R EPORT

ON

O NLINE B ANKING

Table of Contents
T ABLE W HAT
OF

C O N T E N T S .................................................................................................. 1 I
MEAN NTRO BY TO

C HAPTER
IS

O N L I N E B A N K I N G ............................................................
BANKING

1 1

ONLINE

? .....................................................................

Why online?..............................................................................................................................................1 What is Bank Wire Transfers?..................................................................................................................1 Some terminologies explained:................................................................................................................2 T H E G L O B A L E - B A N K I N G S C E N A R I O ..................................................................... 3 Hurdles in implementation of E-Banking in the Region:...........................................................................4 I N T E R N E T S E R V I C E S P R O V I D E D B Y B A N K S ............................................................. 4 Issues in services provided by banks via internet.....................................................................................4 The regulatory and Supervisory concerns in i-banking.............................................................................5 State Bank of Pakistans Concerns over Internet Facilities.....................................................................9 The Global Scenario...............................................................................................................................10 Hurdles in implementation of E-Banking in the Region:.........................................................................10 I N T E R N E T I T S B A S I C S T R U C T U R E A N D T O P O L O G Y ............................................. 1 1 World Wide Web (WWW) ......................................................................................................................12 Wireless Application Protocol (WAP):....................................................................................................12 Security threats:.....................................................................................................................................13 E-Commerce:.........................................................................................................................................13 Business-to-Consumers (B2C):..............................................................................................................14 Opportunities:.........................................................................................................................................15 Concerns:...............................................................................................................................................15 Business to Business (B2B)...................................................................................................................16 The Growth of Internet Banking and common products:........................................................................17 Different Approaches..............................................................................................................................18 C H A P T E R 2 O N L I N E B A N K I N G V I Z A S K A R I B A N K ........................................... 1 9 L INKING B RANCH
OF BRANCHES

...........................................................................................

19 19

NETWORK

..................................................................................................

South Region Cities: ..............................................................................................................................20 North Region Cities: ..............................................................................................................................21 Center Region: ......................................................................................................................................21 North Region Cities: ..............................................................................................................................22 South Region Cities: ..............................................................................................................................22 W H Y A S K A R I O N L I N E B A N K I N G F A C I L I T I E S ? ...................................................... 23 Askari Bank Online Facilities..................................................................................................................23 ATM facility ............................................................................................................................................23 iNET Banking ........................................................................................................................................23 Virtual Private Networking (VPN)...........................................................................................................23 Inter Bank Fund Transfer IBFT............................................................................................................24 A S K A R I B A N K W H I L E F A C I L I T A T I N G B U S I N E S S E S ................................................. 25 Network specifications............................................................................................................................26 G L O S S A R Y ............................................................................................................... 29

______________________________________________________________________________ i

R EPORT

ON

O NLINE B ANKING

C HAPTER 1 I

NTRO

TO

O NLI NE B ANKI NG

What is mean by online banking?

Online banking (or Internet banking or Electronic banking) is an umbrella term for the process by which a customer may perform banking transactions electronically without visiting a brick-and-mortar institution. The following terms all refer to one form or another of electronic banking: personal computer (PC) banking, Internet banking, virtual banking, online banking, home banking, remote electronic banking, and phone banking. PC banking and Internet or online banking is the most frequently used designations. It should be noted, however, that the terms used to describe the various types of electronic banking are often used interchangeably.

Why online?
Today, banks seem to be jumping on the bandwagon of Internet banking. Why is there a sudden increase of bank interests in the Internet? The reasons are Because of the improved security and encryption methods developed on the Internet. Banks did not want to lose a potential market share to banks that were quick to offer their services on the Internet. Electronic banking is an activity that is not new to banks or their customers. Banks, having been providing their services to customers electronically for years through software programs, which allowed the users personal computer to dial up the bank directly. In the past however, banks have been very reluctant to provide their customers with banking via the Internet due to security concerns, but now its a reality. As high growth potential for ebanking the players focused on increasing and improving their E-banking services. As a part of this, the banks began to collaborate with functions online via Bank Wire Transfers.

What is Bank Wire Transfers?

Bank wire transfers is said to be the path or interface which allows bank-2-bank transactions between two international banks, often the most expedient method for transferring funds between bank accounts. A bank wire transfer is affected as follows Senders Bank Account SWIFT Receivers Bank Account

FIGURE 1.1 Basic Illustration How Bank Wire Transfers Work.

In the light of above illustration, we understand that: 1. The entity wishing to do a transfer approaches a bank and gives the bank the order to transfer a certain amount of money. IBAN and BIC codes are given as well so the bank knows where the money needs to be sent.

______________________________________________________________________________ 1

R EPORT

ON

O NLINE B ANKING

2. The sending bank transmits a message, via a secure system (such as SWIFT) to the receiving bank, requesting that it effect payment according to the instructions given. 3. The message also includes settlement instructions. The actual transfer is not instantaneous: funds may take several hours or even days to move from the sender's account to the receiver's account. 4. Either the banks involved must hold a reciprocal account with each other, or the payment must be sent to a bank with such an account, a correspondent bank, for further benefit to the ultimate recipient. Banks collect payment for the service from the sender as well as from the recipient. The sending bank typically collects a fee separate from the funds being transferred, while the receiving bank and intermediate banks through which the transfer travels deduct fees from the money being transferred so that the recipient receives less than what the sender sent.

Some terminologies explained:

THE INTERNATIONAL BANKING ACCOUNT NUMBER SYSTEM The International Bank Account Number (IBAN) is an international standard for identifying bank accounts across national borders with a minimal of risk of propagating transcription errors. It was originally adopted by the European Committee for Banking Standards (ECBS), and was later adopted as an international standard under ISO 13616:1997 and now as ISO 13616-1:2007.The official IBAN registrar under ISO 13616-2:2007 is SWIFT. Why IBAN? The IBAN was originally developed to facilitate payments within the European Union but the format is flexible enough to be applied globally. It consists of an ISO 3166-1 alpha-2 country code, followed by two check digits that are calculated using a mod-97 technique and Basic Bank Account Number (BBAN) with up to thirty alphanumeric characters. The BBAN includes the domestic bank account number and potentially routing information. The national banking communities decide individually on a fixed length for all BBAN in their country. SWIFT CODE: ISO 9362 (also known as SWIFT-BIC, BIC code, SWIFT ID or SWIFT code) is a standard format of Business Identifier Codes approved by the International Organization for Standardization (ISO). It is a unique identification code for both financial and non-financial institutions. These codes are used when transferring money between banks, particularly for international wire transfers, and also for the exchange of other messages between banks. The codes can sometimes be found on account statements. The latest edition is ISO 9362:2009 (dated 01-10-2009). The SWIFT code is 8 or 11 characters, made up of:

