A STUDY ON THE IMPACT OF INFORMATION TECHNOLOGY ON BANKING INDUSTRY IN NEPAL

By: Dinesh Maharjan Roll No: 550929385 LC code: 02536

Submitted To: Infomax College of IT and Management Sikkim Manipal University

for the requirements of partial fulfillment of the degree of Master of Business Administration (MBA)

TABLE OF CONTENTS ACKNOWLEDGEMENTS LIST OF FIGURES LIST OF TABLES EXECUTIVE SUMMARY INTRODUCTION BANKING HISTORY CURRENT 'IT' APPLICATION IN THE BANKING INDUSTRY BANKER'S CLEARING PAYMENT SYSTEM DATA AND SYSTEMS SECURITY IN THE BANKING INDUSTRY INFORMATION TECHNOLOGY AND FRAUD CRITICAL REVIEW OF THE USE OF 'IT' BY BANKS THE IMPACT OF 'IT' COSTS TO THE BANKING INDUSTRY MERGERS AND 'IT' PROBLEMS THE IMPACT OF 'IT' ON COMPETITION IN THE BANKING INDUSTRY RECOMMENDATIONS FOR THE FUTURE APPLICATION OF 'IT' IN BANKING INDUSTRY CONCLUSION BIBLIOGRAPHY

EXECUTIVE SUMMARY This project examines the general impact of Information Technology (IT) on the banking industry. The banking industry has introduced various new customer services and products application of IT. The banking industry has gone through many changes as a result of the introduction of IT. In fact, the structure of the industry is continuously changing because of rapid development of IT. The continued success of IT applications means that the limitations of current IT computer system in banks have to be re-developed to meet future requirements. The aim of this project is to evaluate how the banking industry has applied IT; the effects of IT on competition; current IT applications and systems problems; the security of IT systems; IT risk and IT fraud and the future application of IT in banking industry. The focus of the report has mainly been in Nepal. In the research, the banking industry has demonstrated a fair amount of competence in the application of IT. Some banks were at the cutting edge of IT and have a clear vision of how IT could be furthered applied successfully. Banks have spent millions of Rupees on It every year in a bid to fully automate its operations and services to customers. The industry recognizes that IT was a major key to its development. The research brought to light the fact that IT has increased competition within the industry. The realization that the market size is not really increasing has made banks more competitive. Also, the expectation of their customers is very high and in response banks using IT to satisfy the demand for quality services and products. However, there is an increasing outside threat to the banking industry from the non-banking sector. Deregulation of the banking industry has introduced more competition but the low cost of computer technology has made it easier to enter the industry. Non-banks can pick off the shelf IT solutions for the services they want to provide. The research reveals that traditional banks find it difficult to integrate new computer technology with their old systems. As a result, their IT costs is higher than expected and IT integration takes to much time. The need for more investment in IT has increasingly forced some banks to sell-out of certain banking operations. The cost of IT investment required to remain competitive and the uncertainty future profits has forced withdrawal. Security of information systems was found to be very vulnerable in general. The amount of resources that is required for security is lower than required. The fact that 'Hackers' can still get into banking IT systems easily without inside help demonstrate the magnitude of the problem. IT Fraud is also a major problem of the banking industry especially where plastic cards are concerned. The increased IT knowledge of the general public and proliferation of cheap computer technology mean that weaknesses in card payment systems is exploited fraudulently. Millions of rupees is lost to plastic card fraud every year. This is simply because the cards are not secure enough. In recommendation the banking industry need to better apply IT to improve its operations, customer services and products. Banks should devote more resources to development of secure IT systems, services and products. Also, the future impact outsourcing IT requirements should be thoroughly evaluated, the long term effect may be very expensive,

RESEARCH OBJECTIVE AND METHODS RESEARCH OBJECTIVE The project is a research dissertation. It examined the general impact of Information Technology on the Banking industry. The following areas will be evaluated. The current IT applications The impact of IT costs IT considerations in mergers Future application of IT

RESEARCH METHODS Reviewed of literature and existing research Interviewed bank IT personnel to provide an insight into the impact of IT in banking industry. Reviewed current IT trends in the banking industry

1.INTRODUCTION Historically, banks stored information on paper, this paper information was processed manually. By 1961, most banks had taken a significant step to introduce computers into their operations. These early computer systems were programmed in machine code and required information to be manually inputted via punched cards. Nor could they be automatically updated via remote centers. These systems were limited by the method of inputting information and the computer system's process power. Today's computer systems are mostly ON-LINE, that is, information is automatically updated. Today, Information Technology (IT) plays a very important role in banking. The range of customer services provided by banks has increased as result of improving Information technology. Banks now use IT to transmit information, receive instructions and transact business. The quality, range and price of electronic services are an important part of any bank's competitiveness in the global market place of today's business environment. The impact of IT on the banking industry is immense, banks rely on IT for most of its operations and transactions. The way banks operate has been changed rapidly since the introduction of computer technology. The banking industry is totally dependent on the use of IT for its delivery of a cost effective service and therefore, IT has become an integral part of every bank's business operations. The breakdown of the computer system, even for short period, is likely to prove enormously costly to any bank. Information Technology has improved the speed and efficiency of banking operations particularly routine banking transactions and as a result has shaped the nature of the services provided to customers. The flexibility provided by IT has help banks develop new products and improve the quality of current services offered to customers. Example of these transactions include deposits, withdrawal, transfer of funds between banks or countries and payment of bills. A simple transactional chain could involve the Customer Account, Recipient Clearing House, Paying bank and Payee Bank. This transactional chain is linked together by computer technology which provides the medium for the speedy transfer of information. The tangible and intangible benefits IT provides to banks cannot be over emphasized. However, the investment in IT is continuous and banks are concerned that customers may have bear the full or at least a sizeable proportion of IT cost. The rapid pace at which Information Technology is developing mean that employees need to be constantly retrained properly to meet this change; banks have to keep up with this pace to stay competitive in the banking industry. However, it should be noted that IT has not been all good to the banking industry, IT has brought down the barriers to entry - increasing competition. In as much as the price of IT is falling it is still very costly. It has also resulted partly in the lost of thousands of jobs.

1.1 BANK OVERVIEW 1.1.1 BANKING HISTORY IN NEPAL Truly speaking for the first time, merchant and goldsmith were doing the banking activities. Goldsmiths were doing the banking activities through deposits like ornaments, houses and lent money to the demanded ones. Towards the end of 11th century, during the times of Jayasthiti Malla Jankabhari was in front in banking transaction, he gave money to third people against fixed interest rates. The third people kept land and goods as pledge and utilized money for personal or business work against certain interest rate. Due to inconvenience, such moneylenders came to an end. After Jankabhari, Prime Minister Mandeep Singh established an institution called Tejarath in 1933 B.S. for simple banking operation. Tejarath as a governmental financial institution supplied credit at 5% rate of interest against security of gold, silver or other ornaments. Prime minister Chandra Shamsher (1920-1929) credit facilities of Tejarath were extended to some other parts on the country by opening its branches. After the lapse of time, since moneylenders were powerless to file a suit against the debtors even in case if default . So it was replaced by commercial bank known as the Nepal Bank LTD. during the time of Juddha Shamsher. In the absence of any bank in Nepal the economic progress of the country was being hampered and causing inconvenience to the people and therefore with the objective of fulfilling that need by providing service to the people and for the betterment of the country, this law in hereby promulgated for the establishment of the Bank . After Tehatath, Nepal Bank LTD. was set up in 1936 to develop trade and commerce. Before it no transaction related to advancing and accepting deposit was done. Hence to solve such problems, Nepal Bank LTD. was established as the first commercial bank in Nepal. Later it was established as the central bank on April 26, 1959 A.D. In that era, very few understood of had confidence in this new concept of formal banking. Rising equity shares were not easy and mobilization of deposits even more difficult. This was evident when the bank floated equity shares worth NRs. 2,500,000, but was successful only in raising NRs. 842,000. The total deposits for the first year was NRs. 17,02,025 where current deposits was about NRs. 12,98,898 and fixed was about NRs. 3,88,964 and saving was NRs. 14,163. Loan disbursed and outstanding at the end of the first year was NRs. 19,85,000. From the very conception and its creation, Nepal Bank LTD. was a joint venture between the government and the private sector. Out of 2500 equity shares of NRs. 100 face value, 40% was subscribed by the government and the balanced i.e. 60% was offered for the sale to private sector. There were only 10 shareholders when the bank first started. In the beginning, this bank had to get it concerned with the task of maintaining the stability of the exchange rate, promoting countrywide circulation of the national currency, foreign exchange earning and implement exchange central measure. HMG started the co-operative moment in 1954. NRB also created a special fund for agriculture credit in 1959. NIDC was established in 1957 A.D. to help private sector in the field of industry. In 1956 A.D. commercial bank Rastriya Banijya Bank started functioning. Similarly agriculture and development banks was established in 2024 B.S. Nabil Bank in 2041 B.S. Nepal Grindlays Bank in 2043 B.S. (Now Standard Chartered Bank LTD.) Himalayan Bank in 2051, Bank of Kathmandu in 2052, Everest Bank in 2053, Lumbini Bank in 2055, Nepal Industrial and Commercial Bank in 2056 B.S. Today in Nepal more than 30 commercial banks and more than 100 financial companies are operating

1.1.2 List of Banking Institutions In Nepal

Image

Banking Institutions URL

Contact Address

Nepal Bank Ltd

Nepal Bank Limited Dharmapath Kathmandu (Head Office) P.O.Box: 36, Kathmandu SWIFT Code: NEBLNPKA Tel.: +977 1 422 2397 Fax: +977 1 422 0414 Email: info@nepalbank.com.np

Rastriya Banijya Bank

Rastriya Bannijya Bank Central Office Singhadurbar Plaza, Kathmandu Tel: (977-1) 425-2595 Fax: (977-1) 425-2931 E-mail: rbb.info@rbb.com.np

Nabil Bank Ltd

Head Office Nabil House, Kamaladi, Kathmandu P.O. Box: 3729, Kathmandu Phone: 4430425, 4429546-47, 4435380-85 Telex: 2385 NABIL NP, 2431 NABILH NP Fax: 4429548 SWIFT: NARBNPKA

Nepal Investment Bank Ltd

KATHMANDU HEAD OFFICE Durbar Marg, P.O. Box 3412 Tel: 4228229, 4242530 (DISA) Fax: 977-1-4226349, 4228927 Swift: NIBL NP KT

Standard Chartered Bank

New Baneshwor Branch P.O.Box 3990, New Baneshwar, Kathmandu, Nepal Tel:977-1-4782333, 4783753 Fax No:977-1- 4780762

Himalayan Bank Ltd

Head Office Karmachari Sanchaya Kosh Building Tridevi Marg, Thamel P.O. Box 20590, Kathmandu, Nepal. Telephones : 4227749, 4250201 Telefax : 977-1-4222800 Telex : 2789 HIBA NP, Swift HIMANPKA Email : himal@himalayanbank.com

Nepal SBI Bank Ltd

NEPAL SBI BANK LIMITED, HATTISAR, KATHMANDU, NEPAL TEL: 00-977-1-4435516, 4253243 FAX: 00977-1435612 TELEX: 2796 NSBL NP WEBSITE:www.nepalsbi.com.np,www.nsbl.com .np E-MAIL:nsblco@nsbl.com.np SWIFT: NSBINPKA

Image

Banking Institutions URL

Contact Address

Nepal Bangladesh Bank Ltd

Head Office: (00) P.O.Box: 9062, New Baneswor, Kathmandu Tel: 4783972,4783975,4783976 Fax: 977-1-4780826 Email : nbblho@nbbank.com.np

Everest Bank Ltd

Baneshwor Main Branch Kathmandu, Nepal Phone: 977-1-4780018 (hunting) Fax: 977-1-4781025 Email: eblban@ebl.com.np

Bank of Kathmandu Ltd

Head Office Bank of Kathmandu Limited P.O. Box 9044, Kamal Pokhari, Kathmandu, Nepal SWIFT: BOKLNPKA Telex: 2820 BOK NP Tel: (977 1) 4414541 Fax: (977 1) 4418990 Email: info@bok.com.np

NCC Bank Ltd

Corporate Office / Kathmandu Main Branch NB Building, Bagbazar, Kathmandu, Nepal SWIFT : NBOCNPKA, Telex : 2843, 2812 Website : www.nccbank.com.np Phone : (01) 4246991; Fax : (01) 4244610 email : corporate@nccbank.com.np ncc@infocom.com.np

Lumbini Bank Ltd

Corporate Office: Durbar Marg, Kathmandu, Nepal. Tel: +977 1 4243158, 1 4243165 Fax: +977 1 4227590 SWIFT: LUBLNPKA email: info@lumbinibank.com.np

NIC Bank Ltd

Corporate Office 279 Kamaladi Sadak, Kathmandu, Nepal P. O. Box: 7367 Tel: 977 01 4262277 Fax: 977 01 4241865 Email:kamaladi@nicbank.com.np

Machhapuchhr e Bank Ltd

Head Office Corporate Office Kathmandu Branch P.O. Box: 41 Naya Bazar Pokhara, Nepal Tel: +977-61-530900 Fax: +977-61-530500 Email: mblbnk@mbl.com.np SWIFT Code: MBLNNPKA

