Online Banking
An Insight Into Development & Security
A Case study Based
(?
— ----^ A ^TRUNCĩAM
(ỊS ) THỒH6 TIN THƯVIỂN
s L NN-VH NƯỚC NGOAI
T4TV
G raduation T hesis Subm itted to
Hanoỉ University
for the d egree of
Bachelor of Computer Science
By
Nguyen Thanh Van
(Computer Science)
Supervisor: MSc. Trieu Thi Van Hau
December, 2009
Abstract
The w orld vvitnesses an iníbrm ation and technological revolution. This revolution has
touched every aspect o f p eo p le's life including banking. Such changes and developm ents
have im pacts on both custom ers and bankers. It brings huge changes in m odem banking
transaction activities and giving us a greater opportunity to access the banking system
anytim e and anyw here. Hovvever, ju st like two sides o f a sam e coin, O nline b a n k in g also
has som e pros w hich are the barriers for its developm ent. O ne o f the key barriers is the
security concem s associated w ith the O n l i n e banking system. M any custom ers feel that
O nline b a n k i n g is n o t s e c u r e e n o u g h , a n d to i n c r e a s e its s e c u rity level, s o m e te c h n iq u e s
have been applied. Som e o f them are Secure Socket Layer (SSL) or tw o-factorauthentication.
This paper explores the current developm ent o f Online banking in the w orld in general
and in V ietnam in particular. B esides, explain the reasons w hy O nline banking is
becom ing a new trend in banking íìeld. íìgures out some key challenges, especially in
term o f security and investigates som e w idely used techniques that helps im prove the
security o f O nline banking are also contents that are m entioned in this thesis.
Acknovvledgments
1 w ould like to íìrst and íorem ost express m y great gratitude to m y supervisor MSc. Trieu
Thi Van Hau from Faculty o f Inform ation Technology, Hanoi U niversity for her
enthusiastic guidance. She helped. stim uỉated suggestions and encouraged m e a lot in all
the time o f research for and vvriting o f this research.
1 am particular grateíul to all the teachers o f Facultv o f Inform ation Technology, Hanoi
U niversity w ho have taught me vvith all enthusiasm s, the h elpíulness, the caring. gave me
the chance and the possibility to com plete th is thesis. I have leam t a lot precious lessons
from m y all o fy o u , not only in inform ation technology major.
I also w ant to give m y thanks to the staffs o f library o f Hanoi U niversity supported me in
fmding necessary m aterials. Especially, 1 am obliged to thanks M rs. N guyen N ga for her
assistance in her training and support m e in Endnote softw are and proquest database
which help me a lot in m y thesis.
Last, though by no m eans least. I am greatly indebted to m y fam ily vvhose love and
consistent support has kept me on the right track. M y results and this thesis are dedicated
to my parents, w ho believe in me and \vho sacriíìced so much to raise me.
Table of Contents
T able o f C o n ten ts..................................................................................................................................... V
List o f F ig u res........................................................................................................................................ vii
C hapter 1 Intro d u ctio n .............................................................................................................................1
M otivation............................................................................................................................................. 4
O b jectiv e................................................................................................................................................5
M ethodology.........................................................................................................................................5
A n O verview o f the Rest o f the D ocum ent..................................................................................6
C hapter 2 Background Knovvledge..................................................................................................... 7
H istory o f Online b a n k in g ................................................................................................................. 7
D evelopm ent o f O nline banking...................................................................................................... 8
C hapter 3 - C haracteristics o f O nline B an k in g ..............................................................................14
A dvantages o f Online b a n k in g .......................................................................................................14
B eneíits for c u sto m e rs................................................................................................................ 14
B eneíìts for b a n k s .........................................................................................................................16
D isadvantages o f O nline b an k in g ..................................................................................................20
C ustom ers' p ersp ectiv e...............................................................................................................20
B anks' p ersp ectiv e....................................................................................................................... 23
C hapter 4 O nline Banking Security S y s te m .................................................................................. 26
O verview about O nline banking sy stem ......................................................................................26
Perspective o f O nline banking security s y s te m ........................................................................ 29
V
C ustom ers' perspective o f security in O nline banking sy ste m s...................................... 30
Technical perspective o f security in O nline banking sy stem s..........................................44
Security rules for custom ers...................................................................................................... 52
Chapter 5 Case S tu d v ........................................................................................................................... 56
Techcom bank- The íirst bank in V ietnam adopting tw o-factor authentication for Online
banking.................................................................................................................................................56
Techcom bank’s b ack g ro u n d ..........................................................................................................56
