ELECTRONIC BANKING

University of Mumbai
A Project Report on

“Electronic Banking”

Submitted by – Smita Jadhav.

Project Guide - Prof. Satindar Gujaral.

SEMESTER - V

Bachelor of Commerce
Banking & Insurance

Academic year 2010-11

Submission Date –
N. G. Acharya & D. K. Marathe Collage,
Chembur.

2
 CERTIFICATE

This is to certify that of

T.Y.B.COM (BANKING AND INSURANCE) SEM V has
successfully completed the project of Electronic Banking
in BANKS.

PROJECT GUIDE. CO-ORDINATOR.

PRINCIPLE. EXTERNAL EXAMINER.

3
 DECLARATION

I the student of B.COM

(BANKING AND INSURANCE) SEM V hereby declared
that I have completed the project on Electronic Banking.
The information submitted is true and original to the best
of my knowledge.

SIGNATURE OF STUDENT.

NAME :-

ROLL NO : -

4
 ACKNOWLEDGEMENT

I would like to thank the UNIVERSITY OF MUMBAI, for

introducing the BBI course, there by giving its students a platform
to keep a best with the changing business scenario, with the help
of theory as a base and practical as a solution.

This project would have been incomplete without the

endless support and guidance of my project guide Ms. Satindar
Gujaral and our coordinator

Last but not the least, I would like to thank my friends

who have been a great source of inspiration throughout the
making of this project, their support is deeply acknowledged.

5
 History of Electronic Banking

Electronic banking started in the early 1980s both in the United States
and the United Kingdom. It really took off with the arrival of the World
Wide Web, when traditional banks offered their clients account access
online, while some new banks started operating on the Web only. Today,
almost half of all Americans bank online.
Predecessors
1. Online or e-banking was preceded by home banking, which
allowed clients to access their accounts and perform basic transactions
over the phone. It was introduced in the mid-1970s in order to reduce
back-office check-processing costs. Robert Spicer, Vice President of
Chevy Chase, a federal savings bank, says that it failed to generate
enough consumer interest to become cost effective.
First Online Banking Services in the United States
2. According to "Banking and Finance on the Internet," edited by
Mary J. Cronin, online banking was first introduced in the early 1980s in
New York. Four major banks--Citibank, Chase Manhattan, Chemical
and Manufacturers Hanover--offered home banking services. Chemical
introduced its Pronto services for individuals and small businesses in
1983. It allowed individual and small-business clients to maintain
electronic checkbook registers, see account balances, and transfer funds
between checking and savings accounts. Pronto failed to attract enough
customers to break even and was abandoned in 1989. Other banks had a
similar experience.
Online Banking in the U.K.
3. Almost simultaneously with the United States, online banking
arrived in the United Kingdom. It was the Nottingham Building Society
that in 1983 introduced Britain's first electronic home banking service
through a joint venture with Prestel, a computerized information service
owned by British Telecom.
Banks and the World Wide Web

6
4. In the 1990s, banks realized that the rising popularity of the World
Wide Web gave them an added opportunity to advertise their services.
Initially, they used the Web as another brochure, without interaction
with the customer. Early sites featured pictures of the bank's officers or
buildings, and provided customers with maps of branches and ATM
locations, phone numbers to call for further information and simple
listings of products.
Interactive Banking on the Web
5. Wells Fargo was the first U.S. bank to add account services to its
website, in
1995. Other banks quickly followed suit. That same year Presidential
became the first bank in the United States to open bank accounts over
the Internet. According to research by Online Banking Report, by the
end of 1999, less than 0.4% of households in the U.S. were using online
banking. At the beginning of 2004, some 33 million U.S. households
(31% of the market) were using one form or another of online banking.
Five years later, 47% of Americans were banking online, according to a
survey by Gartner Group.

Evolution of E-banking

7
 The Definition of E-BANKING

E-banking lets you access your account from anywhere in the world.

E-banking, or electronic banking, refers to all types of banking

transactions performed electronically, without visiting a brick-and-
mortar bank. Terms such as PC banking, Internet banking or online
banking are sometimes used instead. For customers, this means
performing actions such as paying bills, checking balances on their
accounts, transferring funds and purchasing financial instruments
remotely, using a personal computer.

Two Types of E-Banking

1.
2.

3.

8
 All you need is a computer.
Most high-street banks today offer some e-banking services while still
retaining physical offices. Their clients usually open an account at a
physical branch and then use online banking for regular transactions.
However, there are also Internet-only banks, which do not have any
branches customers can go to. In some cases, such banks offer their
services across national borders.

History
4.

5.

It all started back in the '80s.

According to "Banking and Finance on the Internet," a book edited by
Mary J. Cronnin, online banking was first introduced in the early 1980s
when four New York banks--Citibank, Chase Manhattan, Chemical and
Manufacturers Hanover--offered home banking services. The systems
were quite difficult to use and did not prove to be very popular. In the
U.K., it was Nottingham Building Society that in 1983 offered the first
electronic home banking system.

How it Works

6.

You need a login and password.

9
 In order to use e-banking, customers need access to a personal computer
and Internet connection. When they register for e-banking, they are
asked to provide a login name and password. Additionally, each time
they want to access their account they might be required to answer a
security question, which minimizes the risk of someone else accessing
their account.
Advantages of E-Banking

7.

You can do your banking from home.

For customers, convenience is probably the main advantage, because it
allows them to access their accounts whenever they want, and perform
transactions from the comfort of their home. Almost equally important is
ubiquity, because e-banking is available from any internet-connected
computer anywhere in the world. For banks, e-banking means lower
operating costs, because they need fewer branches and staff. It also
means improved or sustained competitive position, since e-banking is
today seen as an integral part of service banks offer. Last but not least, it
means new revenue opportunities, because e-banking attracts new,
usually higher-income clients.

Disadvantages of E-Banking

10
8.

Security on the Internet remains a big worry.

