 |
|
JOURNAL ARTICLE:
TOPIC: Online Banking: The Future is Now by Mark Grossman
For banks, the Internet is the future. If youre a banker, you still have a chance to make your bank a leader in the next big thing to hit banking.
TERMINOLOGY:
The online banking area has produced some new terms that appear to be confusing and somewhat overlapping. For example, some banks say they provide PC Banking. PC Banking usually refers to dial-up computer banking services. This is where the customers calls a designated telephone number for access to their accounts. These types of services have been around for more than a decade. Typically, PC Banking lets customers see checking and savings account information, transfer funds between accounts, and pay bills online. With PC Banking, the customer needs special software to act as an interface between the bank and their computer. Internet banking requires no special dial-up or software. Its a customer service dream because all the customer needs is their Internet browser. Either Microsofts Internet Explorer or Netscape Navigator will do.
Customers who want to continue using Microsoft Money or Quicken can usually import their account information from Internet banking services into those programs for record keeping and analysis purposes. The import process is simple for an experienced computer user, but more complicated than it needs to be. Novices would find it intimidating.
Although some banks permit sole proprietorships to bank over the Internet, other types of businesses will generally find themselves using dial-up computer banking services for a while longer. Additionally, those customers who dont have Internet access, or who dont trust the level of security on the Internet, may prefer to use dial-up services.
ADVANTAGES FOR THE BANKS:
Electronic banking isnt new. Banks are already way ahead with profits created from electronic financial services like ATMs, dial-up banking and telephone banking. The most important advantage of electronic banking is the lower costs associated with processing electronic transactions as compared to paper check or in-person branch transactions. The extreme ease with which customers can access accounts over the Net also makes it possible to reduce the number of traditional and very expensive brick-and-mortar branches.
The potential cost savings for Internet banking are dramatic. An American Bankers Association study placed the cost of handling a paper check transaction at between $0.42 and $2.00. Although Internet banking is so new that the recovery of development and start-up investments skew transaction costs, the cost could ultimately rival the reported $0.15 to $0.50 cost of an ATM transaction.
In addition to cost savings, Internet banking will open opportunities for increased revenue for banks. Tradition says that banks cant charge customers for teller transactions. One attempt at doing so demonstrates why treading on tradition can be dangerous.
In 1995, First Chicago Corp. started charging $3 for a transaction involving a living, breathing teller. Jay Leno jumped on this one. He joked that for $3.95 the teller would talk dirty to you.
The tradition in the Net banking world is different. Most banks charge or plan to charge fees for Internet services including bill payment services. Affiliated brokers already charge fees for Internet securities trading. As new services appear on the Net, you can anticipate that most banks will use the opportunity to charge their customers new fees.
Is it Safe?
Probably the biggest single obstacle on Net bankings path to success is consumer skepticism about the security of the Internet. Interestingly, the major risks in Internet banking are probably not in the area which potential users focus on interception of financial data transmissions.
Banks and other entities conducting business over the Internet deal with the interception issue by encrypting sensitive information sent over the Net. Even current versions of Netscape and Internet Explorer include encryption technology that makes it technically not feasible for a hacker to read the intercepted information.
As the Federal Deposit Insurance Corporation (FDIC) pointed out in its December 1997 Issues Paper on Internet security, encryption alone is not a complete solution. Anyone who improperly obtains a customers log-on identification and password will be able to fool a banks Internet security software and internal safeguards into believing that the customer is legitimately conducting a transaction.
As with ATM PIN protection, the best weapon in safeguarding Internet banking access will be educating customers. They need to be taught to avoid public-access Internet terminals, select appropriate passwords, and stop transactions when presented with an unexpected Internet screen or an unusual request for confidential information.
A greater security threat suggested by the FDIC is a hacker attack on the banks main computer system through the point where the banks computer is connected to the Internet. Lax security could permit a hacker to plant computer viruses, and corrupt or fraudulently create data on the banks internal computer system.
