http://netlab.cs.iitm.ernet.in/cs648/2009/assignment1/cs09g003.pdf
E-BANKING
Introduction:-
Internet banking (or E-banking) means any user with a personal
computer and a browser can get connected to his bank -s website to
perform any of the virtual banking functions. In internet banking system
the bank has a centralized database that is web-enabled. All the services
that the bank has permitted on the internet are displayed in menu. Any
service can be selected and further interaction is dictated by the nature of
service. The traditional branch model of bank is now giving place to an
alternative delivery channels with ATM network. Once the branch
offices of bank are interconnected through terrestrial or satellite links,
there would be no physical identity for any branch. It would a borderless
entity permitting anytime, anywhere and anyhow banking.
he network which connects the various locations and gives
connectivity to the central office within the organization is called
intranet. These networks are limited to organizations for which they are
set up. SWIFT is a live example of intranet application.
MY CASE STUDY: CITI BANK
Citibank UAE – Background Information
Citibank is a subsidiary of Citigroup, a strong financial brand with more
than 100 million customers, 5.9 million online relationships and a global
reach spanning 100 countries. Citibank UAE started its retail business in
1987 in a very highly competitive environment offering a
comprehensive line of high quality financial services targeted to the
affluent and middle income segments. Citibank has been perceived, as at
the edge of innovation leveraging its global expertise, it was the first
bank in the UAE to introduce nnovative e-business solutions like:
1. CitiPhone – 24 hour Phone Banking Service
2. ATMs- Automated Teller Machines
3. CitiAlert – GSM notifications service
4. E-Card – Internet Shopping Card
5. CitiDirect – Corporate Internet Banking Service, and
6. Citibank Online – Retail Internet Banking Service.
The objectives of launching Citibank Online were:
1) Extend its network and overcome the limited branch situation.
2) Achieve savings in CitiPhone/Branches’ operating costs by diverting
customers to the Internet. Citibank Online has one of the lowest “costs
per interaction” as compared to the ATM, phone banking or branch
banking. It contributes immensely as part of the Strategic Cost
Management initiatives the bank is implementing without compromising
on the quality of service.
According to an online banking report published by Ernst &
Young, the transaction costs of the various banking channels are as
follows: • Branch $1.07
• Call Centre (human) $0.85
• Automated Response System (AVR) $0.44
• Automated Teller Machine $0.27
• Dialup PC banking 1.5 Cent
• Internet Banking 1 Cent
3) Meet the increased consumer demand for quick and secure banking
solutions, anywhere, any time on any device, this is important in staying
ahead of competition.
4) Enhance the brand imagery and values in the mind of the customers
and the rospects by owning this channel especially that Citibank is seen
to be innovative and ahead of most other banks in terms of technology
and product development.
5) Create another arm for deepening customer relationships through
cross sell and acquisitions of new customers.
FUNCTIONALTIES:
The following are the functionalities of CITIBANK.
Table 1: Functionalities of CitiBank
Products and services of CITIBANK:
The following are various products of CITIBANK. They are
1.Citi Konto: Do you expect that your bank should work for you and
not the other way around? Become one of our active clients and we will
show you that we can meet your expectations. Citi Konto is a unique
solution for managing your personal finances. It allows you to avoid
unreasonable charges for most common banking services which
Citibank provides for free within one advantageous fee. 2.Term Deposit: If you want to have higher interest rates and can afford
not to have them immediatelly available Citibank term deposits are here
for you. Citibank time deposits offer wide range of choices and
flexibility. See for yourself!
3.CitiGold Wealth Management: Those excellent banking services, who
have demanding life style and who knows the true value of their time
and money.
4.Investments: Citibank offers its clients the possibility to invest their
financial assets in mutual funds on foreign financial markets. We
cooperate with the investment companies ING , MFS Meridian Funds
and Pioneer Investments, which belong to the largest assets managers
and the quality of their funds are among the best in the world.
Wecurrently have more than 180 mutual funds in our offer.