______________________________________________________________________________ 2

R EPORT
1. 4 letters: Institution Code or bank code. 2. 2 letters: ISO 3166-1 alpha-2 country code 3. 2 letters or digits: location code

ON

O NLINE B ANKING

4. if the second character is "0", then it is typically a test BIC as opposed to a BIC used on the live network. 5. if the second character is "1", then it denotes a passive participant in the SWIFT network 6. if the second character is "2", then it typically indicates a reverse billing BIC, where the recipient pays for the message as opposed to the more usual mode whereby the sender pays for the message. 7. 3 letters or digits: branch code, optional ('XXX' for primary office) Where an 8-digit code is given, it may be assumed that it refers to the primary office. SWIFT Standards, a division of The Society for Worldwide Interbank Financial Telecommunication (SWIFT), handles the registration of these codes. For this reason, Business Identifier Codes (BICs) are often called SWIFT addresses or codes.

The Global E-Banking Scenario

The banking industry is expected to be a leading player in e-business. While the banks in developed countries are working primarily via Internet as non-branch banks and operating virtually, banks in the developing countries use the Internet as an information delivery tool to improve relationship with customers. In early 2001, approximately 60 percent of e-business in the UK was concentrated in the financial services sector, and with the expected 10-fold increase of the British e-business market by 2004, the share of the financial services will further increase. Around one fifth of Finish and Swedish bank customers are banking online, while in the US, according to UNCTAD, online banking is growing at an annual rate of 60 percent and the numbers of online accounts are expected to reach 15 million near future. Banks have established an Internet presence with various objectives. Most of them are using the Internet as a new distribution channel. Financial services, with the use of Internet, may be offered in an equivalent quantity with lower costs to the more potential customers. There may be contacts from each corner of the world at any time of day or night. This means that banks may enlarge their market without opening new branches. The banks in the US are using the Web to reach opportunities in three different categories: to market information, to deliver banking products and services, and to improve customer relationship.

______________________________________________________________________________ 3

R EPORT

ON

O NLINE B ANKING

Hurdles in implementation of E-Banking in the Region:

In Asia, the major factor restricting growth of e-banking is security factor, in spite of several countries being well connected via Internet. Access to high-quality e-banking products is an issue as well. Majority of banks in Asia are just offering basic services compared with those of developed countries. Still, e-banking seems to have a future in Asia. According to McKinsey survey, e-banking will succeed if the basic features, especially bill payments, are handled well. Bill payment was the most popular feature, cited by 40 percent of respondents of the survey. However, providing this service would be difficult for banks in Asia because it requires a high level of security and involves arranging transactions with a variety of players, In 2001, over 50 percent of the banks in the US were offering e-banking services. However, large banks appeared to have a clear advantage over small banks in the range of services they offered. Some banks in the US were targeting their Internet strategies towards business customers. Apart from affecting the way customers received banking services; e-banking was expected to influence the banking industry structure. The economics of e-banking was expected to favor large banks because of economies of scale and scope, and the ability to advertise heavily. Moreover, ebanking offered entry and expansion opportunities that small banks traditionally lacked.

Internet Services Provided by Banks

Broadly, the levels of banking services offered through INTERNET can be categorized in to three types: 1. The Basic Level Service is the banks websites which disseminate information on different products and services offered to customers and members of public in general. It may receive and reply to customers queries through e-mail, 2. In the next level are Simple Transactional Websites which allow customers to submit their instructions, applications for different services, queries on their account balances, etc, but do not permit any fund-based transactions on their accounts, 3. The third level of Internet banking services are offered by Fully Transactional Websites which allow the customers to operate on their accounts for transfer of funds, payment of different bills, subscribing to other products of the bank and to transact purchase and sale of securities, etc. The above forms of Internet banking services are offered by traditional banks, as an additional method of serving the customer or by new banks, who deliver banking services primarily through Internet or other electronic delivery channels as the value added services. Some of these banks are known as virtual banks or Internet only banks and may not have any physical presence in a country despite offering different banking services.

Issues in services provided by banks via internet

Following are some of the issues which are being faced by the banks while providing internet banking facilities

______________________________________________________________________________ 4

R EPORT

ON

O NLINE B ANKING

1. It removes the traditional geographical barriers as it could reach out to customers of different countries/legal jurisdiction. This has raised the question of jurisdiction of law/supervisory system to which such transactions should be subjected, 2. It has added a new dimension to different kinds of risks traditionally associated with banking, heightening some of them and throwing new risk control challenges, 3. Security of banking transactions, validity of electronic contract, customers privacy, etc., which have all along been concerns of both bankers and supervisors have assumed different dimensions given that Internet is a public domain, not subject to control by any single authority or group of users, 4. It poses a strategic risk of loss of business to those banks who do not respond in time, to this new technology, being the efficient and cost effective delivery mechanism of banking services, 5. A new form of competition has emerged both from the existing players and new players of the market who are not strictly banks.

The regulatory and Supervisory concerns in i-banking

The Regulatory and Supervisory concerns in i-banking arise mainly out of the distinctive features outlined above. These concerns can be broadly addressed under three broad categories, viz, 1. Legal and regulatory issues, 2. Security and technology issues and 3. Supervisory and operational issues. LEGAL AND REGULATORY ISSUES: Legal issues cover those relating to the jurisdiction of law, validity of electronic contract including the question of repudiation, gaps in the legal / regulatory environment for electronic commerce. On the question of jurisdiction the issue is whether to apply the law of the area where access to Internet has been made or where the transaction has finally taken place. Allied to this is the question where the income has been generated and who should tax such income. There are still no definite answers to these issues. SECURITY AND TECHNOLOGICAL ISSUES Security of i-banking transactions is one of the most important areas of concerns to the regulators. Security issues include questions of adopting internationally accepted state-of-the art minimum technology standards for access control, encryption/decryption (minimum key length etc), firewalls, verification of digital signature, Public Key Infrastructure (PKI) etc. The regulator is equally concerned about the security policy for the banking industry, security awareness and education.

