HOME

TheInfoList



OR:

Online banking, also known as internet banking, web banking or home banking, is an
electronic payment system An e-commerce payment system (or an electronic payment system) facilitates the acceptance of electronic payment for offline transfer, also known as a subcomponent of electronic data interchange (EDI), e-commerce payment systems have become incre ...
that enables customers of a
bank A bank is a financial institution that accepts Deposit account, deposits from the public and creates a demand deposit while simultaneously making loans. Lending activities can be directly performed by the bank or indirectly through capital m ...
or other
financial institution Financial institutions, sometimes called banking institutions, are business entities that provide services as intermediaries for different types of financial monetary transactions. Broadly speaking, there are three major types of financial inst ...
to conduct a range of
financial transaction A financial transaction is an Contract, agreement, or communication, between a buyer and seller to exchange goods, Service (economics), services, or Asset, assets for payment. Any transaction involves a change in the status of the finances of two ...
s through the financial institution's website. The online banking system will typically connect to or be part of the
core banking Core banking is a banking service provided by a group of networked bank branches where customers may access their bank account and perform basic transactions from any of the member branch offices. Core banking is often associated with retail ba ...
system operated by a bank to provide customers access to banking services in addition to or in place of traditional
branch banking A branch, banking center or financial center is a retail location where a bank, credit union, or other financial institution (including a brokerage firm) offers a wide array of face-to-face and automated services to its customers. History an ...
. Online banking significantly reduces the banks' operating cost by reducing reliance on a branch network and offers greater convenience to some customers by lessening the need to visit a branch bank as well as the convenience of being able to perform banking transactions even when branches are closed. Internet banking provides personal and corporate banking services offering features such as viewing account balances, obtaining statements, checking recent transactions, transferring money between accounts, and making payments. Some banks operate as a "
direct bank A direct bank (sometimes called a branch-less bank or virtual bank) is a bank that offers its services only via the Internet, email, and other electronic means, often including telephone, online chat, and mobile check deposit. A direct bank has no ...
", where they operate entirely via the internet or internet and telephone. They are different from "
neobank A neobank (also known as an online bank, internet-only bank, virtual bank or digital bank) is a type of direct bank that operates exclusively online without traditional physical branch networks. The term "challenger bank" is used in the UK to re ...
s", which don't have depositary insurance.


History


Precursors

The precursor to the modern online banking services was distance banking electronically and by telephone since the early 1980s. The term 'online' became popular in the late 1980s and referred to the use of a terminal, keyboard, and TV or monitor to access the banking system using a phone line. 'Home banking' can also refer to the use of a numeric keypad to send tones down a phone line with instructions to the bank.


