Explain Online Shopping and online banking.
Online shopping is
the process whereby consumers directly buy goods or services from a seller in
real-time, without an intermediary service, over the Internet.
It is a form of electronic commerce. An online shop, e shop, e-store, internet
shop, web shop, web store, online store, or virtual store evokes the physical
analogy of buying products or services at a bricks-and-mortar retailer or in a shopping mall. The process is called Business-to-Consumer (B2C)
online shopping. When a business buys from another business it is called
Business-to-Business (B2B) online shopping.
In recent years, online shopping has
become popular; however, it still caters to the middle and upper class. In
order to shop online, one must be able to have access to a computer, a bank
account and a debit card.
Shopping has evolved with the growth of technology. According to research found
in the Journal of Electronic Commerce, if one focuses on the demographic
characteristics of the in-home shopper, in general, the higher the level of
education, income, and occupation of the head of the household, the more favorable the perception of non-store shopping.,
Enrique.(2005) The Impact of Internet User Shopping Patterns and Demographics
on Consumer Mobile Buying Behavior.
Journal of Electronic Commerce Research, An influential factor in consumer
attitude towards non-store shopping is exposure to technology, since it has
been demonstrated that increased exposure to technology increases the
probability of developing favorable
attitudes towards new shopping channels.
Online shopping
widened the target audience to men and women of the middle class. At first, the
main users of online shopping were young men with a high level of income and a
university education. This profile is changing. For example, in USA in the
early years of Internet there were very few women users, but by 2001 women were
52.8% of the online population.
Payments: Online shoppers commonly use credit card to make
payments, however some systems enable users to create accounts and pay by
alternative means, such as:
§ Billing to mobile phones and landlines
§ Cash on delivery (C.O.D., offered by very few online
stores)
§ Check
§ Debit card
§ Direct debit in some countries
§ Electronic money of various types
§ Gift cards
§ Postal money order
§ Wire transfer/delivery on payment
Some sites will not accept international credit
cards, some require both the purchaser's billing address and shipping address
to be in the same country in which site does its business, and still other
sites allow customers from anywhere to send gifts anywhere. The financial part
of a transaction might be processed in real time (for
example, letting the consumer know their credit card was declined before they
log off), or might be done later as part of the fulfillment process.
Online Banking
Online banking (or Internet banking)
allows customers to conduct financial transactions on a secure website operated
by their retail or virtual bank, credit unionor building society
Features of Online Banking
Online banking
solutions have many features and capabilities in common, but traditionally also
have some that are application specific.
The
common features fall broadly into several categories
§ Transactional (e.g., performing a financial transaction such as an account to account
transfer, paying a bill, wire transfer, apply for a loan, new account, etc.)
§ Payments
to third parties, including bill
payments and telegraphic/wire
transfers
§ Funds
transfers between a customer's
own transactional account and savings
accounts
§ Investment purchase or sale
§ Loan applications and transactions, such as
repayments of enrollments
§ Non-transactional
(e.g., online statements, cheque links, co browsing, chat)
§ Viewing
recent transactions
§ Downloading bank statements, for example in PDF format
§ Viewing
images of paid cheques
§ Financial
Institution Administration
§ Management
of multiple users having varying levels of authority
§ Transaction
approval process
Features
commonly unique to Internet banking include
§ Personal
financial management support, such as importing data into personal accounting software. Some online
banking platforms support account
aggregation to allow the
customers to monitor all of their accounts in one place whether they are with
their main bank or with other institutions.
Security: Protection through single password authentication, as is the case in most
secure Internet shopping sites, is not considered secure enough for personal
online banking applications in some countries. Basically there exist two
different security methods for online banking.
§ The PIN/TAN system where the PIN represents a
password, used for the login and TANs representing one-time passwords to authenticate transactions. TANs can
be distributed in different ways, the most popular one is to send a list of
TANs to the online banking user by postal letter. The most secure way of using
TANs is to generate them by need using a security
token. These token generated TANs depend on the time and a unique secret,
stored in the security token (this is called two-factor
authentication or 2FA). Usually
online banking with PIN/TAN is done via a web browser using SSL secured
connections, so that there is no additional encryption needed.
Another way to provide TANs to an
online banking user, is to send the TAN of the current bank transaction to the
user's (GSM) mobile phone via SMS. The SMS text usually quotes the transaction
amount and details, the TAN is only valid for a short period of time.
Especially in Germany and Austria, many banks have adapted this "SMS
TAN" service as it is considered as very secure.
§ Signature
based online banking where all transactions are signed and encrypted digitally.
The Keys for the signature generation and encryption can be stored on
smartcards or any memory medium, depending on the concrete implementation.
Attacks
Most of the attacks
on online banking used today are based on deceiving the user to steal login
data and valid TANs. Two well known examples for those attacks are phishing and pharming. Cross-site scripting and key
logger/Trojan horses can also be
used to steal login information.
A method to attack signature based
online banking methods is to manipulate the used software in a way, that
correct transactions are shown on the screen and faked transactions are signed
in the background.
A recent FDIC Technology Incident
Report, compiled from suspicious activity reports banks file quarterly, lists
536 cases of computer intrusion, with an average loss per incident of $30,000.
That adds up to a nearly $16-million loss in the second quarter of 2007.
Computer intrusions increased by 150 percent between the first quarter of 2007
and the second. In 80 percent of the cases, the source of the intrusion is
unknown but it occurred during online banking, the report states.
The most recent kind of attack is
the so-called Man in the Browser attack, where a Trojan horse permits a remote attacker to modify
the destination account number and also the amount.
Countermeasures
There exist several countermeasures
which try to avoid attacks. Digital
certificates are used against
phishing and pharming, the use of class-3 card readers is a measure to avoid
manipulation of transactions by the software in signature based online banking
variants. To protect their systems against Trojan horses, users should use virus scanners and be careful with downloaded
software or e-mail attachments.
In 2001 the FFIEC issued guidance for multifactor
authentication (MFA) and then required to be in place by the end of 2006
No comments:
Post a Comment