Вы находитесь на странице: 1из 17

Online Banking Security

Introduction
While the internet offers enormous advantages and opportunities, it also presents various security risks. With this in mind, banks take extensive steps to protect the information transmitted and processed when banking online. This includes, for example, ensuring that conferential data sent over the internet cannot be accessed or modified by unauthorized third parties. But the banks normally have no influence over the systems used by their customer. The choice is entirely up to the, Moreover, the system selected a PC connected to the internet, for example will usually be used for a number of other applications as well. The systems used by online banking customers are therefore exposed to risks beyond the banks control. For this reason the banks cannot assume liability for them.

What Is Internet Banking? Definition 1 Internet banking lets customers conduct their banking online. Definition 2 Where banking transactions such as payments, transfers and account balances are made via the internet. The banks have a number of measures in place that offer effective protection against attacks when information is sent over the internet or processed by the bank server. Internet banking means any user with a personal computer and a browser can get connected to his banks website to perform any of the virtual banking functions: Balance enquiry. Transfer of funds. Online payment of bills. Accrued interest, fees and taxes. Transaction details of each account. Accounts, credit card & home loan balances. Transfer funds to third party accounts you nominate. Open a deposit right from the terminal you are sitting at.

Why did we choose INTERNET BANKING?? There are lots of reasons to bank online You can track your finances 24 hours a day and take decisions instantly. Internet banking is becoming more and more popular among the masses. To provide more Quality Information on Internet Banking. Make the concept and procedure more familiar.

History
The concept of Internet banking has been simultaneously evolving with the development of the World Wide Web. Programmers working on banking data bases came up with ideas for online banking transactions, sometime during the 1980's. In 1983, the Nottingham Building Society, commonly abbreviated and referred to as the NBS, launched the first Internet banking service in United Kingdom. This service formed the basis for most of the Internet banking facilities that followed. The facility introduced by Nottingham Building Society is said to have been derived from a system known as Prestel that is deployed by the postal service department of United Kingdom. In India, ICICI was the first bank to initiate the Internet Banking Revolution in India as early as 1997 under the brand name Infinity. ICICI kicked off online banking way back in 1996. But even as a whole, 1996 to 1998 marked the adoption phase, while usage increased only in 1999-due to lower ISP online charges, increased PC Penetration and a Tech Friendly atmosphere. First, you should understand the risks of online banking. Four types of attacks are common:

Major risks to be aware of: phishing, identity theft, Keylogging and Pharming.

Phishing.

This method is also known as fake emails. In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication This involves you clicking a fake link to a page that looks like it was set up by your bank. The page will have a login area where you enter your account details, and those details are sent to the scammers. With your login details -user name, password and personal identification number -- in hand, they would be able to access your account and steal your money. Emails are sending by fraudulent bank. Customers verify the personal information. These Emails Guide customers and make them enter the fraud links. Thereby Disclosing the customers ATM card numbers and their passwords

Identity theft.

Even if hackers don't steal from your account, it can be compromised by identity theft. ID thieves can capture your personal information, such as your Social Security number, and other identifying data. That data could be used to create new accounts in your name or hack into your other accounts.

Keylogging

If you access your online banking site on public networks, such as Internet cafes or public Wi-Fi, there is a chance that you could fall prey to keylogging. Keylogging uses software that records your keystrokes to get your account details.

Pharming.

This might be a little more difficult for hackers to carry out, but it does happen. Pharming occurs when hackers are able to hijack a bank's URL so that when you try to access your bank's website, you get redirected to a bogus site that looks like the real thing.

What to do How do you deal with all these risks? Confirm your online bank's legitimacy. The Federal Deposit Insurance Corp. has a tool that lets your search for banks whose deposits it insures. Always verify the legitimacy of any Web site that asks you for personal information. Be very careful with copycat websites. Be sure you do not fall prey to sites that use a name that is very similar to that of your online bank -- for example, BankofAnerica.com or Citigrop.com. When you receive an email purporting to be from your bank, don't click any links in the email. Instead, type in the URL of your bank in the address field of your browser, then log in when the site comes up. If your bank is really trying to contact you, you'll likely find a message when you access your account. You can also call the number on the back of your debit card or on your latest bank statement.