Emergence of computer banking

The first home banking service was offered to consumers in December 1980 by United American Bank, a
community bank A community bank is a depository institution that is typically locally owned and operated. Community banks tend to focus on the needs of the businesses and families where the bank holds branches and offices. Lending decisions are made by people w ...
with headquarters in
Knoxville, Tennessee Knoxville is a city in and the county seat of Knox County in the U.S. state of Tennessee. As of the 2020 United States census, Knoxville's population was 190,740, making it the largest city in the East Tennessee Grand Division and the stat ...
. United American partnered with
Radio Shack RadioShack, formerly RadioShack Corporation, is an American retailer founded in 1921. At its peak in 1999, RadioShack operated over 8,000 worldwide stores named RadioShack or Tandy Electronics in the United States, Mexico, United Kingdom, Austra ...
to produce a secure custom modem for its
TRS-80 The TRS-80 Micro Computer System (TRS-80, later renamed the Model I to distinguish it from successors) is a desktop microcomputer launched in 1977 and sold by Tandy Corporation through their Radio Shack stores. The name is an abbreviation of ' ...
computer that allowed bank customers to access their account information securely. Services available in its first years included bill pay, account balance checks, and loan applications, as well as game access, budget and tax calculators and daily newspapers. Thousands of customers paid $25–30 per month for the service. Large banks, many working on parallel tracks to United American, followed in 1981 when four of New York's major banks (
Citibank Citibank, N. A. (N. A. stands for " National Association") is the primary U.S. banking subsidiary of financial services multinational Citigroup. Citibank was founded in 1812 as the City Bank of New York, and later became First National City ...
, Chase Manhattan,
Chemical Bank Chemical Bank was a bank with headquarters in New York City from 1824 until 1996. At the end of 1995, Chemical was the third-largest bank in the U.S., with about $182.9 billion in assets and more than 39,000 employees around the world. Beginning ...
, and
Manufacturers Hanover Manufacturers Hanover Corporation was the bank holding company formed as parent of Manufacturers Hanover Trust Company, a large New York bank formed by a merger in 1961. After 1969, Manufacturers Hanover Trust became a subsidiary of Manufac ...
) offered home banking services, using the
videotex Videotex (or interactive videotex) was one of the earliest implementations of an end-user information system. From the late 1970s to early 2010s, it was used to deliver information (usually pages of text) to a user in computer-like format, typi ...
system. Because of the commercial failure of videotex, these banking services never became popular except in France (where millions of videotex terminals (
Minitel The Minitel was a videotex online service accessible through telephone lines, and was the world's most successful online service prior to the World Wide Web. It was invented in Cesson-Sévigné, near Rennes in Brittany, France. The service w ...
) where given out by the telecom provider) and the UK, where the
Prestel Prestel (abbrev. from press telephone), the brand name for the UK Post Office Telecommunications's Viewdata technology, was an interactive videotex system developed during the late 1970s and commercially launched in 1979. It achieved a maxim ...
system was used. The first videotext banking service in France was launched on December 20, 1983, by CCF Bank (now part of HSBC). Videotext online Banking services eventually reached 19% market share by 1991 The developers of United American Bank's first-to-market computer banking system aimed to license it nationally, but they were overtaken by competitors when United American failed in 1983 as a result of loan fraud on the part of bank owner Jake Butcher, the 1978 Tennessee Democratic nominee for governor and promoter of the
1982 Knoxville World's Fair The 1982 World's Fair, officially known as the Knoxville International Energy Exposition (KIEE) and simply as Energy Expo '82 and Expo '82, was an international exposition held in Knoxville, Tennessee, United States. Focused on energy and ele ...
.
First Tennessee Bank First Horizon Bank, formerly First Tennessee Bank, is a financial services company based in Memphis, Tennessee. As the leading subsidiary of First Horizon Corporation, it provides financial services through locations in 12 states across the Sou ...
, which purchased the failed bank, did not attempt to develop or commercialize the computer banking platform.


