On-Line Islamic Banking Services

Prof. Dr. Mohd. Masum Billah1

INTRODUCTION In the early 1980s, Financial Institutions in Malaysia did all of their transactions manually. Customers had to queue to execute their financial transactions and other banking businesses. These consume a lot of the clients precious time and somehow the services were quite inefficient. Due to the usage of paper based systems in banks and these caused data redundancy, lack of flexibility and sometime may caused lack of data sharing and availability of the system. Since the past three years, parallel with the fast moving in Information Technology (IT), everything becomes faster. Financial Institutions in Malaysia take the opportunity to grab the challenges from the Prime Minister of Malaysia to compete with globalization in
1

Professor of Islamic Financial Regulations, King Abdul Aziz University, Jeddah. Professor of Islamic Financial Applications, University of Camden, USA. Assoc. Professor of Law (Insurance, Takaful, Islamic Banking, Finance & E-Commerce), Faculty of Economics and Management Sciences, International Islamic University Malaysia. He is also an Adviser and Consultant to several Companies and Institutions (Internationally & Locally ) on Insurance, Banking, Financial and IT regulations, Wealth & Asset Management, Islamic Bond Market, Gold Dinar and so on under both modern principles and Shariah Discipline. Also the author of http//.www.islamic-insurance.com. E-mail: masum2001@yahoo.com

IT environment through MSC (Multimedia Super Corridor). Online Banking system is now applied by almost all banks in Malaysia. Even though the systems are not fully utilize, this is a good scenario where they start to implement the online banking in the new IT era. Online banking is also called Electronic Banking, Internet Banking, Electronic Transfer Fund and Home Banking. These are the same thing; however they differ in the classification whether it is external or internal. There are also issues regarding online banking as in; problems that might arise, security in online banking and applications applied. Online banking is the transaction through electronic devices such as telephone and electronic systems, other than the usual method implemented such as paper based system in order to check, debit/credit account, payment system or other transactions. any transfer of funds, other than a transaction originated by check, draft or similar paper instrument, which is initiated through an electronic terminal, telephonic instrument or magnetic tape, so as to order, instruct or authorize a financial institution to debit or credit an account (Welch Brian, 1994) BACKGROUND OF THE INSTITUTIONS In this project, two financial institutions were chosen which were Mayban Finance Berhad (MBF) Main Office and Bank Muamalat Malaysia Berhad (BMMB), IIUM service center. Interview sessions were conducted to both of the institutions respectively. Different institutions apply different systems in online banking but under the same and standard guideline granted by Bank Negara Malaysia. A financial institution which has licensed under the Banking and Financial Act (BAFIA) 1989 and the Islamic Banking Act 1983 is allowed to offer Online Banking system in Malaysia. Mayban Finance Berhad which is located at Dataran Maybank, Bangsar is one of the subsidiaries of Maybank Berhad. From the research, we found that Maybank Berhad is

the first conventional institutions that develop their own system of online banking. Maybank provides many facilities to ensure their customers satisfaction and benefit. They have their own policy in order to ensure the security of the particularly system discussed. The policy and security is confidential. General information about the security and policy are provided but not in a detail manner. This applied to all branches and service centers around Malaysia and abroad such as in Brahman, London and United Kingdom. Bank Muamalat Malaysia Berhad (BMMB), headquarters is located at Jalan Melaka, Kuala Lumpur. This institution is one of the fully Islamic Banking which is implementing Online Banking services. Online Banking in BMMB is not fully functioned yet because it is still under development. However, they have provided much information about online banking to their customers through their website and Customers Service Personnel. This information is for the customers future usage. BMMB do offer online banking but somehow not fully on the internet. In BMMB, they have internal and external online system. Internally, transaction has to be done manually but to update the transaction, online system is used. For instance, if a user had opened an account in Bank A and he or she then wants to make a transaction such as a withdrawal in Bank B, the particular transaction is done manually but it is updated online. While the external online system, a user can do the transaction on his or her own self. For instance using ATM machine, user A can withdraw his or her money anywhere as long as it is within the networking of the bank.