Learn more about your bank's security system. You should know how your bank encrypts your private information. When you are accessing the website, you should find a small lock or key icon to tell you that the site and your transactions are secure. You should be able to use PINs and passwords when you access your account online. Finally, do not send personal information over email. Under no circumstances would your bank ask for personal data via email. Protect your computer. Hacking attacks are not always directed at banks. Because many such attacks are directed at customers, you should have the latest virus and malware scanning software installed on your computer. You should also ensure that all the software you use on your computer has the latest security updates. Keep your computer and the rest of your digital devices up to date with the latest security updates, fixes, or patches. A computer with antivirus software and an operating system that is regularly updated, combined with a personal firewall, provide a strong foundation of protection from malware and other online threats

Dont trust public computers. Theres usually no good way to know if public computers, such as those in libraries or schools, are infected with malware or are lacking adequate protection. Avoid accessing financial accounts or making online purchases on such computers. Its always best to use a computer that you trust,

In addition, you shouldn't get lazy when it comes to online banking. Some banking websites have an option that offers to "remember your computer." Choosing this option would allow you to bypass some security questions if the bank's system recognizes your IP address. The problem is that hackers can spoof your IP address and make your bank think that the hacker's computer is really yours.

Take reasonable cautions with everything you do. Do not click links on emails, do not download anything from people you do not trust.

Online Banking Security:

Security of a customer's financial information is very important, without which online banking could not operate. Financial institutions have set up various security processes to reduce the risk of unauthorized online access to a customer's records, but there is no consistency to the various approaches adopted. Different security methods used for online banking. 1.SSL SSL is the security method used to transmit sensitive information like credit card numbers and online banking data over the Internet. Basically, SSL is the technology used to encrypt and decrypt messages sent between the browser and server. By encrypting the data, you protect messages from being read while they are transferred across the Internet. SSL encrypts a message from the browser, then sends it to the server. When the message is received by the server, SSL decrypts it and verifies that it came from the correct sender (a process known as authentication). SSL consists of software installed on both the browser and server. If you are using a recent version of any of the major browsers, support for SSL is built into the browser. But you still need to activate SSL on the browser and install it on your Web server. Several companies, including VeriSign, SSL.com, and Equifax offer SSL encryption and authentication tools. Secure Socket Layer (SSL) protects data in three key ways:

Authentication ensures that you are communicating with the correct server. This prevents another computer from impersonating Bank Encryption scrambles transferred data. Data integrity verifies that the information sent by you to Bank wasnt altered during the transfer. The system detects if data was added or deleted after you sent the message. If any tampering has occurred, the connection is dropped. The process of SSL encryption relies upon two keys: the server's public key and private key. The private key only exists on the Web server itself and is used by the Web server to encrypt and decrypt secure messages. The public key exists on any client computer that has installed a root certificate for that Web server. Once the public key is installed, the user can send encrypted messages to and decrypt messages received from the Web server

Breaking down Encryption: SSL handles the scrambling of messages for you so that only the intended recipient can read it. The encryption/decryption process goes something like this: 1. The user browses to the secure Web server's site. 2. The user's SSL secured session is started and a unique public key is created for the browser (using the certificate authority's root certificate). 3. A message is encrypted and then sent from the browser using the server's public key. The message is scrambled during the transmission so that nobody who intercepts the message can make sense of it. 4. The message is received by the Web server and is decrypted using the server's private key. Figure shows this process.

Figure 1 Asymmetrical Encription using SSL The encryption process can be either symmetric or asymmetric. Symmetric encryption uses a single key by both parties to encrypt and decrypt secure messages. The problem is that the key itself has to be passed along as part of the conversation. Because of this downfall, asymmetric encryption was welcomed.Using asymmetric encryption lets you tightly and securely transact business via the Web. 2. OTP: One Time Password A one-time password (OTP) is a password that is valid for only one login session or transaction. One Time Passcode (referred to as 'OTP') is one of our security measures. It's only used for setting up new payment instructions (for the first time only), or changing important information (like your contact

details). It's great, because you only need to register a mobile phone number with the bank- and you don't need to remember any new passwords. This means that a potential intruder who manages to record an OTP that was already used to log into a service or to conduct a transaction will not be able to uae it, since it will be no longer valid. Methods of generating OTP 1 Time-synchronized A time-synchronized OTP is usually related to a piece of hardware called a security token (e.g., each user is given a personal token that generates a one-time password). Inside the token is an accurate clock that has been synchronized with the clock on the proprietary authentication server. On these OTP systems, time is an important part of the password algorithm, since the generation of new passwords is based on the current time rather than, or in addition to, the previous password or a secret key. 2 Mathematical algorithms A few unknown mathematical functions come together to create an OTP. End of work session To better ensure your security, after having logged in and spent a maximum time without using online features, the system will interrupt your work session. In order to continue to work, you then need to log in again. This arrangement serves to prevent other people from operating on the system during your absence.

