Tài liệu Online banking an insight into development & security a case study based

Online Banking An Insight Into Development & Security A Case study Based (? — ----^ A ^TRUNCĩAM (ỊS ) THỒH6 TIN THƯVIỂN s L NN-VH NƯỚC NGOAI T4TV G raduation T hesis Subm itted to Hanoỉ University for the d egree of Bachelor of Computer Science By Nguyen Thanh Van (Computer Science) Supervisor: MSc. Trieu Thi Van Hau December, 2009 Abstract The w orld vvitnesses an iníbrm ation and technological revolution. This revolution has touched every aspect o f p eo p le's life including banking. Such changes and developm ents have im pacts on both custom ers and bankers. It brings huge changes in m odem banking transaction activities and giving us a greater opportunity to access the banking system anytim e and anyw here. Hovvever, ju st like two sides o f a sam e coin, O nline b a n k in g also has som e pros w hich are the barriers for its developm ent. O ne o f the key barriers is the security concem s associated w ith the O n l i n e banking system. M any custom ers feel that O nline b a n k i n g is n o t s e c u r e e n o u g h , a n d to i n c r e a s e its s e c u rity level, s o m e te c h n iq u e s have been applied. Som e o f them are Secure Socket Layer (SSL) or tw o-factorauthentication. This paper explores the current developm ent o f Online banking in the w orld in general and in V ietnam in particular. B esides, explain the reasons w hy O nline banking is becom ing a new trend in banking íìeld. íìgures out some key challenges, especially in term o f security and investigates som e w idely used techniques that helps im prove the security o f O nline banking are also contents that are m entioned in this thesis. Acknovvledgments 1 w ould like to íìrst and íorem ost express m y great gratitude to m y supervisor MSc. Trieu Thi Van Hau from Faculty o f Inform ation Technology, Hanoi U niversity for her enthusiastic guidance. She helped. stim uỉated suggestions and encouraged m e a lot in all the time o f research for and vvriting o f this research. 1 am particular grateíul to all the teachers o f Facultv o f Inform ation Technology, Hanoi U niversity w ho have taught me vvith all enthusiasm s, the h elpíulness, the caring. gave me the chance and the possibility to com plete th is thesis. I have leam t a lot precious lessons from m y all o fy o u , not only in inform ation technology major. I also w ant to give m y thanks to the staffs o f library o f Hanoi U niversity supported me in fmding necessary m aterials. Especially, 1 am obliged to thanks M rs. N guyen N ga for her assistance in her training and support m e in Endnote softw are and proquest database which help me a lot in m y thesis. Last, though by no m eans least. I am greatly indebted to m y fam ily vvhose love and consistent support has kept me on the right track. M y results and this thesis are dedicated to my parents, w ho believe in me and \vho sacriíìced so much to raise me. Table of Contents T able o f C o n ten ts..................................................................................................................................... V List o f F ig u res........................................................................................................................................ vii C hapter 1 Intro d u ctio n .............................................................................................................................1 M otivation............................................................................................................................................. 4 O b jectiv e................................................................................................................................................5 M ethodology.........................................................................................................................................5 A n O verview o f the Rest o f the D ocum ent..................................................................................6 C hapter 2 Background Knovvledge..................................................................................................... 7 H istory o f Online b a n k in g ................................................................................................................. 7 D evelopm ent o f O nline banking...................................................................................................... 8 C hapter 3 - C haracteristics o f O nline B an k in g ..............................................................................14 A dvantages o f Online b a n k in g .......................................................................................................14 B eneíits for c u sto m e rs................................................................................................................ 14 B eneíìts for b a n k s .........................................................................................................................16 D isadvantages o f O nline b an k in g ..................................................................................................20 C ustom ers' p ersp ectiv e...............................................................................................................20 B anks' p ersp ectiv e....................................................................................................................... 23 C hapter 4 O nline Banking Security S y s te m .................................................................................. 