Kumari Bank Ltd

Kumari Bank Limited Putali Sadak, Kathmandu Nepal Phone : 977-01-4-232112 977-01-4-232113 Fax : 977-01-4-231960 Telex : 2853 KUMARI NP Swift : KMBLNPKA Email : info@kbl.com.np

Laxmi Bank Ltd

Hattisar Branch & Corporate Office Hattisar, Kathmandu, Nepal Tel. 01-4444684/4444685 Fax 01-4444640/4444743 SWIFT: LXBLNPKA Email: info@laxmibank.com

Siddhartha Bank Ltd

CORPORATE OFFICE 130/23, HATTISAR, KAMALADI KATHMANDU P.O. BOX : 13806 TEL. : 01-4442919, 01-4442920 FAX : 977-1- 4442921, Telex. 2757 SBL Swift-SIDDNPKA EMAIL : sbl@siddharthabank.com

Image

Banking Institutions URL

Contact Address

Agriculture Development Bank Ltd

Head Office, Ramshah Path Kathmandu, Nepal Tel : 977-1-4262885/4262596 Fax : 977-1-4262616/4262929 Email : info@adbn.gov.np

Global Bank Ltd

Corporate Office Panipokhari, Kathmandu P.O. Box: 19327, Nepal Phone No: 4002507 / 4002508 Fax: 4441502

Citizens Bank International

CITIZENS BANK INTERNATIONAL LIMITED P.O.BOX: 19681 , SHARDA SADAN KAMALADI, KATHMANDU, NEPAL TEL: 977-1- 4262699 FAX: 977-1-4265030 EMAIL: info@ctznbank.com URL: www.ctznbank.com / www.citizensbank.com.np

Prime Commercial Bank Ltd

Prime Commercial Bank Ltd. Bira Complex, New Road, Kathmandu , Nepal Phone No : 4233388 Fax : 4233390 Swift : PCBLNPKA Email : info@pcbl.com.np

Bank of Asia Nepal Ltd

Head Office Tripureswore Kathmandu Metropolitan City - 11 P.O. Box: 11021 Nepal Tel No: + 977 1 4263212/4263218 Fax No: + 977 1 4258326 Email: boan@bankofasia.com.np

Sunrise Bank Ltd

Sunrise Bank Limited P.O. Box: 15203 Gairidhara Crossing, Kathmandu, Nepal Tel: 4004560, 4004561, 4004562 Fax: 977-1-4422475 SWIFT: SRBLNPKA

Development Credit Bank

DCBL Bank Limited Kathmandu Plaza, First Floor, Kamaladi GPO Box: 7716, Kathmandu, Nepal Tel no: 4231120, 4231490, 4221420, 4241156 Fax: 977-1-4231469 Swift : DCBNNPKA E-mail: info@dcbl.com.np

NMB Bank Ltd

NMB Bank Limited Babarmahal. GPO Box - 11543 Kathmandu, Nepal Phone: 977-1-4246160 Fax: 977-1-4246156 Emaill: info@nmb.com.np

Kist Bank Ltd

Main Branch KIST Building ,Anamnagar, Kathmandu Phone : +977-1-4232500 Fax No.:+977-1-4228588 E-Mail : main@kistbank.com E-Mail : info@kistbank.com Post Box No.:8975, EPC. : 5157

Janata Bank Nepal Ltd

Janata Bank Nepal Ltd. Shankhamul Marg, 10 New Baneshwor, Kathmandu POBox:23600 Tel. 4786100/4785900 Fax. 4786300 Email. info@janatabank.com.np

Mega Bank Nepal Ltd

MEGA Bank Nepal Limited Corporate Office Mega Mahal, Kantipath, Nepal. Ph:977-1-4257711, Fax: 977-1-4266599

Commerz and Trust Bank Nepal Ltd.

Commerz and Trust Bank Nepal Ltd. Tindhara Road, Kamaladi, Kathmandu. House No: 130/23 P. O. Box: 23399 Phone: 4446150, 4446151 Fax : 4444770 Email: info@ctbn.com.np

Civil Bank Ltd.

Head Office: Civil Bank Ltd. Classic Complex, Tindhara Road, Kamaladi, Kathmandu-31 P.O. Box: 9799 Tel No: 4255551, 4255523 Fax No: 4255500

2. CURRENT IT APPLICATION IN THE BANKING INDUSTRY In recent times, the field of Information Technology has grown in leaps and bounds. It has found its use in almost every field in this world and finance is not an exception. Information Technology has a tremendous impact on financial sector. Most importantly, the recent growth in information technology has been a major hindrance to financial companies. The IT field has developed various software solutions that negate the need for financial advice from financial institutions. Due to the growth in World Wide Web and its use in trading, there have been a lot of transactions taking place within a short amount of time which is difficult for a financial institution to handle. A few years ago, it was thought that trading through financial institution was far more secured than trading online but now due to the growth in information security people think that online trading is better due to its speed and security. Initially, banks used to store sensitive information in large main frame systems and allow only privileged member access. But, nowadays due to the advancements in information security, there is no need for a mainframe. Sensitive information can be monitored from less powerful desktops. The increasing popularity of online market has also been beneficial to financial service providers. The internet is a highly decentralized trading platform and it doesn't have any organization governing the trading activities. This has opened a lot of potential for financial service providers. In banks, information technology has also led to customer dissatisfaction. Due to the thirst for security, banks started demanding ways to improve their security. This led to the use of encryption in banks. Though, this increases the security of data, it brings down the performance of the system. Also, there is the risk of glitches in the encryption algorithm. So, thinking of increasing the security, all that banks have managed to do is to degrade their performance. Computers have known to do whatever is instructed to them. Many financial institutions have automated their system of functioning and thus financial professionals are required to have knowledge about computers. Whenever a sophisticated service is provided by a new application, the amount of risk involved also increases. If a financial professional is not able to understand the proper way to use this new service, a heavy loss will be incurred. Although, the involvement of information technology in finance has increased the risk factor to great extent, this can be compromised by the fact that it has opened greater money making opportunities by providing a large decentralized market. Various software solutions have been developed for financial institutions to handle different scenarios. A strong knowledge about these software solutions is a must for each financial professional. Thus, financial institutions are currently on the lookout for professionals having higher proficiency in computers. Nothing in this world could be regarded as perfect and the same applies to software solutions. At some point of time there will be some problem with the software and due to this problem the company will incur heavy loss. The duty of the IT department of a financial organization is to detect these problems as early as possible and minimize the probable loss. Also, in recent times, the number of investors has also increased to a larger extent. Hence, the maintenance of customer data becomes an important and difficult task. Without the involvement of information technology, this task

can never be managed properly and effectively. Also customer data which will provide to be useful at times of system failure or during a serious virus attack. With the advent of internet, many traders have started to trade online. This means that organizations have to monitor these online trading and ensure that proper security measures are in place. A system crash during trading sessions can pose a lot of problem to financial organizations. So, they are forced to depend on IT professionals to ensure that such failures never happens. Through careful observation, it can be clearly seen that Finance sector largely depends upon Information Technology for various needs. At this junction, it is safe to say that without the involvement of IT, a financial organization can never prosper. In recent years, the utilization of information technology has been magnificently increased in service industries, particularly, the banking industry, which by using Information Technology related products such as internet banking, electronic payments, security investments, information exchanges, financial organizations can deliver high quality services to client with less effort. Whitten et al. stated that "Information is an arrangement of people, data, process, and information technology that interact to collect, process, store and provide as output the information needed to support an organization," which indicates that information system is an arrangements of groups, data, processes and technology that act together to accumulate, process, store and provide information output needed to enhance and speed up the process of decision making. During last decade, high percentage of financial organizations are frequently utilize computers technology to facilitate services; and that the speed of adoption is expected to grow further as the technology expands. The introduction of electronic indicates of data accumulation, accessing and manipulation assisting the process of banking decision making. 2.1 E-BANKING E-Banking, popularly known as the short form of Electronic banking is an umbrella term for the process by which a customer may perform banking transactions electronically without visiting the physical premises of the financial institution, if we exclude the ATM hub established in the roadside form the definition of physical premises. In the Nepalese financial sector e-banking is not the new concept and this aspect of modern banking already gripped the financial institutions as they decided to leave manual transaction and commenced theirs business with the use of computers. The following terms all refer to one form or another of electronic banking: personal computer banking, internet banking, virtual banking, online banking, home banking, remote electronic banking and phone banking. Personal computer banking and internet or online banking are the most frequently used designations. But for the Nepalese financial market the institutions isn't considered as involved in the E-Banking unless n until it has ATM machines as well as the availability of the services for the customer to query their deposit account statement through the use of cellular mobile phones. 2.1.1 E-BANKING IN NEPAL Establishment of first Joint Venture Bank, Nepal Arab Bank Limited (now NABIL Bank), in 1984 was the first step towards e-banking in Nepal. It introduced Credit Cards in Nepal in early 1990. Automated Teller Machine (ATM) was first introduced by another JV Bank, Himalayan Bank Ltd. in 1955. Himalayan Bank Limited was also the first bank to

introduce Tele-Banking (Telephone Banking) in Nepal. Internet-Banking was first introduced by Kumari Bank Limited in 2002. Laxmi Bank Limited was the first bank to introduce SMS-Banking (or Mobile Banking) in Nepal in the year 2004. The channels in E-Banking available in Nepal are Automated Teller Machines (ATM), Point of Sales (PoS), Telephone Banking (Tele Banking), Internet Banking, Mobile Banking (SMS Banking). Currently Nepalese customer are enabled Cash Withdrawal, Balance Inquiry from in PoS Terminals customer can do financial transaction via Cards, Cash is debited form the client's account, from Tele-Banking customer can do the Account Status check, Balance Inquiry. Similar to Tele-Banking SMS banking facilities is there. From Internet-Banking customer are having fund transfer within accounts (within the bank), get balance statement online and pay bills online. All these type of facilities are available in cities but not in remote places. But unless and until Nepal's two giant banks which are under restructuring process, NBL and RBB, wont go for E-Banking large portion of banking customer will be out of the use of E-Banking facilities. As per NRB till july, 2006 total deposit of banking sector is 2904d27.6 million Rs, out of those Nepal Bank Limited has 35295.4 million Rs. and RBB has 45446,2 million Rs. As per this data nearly 30% of the total depositors are out of the use of E-Banking facilities directly. Recently RBB declared it has started ATM and internet banking facilities which is indeed satisfactory news for the Nepalese financial market. Likewise NBL which is already computerized will also have to start this services sooner or later.

3. BANKER'S CLEARING PAYMENT SYSTEM Cash is still the most widely used form of payment by individuals in Nepal, though plastic cards (credit cards, debit cards, pre-paid cards, etc.) have been steadily gaining in popularity. Checks, together with promissory notes and bills of exchange, are mostly for corporate use. Direct credit into the payee's bank account is also widespread. Both individuals and corporations use banks regularly to transfer funds to recipients, and monthly salaries are directly paid into employee bank accounts by the employer. Direct debits from bank accounts are the predominant means of payment for regular household payments such as telephone, electricity, tax and other bills. Ordinary deposit accounts play an important role. They function as the household's wallet at the bank. The frequent use of this account and its use with overdraft service against fund shortfalls, make it an almost essential element of Nepalese payment practices. A depositors can withdraw cash from, or deposit cash to, his/her ordinary deposit account using CD/ATM machines, and direct credit/debit is primarily done to/from an ordinary deposit account. Payment and Settlement System plays crucial role in effective and efficient circulation of money in the economy thus giving boost to trade and business. It is recognized worldwide that an efficient and secure payment system is an enabler of economic activity. It provides the conduit essential for effecting payments and transmission of monetary policy. Role and functionality of Payment systems have been changing gradually with advancement in products and technologies. There are diverse payment systems functioning in the country, ranging from the paper based systems where the instruments are physically exchanged and settlements worked out manually to the most sophisticated electronic fund transfer system which are fully secured and settle transaction on a gross, real time basis. They cater to both low value retail payments and large value payments relating to the settlement of inter-bank money market, Government securities and Forex transactions. Banker's Automated Clearing Services is a scheme for the electronic processing of financial transaction. BACS direct debits and BACS direct credits are made using the BACS system. BACS payments take three working days to clear. they are entered into the system on the first day, processed on the second day, and cleared on the third day. BACS was invented by Dennis Gladwell and was started in 1968 as the Inter-Bank Computer Bureau, set up to develop electronic transfer of funds between banks and avoid the need for paper documents as part of the money transfer process. Three basic clearing and settlement systems are being proposed for Nepals payment system: (i) Paper Based Transfer System (PBTS): Automated Clearing

The PBTS will be used to process paper-based retail debit and credit instruments, through the

House (ACH). The system will give credit transfers same day finality and next day finality for debit instruments. Participating banks will settle their obligations to each other on a multilateral net basis, through their settlement accounts at the central bank, which is the settlement agent. Paper-based processing technology like the Magnetic Ink Character Recognition (MICR) or Optical Character Recognition (OCR) will be used to automate and improve the efficiency of a Paper Based Transfer System.

