john Gill technology header image

e-Banking

The evolution of electronic banking (e-Banking) started with the use of automatic teller machines (ATMs) and has included telephone banking, direct bill payment, electronic fund transfer and online banking. According to some, the future direction of e-banking is the acceptance of mobile telephone (WAP-enabled) banking and interactive-TV banking. However, it has been forecast by many that online banking will continue to be the most popular method for future electronic financial transactions.


What is e-banking?

Electronic funds transfer (EFT), refers to the computer-based systems used to perform financial transactions electronically. The term is used for a number of different concepts including electronic payments and cardholder-initiated transactions, where a cardholder makes use of a payment card such as a credit card or debit card.

A photograph of credit cardsCard-based EFT transactions are often covered by the ISO 8583 series of standards.

A number of transaction types may be performed:

Photograph of a chip and pin machine with chip and pin logoEFT transactions require authorisation and a method to authenticate the card and the card holder. Whereas a merchant may manually verify the card holder's signature, EFT transactions require the card holder's PIN to be sent online in an encrypted form for validation by the card issuer. Other information may be included in the transaction, some of which is not visible to the card holder (for instance magnetic stripe data), and some of which may be requested from the card holder (for instance the card holder's address or the CVV2 security value printed on the card).

EFT transactions are activated during e-banking procedures. Various methods of e-banking include:

Telephone banking

Photograph of a telephoneTelephone banking is a service provided by a financial institution which allows its customers to perform financial transactions over the telephone.

Most telephone banking systems use an automated phone answering system with phone keypad response or voice recognition capability. To guarantee security, the customer must first authenticate their identity through a numeric or verbal password or through security questions asked by a live representative. With the obvious exception of cash withdrawals and deposits, telephone banking offers virtually all the features of an ATM.

Usually, there is the possibility to speak to a live representative located in a call centre or a branch, although this feature is not guaranteed. In addition to the self-service transactions, telephone banking representatives are usually trained to do what was traditionally available only at the branch: loan applications, investment purchases and redemptions, chequebook orders, debit card replacements, change of address, etc.

Online banking

Online banking (or Internet banking), allows customers to conduct financial transactions on a secure website operated by their retail or virtual bank, credit union or building society. Online banking offers features such as: bank statements; electronic bill payment; funds transfer; loan applications and transactions and account agggregation that allows users to monitor all of their accounts in one place. It is widely recognised that online banking provides more revenue per customer and costs less per transaction than any other e-banking channel.

SMS banking

Photograph of a message received alert on a mobile telephoneSMS banking is a technology-enabled service permitting banks to operate selected banking services over the customers' mobile phone using SMS messaging.

SMS banking services are operated using both Push and Pull messages. Push messages are those that the bank chooses to send out to a customer's mobile phone, without the customer initiating a request for the information. Typically push messages could be either Mobile Marketing messages or messages alerting to an event which happens in the customer's bank account, such as a large withdrawal of funds from the ATM or a large payment using the customer's credit card, etc. Another type of push message is a One-time password (OTPs).

Pull messages are those that are initiated by the customer, using a mobile phone, for obtaining information or performing a transaction in the bank account. Examples of pull messages for information include an account balance enquiry, or requests for current information like currency exchange rates and deposit interest rates.

The bank’s customer is empowered with the capability to select the list of activities (or alerts), that he/she needs to be informed. This functionality to choose activities can be done either by integrating to the Internet Banking channel or through the bank’s customer service call centre.

Mobile banking

Photograph of a mobile telephoneMobile banking (also known as M-Banking, mbanking, etc.), or Wireless Application Protocol (WAP) enabled banking is a term used for performing balance checks, account transactions, payments etc. via a mobile device such as a mobile phone or Personal Digital Assistant (PDA). Mobile banking is most often performed via SMS or the Internet accessed through the mobile device, but can also use special programs downloaded to the mobile device.

Interactive-TV banking

Photograph of interactive TV bankingInteractive television is a technique that allows viewers to interact with television content as they view it. It is sometimes called interactive TV, iTV or idTV.

As long as the customer subscribes to a satellite or cable television service some banking facilities, such as, checking balances, moving money between accounts, paying bills and setting up overdrafts are made available through a television set. A handful of major banks in the UK have experimented with digital banking services through cable and satellite TV companies.