MAIN IDEA Both institutions have similar central idea behind online banking. They want to enhance the benefit for their customers as well as to make customers life easier in dealing with the transactions. Currently, customers have to brick and mortar when dealing with banks. Brick and mortar means they have to queue and pay when dealing with the services provided. From these experiences, both banks do want to increase their performances in their services. For the purpose of efficiency in the transactions, they think it is better to fully utilize the online banking which is faster and easier.

APPLICATIONS Maybank Online Banking System can be categorized as Intermediate Cyber Bank to Advance cyber bank where users or customers can consult their account online (the usage of CDM (Cash Deposit Machine), ATM, and Updating Book Machine) and also provides transactional site where customers can transfer money, pay bills and/or buy financial services at www.maybank2u.com. BMMB Online Banking System can be categorized under Interactive banks where they offer calculators and/or formatted e-mail communications through their website which is www.muamalat.com. Product and Services (Applications) As an established financial institution, Maybank Berhad offer many services to their client. From the interview session, there are five most popular online banking services offered: 1. Kawanku Cash Deposit Machine (CDM)

Here, users can deposit their cash through machine without wasting time in queuing at the counter. Users have to follow the procedure provided step by step to ensure the safety. Immediate transferring could be done and also to create a third party savings. 2. Kawanku Cheque Deposit Machine The application is same as CDM, where users can make cheque clearance faster. In Maybank Berhad Main Office (Menara Maybank), the machines are more advance where users can check the detail by scanning the cheque. The machine will sent the information through bar code and users will confirm the details. This system is safer and more confident to be used. 3. Kawanku Update Book Machine Users will get information on their latest financial position faster than the manual system. The customer needs not to queue only to update their account books. Users need to just enter the account number at the machine and other details required by the machine. It is the same application as at the counter but here the users can access it by his or herself. 4. Maybank2u.com website Users can pay small billing through the Internet. Payment can be made anywhere outside Malaysia since it is in the network access. Payment such as Kawanku Phone Banking, Maybank-Maxis Mobile Financial Services and Malaysia Airlines Electronic Ticketing are offered (MASET). 5. Kawanku ATM services There are many other services under the ATM service. Reload and top up account for Celcom Prepaid, DIGI Prepaid Mobile, TIMECel Prepaid and Touch n Go Application of maybank2u.com also provided Malaysia Airlines Electronic Ticketing (MASET)

These services are under self-service terminal in all Maybank branches. In the website there are many others services offered such as Foreign Worker Telegraphic Transfer (FWWT), e-debit and Maybank Inter-country Link which is the latest development.

Bank Muamalat Malaysia Berhad also offers their services for customers convenience. Some of them are rapidly functioning and some are yet to be executed. 1. Automated Teller Machine (ATM) User can do a transaction individually without wasting time. The system will be updating on line. 2. Cash Deposit Terminal (CDT) This service is same application as Cash Deposit machine in Mayban Finance. Its only located at e-muamalat center. 3. Cheque Deposit Machine (CDM)

4. Auto Remit/Direct Debit An Automated Payment System for the purpose of insurance payment and credit payment. This system allowed crediting payee organizations account and debiting BMMB account holders automatically. 5. Autopay Currently Autopay is the system developed for the purpose of staff usage. 6. Muamalat On Line (MOL) Basically they are the same application as Maybank services. BMMB also highlight other services where users can find the information from their website.

Bank Muamalat Malaysia Berhad

Collected by staff

Online transaction
Key in to SAFE (terminal)
Terminal

CDT & CDM

Figure 1: Application of Cash Deposit Terminal & Cheque Deposit Machine

If a user deposit through CDT as well as CDM, the following steps should be taken. The deposit either cash or cheque must be enclosed in envelop provided by the bank. Then he or she has to fulfil few particular details such as account number, amount of deposit, and signature. The envelope will be collected on the next day by a certain staff. Then all the data stated on the envelop are to be key-in into the system (online transaction). Online transaction will transfer the data to the terminal and update the account. The system adopted in Bank Muamalat is called SAFE. The same mechanism is applied by Mayban finance. However their system might be called with a different name. For the time being, there is no case reported regarding the machine.