(ii)

Bulk Electronic Transfer System (BETS):

In this system, payment initiation and the exchange of payment instructions and related data will be in electronic form, either through electronic media or along communication lines, through to the clearing house. The BETS will be restricted to credit transfers (including standing orders), and direct debits (preauthorized debits). Inputs into the system will only be in electronic form, and the system will be designed to handle and process high volume, low to medium value payments. Bilateral or multilateral settlement will be allowed and a settlement instruction will indicate the settlement date, and whether bilateral or multilateral settlement is to be used.

(iii) Large Value Transfer System (LVTS): Large value, time critical credit payments will be cleared through a Large Value Transfer System (LVTS) , which may be a Real Time Gross Settlement (RTGS) System or a Designated Net Settlement (DNS).

(iv) Complementary Systems: In addition to the above systems, it is envisaged that there will be a number of complementary systems, which include: (a) Payment Cards Processing Systems (PCPS): This is the systems that use payment cards at points of sale will be built to facilitate authorizations, clearance and settlement. Automated Teller Machine (ATM) Network(s) will be built to facilitate verification, authorization, clearance and settlement among users and their banks or participants. The cleared net amounts will be transmitted to the settlement agent for entries to be effected on their settlement accounts.

(b) Electronic Banking and Internet Based Systems (EBIS): There is no reliable data on the volume and value of electronic and Internet-based payment transactions. Nevertheless, this payment area is set to grow. Institutions that venture into this area, including the establishment of Internet service providers, will be encouraged. The NPS Project will closely follow and monitor developments in this area, with a view to developing an Electronic Banking and Internet Based System (EBIS) at an appropriate time, when it is both cost-effective and prudent.

(v) Foreign Currency Clearing: As the number and activity of foreign-currency denominated accounts increases, coupled with the need to reduce foreign exchange outflows arising, foreign currency clearing will be introduced. The clearing financial institutions will have to agree with their settlement agent on how to treat the credit balances on their settlement accounts.

(vi) Management of Clearing Houses: In order to enhance the supervisory and oversight role of the central bank over the payment system, and also to encourage the development and consolidation of self-discipline within the banking and financial services industry, it is proposed that the management of clearing houses should be autonomous. These autonomous clearing house(s) would then be run on a cost recovery basis, with full-time

professional managers and auditors. There should be a transition period of five years, during which the central bank will gradually ease itself out of the management of the clearing house(s).

vii.

Document Truncation: As a way of enhancing clearing and settlement efficiency, cheque and other paper

truncation should be introduced and promoted. This truncation should be gradual, starting with partial truncation, and then proceeding to full truncation. The laws must be amended to accommodate the document truncation technology. The level and scope of the countrys payment technology needs to be improved and upgraded if we are to enhance the efficiency, reliability, convenience and security of the payment system. 3.2 PAYMENT TECHNOLOGY (i) Use of SWIFT: Banks should be encouraged to procure SWIFT and electronically transfer funds using SWIFT. The possibility of forming a national SWIFT User Group to take advantage of collective bargaining power should be explored. Efforts to form an SAARC SWIFT Users Group should also be explored. (ii) Promotion of Automatic Teller Machine (ATM) Use/ ATM Network: Owing to the flexibility and convenience afforded by Automatic Teller Machines (ATMs), Banks with ATMs should be encouraged to build an ATM Network, which could be called NEPALSWITCH. The switch will enable participating members to clear and settle ATM withdrawals that are done at such banks where the drawer does not hold an account. (iii) Use of Payment Cards: Institutions that can issue payment cards, including credit, debit and smart cards should be encouraged to start operations. A bank or a consortium of existing banks could start issuing cards and operating payment card businesses, in return for a set of incentives. Nepal Rastra Bank has to issue guidelines on the operation of payment card schemes. (iv) Internet Banking and Electronic Commerce: Institutions that can spearhead the establishment and structured promotion of Internet banking and electronic commerce should be encouraged. Internet payment system providers should be encouraged to open and operate business. (v) Third Party Processing Companies: Independent third party processors who can set up infrastructure to operate Electronic Fund Transfer at Point of Sale (EFTPOS) should be licensed to operate.

4. Data and System security in the banking industry For banking institutions "Security" is an inherent word which has got its meaning across two layers the monetary security and the information security. 4.1 Information/Data security Data security is the means of ensuring the data is kept safe from corruption and that access to it is suitably controlled. Thus data security helps to ensure piracy. It also helps in protecting personal data. As the technology is upgrading day by day, people and organizations are getting more involved to their work and they have very little time for the things which seem negligible at the starting but can be very dangerous in future. In today's world 99% people and organizations are more interested in sending and receiving data through internet and mobile data storage devices. But among those 995 people 90% people do not encrypt their data through they know that the data contains personal information and the chances of data lose or hacking is very high. Today due to the introduction of internet banking and mobile banking sending data through internet has high chances of getting hacked. Because the number of hackers are increasing in a rapid rate day by day and those hackers are so efficient in their job that they can easily hack the unencrypted data from the internet. And if those hacked data contains any sort of personal information they can misuse those data, even they can make some criminal offenses by using those data and without doing anything wrong you will become a criminal. At the time of sending data through internet lot of people can easily access your data if your data is not encrypted. File encryption of Full disk encryption is the most important question for most of the organization now a day. Because some of the organization encrypted their important files but still failed to prevent data lose, and file encryption does not allow encryption on in and out moving data. So the organization are not finding any profit in adopting data encryption. Full disk encryption is the only solution of their anxiety. Now the organizations are not sure whether they will apply the full disk encryption on each and every system of their organization or just on those system which contain sensitive data. According to PCI and ICO the answer is an organization should apply the full disk encryption to all the system. Because only a few stuffs of the organization can access the sensitive data but still there is a chance that due to some emergency and ordinary stuff can also get access to sensitive data. So, be ready before the mistake had been done. Full disk encryption not only save your sensitive data but also assures you the protection of each and every single data of your organization. But some people do not want to apply encryption because of some drawbacks and those drawbacks can cause data loss or computer malfunction. 4.2 Data security technologies 4.2.1 Disk Encryption Data encryption refers to encryption technology that encrypts data on a hard disk drive. Disk encryption typically takes form in either software or hardware. Disk encryption is often referred to as on-the-fly encryption ("OTFE") or transparent encryption.

4.2.2 Hardware based Mechanisms for Protecting Data Software based security solutions encrypt the data to prevent data from being stolen. However, a malicious program or a hacker may corrupt the data in order to make it unrecoverable or unusable. Similarly, encrypted operating systems can be corrupted by a malicious program or a hacker, making the system unusable. Hardware-based security solutions can prevent read and write access to data and hence offers very strong protection against tampering and unauthorized access. Hardware based or assisted computer security offers an alternative to software-only computer security. Security tokens such as those using PKCS#1 may be more secure due to the physical access required in order to be compromised. Access is enabled only when the token is connected and correct PIN is entered. However, dongles can be used by anyone who can gain physical access to it. Newer technologies in hardware based security solves this problem offering fool proof security for data. Working of Hardware based security: A hardware device allows a user to login, logout and to set different privilege levels by doing manual actions. The device uses biometric technology to prevent malicious users from logging in, logging out, and changing privilege levels. The current state of a user of the device is read by controllers in peripheral devices such as hard disks. Illegal access by a malicious user or a malicious program is interrupted based on the current state of a user by hard disk and DVD controllers making illegal access to data impossible. Hardware based access control is more secure than protection provided by the operating systems as operating systems are vulnerable to malicious attacks by viruses and hackers. The data on hard disks can be corrupted after a malicious access is obtained. With hardware based protection, software cannot manipulate the user privilege levels, it is impossible for a hacker or a malicious program to gain access to secure data protected by hardware or perform unauthorized privileged operations. The hardware protects the operating system image and file system privileges from being tampered. Therefore, a completely secure system can be created using a combination of hardware based security and secure system administration policies. 4.2.3 Backups Backups are used to ensure data which is lost can be recovered 4.2.4 Data Masking Data Masking of structured data is the process of obscuring (masking) specific data within a database table or cell to ensure that data security is maintained and sensitive information is not exposed to unauthorized personnel. This may include masking the data from users (for example so banking customer representatives can only see the last 4 digits of a customer national identity number), developers (who need real production data to test new software releases but should not be able to see sensitive financial data), outsourcing vendors, etc.

4.2.5 Data Erasure Data Erasure is a method of software-based overwriting that completely destroys all electronic data residing on a hard drive or other digital media to ensure that no sensitive data is leaked when an asset is retired or reused. 4.3 Monetary Security Fraud is any dishonest act and behavior by which one person gains or intends to gain advantage over another person. Fraud causes loss to the victim directly or indirectly. Fraud has not been described or discussed clearly in The Indian Penal Code but sections dealing with cheating. concealment, forgery counterfeiting and breach of trust has been discusses which leads to the act of fraud. In Contractual term as described in the Indian Contract Act, Sec 17 suggests that a fraud means and includes any of the acts by a party to a contract or with his connivance or by his agents with the intention to deceive another party or his agent or to induce him to enter in to a contract. 4.3.1 Banking Frauds Banking frauds constitute a considerable percentage of white-collar offences being probed by the police. Unlike ordinary thefts and robberies, the amount misappropriated in these crimes runs into lakhs and crores of rupees. Bank fraud is a federal crime in many countries, defined as planning to obtain property or money from any federally insured financial institution. It is sometimes considered a white collar crime. All the major operational areas in banking represent a good opportunity for fraudsters with growing incidence being reported under deposit, loan and inter-branch accounting transactions, including remittances. Bank fraud is a big business in todays world. With more educational qualifications, banking becoming impersonal and increase in banking sector have gave rise to this white collar crime. This banking fraud can be classified as: Fraud by insiders Fraud by others 4.3.1.1 Fraud By Insiders. Fraudulent loans One way to remove money from a bank is to take out a loan, a practice bankers would be more than willing to encourage if they know that the money will be repaid in full with interest. A fraudulent loan, however, is one in which the borrower is a business entity controlled by a dishonest bank officer or an accomplice; the "borrower" then declares bankruptcy or vanishes and the money is gone. The borrower may even be a non-existent entity and the loan merely an artifice to conceal a theft of a large sum of money from the bank. Wire fraud Wire transfer networks such as the international, interbank fund transfer system are tempting as targets as a transfer, once made, is difficult or impossible to reverse. As these networks are used by banks to settle accounts with each other, rapid or overnight wire transfer of large amounts of money are commonplace; while banks have put checks and balances in place, there is the risk that insiders may attempt to use fraudulent or forged documents which claim to request a bank depositor's money be wired to another bank, often an offshore account in some distant foreign country. Forged or fraudulent documents Forged documents are often used to conceal other thefts; banks tend to count their money meticulously so every penny must be accounted for. A document claiming that a sum of money has been borrowed as a loan, withdrawn by an individual depositor or transferred or invested can therefore be valuable to a thief who wishes to conceal the minor detail that the bank's money has in fact been stolen and is now gone.

Uninsured deposits There are a number of cases each year where the bank itself turns out to be uninsured or not licensed to operate at all. The objective is usually to solicit for deposits to this uninsured "bank", although some may also sell stock representing ownership of the "bank". Sometimes the names appear very official or very similar to those of legitimate banks. For instance, the "Chase Trust Bank" of Washington DC appeared in 2002 with no license and no affiliation to its seemingly apparent namesake; the real Chase Manhattan bank, New York. There is a very high risk of fraud when dealing with unknown or uninsured institutions. Theft of identity Dishonest bank personnel have been known to disclose depositors' personal information for use in theft of identity frauds. The perpetrators then use the information to obtain identity cards and credit cards using the victim's name and personal information. Demand draft fraud DD fraud is usually done by one or more dishonest bank employees that is the Bunko Banker. They remove few DD leaves or DD books from stock and write them like a regular DD. Since they are insiders, they know the coding, punching of a demand draft. These Demand drafts will be issued payable at distant town/city without debiting an account. Then it will be cashed at the payable branch. For the paying branch it is just another DD. This kind of fraud will be discovered only when the head office does the branch-wise reconciliation, which normally will take 6 months. By that time the money is unrecoverable. 4.3.1.2 Fraud By Others Forgery and altered cheques Thieves have altered cheques to change the name (in order to deposit cheques intended for payment to someone else) or the amount on the face of a cheque (a few strokes of a pen can change 100.00 into 100,000.00, although such a large figure may raise some eyebrows). Instead of tampering with a real cheque, some fraudsters will attempt to forge a depositor's signature on a blank cheque or even print their own cheques drawn on accounts owned by others, non-existent accounts or even alleged accounts owned by non-existent depositors. The cheque will then be deposited to another bank and the money withdrawn before the cheque can be returned as invalid or for non-sufficient funds. Stolen cheques Some fraudsters obtain access to facilities handling large amounts of cheques, such as a mailroom or post office or the offices of a tax authority (receiving many cheques) or a corporate payroll or a social or veterans' benefit office (issuing many cheques). A few cheques go missing; accounts are then opened under assumed names and the cheques (often tampered or altered in some way) deposited so that the money can then be withdrawn by thieves. Stolen blank cheque books are also of value to forgers who then sign as if they were the depositor. Accounting fraud In order to hide serious financial problems, some businesses have been known to use fraudulent bookkeeping to overstate sales and income, inflate the worth of the company's assets or state a profit when the company is operating at a loss. These tampered records are then used to seek investment in the company's bond or security issues or to make fraudulent loan applications in a final attempt to obtain more money to delay the inevitable collapse of an unprofitable or mismanaged firm. Bill discounting fraud Essentially a confidence trick, a fraudster uses a company at their disposal to gain confidence with a bank, by appearing as a genuine, profitable customer. To give the illusion of being a desired customer, the company regularly and repeatedly uses the bank to get payment from one or more of its customers. These payments are always made, as the customers in question are part of the fraud, actively paying any and all bills raised by the bank. After certain time, after the bank is happy with the company, the company requests that the bank settles its balance with the company before billing the customer. Again, business continues as normal for the fraudulent company, its fraudulent customers, and the unwitting bank. Only when the outstanding balance between the bank and the company is sufficiently large, the company takes the payment from the bank, and the company and its customers disappear, leaving no-one to pay the bills issued by the bank.