For customers, it takes time to learn how to use e-banking facilities and,
more importantly, to trust their bank's website and stop worrying about
security issues. For banks, it means investing more in equipment and
highly trained staff to run the website and necessary software.
Popularity

9.

Internet banking is becoming more popular.

In June 2009, Cnet News published the results of a survey by Gartner
Group, according to which 47 percent of Americans now bank online. In
the U.K., it is 30 percent. In the same survey, Gartner found that in both
countries, e-banking is more popular among higher-income households

 Introduction to Electronic Banking

Electronic banking makes banking convenient on your schedule. Many

people are now able to avoid the rush to get to the bank before it closes,
as they can bank from a home computer or via automatic teller machine
(ATM). Although the two systems are different, ATMs and online
banking are the two types of electronic banking systems in use today.

11
Subscribe

Most banks routinely offer online banking services when customers sign
up for accounts. There are a variety of options based on the type of
banking account you have. For example, a checking account can be
linked to an ATM card, and most accounts can be viewed and managed
using online banking. A bank staff member must sign you up for
services at the bank in order to use electronic banking.

ATM

An ATM card works two different ways--as credit or debit. When it is

used as a credit card, many banks do not charge fees and the money does
not come out of the account immediately. A debit card requires that a
pin number be entered at the point of sale. The money automatically
comes out of the account and many merchants, and some banks, apply
fees to these transactions.

Withdrawals

ATM withdrawals may be conducted at any ATM machine that accepts

your debit card. You can withdraw money from your checking or
savings accounts. If it is not an ATM machine from your own bank, it
may charge you a fee. You can also deposit money through an ATM
machine with your debit card.

Online Banking

Online banking is a service that allows you to view your account and
transaction from anywhere with an Internet connection. From a

12
computer, you can use it to balance your checkbook, pay bills and
transfer money between accounts.

Bill Pay

When a customer uses online banking she can also sign up for electronic
bill paying. Once different accounts are linked to the bank account,
automatic payments can be set up to take out of the bank account
immediately on the designated day. Be sure to write down all expected
transactions to avoid fees for accidental overdraft.

Electronic Checks

Many companies also allow you to pay over the phone with an
"electronic check." This means you give them the routing, checking
account and check numbers on your check. The check goes through a
process similar to a debit transaction.

 DEFINITION OF E-BANKING 

For this booklet, e-banking is defined as the automated delivery of new

and traditional banking products and services directly to customers

13
through electronic, interactive communication channels. E-banking
includes the systems that enable financial institution customers,
individuals or businesses, to access accounts, transact business, or obtain
information on financial products and services through a public or
private network, including the Internet. Customers access e-banking
services using an intelligent electronic device, such as a personal
computer (PC), personal digital assistant (PDA), automated teller
machine (ATM), kiosk, or Touch Tone telephone. While the risks and
controls are similar for the various e-banking access channels, this
booklet focuses specifically on Internet-based services due to the
Internet’s widely accessible public network. Accordingly, this booklet
begins with a discussion of the two primary types of Internet websites:
informational and transactional.

14
Electronic banking has been around for some time in the form of
automatic teller machines and telephone transactions. More recently, it
has been transformed by the Internet, a new delivery channel for
banking services that benefits both customers and banks. Access is fast,
convenient, and available around the clock, whatever the customer's
location (see illustration above). Plus, banks can provide services more
efficiently and at substantially lower costs. For example, a typical
customer transaction costing about $1 in a traditional "brick and mortar"
bank branch or $0.60 through a phone call costs only about $0.02 online.

15
Electronic banking also makes it easier for customers to compare banks'
services and products, can increase competition among banks, and
allows banks to penetrate new markets and thus expand their
geographical reach. Some even see electronic banking as an opportunity
for countries with underdeveloped financial systems to leapfrog
developmental stages. Customers in such countries can access services
more easily from banks abroad and through wireless communication systems, which
are developing more rapidly than traditional "wired" communication networks.

The flip side of this technological boom is that electronic banking is not only
susceptible to, but may exacerbate, some of the same risks—particularly governance,
legal, operational, and reputational—inherent in traditional banking. In addition, it
poses new challenges. In response, many national regulators have already modified
their regulations to achieve their main objectives: ensuring the safety and soundness
of the domestic banking system, promoting market discipline, and protecting customer
rights and the public trust in the banking system. Policymakers are also becoming
increasingly aware of the greater potential impact of macroeconomic policy on capital
movements.

 Features of Electronic Banking

Online banking was introduced in the mid-90s and changed the way of
banking. From mobile banking to ATM's, banking works on a
customer's schedule. There are three main kinds of electronic banking:
automated, phone and online banking. Each is different, but ultimately
works the same way.

 Alerts

Mobile and online banking offer security alerts so you know what
activity is occurring on your account. Alerts are sent directly to your cell

16
phone or email when credit or debit transactions are completed on the
account. You can also receive daily alerts of your bank account balance.

 Location

Electronic banking allows you to conduct most types of banking

transactions without leaving home. Even if you are on vacation halfway
across the world you can conduct banking as long as you have
a computer and Internet access. ATM's allow you to deposit or withdraw
money without stepping foot in a bank. When you are on vacation or out
shopping, you can access your money at ATMs as well.

 Bills

You can pay most bills online by signing up your different billing
accounts so that they are paid from your bank account. This link is made
through online banking where you can then set up automatic payments
that debit the money directly from your account. Over the phone, you
can also use electronic checks or a debit card to arrange payments or pay
bill

 The Advantages of Electronic Banking

17
 The difference between electronic banking and online banking is
negligible. Banks have been using electronic banking longer than
their customers have, and online banking is just a form of
electronic banking. Banks and their customers both benefit from
electronic

 Ease of Use

Electronic banking allows you to conveniently conduct your banking

activities online. You can view you account balances and statuses from
your home computer. In addition, you don't have to deal with lines at the
bank or have conversations with bankers in front of other people.

 Direct Deposit
Before the advent of direct deposit, Americans handled their pay
differently. On payday you would receive a check (or possibly cash).
You then had to take the check to your bank and deposit it, but that
would require between two and ten days to clear the funds for your use.