5.Citi Credit Card: You can use the Citi Credit Card for everyday
purchases, as well as for more expensive investments or for sudden and
unexpected events (accidents in the home, damage to the car, medical
care abroad). The Citi Credit Card is one of the safest payment cards on
the market with the longest non-interest period.
The following are services provided by CITIBANK:
1.Internet Banking:
Citibank India offers you Internet Banking that is fast, easy and secure.
Discover the convenience of online banking and secure online bill
payments; with an Instant IPIN (Internet Password).
2.Get Credit card & Bank Statement on E-mail:
Do your bit for the environment! By availing of the Statement on E-mail
service, you have the flexibility of receiving your Credit Card/ Bank
Account Statement, wherever you are.
3.Bill Pay:
Discover a Simple, Secure and Convenient way to pay all your Utility
Bills at Citibank Online. Pay your Mobile, Landline, Electricity, Water
and Insurance payments online using Citibank Bill Pay.
4.Electronic Clearance Service:
You don’t need to issue a cheque every month towards the payment of
your Citibank Card dues.
5.Credit Shield Plus:
Free look privilege for the first 15 days from the date of receipt of your
Policy Summary
E-Busniness Model: Citibank Online is considered as a standard Business to Consumer
approach, the ebusiness model Citibank is using can be classified as
“Merchant”.
Table 2: e-business models
Without the intervention of the AVR, ATM or CitiPhone Officers, a
Citibank customer can access and operate all his relationships with
Citibank at a click of mouse in complete privacy. In doing so, Citibank
is balancing between security and accessibility of information leveraging
on a robust e-banking service available within Citigroup.
The three elements of the business model; value stream,
revenue stream and logistics stream are complementing each other in
this specific case. Citibank was certainly focusing on adding value to its
customers by offering unmatched level of service and security. Its
internal logistics were aligned towards a single objective; launching a
powerful service to its customers to complement its e-business strategy
overall. Revenues after a period of time started flowing too, making the
investment worthwhile.
Evaluation of E-business strategy and model:
There are many ways of evaluating the success of the e-business model
and e-business strategies of Citibank, one of which is looking at the
financials for the performance of the service for the past four years. Ms.
Sarah Hussain, Web Administrator at Citibank says “The results of the
service represented in the information management system reports
covering the performance of Citibank Online from 2001 to 2004 are very
satisfactory and have met the management’s expectations” Table 3 : Number of active Citibank Online customers
Above Table shows that the number of active users increased from 2%
in the second year of launch to 6% in 2004, a healthy gradual increase.
The transaction values increased too indicating that customers are
feeling more comfortable now managing their funds on the Internet. This
is as a result of the heavy investment in promoting and educating the
customers on the gained benefits of using this service. Citibank invested
around $350,000 towards the marketing budget in the first year of the
launch.
Table 4: New accounts opened through Citibank Online
Citibank Online is proving to be a successful acquisition and revenuegenerating channel, despite the fact that the management did not expect
any revenues to be generated for the first three years of the launch.
The deployment of the program to Citibank UAE, played a very
important role in gaining those revenues, as Citibank UAE did not fund
the development work, there were only a couple of adjustments made to
the service to suit the UAE requirements. According to Timmers (1999)
there are two dimensions of analyzing the e-business model:
1. The degree of innovation:
Citibank is excelling in building and maintaining the competitive
advantage in the Internet era, all functionalities offered were well
studied and executed in a way where matching them is indeed a difficult
task. Flexibility is built in the system for further enhancements and
additions.
2. The extend to which the new functions are integrated within the
business model: The functionalities added fit perfectly with the ebusiness strategy and business model opted. They contribute directly
towards meeting the objectives.
TECHNOLOGY: ( In-House or Outsourced? )
The different levels of complexity associated with certain areas
involving security, operations, planning, and monitoring have caused
many national banks to outsource all or parts of their Internet banking
operations. Banks should periodically reassess their sources of
technology support to determine whether a given solution continues to fit their business plan and is flexible enough to meet anticipated future
needs. Regardless of whether technology services are provided in-house
or through a third-party servicer, national banks need to have a strong
link between their technology provider and their strategic planning
process. This will enable the bank to link new products and services with
the existing technology and product mix.
