Types of Banking:
Online Banking:
Online banking (or Internet banking) allows
customers to conduct financial transactions on a secure website operated by
their retail or virtual bank, credit union or building society. Features:
Online banking solutions have many features and capabilities in common, but
traditionally also have some that are application specific.
The common features fall broadly into several categories:
=> Transactional (e.g., performing a financial transaction such as an
account to account transfer, paying a bill, wire transfer... and
applications... apply for a loan, new account, etc.):
·
Electronic bill presentment and payment - EBPP
·
Funds transfer between a customer's own
checking and savings accounts, or to another customer's account
·
Investment purchase or sale
·
Loan applications and transactions, such as
repayments
=> Non-transactional (e.g., online statements, check links, cobrowsing,
chat)
=> Financial Institution Administration - features allowing the financial
institution to manage the online experience of their end users
=> ASP/Hosting Administration - features allowing the hosting company to
administer the solution across financial institutions:
·
Support of multiple users having varying
levels of authority
·
Transaction approval process
·
Wire transfer
Features
commonly unique to Internet banking include:
Personal
financial management support e.g. importing data into personal accounting
software. Some online banking platforms support account aggregation to allow the
customers to monitor all of their accounts in one place whether they are with
their main bank or with other institutions...
Security
e.g. Protection through single password authentication, as is the case in most
secure Internet shopping sites, is not considered secure enough for personal
online banking applications in some countries. Basically there exist two
different security methods for online banking the PIN/TAN system where the PIN
represents a password, used for the login and TANs representing one-time
passwords to authenticate transactions. TANs can be distributed in different
ways; the most popular one is to send a list of TANs to the online banking user
by postal letter. The most secure way of using TANs is to generate them by need
using a security token. These token generated TANs depend on the time and a
unique secret, stored in the security token (this is called two-factor
authentication or 2FA). Usually online banking with PIN/TAN is done via a web
browser using SSL secured connections, so that there is no additional
encryption needed.
Signature
based online banking where all transactions are signed and encrypted digitally.
The Keys for the signature generation and encryption can be stored on
smartcards or any memory medium, depending on the concrete implementation.
Attacks e.g. Most of the attacks on online
banking used today are based on deceiving the user to steal login data and
valid TANs. Two well-known examples for those attacks are phishing and pharming.
Cross-site scripting and key logger/Trojan horses can also be used to steal
login information.
A
method to attack signature based online banking methods is to manipulate the
used software in a way, that correct transactions are shown on the screen and
faked transactions are signed in the background.
A
recent FDIC Technology Incident Report, compiled from suspicious activity
reports banks file quarterly, lists 536 cases of computer intrusion, with an
average loss per incident of $30,000. That adds up to a nearly $16-million loss
in the second quarter of 2007. Computer intrusions increased by 150 percent
between the first quarter of 2007 and the second. In 80 percent of the cases,
the source of the intrusion is unknown but it occurred during online banking,
the report states.
Countermeasures e.g. there exist several
countermeasures which try to avoid attacks. Digital certificates are used
against phishing and pharming, the use of class-3 card readers is a measure to
avoid manipulation of transactions by the software in signature based online
banking variants. To protect their systems against Trojan horses, users should
use virus scanners and be careful with downloaded software or e-mail attachments.
In
2001 the FFIEC issued guidance for multifactor authentication (MFA) and then
required to be in place by the end of 2006.
ELECTRONIC BANKING
INVESTMENT BANKING
These two are explained in others posts