 

Statistics

  • 50% of prospective customers registering for online banking give up before signing up
  • 1 in 9 people who have tried online banking in the UK gave up due to poor usability or security concerns
  • In 2001, one third of the top 20 European banks offered some form of interactive-TV banking
  • In 2004, it was estimated that there were over 10 million users of interactive-TV based banking services in Europe
  • In 2007, the estimated number of Europeans banking online is 130 million
  • In 2007, 40% of US households banked online at least once a month
  • 88% of e-banking users visit their bank's web site at least once a week
  • It is estimated that 35% of online banking households will be using mobile banking by 2010
  • By 2011, it is predicted that 80% of bank customers in the UK will use the internet to connect to their bank
  • In 2000 there were over 2,500 banking websites across Western Europe

 

Problems encountered by disabled people and the ageing population using e-Banking

Blind and Partially Sighted

For blind persons, one problem may be selecting the right card from their wallet and inserting it in the correct orientation into an ATM.

When using online banking, the way a website is designed will determine how accessible it is to people with disabilities. In particular, blind people use browsers with speech or braille output which are text-based systems; therefore the site should be navigable independent of the graphics content. For people with low vision, the ability to vary the text size on their browser is essential. A further problem encountered by blind and partially sighted people is that many websites use graphics such that they are not meaningful when accessed by a text-based browser.

Using telephones for banking can provide problems as the decreasing size of handsets often means small keypads and small visual displays that people with visual disabilities find inaccessible. Some people are unable to distinguish between certain colour combinations used on mobile telephone screens and keypads.

Mailed notifications of PIN change that are not available in alternative formats are inaccessible to blind and partially sighted people.

Hearing impaired

People with hearing impairments require visual representation of auditory information that a banking website may provide. With the increasing use of multimedia on websites (e.g. podcasts, video streaming), it is important to ensure that information can be understood by those who have hearing impairments.

It is also important to appreciate that those using British Sign Language (BSL), use a different sentence structure and vocabulary compared to typical spoken English. Consideration should be given to using simple language and the inclusion of a glossary of banking terms.

For those who are hearing impaired, using a normal telephone for banking is difficult so a bank's services should be operable via a Textphone. Users of hearing aids experience disturbances due to electromagnetic interference (EMI), from digital mobile phones. The rapid pulsation of radio signals from digital mobile telephones can give rise to a buzzing, humming, squealing or squelch inside the hearing aid.

Hearing impaired users cannot locate or identify commands or controls that require hearing (e.g. a voice-based interactive mobile telephone that can be controlled only by listening to menu items and then pressing buttons).

Photograph of a hand entering a PIN at an ATM

Physically impaired

Those with physical impairments who are banking by mobile telephone may find it hard to hold and activate the buttons.

People with a physical disability may have difficulty controlling their hands and arms therefore, holding and using a mouse effectively to use a banking website becomes a problem. Others find prolonged use of their arms or hands tiring.

Cognitively impaired

Complex banking websites with too many steps or unhelpful messages may be difficult for people who are cognitively impaired. People with cognitive or learning impairments may have problems reading text or become confused by complex page layouts, tables or navigation structures. Moving and blinking text may also be distracting and impede understanding.

People with cognitive or learning impairments may experience problems with the operating systems of complicated mobile telephones.

Customers often have difficulty in remembering too many PINs (particularly if they are used infrequently), so are prone to writing them down which lessens the security of the system. People with dyslexia can have problems in remembering the digits in the correct order.

Ageing population

Photograph of an elderly lady using a mobile telephoneWhile older people often experience changes in vision, hearing, dexterity and memory as they age, they might not consider themselves to have disabilities. Yet the accessibility provisions that make banking webpages accessible also benefit older people with diminishing abilities. For example, many people with age-related visual impairments may benefit from being able to alter text size. Elderly people may also experience mobility difficulties when using the mouse.

Elderly people can often experience a range of difficulties with mobile telephones, such as the screen being too small to see; incompatibility with a hearing aid and too many complicated specialised functions.

Other problems encountered using e-Banking

Security

Protection through single password authentication is not considered secure enough for personal online banking applications in some countries. Online banking user interfaces are secure sites (generally employing the https protocol) and traffic of all information - including the password - is encrypted, making it next to impossible for a third party to obtain or modify information after it is sent. However, encryption alone does not rule out the possibility of hackers gaining access to vulnerable home PCs and intercepting the password as it is typed in (keystroke logging). There is also the danger of password cracking and physical theft of passwords written down by users.

Security of financial transactions using mobile e-banking involving transmission of financial information over the air, offer the most complicated challenges that need to be addressed jointly by mobile application developers, wireless network service providers and the bank’s IT department.