ATM Architecture

User enters pin code

Send information

ATM Cartridge

Receive transaction

System alert to Security Company

Electroni c Banks Department (EBD)

Figure 2: Application of Automated Teller Machine (ATM)

ATMs in BMMB are controlled by Electronic Bank Department. This department takes responsibilities of ATM fraud, ATM Short, ATM Problems and ATM card. Smart Card in BMMB is not fully applied yet because there are some cardholders who have not change their old cards to the new cards with microchip.

SIGNIFICANT OF ONLINE BANKING Online Banking is very essential nowadays. It is very important for Financial Institutions to be competitive in developed country. It will actually help them in delivering their services in efficiently. Besides, the end users will be able to cope with the new technology slowly as well as to serve them better understanding compared to the manual methods of banking systems. They no longer have to feel bored while waiting for their turn and somehow decrease their perception that the online banking is hard to implement in Malaysia. Lastly, this Online Banking services is paperless base and user-friendly where the end users (customers, clients and staffs) can access it any place that provides the Online Banking services.

WHERE CAN WE FIND ONLINE BANKING Maybank Groups have provided their services almost everywhere. In selected petrol stations around Malaysia, ATM machines are now provided and also Cash and Cheque Deposit Machines, in supermarkets as well as the Highway PLUS R&R (Rest & relax) station and 24 hours Internet network access of maybank2u.com. As a new financial institution, BMMB online banking services can be found in their branches and main office for the main services of e-muamalat, ATM can also be found in service centers, supermarkets and in the network bank area.

TARGET GROUP As well as other businesses in Malaysia, Financial Institutions also has their own target group to offer their online banking product and services. Basically it depends on the place where the banks are located. Thus target groups are all the potential users in the area. For Mayban Finance Berhad, even though the main office is located at Bangsar Utama, their target groups are all the bank users and companies, especially big company not only in Malaysia but also abroad. Initially, the primary target is all the staff of Maybank groups. For those who are abroad, they can deal with the bank by accessing the Internet via the website, provided they have the username and password. It is not only targeted for the bank customers but also other financial institutions. For example Citibank account holder can use Cheque Deposit Machine to clear their cheque. Staffs in Maybank Groups are the first target groups, encouraged to apply this system in their daily life. It is for the purpose of bills payment as well as their salary payment by the organization.

On the other hand, the target group of BMMB in IIUM includes students of IIU whereby they usually deals with matters regarding educational loan, and of course, staff of IIU, staff of BMMB, and the outsiders whom are making business and other dealings with IIU.

ISSUES Before executing the Online Banking system, all the institutions had practically examined all the possible problems occur when dealing with this system. They take this problem as challenges to compete among each other in providing better services to their customers. Some of the problems are the security problems such as transaction interception, falsification in doing transaction and private system exposure; fast growing in ICT where systems are become outdated and obsolescent tool; and problem regarding performance level on the website. Performance is defined as how long the system takes to response. It is difficult for the users to predict the evolution in the IT environment since technology kept morphing from time to time. System down and machine problems are also included in the above category. So far, none of the problem mentioned above had occurred except for system down and machine problem. When the system is down, all transactions are suspended. Means that transactions are delayed until the system is restored back to normal. Even though the system is not functioning temporarily, there are no cases of missing transactions reported, so far. The other problem is, us, as in our human behavior. It may not be listed in any material because what we obtained is through our observation. Human behavior is difficult to control and predict. For example Mayban Finance has provided a passbook machine used to update customers account. However they refuse to make use of it. They would prefer to queue up rather than to use the passbook and make their transaction in a jiff.

Unlike Mayban Finance, Bank Muamalat is still in the early stage of online banking. At this stage they had encounter with ATM cardholders who refuse to change to the new card which is already implanted with microchip. The bank has extended the period but still a number of them have not done the changes yet. Therefore Bank Muamalat has to delay the execution of the new system which will be fully established when all customer change to the new card with microchip in it.