Techcom bank*s Online banking s e rv ic e s................................................................................... 58
T echcom bank's adoption high technology in security sy ste m ............................................ 59
Tw o-factor au th en ticatio n .......................................................................................................... 59
Secure Socket L ay e r-S S L .......................................................................................................... 62
C hapter 6 C onclusion............................................................................................................................64
Findings o f the th e sis ....................................................................................................................... 64
L im itations.......................................................................................................................................... 64
Future W o rk ........................................................................................................................................65
R eĩerences................................................................................................................................................ 66
List of Figures
Figure 1 Preferred banking method (all age g ro u p s)..................................................................... 2
Figure 2 Preferred Banking Method 2 0 0 9 ........................................................................................ 3
Figure 3 Percentage o f Internet Users W ho Bank O nline............................................................. 9
Figure 4 Online B anking adoption varies across E urope......................................................... 10
Figure 5 Online banking grovvs-usually, but not alw ays at the expense o f branch visits. 11
Figure 6 Grovvth in Internet B anking................................................................................................12
Figure 7 Percentage o f bank w ith Internet banking services in Vietnam 2 0 0 8 ................ 13
Figure 8 Processing Cost Per T ran sactio n ................................................................................... 17
Figure 9 Household Income Level and O nline Banking (2 0 0 7 ).............................................. 18
Figure 10 Vietinbank O nline B anking.......................................................................................... 31
Figure 11 Vietcom bank O nline B an k in g ........................................................................................ 32
Figure 12 HSBC Online Banking-System -initiated iníbrm ation..............................................33
Figure 13 HSBC Online Banking- Security code by T o k en ......................................................34
Figure 14 HSBC Online Banking- Successfully lo g in ............................................................... 34
Figure 15 E -T oken................................................................................................................................35
Figure 16 Industrial and Comm ercial B ank o f China (IC B C )'s Code C ard............................36
Figure 17 Entrust G rid C a rd .............................................................................................................. 37
Figure 18 Physiological characteristics............................................................................................39
Figure 19 Physical characteristics.....................................................................................................39
Figure 20 Tw o-factor A uthentication "S om e thing you know ”+‘‘Som ething you have” . 43
Figure 21 SSL certiíìcate o f V ietcom B ank.................................................................................... 45
Figure 22 Secure Socket Layer C onnection...................................................................................46
Figure 23 Secure Socket L a y e r.........................................................................................................47
Figure 24 Public- Key In ử astru ctu re...............................................................................................50
Figure 25 Techcom bank Token K ey................................................................................................ 61
Figure 26 Techcom bank w ith V eriS ign's E V SSL C ertiíĩcate................................................. 63
viii
Chapter 1 Introduction
The advent o f the Internet led to changes in business that vve can call
revoiutionary. This revolution has touched every aspect o f people‘s life. From the fìrst
m ain frame com puters appeared in I960s (Robertson 2009), com puters and netw ork have
developed a lot. T hey m ake the w orld sm aller; m ake the transaction be able to do
everyw here. The fast advancing global inform ation infrastructure (including inĩorm ation
technology and C om puter netw orks such as the Internet and telecom m unications system s)
enable the developm ent o f electronic business at a global level. The nearly universal
connectivity w hich the Internet offers has m ade it an invaluable business tool. This fast
em erging econom y is bringing with
it rapidly changing technologies. increasing
k n o w le d g e in te n s ity in a ll a r e a s o f business. a n d c r e a tin g V irtual supply chains an d n e w
íòrm s o f business and S ervice delivery channels. E-banking is considered as a typical
exam ple o f e-business solution. A s th e deíinition o f Turban et al. (2008, p.120) “eb a n k in g a ls o k n o w n a s C yber banking, V irtual b a n k in g o r h o m e b a n k in g , includes v a rio u s
banking activities conducted via the Internet from hom e, business, or on the road rather
than at a physical bank location” . E-banking provides custom ers w ith m any types o f
services like O nline (Internet) Banking, Point o f Sale (POS), A utom atic Telier M achine
(A TM ), T elephone B anking, H om e B anking/PC Banking, Interactive TV , W ireless
com m unication netvvork o r M (m obile) B anking (SM S Banking. WAP Banking. STK
(Sim Toolkit) B anking..). D espite o f the fact that m any o f them have been m ainly
depioyed in developed countries because o f the requirem ent o f advanced technology,
1
Online banking is One o f the exceptions. O n lin e b a n k in g has not only been em braced in
the developed wor!d; it is becom ing an enabling feature o f business grovvlh in the
developing vvorld. In its very basic form, e-banking can m ean the provision o f
inform ation about a bank and its services via a hom epage on the W o rId VVide W eb
(W W W ). For exam ples: im ported bank statem ents, retrieve account b alances...