______________________________________________________________________________ 5

R EPORT
Security Incidents

ON

O NLINE B ANKING

2003 and 2004 saw the emergence of fraudulent activities pertaining to Internet Banking or better known in the industry as phishing. A total of 92 phishing cases were reported to the Malaysian Computer Emergency Response Team (MyCERT, www.mycert.org.my) in 2004. The modus operandi of this activity is to use spoofing techniques to gain names and passwords of account holders. The victims reported being deceived into going to a fake website where perpetrators stole their usernames and passwords and later use the information for the perpetrators own advantage. Phishing is an attempt to commit fraud via social engineering. The impact is the breach of information security through the compromise of confidential data. The Association of Banks Malaysia (ABM) has urged both commercial banks and their customers to be extra vigilant following reports of fraudulent email purportedly sent by banks with Internet banking services to online customers. The fraudulent activities mentioned above are not limited to the Malaysian banking industry. It is a worldwide problem particularly in the United States. There, 2560 new unique phishing sites were reported to the Anti Phishing Working Group (APWG) in this year. (see http://antiphishing.org/APWG_Phishing_Activity_Report_Feb05.pdf). It was an increase of 47 percent over the December 2004 figure. APWG is an industry association focused on eliminating identity theft and fraud that result from the growing problem of phishing and email spoofing. This voluntary based organization provides a forum to discuss phishing issues, trials and evaluations of potential technology solutions, and access to a centralised repository of reports on phishing attacks. In China, it was reported that the National Computer Network Emergency Response Technical Team / Coordination Centre of China (CNCERT/CC) received 223 Phishing reports from over 33 worldwide financial and security organization. Attack Techniques Nowadays, the nature of attacks is more active rather than passive. Previously, the threats were all passive such as password guessing, dumpster diving and shoulder surfing. Here are some of the techniques used by the attackers today: Trojan Attack. 1 The attacker installs a Trojan, such as key logger program, on a users computer. This happens when users visited certain websites and downloaded programs. As they are doing this, key logger program is also installed on their computer without their knowledge.

______________________________________________________________________________ 6

R EPORT

ON

O NLINE B ANKING

When users log into their banks website, the information keyed in during that session will be captured and sent to the attacker. Here, the attacker uses the Trojan as an agent to piggyback information from the users computer to his backyard and make any fraudulent transactions whenever he wants. Man-in-the-Middle Attack. Here, the attacker creates a fake website and catches the attention of users to that website. Normally, the attacker was able to trick the users by disguising their identity to make it appear that the message was coming from a trusted source. Once successful, instead of going to the designated website, users do not realize that they actually go to the fraudsters website. The information keyed in during that session will be captured and the fraudsters can make their own transactions at the same time.

FIGURE 1.2 Information compromised through man-in-the-middle attack.

Striking a Balance Presently, Internet banking customers only need a computer with access to the Internet to use Internet banking services. Customers can access their banking accounts from anywhere in the world. Each customers is provided a login ID and a password to access the service. It is indeed easy and convenient for customers.

______________________________________________________________________________ 7

R EPORT

ON

O NLINE B ANKING

However, the use of password does not provide adequate protection against Internet fraud such as phishing. The problem with password is that when it has been compromised, the fraudsters can easily take full control of online transactions. In such cases, the password is no longer works as an authentication token because we cannot be sure who is behind the keyboard typing that password in. However, easy access and convenience should not be at the expense and mercy of the security of information. This is important in order to ensure the confidentiality of information and that it is not being manipulated or compromised by the fraudsters. There are several methods of ensuring a more secure Internet banking: 1. Minimum Requirement: Two Factor Authentication Based on the above method, the security measures in place are not adequate to prevent fraud. The current method of using only one factor of authentication definitely has its weaknesses. The security aspects of Internet banking need to be strengthened. At minimum, a two-factor authentication should be implemented in order to verify the authenticity of the information pertaining to Internet banking services. The first authentication factor can be the use of passwords and the second authentication factor can be the use of tokens such as a smartcard. MyKAD is a good avenue to introduce the second factor. The above security measures will greatly minimize incidents of Internet banking fraud. The smartcard here provides a second layer of authentication. This will stop a perpetrator even if he manages to obtain the users password. Intercepted passwords cannot be used if fraudsters do not have the Smartcard. Besides addressing fraudulent activities, this can instill customers confidence in Internet banking. 2. Additional Requirement: Three Factor Authentication However, for a better security, a three factor authentication process should be considered. The third authentication factor is the use of biometric such as iris or thumbprint recognition. This ascertains who one is, biologically. This method of authentication has been introduced by the

______________________________________________________________________________ 8

R EPORT
the latest statements of a member.

ON

O NLINE B ANKING

Employee Provident Fund (EPF) for it members, but is limited to getting

With a three-factor authentication a more secure method can be implemented - a password to ascertain what one knows, a token (smartcard) to ascertain what one has, and biometric recognition (for example fingerprint or thumbprint) to ascertain who one biologically is. As such, if passwords have been compromised, fraudsters need to get through another two levels of authentication to access a customers account. This would be difficult, if not totally impossible. SUPERVISORY AND OPERATIONAL ISSUES The supervisory and operational issues include risk control measures, advance warning system, Information technology audit and re-engineering of operational procedures. The regulator would also be concerned with whether the nature of products and services offered are within the regulatory framework and whether the transactions do not camouflage money-laundering operations.

State Bank of Pakistans Concerns over Internet Facilities

The Central Bank may have its concern about the impact of Internet banking on its monetary and credit policies. As long as Internet is used only as a medium for delivery of banking services and facilitator of normal payment transactions, perhaps, it may not impact monetary policy. However, when it assumes a stage where private sector initiative produces electronic substitution of money like e-cheque, account based cards and digital coins, its likely impact on monetary system can not be overlooked. Even countries where i-banking has been quite developed, its impact on monetary policy has not been significant. Even in Pakistan, such concern, for the present is not addressed as the Internet banking is still in its initial stages. The world over, central bankers and regulators have been addressing themselves to meet the new challenges thrown open by this form of banking. Several studies have pointed to the fact that the cost of delivery of banking service through Internet is several times less than the traditional delivery methods. This alone is enough reason for banks to flock to Internet and to deliver more and more of their services through Internet and as soon as possible. Not adopting this new technology in time has the risk of banks getting edged out of competition. In such a scenario, the thrust of regulatory thinking has been to ensure that while the banks remain efficient and cost effective, they must be aware of the risks involved and have proper builtin safeguards, machinery and systems to manage the emerging risks. It is not enough for banks to

______________________________________________________________________________ 9

R EPORT
technologies, which is a much bigger challenge.

ON

O NLINE B ANKING

have systems in place, but the systems must be constantly upgraded to changing and well-tested

The other aspect is to provide conducive regulatory environment for orderly growth of such form of banking. Central Banks of many countries have put in place broad regulatory framework for ibanking.