Alternatively you could go to the bank the check was written from and
cash it, then drive back to your bank and deposit the funds in order to
make the funds immediately available. Direct deposit allows the banks
and employers to use fewer employee hours to get the job done, saving
them money. For customers and employees, direct deposit allows you to
have your funds instantly available to you as soon as the transfer is
initiated and completed.

 Portability

18
If you are an online banking customer, you have the option of accessing
your banking information from your home computer. Additionally you
can use any computer that is connected to the Internet, and, if your bank
has the ability, any smart device that can access the Internet can also
give you this functionality. You can, for instance, do your banking from
your local coffee shop (assuming they have a free Wi-Fi service).

 Bill Pay

Bill pay is a service that banks offer to help you pay your bills on time,
at the same time every month. You collect the bills that you want to be
included in the bill pay service and set up your bank account to pay a
certain amount each month to each biller. Online banking customers can
do this from home; otherwise visit your bank to set this up.

 Money Transfer

If you hold multiple accounts within the same bank and need to transfer
money between them, electronic banking makes it very simple. In fact,
online banking customers do not even need to leave their computer to do
it. Just pick the amount you would like to transfer, and to which account
it will be transferred, complete the transfer and the money is instantly
transferred.

 The Disadvantages of Electronic Banking

Nowadays, almost every banking transaction---that once had to be done

in person---can be done over the Internet. Despite the advantages of
online banking, such as saving trips to a local bank and avoiding long
lines, a considerable number of people still prefer the more traditional

19
form of banking in person. Often, the reasons stem from disadvantages
that are incurred when banking online.

 Internet Connection

Not everyone enjoys the luxury of having a stable and fast Internet
connection at home. Aside from having a personal computer or laptop,
having stable Internet access at home is a basic prerequisite to
performing electronic banking. Of course, people can always use a
public computer with Internet access; however, the security of public
computers is always a concern.

 Computer Know-How

Conducting a successful electronic banking transaction, like paying bills

online, requires basic computer skills and knowing your way around the
Internet. Being computer-literate is not common to everyone---
especially seniors who might not have grown up using computers---and
this is a major disadvantage to electronic banking.

 Delayed Statements

When performing online banking there is not a standard at which

payments made will show up on your online bank statements; they might
show up two to three days later, depending upon the bank. When
banking in person, you can generally get the exact status of your bank
account.

 Security Concerns
One of the biggest disadvantages of doing electronic banking is the
question of security. With the prevalence of keyloggers, phishing emails,
trojans and other online threats, it is natural for people to be concerned
with the security of their identity, funds and electronic banking

20
transactions. Using antivirus and similar programs is not full-proof.
People worry that their bank accounts can be hacked and accessed
without their knowledge or that the funds they transfer may not reach the
intended recipients. Although it is rare nowadays with enhanced security
measures, these threats still exist.

 Loss of Human Touch

Some people still value talking and interacting with bank tellers,
managers and other bank clients. Electronic banking takes the majority
of these "human interactions" away, leaving the banking experience as a
very hands-off, impersonal process

21
22
 More Benefits of Online Banking

E-Statement
No more paper! Monthly E-Statements
including images of the front of your checks are
delivered right in Online Banking. They look
just like paper statements, can be printed or
downloaded to your PC and are available online
for seven years.* You must have the capability
to open PDF files in order to view E-Statements.

Check Images 
You can view the front and back of your paid
checks online.  Just go to Current Transactions,
Previous Statement or Search Transactions and
click on the transaction description. View
sample.

Search Transactions
Search for a check image, a debit card payment
or other transaction that you made several years
ago. You can search by date, transaction type
and even a description. The earliest transaction
history available for Checking and
Saving Accounts is September 1, 2003. For
Credit Card, the earliest available transaction

23
history is May 1, 2004.

Electronic Transaction Summary

See a detailed description of your electronic
transactions right from Online Banking either in
your Current Transactions, Previous Statements
or 7 year Search History. Just click on the
transaction description. View sample.

E-mail Alerts
We can notify you when events occur that affect
your accounts, such as when a new E-Statement
arrives, when a balance falls below a specified
dollar amount, when a specific check clears, or
when a specific deposit amount is credited. Can
be sent to multiple email addresses. View
sample.

Mobile Email Alerts

Receive your email alerts when you are away

from your computer. Have your email alerts sent
to your cell phone and be notified of changes to
your account from where ever you have (cell
phone) coverage.

E-Statement Archive
Contains up to seven years of E-statements for
each account.* View past statements or use the
Search Transactions feature to search for

24
 individual transactions."

Offers & Information

These attachments accompany your E-
Statement, detailing special offers and important
information for our clients. You must have the
capability to open PDF files in order to view
these.

Order Statement or Check Copies

Conveniently order statements and check copies
right from Online Bankingand have them sent
via U.S. Mail or fax. (Note: a retrieval fee may
apply, please see Account Fee Schedule
applicable to your account.)

 INTERNET BANKING
PERSONAL BANKING

Secure Online Banking

1. Strict Dual Authentication

2. Unusual Activity Notification

Basic Banking Services

1. Balance Inquiries
2. Transfer funds between accounts
3. Messages concerning your online account
4. Download transactions to Quicken
5. Re-order Checks

25
Bill Pay

1. Make payments securely online

2. Schedule recurring bill payments
3. Loan Payments

Check Imaging

1. Access Check Images Online

2. Print Check Images
3. Download and Save Check Images

Electronic Statements

1. Access Statement Online Without Mail Delays

2. Print Statement
3. Download and Save Statement
4. 24 Months Statement History Available Online

Wealth Management

1. Transfer funds from an account at another bank

2. Transfer funds to an account at another bank

Wire Processing

1. Request funds be sent by wire

Secure Email

1. Send and Receive emails concerning your Internet

banking accounts securely online
2. Receive account activity notifications via secure em