M ore
s o p h is tic a te d O nline b a n k in g s e rv ic e s p ro v id e c u s to m e r a c c e s s to a c c o u n ts , th e a b ility to
move their m oney betvveen different accounts, and m aking paym ents o f applying for
loans via e-channels, and e v e n invest O nline (buy/sell shares and mutual fu n d s ) (Shah &
C larke 2009). It can be said that Online banking has in recent years becom e a mainstream
Internet activity. At present, it is holding steady, increasing at the same pace as Internet
usage. From the latest íigure that is announced by Am erican Banker A ssociations below
it cannot be denied that in all kinds o f banking m ethod, Inteniet is one thai is preíerred
most
Preterred Banking Mettiod
• 0
Up3
— In tem * f 8 •n k in g
m ------------
—
9 ra r » c h # t
—
ATM
—Mail
2007
2 C0 8
2009
Figure 1 P reĩerred banking meỉhod (all agegroups)
Source: Am erican Bơnkers Association. 2009
2
—
T ê ie p h c n *
—
M o b il*
—
U n kn o *n
Preterred Banking Method 2009
aiìag» groups
F ig u re 2 P r e íe r r e d B anking M eth o d 2009
Source: Am erican Bankers Association. 2009
Today banks can offer their custom ers S erv ice o f O nline banking, w hich is an
opportunity for custom er to quickly an d eíĩiciently in anytim e, handle th eừ private
banking routine from any C o m p u te r vvith a few clicks. The evolvem ent o f Online banking
has developed from custom ers going to their local bank and handling their banking
com m issions a nd tra n sa c tio n s, to handle these tran sactio n s Online instead. Since banks
handle very sensitive iníorm ation, such as people’s and com panies’ íínances, tliis has
lead to the rising issưes o f O nline banking security. To meet the high level o f security
expected from bank Online services, banks have taken several undertakings such as using
Socket Secure Layer (SSL) vvhich offers antivirus and fírewall protections through their
ow n w ebsites and also better authentication process (H ines 2006), Besides, more and
3
m ore banks are using tw o-factor authentication processes, to m ake it harder to crack
passvvord a n d g a in u n a u th o riz e d a c c e s s . Today O n lin e b a n k in g is a p rio ritiz e d issue fo r
every bank in order to retain existing custom ers.
Furtherm ore. different banks offer different solutions o f Online banking w ith
different options for their custom ers lo sim plify everyday life. In more detail, the
different Online banking has different w ays o f security access to personal accounts.
Motivation
A s stated before, the changes from doing banking services in a brick and mortar
bank to do them over th e internet instead, leads m e to w onder about w hy it is developed
and m ore and m ore grow ing like that? W hat are beneíits and barriers that it brings to
custom ers? H ow secure it is? Is it developed the sam e in all areas in the vvorld? The
current situation o f it in V ietnam novv?
W hen reading d iíĩeren t articles an d m ore in depth studies about the subject that I
refer to as Online banking, I find that although Online banking has a massive growth in the
developed areas, but it is still a new trend, a new innovation in ưnderdeveloped ones,
especially in V ietnam . It is clear that O n lin e banking in Vietnam is really potential with a
lot o f jo b opportunities. especially in security sector w hich is the m ost im portant factors
to all banks. T herefore, O nline banking is w orthw hile topic to study so that I can have a
deeper understanding as vvell as better jo b opportunities in O nline banking íìeld w hich
will be available in V ietnam in the near future.
4
Objective
The research aim s at enriching the know ledge and understanding o f the
developm ent and security o f
O n lin e
banking in generai. Specially, the main objectives o f
this study are:
1. Investigate the history and the evolution o f O n l i n e banking in the w orld, and in
Vietnam in particular.
2. Find out w hat are the advantages and disadvantages o f O nl ine banking to
custom ers and bankers.
3. A ssessing security issues o f O n l i n e banking system in custom ers’ perspective as
vvell as technical perspective.
4. Finally, a case study based on Techcom bank w ill be analyzed.
Methodology
This paper uses the secondary research to find out the experts' opinions tovvards
t h e d e v e l o p m e n t a n d s e c u r i ty in O nline b a n k in g . I a m g o in g to c o n d u c t o u r literature
study through reading other researches o f authors in all over the w orld connected with the
concept
o f O n lin e
banking.