INFORMATION SYSTEM CONTROL AND SECURITY As Information Technology becomes more and more advance, more news on data error, computer damage due to virus infection, system failure and network telecommunications down are reported. Although necessary efforts have been taken to reduce the occurrence, more actions are needed especially in the banking industry. Lack of computer security and weakness in internal control will cause great financial loss. The losses may include Commission of Fraud of Invasion Of privacy, damage to computer and its peripheral devices, loss of information integrity and accuracy due to system failure, power failure sabotage by disgruntled employees, and unintentional data or program error due to negligence and carelessness. It is not the responsibility of IT personnel to avoid those thread but also all system users. Therefore the most important thing in every institution to have is the IT Policy. The purpose of IT Policy is to ensure that the main objective of IT Security and Control are met. The objectives of IT Security and Control are confidentiality, integrity, availability and compliance. The minimum controls that shall exists in the computerized environment are IT Management, Personnel or Staffing, Logical Access Control, Physical Security and Environment controls, Installation Management, Computer Operation, Computer Disaster

Recovering Plan, Change and Configuration Management, Problem Management Standard, Product or Application Development Standard, and Network and Telecommunications. On the other hand, Privacy Protection Control Systems is designed to ensure the online transaction services are at the highest security standards and confidentiality. Bank is responsible to provide a Systems Security and Monitoring, Information Protection, and Data Confidentiality and Integrity. While the responsibilities of users are not to disclose their username and password to a third party; their computer is programmed with an anti virus protection; and frequent Updating Browser.

Responsibilities

Banks

Users

Security & safety

Privacy

Security & safety

Privacy

Figure 3: Responsibility of both banks and users

Banks as well as users has their own responsibilities in order to overcome the problem. These security issues will be discussed further. For systems security and monitoring measures, Maybank group has adopted a combination of the followings: Firewall systems, strong data encryption, anti-virus protection and round-the-clock security surveillance systems to detect and prevent any form of illegitimate activities Regular system reviews by internal System Auditor and external security experts

When a broadband is connected to the Internet, a personal firewall should be installed. For better action, personal computer is power-off when not in use.

All information transmitted via Internet is encrypted with the 128-bit Secure Socket Layer (SSL) protocol provided by Verisign Certificate Authority. SSL is an open protocol for securing communication across computer networks. It allows for the transfer of digitally signed certificates for authentication procedures, and provides message integrity, ensuring that the data cant be altered en route. (Security First Network Bank: 2001) Besides, a strong end to end encryption within the banks networks and resources is employed. The bank has taken necessary efforts to ensure security online. However they may not be able to control over the users. Therefore they have imbedded an automatic log out function if no activities are detected. The user should not let anybody to gain access into his account. Every customer is required to select a username and an alphanumeric password. It is the access key to the financial information. The username must be between six to sixteen characters while alphanumeric password must be between eight to twelve characters. For both cases, special characters and spaces should be avoided. Both username and password are case sensitive. For instance, instead of teRminatoR3 but the user key in terminator3, he might not be able to log in (r should be uppercase). An infected computer causes information loss, repair expenses, and time consuming. Therefore, in order to reduce the risk of virus infection, users should install an anti virus program that automatically upgrades virus protection.

As technology kept on changing, so does the browser. It should be updated to the latest version as it includes more security features and other beneficial system.

Security Architecture of Maybank Groups

Host Processor Firewall Software

Internet
Router TCO/IP protocol SSL encryption

SSL encryption

TCP/IP communication protocol

House &customer password information

Internet File Server

Secure Browser

SNA protocol (No TCP/IP)

Figure 4: Firewall Security system

Security architecture is a set of software modules, each having specific security functionality and conforming to a common set of rules. By linking together the appropriate modules using a building block approach, security functionality can be configured for any application. (Welch, Brian: 1994)