Cheque kiting Cheque Kiting exploits a system in which, when a cheque is deposited to a bank account, the money is made available immediately even though it is not removed from the account on which the cheque is drawn until the cheque actually clears. Deposit 1000 in one bank, write a cheque on that amount and deposit it to your account in another bank; you now have 2000 until the cheque clears. In-transit or non-existent cash is briefly recorded in multiple accounts. A cheque is cashed and, before the bank receives any money by clearing the cheque, the money is deposited into some other account or withdrawn by writing more cheques. In many cases, the original deposited cheque turns out to be a forged cheque. Some perpetrators have swapped checks between various banks on a daily basis, using each to cover the shortfall for a previous cheque. What they were actually doing was check kiting; like a kite in the wind, it flies briefly but eventually has to come back down to the ground. Credit card fraud Credit card fraud is widespread as a means of stealing from banks, merchants and clients. A credit card is made of three plastic sheet of polyvinyl chloride. The central sheet of the card is known as the core stock. These cards are of a particular size and many data are embossed over it. But credit cards fraud manifest in a number of ways. They are: Genuine cards are manipulated Genuine cards are altered Counterfeit cards are created Fraudulent telemarketing is done with credit cards. Genuine cards are obtained on fraudulent applications in the names/addresses of other persons and used. It is feared that with the expansion of E-Commerce, M-Commerce and Internet facilities being available on massive scale the fraudulent fund freaking via credit cards will increase tremendously. Counterfeit credit cards are known as white plastics. Booster cheques A booster cheque is a fraudulent or bad cheque used to make a payment to a credit card account in order to "bust out" or raise the amount of available credit on otherwise-legitimate credit cards. The amount of the cheque is credited to the card account by the bank as soon as the payment is made, even though the cheque has not yet cleared. Before the bad cheque is discovered, the perpetrator goes on a spending spree or obtains cash advances until the newly-"raised" available limit on the card is reached. The original cheque then bounces, but by then it is already too late. Stolen payment cards Often, the first indication that a victim's wallet has been stolen is a 'phone call from a credit card issuer asking if the person has gone on a spending spree; the simplest form of this theft involves stealing the card itself and charging a number of high-ticket items to it in the first few minutes or hours before it is reported as stolen. A variant of this is to copy just the credit card numbers (instead of drawing attention by stealing the card itself) in order to use the numbers in online frauds. Duplication or skimming of card information This takes a number of forms, ranging from a dishonest merchant copying clients' credit card numbers for later misuse (or a thief using carbon copies from old mechanical card imprint machines to steal the info) to the use of tampered credit or debit card readers to copy the magnetic stripe from a payment card while a hidden camera captures the numbers on the face of the card. Some thieves have surreptitiously added equipment to publicly accessible automatic teller machines; a fraudulent card stripe reader would capture the contents of the magnetic stripe while a hidden camera would sneak a peek at the user's PIN. The fraudulent equipment would then be removed and the data used to produce duplicate cards that could then be used to make ATM withdrawals from the victims' accounts.

Impersonation and theft of identity Theft of identity has become an increasing problem; the scam operates by obtaining information about a victim, then using the information to apply for identity cards, accounts and credit in that person's name. Often little more than name, parents' name, date and place of birth are sufficient to obtain a birth certificate; each document obtained then is used as identification in order to obtain more identity documents. Government-issued standard identification numbers such as "Social security numbers, PAN numbers" are also valuable to the identity thief. Unfortunately for the banks, identity thieves have been known to take out loans and disappear with the cash, quite content to see the wrong persons blamed when the debts go bad. Fraudulent loan applications These take a number of forms varying from individuals using false information to hide a credit history filled with financial problems and unpaid loans to corporations using accounting fraud to overstate profits in order to make a risky loan appear to be a sound investment for the bank. Some corporations have engaged in over-expansion, using borrowed money to finance costly mergers and acquisitions and overstating assets, sales or income to appear solvent even after becoming seriously financially overextended. The resulting debt load has ruined entire large companies, such as Italian dairy conglomerate Parmalat, leaving banks exposed to massive losses from bad loans. Phishing and Internet fraud Phishing operates by sending forged e-mail, impersonating an online bank, auction or payment site; the e-mail directs the user to a forged web site which is designed to look like the login to the legitimate site but which claims that the user must update personal info. The information thus stolen is then used in other frauds, such as theft of identity or online auction fraud. A number of malicious "Trojan horse" programmes have also been used to snoop on Internet users while online, capturing keystrokes or confidential data in order to send it to outside sites. Money laundering The term "money laundering" dates back to the days of Al Capone Money laundering has since been used to describe any scheme by which the true origin of funds is hidden or concealed. The operations work in various forms. One variant involved buying securities (stocks and bonds) for cash; the securities were then placed for safe deposit in one bank and a claim on those assets used as collateral for a loan at another bank. The borrower would then default on the loan. The securities, however, would still be worth their full amount. The transaction served only to disguise the original source of the funds. Forged currency notes Paper currency is the usual mode of exchange of money at the personal level, though in business, cheques and drafts are also used considerably. Bank note has been defined in Section 489A.If forery of currency notes could be done successfully then it could on one hand made the forger millionaire and the other hand destroy the economy of the nation. A currency note is made out of a special paper with a coating of plastic laminated on both sides of each note to protect the ink and the anti forgery device from damage. More over these notes have security threads, water marks. But these things are not known to the majority of the population. Forged currency notes are in full circulation and its very difficult to catch hold of such forgers as once such notes are circulated its very difficult to track its origin. But the latest fraud which is considered as the safest method of crime without making physical injury is the Computer Frauds in Banks. Computerization of banks had started since 1994 in India and till 2000 4000 banks were completely and 9000 branches have been partially computerised. About 1000 branches had the facilities for International bank Transaction. Reserve Bank Of India has evolved working pattern for Local area Network and wide area Network by instituting different microwave stations so that money transactions could be carried out quickly and safely. The main banking tasks which computers perform are maintaining debit-credit records of accounts, operating automated teller machines, and carry out electronic fund transfer, print out statements of accounts create periodic balance sheets etc.

Internet facilities of computer have revolutionized international banking for fund transfer and for exchanging data of interest relating to banking and to carry out other banking functions and provides certain security to the customers by assigning different pin numbers and passwords. Computer depredations have by some been classified as: X Computer frauds; and X Computer crimes Computer frauds are those involve embezzlement or defalcations achieved by tampering with computer data record or proggramme, etc.Where as computer crimes are those committed with a computer that is where a computer acts as a medium. The difference is however academic only. Bank computer crimes are committed mainly for money, however other motive or The Mens rea can be: Personal vendetta; Black mail; Ego; Mental aberrations; Mischief Bank computer crimes have a typical feature, the evidence relating to crime is intangible. The evidences can be easily erased, tampered or secreted. More over it is not easily detectable. More over the evidence connecting the criminal with the crime is often not available. Computer crimes are different from the usual crimes mainly because of the mode of investigation. There are no eyewitness, no usual evidentiary clues and no documentary evidences. It is difficult to investigate for the following reasons: Hi-tech crime The information technology is changing very fast. the normal investigator does not have the proper background and knowledge .special investigators have to be created to carry out the investigations. the FBI of USA have a cell, even in latest scenario there has been cells operating in the maharashtra police department to counter cyber crimes.C.B.I also have been asked to create special team for fighting cyber crimes. International crime A computer crime may be committed in one country and the result can be in another country. there has been lot of jurisdictional problem an though the Interpol does help but it too has certain limitations. the different treaties and conventions have created obstructions in relation to tracking of cyber criminals hiding or operation in other nations No-scene crime: The computer satellite computer link can be placed or located any where. The usual crime scene is the cyber space. The terminal may be anywhere and the criminal need not indicate the place. the only evidence a criminal leaves behind is the loss to the crime. Faceless crime: The major advantage criminal has in instituting a computer crime is that there is no personal exposure, no written documents, no signatures, no fingerprints or voice recognition. The criminal is truly and in strict sense faceless. There are certain spy softwares which is utilized to find out passwords and other vital entry information to a computer system. The entry is gained through a spam or bulk mail.

System Security Today most of the banks are in the way of using latest development in IT in their day to day functioning and service to their customers. Among them Online banking is the one. Online banking allows customers to conduct financial transactions on a secure website operated by their retail or virtual bank, credit union or building society.

Online banking solutions have many features and capabilities in common, but traditionally also have some that are application specific. 1) Transactional (e.g. performing a financial transaction such as an account to account transfer, paying a bill, wire transfer, apply for a loan, new account etc)
y y y y

Payments to third parties, including bill payments and telegraphic/wire transfer Funds transfers between a customer's own transactional account and saving accounts Investment purchase or sale Loan applications and transactions, such as repayments of enrollments

2) Non-transactional (e.g. online statements, cheque links, cobrowsing, chat)

y y y

Viewing recent transactions Downloading bank statements, for example in PDF format. Viewing images of paid cheque

3) Financial Institution Administration 4) Management of multiple users having varying levels of authority 5) Transaction approval process Security Protection through singlepassword authentication, as is the case in most secure Internet shopping sites, is not considered secure enough for personal online banking applications in some countries. Basically there exist two different security methods for online banking.

The PIN/TAN system where the PIN represents a password, used for the login and TANs representing one-time passwordsto authenticate transactions. TANs can be distributed in different ways, the most popular one is to send a list of TANs to the online banking user by postal letter. The most secure way of using TANs is to generate them by need using a security token. These token generated TANs depend on the time and a unique secret, stored in the security token (this is calledtwo-factor authentication or 2FA). Usually online banking with PIN/TAN is done via a web browser using SSL secured connections, so that there is no additional encryption needed.

Another way to provide TANs to an online banking user is to send the TAN of the current bank transaction to the user's (GSM) mobile phone via SMS. The SMS text usually quotes the transaction amount and details, the TAN is only valid for a short period of time. Especially in Germany and Austria, many banks have adopted this "SMS TAN" service as it is considered very secure.

Signature based online banking where all transactions are signed and encrypted digitally. The Keys for the signature generation and encryption can be stored on smartcards or any memory medium, depending on the concrete implementation.

Attacks Most of the attacks on online banking used today are based on deceiving the user to steal login data and valid TANs. Two well known examples for those attacks are phishing and pharming. Cross-site scripting and key logger Torjan horse can also be used to steal login information. A method to attack signature based online banking methods is to manipulate the used software in a way, that correct transactions are shown on the screen and faked transactions are signed in the background. A recent FDIC Technology Incident Report, compiled from suspicious activity reports banks file quarterly, lists 536 cases of computer intrusion, with an average loss per incident of $30,000. That adds up to a nearly $16-million loss in the second quarter of 2007. Computer intrusions increased by 150 percent between the first quarter of 2007 and the second. In 80 percent of the cases, the source of the intrusion is unknown but it occurred during online banking, the report states. The most recent kind of attack is the so-called Man in the browser attack, where a Trojan horse permits a remote attacker to modify the destination account number and also the amount. Countermeasures There exist several countermeasures which try to avoid attacks. Digital cirtificates are used against phishing and pharming, the use of class-3 card readers is a measure to avoid manipulation of transactions by the software in signature based online banking variants. To protect their systems against Trojan horses, users should use virus scanner and be careful with downloaded software or e-mail attachments. In 2001 the FFIEC issued guidance for multifactor authentication (MFA) and then required to be in place by the end of 2006.

Other securities Securing an entrance is the single most important step in protecting you banking institution. The entrance should be first line of defense in deterring unwanted guests. The problem with most entrances to a building is the lack of security they provide during business hours. The only method of securing a facility usually consists of latching/locking doors; a method of security that typically only happens when the facility closes for the day or is on lock down.

Installing an automatic security access protal which serves as a physical barrier for building entrance is the biggest single step to protect bank and financial institution. A standard security portal consists of the following: 1)Single, double or even three lane portal with interlocking doors which are site specific and tailored for the institution. 2)Riot proof of ballistic glass ( ballistic glass has various levels that can be choose from) 3)Metal detector(s) that can be set to the standard of metal detection 4)Camera with a view of an objects tray and 5)Touch screen panel or operator console/controller that is operated from inside the facility to avoid contact with any unwanted visitors An armed assailant wants as quick of an exit as possible to make his escape. When faced with taking their chance with a secured entrance/exit, they will forego a visit to your facility and try for a building with a less secure entrance/exit.