26 O verview about O nline banking sy stem ......................................................................................26 Perspective o f O nline banking security s y s te m ........................................................................ 29 V C ustom ers' perspective o f security in O nline banking sy ste m s...................................... 30 Technical perspective o f security in O nline banking sy stem s..........................................44 Security rules for custom ers...................................................................................................... 52 Chapter 5 Case S tu d v ........................................................................................................................... 56 Techcom bank- The íirst bank in V ietnam adopting tw o-factor authentication for Online banking.................................................................................................................................................56 Techcom bank’s b ack g ro u n d ..........................................................................................................56 Techcom bank*s Online banking s e rv ic e s................................................................................... 58 T echcom bank's adoption high technology in security sy ste m ............................................ 59 Tw o-factor au th en ticatio n .......................................................................................................... 59 Secure Socket L ay e r-S S L .......................................................................................................... 62 C hapter 6 C onclusion............................................................................................................................64 Findings o f the th e sis ....................................................................................................................... 64 L im itations.......................................................................................................................................... 64 Future W o rk ........................................................................................................................................65 R eĩerences................................................................................................................................................ 66 List of Figures Figure 1 Preferred banking method (all age g ro u p s)..................................................................... 2 Figure 2 Preferred Banking Method 2 0 0 9 ........................................................................................ 3 Figure 3 Percentage o f Internet Users W ho Bank O nline............................................................. 9 Figure 4 Online B anking adoption varies across E urope......................................................... 10 Figure 5 Online banking grovvs-usually, but not alw ays at the expense o f branch visits. 11 Figure 6 Grovvth in Internet B anking................................................................................................12 Figure 7 Percentage o f bank w ith Internet banking services in Vietnam 2 0 0 8 ................ 13 Figure 8 Processing Cost Per T ran sactio n ................................................................................... 17 Figure 9 Household Income Level and O nline Banking (2 0 0 7 ).............................................. 18 Figure 10 Vietinbank O nline B anking.......................................................................................... 31 Figure 11 Vietcom bank O nline B an k in g ........................................................................................ 32 Figure 12 HSBC Online Banking-System -initiated iníbrm ation..............................................33 Figure 13 HSBC Online Banking- Security code by T o k en ......................................................34 Figure 14 HSBC Online Banking- Successfully lo g in ............................................................... 34 Figure 15 E -T oken................................................................................................................................35 Figure 16 Industrial and Comm ercial B ank o f China (IC B C )'s Code C ard............................36 Figure 17 Entrust G rid C a rd .............................................................................................................. 37 Figure 18 Physiological characteristics............................................................................................39 Figure 19 Physical characteristics.....................................................................................................39 Figure 20 Tw o-factor A uthentication "S om e thing you know ”+‘‘Som ething you have” . 