The Global Scenario

The world over, central bankers and regulators have been addressing themselves to meet the new challenges thrown open by this form of banking. Several studies have pointed to the fact that the cost of delivery of banking service through Internet is several times less than the traditional delivery methods. This alone is enough reason for banks to flock to Internet and to deliver more and more of their services through Internet and as soon as possible. Not adopting this new technology in time has the risk of banks getting edged out of competition. In such a scenario, the thrust of regulatory thinking has been to ensure that while the banks remain efficient and cost effective, they must be aware of the risks involved and have proper built-in safeguards, machinery and systems to manage the emerging risks. It is not enough for banks to have systems in place, but the systems must be constantly upgraded to changing and well-tested technologies, which is a much bigger challenge. The other aspect is to provide conducive regulatory environment for orderly growth of such form of banking. Central Banks of many countries have put in place broad regulatory framework for i-banking.

Hurdles in implementation of E-Banking in the Region:

In Asia, the major factor restricting growth of e-banking is information security factor, in spite of several countries being well connected via Internet. Access to high-quality e-banking products is an issue as well. Majority of banks in Asia are just offering basic services compared with those of developed countries. Still, e-banking seems to have a future in Asia. According to McKinsey survey, e-banking will succeed if the basic features, especially bill payments, are handled well. Bill payment was the most popular feature, cited by 40 percent of respondents of the survey. However, providing this service would be difficult for banks in Asia because it requires a high level of security and involves arranging transactions with a variety of players, In 2001, over 50 percent of the banks in the US were offering e-banking services. However, large banks appeared to have a clear advantage over small banks in the range of services they offered. Some banks in the US were targeting their Internet strategies towards business customers. Apart from affecting the way customers received banking services; e-banking was expected to influence the banking industry structure. The economics of e-banking was expected to favor large banks because of economies of scale and scope, and the ability to advertise heavily. Moreover, ebanking offered entry and expansion opportunities that small banks traditionally lacked.

______________________________________________________________________________ 10

R EPORT

ON

O NLINE B ANKING

Internet its basic structure and topology

Internet is a vast network of individual computers and computer networks connected to and communicate with each other using the same communication protocol TCP/IP (Transmission Control Protocol / Internet Protocol). When two or more computers are connected a network is created; connecting two or more networks create internetwork or Internet. The Internet, as commonly understood, is the largest example of such a system. Internet is often and aptly described as Information Superhighway, a means to reach innumerable potential destinations. The destination can be any one of the connected networks and host computers. Internet has evolved to its present state out of a US Department of Defense project ARPANet (Advanced Research Project Administration Network), developed in the late 1960s and early 1970s as an experiment in wide area networking. A major perceived advantage of ARPANet was that the network would continue to operate even if a segment of it is lost or destroyed since its operation did not depend on operation of any single computer. Though originally designed as a defence network, over the years it was used predominantly in areas of scientific research and communication. By the 1980s, it moved out of Pentagons control and more independent networks from US and outside got connected to it. In 1986, the US National Science Foundation (NSF) established a national network based on ARPA protocol using commercial telephone lines for connectivity. The NSFNet was accessible by a much larger scientific community, commercial networks and general users and the number of host computers grew rapidly. Eventually, NSFNet became the framework of todays Internet. ARPANet was officially decommissioned in 1990. It has become possible for innumerable computers operating on different platforms to communicate with each other over Internet because they adopt the same communication protocol, viz, TCP/IP. The latter, which stands for Transmission Control Protocol / Internet Protocol, is a set of rules which define how computers communicate with each other. In order to access Internet one must have an account in a host computer, set up by any one of the ISPs (Internet Service Providers). The accounts can be SLIP (Serial Line Internet Protocol) or PPP (Point to Point Protocol) account. These accounts allow creating temporary TCP/IP sessions with the host, thereby allowing the computer to join the Internet and directly establish communication with any other computer in the Internet. Through this type of connection, the client computer does not merely act as a remote terminal of the host, but can run whatever programs are available on the web. It can also run several programs simultaneously, subject to limitations of speed and memory of the client computer and modem. TCP/IP protocol uses a unique addressing scheme through which each computer on the network is identified. TCP / IP protocol is insecure because data packets flowing through TCP / IP networks are not normally encrypted. Thus, any one who interrupts communication between two machines will have a clear view of the data, passwords and the like. This has been addressed through Secured Socket Layer(SSL), a Transport Layer Security (TLS) system which involves an encrypted session between the client browser and the web server.

______________________________________________________________________________ 11

R EPORT

ON

O NLINE B ANKING

FTP or File Transfer Protocol is a mechanism for transferring files between computers on the Internet. It is possible to transfer a file to and from a computer (ftp site) without having an account in that machine. Any organization intending to make available to public its documents would normally set up a ftp site from which any one can access the documents for download. Certain ftp sites are available to validated users with an account ID and password. E-Mail: The most common and basic use of Internet is the exchange of e-mail (electronic mail). It is an extremely powerful and revolutionary result of Internet, which has facilitated almost instantaneous communication with people in any part of the globe. With enhancements like attachment of documents, audio, video and voice mail, this segment of Internet is fast expanding as the most used communication medium for the whole world. Many websites offer e-mail as a free facility to individuals. Many Corporate have interfaced their private networks with Internet in order to make their email accessible from outside their corporate network.

World Wide Web (WWW)

Internet encompasses any electronic communication between computers using TCP/IP protocol, such as e-mail, file transfers etc. WWW is a segment of Internet, which uses Hyper Text Markup Language (HTML) to link together files containing text, rich text, sound, graphics, video etc. and offers a very convenient means of navigating through the net. It uses hypertext transfer protocol (HTTP) for communication between computers. Web documents, which are referred to as pages, can contain links to other related documents and so on, in a tree like structure. The person browsing one document can access any other linked page. The web documents and the web browsers which are the application programs to access them, are designed to be platform independent. Thus any web document can be accessed irrespective of the platform of the computer accessing the document and that of the host computer. The programming capabilities and platform independence of Java and Java applets have further enriched the web. The point and click method of browsing is extremely simple for any lay user of the net. In fact, the introduction of web since early 1990 has made Internet an extremely popular medium and its use in business has been enhanced dramatically. The next in the HTML genre is the Extensible Markup Language (XML), which allows automated two-way information flow between data stores and browser screens. XML documents provide both the raw content of data and the data structure and is projected by its proponents as taking the web technology beyond the limits of HTML.

Wireless Application Protocol (WAP):

WAP is the latest industry standard which provides wireless access to Internet through handheld devices like a cellular telephone. This is an open standard promoted by WAP forum and has been adopted by worlds all major handset manufacturers. WAP is supplemented by Wireless Application Environment (WAE), which provides industry wise standard for developing applications and services for wireless communication networks. This is based on WWW technology and provides for application for small screens, with interactive capabilities and

______________________________________________________________________________ 12

R EPORT

ON

O NLINE B ANKING

adequate security. Wireless Transaction Protocol (WTP), which is the equivalent of TCP, sets the communication rules and Wireless Transport Layer Security (WTLS) provides the required security by encrypting all the session data. WAP is set to revolutionize the commercial use of net.

