Join the Community

22,017

Expert opinions

44,203

Total members

434

New members (last 30 days)

171

New opinions (last 30 days)

28,675

Total comments

Join Sign in

Internet Banking - Scene of last decade and some learnings

18 December 2007 Be the first to comment

Retired member

In the days of virtualization where working mothers and traveling sales-team prefer to use flexi-time and remote jobs profile; Internet is being adopted as a parallel medium of communication, transaction, and social networking. Internet banking is fast gaining momentum across the globe for its convenience and ease of conducting transactions at a speed and service levels never dreamt of, a decade ago. Bankers needs take some learning for this last decade of e-driven environment.

Internet Banking introspection

In-spite of its multiple advantages, there is a need to step back and re-think on perceptions of the masses. Is Internet Banking truly replacing the layers of branch banking in a big way? Is Internet Banking a definitive future of how world people will transact over net? There are enough evidences of Internet Banking gaining considerable adoption in developed and to a lesser degree in developing countries. However ample evidence exist to suggest that Internet banking has been highly is accepted in only specific line of services and yet global bankers have to fight a fierce battle when Internet Banking will be a truly serious and parallel banking channel, complementing offline banking in a big way. But one thing is sure, e-banking has going through a lot of transformation fr a decade and will surely keeping it's footprint across the globe.

By next decade, mobile banking may take over as preferred channel in the tribal regions of Africa and world may follow the pattern. Bangladesh has successfully tested mobile banking for have-nots (with limited functionalities thouh) and again proving a point to the word that micro-banking is not the only aspect they are leading, given the size and status of their economy.

Maintaining e-banking infrastructure

Developing and maintaining Internet Banking is extremely tough call for a modern day banker. At one side the cost and efforts of maintenance of e-banking infrastructure (given the security needs and compliances) may not necessarily justify the benefits to bank of every size. And at the same time, intangible cost of not providing full-fledged internet banking platform is also huge and may affect the opportunities loss for banks. Having said that, in today's context, providing full-service Internet banking platform is more of "when and not if" and the benefits are comparable to "chicken or egg" theory.

Pre- Y2K

In the first generation of Internet Banking, i.e. pre Y2K era, banks in the developed world provided basic facilities such as view balance, e-statements, check-book request, stop payment instructions, Electronic bill payment (EBP) etc.

Post - Y2K

In Post Y2K era banks aggressively adopted various services such as Electronic Bill Presentment and payment (EBPP), customized reporting, account aggregation over multiple bank accounts, Investment banking, also portfolio / investment management, comprehensive money management, and trade finance etc.

Internet-only Banks

Y2k was also an era when few "Internet only" banks were established, and out of which Japanese have better survived by now. Rest of the world is struggling to keep this "internet only" concept alive.

Needless to say, debate is on for account aggregation Vs multi-factor authentication Vs privacy Vs so on.

2007 and beyond

In the present regime of 2007 and beyond, the banks are concentrating on targeting the incremental service-level in online banking value-chain e.g. developing creative ways of countering security threats, targeting comprehensive supply chain management for entire life cycle of a transaction utilizing straight through processing (STP) , Customizing the social network in wbe2.0 including offering more control to the user , aligning internet banking with multiple channels to offer the best-in-breed technological upgrades to the customer including Electronic Fund Transfer (EFT) / bulk transfers using RTGS, mobile banking services, incorporating GIS, imaging, workflow etc. The debates of Zopa, prosper, paypal Vs traditional banking are endless as if the debates on traditional banking Vs Wall Mart was not enough. Banks are targeting Internet banking as a medium to generate new business and attracting either offline or fresh customer through effective ways of cross-selling, establishing cross border services for various corporate as well as consumer segment. Internet Banking is also been used as a channel to create profile driven marketing campaign for various banking products.

Research suggesting Internet Banking growth story

As per Pew Internet & American Life Project in 2005, around 53 million Americans conduct majority of their banking online. This is approximately a quarter of all adults and this has risen over 47% since 2002.
Forrester predicts this online number to reach 74 Million household in USA by 2011. The major factor promoting this number is Generation Y, as this segment of online banking is expected to grow by 136% in next 5 years timeframe. EBPP is expected to be a major driver for achieving this envisaged growth of e-banking volumes.
Aite Group forecasts that by 2010, 13% of checking accounts will be opened online in the United States, up from 3% in 2006.
Global e-commerce activity is currently estimated to be approx 10 Trillion US$. Increasingly, Internet banking will be used as a payment mode either using physical / virtual credit cards or though fund transfer / direct debits. Currently Physical card plays a major role in these global payments with or without using Internet Banking.