INFORMATIN TECHNOLOGY AND FRAUD Banks provide you several means to help you transact as easily as possible with your account such as ATM cash machines, online banking, Phone banking, and so on. With the advent of each of these services, the opportunity for fraud has also increased. Take, for example, online banking. It is so easy for us to use, and we all use it. The transactions that you do online are secure-just as long the account information stays with you. Anyone else possessing this account information could create havoc with your account. Online Banking Fraud How is it done Phishing One particularly common method is called phishing (pronounced the same as Fishing). The trick here is to make YOU give your account login details to the fraudster yourself. To do this, the fraudster creates a website that closely resembles that of your bank and hosts it at a URL, which also resembles that of your bank. He then sends a series of emails at random, asking you to verify or update your account details by logging in, presumably for security reasons. You oblige by clicking a link supplied in the email and are taken to a fraudulent website, which is a look-alike of your bank. To log in, you enter your account details and password. In this fake website, the fraudster has captured your account login details-just another way to get your account information. Vishing Fraudsters just do not stop installing key loggers, sending phishing emails to acquire your banking details; they also use more sophisticated techniques like Vishing (Phishing using Voice). Here fraudsters setup a fake call center using Voice over IP (VOIP). They will send you emails asking you to confirm your banking details as a security check at the phone number provided in the email. As you are not aware about this, you call the number believing it to be a bank phone number and end up giving your banking details and other personal information at the Interactive Voice Response (IVR) phone number. They record your calls and use it for fraudulent purpose. Phone Banking The means to make online banking frauds do not end at Internet banking. When you do not have access to the Internet and need to make transactions on-the-fly, banks give you the option of phone banking. In phone banking, you call up your bank, speak with an agent who would ask few questions to ascertain your identity, and then the agent performs transactions you request. How secure is this method?-It is safe as long as your personal details are secure. An impersonator who has access to your private information can call the bank on your name, prove identity based on your personal information, and ask for transactions. Check Fraud The fraudsters may use your Bank account number, Routing number and other personal details to issue checks at websites that accept online checks leading to online check fraud. The methods listed above are some of the more common methods of committing online banking fraud, both on the Internet and phone banking.

What can you do to avoid it? Because of her bad experience, Ms. Jenny lost her savings and her faith in online banking. Should you lose faith? No. There are ways for you to prevent online banking fraud, which is what happened to Ms. Jenny. First, it is your

knowledge that will help you. Here is a list of some not-so-difficult rules that you should follow to avoid being a victim of online banking fraud. DO NOT leave your personal documentation at places where it can either be picked up or viewed by anyone who do not need to see them. DO NOT log in to your online account from an insecure computer network. When accessing your bank Web site, check that the URL is correct and that you are not becoming a victim of phishing. DO NOT key in your online banking account login details at a website about which you are not sure. Look for the lock at the bottom or HTTPS in the address field of your browser. It is a good practice to type in the URL of your bank yourself, or bookmark it if the URL is difficult to remember. DO NOT follow links to a banking website from another website or email. When available, use alternative methods to enter account login details. For example, some banks allow you to click on an on-screen keyboard when logging in and avoid key presses altogether. DO NOT give your account details over the phone, unless you have initiated the call to a bank service center and make sure that you are calling the correct number listed on the banks website. DO NOT print your Social Security Number on checks. Scan your computer periodically to ensure that no spy ware or key logger is installed. Keep your antivirus software regularly updated Make sure that you have automatic updates turned on and regularly download the security patches if you are a windows user. DO NOT respond to emails that ask you to enter your bank account details in any way. DO NOT send personal information and bank account details over email.

Credit Card Fraud You would love to get air tickets for your next holiday right in your living room. It cuts all the cacophonic troubles of reaching there as everything happens with just a few taps on the key board. Nowadays every one of us likes online shopping due to its convenience and easiness. It is not only the customers who love it but cyber thieves too. Yes, the online shopping, where credit card is one of the most favorite ways of transaction, is highly susceptible to frauds. These frauds are the results of your Identity theft. Identity theft is where your personal information such as your Social Security Number, Drivers License, Credit card information, on-line bank accounts are stolen without your notice and are used for criminal purposes.

How does Credit Card Fraud happen? The credit card fraud can hit you in number of ways. It can be Skimming, where your credit card information is manually copied by a fraudulent employee of a pub or a restaurant. It can be an Identity theft fraud, facilitated by the financial documents (ATM transaction slips, bank statements etc) dugout from the garbage. It can be by a hacker, hacked in to a merchants database. They can use a key logger to steal all the important information you type on your PC. They can copy the magnetic strip of your card obtrusively, and if they know your PIN number, with that cloned card, they can withdraw money from the ATM. It can be a mail-not-receipt fraud where your card is lost during the transit from the bank. Among all the types, Card Not Present (CNP) fraud is most admired by the fraudsters as neither the customer nor the merchant are present at that time. When the card is not present, it is hard to determine the genuineness of the

transaction as the physical security features of the card are not visible. If fraudsters gain access to your personal information along with the credit card details, they can call the bank and change the billing address to receive goods or services in your name. Receipts and bills do not have CVV code which is a must to transact, so usually fraudsters get card details from phishing, hacking in to merchants database where complete information is stored including CVV the 3 digit code (Visa and Master cards), 4 digit code (AMEX cards) or from a key logger installed. The bad news is that you are completely unaware about the fraud until you receive your statement, just to weep over the burnt leaves.

Identify Credit card Fraud In order to prevent credit card fraud or even the identity fraud, check for some signals, which can take you a long way in preventing the scam. It can be: Some transactions that appear in your statement but you feel that you never made them Instances when you receive a telephone call or letter saying you have been approved or denied credit for accounts you know nothing about, or you receive a credit card statement for an account that you never opened Instances when the credit card details have been shared to an unknown or suspected person Instances when the documents containing the information of your credit cards have been stolen etc. Instances like the above will open doors for the possible credit card scams. As mentioned earlier, the tragic factor about the credit card fraud is that neither the customer nor the merchant would be aware of the fraudulent transactions and you would realize only after the damage is done.

Preventing Internet Credit card Fraud Luckily, online credit card fraud can be prevented by a little care and observation. Always check your bank statements for any suspicious transactions Shred the financial documents with care Do not store your credit card information on the computer Do not write the PIN number down. Never delay to report a lost credit card as the repercussions can be highly disastrous. Close the account that you suspect is being hit by the fraud. Thoroughly check the authenticity of the firm, the website, or any other transactional company where your money would be flowing through. Check that the Internet connection you are using is secure. Look for the lock at the bottom or HTTPS in the address field of your browser. These indicate that the connection is a secure one Never give away your personal information over the phone unless you are sure of the person the other end. Take a pause before venturing into any kind of online transaction and decide upon the authenticity of the transaction. Credit card transactions in other words on-line shopping is simple, fun and can be secure if you follow the above precautions.

Debit Card Fraud In the chronology of crimes involving bank frauds, debit card frauds closely followed on the heels of credit card frauds. Debit cards, for some time after they were introduced, have been more secure than credit cards (because of the PIN) but sadly, this is no longer the case. Using state-of-the-art technology and planning, fraudsters are now able to duplicate your debit card magnetic strip and they are also able to find loopholes in the PIN usage to obtain your PIN number. Once they have these two, a counterfeit card is generated and used just like your own debit card. Mr. Smith and his family have been living in New Jersey for over 15 years. He has been out of the United States just once, on a vacation to Canada few years ago. He uses his debit card for groceries and other purchases monthly. This month, Mr. Smith observed withdrawal transactions on his account generated out of Romania for a sum of $1,500. Neither Mr. Smith nor any of his family had been to Romania during the last month. He called his bank frantically as the $1,500 transaction practically emptied his account balance. The bank informed Mr. Smith that he had withdrawn that amount from an ATM in Romania! Aghast, Mr. Smith explained that his debit card is with him in the US. This is a typical example of how debit card frauds come to light. His debit card was possibly duplicated at one of the stores where he swiped it or at an ATM, leading to debit/credit identity theft. The information was sold to fraudsters outside the US, and a counterfeit debit card was generated and used for withdrawals. How is it done? There are multiple ways how you can become a victim of ATM card fraud. So it is in your interest that you be cautious while using your debit card. Here are the most common debit card frauds that are prevalent: ATM Skimming A scanning device (skimmer) is used here that copies the information present in the magnetic strip of your ATM card when u insert it in an ATM machine. When you perform your transaction, the skimmer copies all the details of your card on to the device and an overhead tiny camera records your PIN. The fraudsters can access the skimmer and camera using the laptop wireless feature sitting near by ATM machine or pull the skimmer and camera from the ATM and then copy the skimmer data into a computer. Now they make a duplicate magnetic strip using a device called MSR (Magnetic Stripe Recorder) and withdraw large sums of money from your account using the PIN number. ATM Card Fraud When you submit your debit card for a transaction, the corrupt salesperson first swipes your card for the transaction. Then, he/she takes your card away from your notice for just a few seconds and swipes it on an electronic device that copies all the data on your cards magnetic strip. This information is passed on to an agent who creates counterfeit card with all your card information on it, obviously without your or your card company consent. Finding your PIN is the next step: The sales person observe and make a mental note of pin number while you enter it, this is known as shoulder surfing. And viola, the corrupt salesperson now has both your card details and PIN number; he can withdraw cash directly from your account, not on credit, but YOUR OWN money. Phishing This is another type of fraud where you submit your own personal and financial information to the fraudster. The fraudster uses a website URL and design that closely resembles your bank website. The fraudster then sends emails at random, asking you to verify or update your account details along with a link embedded in the email. This is a URL to the fraudulent website made to look real with information and other details closely resembling the original. In the world of Internet fraud, this trick of sending emails to gather personal and banking information leading to identity theft is called phishing.

Once they have your ATM card number, expiry date and PIN, they can make counterfeit card and with draw cash using the PIN. Consumer Negligence You are not excused of negligence either. In rare moments of haste, you crumple receipts from merchants instead of shredding them. Did you notice that some of these receipts have your account or card number, either in full or at least partially? A fraudster who has access to this bit of paper might gather some more private information about you. The fraudster uses this information to call up the bank with your name, convince them of the identity and then gradually take over the account, first by requesting for a change in the address and then ask for re-issue of cards or make bill payments. Top

What is the impact? Your checks may be dishonored for lack of funds, leading you to default on payments to some other accounts. Debit card fraud may happen long after the details are first stolen, or the fraudster may use the account occasionally to avoid suspicion, thereby gradually eating down into your savings, sometimes over several months if you do not notice your transaction statements. Top

What can you do to avoid it? There is little that you can do after you have become a victim of ATM card fraud. But you can do your bit before you become an innocent victim. Few guidelines are listed below, which help you prevent debit card fraud and also protect you from credit card fraud. Be stringent on yourself and rest assured that you will avoid greater complications in future. When you key in your PIN number at an ATM, make sure that you sufficiently obscure the keypad from being viewed by an onlooker. NEVER let the sales person take your debit card out of your sight. There is no need for him/her to do so, unless he/she intends to do something unlawful. Secure your debit card physically by storing it at a safe place. NEVER write your PIN number at a place where it can be seen by someone who you do not intend to show it to. ALWAYS shred the receipts from merchants that you no longer require, especially when you have paid for using your debit card. If you do not receive your debit card or PIN number from the bank within a reasonable amount of time after requesting one, check with the bank when it was sent and when you should expect to receive it. It may have been picked up by someone else in transit. When at an ATM, make sure that no external devices are attached to the ATM machine and no wires are hanging around. Check your account statements carefully for transactions that you may not have made.

ATM Skimmer & POS

What is skimming?

Skimming is the process where original data from your cards magnetic strip is electronically copied to create a duplicate card without your knowledge. Most cases of counterfeit fraud involve skimming. Types of skimming Here are the two most common ways of how fraudsters can duplicate ATM and credit cards: Card skimming A scanning device (skimmer) is used here that copies the information present in the magnetic strip of your ATM card when u insert it in an ATM machine. When you perform your transaction, the skimmer copies all the details of your card on to the device and an overhead tiny camera records your PIN. The fraudsters can access the skimmer and camera using the laptops wireless feature sitting near by ATM machine or pull the skimmer and camera from the ATM and then copy the skimmer data into a computer. Now they make a duplicate magnetic strip using a device called MSR (Magnetic Stripe Recorder) and withdraw large sums of money from your account using the PIN number. Card trapping A device attached inside the ATM machine traps your card as soon as you insert it. Well meaning people around you will request you to make a couple of attempts to perform transactions to observe and make a note of your PIN number. And, when you get frustrated, give up, and move out of the ATM center to report the same to the bank, miscreants would remove the trapping device, take your card from it, and as they are already aware of the PIN, they would have performed huge transactions within no time. Now that you have learnt some information about ATM Skimming, its time you knew about Point of Sale (POS) skimming.

Point of Sale (POS) Skimming ATM skimming is limited to just ATMs so you know you have to be careful when you are at an ATM, but Point of Sale scams /skimming can happen at the most unassuming and innocuous seeming places like bars, restaurants, supermarkets or gas stations. When you offer your card to make a payment all that the corrupt employee has to do is to skim your card with a small, hand-held electronic device before handing your card back. This device captures all details about your card and the sales person observe and make a mental note of your pin number while you enter it, this is known as shoulder surfing. Once the corrupt employee has your card details and PIN number, he can create a duplicate card and with draw cash at an ATM or go on a shopping spree.