Security threats:
One of the biggest attractions of Internet as an electronic medium is its openness and freedom. It is a public domain and there is no restriction on who can use it as long as one adheres to its technical parameters. This has also given rise to concerns over the security of data and information transfer and privacy. These concerns are common to any network including closed user group networks. But over the Internet, the dimensions of risk are larger while the control measures are relatively fewer. These issues are discussed in detail in Chapter5 and Chapter6 of the report. It will be sufficient to say here that the key components of such concern are, i. ii. iii. iv. v. authentication, viz., assurance of identity of the person in a deal, authorization, viz., a party doing a transaction is authorized to do so, the privacy or confidentiality of data, information relating to any deal, data integrity, viz., assurance that the data has not been altered and non repudiation, viz., a party to the deal can not deny that it originated the communication or data.

E-Commerce:
Even though started as network primarily for use by researchers in defense and scientific community, with the introduction of WWW in early 1990s, use of Internet for commerce has grown tremendously. E-commerce involves individuals and business organizations exchanging business information and instructions over electronic media using computers, telephones and other telecommunication equipments. Such form of doing business has been in existence ever since electronic mode of data / information exchange was developed, but its scope was limited only as a medium of exchange of information between entities with a pre-established contractual relationship. However, Internet has changed the approach to e-commerce; it is no longer the same business with an additional channel for information exchange, but one with new strategy and models. A business model generally focuses on i. ii. iii. iv. where the business operates, that is, the market, the competitors and the customers, what it sells, that is, its products and services the channels of distribution, that is, the medium for sale and distribution of its products and the sources of revenue and expenditure and how these are affected.

______________________________________________________________________________ 13

R EPORT

ON

O NLINE B ANKING

Internet has influenced all the four components of business model and thus has come to influence the business strategy in a profound way. The size of the market has grown enormously as technically, one can access the products and services from any part of the world. So does the potential competition. The methods of reaching out to customers, receiving the response and offering services have a new, simpler and efficient alternative, now, that is, Internet. The cost of advertisement, offer and delivery of services through Internet has reduced considerably, forcing most companies to rework their strategies to remain in competition. A research note by Paul Timmers of European commission had identified eleven business models, which have been commercially implemented. These are e-shop, e-procurement, e-auction, e-mall, Third-party market place, Virtual communities, Value chain service providers, Value chain integrators, Collaboration platforms and Information brokers. He classified business models along two dimensions, i.e, degree of innovation and extent of integration of functions. The innovation ranged from the electronic version of a traditional way of doing business (e-shop) to more innovative ways by offering functions that did not exist before. The second dimension, i.e, extent of integration ranges from a single function business model (like e-shop) to fully integrated functionality (value chain integrator). In the top end of the graph are models, which cannot be implemented in a traditional way and are critically dependent upon information technology and creating value from information flow. Business models, in between these two limits are a combination of both dimensions in different degrees and have some degree of analogy in traditional firms. There are two types of e-commerce ventures in operation: the old brick and mortar companies, who have adopted electronic medium, particularly Internet, to enhance their existing products and services, and / or to offer new products and services and the pure e-ventures who have no visible physical presence. This difference has wider ramifications than mere visibility when it comes to issues like customers trust, brand equity, ability to service the customers, adopting new business culture and cost. These aspects of e-commerce will be touched upon in the following discussions. Another way of classifying the e-commerce is by the targeted counterpart of a business, viz, whether the counterpart is a final consumer or another business in the distribution chain. Accordingly, the two broad categories are: Business-to-Consumer (B2C) and Business-toBusiness (B2B).

Business-to-Consumers (B2C):
In the B2C category are included single e-shops, shopping malls, e-broking, e-auction, e-banking, service providers like travel related services, financial services etc., education, entertainment and any other form of business targeted at the final consumer. Some of the features, opportunities and concerns common to this category of business irrespective of the business segment, are the following.

______________________________________________________________________________ 14

R EPORT

ON

O NLINE B ANKING

Opportunities:
Internet provides an ever-growing market both in terms of number of potential customers and geographical reach. Technological development has made access to Internet both cheaper and faster. More and more people across the globe are accessing the net either through PCs or other devices. The purchasing power and need for quality service of this segment of consumers are considerable. Anybody accessing Internet is a potential customer irrespective of his or her location. Thus, any business targeting final consumers cannot ignore the business potential of Internet. Internet offers a unique opportunity to register business presence in a global market. Its effectiveness in disseminating information about ones business at a relatively cost effective manner is tremendous. Time sensitive information can be updated faster than any other media. A properly designed website can convey a more accurate and focused image of a product or service than any other media. Use of multimedia capabilities, i.e., sound, picture, movies etc., has made Internet as an ideal medium for information dissemination. However, help of other media is necessary to draw the potential customers to the web site. The quality of service is a key feature of any e-commerce venture. The ability to sell ones product at anytime and anywhere to the satisfaction of customers is essential for e-business to succeed. Internet offers such opportunity, since the business presence is not restricted by time zone and geographical limitations. Replying to customers queries through e-mail, setting up (Frequently Asked Questions) FAQ pages for anticipated queries, offering interactive help line, accepting customers complaints online 24 hours a day and attending to the same, etc. are some of the features of e-business which enhance the quality of service to the customers. It is of crucial importance for an e-venture to realize that just as it is easier to approach a customer through internet; it is equally easy to lose him. The customer has the same facility to move over to another site. Cost is an important issue in an e-venture. It is generally accepted that the cost of overhead, servicing and distribution, etc. through Internet is less compared to the traditional way of doing business. Although the magnitude of difference varies depending on the type of business and the estimates made, but there is unanimity that Internet provides a substantial cost advantage and this, in fact, is one of the major driving forces for more number of traditional business adopting to e-commerce and pure e-commerce firms to sprout. Cost of communication through WWW is the least compared to any other medium. Many a time ones presence in the web may bring in international enquiries, which the business might not have targeted. The business should have proper plans to address such opportunities.