Internet and customer reluctance and banking

When the clicks-and-bricks euphoria hit in the late 1990s, many banks began to view web-based banking as a strategic imperative. In 1996
OP Financial Group OP Financial Group is one of the largest financial companies in Finland. It consists of 180 cooperative banks and their central organization. “OP” stands for “osuuspankki” in Finnish, literally meaning “cooperative bank”. The financi ...
, a
cooperative bank Cooperative banking is retail and commercial banking organized on a cooperative basis. Cooperative banking institutions take deposits and lend money in most parts of the world. Cooperative banking, as discussed here, includes retail banking car ...
, became the second online bank in the world and the first in Europe. The attraction of online banking is fairly obvious: diminished transaction costs, easier integration of services, interactive marketing capabilities, and other benefits that boost customer lists and profit margins. Additionally, online banking services allow institutions to
bundle Bundle or Bundling may refer to: * Bundling (packaging), the process of using straps to bundle up items Biology * Bundle of His, a collection of heart muscle cells specialized for electrical conduction * Bundle of Kent, an extra conduction path ...
more services into single packages, thereby luring customers and minimizing overhead. In 1995, Wells Fargo was the first U.S. bank to add account services to its website, with other banks quickly following suit. That same year, Presidential became the first U.S. bank to open bank accounts over the internet. According to research by Online Banking Report, at the end of 1999 less than 0.4% of households in the U.S. were using online banking. At the beginning of 2004, some 33 million U.S. households (31%) were using some form of online banking. Five years later, 47% of Americans used online banking, according to a survey by Gartner Group. Meanwhile, in the UK online banking grew from 63% to 70% of internet users between 2011 and 2012.Abdou, Hussein, English, John and Adewunmi, Pau
''An investigation of risk management practices in electronic banking: the case of the UK banks''
eprints.hud.ac.uk, University of Huddersfield, July 22, 2014 (PDF; 474 kB)
By 2018, the number of
digital banking Digital banking is part of the broader context for the move to online banking, where banking services are delivered over the internet. The shift from traditional to digital banking has been gradual and remains ongoing, and is constituted by diffe ...
users in the U.S. reached approximately 61 percent. The penetration of online banking in Europe has been increased as well. In 2019, 93 percent of the Norwegian population access online banking sites, which is the highest in Europe, followed by Denmark and Netherlands. Across Asia, more than 700 million consumers are estimated to use digital banking regularly, according to a 2015 survey by
McKinsey and Company McKinsey & Company is a global management consulting firm founded in 1926 by University of Chicago professor James O. McKinsey, that offers professional services to corporations, governments, and other organizations. McKinsey is the oldest and ...
. By 2000, 80% of U.S. banks offered e-banking. Customer use grew slowly. At Bank of America, for example, it took 10 years to acquire 2 million e-banking customers. However, a significant cultural change took place after the
Y2K The year 2000 problem, also known as the Y2K problem, Y2K scare, millennium bug, Y2K bug, Y2K glitch, Y2K error, or simply Y2K refers to potential computer errors related to the formatting and storage of calendar data for dates in and after ...
scare ended. In 2001, Bank of America became the first bank to top 3 million online banking customers, more than 20% of its customer base. In comparison, larger national institutions, such as Citigroup claimed 2.2 million online relationships globally, while J.P. Morgan Chase estimated it had more than 750,000 online banking customers. Wells Fargo had 2.5 million online banking customers, including small businesses. Online customers proved more loyal and profitable than regular customers. In October 2001, Bank of America customers executed a record 3.1 million electronic bill payments, totaling more than $1 billion. As of 2017, the bank has 34 million active digital accounts, both online and mobile. In 2009, a report by
Gartner Group Gartner, Inc is a technological research and consulting firm based in Stamford, Connecticut that conducts research on technology and shares this research both through private consulting as well as executive programs and conferences. Its clients ...
estimated that 47% of United States adults and 30% in the United Kingdom bank online. The early 2000s saw the rise of the branch-less banks as internet only institutions. These internet-based banks incur lower overhead costs than their brick-and-mortar counterparts. In the United States, deposits at some direct banks are FDIC-insured and offer the same level of insurance protection as traditional banks.
Neobanks A neobank (also known as an online bank, internet-only bank, virtual bank or digital bank) is a type of direct bank that operates exclusively online without traditional physical branch networks. The term " challenger bank" is used in the UK to r ...
are branch-less banks in the United States which are not FDIC-insured.