26
  BUSINESS BANKING ONLINE

Same services available with Personal Banking Online with additional

services listed below.
ACH Processing

1. Direct Deposit Payroll Processing

2. Direct Debit Processing

MOBILE BANKING

1. Convenient On-The-Go Banking

2. View Online Accounts
3. Access Account Information
4. Transfer Funds Between Accounts

TELEPHONE BANKING

1. Balance Inquiries
2. Transfer Funds Between Accounts
3. Loan Payments
4. Merchant Verification

ATM BANKING

 Cash Withdrawals
 Balance Inquires
 Transfer Funds Between Accounts

27
  Checking

FREE CHECKING
 $50 required to open
 No monthly service charge
 No minimum balance requirements
 First 50 checks are free of charge

NOW ACCOUNTS
 $1000 required to open
 Competitive interest rate
 Service charge if low balance falls below $1000 or average balance
falls below $1500
 Interest accrues daily on current balance
 Does not accrue if average balances below $1000

BANCLUB CHECKING
 $100 required to open
 Monthly service fee
 Free club checks
 No issue fees on Money Orders & Official Checks (1 daily)
 No issue fee on Travelers Checks
 Free notary service

28
  Discount on safe deposit box (1st year) and more!

INVESTORS CHECKING
 $10,000 required to open
 Service charge if balance falls below $10,000
 Interest paid on tiered balances

INSURED MONEY MARKET

 $1000 required to open
 Competitive interest rates tiered at $15,000
 Service charge if balance falls below $1000

 Trends in electronic banking

Internet banking is gaining ground. Banks increasingly operate websites
through which customers are able not only to inquire about account
balances and interest and exchange rates but also to conduct a range of
transactions. Unfortunately, data on Internet banking are scarce, and
differences in definitions make cross-country comparisons difficult.
Even so, one finds that Internet banking is particularly widespread in
Austria, Korea, the Scandinavian countries, Singapore, Spain, and
Switzerland, where more than 75 percent of all banks offer such services
(see chart). The Scandinavian countries have the largest number of
Internet users, with up to one-third of bank customers in Finland and
Sweden taking advantage of e-banking.

29
In the United States, Internet banking is still concentrated in the largest
banks. In mid-2001, 44 percent of national banks maintained
transactional websites, almost double the number in the third quarter of
1999. These banks account for over 90 percent of national banking
system assets. The larger banks tend to offer a wider array of electronic
banking services, including loan applications and brokerage services.
While most U.S. consumers have accounts with banks that offer Internet
services, only about 6 percent of them use these services.

To date, most banks have combined the new electronic delivery channels
with traditional brick and mortar branches ("brick and click" banks), but
a small number have emerged that offer their products and services
predominantly, or only, through electronic distribution channels. These
"virtual" or Internet-only banks do not have a branch network but might
have a physical presence, for example, an administrative office or
nonbranch facilities like kiosks or automatic teller machines. The United
States has about 30 virtual banks; Asia has 2, launched in 2000 and

30
2001; and the European Union has several—either as separately licensed
entities or as subsidiaries or branches of brick and mortar banks.

 ELECTRONIC AUTHENTICATION 

Verifying the identities of customers and authorizing e-banking

activities are integral parts of e-banking financial services. Since
traditional paper-based and in-person identity authentication methods
reduce the speed and efficiency of electronic transactions, financial
institutions have adopted alternative authentication methods, including:

Passwords and personal identification numbers (PINs),

Digital certificates using a public key infrastructure (PKI),
Microchip-based devices such as smart cards or other types of tokens,
Database comparisons (e.g., fraud-screening applications), and
Biometric identifiers.

The authentication methods listed above vary in the level of security and
reliability they provide and in the cost and complexity of their
underlying infrastructures. As such, the choice of which technique(s) to
use should be commensurate with the risks in the products and services
for which they control access. Additional information on customer
authentication techniques can be found in this booklet under the heading
“Authenticating E-Banking Customers.”

The Electronic Signatures in Global and National Commerce (E-Sign)

Act establishes some uniform federal rules concerning the legal status of
electronic signatures and records in commercial and consumer
transactions so as to provide more legal certainty and promote the

31
growth of electronic commerce.The development of secure digital
signatures continues to evolve with some financial institutions either
acting as the certification authority for digital signatures or providing
repository services for digital certificates. 

 WEBSITE HOSTING

Some financial institutions host websites for both themselves as well as

for other businesses. Financial institutions that host a business
customer’s website usually store, or arrange for the storage of, the
electronic files that make up the website. These files are stored on one or
more servers that may be located on the hosting financial institution’s
premises. Website hosting services require strong skills in networking,
security, and programming. The technology and software change
rapidly. Institutions developing websites should monitor the need to
adopt new interoperability standards and protocols such as Extensible
Mark-Up Language (XML) to facilitate data exchange among the
diverse population of Internet users.

Risk issues examiners should consider when reviewing website hosting

services include damage to reputation, loss of customers, or potential
liability resulting from:

Downtime (i.e., times when website is not available) or inability to

meet service levels specified in the contract,
Inaccurate website content (e.g., products, pricing) resulting from
actions of the institution’s staff or unauthorized changes by third
parties (e.g., hackers),
Unauthorized disclosure of confidential information stemming from
security breaches, and
Damage to computer systems of website visitors due to malicious
code (e.g., virus, worm, active content) spread through institution-
hosted sites.

32
  PAYMENTS FOR E-COMMERCE

Many businesses accept various forms of electronic payments for their

products and services. Financial institutions play an important role in
electronic payment systems by creating and distributing a variety of
electronic payment instruments, accepting a similar variety of
instruments, processing those payments, and participating in clearing
and settlement systems. However, increasingly, financial institutions are
competing with third parties to provide support services for e-commerce
payment systems. Among the electronic payments mechanisms that
financial institutions provide for e-commerce are automated clearing
house (ACH) debits and credits through the Internet, electronic bill
payment and presentment, electronic checks, e-mail money, and
electronic credit card payments. Additional information on payments
systems can be found in other sections of the IT Handbook.

