Volume 13, Number 3 Article by T R Madanmohan , Jai Ganesh H September 2001
Framework for Internet Banking Security :
The way customers are using financial services is changing rapidly. Today’s financial services are characterised by individuality, mobility, independence of place and time, and flexibility. The Internet, based on client server technology, has facilitated this change. Financial services companies are using the Internet as a new distribution channel, offering complex products at lower transaction costs to more potential customers. The Internet also allows customers to access the service from any part of the world at any time. Given the wealth of opportunities the Internet creates, and the accelerated pace at which banks are going online, an Internet presence will become a strategic necessity for most banks and other financial services institutions. But the rapid growth and use of the Internet also contributes to its vulnerability. The issue of security is often cited as a major barrier to widespread consumer adoption. The CERT statistics 1988-98 show that the security incidents on the Internet have been growing proportionally to its growth. Jai Ganesh and T R Madanmohan look into the broad security issues related to banking on the Internet such as security, authentication, trust, non-repudiation, privacy and availability, and go further to provide a model for Internet banking security. An online banking solution can be designed today that is more effective and less costly than the proprietary systems of only a few years ago. Banking transactions can now be initiated and monitored via standard Web browser software or the major financial planning software packages. The three-stage capability model that the authors have developed, on the line of CMM, would enable brick and mortar banks to take their services online. The model offers a quick and easy way for managers to evaluate their existing security mechanisms and ways to improve their current service levels. The framework deals with the technical as well as the managerial issues. The authors, who are conducting further research to build up on this model, caution that no security mechanism can exist as a stand-alone feature. To evaluate the framework it needs to be tested in the real life environment on a pilot basis, and relevant additions and changes, as perceived by the banking industry, need to be made.
Reprint No 01301