First online banking services by region


The United Kingdom

Online banking started in the United Kingdom with the launch of Nottingham Building Society (NBS)'s
Homelink The HomeLink Wireless Control System is a radio frequency (RF) transmitter integrated into some automobiles that can be programmed to activate devices such as garage door openers, RF-controlled lighting, gates and locks, including those with rol ...
service in September 1982, initially on a restricted basis, before it was expanded nationally in 1983. Homelink was delivered through a partnership with the
Bank of Scotland The Bank of Scotland plc (Scottish Gaelic: ''Banca na h-Alba'') is a commercial and clearing bank based in Scotland and is part of the Lloyds Banking Group, following the Bank of Scotland's implosion in 2008. The bank was established by th ...
and British Telecom's
Prestel Prestel (abbrev. from press telephone), the brand name for the UK Post Office Telecommunications's Viewdata technology, was an interactive videotex system developed during the late 1970s and commercially launched in 1979. It achieved a maxim ...
service. The system used
Prestel Prestel (abbrev. from press telephone), the brand name for the UK Post Office Telecommunications's Viewdata technology, was an interactive videotex system developed during the late 1970s and commercially launched in 1979. It achieved a maxim ...
viewlink system and a computer, such as the
BBC Micro The British Broadcasting Corporation Microcomputer System, or BBC Micro, is a series of microcomputers and associated peripherals designed and built by Acorn Computers in the 1980s for the BBC Computer Literacy Project. Designed with an emphas ...
, or keyboard (Tandata Td1400) connected to the telephone system and television set. The system allowed users to "transfer money between accounts, pay bills and arrange loans... compare prices and order goods from a few major retailers, check local restaurant menus or real estate listings, arrange vacations... enter bids in Homelink's regular auctions and send electronic mail to other Homelink users." In order to make bank transfers and bill payments, a written instruction giving details of the intended recipient had to be sent to the NBS who set the details up on the Homelink system. Typical recipients were gas, electricity and telephone companies and accounts with other banks. Details of payments to be made were input into the NBS system by the account holder via Prestel. A cheque was then sent by NBS to the payee and an advice giving details of the payment was sent to the account holder. BACS was later used to transfer the payment directly.


The United States

In the United States in-home banking was "is still in its infancy" with banks "cautiously testing consumer interest" in 1984, a year after online banking went national in the UK. At the time
Chemical Bank Chemical Bank was a bank with headquarters in New York City from 1824 until 1996. At the end of 1995, Chemical was the third-largest bank in the U.S., with about $182.9 billion in assets and more than 39,000 employees around the world. Beginning ...
in New York was "still working out the bugs from its service, which offers somewhat limited features". The service from Chemical, called
Pronto Pronto, stylized as PRONTO, is the second-generation contactless payment system for automated fare collection on public transit services in San Diego County, California. The system is managed by the San Diego Association of Governments, operat ...
, was launched in 1983 and was aimed at individuals and small businesses. It enabled them to maintain electronic
checkbook register In accounting, a check register or checkbook register is a document, usually part of the general ledger, used to record financial transaction A financial transaction is an agreement, or communication, between a buyer and seller to exchange goods, ...
s, see account balances, and transfer funds between checking and savings accounts. The other three major banks —
Citibank Citibank, N. A. (N. A. stands for " National Association") is the primary U.S. banking subsidiary of financial services multinational Citigroup. Citibank was founded in 1812 as the City Bank of New York, and later became First National City ...
,
Chase Bank JPMorgan Chase Bank, N.A., doing business as Chase Bank or often as Chase, is an American national bank headquartered in New York City, that constitutes the consumer and commercial banking subsidiary of the U.S. multinational banking and fin ...
and
Manufacturers Hanover Manufacturers Hanover Corporation was the bank holding company formed as parent of Manufacturers Hanover Trust Company, a large New York bank formed by a merger in 1961. After 1969, Manufacturers Hanover Trust became a subsidiary of Manufac ...
— started to offer home banking services soon after. Chemical's Pronto failed to attract enough customers to break even and was abandoned in 1989. Other banks had a similar experience. Since it first appeared in the United States, online banking has been federally governed by the ''Electronic Funds Transfer Act of 1978''.


France

After a test period with 2,500 users starting in 1984, online banking services were launched in 1988, using
Minitel The Minitel was a videotex online service accessible through telephone lines, and was the world's most successful online service prior to the World Wide Web. It was invented in Cesson-Sévigné, near Rennes in Brittany, France. The service w ...
terminals that were distributed freely to the population by the government. By 1990, 6.5 million Minitels were installed in households. Online banking was one of the most popular services. Online banking services later migrated to the Internet.


Japan

In January 1997, the first online banking service was launched by Sumitomo Bank. By 2010, most major banks implemented online banking services, however, the types of services offered varied. According to a poll conducted by Japanese Bankers Association (JBA) in 2012, 65.2% were the users of personal internet banking.


China

In January 2015, WeBank, the online bank created by
Tencent Tencent Holdings Ltd. () is a Chinese multinational technology and entertainment conglomerate and holding company headquartered in Shenzhen. It is one of the highest grossing multimedia companies in the world based on revenue. It is also the wo ...
, started 4-month-long online banking trail operation.