43 Figure 21 SSL certiíìcate o f V ietcom B ank.................................................................................... 45 Figure 22 Secure Socket Layer C onnection...................................................................................46 Figure 23 Secure Socket L a y e r.........................................................................................................47 Figure 24 Public- Key In ử astru ctu re...............................................................................................50 Figure 25 Techcom bank Token K ey................................................................................................ 61 Figure 26 Techcom bank w ith V eriS ign's E V SSL C ertiíĩcate................................................. 63 viii Chapter 1 Introduction The advent o f the Internet led to changes in business that vve can call revoiutionary. This revolution has touched every aspect o f people‘s life. From the fìrst m ain frame com puters appeared in I960s (Robertson 2009), com puters and netw ork have developed a lot. T hey m ake the w orld sm aller; m ake the transaction be able to do everyw here. The fast advancing global inform ation infrastructure (including inĩorm ation technology and C om puter netw orks such as the Internet and telecom m unications system s) enable the developm ent o f electronic business at a global level. The nearly universal connectivity w hich the Internet offers has m ade it an invaluable business tool. This fast em erging econom y is bringing with it rapidly changing technologies. increasing k n o w le d g e in te n s ity in a ll a r e a s o f business. a n d c r e a tin g V irtual supply chains an d n e w íòrm s o f business and S ervice delivery channels. E-banking is considered as a typical exam ple o f e-business solution. A s th e deíinition o f Turban et al. (2008, p.120) “eb a n k in g a ls o k n o w n a s C yber banking, V irtual b a n k in g o r h o m e b a n k in g , includes v a rio u s banking activities conducted via the Internet from hom e, business, or on the road rather than at a physical bank location” . E-banking provides custom ers w ith m any types o f services like O nline (Internet) Banking, Point o f Sale (POS), A utom atic Telier M achine (A TM ), T elephone B anking, H om e B anking/PC Banking, Interactive TV , W ireless com m unication netvvork o r M (m obile) B anking (SM S Banking. WAP Banking. STK (Sim Toolkit) B anking..). D espite o f the fact that m any o f them have been m ainly depioyed in developed countries because o f the requirem ent o f advanced technology, 1 Online banking is One o f the exceptions. O n lin e b a n k in g has not only been em braced in the developed wor!d; it is becom ing an enabling feature o f business grovvlh in the developing vvorld. In its very basic form, e-banking can m ean the provision o f inform ation about a bank and its services via a hom epage on the W o rId VVide W eb (W W W ). For exam ples: im ported bank statem ents, retrieve account b alances... M ore s o p h is tic a te d O nline b a n k in g s e rv ic e s p ro v id e c u s to m e r a c c e s s to a c c o u n ts , th e a b ility to move their m oney betvveen different accounts, and m aking paym ents o f applying for loans via e-channels, and e v e n invest O nline (buy/sell shares and mutual fu n d s ) (Shah & C larke 2009). It can be said that Online banking has in recent years becom e a mainstream Internet activity. At present, it is holding steady, increasing at the same pace as Internet usage. From the latest íigure that is announced by Am erican Banker A ssociations below it cannot be denied that in all kinds o f banking m ethod, Inteniet is one thai is preíerred most Preterred Banking Mettiod • 0 Up3 — In tem * f 8 •n k in g m ------------ — 9 ra r » c h # t — ATM —Mail 2007 2 C0 8 2009 Figure 1 P reĩerred banking meỉhod (all agegroups) Source: Am erican Bơnkers Association. 2009 2 — T ê ie p h c n * — M o b il* — U n kn o *n Preterred Banking Method 2009 aiìag» groups F ig u re 2 P r e íe r r e d B anking M eth o d 2009 Source: Am erican Bankers Association. 2009 Today banks can offer their custom ers S erv ice o f O nline banking, w hich is an opportunity for custom er to quickly an d eíĩiciently in anytim e, handle th eừ private banking routine from any C o m p u te r vvith a few clicks. The evolvem ent o f Online banking has developed from custom ers going to their local bank and handling their banking com m issions a nd tra n sa c tio n s, to handle these tran sactio n s Online instead. Since banks handle very sensitive iníorm ation, such as people’s and com panies’ íínances, tliis has lead to the rising issưes o f O nline banking security. To meet the high level o f security expected from bank Online services, banks have taken several undertakings such as using Socket Secure Layer (SSL) vvhich offers antivirus and fírewall protections through their ow n w ebsites and also better authentication process (H ines 2006), Besides, more and 3 m ore banks are using tw o-factor authentication processes, to m ake it harder to crack passvvord a n d g a in u n a u th o riz e d a c c e s s . Today O n lin e b a n k in g is a p rio ritiz e d issue fo r every bank in order to retain existing custom ers. Furtherm ore. different banks offer different solutions o f Online banking w ith different options for their custom ers lo sim plify everyday life. In