Online Banking Safety Tips Here are some simple tips that you can follow to ensure that your online banking experience is safe and hassle free.

Keep your information confidential Changing your password Look for the lock icon Use a firewall Use Direct Deposit Shop with Verified by Visa Install security updates

Privacy policies Safe computing practices Online security Clear your cache

Keep your passwords, Personal Identification Number (PIN) and card numbers confidential Do not share your CIBC Online Banking password or bank machine Personal Identification Number (PIN) with anyone. Giving your password or PIN to another person or company places your finances and privacy at risk. Change your password regularly and use a different password than you use for other websites. Make it difficult for others to guess your password by using a combination of letters and numbers in your password. If you think someone knows your password, change it right away. Never share, disclose, or provide your card number or password to another party or website other than CIBC. CIBC will never send you an e-mail requesting this information. Keep your Personal Verification Question (PVQ) answers confidential Do not share your Personal Verification Question (PVQ) answers with anyone, and do not disclose them in e-mails. Giving your PVQ answers to another person or company places your finances and privacy at risk. CIBC will never send you an e-mail requesting this information. Your PVQ answers for CIBC Online Banking should be unique - do not use PVQ answers that you have used previously on other web sites.

Changing your password Never save your card number or password on a publicly accessed computer. If using a publicly accessed computer such as at an internet caf or public library, change your password after completing your session by calling CIBC Telephone Banking: 1-800-465-2422 (Canada and U.S. toll free) 1-902-420-2422 (Outside Canada and U.S., no collect calls accepted) When selecting a password, choose a password that cannot be easily guessed by anyone else.

For CIBC Online Banking, use: An alpha-numeric combination A password more than six characters long A combination of capital and lower case letters For Investor's Edge, Imperial Investor Service and Wood Gundy, use:

Numbers only Between 6-12 characters Don't use:


A password you use for any other service Your name or a close relative's name Your birth date, telephone number or address, or those of a close relative Your CIBC account number Your card number

Look for the lock icon Before entering personal information on a website, look for the "lock" icon in your browser. A closed lock or padlock indicates that the website you are on is secure. Use a firewall When your computer is connected to the Internet, it is vulnerable to attack. Although this is a problem for all types of Internet connections, DSL and cable modem connections are more vulnerable because they offer an "always on" capability. You can help protect your computer from attack by using a personal firewall. Personal firewalls can be software, hardware, or both, and create a barrier to attacks. Microsoft Windows and Apple MacOS X both include automatically activated firewalls. If you are not sure your system has an activated firewall go to the appropriate site below to learn more. Microsoft Windows XP: Configure the Internet Connection Firewall Apple MacOS X: Enable MacOS 10.4 firewall protection

Direct Deposit and CIBC Online Banking You can arrange with your employer to have your salary deposited directly to your CIBC account so you can prevent lost or stolen cheques. With CIBC Online Banking, you can also set up recurring transfers and payments from your CIBC account so that your obligations are met automatically. Shop with Verified by Visa Verified by Visa protects your CIBC Visa Credit Card with a password. Once you set up your free Verified by Visa password, you will be prompted for it when you use your CIBC Visa Credit Card to make purchases at participating online merchants. * Visa Int./CIBC lic. User Install security updates Most personal computers use the Microsoft Windows and Apple MacOS operating systems. The makers of these systems regularly issue security updates to protect against new and emerging threats. You should download and install security updates regularly or configure your operating system to automatically check for new updates. Windows: To download the latest Microsoft Windows updates, visit Windows MacOS X: Choose "Software Update" from the Apple menu. Look for privacy policies on other websites CIBC websites provide links to other websites that are not operated by CIBC or governed by CIBC's Privacy Policy or security standards. If you visit one of these websites, you should read their unique privacy and security policies before entering data on those sites. Safe Computing Practices With CIBC Online Banking, you can manage almost all of your everyday banking, anywhere you have Internet access, using your laptop or a trusted computer terminal.

Important tips:

When you're traveling, always use a trusted computer whenever possible If you are concerned about the security of the computer you are using, try usingTrusteer Rapport Never leave your computer unattended once you have signed on to CIBC Online Banking After completing your transactions, ensure that you sign out of CIBC Online Banking, clear your cache, and close your browser If you are using an older version of Internet Explorer we recommend that you upgrade to Internet Explorer 8.

