With an increase in awareness of risk management technique, one can note that there is also an increase in internet banking and better customer involment.

43 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

RECOMMENDATION
The following are the suggestions for the further improvement of Internet Banking in India: To prevent online banking from remaining customers to prompt this service through advertising company. After repairing this basic deficiency, banks must ensure that their service is competitive. All the complaints felt by the customers should be considered with seriousness and solution based approach to keep them satisfied in long run, SBI Bank should extend the technology which is used in internet banking in order to remove the difficulties. SBI Bank should provide the services in different languages. SBI bank should give proper training to their employees.

44 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

CONCLUSION
The project on Study of risk in Internet banking now familiar to all. I had a grater pleaser to present the project. I studying about Internet banking systems like that clients can now do banking at the leisure of their homes. I also studied that Internet banking allows customers to conduct financial transactions on a secure website operated by the retail or virtual bank. I study Internet banking risk which involved in Internet banking. This Risk like Tradition Risk, Credit Risk, Foreign Exchange Risk etc. I also study the risk management principals its problems and solution and techniques which are undertaken by banks. Study states that internet banking provides greater reach to customers. Feedback can be obtained easily as internet is virtual in nature. Customer loyalty can be gain. Personal attention can be given by bank to customer also quality service can be served. Studying the project I came to know that Internet banking is clearly the way forward for the State Bank of India. It provides comfort to customers at the same time it provides cost cutting to SBI by eliminating physical documentation. Internet banking saves time of bank as well as those of customers. More banks are connecting to the any software company to running the E-banking service. In these services the SBI banks is top in service of E-banking. SWOC analysis of internet banking I dealt with opportunities like 95 % market of internet market is untapped, SBIs path to become first virtual bank. By encasing such opportunities bank can become the leader in banking sector of India.

45 T.Y. B. COM. (BANKING & INSURANCE)

Study of Risk in Internet Banking

BIBLIOGRAPHY

http://internetbanking.tv/internet-banking-risks http://www.bis.org/publ/bcbs82.htm http://ithandbook.ffiec.gov/it-booklets/e-banking/risk-management-of-ebanking-activities/boardand-management- oversight. aspx. http://www.vanderbilt.edu/procurement/pcard/forms/Transaction%20Appro val%20Guide.pdf.Boni, K. and C. Tsekeris, 2007. Electronic Banking.

Reference Books:
Financial management
Khans and Jain

Websites:
www.statebankofindia.com www.onlinesbi.com www.wikipedia.com www.google.com

46 T.Y. B. COM. (BANKING & INSURANCE)