Australia

In December 1995, Advance Bank acquired by St.George Bank, started to provide customers with online banking with the rollout of the C++ Internet banking program.


India

In 1998, ICICI Bank introduced internet banking to its customers.


Brazil

In 1996, Banco Original SA launched its online-only retail banking. In 2019 new banks began to emerge as the Conta Simples, focused only for companies.


Slovenia

Virtual or online banking became a reality in Slovenia in 1997, when SKB bank launched this service under the name of SKB Net. Two years later, they were followed by the largest Slovenian bank, NLB bank, who started offering online banking services in 1999 under the name of NLB Klik. Nowadays, actually every bank in Slovenia is offering online banking services. The Slovenian Central bank's data shows that there was a rise of 5,1% in 2017 from the previous year and the number almost doubled from more than ten years ago. At the end of 2019, the number of users was almost 1 million. The number of payments is around 26 million per quarter, which means that there are more than 100 million payments made online in Slovenia every year, and another 3 million made to offshore accounts. Data from the Slovenian Central bank also show that the total value of payments in 2017 reached more than €240 million. More than 900,000 use online banking in Slovenia


Canada

Virtual banking first became a possibility in 1996 with the Bank of Montreal's mbanx. mbanx was released at the very beginning of the internet banking revolution in Canada and was the first full-service online bank Also in 1996, RBC started providing banking information online and had the first personal computer banking software released that year In 1997, the bank ING Direct Canada (now known as Tangerine Bank) was founded with almost entirely online banking using only small cafes for meetings and very few physical branches. This was completely different from how banks had operated in Canada previously. By the early 2000s, all of the major banks in Canada rolled out some form of online banking.


Ukraine

Remote customer service of banks via the internet or Online banking (e-banking) in Ukraine was introduced more than two decades ago. Legal entities have been using the remote control of bank accounts since the mid-1990s. PrivatBank, which launched the “Privat24” system in 2000, became a pioneer in retail online banking. Since 2000, most financial institutions have been actively implementing online offices and web banking. 2007 - the number of Ukrainian banks that introduced Online Banking exceeded 20. 2018 - the ability to manage accounts and make transfers online is available in almost all financial institutions in Ukraine. Nowadays, the list of Internet banking services, with rare exceptions, repeats the entire product line of banks. With the help of Internet banking (IB), you can not only control the movement of funds in their accounts, but also perform more complex operations: for example, order a payment card or open a deposit account, repay the loan, and recently it became possible to buy and sell currency. The rapid development of Internet banking in Ukraine is provoking the growth of Internet users. It is important to mention that the largest functionality, more than 40 options - from transfers and opening deposits to home accounting and purchasing tickets are available in PrivatBank. There are 37 options in the Internet banking system of the First Ukrainian International Bank, 35 - in Alfa-Bank. One of the most popular services in which Internet banking users are interested in the ability to pay remotely for utilities.


Νorth Macedonia

Compared to several years ago, when the people living in Macedonia had to go directly to the banks to perform financial transactions, today there is a widely functional e-banking system. Macedonian banks today offer conventional e-banking services, electronic products including debit/credit cards and e-trading and contemporary electronic services like internet banking and online investing. What is important when it comes to e-banking is the trust in banks, usability of the platforms and the overall marketing for e-banking from banks. Moreover, it's also important to constantly update the e-banking services. One successful example regarding the above-mentioned characteristics in Macedonia is “Stopanska Banka” AD Skopje. In the country, several factors significantly influence the level of adoption and usage of e-banking services, such as age, level of education and complexity of the e-banking services offered by banks. Naturally, elderly clients use e-banking services less than younger people. In addition, the level of education has a significant influence on the level of usage, meaning that the higher the education level, the more likely is for the citizen to use e-banking services. As for the satisfaction, citizens are generally more satisfied with the e-banking services offered by various banks when they have a diverse portfolio of services and offer fast and simple completion of transactions.