more detail, the different Online banking has different w ays o f security access to personal accounts. Motivation A s stated before, the changes from doing banking services in a brick and mortar bank to do them over th e internet instead, leads m e to w onder about w hy it is developed and m ore and m ore grow ing like that? W hat are beneíits and barriers that it brings to custom ers? H ow secure it is? Is it developed the sam e in all areas in the vvorld? The current situation o f it in V ietnam novv? W hen reading d iíĩeren t articles an d m ore in depth studies about the subject that I refer to as Online banking, I find that although Online banking has a massive growth in the developed areas, but it is still a new trend, a new innovation in ưnderdeveloped ones, especially in V ietnam . It is clear that O n lin e banking in Vietnam is really potential with a lot o f jo b opportunities. especially in security sector w hich is the m ost im portant factors to all banks. T herefore, O nline banking is w orthw hile topic to study so that I can have a deeper understanding as vvell as better jo b opportunities in O nline banking íìeld w hich will be available in V ietnam in the near future. 4 Objective The research aim s at enriching the know ledge and understanding o f the developm ent and security o f O n lin e banking in generai. Specially, the main objectives o f this study are: 1. Investigate the history and the evolution o f O n l i n e banking in the w orld, and in Vietnam in particular. 2. Find out w hat are the advantages and disadvantages o f O nl ine banking to custom ers and bankers. 3. A ssessing security issues o f O n l i n e banking system in custom ers’ perspective as vvell as technical perspective. 4. Finally, a case study based on Techcom bank w ill be analyzed. Methodology This paper uses the secondary research to find out the experts' opinions tovvards t h e d e v e l o p m e n t a n d s e c u r i ty in O nline b a n k in g . I a m g o in g to c o n d u c t o u r literature study through reading other researches o f authors in all over the w orld connected with the concept o f O n lin e banking. I w ill s e a r c h d if fe re n t d a ta b a s e s fo r articles, m ore in-depth studies o f O n l i n e banking, read book about d iíĩeren t IT security theories and then connect the theories w ith studies m ade o f the phenom ena o f O n lin e banking and d iíĩerent O n lin e b a n k in g ca ses. P articularly, ỉ fo c u s o n in v e s tig a tin g th e current d e v e lo p m e n t o f Online banking in the w orld as w ell as in V ietnam , benefíts and draw backs it brings to the custom ers, especially, th e security-the m ain concem o f O n l i n e banking. 5 W hen searching on the un iv ersity 's own database and using the key w ords O n lin e banking, IT-security and internet banking. boih in V ietnam ese and English, i cannot íìnd any w ritten w ork o f the subject. Consequently, we needed to expand our research to bigger a bigger database: “ proquest database". H ere I could find many articles and m ore in -d e p th s tu d ie s w h e n u s in g th e k e y w o rd s "O nline b a n k in g " a n d “ it s e c u rity ” . A nother huge source o f academ ic research that helps me to com plete m y paper is using G oogle scholar. B esides, som e previous books are also provided for me by m y supervisor. M Sc.Trieu Thi V an Hau. An Overvievv of the Rest of the Document C hapter 2 describes background know ledge o f research on O nline banking: history and current developm ent in the vvorld and the next chapter (chapter 3) introduces the a d v a n ta g e s as w ell a s th e d isa d v a n tag e s that Online b an k in g brings to the custom ers. In chapter 4, security-m ain concem o f O nline banking w ill be analyzed. A case study on Techcom bank O nline banking, one o íle a d in g one in V ietnam is described in chapter 5, and íinally, a conclusion is draw n based on ílndings o f this paper. 6 Chapter 2 Background Knovvledge History o f Online banking There have been signiíìcant developm ents in the banking services sectors in the past 40 years. D evlin (1995) stated that “ until the early 1970s functional dem arcation w as predom inant vvith m any regulatory restrictions im posed. O ne main consequence o f this w as the limited com petition both dom estically and intem ationally'’. A s a result, there w as heavy reliance on traditional branch based delivery o f financial services and little pressure for change. This change gradually w ith deregulation o f the industry during 1980s and 1990s, during th is tim e, the increasingly im portant role o f inform ation and com m unication technologies brought com petition and pressure for a faster pace o f change. The Internet is a relatively new channel for delivering banking services. Its early form “online banking services”, requiring a PC, m odem and softw are provided by the íinancial services vendors. w ere íìrst introduced in th e early 1980s .Hovvever, it failed to get w idespread acceptance and m ost initiatives o f this kind w ere discontinued (Brogdon 1999). W ith the rapid grow th o f other types o f electronic services since mid 1990s. banks renew ed their interest in electronic m odes o f delivery using the Internet. The bursting o f the Internet bubble in