Concerns:
There are a number of obstacles, which an e-commerce venture needs to overcome. Trust of customers in a web venture is an important concern. Many customers hesitate to deal with a web venture as they are not sure of the type of products and services they will receive. This is

______________________________________________________________________________ 15

R EPORT

ON

O NLINE B ANKING

particularly true in a B2C venture like e-shop, e-mall or e-auction site. Traditional business with well established brands and goodwill and having a physical presence face less resistance from customers in this regard than a pure e-venture. Many B2C ventures have ultimately to deliver a product or service in physical form to the customer for a deal contracted through Internet. This needs proper logistics, an efficient distribution network, and control over quality of product or service delivered. These issues are not technology related and any let off in this area can drive the customer away to the competitor or from e-commerce. The privacy of information on the customers preferences, credit card and bank account details etc. and customers faith in a system where such privacy is stated to be ensured are important issues to be addressed. These are mainly technological issues, but human factor is important both at the business and at the customers end and also in building the trust in the system. Security of a transaction, authenticity of a deal, identification of a customer etc. are important technological and systems issues, which are major sources of concern to ecommerce. Equally important are questions of repudiation of a deal, applicability of law, jurisdiction of tax laws etc. These are important to all forms of e-commerce, whether B2C or B2B and all segments of business, i.e. manufacturing, services and finance and are addressed in different chapters of this report. Accessibility to Internet by the consumers is an important issue in B2C domain. This is particularly so in countries like India where penetration of PCs and other devices to households for access to Internet is minimal. Also important are availability of bandwidth and other infrastructure for faster and easier access. Considering that ecommerce aims at global market, deficiencies of these kinds in the developing world are no longer concerns confined to these areas, but are global e-commerce concerns.

Business to Business (B2B)

As opposed to B2C e-commerce, in B2B domain, the parties to a deal be at different points of the product supply chain. Typically, in a B2B type domain, a company, its suppliers, dealers and bankers to all the parties are networked to finalize and settle all aspects of a deal, online. Perhaps, only the goods in different stages of processing physically move from the supplier to the dealer. This scenario can be extended to include the shipper, providers of different ancillary services, IT service provider and the payment system gateway, etc., depending on the degree of sophistication of the available systems. Another important feature of a B2B domain, as distinct from B2C, is that business information / data is integrated to the back office systems of parties to a deal and the state of straight through processing (STP) or near STP is achieved. This is a very significant aspect of B2B model of ecommerce, which results in improved profits through lowering cost and reducing inventories. For example, in a B2B environment, typically, the back office system of a company controls inventory requirement with reference to the order book position updated regularly on the basis of orders received from dealers through Internet. At the optimum level of inventory it raises a

______________________________________________________________________________ 16

R EPORT

ON

O NLINE B ANKING

purchase order with the supplier, whose system in turn, personnel, etc., since they involve large investments and are critical to success. Several studies have attempted to assess the relative importance of B2B and B2C business domains. There is wide difference in estimates of volume of business transacted over Internet and its components under B2C and B2B. However, most studies agree that volume of transactions in B2B domain far exceeds that in B2C. This is expected result. There is also a growing opinion that the future of e-business lies in B2B domain, as compared to B2C. This has several reasons some of which are already discussed earlier, like low penetration of PCs to households, low bandwidth availability etc., in a large part of the world. The success of B2C ventures depends to a large extent on the shopping habits of people in different parts of the world. A survey sponsored jointly by Confederation of Indian Industries and Infrastructure Leasing and Financial Services on e-commerce in India in 1999 made the following observations. 62% of PC owners and 75% of PC non-owners but who have access to Internet would not buy through the net, as they were not sure of the product offered. The same study estimated the size of B2B business in India by the year 2001 to be varying between Rs. 250 billion to Rs. 500 billion. In a recent study done by Arthur Anderson, it has been estimated that 84% of total e-business revenue is generated from B2B segment and the growth prospects in this segment are substantial. It has estimated the revenues to be anywhere between US $ 2.7 trillion to over US $ 7 trillion near future.

The Growth of Internet Banking and common products:

Internet Banking is a product of e-commerce in the field of banking and financial services. In what can be described as B2C domain for banking industry, Internet Banking offers different online services like balance enquiry, requests for cheque books, recording stop-payment instructions, balance transfer instructions, account opening and other forms of traditional banking services. Mostly, these are traditional services offered through Internet as a new delivery channel. Banks are also offering payment services on behalf of their customers who shop in different e-shops, emails etc. Further, different banks have different levels of such services offered, starting from level-1 where only information is disseminated through Internet to level-3 where online transactions are put through. These aspects have been dealt with in brief in the introductory chapter and again detailed products and services are discussed in chapters 3 and 4. Hence, in the following paragraphs I-banking concerns in B2B domain are discussed. Considering the volume of business e-commerce, particularly in B2B domain, has been generating, it is natural that banking would position itself in an intermediary role in settling the transactions and offering other trade related services. This is true both in respect of B2C and B2B domains. Besides, the traditional role of financial intermediary and settlement agents, banks have also exploited new opportunities offered by Internet in the fields of integrated service providers, payment gateway services, etc. However, the process is still evolving and banks are repositioning themselves based on new emerging e-commerce business models.

______________________________________________________________________________ 17

R EPORT

ON

O NLINE B ANKING

In B2B scenario, a new form of e-commerce market place is emerging where various players in the production and distribution chain are positioning themselves and are achieving a kind of integration in business information flow and processing (STP or near STP) leading to efficiencies in the entire supply chain and across industries. Banks are positioning themselves in such a market in order to be a part of the financial settlements arising out of transactions of this market and providing wholesale financial services. This needs integration of business information flow not only across the players in the supply chain, but with the banks as well. With the integration of business information flow and higher degree of transparency, the banks and other financial services institutions have lost some of the information advantage they used to enjoy and factor in to pricing of their products. However, such institutions have the advantage of long standing relationships, goodwill and brand, which are important sources of assurance in a virtual market. Banks are in fact, converting this goodwill into a business component in ecommerce scenario in providing settlement and other financial services. Some banks have also moved to providing digital certificates for transactions through e-markets. Banks strategies in B2B market are responses to different business models emerging in e-commerce. A recent study by Arthur Andersen shows that banks and financial service institutions generally adopt one of three business models to respond to e-business challenges. In the first place, they treat it as an extension of existing business without any significant changes other than procedural and what technology demands. The second strategy takes the same approach as the first but introduces structural changes to the underlying business. In the third approach banks launch e-business platform as a different business from the existing core business and as a different brand of product.

Different Approaches
There is no definite answer as to which approach is appropriate. Perhaps it depends on the type of market the bank is operating, its existing competencies and the legal and regulatory environment. It is, however, sure that e-banking is evolving beyond the traditional limits of banking and many new products / services are likely to emerge as ecommerce matures.

______________________________________________________________________________ 18

R EPORT

ON

O NLINE B ANKING

C HAPTER 2 O

NLI NE

B ANKI NG

VIZ

A SKARI B A NK

As explained earlier how Banks work online with different challenges they face while operating online. Similarly is the case with the bank we have chosen i.e. Askari Bank Limited. As we already know that the purpose of having online facility is to have real-time transactions without having a customer to present physically in the home branch and only with mere virtual presence like internet access, phone-banking, mobile banking, inter-branch funds transfer etc.