Security Threats over Internet - a need for introspection

In contrast to the growth stories, parallel research by organization such as Mintel in USA suggests a flip side of the story. e.g. study by Mintel indicates around two thirds of 40% younger consumers developed or matured market between 18-34 are turning way from online banking services, as they "don't trust transactions on the Internet". Therefore a huge introspection is needed from bankers for planning to counter the security threats in terms of hacking, Phishing, Pharming, keystroke logging, Trojan horses and several other modes of attacks on customer as well as banks. Several Banks across the globe had to either compensate customers of security scams or to accept the responsibilities of major overhaul of their Internet banking channel. In fact, The Australian Securities and Investment Commission (ASIC) has invited a major debate within banking industry whether to accept liability of banks to compensate customer and / or design higher customer responsibilities for Internet Banking Frauds. A security threat a major deterent for consumers aggressively using Internet Banking. However it is also seen that perception of threat is much higher in the minds of consumers in comparison to the actually threat itself. Banks have to aggressively work on cost-benefits to offer insurances or liability guarantee to the customers, which may help to garner huge untapped market. But this still leaves with issue of data floating around with the fraudster, which may not be resolved with guarantees.

Some Learning by banks

Internet is one of most cost effective channel of conducting banking operations. It is estimated that Internet banking offers up to minimum of 60% (and much more at higher volumes) cost saving over normal offline banking. But this numbers keep changing esp in of SOA, Multi-channel integration, web 2.0 environments.
Bankers across the world have realized that customer using online banking have lesser attrition in comparison to other channel of banking and offer a relatively loyal customer to the bank. But can they take this for granted, as new online financial service community (esp non-banks) is posing strong threats?
Per product usage per customer for Internet Banking channel is growing exponentially comparing offline banking. But can this become a norm? Can they improve on this numbers as a lot needs to be done yet? Is profile driven campaigning used to it's best? Banks have to yet mature to provide with complete life cycle offerings in true sense.
As per Gartner, on an average, companies save about 45 cents every time they send an account statement electronically instead of by paper mail. A bank that sends monthly account statements by paper mail to 5 million customers would spend $27 million more than if it sent electronic statements. (So much less wood saved for countering global warming.)
Many banks have started waiving or reducing transaction fees on Internet banking accounts and have been for long, offering higher deposit rates to attract this cost-effective channel of banking transaction.
Branch managers (esp of traditional / old banks) across the globe have realized that Internet Banking offers is not a hindrance or competition to their business growth, but it complements the operations as it actually reduces the excessive burden of servicing customers.
Banks are offering customized reporting aligning with tools e.g. "Quicken 2007 or Microsoft money" etc for customers to analyze their income, expenditure items in various heads and this helps individual families to study / budget their spending from e-banking statements. But bankers need to watch as to how many percent actually use this flashy customized gadgets or are they spending money at wrong places.
"Offering image view for checks" is already an established value-add facility to the consumer after modern day regulations such as "check 21" have established it's footprint in USA. Banks in developed countries are also enabling customer to remote deposit checks using scanned images of checks, whereas many countries across the globe are far behind this initiatives. But why would you need checks in next decade? A thorough introspection is needed here.
Banks are struggling to defy the threats of hacking, hacking, Phishing, Pharming, keystroke logging, Trojan horses etc The organization-wide extensive IT security policy involving establishing protection to IT and network infrastructure, anti-intrusion initiatives, multiple audit programs, tracking suspicious trends, disaster recovery and business continuity, regulatory compliance, customer education and awareness programs are being utilized to counter external threats and save consumers from any probable attacks. FFIEC's recent authentication norms have opened up new scenario and opportunities, but debates on Man-in-the-middle" or "is this full-proof protection" continue. A major industry-wide drive is needed to counter the security threats in terms of actions from banks as wells customers.
Banks are now providing liability guarantees for any unauthorized transaction over Internet, but a lot is desired as compelling restrictive clauses in the "small-print" not doing enough justice to customer's apprehension towards security threats. Infact Industry-wide debate as well as co-operation amongst players is must and not just wishful.
Can we devise threats-free and full-proof / secured environment, where users will have to conduct minimum actions and not be held responsile for type of anti-virus, anti-threat gadgets they use? I pray this would be true in next decade or so.
Mobile banking may cross over Internet Banking volume within less than a decade. (Internet channel heads, better watch out)
Multi-channel enabled applications is driving the technology architectures, assuming newer channel-driven growth paradigms

Note: - Opinions expressed here are my personal views and do not in any way reflect views of my employers.

