[Securing Internet Banking] Part 3 – Rationale and Risks

The banking industry could be seen as an odd bedfellow when read together with the Internet. Banks are generally known to be conservative, highly sensitive to security, risk-adverse and values stability and reliability. The Internet on the other hand moves at such a high speed that it prompted the term ‘Internet time’ to be coined. The Internet is usually unsecured, mostly uncontrolled by any single authority, often unreliable and generally seems to be the anti-thesis of everything banks symbolises.

So it is surprising to note that Internet banking services today form a large bulk of the activities on the Internet. In a survey done by Eurostat in 2003[1], about 40% of all Internet users in Europe use Internet banking. This is in comparison with email, which leads at 80%.

There could be a number of reasons why Internet banking became successful. Firstly for the customer Internet banking is an incredible innovation that simplifies the process of transacting with the bank. Previously, a bank customer needs to physically appear before a bank teller in a branch during his office working hours (meaning he will either need to sneak out or take some time off). Internet banking on the other hand can be done any time, any where. Convenience is probably the most compelling reason for the bank customer, driving them to adopt this new technology with relish.

For the bank, there are a few evident reasons. As their customers increasingly demand convenience, it is inevitable that the banks need to bow to their wishes and move into this direction or be edged out by their competition. The fear of being left behind alone is a main driver behind many banks’ move to the Internet banking services.

At the same time, Internet banking allows the banks to extend their current market and to reach out to more customers where it could not have been possible without incurring high costs previously. Traditionally banks are limited by their geographical coverage and their operations increase exponentially as their branches are located further and further away. Internet banking on the other hand is without any real boundaries other than the legal and regulatory restrictions that prevent banks to operate in multiple countries without the approval of that country.

However, the most compelling reason for banks to move into Internet banking is probably the allure of a significant cost reduction in providing the banking services. In 1996 Booz-Allen and Hamilton conducted a survey in the US and found that the cost of a full banking transaction over the counter was $1.07 while it was 54 cents via the telephone, 27 cents for an ATM but only 1 cent for Internet banking[2]!

However, as with most things the benefits of Internet banking is a two-edged sword and comes with a different set of risks that were previously not significant to the banks. As the geographical reach of the bank increases through Internet banking, it becomes more challenging to verify their customers and make good credit decisions. The business case for Internet banking services, especially for Internet-only banks, remains unproven[3] as banks struggle with unforeseen operational costs and issues that they were familiar with.

Regulatory issues on Internet banking are mostly unclear at this point in time, which increases the overall risk of doing business on the Internet. For example, much of the existing legislation around the world still treat Internet banking alongside ATM or phone banking. The bank’s liabilities concerning Internet banking are still unclear today as well. In cases of fraud and security breaches, the liabilities of the bank customer and the bank are still a matter of contention. To protect the consumer, most governments tend to shield the bank customers from any negative effects even though bank-customer contracts usually disclaim liability. In any case, any negative issues with a reputed bank’s Internet banking services will usually drag their name and their brand through the mud. For the bigger and more prestigious traditional banks, this poses a tremendous risk in damaging their brand assets.

Most banks do not have significant expertise on Internet technologies or in implementing and maintaining an Internet banking application. Unfortunately it is also true for most organizations – enterprise-level Internet applications are relatively new and sophisticated. One of the most serious risks faced by the banks however is the issue of securing access to the Internet banking services.

The tremendous number of banking transactions that occur daily over a medium that is basically unregulated is an open invitation for criminal and fraudulent activities. In a 2003 survey of financial institutions around the world, 39 percent of respondents said their computer systems had been ‘compromised’ in some way the previous year.[4]

[1] See Christopher Demunter, Internet use in Europe: security and trust (2005)

[2] Booz-Allen & Hamilton, “Consumer Demand for Internet Banking” (1996)

[3] Robert DeYoung, “The Performance of Internet-Based Business Models: Evidence from the Banking Industry,” Journal of Business, University of Chicago Press, vol. 78(3), pages 893-948. (2005)

[4] See Laura Bruce, Online banking security: Who’s minding the vault?, http://www.bankrate.com/brm/news/emoney/technoguide2004/ebank-security1.asp


One thought on “[Securing Internet Banking] Part 3 – Rationale and Risks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s