Linking of branches
All branches of Askari Bank Limited are connected but not limited only via: Satellite links Copper-wire media Radio links Fiber-optics Nostra etc.

Branch network

FIGURE 2.1 Askari Banks branch network across Pakistan region wise.

______________________________________________________________________________ 19

R EPORT

ON

O NLINE B ANKING

South Region Cities:

Chaman Dharki Ghotki Gwadar Hyderabad Jacobabad Jamshoro Kandhkot Karachi Khairpur Larkana Mirpur Khas Nawabshah Quetta Shikarpur Sukkur Tando Adam

______________________________________________________________________________ 20

R EPORT

ON

O NLINE B ANKING

North Region Cities:

Abbotabad Allai Chaksawari Chakwal Chashma Dadyal Dera Ismail Khan Gilgit Gujar Khan Haripur Hazroo Islamabad Jatlan Jhelum Kamra Mangla Mardan Mirpur Muzaffarabad Nowshera Peshawar Pindi Gheb Rawalpindi Risalpur Swat Taxila Wah Cantt

Center Region:
Bahawalpur Bhalwal Burewala Chiniot Daska Depalpur Dera Ghazi Khan Faisalabad Gujranwala Gujrat Hasil Pur Jalalpur Bhattian Jhang Khanewal Kharian Lahore Lalamusa Layyah Mandi Bahauddin Mianwali Multan Okara Phool Nagar Pir Mahal Rahim Yar Khan Sadiqabad Sahiwal Sargodha Sheikhupura Sialkot Toba Tek Singh Vehari

______________________________________________________________________________ 21

R EPORT

ON

O NLINE B ANKING

North Region Cities:

Abbotabad Allai Chaksawari Chakwal Chashma Dadyal Dera Ismail Khan Gilgit Gujar Khan Haripur Hazroo Islamabad Jatlan Jhelum Kamra Mangla Mardan Mirpur Muzaffarabad Nowshera Peshawar Pindi Gheb Rawalpindi Risalpur Swat Taxila Wah Cantt

South Region Cities:

Chaman Dharki Ghotki Gwadar Hyderabad Jacobabad Jamshoro Kandhkot Karachi Khairpur Larkana Mirpur Khas Nawabshah Quetta Shikarpur Sukkur Tando Adam

______________________________________________________________________________ 22

R EPORT

ON

O NLINE B ANKING

Why Askari Online Banking Facilities?

Askari Bank online banking facility is unique in its own way because they provide this facility to each and every of their valued customers and thats not it, online banking in a same city is free, apart from having facility of making online cheques, payorders, demand-draft (DD) etc. i.e. having facility to make online cheques, PayOrders/Demand draft from anywhere across Pakistan, plus Askari Bank (AKBL) has an excellent credit rating compared to the banks of its stature.

Askari Bank Online Facilities

Askari Bank has always been a pioneer in providing some of the top-notch services to its consumer base, which includes some of the following service

ATM facility
Including AskCard, Askari Visa Debit Cards, Askari MasterCard etc are to name some, which with the power of Visa and MasterCard, gives you the privilege of using it globally.

iNET Banking
Internet, intranet and online banking to their valuable customers via banks 24/7 intranet

Virtual Private Networking (VPN)

FIGURE 2.2 Procedure showing how a VPN(Virtual Private Network) works.

A virtual private network (VPN) is a computer network that uses a public telecommunication infrastructure such as the Internet to provide remote offices or individual users secure access to their organization's network. It aims to avoid an expensive system of owned or leased lines that can be used by only one organization. It encloses data transfers using a secure cryptographic method between two or more networked devices which are not on the same private network so as to keep the transferred data private from other devices on one or more intervening local or wide area networks via security checks like

______________________________________________________________________________ 23

R EPORT
classifications, implementations, and uses for VPNs.

ON

O NLINE B ANKING

firewalls and head-office which is generally referred as EDT/Phoenix. There are many different

Inter Bank Fund Transfer IBFT

No branch of AKBL far for you when having the privilege of transferring cash and funds from anywhere to anywhere in Pakistan. Every AKBL consumer can avail this facility complimentary.

Blue Area Branch, Islamabad

HEADOFFICE/ETD/ PHOENIX

1Link / MNet

DHA Branch Khayaban-eIttehad Branch, Karachi

FIGURE 2.3 How AKBLs Online transaction moves across the country
Similarly, AKBLs online network is centrally controlled from AWT Plaza, Rawalpindi, which they in short call as ETD and system administrators and network auditors as Phoenix, where all their online records are verified and are put in black and white, whether its day-end reporting, branch report, 100, 40 reports, which includes all transactions to and from a particular branch. As far as the above diagram concern, it is showing that a person whose home branch is in Islamabad, and hes in Karachi for some business work, so whenever hell be needing an online bank fund transfer option,

______________________________________________________________________________ 24

R EPORT

ON

O NLINE B ANKING

itll go through Phoenix in Islamabad and a log will be created there which will be including agent ID (usually the CD incharge is the person whos responsible for all such transactions) and than the transaction will move forward to its final destination. All this takes merely 60 seconds to authenticate and verify. In 40 report, all this log from a branchs point-of-view is printed at day end and a CC is sent to the ETD for reconciliation and only AFTER verification and rectification from Phoenix, the system administrator is allowed to switch off the branchs online network and most of the time hes the last person to leave the office building.

Transaction via ATM to a Bank Account

Thanks to the online banking network, you do not have to be physically present to make a transaction or send or receive money. With having power of ATM in our ATM cards, we are able to transfer funds and cash easily not limited to AKBL-to-AKBL but AKBL to all those banks which support either MNET or 1Link (Cirrus network still in progress to be commonly used ATM network, right now only SAMBA Bank is using it). Not only that, ATMs now also allows us to have bill payments (not limited to utility bills payments but also cell phone bill payments, school colleges university fees payments as well, provided that particular bank supports such transactions as well.

Privacy guaranteed
Privacy while using ATM services matters greatly as all these transactions and printing of receipt are system generated and under no circumstances, private information which could disclose ones identity is not a matter of concern as even when a particular branch network administrator takes out the 40 report from ATM, even in that report, only first and last 4 digit of their card numbers are visible and rest is hidden behind asterisks. Although those reports are kept in the branch till Saturday and on every Saturday, they put those bundles of ATM receipt sheet which includes their transaction activities across the week is dispatched in a folder and iFax one copy to ETD on weekly basis with their particular branch ID.

