The banking sector has always been open to attack and fraud from external and internal sources and substantial effort and investments have continuously been expended in safeguarding the assets of banks and customers. ATM cards, Debit and Credit Cards have brought their own shares of possibilities of frauds involving misuse of PINs, skimming of balances and frauds at processing centres. Internet banking is also open to a number of attacks at various stages capable of harming the finances of banks and customers.
This factor continues to worry consumers and bankers, and while banks are continuously investing in security measures, frauds and attacks continue to occur at both the organised and individual level. In fact the chief threat to the adoption of internet banking is the perception of increased risk associated with internet banking. Online banking is suffering through a withdrawal phase. A study last fall by I. T. security firm Entrust found that 18 percent of Americans who bank online plan to do so less often because of security concerns.
A third of the respondents said they were worried about their bank’s Web site being spoofed by a fraudulent facsimile that would trick them into divulging their logon information. (Arnfield, 2006) It continues to be a matter of concern that with growth of online banking threats to the safety of financial information as well as actual money held in banking accounts will possibly be a new threat customers will have to live with. Most people view their financial information as absolutely personal, a record of their past and a window into their future financial worth.
They are also apprehensive of financial institutions in the post Enron climate of distrust. “Let’s face it, a bank is in the business of trust,” said Mark Rasch, the former head of the U. S. Justice Department’s computer crimes unit. “The reason you go to a bank is because you trust them not only to give you a good rate of return on your money, but also to keep your money safe and secure, and to protect your privacy associated with your finances. Attacks on the electronic infrastructure are attacks on all three of those”.
(Junnarkar, 2002) While the potentiality of attacks is plentiful a 2004 report on “Internet Banking and Two Factor Authentication” categorises the main types of attacks as follows. Trojan Horse attacks target software solutions with keys installed on a hard disk or downloaded from a server. A Trojan Horse virus, true to its name installs itself in PC memory and reports what is being entered or processed. Viruses like AJ Trojan record details and passwords when customers visit legitimate on line banking web sites.
Phishing attacks begin with e mail, are large scale and carefully planned. Phishing attacks are very treacherous; the email appears to come from the bank, leads the recipient to a convincing web page and tricks him into entering his user name and password. Once obtained, the passwords are used by the attackers to log in to the customers account and drain it of funds. “New variations occur almost daily, and use a wide variety of techniques to deceive users into thinking that the bogus e-mail or Web site is genuine”.
(Internet Banking and Two Factor Authentication , 2004), Criminals who indulge in Phishing can also send thousands of fraudulent emails at once; even if only one person in a thousand falls for the scam some users’ details are picked up for milking later. Man-in-the-Middle Attacks are the hardest to carry out and are performed while the victim is on-line; the classic example being the presence of a person at an Internet Service Provider installing an extra server intercepting and modifying communication under way between the client and the bank.
Banks are continuously working to enhance security; nevertheless it remains a continuous source of concern for both the bank and the customer. Very obviously, there are a number of risks associated with internet and other forms of electronic banking and which do not apply to regular physical banking. These could stem from fraudulent use of the ATM or debit cards of the customer, unauthorised debits by way of bank transfers and access to banking accounts. The Electronic Fund Transfer Act (EFTA) is the major federal law, which protects customers covering electronic banking and internet banking transactions.
It covers most electronic fund transfer products and services associated with a consumer bank account, such as ATM and debit cards and internet banking. Under the provisions of Federal Reserve Board Regulation E (Electronic Fund Transfers), which implements the act, when you use an ATM card to withdraw money from or make deposits to your bank account, or use a debit card at a point-of-sale (POS) terminal to pay for a purchase with money from your bank account, you must receive a written receipt giving such information as the amount of the transfer, the date it was made, and the location of the terminal.
This receipt is your record of transfers initiated at an electronic terminal. You can compare this receipt with your periodic bank account statement, which must show electronic fund transfers to and from your account, including those made with an ATM or debit card, by a preauthorized debit, under a telephone transfer plan, or as a computer banking transaction. Anguelov, Hilgert, and Hogarth, 2004)
It is also mandatory by law that the statement must identify the party to whom payment was made and show service charges, if applicable. Consumer liabilities for unauthorised transfers are laid down for ATM, Debit Card and Credit Cards. The law also specifies the periods within which information needs to be passed on to the bank or institution to limit liability significantly.