Most financial institutions permit intrabank transfers between a

customer’s accounts as part of their basic transactional e-banking
services. However, third-party transfers – with their heightened risk for
fraud – often require additional security safeguards in the form of
additional authentication and payment confirmation. 

 Bill Payment and Presentment

Bill payment services permit customers to electronically instruct their

financial institution to transfer funds to a business’s account at some
future specified date. Customers can make payments on a one-time or
recurring basis, with fees typically assessed as a “per item” or monthly
charge. In response to the customer’s electronic payment instructions,
the financial institution (or its bill payment provider) generates an

33
electronic transaction – usually an automated clearinghouse (ACH)
credit – or mails a paper check to the business on the customer’s behalf.
To allow for the possibility of a paper-based transfer, financial
institutions typically advise customers to make payments effective 3–7
days before the bill’s due date.

Internet-based cash management is the commercial version of retail bill

payment. Business customers use the system to initiate third-party
payments or to transfer money between company accounts. Cash
management services also include minimum balance maintenance,
recurring transfers between accounts and on-line account reconciliation.
Businesses typically require stronger controls, including the ability to
administer security and transaction controls among several users within
the business.

This booklet discusses the front-end controls related to the initiation,

storage, and transmission of bill payment transactions prior to their entry
into the industry’s retail payment systems (e.g., ACH, check processing,
etc.). The IT Handbook’s “Retail Payments Systems Booklet” provides
additional information regarding the various electronic transactions that
comprise the back end for bill payment processing. The extent of front-
end operating controls directly under the financial institution’s control
varies with the system configuration. Some examples of typical
configurations are listed below in order of increasing complexity, along
with potential control considerations.

 Financial institutions that do not provide bill payment services,

but may direct customers to select from several unaffiliated bill
payment providers.
 
Caution customers regarding security and privacy issues through the
use of on-line disclosures or, more conservatively, e-banking
agreements.

 Financial institutions that rely on a third-party bill payment

34
 provider including Internet banking providers that subcontract to
third parties.
  Set dollar and volume thresholds and review bill payment
transactions for suspicious activity.
  Gain independent audit assurance over the bill payment provider’s
processing controls.
  Restrict employees’ administrative access to ensure that the internal
controls limiting their capabilities to originate, modify, or delete bill
payment transactions are at least as strong as those applicable to the
underlying retail payment system ultimately transmitting the
transaction.
  Restrict by vendor contract and identify the use of any
subcontractors associated with the bill payment application to
ensure adequate oversight of underlying bill payment system
performance and availability.
  Evaluate the adequacy of authentication methods given the higher
risk associated with funds transfer capabilities rather than with basic
account access.
  Consider the additional guidance contained in the IT Handbook’s
“Information Security,” “Retail Payment Systems,” and
“Outsourcing Technology Services” booklets.

 Financial institutions that use third-party software to host a bill

payment application internally.
  Determine the extent of any independent assessments or
certification of the security of application source code.
  Ensure software is adequately tested prior to installation on the live
system.
  Ensure vendor access for software maintenance is controlled and
monitored.

 Financial institutions that develop, maintain, and host their own

bill payment system.

35
  Consider additional guidance in the IT Handbook’s “Development
and Acquisition Booklet.”

Financial institutions can offer bill payment as a stand-alone service or

in combination with bill presentment. Bill presentment arrangements
permit a business to submit a customer’s bill in electronic form to the
customer’s financial institution. Customers can view their bills by
clicking on links on their account’s e-banking screen or menu. After
viewing a bill, the customer can initiate bill payment instructions or elect
to pay the bill through a different payment channel.

In addition, some businesses have begun offering electronic bill

presentment directly from their own websites rather than through links
on the e-banking screens of a financial institution. Under such
arrangements, customers can log on to the business’s website to view
their periodic bills. Then, if so desired, they can electronically authorize
the business to “take” the payment from their account. The payment then
occurs as an ACH debit originated by the business’s financial institution
as compared to the ACH credit originated by the customer’s financial
institution in the bill payment scenario described above. Institutions
should ensure proper approval of businesses allowed to use ACH
payment technology to initiate payments from customer accounts.

Cash management applications would include the same control

considerations described above, but the institution should consider
additional controls because of the higher risk associated with
commercial transactions. The adequacy of authentication methods
becomes a higher priority and requires greater assurance due to the
larger average dollar size of transactions. Institutions should also
establish additional controls to ensure binding agreements – consistent
with any existing ACH or wire transfer agreements – exist with
commercial customers. Additionally, cash management systems should
provide adequate security administration capabilities to enable the
business owners to restrict access rights and dollar limits associated with
multiple-user access to their accounts.

36
Person-to-Person Payments
Electronic person-to-person payments, also known as e-mail money,
permit consumers to send “money” to any person or business with an e-
mail address. Under this scenario, a consumer electronically instructs the
person-to-person payment service to transfer funds to another individual.
The payment service then sends an e-mail notifying the individual that
the funds are available and informs him or her of the methods available
to access the funds including requesting a check, transferring the funds
to an account at an insured financial institution, or retransmitting the
funds to someone else. Person-to-person payments are typically funded
by credit card charges or by an ACH transfer from the consumer’s
account at a financial institution. Since neither the payee nor the payer in
the transaction has to have an account with the payment service, such
services may be offered by an insured financial institution, but are
frequently offered by other businesses as well.

Some of the risk issues examiners should consider when reviewing bill
payment, presentment, and e-mail money services include:

Potential liability for late payments due to service disruptions,

Liability for bill payment instructions originating from someone other
than the deposit account holder,
Losses from person-to-person payments funded by transfers from
credit cards or deposit accounts over which the payee does not have
signature authority,
Losses from employee misappropriation of funds held pending access
instructions from the payer, and
Potential liability directing payment availability information to the
wrong e-mail or for releasing funds in response to e-mail from
someone other than the intended payee.