PEOPLE BEHIND Mayban Finance Berhad has developed their own system of Online Banking. The system was developed by Mayban Finance Berhad Network Branch. The unit is called Information System Development Unit. The system is fully utilized for the past two years. However it is not fully centralized in all Maybank groups. ISD unit will take the responsibility regarding the system. As well as frequent inspections on the system, the unit also keeps in touch with the new technology as ICT is growing fast. This unit is able to detect any computer fraud due to unauthorized disclosure by staff(s), hackers, or carelessness. So far, major frauds had never occur in Mayban Finance Berhad. If there is any negligence, fraud and errors of bankers, bank will accept the liability. Instead of outsourcing, BMMB developed its own system, but it is still in progress. The system is developed by Electronic Bank Department located at BMMB headquarter, Jalan Melaka, KL. Previously, BMMB is a sub-unit of Bank Bumiputra Malaysia Berhad. Then BBMB split-up to BMMB and Bumiputra Commerce Berhad. Therefore some of the system is based on BCB, since they are from the same origin. Both institutions purchase the machine from vendors, where all the security or failure of the machines is insurance by the vendors. These machines are controlled by the Information System Development (ISD) unit for MBF and Electronic Bank Department for BMMB.

PROSPECTS A few brainstorming session were conducted to discuss what are the other major prospects to be achieve, as to expand the domain to the whole world. Numbers of ideas are suggested including improvement of management information system. The primary prospect of both institutions is to be able to provide the best services with the latest technology. All transactions are based on click and mortar rather than brick and mortar. In addition, paperless based system in all the avenue of the Online Banking services. Users as well as bankers hope that both institutions can maintain reputation by enhancing performance and to be more efficient in their services. In other word, it is for the purpose of minimizing time consuming while dealing in transactions, and faster than the existing system. BMMB has set their prospect as to be the first Islamic bank that is capable to offer a wide range of products and services not only in Malaysia but also overseas, Insyaa Allah.

One of the prospects of the banks is to implement click and mortar method. However it could not be achieved successfully if the users are not willing to cooperate. Meaning that, the users refuse to take the advantage of the online services provided. Therefore we recommend that it is very important for the bankers to develop trustworthiness in their customers. Thus they are responsible to convince the customers that transactions via online is secure and confidential.

What is said in meetings and meant to be confidential is a trust Every bank should employ the Prophets saying above while dealing not only online banking but also other matters. The issue aroused is not that whether the banks are breaching the trust of their customers, but how to convince and put trusts of the customers unto them. SOURCES OF LAW All over the world, banks are protected by a particular law. For example, the law of the United States (US) is different from the United Kingdom (UK). In US, they refer to Electronic Funds Transfer Act 1978. Many issues in US Law are subject to the state law (differ from one state to another). No final word on the state of the law since the law keeps evolving and subject to constant change. While Computer Misuse Act 1990 is applied in the UK. Under this act, there are some penalties to offences regarding: - Unauthorized access to comp-material (Maximum penalty: fine 2000 and/or 6 months imprisonment) - Unauthorized access with the internet to commit of facilitates commission of further offences. (Maximum penalty: unlimited fine & 5 years imprisonment) - Unauthorized modification of computer material (Maximum penalty: unlimited fine & 5 years imprisonment) In Malaysia there is no law to defend against online banking abuse yet. Sources of Online Banking laws in Malaysia are mostly referred to Computer Crime Act 1997, Digital Signature Act 1997 and etc. For the time being, all the banks in Malaysia are restricted to

BAFIA (Banking and Financial Institutions Act 1989). Therefore, any crimes related to online banking is referred to BAFIA. CONCLUSION In general, we could conclude that online banking is an advanced form of any funds transfer by electronic means initiated either through electronic terminal, telephonic instrument or magnetic tape in instructing or authorizing a financial institution. This particular new form of technology is vital for the Financial Institutions in providing an integration of global services. Both institutions develop their own Online Banking systems and purchase the machine from vendors. These machines are controlled by Information System Development (ISD) unit for MBF and Electronic Bank Department for BMMB. Banks as well as users has their own responsibilities in order to face the problem regarding the security when dealing with these new forms of technology. Basically they offer similar services and applications but the different is that Maybank is more advance and established. This advancement form of Online Banking hold great promises in ensuring a banking system which is more practical, efficient, effective, reliable, friendly user, secure, economical and convenient in order to fit in todays hectic lifestyle.