There are pros and cons to offering technology-based products and
services inhouse versus contracting with a vendor. Larger national banks
with substantial resources may choose to purchase computer hardware
and operating systems and/or develop the necessary application software
in-house. This option may provide the greatest flexibility to customize
product offerings.
Other banks may choose to purchase a “turnkey” system
from a vendor. In this arrangement the vendor typically provides the
hardware, operating systems, and applications software necessary to
enable the bank to offer the particular product or service to its
customers. The vendor will typically provide the service and
maintenance for the turnkey system. A variation is to outsource the
service. Using this option, national banks contract with a vendor to
operate their Internet banking Web sites at the vendor’s location. This
option may beespecially well suited for banks that do not have the
technical expertise todevelop this service in-house. However, such banks
need to place additionalemphasis on their due diligence to ensure that
security is not compromised.
Several companies are responding to the developing markets for Web
pages, Internet banking applications, and bill presentment and payment
services. Although many companies in this market are prosperous and
well managed, some are start-up companies with unproven products,
services, or track records.
National banks need to perform due diligence before
selecting a vendor to provide Internet banking services. They should
have a formal service agreement with the vendor that clearly addresses
the duties and responsibilities of the parties involved. National banks
need to monitor their vendor’s operational performance, financial
condition, and capability to stay current with evolving technologies.
National banks typically fulfill their responsibility to assure their
vendors have sound internal controls by obtaining internal or third-party
audit reports.
Examiners should refer to the IS Handbook for a complete
discussion of outsourcing issues. Whatever the source of Internet
banking technology, products, and services, it is important for the
national bank to have personnel with an appropriate level of specialized
expertise, consistent with risk, to monitor and manage the business.
Citibank uses well secured technology for it’s Online
Banking. It uses SSL Encryption Algorithm for it’s transactions. A
Payment Gateway is a system that passes Credit Card data, authorization requests, and authorization responses over the Internet using encryption
technology.
The secure Citibank Payment Gateway allows the Cardmember to
conduct secure transactions on the Internet using the industry standard
Secure Socket Layer (SSL) technology, that enables 128-bit encryption
of data transferred.
Citibank has launched its innovative mobile banking
application, Citi Mobile, in the US, allowing customers to access their
bank balance, pay bills and transfer funds, among other functions, from
their mobile phone.
The application combines the consumer need for convenient,
on-the-go banking with advanced mobile technology that is compatible
with more than 100 popular mobile devices, across major US wireless
carriers.
"Citibank prides itself on being at the forefront of technology
and innovation and on providing a superior client experience," said
Maura Markus, president of Citibank North America. "Citi Mobile is an
example of our commitment to providing our clients even more choices
and convenience for their everyday banking, wherever they may be. For
our clients, it's like having Citibank Online in the palm of their hand."
Security has been a high priority in developing the
application, the bank said. Citi Mobile transactions are equipped with
128-bit encryption, the same technology used on the bank's website. In
addition, no personal information is stored on the phone and, if a handset
is lost or stolen, Citi Mobile can be deactivated instantly. For added
security, Citi Mobile only permits access to accounts from the phone
that is registered with the service, and via a client's six-digit access code.
Initially, Citi Mobile will be launched in California, and by mid-year, all
Citibank clients will be able to enroll in the service. A Spanish language
version is also expected to be released later this year.
SECURITY:
Citibank is committed to provide a safe and secure online banking
experience. Check out the various initiatives that Citibank has adopted to
safeguard your online banking sessions. Also explore how you can
remain safe by adopting simple safety measures.
1.
1.1.Unique Internet Password (IPIN):
Your security is governed by your Unique Secure IPIN (Internet To
select your IPIN online, you will have to verify your personal
information and generate an Online Authorisation Code (OAC) that will
be sent to your Mobile phone/E-mail address. You will then have to
reconfirm the details and select your IPIN.Password).