Network security
Network security in current environment is a great matter of concern for banks because at times, a little mishap can result a catastrophic output. Thats why all AKBLs transactions are fully secured by keeping it encrypted algorithm while using ATM facility, using up-to-date antivirus security (at AKBL they are using Kaspersky Antivirus), last but not the least is Firewall guard. These steps also applicable for having batch-transfers in real-time transaction and general ledgers especially when they are being printed from out-of-network to AKBL ATM.

Askari Bank while facilitating Businesses

Askari Bank is currently facilitating businesses to a great deal. They are providing facilities like Free-Fund-Transfer from Business-to-Business Account,

______________________________________________________________________________ 25

R EPORT
Business Visa Debit Cards Country-to-Country Money and Fund Transfer via Nostra Insurance o o o Includes all business transactions All ATM transactions are fully insured All these facilities are complimentary for their customers

ON

O NLINE B ANKING

Business loans with low mark-up Askari Paishgi Munafa Account SWIFT Accounts

Network specifications
As we know that there are many types of networks which are being used, most commonly is the LAN or local area network. But Askari Bank uses WAN or Wide Area Network because of its wide array of networked branches.

Wide Area Network

WANs are used to connect LANs and other types of networks together, so that users and computers in one location can communicate with users and computers in other locations. Many WANs are built for one particular organization and are private. Others, built by Internet service providers, provide connections from an organization's LAN to the Internet. WANs are often built using leased lines. At each end of the leased line, a router connects to the LAN on one side and a hub within the WAN on the other. Leased lines can be very expensive. Instead of using leased lines, WANs can also be built using less costly circuit switching or packet switching methods. Network protocols including TCP/IP deliver transport and addressing functions. Protocols including Packet over SONET/SDH, MPLS, ATM and Frame relay are often used by service providers to deliver the links that are used in WANs. X.25 was an important early WAN protocol, and is often considered to be the "grandfather" of Frame Relay as many of the underlying protocols and functions of X.25 are still in use today (with upgrades) by Frame Relay. Academic research into wide area networks can be broken down into three areas: Mathematical models, network emulation and network simulation. Performance improvements are sometimes delivered via WAFS or WAN optimization. As mentioned earlier, they also provide extranet support to their customers so that they can access their account anywhere in the world. AKBLs iNET banking is a prime example of their WAN accessibility features.

______________________________________________________________________________ 26

R EPORT

ON

O NLINE B ANKING

KBOX
KBOX is another of the software which is included with their WAN network package and the purpose of this software is to limit personalized use of office computers and while at the day-end, this report is also forwarded to ETD and a copy is saved in home branch, by personalized use we mean: Playing games and listening music Installing software other than the prescribed ones from ETD Using any other source of connecting to internet (as apart from Branch manager and Operations manager, no one in the branch is allowed to use internet of any means, even anti-virus software is also to be updated directly by the system/network administrator and no officer is allowed to do the same from his/her own) like internet device, USB stick etc. Unauthorized flash-drive activity Attaching any other device to office computers except office printers, scanners etc like cell phones, smart phones, laptops (even though manager grades have such privileges)

Banks IT Room
All these records are initially kept at the branchs IT room. An IT room is a place where usually on a common day, no one is allowed to enter the room as case sensitive information is placed over there, like server configuration, bandwidth distribution and allocation, printing and saving logs of customer statements, direct connected to the ETD, usually the IT room is placed upstairs under the surveillance of CCTV cameras as

voiding it is a audit objection, any network or equipment problem is referred to the network administrator, Even in case of a problem with ATM like machine out of order or customer card

stuck is only recovered when theres a network administrator around, because of his peculiar ID hes able to forward the complain to ETD therefore no one else in the branch have the privilege of doing the same, else even in case of a problem with ATM no one is allowed to touch it,

______________________________________________________________________________ 27

R EPORT
and its room in Bank.

ON

O NLINE B ANKING

Therefore, in the light of above, one cant deny the importance of a network administrator

______________________________________________________________________________ 28

R EPORT

ON

O NLINE B ANKING

Glossary
ATM
Automatic Teller Machine

B2B
Business-to-Business

B2C
Business-to-Customers

Bank-Wire Transfers
Bank wire transfers is said to be the path or interface which allows bank-2-bank transactions between two international banks, often the most expedient method for transferring funds between bank accounts.

Decrypt
To decode -

Encrypt
To encode -

FTP
File Transfer Protocol

IBAN
The International Bank Account Number (IBAN) is an international standard for identifying bank accounts across national borders with a minimal of risk of propagating transcription errors.

IBFT
Inter-Bank-Fund-Transfer Allows a customer to access his bank account away from his homebranch and able to transfer cash and funds to and from a remote branch without physically present at his home-branch.

Intranets and Extranets

Intranet Intranet is a network which is only available inside an organization or a company. It can be accessed by all the computers that are operated inside the company's premises and is not connected to the Internet. The purpose is to keep information contained inside the organization and prevent leak of information due to employee errors or hacking attempts. Extranet Extranet is an extension of intranet to some entities outside the organization or a company. For example if a company allows its customers to connect to the company intranet, then it will form an

______________________________________________________________________________ 29

R EPORT
separated from the regular internet.

ON

O NLINE B ANKING

extranet, which is composed of computers inside the company and outside the company but still is

Middle-in-the-man attack
Normally, the attacker was able to trick the users by disguising their identity to make it appear that the message was coming from a trusted source. Once successful, instead of going to the designated website, users do not realize that they actually go to the fraudsters website. The information keyed in during that session will be captured and the fraudsters can make their own transactions at the same time

Spoof
A mail from hacker which misguides the end user to enter his personal details, and on the basis of which, the log of the keys pressed on that spoof website, is directly key-logged into hackers computer and therefore hes able to use that information to personify others.

SWIFT
ISO 9362 (also known as SWIFT-BIC, BIC code, SWIFT ID or SWIFT code) is a standard format of Business Identifier Codes approved by the International Organization for Standardization (ISO).

System administrator
A system administrator or network administrator in a bank is a person who controls all network transaction made through banks computer systems, which can include but not limited to printing of receipts like statements, day-end procedures etc. It also helps connect the bank to the central network and is the body responsible for keeping network server and its related equipments in well working conditions. Apart from that hes responsible for keeping the ATM machine well intact and any problem in that machine has to be rectified by him.

TCP/IP Topology Trojan VPN

Virtual Private Network - A virtual private network (VPN) is a computer network that uses a public telecommunication infrastructure such as the Internet to provide remote offices or individual users secure access to their organization's network. It aims to avoid an expensive system of owned or leased lines that can be used by only one organization.

WAP
Wireless Application Protocol

______________________________________________________________________________ 30