The following aspects need to be addressed to offer a secure infrastructure for financial transaction over wireless network :

  1. Physical security of the hand-held device
  2. Security of the application running on the device. In case the device is stolen, the hacker should require ID / Password to access the application
  3. Authentication of the device with the service provider before initiating a transaction. This would ensure that unauthorized devices are not connected to perform financial transactions
  4. User ID / Password authentication of bank’s customer
  5. Encryption of the data being transmitted over the air
  6. Encryption of the data that will be stored in the device for later / off-line analysis by the customer

Lack of encryption

The lack of encryption on SMS messages is an area of concern that is often discussed and several banks that use it have overcome their fears by introducing compensating controls and limiting the scope of the SMS banking method to where it offers an advantage over other channels.

Suppliers of SMS banking software solutions have found reliable means by which the security concerns can be addressed. Typically, the methods employed are by pre-registration and using security tokens where the transaction risk is perceived to be high. Sometimes ATM type PINs are also employed, but the usage of PINs in SMS banking makes the customer's task more cumbersome.

Fraud

Some customers avoid online banking as they perceive it as being too vulnerable to fraud. The security measures employed by most banks can never be completely safe but it becomes less secure if users are careless, gullible or computer illiterate. An increasingly popular criminal practice to gain access to a user's finances is phishing, whereby the user is in some way persuaded to hand over their password(s) to a fraudster.

Interoperability

There is a lack of common technology standards for mobile banking. Many protocols are being used for mobile banking – HTML, WAP, SOAP, XML. It would be a wise idea for the vendor to develop a mobile banking application that can connect to multiple banks. It would require either the application to support multiple protocols or use of a common and widely acceptable set of protocols for data exchange.

There are a large number of different mobile phone devices and it is a big challenge for banks to offer mobile banking solutions on any type of device. Some of these devices support the Java 2 Micro Edition (J2ME) and others support WAP browsers or only SMS.

Websites

As online banking consists of three main parts: the marketing / information pages, the online application and the transactional banking area, all of these can provide the user with problems:

Checklist for e-Banking


Recommendations

Bank cards

Websites

Photograph of a child with Down's Syndrome accessing the InternetA summary of the main WAI recommendations:

ATM

Telephones / Mobile telephones

Televisions

Passwords / User identification

Many online banking services impose a second layer of security as well as an initial password. Strategies vary, but a common method is the use of transaction numbers (TANs), which are essentially single use passwords.

Another strategy is the use of two passwords, only random parts of which are entered at the start of every online banking session. This is however considered slightly less secure than the TAN alternative and more inconvenient for the user.

A third option is providing customers with security token devices capable of generating single use passwords unique to the customer's token, this is called two-factor authentication (2FA).

Another option is using digital certificates, which digitally sign or authenticate the transactions, by linking them to the physical device (e.g. computer, mobile phone, etc). Other banks have responded not with security tokens or digital certificates, but by setting up a combination of controls that recognise a customer's computer via a cookie, ask additional challenge questions for risky behaviour, and monitor for fraudulent behavior.

One-time passwords (OTPs) are the latest tool used by financial and banking service providers in the fight against cyber fraud. Instead of relying on traditional memorised passwords, OTPs are requested by consumers each time they want to perform transactions using the online or mobile banking interface. When the request is received the password is sent to the customer’s phone via SMS. The password is expired once it has been used or once its scheduled life-cycle has expired.

Help facilities

Standards

  • APACS 70: 2006 Card acceptor to acquirer interface standards
  • APACS 71 Bankcard PIN mailer security
  • CAN/CSA-B651.1-01 (2001) Barrier-free design for automated banking machines
  • EN 1332-1 Identification card systems - Man-machine interface - Part 1: Design principles for the user interface
  • EN 1332-2 Identification card systems - Man-machine interface - Part 2: Dimensions and location of a tactile identifier for ID-1 cards
  • EN 1332-3 Identification card systems - Man-machine interface - Part 3: Keypads
  • EN 1332-4 Identification card systems - Man-machine interface - Part 4: Coding of user requirements for people with special needs
  • EN 1332-5 Identification card systems - Man-machine interface - Part 5: Symbols and icons
  • ISO 7816-1: 1998 Identification cards - Integrated circuit(s) cards with contacts - Part 1: Physical characteristics
  • ISO 8583: 2003 Financial transaction card originated messages - Interchange message specifications. Parts 1, 2 & 3
  • ISO 9564: 2002 Banking - Personal Identification Number (PIN) management and security. Parts 1, 2, 3 & 4
  • ISO/IEC 7810: 2003 Identification cards - Physical characteristics
  • ISO/IEC 9995-4: 2002 Information Technology - Keyboard layouts for text and office systems - Part 4: Numeric section

Further information


Acknowledgements

 



John Gill Technology Limited Footer
John Gill Technology Limited Footer