I w ill s e a r c h d if fe re n t d a ta b a s e s fo r
articles,
m ore
in-depth
studies o f O n l i n e banking, read book about d iíĩeren t IT security theories and then connect
the theories w ith studies m ade o f the phenom ena o f
O n lin e
banking and d iíĩerent
O n lin e
b a n k in g ca ses. P articularly, ỉ fo c u s o n in v e s tig a tin g th e current d e v e lo p m e n t o f Online
banking in the w orld as w ell as in V ietnam , benefíts and draw backs it brings to the
custom ers, especially, th e security-the m ain concem o f O n l i n e banking.
5
W hen searching on the un iv ersity 's own database and using the key w ords O n lin e
banking, IT-security and internet banking. boih in V ietnam ese and English, i cannot íìnd
any w ritten w ork o f the subject. Consequently, we needed to expand our research to
bigger a bigger database: “ proquest database". H ere I could find many articles and m ore
in -d e p th s tu d ie s w h e n u s in g th e k e y w o rd s "O nline b a n k in g " a n d “ it s e c u rity ” . A nother
huge source o f academ ic research that helps me to com plete m y paper is using G oogle
scholar. B esides, som e previous books are also provided for me by m y supervisor.
M Sc.Trieu Thi V an Hau.
An Overvievv of the Rest of the Document
C hapter 2 describes background know ledge o f research on O nline banking: history
and current developm ent in the vvorld and the next chapter (chapter 3) introduces the
a d v a n ta g e s as w ell a s th e d isa d v a n tag e s that Online b an k in g brings to the custom ers. In
chapter 4, security-m ain concem o f O nline banking w ill be analyzed. A case study on
Techcom bank O nline banking, one o íle a d in g one in V ietnam is described in chapter 5,
and íinally, a conclusion is draw n based on ílndings o f this paper.
6
Chapter 2 Background Knovvledge
History o f Online banking
There have been signiíìcant developm ents in the banking services sectors in the
past 40 years. D evlin (1995) stated that “ until the early 1970s functional dem arcation w as
predom inant vvith m any regulatory restrictions im posed. O ne main consequence o f this
w as the limited com petition both dom estically and intem ationally'’. A s a result, there w as
heavy reliance on traditional branch based delivery o f financial services and little
pressure for change. This change gradually w ith deregulation o f the industry during
1980s and 1990s, during th is tim e, the increasingly im portant role o f inform ation and
com m unication technologies brought com petition and pressure for a faster pace o f
change.
The Internet is a relatively new channel for delivering banking services. Its early
form “online banking services”, requiring a PC, m odem and softw are provided by the
íinancial services vendors. w ere íìrst introduced in th e early 1980s .Hovvever, it failed to
get w idespread acceptance and m ost initiatives o f this kind w ere discontinued (Brogdon
1999). W ith the rapid grow th o f other types o f electronic services since mid 1990s. banks
renew ed their interest in electronic m odes o f delivery using the Internet. The bursting o f
the Internet bubble in early 2001 caused speculation that the opportunities for Internet
services had vanished. The “dot.com " com panies and Internet players struggled for
7
survival during that time but e-com m erce recovered from that shock quickly and most o f
its branches including Online banking h av e been steadily, and in som e cases dram aticaily,
grow ing in m ost parts o f the w orld. O ne survey conducted by the TechW ebN ew s in 2005
(TechW ebN ew s 2005) found O nline banking to be the fastest grow ing com m ercial
activity on the Internet. In its survey o f Internet users. it found that 13 million A m ericans
carry out some banking activities O n l i n e .
Development o f O n lin e banking
United States and W estern E urope are the hom etow n o f O nline banking; therefore,
it is very easy to find th at internet banking is still m ost prevalent in the United States and
W estem Europe (Jellassi & Enders 2005).
A ccording to the survey conducted in 1998 by Pew Research C entre for the
People & the Press, w ay back in 1990s, vvhen few A m ericans had even heard o f the
Internet, most people still w alk to th eir b an k 's nearest branch to do w hatever check
cashing or bill paying they co u ld n 't do at th e corner store or by mail few er than 1 in 9
(9% ) bill-payers had ever used O nline banking. H owever, in 1995, that íìgure had rise n to
13% and in 1998, approxim ately 15% ansxvered that they had ever paid bills or bankeđ
Online.