Safety tips to protect yourself against card skimming frauds Here are few steps you can take to protect your ATM and credit cards: Safeguard your credit cards and ATM cards at all times. Never let these cards out of your sight You see a shop assistant swipe the card through a different machine to the one you used. You need to question this action. If you notice something suspicious about the card slot on an ATM (like an attached device), do not use it and report it to the responsible authorities. Never trust your ATM card and credit card PIN numbers to strangers.

Be aware of your surroundings while withdrawing money at ATM centers. Do not crumple and throw away the transaction slips or credit card memos: read them, make a mental note of the details and then, either tear them or shred them to trash them. Periodically check your account balances on Internet or by requesting your bank or credit agency to send you statements to ensure that no transactions are happening behind your back. While entering any personal identification numbers (PIN), use your discretion to shield the keypad so that your hand movements are not very visible and you enter your passwords secretly. Well, armed with this knowledge about ATM skimming and POS skimming we hope that you will be more careful the next time you are at an ATM or while making transactions with your card.

Identity Theft What is Identity theft? Imagine you waking up one day and realizing that all your important personal and financial information has been compromised and it is in the hands of unscrupulous elements. All the information that signifies your very existence is being misused. What we are talking about here is your IDENTITY. If you loose your identity, you stand a chance of loosing everything that you have built so far in your life like: Your name Your bank accounts Your credit cards Your Social Security Number Your personal information (like your email IDs) Whats worse is that you could lose all this without you even knowing that you lost it and by the time you realize, it is too late to make amends and you are probably bankrupt. This is exactly what happens when you disclose your personal details at unknown sources on the Internet. You are opening a Pandora Box and there is no looking back.

What can someone do by using your Identity? To answer that put yourself in the criminals shoes for a minute. What would you do if you had all the personal and financial information of somebody? You could wreck havoc . So what exactly can someone do with your Identity? Well for starters they can make you go bankrupt. Here are some of the other things that can happen. They can

1. 2. 3. 4. 5.

Impersonate you Obtain loans, funds, credit cards using your personal details Acquire Social Security Number or Driver License Acquire fake passports (which if in the hands of terrorist can be a national threat) Perform other crimes for which you would be held responsible

What information do fraudsters need to perform Identity theft? Unfortunately most of the information that they need for ID theft is documents that we usually are not very protective

about like: Your name and address combined with 1. 2. Utility bills and credit card statements Bank account documents a. Bank statements b. ATM transaction slips Your birth certificates

3.

4. Social Security Number 5. Drivers License Number There are two types of identity frauds that can be done to cards: 1. 2. Application fraud - A criminal uses your personal details to apply for and obtain a card or any kind of a bank product (for example, a loan). Account take-over - A criminal uses key personal information to totally takeover and start operating your account.

How can you protect your Identity? The best approach to prevent yourself from being a victim of ID theft is to be cautious when it comes to letting out your personal and financial information. All have your antennas switched on. Following are some of the tips to help keep your identity safe:

Never disclose personal information to anyone you do not trust. Do not provide your information until and unless you are sure about the caller. Fraudsters setup fake call centers using VOIP; this is known as Vishing. If in case of doubt you call the bank directly using the bank phone number listed on the bank website. Remember that banks always ask for specific characters like last 4 digits of your card or SSN not your entire card number or SSN for verification. Ensure that your personal documents are always secure. Your personal documents include your birth certificate, bank account details, passport, credit cards, driving license, SSN, card receipts, financial statements and even utility bills. Periodically peruse your bank statements to check for any transactions that have occurred without your knowledge. Dispose of financial statements, card receipts and other personal documents with utmost care. Tear or cut into pieces any such documents before trashing them. Keep the authorities informed if you have lost any personal item. For example, report a stolen credit card. Raise an alarm if you receive a telephone call or letter saying you have been approved or denied credit for accounts you know nothing about, or you receive a credit card statement for an account that you never opened. While paying by credit card, never let it out of your sight. Raise an alarm if the card is being swiped more than required, or if it is being scanned. In case of a change in address, ensure to notify the correct address to all recipients who send you statements to your address. Check that the Internet connection you are using is secure. Look for the lock at the bottom or HTTPS in the address field of your browser. These indicate that the connection is a secure one Make sure that you have automatic updates / firewall turned on and regularly download the security patches if you are a windows user. All said and done, even after taking all the precautions in case there was a slight slip from your end and you have mistakenly disclosed your personal details then, to re-trace your steps you can approach the following methods:

1.

If you have given out bank related information, inform bank authorities to watch out for transactions and

2.

change all the related passwords to gain control over your bank account. If your driving license or any cards are stolen, then, contact the agencies that issued the documents and follow their procedures to cancel a document and get a replacement. Ask the agency to flag your file to keep anyone else from getting a license or another identification document in your name. Keep an eye on your regular statements or bills that you receive. A missing bill or statement could mean that the fraudster is making use of your personal information.

3.

Phishing Fraudsters on the Internet do not stop at installing key loggers and spy ware on your computer to ruin your day. They go a step further-they pry on your bank accounts, gather account information, and then use it like its their own. And how do they do it?

By Phishing (pronounced as Fishing) So what is phishing? You always admired how convenient it is for you to access your bank account online and transact. What if someone (else) could transact using that little piece of information in your head-your account password? Worse, what if you were to give it to a fraudster yourself without you knowing it? Before you dismiss that thought, let us tell you that they know of a way to make you do that.

How is it done? Your bank website is where you will most always use your account details and password without worrying about it much. Thats secure alright, but if you were displayed a Web interface which so closely resembles that of your bank, you are subconsciously programmed to assume it to be your bank and provide your login details, which may include your account number, your credit card number, and a password. This is what the fraudster wants. The fraudster uses a Web design and a URL which closely resembles that of your bank. The fraudster then sends emails at random, asking you to verify or update your account details along with a link embedded in the email. This is a URL to the fraudulent Web site made to look real with information and other details closely resembling the original. In the world of Internet fraud, this trick of sending emails to gather personal and banking information leading to identity theft is called phishing. For example, a fraudster designs a website that very closely resembles that of your bank and hosts it at a URL, which is also similar to that of the bank (for example, www.your-ownbank.com instead of the original www.your-bank.com). The fraudster then sends emails (seem to be coming from legitimate sources) at random, asking you to verify or update your account details. Here is what the fraudster wishes will occur: you believe the urgent need to update your information and as mentioned in the email, you click on the link. The link takes you to the website the fraudster created (www.your-ownbank.com or www.fraudsterwebsite.com/your-bank/login). You then enter your account details and password (sadly, it is for the fraudster and not for your bank.). The fraudster would then see your account details and password in clear characters (encryption is his enemy, remember!). This is when your account becomes susceptible to use by the fraudster in any way as he pleases

What is the impact? Phishing has been around for a few years now and growing in strength. Once your account details are gathered, you are at the mercy of the fraudster as to how they would be used-withdrawals, transfers, checks, to name a few common usages.

What can you do to avoid it? Here are some ways of Identity theft prevention and protection from internet fraud: When you receive emails claiming to be sent by financial institution asking you to enter your account details, DO NOT do so! Your institution already has your details and clearly would not want them again. Check if the email that you receive has your name spelt correctly. Fraudsters simply try to guess your name by your email address. DO NOT open emails that have your name spelt incorrectly. Check the email to see if it is addressed to your name. Fraudsters never personalize emails, they will refer you as Dear Customer or Dear Valued Customer because they send emails randomly to a million email addresses and they even do not know that you have an account with the ban k. Your bank or e-commerce company on the other hand will refer you with your name. DO NOT respond to emails that seem like they are sent from your bank. Some of the claims made in these emails may be the following: The bank is trying to protect you from a fraud. The bank needs some security and maintenance update on your account as asks for your account details. You are to receive a refund. You are to receive a prize If you receive such email always check back with your back directly or speak to the customer service representative of the bank. NEVER enter your credit card details and password in a website which you suspect is not genuine. DO NOT share your account details, password, or credit card details with anyone who you do not know or trust. DO NOT open unsolicited emails. It is a good practice to type in the URL of your bank yourself, or bookmark it if the URL is difficult to remember. DO NOT follow links to a banking website from another website or email. Verify the website URL carefully before you provide your login details on any web page. Fraudsters create fake websites that have URLs closely resembling the original. Log in to your accounts regularly and look for account transactions that you do not recognize. DO NOT send your account details and/or password over an email to anyone. Check that the Internet connection you are using is secure. Look for the lock at the bottom or HTTPS in the address field of your browser. These indicate that the connection is a secure one. Make sure that you have automatic updates / firewall turned on and regularly download the security patches if you are a windows user. CC Fraud Monitor CC Fraud Monitor is an innovative monitoring service that recovers the compromised data stolen by the cyber criminals and makes it available to the concerned organizations in real time. Key Features 24/7 Internet Monitoring We have strong intelligence, surveillance and monitoring teams that exhaustively scan the internet i.e., underground forums and private IRC rooms operated by cyber criminals for compromised identities and financial information of your customers including credit cards and bank account information. When we identify a threat, we inform you with real time alerts via phone and email which will help you protect your customers information before their identity is compromised or misused. These alerts will help you reduce fraud and related expenses.

Real Time Access

Online Guards gives you real time access to compromised data of credit, debit cards and login information recovered from various online sources. You will be given access to your customer information in our database so you can view the number of catches we have made that belong to your organization. We have employed enough security measures to protect the data at our end.

Be the First to know At Online Guards, we care for organizations that want to ensure security of their customers information. Any fraud targeted at specific organization reflects negatively on the security measures implemented by that institution, to the extent of losing reputation and business. You can avoid this by being the first to know if the credit cards or online login details being issued by your institution are involved in fraud or unlawful activities. Using this information, you can take appropriate steps to curb further misuse of your customers identity and thus protect your reputation.

Fraud Forecast When we scan the Internet for compromised sensitive information, we look for trends as well. We look to see if the frauds and scams are targeted at specific financial institutions, geographic regions, and so on. And, when available, we also gather additional details as to how the fraud is being committed. Based on this information we can predict if your institution can or will be targeted next. This would give you an enormous step forward in curbing misuse of your institutions cards or online login details.

Security Auditing Online Guards watch cyber criminals 24/7/365 and are well aware of the tricks and techniques used by them to commit Identity Theft and Online Fraud. This in-depth analysis about Bad Guys gives us tremendous advantage to understand their strategies. Armed with this knowledge, we can provide consulting and auditing services for the security measures you have taken towards your protection system with the mindset of cyber criminals. Our services do not venture into encryption and infrastructure but are focused more on the various protective measures that you can implement in your system to ensure that every transaction is a safe transaction.

For example, Banks:

If you do not have an on screen keyboard in your online banking system then we see that as a loop hole because your customers computer might be under the surveillance of a key logger thus transmitting all the passwords to a hacker.

Expert Guidance Organizations can get in touch with our experts for consulting and learning purposes. Benefits

y y y y y

Avoid multi million dollar losses involved in Identity Theft 24/7 Surveillance teams safeguard your information Protect your customers Identity Reduce Fraud and related expenses Be the first to know about Phishing Attacks targeted at you.

y y y y y

Receive real time alerts about ongoing threats Avoid losing Reputation Learn about the tricks used by cyber criminals Expert guidance to fight fraud Improve your Security Standards

The Impact of It costs to the banking industry Information Technology (IT) use in commercial banks in the Asia-Pacific region is having a significant positive impact on Bank Productivity. IT Benefits, such as fast response and improved service quality outweigh IT Problems, like IT hardware and software incompatibility and job security concerns. Retail IT Products Electronic Payment Systems and Internal Systems, and Wholesale IT Products Front Office and Back Office Systems used in the banks have a positive impact on productivity. IT use increases Outputs, like deposits and loans, and the number of customers, while it decreases costs. Increased IT Measures, like computer and telecommunications capital, and data processing power index, also improve productivity. These are not necessarily reflected on gains in assets and net profit, so Profitability Measures like Return on Assets (ROA) and Return on Equity (ROE) cannot replace Productivity Measures. In the banks with asset (loan) decrease, there is a shift in banking services from interest-based (loan) services to more fee-based services with increased use of IT. IT use is affecting financial service characteristics so that the difficulty in productivity definitions and measurement at the operational level are reduced to some extent. Important IT Benefits are growth potential, cost reduction, employee job satisfaction, and improved service (speed, quality, variety). IT Problems requiring attention are IT induced high competition, IT induced information overload, high costs of IT, communication problems between employees due to difficulty in learning IT based operations, and information security concerns. IT Measures that have the highest positive impact on Bank Productivity are the number of IT employees, computer and telecommunications hardware and software capital, data processing power index, total IT expenses, IT labor expenses proportionate to non-IT labor expenses, and IT expenses proportionate to total income. Productivity Measures that are affected highest by IT use are based on the following Output and Input Measures: Output Measures total shareholder return, weighted output of composite of services, and average number of all types of both deposits and loan accounts; Input Measures total number of hours paid to employees, all operating costs, value of tangible fixed assets; and the IT Measures listed above. Banks need to spend more on IT in order to increase productivity further. Banks should view IT as a strategic competitive factor, not merely as part of a support function. With the success of ATMs, banks had the incentive to develop new products and new delivery channels, such as home banking via phone and Personal computer ATM networks allowed banks to reach new customers outside the markets served by their branches and created the opportunity for greater price competition. With this ambitious venture into cyberspace, Fleet joins a number of other banks in what is only the latest move in two decades of banking industry upheaval brought about by enormous advances in information technology. These advances have affected nearly all aspects of the business of banking. In 1980, the banking industry consisted of a large number of relatively small firms operating in geographically distinct local markets. Products and services primarily taking deposits and making loans were delivered via the branch and the calling officer, which emphasized face-to-face contact with customers. These customers were, for the most part, relatively unsophisticated and trusted their bankers to act in their best interest. Twenty years later, with dramatic advancements in IT, banking customers have become increasingly savvy, making use of multiple distribution channels and demanding an ever-increasing variety of complex products. And competition has emerged from nontraditional quarters to take advantage of new technology and challenge old certainties. What banks deliver and how they deliver it have changed dramatically. And these changes are likely not over yet. While no one can foresee the future, a look back over the last 20 years at the impact of information technology on banking may provide clues about what lies ahead as banks navigate into the twenty-first century.