37
  WIRELESS E-BANKING

Wireless banking is a delivery channel that can extend the reach and
enhance the convenience of Internet banking products and services.
Wireless banking occurs when customers access a financial institution's
network(s) using cellular phones, pagers, and personal digital assistants
(or similar devices) through telecommunication companies’ wireless
networks. Wireless banking services in the United States typically
supplement a financial institution's e-banking products and services.

Wireless devices have limitations that increase the security risks of

wireless-based transactions and that may adversely affect customer
acceptance rates. Device limitations include reduced processing speeds,
limited battery life, smaller screen sizes, different data entry formats,
and limited capabilities to transfer stored records. These limitations
combine to make the most recognized Internet language, Hypertext
Markup Language (HTML), ineffective for delivering content to
wireless devices. Wireless Markup Language (WML) has emerged as
one of a few common language standards for developing wireless device
content. Wireless Application Protocol (WAP) has emerged as a data
transmission standard to deliver WML content.

Manufacturers of wireless devices are working to improve device

usability and to take advantage of enhanced “third-generation” (3G)
services. Device improvements are anticipated to include bigger screens,
color displays, voice recognition applications, location identification
technology (e.g., Federal Communications Commission (FCC)
Enhanced 911), and increased battery capacity. These improvements are
geared towards increasing customer acceptance and usage. Increased
communication speeds and improvements in devices during the next few
years should lead to continued increases in wireless subscriptions.

38
As institutions begin to offer wireless banking services to customers,
they should consider the risks and necessary risk management controls
to address security, authentication, and compliance issues. Some of the
unique risk factors associated with wireless banking that may increase a
financial institution's strategic, transaction, reputation, and compliance
risks are discussed in appendix

 E-BANKING STRATEGY

Financial institution management should choose the level of e-banking

services provided to various customer segments based on customer
needs and the institution’s risk assessment considerations. Institutions
should reach this decision through a board-approved, e-banking strategy
that considers factors such as customer demand, competition, expertise,
implementation expense, maintenance costs, and capital support. Some
institutions may choose not to provide e-banking services or to limit e-
banking services to an informational website. Financial institutions
should periodically re-evaluate this decision to ensure it remains
appropriate for the institution’s overall business strategy. Institutions
may define success in many ways including growth in market share,
expanding customer relationships, expense reduction, or new revenue
generation. If the financial institution determines that a transactional
website is appropriate, the next decision is the range of products and
services to make available electronically to its customers. To deliver
those products and services, the financial institution may have more than
one website or multiple pages within a website for various business
lines. 

39
  Impact of e-banking on traditional services

Before talking about the issues of risks and responses to E banking, I

would like to spend a little time considering the wider question of what
the e-banking revolution might mean for the future. I take "E" to mean
anything electronic whether it be Internet, television, telephone or all
three.
One of the issues currently being addressed is the impact of e-banking
on traditional banking players. After all, if there are risks inherent in
going into e-banking there are other risks in not doing so. It is too early
to have a firm view on this yet. Even to practitioners the future of e-
banking and its implications are unclear. It might be convenient
nevertheless to outline briefly two views that are prevalent in the market.
The view that the Internet is a revolution that will sweep away the old
order holds much sway. Arguments in favour are as follows:
E-banking transactions are much cheaper than branch or even phone
transactions. This could turn yesterday’s competitive advantage - a large
branch network - into a comparative disadvantage, allowing e-banks to
undercut bricks-and-mortar banks. This is commonly known as the
"beached dinosaur" theory.
E-banks are easy to set up so lots of new entrants will arrive. ‘Old-
world’ systems, cultures and structures will not encumber these new
entrants. Instead, they will be adaptable and responsive. E-banking gives
consumers much more choice. Consumers will be less inclined to remain
loyal.
E-banking will lead to an erosion of the ‘endowment effect’ currently
enjoyed by the major UK banks. Deposits will go elsewhere with the
consequence that these banks will have to fight to regain and retain their
customer base. This will increase their cost of funds, possibly making
their business less viable. Lost revenue may even result in these banks
taking more risks to breach the gap.

40
Portal providers, are likely to attract the most significant share of
banking profits. Indeed banks could become glorified marriage brokers.
They would simply bring two parties together – eg buyer and seller,
payer and payee.
The products will be provided by monolines, experts in their field.
Traditional banks may simply be left with payment and settlement
business – even this could be cast into doubt.
Traditional banks will find it difficult to evolve. Not only will they be
unable to make acquisitions for cash as opposed to being able to offer
shares, they will be unable to obtain additional capital from the stock
market. This is in contrast to the situation for Internet firms for whom it
seems relatively easy to attract investment.
There is of course another view which sees e-banking more as an
evolution than a revolution.
E-banking is just banking offered via a new delivery channel. It simply
gives consumers another service (just as ATMs did).
Like ATMs, e-banking will impact on the nature of branches but will not
remove their value.
Experience in Scandinavia (arguably the most advanced e-banking area
in the world) appears to confirm that the future is ‘clicks and mortar’
banking. Customers want full service banking via a number of delivery
channels. The future is therefore ‘Martini Banking’ (any time, any place,
anywhere, anyhow).
Traditional banks are starting to fight back.
The start-up costs of an e-bank are high. Establishing a trusted brand is
very costly as it requires significant advertising expenditure in addition
to the purchase of expensive technology (as security and privacy are key
to gaining customer approval).
E-banks have already found that retail banking only becomes profitable
once a large critical mass is achieved. Consequently many e-banks are
limiting themselves to providing a tailored service to the better off.

41
 Nobody really knows which of these versions will triumph. This is
something that the market will determine. However, supervisors will
need to pay close attention to the impact of e-banks on the traditional
banks, for example by surveillance of:
 strategy
 customer levels
 earnings and costs
 advertising spending
 margins
 funding costs
 merger opportunities and threats, both in the UK and abroad.

 FSA Regulation of "E-banks"

The FSA intends to be E-neutral. Our current legislation, The Banking

Act and the Building Societies Act, provide us with the powers we need
and our current range of supervisory tools are perfectly adequate
although we may need to deploy some with different degrees of
intensity.

