Online banking

From Wikipedia, the free encyclopedia

This article needs additional citations for verification. Please help improve this article by adding reliable references. Unsourced material may be challenged and removed. (November 2007)

Part of a series on Electronic commerce

Online goods and services Streaming media Electronic books Software

Retail services Banking · Food ordering Flower delivery · DVD rental

Marketplace services Trading communities Auctions · Online wallet Advertising Price comparison service

E-procurement

This box: view • talk • edit

Online banking (or Internet banking) allows customers to conduct financial transactions on a secure website operated by their retail or virtual bank, credit union or building society.

Contents 1 Features 2 History 3 Security 4 See also 5 References

[edit] Features

Online banking solutions have many features and capabilities in common, but traditionally also have some that are application specific.

The common features fall broadly into several categories

• Transactional (e.g., performing a financial transaction such as an account to account transfer, paying a bill, wire transfer... and applications... apply for a loan, new account, etc.)
  • Electronic bill presentment and payment - EBPP
  • Funds transfer between a customer's own checking and savings accounts, or to another customer's account
  • Investment purchase or sale
  • Loan applications and transactions, such as repayments

• Non-transactional (e.g., online statements, check links, cobrowsing, chat)
  • Bank statements
• Financial Institution Administration - features allowing the financial institution to manage the online experience of their end users
• ASP/Hosting Administration - features allowing the hosting company to administer the solution across financial institutions

Features commonly unique to business banking include

• Support of multiple users having varying levels of authority
• Transaction approval process
• Wire transfer

Features commonly unique to Internet banking include

• Personal financial management support, such as importing data into a personal finance program such as Quicken, Microsoft Money or TurboTax. Some online banking platforms support account aggregation to allow the customers to monitor all of their accounts in one place whether they are with their main bank or with other institutions...

[edit] History

The precursor for the modern home online banking services were the distance banking services over electronic media from the early '80s (the term online became popular in the late '80s). These services used the videotex system. In the US the first bank to offer these services did so in 1981 and by 1985 at least 37 banks offered videotex banking services. Because of the commercial failure of videotex these banking services never became popular except in France where the use of videotex (Minitel) was subsidised by the telecom provider.

[edit] Security

Protection through single password authentication, as is the case in most secure Internet shopping sites, is not considered secure enough for personal online banking applications in some countries. Basically there exist two different security methods for online banking.

• The PIN/TAN system where the PIN represents a password, used for the login and TANs representing one-time passwords to authenticate transactions. TANs can be distributed in different ways, the most popular one is to send a list of TANs to the online banking user by postal letter. The most secure way of using TANs is to generate them by need using a security token. These token generated TANs depend on the time and a unique secret, stored in the security token (this is called two-factor authentication or 2FA). Usually online banking with PIN/TAN is done via a web browser using SSL secured connections, so that there is no additional encryption needed.
• Signature based online banking where all transactions are signed and encrypted digitally. The Keys for the signature generation and encryption can be stored on smartcards or any memory medium, depending on the concrete implementation.

Attacks

Most of the attacks on online banking used today are based on deceiving the user to steal login data and valid TANs. Two well known examples for those attacks are phishing and pharming. Cross-site scripting and keylogger/Trojan horses can also be used to steal login information. A method to attack signature based online banking methods is to manipulate the used software in a way, that correct transactions are shown on the screen and faked transactions are signed in the background.

Countermeasures

There exist several countermeasures which try to avoid attacks. Digital certificates are used against phishing and pharming, the use of class-3 card readers is a measure to avoid manipulation of transactions by the software in signature based online banking variants. To protect their systems against Trojan horses, users should use virus scanners and be careful with downloaded software or e-mail attachments.

In 2001 the FFIEC issued guidance for multifactor authentication (MFA) and then required to be in place by the end of 2006. ^[1]

[edit] See also

• Current account
• Enhanced Telephone
• Guide to E-payments
• Mobile banking
• Online lenders
• On-line and off-line
• Smile Bank
• Telephone banking

[edit] References

1. ^ OCC 2005-35