8
P ercen tag e o f Intern et Users Who Bank Online
50%
45 %
42 S
>5S
30%
25 %
20%
15%
10%
5%
0%
f
f
Ạ
f
Ỷ
£
#
Ạ
F ig u re 3 P e rc e n ta g e o f I n te r n e t ư s e r s W h o B a n k O n lin e
Source: P ew Internet & A m erican L ife Proiect. .lun. 14. 2006
B y 2000, w hen the Pew Internet & A m erican I j f e Prọịect field tlieir íĩrst survey,
the proportion o f i n te rn e t u s e r s w ho said they e v e r did any b a n k in g Online had risen to
17% or abou t 10 m illion A m ericans. O v er the next few years, internet users ram ped up a
range o f O nline fínancial and transactionai activities, especially in the period from 2000 to
2005 as illustrated in th e graph.
The sam e result can be found in com paring to VVestem Europe. M ost o f the
countries
in W estem
E urope
have
im pressively rapid
innovation
in technology
inírastructure. It is alw ays considered as the C entral o f technology o f the world.
T herefore, O nline banking is really developed in these countries. In 2005, from the graph
w e can see that m ost o f countries in Euro applied O nline internet to their daily íínancial
9
activities. Until
now ,
inost o f citizens o f th ese countries use
O n lin e
banking instead o f
going to bricks and m ortar branch like before.
O nlin e-b an king a d o p tio n v a r íe s a c r o s s Eu rop e
%
o f in te r n e t u s e r s w tìo u s e
O n lin e b a n k in g o r b r o k e r a g e
70-80%
30-40%
© -7 0 %
20-30%
90-60%
K)-20%
40-50%
010%
Onine-banlung ađopbon = -2 3 2 7 9
.67 Latitude + 18.51 LN (GDP per capita)
(0 2 8 )
(3.95)
R2*0.80
DB Rê—a ~ y .
*VKd'*M t»’. W D l r t y a Q a 2 » m * ' 2CCS K j ỊJ
F ig u re 4 O n lin e B a n k in g a d o p tio n v a rie s a c ro ss E u ro p e
Source: D tì Research. Hurostat. *Forrester. WDỈ. W orld Gazetter. 2005
IO
O n lin e b a n k i n g g r o w s - u s u a l l y , b u t n o t a l w a y s
a t th e e x p e n s e of b ra n c h v is its
Q: Whicti bankmg channeli ơo you ưae aỉ least monthly?
% of responses. CAGR* 2001 -2005
Nsthertands
Spain
UK
taly
Franc«
Sweơen
Germany
-10
-5
0
5
10
15
20
• C ơ r o o a ^ ề n n ư ề i y ơ M n ' « 1* S o u c t ;
25
30
2 00 5
F ig u re 5 O n lin e b a n k in g grovvs-usually, b u t not alvvays a t th e expense o f b ra n c h visits
Source: Forresíer. 2005
It is clear that the grovvtli o f Internet banking has been very encouraging and
consequently íínancial institutions are actively pursuing Internet banking business. It is o f
little surprise that the num ber o f custom ers banking Online is expected to increase
signiíícantly over the next few years and that not m erely in the industrial nations but also
in developing countries.
II
Growth in Internet Banking
140
120
ĩ
X
100
li
I
.0
1ỉ
I
1z 60
40
20
0
2000
2001
2002
2003
2004
■ VVerrtein Europe
186
28
37 8
477
57 9
■ U nited States
9.9
14.7
17.1
20.4
22.8
■J»p«n
2 .S
6.5
11.9
19.6
211
■AU»-P*ibc (CIC J*p«o)
24
4.4
68
1
1.7
3.1
■ R esto f th« world
13 8
5.1
6.1
F ig u r e 6 G ro w th in In te r n e t B an k in g
Source: International Data Corporation,epavnews.com
Vietnam is a country that has quite rapid developm ent o f O n lin e banking, but is
still slow if com pared to o th er developed zones. A ccording to the report o f PhD Ta
Q uang Tien, head o f IT for banking agency at Vietnam Banking Conference 2008 in Ho
Chi M inh c ity , 11 o u t o f 41 b a n k s (ju st State a n d jo in t sto c k , not in c lu d in g fo re ig n o n e s
and their branches), approxim ately 27% , in Vietnam had successful used O nlin e banking
system (6/2008) with 9 services, but many o f them for non-transactional activities:
retrieving balances, exchange rate, available balances. This report also stated that num ber
o f transactions in 2007: 12.121.629 vvhile in the first 3 m onths in 2008, the num ber was:
4.836.399. A lthough it is not a huge num ber but it is a progress with a country w ith
12
- Xem thêm -