1.2.Citibank Online Security Measures:
Protecting you and providing a secure environment is a top priority for
Citibank. Some of the measures are: 1.3.Secured login
• All information passed on between Citibank and your
personal computer is "scrambled" and "reassembled" using
128-bit encryption, the highest level of encryption
commercially available.
• You can access your account by using only the Citibankissued Card number and PIN/password. You have to enter the
Internet Password (IPIN) every time you login to Citibank
Online.
1.4.Automatic time out
• Once logged in to Citibank Online, if there is no activity for 5
minutes, your secured Citibank Online session will be
automatically terminated to help protect against unauthorised
access.
1.5.Automatic lock out
• If the Internet Password (IPIN) has been entered incorrectly
six consecutive times, Citibank will lock any further online
access to the accounts.
• If you have been locked out of your accounts due to incorrect
PIN/password entry, contact your local Citibank Customer
Service Officer.
2.Digital Certificate from VeriSign
• Digital Certificates provide you the evidence of the server's
authenticity which safeguards users from trusting
unauthorised sites and allows the session to be encrypted.
• This is provided by a third party, the Certification Authority,
which in this case is VeriSign.
• You will see a 'closed lock' icon at the bottom of the
Internet Banking screen.
• Clicking on the lock will allow you to see the VeriSign
Certificate authenticating the site.
PERFORMANCE OF INTERNET BANKING
1 Execution
1.1 The aspects to be reviewed and the review process should be chosen
by taking into account the intended scope and objective of the review as
well as the approach defined as part of the planning process.
1.2 In general, in gathering, analysing and interpreting the Internet
banking environment, a study should be made of available documentation, such as bank regulations about Internet banking, Internet
law, privacy law, web banking system documentation and use of the
Internet banking solution.
1.3 To identify any problems relating to the Internet banking area which
have been noted previously and which may require follow-up, the IS
auditor should review the following documents:
• Previous examination reports
• Follow-up activities
• Work papers from previous examinations
• Internal and external audit reports
1.4 The IS auditor should map the key processes—both automated as
well as manual—relating to the Internet banking initiative/system.
1.5 The assessment of the core business risks (set out in 6.1) should
include a critical evaluation of the Internet banking objectives,strategy
and business model.
1.6 The IS auditor should then assess the probability that the risks
identified pertaining to these processes (business as well as IS risks) will
materialise together with their likely effect, and document the risks
along with the controls, which mitigate these risks.
1.7 As part of the IS risk assessment, external IS threats should be
evaluated depending on the nature of products offered by a bank and the
external threats to be addressed. These threats include denial of service,
unauthorised access to data, unauthorised use of the computer
equipment, which could arise from various sources such as casual
hackers, competitors, alien governments, terrorists or disgruntled
employees.
1.8 Depending on the nature of the pre- or post-implementation review,
the IS auditor should test the significant processes in the test and or
production environment to verify that the processes are functioning as
intended. These tests include testing of balance inquiry, testing of bill
presentation and payment and testing the security mechanisms using
penetration testing.
1.9 In post implementation review the IS auditor should obtain, at least,
an understanding of network mapping, network routing, systems and
network security assessment, and internal and external intrusion.
1.10 Since the Internet banking solution is predominantly an information
technology solution, it should meet the information criteria established
in COBIT, as well as other relevant standards or regulations of the
industry. The extent of compliance with the information criteria,
standards and/or regulations and the effect of noncompliance should be
analysed.
2 Aspects to Review
2.1 The following organisational aspects should be reviewed for
whether:
1. Due diligence and risk analysis are performed before the
bank conducts Internet banking activities 2. Due diligence and risk analysis are performed where crossborder activities are conducted
3. Internet banking is consistent with the bank’s overall
mission, strategic goals and operating plans
4. Internet application is compliant with the defined and
approved business model
No comments:
Post a Comment