Cook Islands

The Bank of the Cook Islands introduced online banking in 2015, under the leadership of
Vaine Nooana-Arioka Vaine Nooana-Arioka is a Cook Islands economist. She has been Chief Executive of the Bank of the Cook Islands (BCI) since 2008. Under her leadership, BCI launched its internet banking service in 2015. As of 2018 she was one of five women on the b ...
.


Operation

To access a bank and online banking facility, a customer with internet access will need to register with the bank for the service, and set up a password and other credentials for customer verification. The customer visits the financial institution's
secure website Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is ...
, and enters the online banking facility using the customer number and credentials previously set up. Each financial institution can determine the types of financial transactions which a customer may transact through online banking, but usually includes obtaining account balances, a list of recent transactions,
electronic bill payment Electronic bill payment is a feature of online, mobile and telephone banking, similar in its effect to a giro, allowing a customer of a financial institution to transfer money from their transaction or credit card account to a creditor or ven ...
s, financing loans and funds transfers between a customer's or another's accounts. Most banks set limits on the amounts that may be transacted, and other restrictions. Most banks also enable customers to download copies of bank statements, which can be printed at the customer's premises (some banks charge a fee for mailing hard copies of bank statements). Some banks also enable customers to download transactions directly into the customer's accounting software. The facility may also enable the customer to order a cheque book, statements, report loss of credit cards, stop payment on a cheque, advise change of address and other routine actions. Some financial institutions offer special internet banking services, for example, Personal financial management support, such as importing data into personal accounting software. Some online banking platforms support
account aggregation Account aggregation sometimes also known as financial data aggregation is a method that involves compiling information from different accounts, which may include bank accounts, credit card accounts, investment accounts, and other consumer or busin ...
to allow the customers to monitor all of their accounts in one place whether they are with their main bank or with other institutions.


Security

Security of a customer's financial information is very important, without which online banking could not operate. Similarly the reputational risks to banks themselves are important. Financial institutions have set up various security processes to reduce the risk of unauthorized online access to a customer's records, but there is no consistency to the various approaches adopted. The use of a
secure website Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is ...
has been almost universally embraced. Though single
password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicatin ...
is still in use, it by itself is not considered secure enough for online banking in some countries. There are essentially two different security methods in use for online banking: * The PIN/
TAN Tan or TAN may refer to: Businesses and organisations * Black and Tans, a nickname for British special constables during the Irish War of Independence. By extension "Tans" can now also colloquially refer to English or British people in general, es ...
system where the PIN represents a password, used for the login and TANs representing
one-time password A one-time password (OTP), also known as a one-time PIN, one-time authorization code (OTAC) or dynamic password, is a password that is valid for only one login session or transaction, on a computer system or other digital device. OTPs avoid seve ...
s to authenticate transactions. TANs can be distributed in different ways, the most popular one is to send a list of TANs to the online banking user by postal letter. Another way of using TANs is to generate them by need using a
security token A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to or in place of a password. It acts like an electronic key to access something. Examples of security tokens inc ...
. These token generated TANs depend on the time and a unique secret, stored in the security token (
two-factor authentication Multi-factor authentication (MFA; encompassing two-factor authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting ...
or 2FA). :More advanced TAN generators ( chipTAN) also include the transaction data into the TAN generation process after displaying it on their own screen to allow the user to discover
man-in-the-middle attack In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...
s carried out by
Trojans Trojan or Trojans may refer to: * Of or from the ancient city of Troy * Trojan language, the language of the historical Trojans Arts and entertainment Music * ''Les Troyens'' ('The Trojans'), an opera by Berlioz, premiered part 1863, part 189 ...
trying to secretly manipulate the transaction data in the background of the PC. :Another way to provide TANs to an online banking user is to send the TAN of the current bank transaction to the user's (GSM) mobile phone via SMS. The SMS text usually quotes the transaction amount and details, the TAN is only valid for a short period of time. Especially in Germany, Austria and the Netherlands many banks have adopted this "SMS TAN" service. There is also " PhotoTAN" service, where the bank generates and sends a QR code image to a smartphone device of the online banking user. :Usually online banking with PIN/TAN is done via a web browser using SSL secured connections, so that there is no additional encryption needed. * Signature based online banking where all transactions are signed and encrypted digitally. The Keys for the signature generation and encryption can be stored on smartcards or any memory medium, depending on the concrete implementation (see, e.g., the Spanish ID card ''DNI electrónico'').