Online Security We want you to be confident when accessing your financial information online. CIBC uses multiple layers of protection to increase your security while using CIBC Online Banking or accessing your online investment accounts. Secure Online Banking and Investing We offer you secure access to your banking and investment accounts. As part of the sign on process, you may occasionally be prompted to answer one of the Personal Verification Questions (PVQs) you have set up. Once you have signed on, you can check your balances, transfer funds, and pay bills online quickly and safely. We also monitor activity in banking and investment accounts to enhance your security and to protect your financial information. One of the security features you will notice in CIBC Online Banking and the online services of CIBC Investor's Edge, CIBC Imperial Investor Service, CIBC Wood Gundy, and CIBC Private Investment Counsel is the date and time of your last sign on, which is displayed within key areas. The date and time displayed should match the last time you signed on. Web browser encryption Web browsers use encryption to communicate securely over the Internet. You must have a browser with 128-bit encryption to use CIBC Online Banking or the online services of CIBC Investor's Edge, CIBC Imperial Investor Service, CIBC Wood Gundy, or CIBC Private Investment Counsel. All of the browsers supported by CIBC Online Banking and these online services offer 128-bit encryption.

Session timeout To protect you further, your online session will end after a period of inactivity. If you wish to continue accessing your online banking or investment accounts, you will have to sign on again. You should always sign off when you are done and, if using a computer that isn't your own, you should clear your browser's cache and close the browser window. Clear Your Browser's Cache If you use a public or shared computer to access CIBC Online Banking, it is vital that you sign off when you are finished. Once you have signed off, you should enhance your security by clearing the browser's cache. The cache maintains a copy of web pages that have been viewed recently. Merits/Demerits of Internet Banking Merits: Among the advantages of online banking include the following: Convenience: Unlike your corner bank, online banking sites never close; they're available 24 hours a day, seven days a week, and they're only a mouse click away. Ubiquity: If you're out of state or even out of the country when a money problem arises, you can log on instantly to your online bank and take care of business, 24/7. Transaction speed: Online bank sites generally execute and confirm transactions at or quicker than ATM processing speeds. Ease of monitoring A client can monitor his/her spending via a virtual wallet through certain banks and applications and enable payments. Transfer services Online banking allows automatic funding of accounts from long established bank accounts via electronic funds transfers.

No time constraint. Online banking is also stress free because it never closes unlike the traditional banking that has cut-off time.

Easy to access via PC. Using your personal computer, you can easily do various transactions with your bank in view of your business or any other personal or financial matters. Easy way of payment. Bill payments can also be handled properly and smartly. Instead of waiting for certain due dates, you can easily pay all your transactions using your computer and in coordination with your bank. Higher interest rate. Another great advantage of online banking is the interest rates which basically range between 5% to 3.40% annually. Unlike the traditional banking, online banking can earn you a better interest or return of investment both in your savings and checking account. Banking online is both efficient and effective. With just one secure site, all your financial transactions can be managed orderly. On the other hand, the following are the disadvantages of online banking:Demerits: Start-up may take time: In order to register for your bank's online program, you will probably have to provide ID and sign a form at a bank branch. If you and your spouse wish to view and manage your assets together online, one of you may have to sign a durable power of attorney before the bank will display all of your holdings together. Learning curve: Banking sites can be difficult to navigate at first. Plan to invest some time and/or read the tutorials in order to become comfortable in your virtual lobby. Bank site changes: Even the largest banks periodically upgrade their online programs, adding new features in unfamiliar places. In some cases, you may have to re-enter account information. The trust thing: For many people, the biggest hurdle to online banking is learning to trust it. Did my transaction go through? Did I push the transfer button once or twice? Best bet: always print the transaction receipt and keep it with your bank records until it shows up on your personal site and/or your bank statement. Finally is the trust aspect. Online banking should be entered very carefully if you wish to enjoy your financial life.

Conclusion Online banking allows customers or users to conduct financial transactions on a secure website operated by their banks, credit unions or building societies. Online banking has grown rapidly using today's computer technology thereby providing the option of online payment bypassing the time-consuming, traditional banking in order to manage the finances more quickly and efficiently. According to a report nearly one-quarter of all adults, and almost half of all Internet users have reported being online banking customers. Banks see online banking as a valueadded customer service and are trying their best to facilitate convenience and speed at low cost. Further, online banking becomes less secure if users are careless. It is very important that the bank provide best security measures to its customers.