Fortunately, this risk is relatively simple to address by the aggressive use of firewalls that only allow specified types of information to pass from the Internet through to the banks central computer and a consistent security monitoring program. Most banks dont have the resources in house to take their bank online, so they out-source the project. These are complex projects often involving many parties. Typically, the bank needs web designers to design a front-end interface with their customers. They also need to tie together back-end integration to insure that the website can access and update account information as required. Yet another company may provide the bill payment services demanded by the banks customers.
Having been involved with these projects, the only thing that I can say briefly is that they raise complex contracting issues pertaining to coordination, timing and intellectual property. Each agreement with each party must detail the functions that the bank expects from that party while also ensuring that each party is responsible for insuring integration with the other pieces of the puzzle.
Jumping into this without thoroughly dealing with the integration issue is the best way to get to that ugly place where theres a problem with the website and each company is pointing a finger at the other. You can help to avoid this nightmare with good contracting practices.
Good contracting practices means something more than making a couple of changes on the form the vendor provided to you and then sending it back signed. Thats called a placebo. Good contracting practices means ensuring that the professionals on your side have experience in these types of transactions and are capable of critically analyzing the obligations of the various parties. If it doesnt all tie together, you may find yourself over budget and freshening up your resume.
ABOUT THE AUTHOR:
Mark Grossman is a shareholder and chairs the Computer and E-Commerce Law Group of Becker & Poliakoff, P.A. Research assistant is Christopher ORand.
|
|
|
| |
NEWS PAPER ARTICLE:
Internet Security Issues: Luxembourg Business
Security on the Internet is undoubtedly the primary concern of corporate strategists. No organization should allow unauthorized access to its network and/or systems via an open network, including the Internet. However, many do.
Where does security start? At the strategic planning stage. An Internet connection is not a solution, it is merely a tool or communications means by which to achieve a specific goal in providing a solution to an identified problem.
Some organizations plan an Internet Strategy, others develop a Strategic Plan which can incorporate business objectives and a marketing strategy. Whichever way your organization develops such plans is not the issue: the issue is that without any such plan, an Internet connection will enable unauthorized access and intrusion without careful planning.
Understanding of all the technical considerations is not required by strategists, just awareness and understanding of the potential hazards. In-house technicians and external consultants can together address the issues and come up with a security plan. It is important to note that Internet-related plans need to incorporate a certain amount of flexibility as the technology is moving at a rapid pace.
The main issues concerning Internet Security are as follows:
Confidentiality (data protection);
Authentication(determine identity of sender and receiver);
Integrity (no alteration of data);
Non-repudiation (neither party can deny transaction).
Confidentiality is usually achieved by public and private key systems, based on the concept of two separate keys (strings of data bits). The longer the key, the harder it is to break the code. The public key can only be used to encrypt data. The private key is required to decrypt the resultant encrypted data and is kept secret, while the public key is not. Confidentiality is assured.
Other security projects involve the integration of Firewall solutions, often with anti-virus modules incorporated. The term Firewall can refer to hardware or software: in fact it is both - a software product which requires a dedicated machine with multiple network cards. Firewalls can be configured to restrict both internal and outgoing traffic, classifying by time, tools (WWW, e-mail), file attachments, etc. Determining and configuring the business rules are the most important aspects of operating a Firewall.
Diligence is required in maintaining the integrity of security solutions: it can be easy to connect a modem to a network workstation and communicate with the outside world, therefore bypassing the firewall. However, this innocent connection to the public network also opens a back door for unauthorized intrusion! Once a system is operational does not necessarily mean that regular maintenance and security reviews can be discarded and reduced.
One saying goes like this: IT loves standards, that is why there are so many! Lets hope that the standards which converge on the global Internet and its security solutions are robust, enabling organizations and individuals to benefit from the Information Society.
ABOUT THIS ARTICLE: This article first appeared in the October 1999 issue of Luxembourg Business. It is the Copyright (1999) of International City Magazines (ICM S.a.r.l.) and we use it with their kind permission.
|
|
|
|