Attacks

Attacks on online banking used today are based on deceiving the user to steal login data and valid TANs. Two well known examples for those attacks are
phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwa ...
and
pharming Pharming is a cyberattack intended to redirect a website's traffic to another, fake site by installing a malicious program on the computer. Pharming can be conducted either by changing the hosts file on a victim's computer or by exploitation of a ...
.
Cross-site scripting Cross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability m ...
and
keylogger Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored ...
/
Trojan horses The Trojan Horse was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer's ''Iliad'', with the poem ending before the war is concluded, ...
can also be used to steal login information. A method to attack signature based online banking methods is to manipulate the used software in a way, that correct transactions are shown on the screen and faked transactions are signed in the background. Another kind of attack is the so-called
man-in-the-browser Man-in-the-browser (MITB, MitB, MIB, MiB), a form of Internet threat related to man-in-the-middle (MITM), is a proxy Trojan horse that infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages, modify t ...
attack, a variation of the man-in-the-middle attack where a
Trojan horse The Trojan Horse was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer's ''Iliad'', with the poem ending before the war is concluded, ...
permits a remote attacker to secretly modify the destination account number and also the amount in the web browser. A 2008 U.S.
Federal Deposit Insurance Corporation The Federal Deposit Insurance Corporation (FDIC) is one of two agencies that supply deposit insurance to depositors in American depository institutions, the other being the National Credit Union Administration, which regulates and insures cr ...
Technology Incident Report, compiled from suspicious activity reports banks file quarterly, lists 536 cases of computer intrusion, with an average loss per incident of $30,000. That adds up to a nearly $16-million loss in the second quarter of 2007. Computer intrusions increased by 150 percent between the first quarter of 2007 and the second. In 80 percent of the cases, the source of the intrusion is unknown but it occurred during online banking, the report states. In 2014 in the UK, losses from online banking fraud rose by 48% compared with 2013. According to a study by a group of Cambridge University cybersecurity researchers in 2017, online banking fraud has doubled since 2011. As of 2012 there were also combined attacks using
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depr ...
and social engineering to persuade the user himself to transfer money to the fraudsters on the ground of false claims (like the claim the bank would require a "test transfer" or the claim a company had falsely transferred money to the user's account and he should "send it back").


Countermeasures

There exist several countermeasures which try to avoid attacks. Whatever
operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ef ...
is used, it is advised that the operating system is still supported, and properly
patched Patched (Ptc) is a conserved 12-pass transmembrane protein receptor that plays an obligate negative regulatory role in the Hedgehog signaling pathway in insects and vertebrates. Patched is an essential gene in embryogenesis for proper segme ...
. Digital certificates are used against phishing and pharming, in signature based online banking variants ( HBCI/FinTS) the use of "Secoder" card readers is a measurement to uncover software side manipulations of the transaction data. In 2001, the U.S.
Federal Financial Institutions Examination Council The Federal Financial Institutions Examination Council (FFIEC) is a formal U.S. government interagency body composed of five banking regulators that is "empowered to prescribe uniform principles, standards, and report forms to promote uniformity ...
issued guidance for
multifactor authentication Multi-factor authentication (MFA; encompassing two-factor authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting ...
(MFA) and then required to be in place by the end of 2006. In 2012, the
European Union Agency for Network and Information Security The European Union Agency for Cybersecurity – self-designation ENISA from the abbreviation of its original name – is an agency of the European Union. It is fully operational since September 1, 2005. The Agency is located in Athens, Greece ...
advised all banks to consider the PC systems of their users being infected by
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depr ...
by default and therefore use security processes where the user can cross-check the transaction data against manipulations like for example (provided the security of the mobile phone holds up) SMS TAN where the transaction data is sent along with the TAN number or standalone smartcard readers with an own screen including the transaction data into the TAN generation process while displaying it beforehand to the user (see chipTAN) to counter
man-in-the-middle attack In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...
s.