THE IMPACT ON PRODUCTIVITY AND PROFITS The past two decades have witnessed enormous reductions in the cost of information technology. Between 1986 and 1995, the computing power of the average PC increased elevenfold while the price declined. At the same time, a revolution in telecommunications reduced the cost of transmitting data by 90 percent since 1980. Such cost reductions have made it ever less expensive to acquire, store, transmit, and transform data into information. They have also created enormous changes in data-intensive industries such as financial services which is, after all, fundamentally about processing information.

For commercial banking firms, these advances in IT have resulted in dramatic productivity gains. One early example was the introduction of the automatic teller machine (ATM), which first appeared in the United States in 1968. Most certainly, the introduction of ATMs made the distribution of some banking services more efficient. Before ATMs, withdrawing funds, account inquiries, and transferring funds between accounts all required face-to-face interaction between the customer and a bank teller. The banks costs for these transactions included wages of tellers and backoffice personnel, the cost of maintaining the premises, and other related expenses. ATMs automated this process and, to the extent that they were simply substituting a machine for a bank teller, costs per transaction fell significantly. Perhaps surprising, however, is that such productivity increases do not necessarily translate into overall cost reductions for banks. Why? Because advances in IT can do more than simply automate a banking activity. They also have indirect effects, both on consumer preferences and on the structure and competition of the banking industry. These indirect effects can alter banks costs and revenues in a number of complicated and contradictory ways, with the end result on profits uncertain. In the case of ATMs, as customers became comfortable with the new technology, they began demanding greater convenience and higher-quality products. But the costs of providing these new services were not necessarily below the costs of traditional bank accounts. Customers began making more frequent withdrawals which, in turn, forced banks to process an increasing number of transactions potentially at significant cost. Soon customers decided that access to a single ATM at the bank branch was not enough; they wanted broader ATM accessibility. Banks responded either by investing in expensive ATM networks or by allowing their customers to have access to accounts via networks built by others. Customers also began to demand more elaborate services from ATMs. The original machine was a simple cash dispenser; today banks can install sophisticated ATMs that scan checks, give out cash to the penny, let customers apply for loans, and allow for face-to-face discussion with a service representative via video. Thus, what started as a way to automate the services of a bank teller eventually developed into a new and improved delivery system for bank products. Yet, providing this system was costly, requiring a sizable investment in information technology and continued maintenance of sophisticated high-speed computer systems. The impact of IT on revenues is similarly complicated. With better-quality products and services, banks should be able to charge more, all else equal. In the case of ATMs, the improved features and increased usage meant that banks might expect to receive increased fee revenue for processing customer transactions. But the proliferation of ATM networks also allowed banks to reach customers outside the geographic markets served by their branches. This created the opportunity for greater price competition, as consumers could choose the lowest-cost provider rather than a neighborhood bank. Online banking may have a similar effect on revenues. As people become comfortable shopping and applying for products such as mortgages and credit cards online, these products may turn into commodities, and reduce the profit margins that banks previously enjoyed. In the end, the impact on revenues depends on whether the higher prices associated with new and better products outweigh the lower prices that come with increased competition. With the success of ATMs, banks had an incentive to develop new delivery channels, such as home banking via telephones and PCs. Debit cards, electronic check clearing, cash management, derivative securities, risk management, stored-value cards, and electronic forms of currency are also examples of products that are new, or newly reinvented, because of IT. Federal Reserve Economists Franklin Edwards and Frederic Mishkin find that the share of commercial bank income accounted for by activities other than interest on loans almost doubled between 1980 and 1994. How has this played out to date? Allen Berger and Loretta Mester, also of the Federal Reserve, find that the banking industrys cost per unit of output has risen in recent years, but so has its profits. One way to interpret this result is that the quality of banking products has improved, but in a way that is hard to measure accurately. These new and better products may have raised costs, yet generated revenues greater than the cost increases.

CHOOSING A STRATEGIC DIRECTION Banks that do not make investments that take advantage of new technology may find that they are losing customers to the better-quality or lower-cost products of firms that do. But using IT as a strategic weapon can be quite tricky, entailing high costs and an uncertain payoff.

Picking the right time is key. At first, customer resistance and the high price of new technology make investments risky. With ATMs, for example, there were early concerns about security and accuracy; and even today, many people are still reluctant to use ATMs to deposit checks. Competing technologies may exist, and an early commitment to the wrong one can doom a product or business as competitors and customers move on. As the price of IT drops and consumers become comfortable with the new technology, firms can invest with less concern about customer acceptance, although they may face an entrenched competitor who got there early. With ATMs, banks divided themselves up and pursued several different strategies, according to Ralph Kimball, an economist at the Boston Fed, and William Gregor, senior VP of Gemini Consulting, in Cambridge, Massachusetts. Traditionalists offered only a few ATMs, primarily as an accommodation for customers needing to cash checks outside normal banking hours. Others positioned multiple machines at their branches as substitutes for tellers, encouraging customers to use the new, more cost-effective delivery channel. These banks did not attempt to reach past their branches by establishing an outside network. Still others, such as New Englands BayBanks (now part of FleetBoston), invested early and aggressively in an extensive off-site network of ATMs as a way to extend their distribution and focus on customers with less need for face-to-face contact. It backed up this network with a 24-hour telephone center and a glossy catalog that detailed its products. Each of these strategies had risks. The traditionalists risked losing customers willing to substitute technology for faceto-face contact. Innovators willing to invest heavily early on, like BayBanks, chose a high-risk and, as it turned out, high-return strategy that hinged upon customer willingness to adopt the new technology. Followers those waiting to see whether consumers accepted the technology risked being too late to grab the market share needed to survive. Now, some of these same issues have resurfaced in online banking. With the cost of an online transaction at about 5 cents, just a fraction of an ATM or teller transaction, banks have been eager to convert customers. They started trying in the 1980s, when several banks invested millions to develop home banking products. But, unfortunately for the banks, consumers were not quite ready for the change and many of these products failed. Is the timing better today? According to Forrester Research Inc., of Cambridge, Massachusetts, the number of households that bank online will increase by over 350 percent in the next three years, from 3.7 million households to 13.7 million. The success of online brokerage companies, such as Charles Schwab and E*Trade, also suggests that more customers may now be willing to move their financial transactions online. As with ATMs, banks are adopting several different online strategies. Some have no Web banking to speak of and continue to rely on branches and ATMs. Others are encouraging existing customers to switch to the Web for its cost advantages, with sites where customers can get balances and transfer funds between accounts. Still others, such as FleetBoston, Citigroup, and Wells Fargo & Co., are undertaking a bolder strategy. They have chosen to offer onestop financial services on the Web, including real-time balances, corporate research, portfolio calculators, and stock trading. As with ATMs, these banks hope not only to lower costs, but also to increase revenues by providing a broader range of products to new and existing customers. In entering early, they may also be able to lock in customers who like the convenience of a one-stop site and later find unwinding the interlocking account and payment arrangements necessary to switch banks too much bother. And a novel strategy is being pursued by a handful of Internet-only banks banks with headquarters but with no bricks-and-mortar branches. They are hoping that, at least for some customers, banking will come to resemble the credit card industry, where all transactions are handled via the phone, mail, or electronically. But, although they keep costs low, Internet-only banks also face disadvantages, particularly in dispensing cash and accepting deposits, which still require an ATM. Which strategies will pay off? BayBanks succeeded in luring new customers by placing its ATMs everywhere, then encouraging cardholders to use them with aggressive marketing and high-energy television and print ads. The investment paid off in increased market share, and its network became one of the most utilized in the country. By 1990, over 90 percent of BayBanks customers carried cards, as compared to 65 percent nationally. But, as with ATMs, banks online strategies are not risk-free. Much will depend on customer acceptance. Will people want Internet banking? Will they prefer the convenience of one-stops or will they want to divide their business among specialty providers? So far, most institutions have experienced the Internet as a money-losing proposition, Chuck Farkas, managing director of Bain and Co.s global financial services practice in Boston, told The Boston Globe. As for the future, only time will tell.

THE CHANGING BOUNDARIES OF THE FIRM AND THE INDUSTRY The changes brought about by IT new products, more sophisticated customers, changing cost structures, and enhanced competitive pressures have all combined to transform the structure of the banking industry. And with further development of new technology, the industry will likely continue to evolve. Advances in IT have surely changed the optimal size of a bank. Some technologically intensive products, such as processing payments, are more efficiently produced on a large scale; and the banking industrys recent wave of mergers and acquisitions suggests that bankers, at least, believe the efficient size of a bank has increased. The number of U.S. banking organizations fell from about 18,000 in 1985 to just under 10,400 in 1998, while the percentage of banking assets held by the largest 10 banks rose from about 25 percent to 35 percent over the same period. Although much of this consolidation was due to the elimination of restrictions on interstate banking and branching, much was also attributable to advances in IT. However, the advantages of scale have not been felt equally across all banking products. Loans to businesses, for example, which tend to be specialized and handled on an individual basis, have shown less dramatic efficiency gains. Moreover, small competitors can often get the advantages associated with economies of scale by outsourcing some of their activities to specialists. A 1995 Brookings study suggests that, although consolidation will continue, 3,000 to 4,000 banking organizations should still be around a decade from now. According to this report, a few banks will be very large, but most will be relatively small. Advances in IT have also resulted in new database technology and data-mining techniques that may expand the range of services that banks offer their customers. This technology allows firms to use customer information gathered in one part of their company, say banking, to increase sales in the others, say insurance or brokerage services, and is one of the factors driving recent industry consolidation. Large financial supermarkets, such as Citigroup, formed from the merger of Citibank, Travelers Insurance, and Salomon Smith Barney, are hoping to take advantage of the crossselling opportunities created by IT. Federal legislators, concerned about privacy issues, are finalizing legislation that will put limits on the use of such data-mining techniques, especially on the sale of customer information to outside firms. But the days of a bank offering only traditional deposit accounts and making standard loans are likely over. Advances in IT have opened up market niches for competitors from unexpected places. Many firms, not just banks, can now use statistical models to evaluate risk efficiently, originate loans, transform them into marketable securities, and sell them to obtain funding to make more loans. Countrywide Mortgage caused a radical change in the residential mortgage business when it equipped its salesforce with laptops and sent them into the field to take applications. This not only reduced the inconvenience for clients, but also reduced its own need for bricks-and-mortar facilities and for the data entry needed to process applications. Through its use of IT, Countrywide dramatically increased its market share, growing from a small start-up in 1969 to the largest U.S. independent residential mortgage lender and servicer in 1998. Finally, information technology will likely continue to transform some banks into new types of financial institutions whose business bears little resemblance to that of a traditional bank. For example, State Street Bank in Boston is no longer a bank in the conventional sense; last October, it sold off its last bit of business taking deposits and making loans. State Street now relies on a very profitable IT-driven business, focusing on complex accounting and recordkeeping activities for institutional investors, such as mutual funds. Other banks have taken on firms such as Amazon.com, using technological expertise to help smaller businesses build and manage online stores. For a fee, these banks will track inventory, generate shipping information, authorize customer payments, and even build the Web site. Although closely related to financial services, these activities are hardly traditional bank lines of business.

LOOKING FORWARD As we look ahead to the next generation of information technology, it is doubtful that the current landscape which types of firms offer which products, the degree to which physical proximity to the customer matters, the best size for firms will remain unchanged. More likely, the types of products delivered and how they are delivered will continue to evolve. In a sea of change, it is also reasonable to expect some real surprises. Today, with an estimated 190,000 ATMs already installed in the United States, the new frontier is on the Web. If online banking succeeds, it will almost certainly change the types of products that banks offer. But it is also likely to

further break down the geographic advantage of local firms and intensify price competition. The overall impact on costs and revenues is hard to predict, even as the cost of an individual transaction on the Web drops. From one point of view, IT can be said to have created havoc in the banking industry and to have placed in jeopardy huge investments in human and physical capital. Careers have been disrupted or abbreviated, and venerable institutions have been dismantled. Yet, because each problem also represents an opportunity, IT has provided benefits for those who are able to successfully adapt.