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

13652

Report

Channels

/security

Online Banking

This community is for discussion of developments in the e-banking world, including mobile banking. This can include all the functional, business, technical, marketing, web site design, security and other related topics of Internet Banking segment, including public websites of the banks and financial institutions across the globe.

Join group

204 opinions 64 members 08 February 2023

Comments: (1)

A Finextra member

29 February 2008

Internet banking and electronic commerce just aren't delivering anything like the benefits predicted.

The massive data leaks in the past couple of years present us with a real problem. This isn't yet the 21st century I imagined - it's more like the movies depicting the wild west.

The governments are trying to build an identity framework in the face of a certain amount of well-founded mistrust of those holding their data. Australia tried an ID card and it was partially responsible for a change of government. FI's are learning that their customers are likely to switch too and it might even be to under the mattress. Clearly the idea of an ID card isn't going to fly. Don’t confuse the clamor for protection with a desire for the ID card as a solution.

The data which is now out in the wild is out there - the horse has bolted. Unlike an escaped pony, even the man from Snowy River can't 'get it back'. It's the same for all the card and account details which have been lost or stolen, and we really don’t want our biometrics and our DNA out there too.

In much the same manner as when there is a large amount of perfect counterfeit currency in the wild, the only way to minimise the damage is to replace the bank notes with new currency.

We need to adopt a new methodology.

We must take a new approach which makes the 'currency' of identity details, card numbers etc worthless. Ideally the possession of this information should be worthless to fraudsters, through a change in methodology in the way we perform transactions, and interactions where we need to prove our identity. Citizens have repeatedly cited privacy as a major concern and fear of identity theft has reached critical levels in countries like the U.S.

Universally the majority of citizens do not wish to have an identity card and 75% of them don't believe it will cure the problems. I don't think it will either. I’m occasionally asked why I’m not a member of this or that security type organization anymore – I found them too depressing and clinging to a failed methodology.

The first rule of business is 'give the customer what they want'. What exactly do they want?

Privacy and control of their own identity and money - is what consumers want.

How do we balance the needs of government (the citizens) with the constraints of business and the power of the 'hive mind' on that Pandora's Box which is the internet?

We don't want to kill the hive mind - we need to empower it even more so we can all share the potential benefits. It's just unfortunate that at the moment it's the wild west days. Sure there's security software and anti-virus software, but it's like shutting the gate after the horse has bolted. Less than 70% of threats are even protected. Take away 30% of a farmer's fence and how many sheep will he have left - especially when there are hungry wolves waiting on the other side? Very quickly there’ll be none.

It doesn't look as though disparate solutions and patchy coverage are going to change things. Governments and FI's need to get together and find a ubiquitous solution – one solution which will work everywhere - globally. The fact that some individual banks are offering different levels of 'security' to different customers, ie. tokens for some 'power' users and SMS for others is astounding. Of course we know the reason is economic, but doesn't it really say that SMS is window dressing, and that those other ‘token equipped’ customers are the 'important' ones and the others are 'second class' customers? I'd like to know how they got that one past marketing. Wait until your marketing guru heads to your competitor and launches a campaign based on that. The tokens are already nearly useless and customers don’t like them anyway.

Identity is critical and essential infrastructure - for every business, government and individual.

Think of it as the electricity of commerce, we all need it otherwise the ATM, eftpos and internet commerce systems won't work. We all need it equally. We've had a go at trying to get a market edge against competitors with the latest exorbitantly expensive super gadget and most have ended up with egg on their face or let it quietly slip from the scene before delivering any real solution.

One thing is for certain - software is not going to protect us and hardware won't either. There is a 'hive mind' out there and it brings together more intellectual resources than any single corporation can hope to muster, even if it is misdirected. The proof is there that the hive mind is winning and it'll keep on winning any game where the prize is easy money.

A new methodology isn't an ID card, no matter how fancy - it's just another gadget with an impossible to predict lifetime. We can be certain that it will be defeated and no matter what you're told you can't predict when or how.

The issue is the methodology. Currently it's flawed - get over it - move on.