Our new legislation, The Financial Services and Markets Bill, offers a
significant addition in the form of the objective which requires us to
promote public understanding of the financial system. This, along with
our consumer protection objective, provides the basis for our consumer
education work which will be a key tool in dealing with many of the
consumer risks I mentioned earlier.

So – we have no special regime for e-banks and we see no reason why

we should not be able to MONITORING AND ACCOUNTABILITY

42
Once an institution implements its e-banking strategy, the board
and management should periodically evaluate the strategy’s
effectiveness. A key aspect of such an evaluation is the
comparison of actual e-banking acceptance and performance to
the institution’s goals and expectations. Some items that the
institution might use to monitor the success and cost
effectiveness of its e-banking strategy include:

Revenue generated,
Website availability percentages,
Customer service volumes,
Number of customers actively using e-banking services,
Percentage of accounts signed up for e-banking services, and
The number and cost per item of bill payments generated.

Without clearly defined and measurable goals, management will

be unable to determine if e-banking services are meeting the
customers’ needs as well as the institution’s growth and
profitability expectations.

In evaluating the effectiveness of the institution’s e-banking

strategy, the board should also consider whether appropriate
policies and procedures are in effect and whether risks are
properly controlled. Unless the initial strategy establishes clear
accountability for the development of policies and controls, the
board will be unable to determine where and why breakdowns in
the risk control process occurred.

AUDIT 

An important component of monitoring is an appropriate

independent audit function. Financial institutions offering e-

43
banking products and services should expand their audit
coverage commensurate with the increased complexity and risks
inherent in e-banking activities. Financial institutions offering e-
banking services should ensure the audit program expands to
include:

Scope and coverage, including the entire e-banking process as

applicable (i.e., network configuration and security, interfaces to
legacy systems, regulatory compliance, internal controls, and
support activities performed by third-party providers);
Personnel with sufficient technical expertise to evaluate
security threats and controls in an open network (i.e., the
Internet); and
Independent individuals or companies conducting the audits
without conflicting e-banking or network security roles.
any new e-banks provided they meet our minimum prudential standards.
After all we have authorised insurance banks and supermarket banks,
which are heavily outsourced and often telephone based.
We like to see innovation in banking services because, quite simply, we
think that this is good for retail consumers, industry and the economy as
a whole.

 E-Banking Configuration

44
45
  Risk Management of E-Banking Activities

"Risk Management in Electronic Banking is a comprehensive study of

the concepts and best practices in electronic banking. It fills a badly
needed global requirement for not only bankers but all users of
electronic banking. The book gives an excellent review of the wide
scope of electronic banking on traditional banking and business
methods. It then delves into the risks inherent in e-banking including
strategic, operational, compliance, reputational and others... Jayaram
Kondabagil, has produced an excellent work which will be the key
reference for anyone involved in electronic banking."
-- Mark Mobius, Managing Director, Templeton Asset Management Ltd

"Risk Management in Electronic Banking is written in a simple and easy

to understand style and it provides a broad overview of electronic
banking. It also highlights the importance of risk management and
addresses a gap in extant literature on the subject. Aimed at a global
audience, the consolidated checklist at the end of the book is useful and
a notable feature is that it also includes outsourcing risks, which though
of recent origin has already made a big impact in financial services
sector. This topical book will be a useful read for senior management
executives."

Professor R.Vaidyanathan, Finance & Control, UTI Chair Professor &

Chairperso, Centre for Capital Market and Risk Management, Indian
Institute of Management

As noted in the prior section, e-banking has unique characteristics that

may increase an institution’s overall risk profile and the level of risks

46
associated with traditional financial services, particularly strategic,
operational, legal, and reputation risks. These unique e-banking
characteristics include:

Speed of technological change,

Changing customer expectations,
Increased visibility of publicly accessible networks (e.g., the Internet),
Less face-to-face interaction with financial institution customers,
Need to integrate e-banking with the institution’s legacy computer
systems,
Dependence on third parties for necessary technical expertise, and
Proliferation of threats and vulnerabilities in publicly accessible
networks.

Management should review each of the processes discussed in this

section to adapt and expand the institution’s risk management practices
as necessary to address the risks posed by e-banking activities. While
these processes mirror those discussed in other booklets of the IT
Handbook, they are discussed below from an e-banking perspective. For
more detailed information on each of these processes, the reader should
review the corresponding booklet of the IT Handbook. 

 Risks and Reponses

So, back to the future – nobody knows what it will look like.
My job is to think about the risks banks, and building societies, whether
new or old, are running. And about how they should respond to these
risks.

47
 Allow me to consider them under the following headings:
 strategy
 business
 security
 reputation
 operations.

You will notice that none of these are in themselves new and anyone who is
familiar with the risk based approach to banking supervision (RATE) will know
that they are already routinely covered by supervisors, albeit that we may need to
give different weight and emphasis to these factors for E-banking.

 Strategic Risk

On strategic risk E-banking is relatively new and, as a result, there can

be a lack of understanding among senior management about its potential
and implications. People with technological, but not banking, skills can
end up driving the initiatives. E-initiatives can spring up in an incoherent
and piecemeal manner in firms. They can be expensive and can fail to
recoup their cost. Furthermore, they are often positioned as loss leaders
(to capture market share), but may not attract the types of customers that
banks want or expect and may have unexpected implications on existing
business lines.

Banks should respond to these risks by having a clear strategy driven

from the top and should ensure that this strategy takes account of the
effects of e-banking, wherever relevant. Such a strategy should be
clearly disseminated across the business, and supported by a clear
business plan with an effective means of monitoring performance
against it.