Merger and Acquisition and IT Problems In todays global competition mergers are getting more common every day. Firms merge with the idea to gain financial benefits from larger economies of scale. The bigger part of the mergers however ends up in a failure. An estimation says that up to two-thirds of all mergers do not work out as planned1. Most of the failed mergers can be attributed to a failure to integrate the two firms. For a successful merger the firms have to blend in together on all business parts. An area mostly forgotten in a merger is however the integration of Information Systems (IS). In this report we are going to address this problem and have a better look at the difficulties involved with the integration of Information Systems. We describe what firms try to achieve by merging and which problems probably will be encountered. What do firms want to achieve by merging? Firstly a difference has to be made between a merger and an acquisition (M & A). A merger is when two firms try to realize a combination between their firms by crossing their stocks. An acquisition is defined as an act of exchange by which a company, called here a bidder company, uses money, stocks or their combination, to acquire some assets of the target company2. The difference between a merger and an acquisition can be of importance for the integration process of the firms Information Systems. This point will be addressed later in this paper. Information Systems are not a main point of concern in every merger. Only when the Information Systems play an important role in the firm's business then it is a point of consideration. If two firms both have a low investment in Information Systems, the increase in efficiency and effectiveness due to the merger will be very low compared to firms with a high IS investment. The most important reason for two firms to merge is to increase the competitive advantage of the merged venture. The newly formed firm can be run more efficiently and more effectively than the separate firms did before the merger. The consequence of this is that the firm can gain competitive advantage over their competitors by producing at lower costs. Another reason for a firm to merge is to gain a greater market share. In todays very competitive markets it is very difficult for a firm to increase its market share. One way to increase its share is to acquire another firm which leads in gaining the market share of that particular firm. Problems encountered during mergers The goal of Information Systems is to provide the firm with accurate and reliable information about the companys processes. In the case of a Merger & Acquisition, the Information Systems of both firms have to be integrated. This will lead to a disruption of the stream of information in the Information System. This loss of information will cost the firm a lot of money, so it is important to the firm to make the integration as smooth as possible. There are however a lot of problems that can endanger the integration. Below some of these problems a firm can encounter will be described. The first problem described here is the lack of information about the Information Systems in the negotiation phase of a merger. The negotiations prior to a merger are usually kept secret and only attended by the top management of a firm. Often there is no involvement of an IS professional at all. The main focus of the negotiations is on the financial cooperation of the merging firms. The Information Systems are often left out of the preparations. This means that there is no knowledge available before the actual merger if the information systems of both firms will integrate with each other. Another problem which can lead to the failure of a merger is organizational cultures that do not match. Every firm has an organizational culture which consists of the norms and values its employees have in common. If the organizational cultures collide then the people responsible for the integration of all the systems will have trouble working together on the problem and will often fail in doing so.

Often the power at the negotiations of a merger lie with one firm. When one of the merging firms is bigger than the other firm, the willingness of the bigger company to adjust its information system will be rather small. This is also the case with Acquisitions, when a firm acquires another one. In the case of an acquisition, the attitude of the managers of the target company is often not very positive towards the managers of the bidder company. This can create problems when they have to work together to integrate the Information Systems. Another difficulty encountered when trying to merge two firms is when their organizational structure differs a lot. Each organizational structure has its own Information System that is best suited for this structure. This has as consequence that if two firms have a very different structure, their supporting Information Systems will also be very different. This will make it difficult to integrate the Information Systems, because the Information System of the one firm is not suited for the other firm and a choice has to be made which Information Systems to implement in the merged venture. Practical case : Problems experienced during the integration of Information Technology in a bank merger In this case we are going to study the IT integration of a merger of two important Australian banks: the Commonwealth Bank of Australia (CBA) and the State Bank of Victoria (SBV). The main reason for the merger was that the Commonwealth Bank of Australia wanted to increase its market share in Victoria. This study is a good example of the complexity and all the problems that can appear in a merger regarding the IS This merger took place in January, 1991 and CBA acquired SBV for $A 1.6 billion. IT-systems were seen as one of the major sources for value adding resulting from the merger. So the first intention after the merger was to integrate the computer systems and IT operations of the two banks in order to increase the efficiency of the merged venture. However during the process they realized that there were important differences between the two banks IT functions. First of all, the two banks data process centers were geographically quite far from each other. It was not only the distance, 1000 km between Melbourne and Victoria, but also the culture and economic rivalry that created an obstacle for the IT integration. Second, there was a big difference between the banks strategies. The national bank had a technology driven one which was separated from the business. On the other hand, the regional bank had a business focused and oriented to meet the demands of the business units strategy. Third, the IT systems of the banks operated with different technology platforms which were incompatible. CBA operated with an IBM platform and SBV operated primarily with ICL based systems, though it worked with others like Honeywell, Prime and IBM as well. Furthermore both of them had quite different system testing methodologies. In the national bank, these were technical excellence-driven and in the regional bank a customer-focused testing methodology was used. Fourth, project management styles and structure were also different. In the national bank there was a hierarchical and formal IT management structure. In contrast the regional bank had a decentralized structure and a team-based management organization. The fifth and last difference was IT staffing practices. While the national bank policy was one of internal recruitment and training, the regional bank had developed the opposite practices. Since the middle 80s they had recruited external young educated professionals.

Model description There have been only few researches about the IS integration in a merger until now. In most cases IS are not regarded during post merger studies although integrating information systems during corporate mergers can be critical to their success.11 If IS are mentioned in the research often the only concerns are the technical aspects. In this report we will introduce two models of IS integration. Both are the result of a research and are published in papers. A normative model This model is based on the studies of Giaconmazzi, Panella, Pernici and Sansoni from the Politecnico di Milano. The researchers created a model distinguished into a descriptive and a decision support model. The former one describes the interdependencies between the involved variables in an IS integration. A decision-making tool shall be provided by the latter one. When two companies merge they will be confronted with some problems concerning IS. Solutions involving software and hardware components and organizational aspects wherefore often big investments are necessary have to be found. The authors classified different integration strategies of IS. The following six different integration strategies are devised: 1) total integration ( TI ) same software and applications are used in both companies A totally centralized IS, only one data processing centre B not totally centralized IS, only one data processing centre but some special business processes are left at their original location 2) partial integration ( PI ) only the same business processes use the same software and applications A only one data processing centre B computers are partially decentralized only standardized applications run in the main data processing centre C no data processing centre, all applications run locally 3) no integration ( NI ) all components of the IS are independent, only connections between important data for the corporate management 4) transition temporary solution until the company selects a strategy These integration strategies dont consider the reasons why and when to use the strategies. They just give some possible ways of integrating two IS after a merger. To clarify in what situation which integration strategy can be used best a model is needed. Descriptive model It is important to not only consider Information Technology (IT) aspects when integrating an IS but also to focus on economic, organizational and cost control facts. According to that the descriptive model consists of 4 different variables. The first one is the growing objectives which do not have a direct impact on the IS but on the type of organization. The second is the situation variables which show the border conditions for the integration as they are dependent on the pre-merger settings. The third one is the effects on the companys organizational structure. Here there are three levels of business and company integration which can be achieved after the merger: 1)Retaining Status Quo 2) Annexation 3) Mergers of equal The last variable is called Information System requirements which have a direct impact on the IS architecture and configuration. It is dependent on the economics of scale, the operative behavioral consolidation and the report standardization or data integration. The influence of these four variables on an IS integration decision is shown in Figure 1.

Figure 1:Graphical representation of the influence of variables on Information Systems integration decision On the basis of the collected and classified data in this model the decision support model can be used. Decision support model The decision support model was created to give the user a tool to choose the appropriate integration strategy. The model is structured like a tree with nodes on the different levels. So, the user has to decide step-by-step between the variables in the respective level (e.g. first step: decision, if the business of the companies are equal, similar or different. Second step: decision between different or same country, and so on). Finally the best strategy for the underlying case can be found. The advantages of this model are the possibility for a systematic and fast decision procedure. E.g., if two companies with different businesses in different countries are merged, the model does not need to consider any other variable, because in this case it is suggested not to merge the Information Systems. . Validation During their analysis of the model the researchers first reduced the collected data according to the descriptive model described above. Afterwards they tested their model with this information. They used the decision-making model and compared it with the actual dates. A hit ratio of 81.6% was experienced but according to a level of significance of 95% the hit ratio varies between 66.1% and 92.2%. Besides that a factor analysis was made which showed that there are other factors which can have influences on decisions regarding the strategy chosen for an IS integration. These factors are the simplicity of the integration, the differences in management needs, the search for similar operating logic and the differences between companies. Due to only focusing the research on companies with special characteristics this model is limited. It cannot be generalized because it is only proofed by companies in the industrial segment. Also there are complex factors which are extremely difficult to fit in pre-defined frameworks. Models of change The following model emerged from Johnstons and Yettons research on the merger of two large Australian banks described above. It differentiates in reasoning but the achieved results are alike. This research focus on the dependence of the organization structure and strategy with

their impact on IS integration strategies. Here the organization structure is seen as controlling aspect for the choice of an integration strategy. There are three different strategies to integrate the IS after a merger which are briefly explained in Table 1.

Table 1: Merger strategies and models of change The Co-existence model is suitable when the intent is to maintain the independence of the two organizations, especially if they have unrelated or geographically distinct businesses. Although this integration strategy is low risk and minimizes integration complexity. It produces a higher IT cost structure and synergy effects cannot be realized. If IT rationalization and cost reduction are emphasized, the absorption model is used because of reducing complexity, risk and time to completion. The advantage of this strategy is that the main problems which occur when integrating two incompatible IT configurations are avoided. Finally, the best of breed model is most suitable if the focus is on value adding and synergy tapping. In this case the goal is to realize learning effects and synergies by creating a new configuration out of the best aspects of both companies. Practical Case: The way of integrating Information Technology in a bank merger The integration of IT in the bank merger case explained above was realized in three steps. To guarantee the services for their customers a temporary technical bridge was build between the two existing bank systems for the most required data according to the coexistence model. This situation should only last until another integration strategy was worked out and implemented. Therefore first the best of breed model was chosen. Several meetings with the respective IT managers were needed to identify, analyze and adopt the best practices in both banks. But as both IT-Systems were completely different in their strategy, structure, management processes, and roles/skills they couldnt agree on which system to consider as best. Also the actions of their competitors and the Reserve Bank of Australia pressured the firm to complete the integration. The Reserve Bank had ruled that they had to integrate the regional bank as it was owned completely by the national bank. In the third step the firm changed their strategy to using the absorption model as it was very expensive to run two IS in parallel. The structure, system and configuration of the national bank were chosen to be implemented in the whole company. This implied two main things: the centralization of all activities in Sydney and the implementation of the national banks IBM systems in the entire bank. This lead to a big simplification of the integration problem as they only had to deal with the IT-system. The integration process was concentrated on the transfer of customer and product data to the national bank systems and so it lost much of its complexity. In April 1994 when the integration was completed all branches, accounts and customer records of the regional bank ran on the national banks system.

The CBAs system was chosen, even so SBVs system seemed to be more advanced, progressive and more business-focused. This was on the one hand a matter of power but also choosing the regional banks system would have caused additionally problems. Both IS were dependent on the organization structure of the company and this would have caused the need for reorganization in the national bank as well. Due to this issue complex changes in the parent organization would have been necessary to create a fit with the IT-system if the regional banks one had been integrated. Although the difficulties experienced during the integration process and the complexity, the integration of the IT area had created an increase in value of the merged banks. Conclusion We have addressed several problems encountered when merging two firms. We also introduced two models which try to overcome these problems and achieve a successful merger. One of the main problems discussed here is the failure to integrate Information Systems due to a lack of attention given to this subject in the starting phase of the merger. This is one of the main reasons that a lot of the goals that the merger tried to accomplish are not realized in the end. A proposed solution here is to involve the topic of integration of Information Systems in an early stage in the negotiation process of the merger. This implies that an Information System specialist should also be included in the negotiation process. The models described here both give a means to integrate Information Systems. The normative model focuses mainly on the Information Technology aspect of a merger. Compared to the latter model the models of change takes a wider view on the whole business process. It not only focuses on the hardware and software issues but also takes into account the organizational structure and the dependency of the Information System on this structure. The model of change has as a main assumption that the best of breed model can only be applied if the two firms have very similar organizational structures. If the organizational structures of the firms are really different then the model states to apply the absorption model. The model suggests that it is impossible to integrate the Information Systems of different organizational structures. But is this really the case? In the case study described earlier the banks chose to implement the less sophisticated Information System in the merged firm. Although the smaller bank possessed a better Information System they concluded that this system was not compatible with the organizational structure of the Commonwealth Bank of Australia. Our remark here is that if the banks put some more effort in trying to integrate the more sophisticated Information System in the firm, the results could have been better than they are in the current situation. With the more sophisticated Information System the overall effectiveness and efficiency could have increased more than they did with the information system used right now Merger and Acquisition of Banks in Nepal The concept of merger and acquisition in nepal has not gone a long way. In 2004 Laxmi Bank merged with Himalayan saving and finance company ( HISEF), a first generation financial company which was the first and ever merger in the Nepali corporate history. NBBL and NB Finance- both promoted by NB Group had merged four years ago. Recently again NBBL formally merged into Nepal Sri Lanka Merchant Banking and Finance Ltd. Narayani National Finance Ltd. is the outcome of merging National Finance and Narayani Finance. Similarly Birgunj Finance Ltd. is merging with Himchuli Bikas Bank.