We need to change it and while we're at it we need to listen to the concerns of our customers - it's their perception that counts and all else is irrelevant.

Customers don't want their personal details bandied about in a transaction. Look where that's got us. We can't even tell if it's our customer anymore. A solution has to be delivered which gives the consumer what they want - empower them to control their own ID and approve or reject transactions in their name, whether in store or on the internet. Not some risk software in a back room making a best guess. We need black and white, yes or no. Citizens are beginning to seriously not trust their governments or their financial institutions.

Put it in the hands of customers. How? Well let's look at what's there to work with. In 59 countries we have 100% mobile phone penetration. That could be a good place to start. Use them and put the customer firmly in the transaction, and empower them to protect themselves. Just don't rely on trying to turn the phone into a PC to do it.

We need to take the personal details out of the equation - cards, numbers, names, just having these things shouldn't be enough to transact - they should be worthless to thieves. Relieve the merchants of the responsibility of protecting all that personal data because they shouldn't need it to perform a transaction and data protection is not their core business. Relieve customers of the need to carry extra ID because our systems are flawed and merchants don't trust the instruments we provide. The more they have to carry and provide, the greater the problem becomes. We can’t be using biometric data for everything and if there is any involved it has to be in a safe repository and never be allowed to leave.

The current system is just too risky and would never pass a real risk analysis if properly examined.

Let's just all get together and get it right before we have real disaster. It does not take a lot to shake public confidence. The solution must provide governments with the means to protect citizens, and FI's and merchants with the means to protect their businesses and not 'lose' information.

The place to start is:

* empower consumers with an easy to use ubiquitous mechanism to protect themselves

* minimise the amount of information required to transact and therefore the amount of data to be protected

* make the information that's already out there worthless to thieves by adopting new methodology

* give the customers more privacy - even anonymity

Combine what they have, what we can do, and government support to create a trusted third party to confirm identity without the trusted third party having our identity details. A trusted third party with no personal data, just pointers to someone who does know who our customers are, ie the banks and governments. Remove all mechanisms for transmitting personal data and make the ‘pointer’ meaningless to anyone else outside the bank or government data centre etc. Give the customers the method to provide the pointer without risking the data itself, and make the pointers renewable, so they can easily be replaced if compromised.

Empower citizens to confirm or deny transactions, confirm their identity, and control access to their personal data.

All bank staff and government employees should authenticate themselves in any interaction and we must enshrine the rule of sharing information clearly in law. Examine all processes and minimize the amount of information being transmitted and reduce even insider fraud.

A merchant should be able to confirm your right and power to transact, and a Constable should be able to confirm your right to drive and go about freely – without knowing who you are. If you do something wrong then someone knows who you are and you can be held accountable, but let’s keep that list of someone's to a minimum. Keep the personal data off the air, off the net and away from anyone who doesn’t really need to know, while making it easy for those who have the right and responsibility to know - when there’s a problem.

All this is possible with new methodology - the mobile phones are already there, the infrastructure is in place and it doesn't mean massive expense for FI's, governments, or the customers.

We can reduce the costs and risks for merchants and governments, without the FI's alone having to pay for it. Let everyone get back to concentrating on core business and give the customers what they want - privacy and security while they transact and interact.

I fear that if this doesn’t happen on a global scale with strong commitment from both governments and FI’s, we’ll have more than ‘stagflation’ to worry about. Anyone who wishes to explore a new approach, I’m certainly happy to help and would welcome any ideas. Of course I’m a solutions kind of guy and wouldn’t just add to the general malaise if I didn’t know there was an easy solution. There is a solution which can solve the problem for all stakeholders - governments, FI's, health, law enforcement and the citizens - even the civil libertarians - and make it easier for us all to get on with our business and fun.

P.S. And before anyone says 'I know someone without a mobile' - do the maths, the amount of money spent on worthless antivirus software and inadequate 'authentication' was probably a lot more than was spent on mobile phones last year. Governments could save billions with streamlined ID authentication and processes, enough to subsidise giving anyone who didn't have one - a free mobile. The majority rules and in this case the majority have already bought a mobile and the rest are madly trying to get one, almost to a man. At least it'll be more useful than the tokens and 'smart' cards, and probably cheaper in the long run. No trying to strap the dodgy tokens onto the phones or rely on software either, I don't want my phone becoming just another 'fix' hungry PC.

Report

More expert opinions

Aditya Deshpande Senior Software Engineer at PayPal