48
  Business risks

Business risks are also significant. Given the newness of e-banking,

nobody knows much about whether e-banking customers will have
different characteristics from the traditional banking customers. They
may well have different characteristics – eg I want it all and I want it
now.
This could render existing score card models inappropriate, thus
resulting in either higher rejection rates or inappropriate pricing to cover
the risk. Banks may not be able to assess credit quality at a distance as
effectively as they do in face to face circumstances. It could be more
difficult to assess the nature and quality of collateral offered at a
distance, especially if it is located in an area the bank is unfamiliar with
(particularly if this is overseas). Furthermore as it is difficult to predict
customer volumes and the stickiness of e-deposits (things which could
lead either to rapid flows in or out of the bank) it could be very difficult
to manage liquidity.
Of course, these are old risks with which banks and supervisors have
considerable experience but they need to be watchful of old risks in new
guises. In particular risk models and even processes designed for
traditional banking may not be appropriate.

 Operations risk

Banks face three main types of operations risk:

 volume forecasts
 management information systems and
 outsourcing.

49
 Accurate volume forecasts have proved difficult - One of the key
challenges encountered by banks in the Internet environment is how to
predict and manage the volume of customers that they will obtain. Many
banks going on-line have significantly misjudged volumes. When a bank
has inadequate systems to cope with demand it may suffer reputational
and financial damage, and even compromises in security if extra systems
that are inadequately configured or tested are brought on-line to deal
with the capacity problems.
As a way of addressing this risk, banks should:
 undertake market research,
 adopt systems with adequate capacity and scalability,
 undertake proportionate advertising campaigns, and
 ensure that they have adequate staff coverage and develop a
suitable business continuity plan.
In brief, this is a new area, nobody knows all the answers, and banks
need to exercise particular caution.
The second type of operations risk concerns management information
systems. Again this is not unique to E-banking. I have seen many banks
venture into new areas without having addressed management
information issues. Banks may have difficulties in obtaining adequate
management information to monitor their e-service, as it can be difficult
to establish/configure new systems to ensure that sufficient, meaningful
and clear information is generated. Such information is particularly
important in a new field like e-banking. Banks are being encouraged by
the FSA to ensure that management have all the information that they
require in a format that they understand and that does not cloud the key
information with superfluous details.

Finally, a significant number of banks offering e-banking services

outsource related business functions, e.g. security, either for reasons of
cost reduction or, as is often the case in this field, because they do not
have the relevant expertise in-house. Outsourcing a significant function

50
can create material risks by potentially reducing a bank’s control over
that function. Outsourcing is of course neither new nor unmanageable
but banks should be mindful of the FSA’s guidance on outsourcing,
which addresses these risks.

 Security

Security issues are a major source of concern for everyone both inside
and outside the banking industry. E-banking increases security risks,
potentially exposing hitherto isolated systems to open and risky
environments. Both the FSA and banks need to be proactive in
monitoring and managing the security threat.

Security breaches essentially fall into three categories; breaches with

serious criminal intent (e.g. fraud, theft of commercially sensitive or
financial information), breaches by ‘casual hackers’ (e.g. defacement of
web sites or ‘denial of service’ - causing web sites to crash), and flaws in
systems design and/or set up leading to security breaches (e.g. genuine
users seeing / being able to transact on other users’ accounts). All of
these threats have potentially serious financial, legal and reputational
implications.

Many banks are finding that their systems are being probed for
weaknesses hundreds of times a day but damage/losses arising from
security breaches have so far tended to be minor. However some banks
could develop more sensitive "burglar alarms", so that they are better
aware of the nature and frequency of unsuccessful attempts to break into
their system.

The most sensitive computer systems, such as those used for high value
payments or those storing highly confidential information, tend to be the

51
most comprehensively secured. One could therefore imply that the
greater the potential loss to a bank the less likely it is to occur, and in
general this is the case. However, while banks tend to have reasonable
perimeter security, there is sometimes insufficient segregation between
internal systems and poor internal security. It may be that someone
could breach the lighter security around a low value system, e.g. a
bank’s retail web site, and gain entry to a high value system via the
bank’s internal network. We are encouraging banks to look at the
firewalls between their different systems to ensure adequate damage
limitation should an external breach occur. As ever though, the greatest
threat so far has been from the enemy within – ie your own employees,
contractors and so on.

It is easy to overemphasise the security risks in e-banking. It must be

remembered that the Internet could remove some errors introduced by
manual processing (by increasing the degree of straight through
processing from the customer through banks’ systems). This reduces
risks to the integrity of transaction data (although the risk of customers
incorrectly inputting data remains). As e-banking advances, focusing
general attention on security risks, there could be large security gains.
So what should banks be doing? Our view is that to deal with these
emerging threats effectively, financial institutions need as a minimum to
have:
a strategic approach to information security, building best practice
security controls into systems and networks as they are developed
a proactive approach to information security, involving active testing of
system security controls (e.g. penetration testing), rapid response to new
threats and vulnerabilities and regular review of market place
developments
sufficient staff with information security expertise
active use of system based security management and monitoring tools

52
strong business information security controls
These are the issues line supervisors will be raising with their banks as
part of their on-going supervision; or, for new applicants, will need to be
given adequate assurances about.

 Reputational risks

Finally, with regard to risks, I would mention reputational risk. This is

considerably heightened for banks using the Internet. For example the
Internet allows for the rapid dissemination of information which means
that any incident, either good or bad, is common knowledge within a
short space of time. Internet rumours can easily become self-fulfilling
prophecies. The speed of the Internet considerably cuts the optimal
response times for both banks and regulators to any incident. Banks
must ensure their crisis management, particularly PR, processes are able
to cope with Internet related incidents (whether they be real or hoaxes).

Any problems encountered by one firm in this new environment may

affect the business of another, as it may affect confidence in the Internet
as a whole. There is therefore a risk that one rogue e-bank could cause
significant problems for all banks providing services via the Internet.
This is a new type of systemic risk and is causing concern to e-banking
providers. Overall, the Internet puts an emphasis on reputational risks.
Never before has the bank’s shop window (ie its site) been so important.
One last reputational risk will be familiar to us all. That is whether the
products being sold over the net are being marketed in such a way that
the bank will be protected against future charges of mis-selling. As in
the physical, so in the virtual world. Banks need to be sure that
customers’ rights and information needs are adequately safeguarded and
provided for.

53
54