Criticism and problems

The increase in online banking with a concomitant closure of local bank branch offices or reduced retail opening hours discriminates against people who cannot use online banking, for physical or mental limitations like age, or illness. In 2022, a retired Spanish urologist with
Parkinson's disease Parkinson's disease (PD), or simply Parkinson's, is a long-term degenerative disorder of the central nervous system that mainly affects the motor system. The symptoms usually emerge slowly, and as the disease worsens, non-motor symptoms beco ...
gathered more than 600,000 signatures in an online petition asking banks and other institutions to serve all citizens, and not discriminate against the oldest and most vulnerable members. In Spain, the number of bank branches had shrunk to about 20,000 in 19 years since the bailout of 2012 and with the Coronavirus pandemic another 3000 branches closed in 2 years. "They are excluding those of us who have trouble using the internet." In February 2022, Spanish banks signed a protocol at the Ministry of Economy (Spain) pledging to offer better customer services to senior citizens, for example by "extending again their branch opening hours, giving priority to older people to access counters and simplifying the interface of their apps and web pages". With online banking, race discrimination is even less likely to be pinpointed, because of intransparent decision-making by algorithms. Online banking requires access to broadband services. However not everyone has equal access to the internet, which has been called the
digital divide The digital divide is the unequal access to digital technology, including smartphones, tablets, laptops, and the internet. The digital divide creates a division and inequality around access to information and resources. In the Information Age i ...
. In March 2022, the U.S.
Federal Communications Commission The Federal Communications Commission (FCC) is an independent agency of the United States federal government that regulates communications by radio, television, wire, satellite, and cable across the United States. The FCC maintains jurisdicti ...
formed a task force to prevent digital discrimination.


See also

*
Contactless payment Contactless payment systems are credit cards and debit cards, key fobs, smart cards, or other devices, including smartphones and other mobile devices, that use radio-frequency identification (RFID) or near-field communication (NFC, e.g. Samsung ...
*
Direct bank A direct bank (sometimes called a branch-less bank or virtual bank) is a bank that offers its services only via the Internet, email, and other electronic means, often including telephone, online chat, and mobile check deposit. A direct bank has no ...
*
Electronic funds transfer Electronic funds transfer (EFT) is the electronic transfer of money from one bank account to another, either within a single financial institution or across multiple institutions, via computer-based systems, without the direct intervention of b ...
* Enhanced Telephone (Citibank product circa 1990) *
Free and open source software Free and open-source software (FOSS) is a term used to refer to groups of software consisting of both free software and open-source software where anyone is freely licensed to use, copy, study, and change the software in any way, and the sour ...
*
Mobile banking Mobile banking is a service provided by a bank or other financial institution that allows its customers to conduct financial transactions remotely using a mobile device such as a smartphone or tablet. Unlike the related internet banking it uses ...
*
On-line and off-line In computer technology and telecommunications, online indicates a state of connectivity and offline indicates a disconnected state. In modern terminology, this usually refers to an Internet connection, but (especially when expressed "on line" o ...
*
Open banking Open banking is a financial services term within financial technology. It refers to: #The use of open APIs that enable third-party developers to build applications and services around the financial institution. #Greater financial transparency ...
*
SMS banking Short Message/Messaging Service, commonly abbreviated as SMS, is a text messaging service component of most telephone, Internet and mobile device systems. It uses standardized communication protocols that let mobile devices exchange short text ...
* Telephone banking


References


External links

* Gandy, T. (1995): "Banking in e-space", The banker, 145 (838), pp. 74–76. * Tan, M.; Teo, T. S. (2000): "Factors influencing the adoption of Internet banking", Journal of the Association for Information Systems, 1 (5), pp. 1–42. {{DEFAULTSORT:Online Banking Web applications