SECURITY AND PRIVACY OF ELECTRONIC BANKING
By:
Zachary B. Omariba
PhD. Candidate, Masinde Muliro University of Science and Technology
Nelson B. Masese
PhD. Candidate, Masinde Muliro University of Science and Technology
&
Dr. G. Wanyembi
Senior Lecturer,
Masinde Muliro University of Science and Technology
Abstract:
The internet has played a key role in changing how we interact with other people and how we do
business today. As a result of the internet, electronic commerce has emerged, allowing business
to more effectively interact with their customers and other corporations inside and outside their
industries. One industry that is using this new communication channel to reach its customers is
the banking industry. The e-banking system addresses several emerging trends: customer’s
demand for anytime, anywhere service, product time-to-market imperatives and increasingly
complex back-office integration challenges. The challenges that oppose electronic banking are
concerns of security and privacy of information. This paper will first discuss the drivers of e-
banking; secondly, it will talk about the concerns about e-banking from various perspectives.
Thirdly, the security and privacy
issues will also be discussed, and fourthly the attacks of e-
banking with their solutions are discussed.
Keywords: Internet, e-commerce, e-banking, security, privacy, and attacks.
Introduction
The information superhighway has found its way into many homes, schools,
businesses, and
institutions. Many people are cruising the internet each day to obtain information on the weather,
latest sport scores, job offers, local news, and may other exciting information. These people also
buy and sell goods on this media. Consequently many businesses are reaching out to customers
worldwide using the internet as its communication channel. This new electronic media of
interaction has grown to be known as electronic commerce (E-commerce). E-commerce
integrates communications, data management, and security services,
to allow business
IJCSI International Journal of Computer Science Issues, Vol. 9, Issue 4, No 3, July 2012
ISSN (Online): 1694-0814
www.IJCSI.org
432
Copyright (c) 2012 International Journal of Computer Science Issues. All Rights Reserved.
applications within different organizations to automatically interchange information. Also e-
commerce is comprised of interconnected communications networks; advanced computer
hardware and software tools and services; established
business transaction, data exchange, and
interoperability standards; accepted security and privacy provisions; and suitable managerial and
cultural practices. This infrastructure facilitates diverse and distributed companies nationwide to
rapidly, flexibly, and securely exchange information to drive their business processes.
The banking industries are one such business that is using this new communication media to
offer its customers value added service and convenience. This system of interaction between the
consumers and the banking industries is called the electronic banking system. FinCen (2000)
states that “E-banking is an umbrella term for the process by which customer may perform
banking transactions electronically without visiting a brick-and-mortar institution”. E-banking is
the use of electronic means to deliver banking services, mainly through the internet. The term is
also used to refer to ATMs, telephone banking, use of plastic money, mobile phone banking, and
electronic funds transfers.
E-banking is the use of a computer to retrieve and process banking data (statements, transactions
details, etc) and to initiate transactions (payments, transfers, requests for services, etc)
directly
with a bank or other financial services provider remotely via telecommunications network.
Electronic banking system addresses several emerging trends: customer demand for anytime,
anywhere service, product-to-market imperatives and increasingly complex back-office
integration challenges. This system allows consumers to access their banking accounts, review
most recent transactions, request a current statement, view current product information, and re-
order checks. Some of the banks that are currently offering this service in Kenya are Standard
Chartered Bank, Kenya Commercial Bank, Barclays Bank of Kenya, Equity bank, Consolidated
Bank of Kenya, Commercial bank of Africa, Cooperative bank of Kenya, National Bank, Family
Bank, among others.
The e-banking system can be seen as an extension of existing banks. These banks are catering to
a very large population of internet users.
Heidi Goff, Senior Vice President for Global Point of
Interaction of MasterCard estimated that there will be more than 100 million users by the year
2000. This projection was right as the number of internet users rose to 361 million people
globally, which was a 5.8% of world population in the year 2000. According to the internet
world statistics, internet users stood at 2,267 million which is actually 32.7% of the world
population in December 2011. Many other estimates conclude similar results, which lead to the
indication that the internet will play a major role in everyone’s life and promote the electronic
banking industry.
The current focus of security of information transfer is on the session
layer protocols and the
flaws in end-to-end computing. A secure end-to-end transaction requires a secure protocol to
communicate over un trusted channels and a trusted code at both endpoints. The solution
addresses the use of secure protocols because trusted channels don’t really exist in most of the
IJCSI International Journal of Computer Science Issues, Vol. 9, Issue 4, No 3, July 2012
ISSN (Online): 1694-0814
www.IJCSI.org
433
Copyright (c) 2012 International Journal of Computer Science Issues. All Rights Reserved.
environment especially since we are dealing with linking to the consumers. The solutions of the
security issues require the use of software- based systems or hardware-based systems or a hybrid
of the two. These software-based solutions involve the use of encryption algorithms, private and
public keys, and digital signatures and pretty good privacy. Hardware-based solutions such as the
Smartcard and the MeChip provide better protection for the confidentiality of personal
information. Software-based solutions have advantage over hardware-based
solutions in that they
are easy to distribute and are generally less expensive.