For adopters of internet banking, branch visits are turning to be a distant memory. Whether it is transfer of funds, payment of utility bills or purchase of travel tickets, bank customers are migrating to internet in large numbers.
In fact, those who have not migrated to the Net may soon end up being in a minority. State-owned banks have put in place core-banking solutions and are pushing internet banking in a big way. Already, around 30% of the customer base of public sector banks is carrying out online transaction.
Their private peers, on the other hand, have seen an increase from 40% to 80% of their total customers shifting loyalties from branch banking to internet banking.
While adoption of online banking has reached a tipping point, many users still worry about security issues. “The major concern in online banking for a customer still remains the security aspect,” says KVS Manian, group head, retail liabilities and branch banking, Kotak Mahindra Bank.
The solution to address such concerns lie both with banks and their customers. Bankers as well as IT experts believe it is not the security systems, but poor customer awareness which leads to most internet banking frauds.
Cyber cafes are a big no-no for online transactions. There are higher chances of viruses capturing your data, thereby increasing the scope of misuse. “If you try to access sites from an internet cafe, the line and systems are not secure. You are not sure how authentic the software is on the cafe’s system. Further, desktop cookies are saved in the system and smart hackers will use that to access your bank accounts,” says Asheesh Raina, principal research analyst, Gartner.
The same applies to locations that offer online connections through wireless networks (WiFi). Your office desktops are spared from most possible malicious attacks as they are mostly exclusively used by you and are password-protected.
Sanjeev Patel, executive VP and head direct banking channels, HDFC Bank, explains: “There is a huge possibility of these publicly shared computers to have key logging software. That may compromise the overall quality of online banking.”
There are software programs - spyware and trojan programmes - designed to capture key strokes on a keypad. These software make way to a system through some free downloads. They have the ability to install key stroke loggers, and collect and report consumer’s personal information to unwanted parties. If a customer is using pirated software the anti-virus software may just not have the ability to removes these viruses.
The other major risk factor is the illegal use of software in India, which is estimated at 69%. Software piracy may come in with commercial benefits, but it comes with a price tag.
“It greatly compromises security of the transactions, since users of pirated /counterfeit OS or software are at a higher risk of virus and malicious code attacks. This makes computer more vulnerable and can lead to theft of personal and confidential information (like credit card, bank account, passwords, address book information) from your computer without your knowledge.
Stolen information can be exploited immediately through pirated software by identity thieves,” said Shantanu Ghosh, vice president, India product operation, Symantec Corporation.
Be it Phishing or viruses such as spyware or trojans, most banks counter them by using 128-bit SSL-encrypted medium, the highest level of security on the Net. But customers can take the extra step by using online keyboard for typing out password instead of physical keypad.
When a customer signs in for Net banking he has the option of asking for a virtual keyboard. The monitor flashes a keyboard identical to the physical one on the monitor. Click the relevant keys and sign into Net banking. There is another twist to this, called scrambled virtual keypad, which changes the key positions every time a customer signs in.
Banks also provide at least two-level authentication process to carry out Net banking using debit cards. The first level is the usual keying of the user name and password. The second level could be providing an additional password, numeric security code or answering personalised questions.
“The personalised image and phrase are difficult to crack by fraudsters as it is known only to the customer. The idea is to provide additional and personalised layers to carry out Net banking,” Patel adds.
Further, customers can only transfer funds to their registered beneficiaries. “Beneficiary registration is carried out through factor authentication. Further, all online transactions trigger an immediate alert to the customer’s email ID and mobile number,” Manian adds.
If the beneficiary isn’t registered, banks provide 24-hour cooling period and get in touch with customers to ensure that they want to transfer money to that particular individual. SMSes and email alerts act as second round of defence. All online transactions trigger an alert immediately.
Here are some other simple tips for customers to avoid falling for Net banking frauds: Have you ever checked the URL in the address bar? Genuine websites have their addresses starting with ‘https: // ’ (not just ‘http://) . Here, ‘S’ literally stands for security. Also don’t entertain any requests for personal information from those claiming to be bank executives.
Lastly, customers should change passwords frequently. It helps if use alpha numeric or characters like%, $, #. Undoubtedly, banks have carried out precautionary measures to ensure safe online transactions for customers. But it becomes a meaningful exercise only if you do your bit.
Source: www.indiatimes.com , Infotech
Very Informative for non tech savvy users.
ReplyDelete