E-banking or on-line banking is one of the newest financial products in the Kenyan financial market. Commercial banks are outdoing each other in order to capture a bigger share of the market. They target middle aged individuals with steady incomes and who appreciate the impact of information communication technology (ICT) in their day to day lives. These individuals have access to mobile telephones and computer terminals connected to the internet.
Through on-line banking, the individuals can pay their rents, insurance premiums, mortgages and a host of other payments without ever going to a banking hall or even to an automated teller machine (ATM). This adoption of on-line banking has resulted in increased cases of on-line frauds.
(a) What is meant on-line fraud?
(b) Discuss security measures which could be adopted businesses and individuals involved in e-banking/on-line banking.
On-line fraud: is any fraudulent behaviour with computerization which someone intends to gain financial advantage.
Security measures taken business;
Secure customer identification and authentication. Access to the e-banking service is controlled through the use of a customer number and password. The e-banking serve uses the combination of these two codes to uniquely identify each customer.
Guarantee of maximum secrecy in the transmission of data. e-banking is hosted on, and supported by, a system which uses the most powerful encryption technology that is commercially available. The use of encryption guarantees that the information exchanged between your system and the e-banking system remain confidential and cannot be intercepted. Both the online submission of applications for subscribing to internet banking services and the electronic transactions conducted are protected using the highest encryption levels applied worldwide for this purpose.
Digital certificates –the use of digital certificates which are issued trusted third parties, allow users to verify the identity of a system.
Automatic log-out the e-banking service has been designed so as to log you out of the system automatically, if the system has not been used for more than 5 minutes. This precaution aims to provide you with relative security in case you forget to disconnect, preventing third parties from using the service in your place.
Use of special purpose security software and mechanisms –maximum care has been taken to ensure the security of the network as well as of the systems that support the service. In addition to encryption, the e-banking service is protected multiple, state-of-the-art, special purpose security software systems such as firewalls and intrusion detection systems (IDs). At the same time, special emphasis has been placed on physical security, and for this purpose access to the e-banking systems allowed only to authorize employees of the bank.
High availability with the aim to offer a continuous, uninterrupted service to its customers, the banks have invested in technologies that ensure high availability levels for the e-banking service.
Continuous security audits and checks against electronic fraud – for guaranteeing the best possible service to you, the bank conducts daily audits of the e-banking infrastructure and application, checking for attempts or traces of security threats or electronic fraud. In parallel, and in co-operation with companies specializing in security, the banks conduct regular additional audits to confirm and enhance the security of this particular infrastructure.
Protection of personal data. Acquisition and processing of your personal data and account details is performed the banks with the utmost care and only to the extent
required for the services provided. The banks continuously sees to it that your personal data are secure, in compliance with Laws 2472/1997 and 2774/1999, and with all additional ordinances, circulars and directives issued the Hellenic Data Protection Authority and any other national or European Community authority.
Security measures taken individuals protect your e-banking service password. Try to memorize your password, and destroy any document on which it is printed. Customers are held liable for all the transactions conducted using the customer numbers and passwords regardless of whether the natural persons who conducted such transactions were the customers themselves or not. Therefore, protecting your password is very important.
Never disclose in any way whatsoever (e.g. orally, in writing, via e-mail) your password to third parties.
Password that you originally receive is valid only for the first time you log into the system. After you enter your customer number and password for the first time, the system will prompt you to change your password. Select a password that is difficult to figure out; this should be composed of 6 to 8 digits, of which at least one should be a letter of the alphabet. Avoid using your name, your date of birth or information that is characteristic of you or of those close to you.
If you believe that a third party may have found out your password, contact immediately the Direct Banking Customer support centre.
Check the digital certificate in order to be sure that you are connected to the e- banking system. You should check the identity of the system checking its digital certificate.
Check your account if you observe in your monthly account statement any activities which do not remember to have made, contact immediately the Direct Banking Customer Support.
Follow the log-in and log-out procedure you should always follow the log-in and log- out procedure for connecting to, and disconnecting from the e-banking system, especially if you are using a computer that is also available to other users.
Protect your PC against viruses –you should protect your PC against computer viruses, which are mainly spreading through email messages, installing an anti-virus application on your PC. You should also remember to regularly update this application in accordance with the instructions of its manufacturers.
Configure your PC for Enhanced Security – this will assist to keep off hacker and any other unauthorized user to the system.