early 2001 caused speculation that the opportunities for Internet services had vanished. The “dot.com " com panies and Internet players struggled for 7 survival during that time but e-com m erce recovered from that shock quickly and most o f its branches including Online banking h av e been steadily, and in som e cases dram aticaily, grow ing in m ost parts o f the w orld. O ne survey conducted by the TechW ebN ew s in 2005 (TechW ebN ew s 2005) found O nline banking to be the fastest grow ing com m ercial activity on the Internet. In its survey o f Internet users. it found that 13 million A m ericans carry out some banking activities O n l i n e . Development o f O n lin e banking United States and W estern E urope are the hom etow n o f O nline banking; therefore, it is very easy to find th at internet banking is still m ost prevalent in the United States and W estem Europe (Jellassi & Enders 2005). A ccording to the survey conducted in 1998 by Pew Research C entre for the People & the Press, w ay back in 1990s, vvhen few A m ericans had even heard o f the Internet, most people still w alk to th eir b an k 's nearest branch to do w hatever check cashing or bill paying they co u ld n 't do at th e corner store or by mail few er than 1 in 9 (9% ) bill-payers had ever used O nline banking. H owever, in 1995, that íìgure had rise n to 13% and in 1998, approxim ately 15% ansxvered that they had ever paid bills or bankeđ Online. 8 P ercen tag e o f Intern et Users Who Bank Online 50% 45 % 42 S >5S 30% 25 % 20% 15% 10% 5% 0% f f Ạ f Ỷ £ # Ạ F ig u re 3 P e rc e n ta g e o f I n te r n e t ư s e r s W h o B a n k O n lin e Source: P ew Internet & A m erican L ife Proiect. .lun. 14. 2006 B y 2000, w hen the Pew Internet & A m erican I j f e Prọịect field tlieir íĩrst survey, the proportion o f i n te rn e t u s e r s w ho said they e v e r did any b a n k in g Online had risen to 17% or abou t 10 m illion A m ericans. O v er the next few years, internet users ram ped up a range o f O nline fínancial and transactionai activities, especially in the period from 2000 to 2005 as illustrated in th e graph. The sam e result can be found in com paring to VVestem Europe. M ost o f the countries in W estem E urope have im pressively rapid innovation in technology inírastructure. It is alw ays considered as the C entral o f technology o f the world. T herefore, O nline banking is really developed in these countries. In 2005, from the graph w e can see that m ost o f countries in Euro applied O nline internet to their daily íínancial 9 activities. Until now , inost o f citizens o f th ese countries use O n lin e banking instead o f going to bricks and m ortar branch like before. O nlin e-b an king a d o p tio n v a r íe s a c r o s s Eu rop e % o f in te r n e t u s e r s w tìo u s e O n lin e b a n k in g o r b r o k e r a g e 70-80% 30-40% © -7 0 % 20-30% 90-60% K)-20% 40-50% 010% Onine-banlung ađopbon = -2 3 2 7 9 .67 Latitude + 18.51 LN (GDP per capita) (0 2 8 ) (3.95) R2*0.80 DB Rê—a ~ y . *VKd'*M t»’. W D l r t y a Q a 2 » m * ' 2CCS K j ỊJ F ig u re 4 O n lin e B a n k in g a d o p tio n v a rie s a c ro ss E u ro p e Source: D tì Research. Hurostat. *Forrester. WDỈ. W orld Gazetter. 2005 IO O n lin e b a n k i n g g r o w s - u s u a l l y , b u t n o t a l w a y s a t th e e x p e n s e of b ra n c h v is its Q: Whicti bankmg channeli ơo you ưae aỉ least monthly? % of responses. CAGR* 2001 -2005 Nsthertands Spain UK taly Franc« Sweơen Germany -10 -5 0 5 10 15 20 • C ơ r o o a ^ ề n n ư ề i y ơ M n ' « 1* S o u c t ; 25 30 2 00 5 F ig u re 5 O n lin e b a n k in g grovvs-usually, b u t not alvvays a t th e expense o f b ra n c h visits Source: Forresíer. 2005 It is clear that the grovvtli o f Internet banking has been very encouraging and consequently íínancial institutions are actively pursuing Internet banking business. It is o f little surprise that the num ber o f custom ers banking Online is expected to increase signiíícantly over the next few years and that not m erely in the industrial nations but also in developing countries. II Growth in Internet Banking 140 120 ĩ X 100 li I .0 1ỉ I 1z 60 40 20 0 2000 2001 2002 2003 2004 ■ VVerrtein Europe 186 28 37 8 477 57 9 ■ U nited States 9.9 14.7 17.1 20.4 22.8 ■J»p«n 2 .S 6.5 11.9 19.6 211 ■AU»-P*ibc (CIC J*p«o) 24 4.4 68 1 1.7 3.1 ■ R esto f th« world 13 8 5.1 6.1 F ig u r e 6 G ro w th in In te r n e t B an k in g Source: International Data Corporation,epavnews.com Vietnam is a country that has quite rapid developm ent o f O n lin e banking, but is still slow if com pared to o th er developed zones. A ccording to the report o f PhD Ta Q uang Tien, head o f IT for banking agency at Vietnam Banking Conference 2008 in Ho Chi M inh c ity , 11 o u t o f 41 b a n k s (ju st State a n d jo in t sto c k , not in c lu d in g fo re ig n o n e s and their branches), approxim ately 27% , in Vietnam had successful used O nlin e banking system (6/2008) with 9 services, but many o f them for non-transactional activities: retrieving balances, exchange rate, available balances. This report also stated that num ber o f transactions in 2007: 12.121.629 vvhile in the first 3 m onths in 2008, the num ber was: 4.836.399. A lthough it is not a huge num ber but it is a progress with a country w ith 12