This dissertation has been submitted by a student. This is not an example of the work written by our professional dissertation writers.
IMPACT OF INTERNET TECHNOLOGY ON BANK'S PERFORMANCE AND CUSTOMER'S SATISFACTION
Internet technology is very popular and has many benefits for the users; however it does has some elements of security risks to the bank and its customers at large.
In this research work, I intend to look at impact of internet technology on Bank, its employees and the customers. More importantly, efforts were also made to research into various risks associated with this technology such as hacking, spam-email, phishing, identity theft or frauds and many others.
After critical look at this technology and its associated risks especially the identity theft, two sets of solutions were recommended. The first set solutions addressed physical access control while the second aspect deal with authentication through the process of fingerprint and voice recognition.
This project is trying to evaluate the impact of Internet technology on bank's performance and customer's satisfaction. Banking industry is the bedrock of economy, the state of Banks will dictate the state of economy. If it stables, so will the economy. The present global economy recession attests to this statement. Technology innovation like Internet is groundbreaking in banking system. Transactions worth of billions of dollars take place in seconds in the electronic circuit throughout the globe (Castells, 2001). The banking and financial industry is transforming itself in unpredictable ways (Crane and Bodies 1996). Prior to the rocket of technology in banking sector, the function of the branch was very unlike the function of present branch. Earlier before the 1970s, the structure of the branch and functions were similar to one and other. Product offerings were equally the same and branches were only avenue for customers to make bank transactions. Majority of these banks were only relying on one or two branches but with many staff and cashiers. Customers were subjected to long distant travelling before they could carry out banking transactions. Face to face traditional banking was only means to process bank loan, make lodgements and withdrawals and customers were subjected to long queue in the banking hall.
But the increase in the level of banking technology made the banks started a process of metamorphose that proceed till the end of the 20th century. As part of process, many channels of distributions were introduced. Among these channels are Automated Teller Machine (ATM), Internet banking, Telephone banking, call-centre, electronic funds transfer, wireless banking, and voice messaging systems, videoconferencing and many others.
Rapid growth and development in internet technology over the last four decades have great impact on organisations. The impact was highly noticeable in area of services, products offering and business processes. Banks have use internet technology to cut operations costs, increase qualities, efficiencies and improve value-added services to the customers. Also, investment in technology gives competitive advantages to some Banks leading to some banks have opportunities to perform better than their rivals. Banks through the innovation of internet technology were able to provide better and cheaper services than traditional system of branch banking. Apart from these, level of banking transactions were equally increased, Convenience and twenty four hours banking services were also witnessed in banking system. More importantly, the level of communication within and outside the banking environment were equally improved, access to the right information and high quality of services were not compromised. The banking environment became more friendly and flexible.
Information that can only available through the means of technology became an important aspect of the banking. Many people argued that it was advance in technology of 1990s that made it possible to develop those channel of distributions and system that allowed the banks to render an unprecedented high quality services.
In final analysis, this research work assess an aspect of banking that is lacking in Traditional Bank - an online banking and its impact on customer satisfaction and bank's performance.
1.1 AIM AND OBJECTIVES
The research on Internet technology in banking and acceptance of modern banking by customers have been viewed in different perspectives but few aspects of this topic are left with little exploratory. There is little research on the effects of Internet technology on banks' profitability and customer's satisfaction. Many researchers did not fully agree that Internet technology has immensely affected the profitability level of the banks. The rationale behind this is to offer a better understanding on how internet banking is evolving.
This study intends to achieve the following objectives:
1. Research the problem of identity theft and card authorisation
2. Evaluate the problem concerning lost revenue
3. Research the other work done in this area.
4. Proffer solution to the problem of identity theft and card authorisation.
5. Implementing solutions and the cost benefits
1.2 CONTEXT OF THE STUDY
Banks have use internet technology to cut operations costs, increase qualities, efficiencies and improve value-added services to the customers. Also, investment in technology gives competitive advantages to some Banks leading to some banks having opportunities to perform better than their rivals. This research work is focusing on two important key elements which are:
1) Impact of internet technology on Bank and its customers and;
2) Associated risks with internet technology with more emphasis on identity theft
1.3 EXPECTED CONTRIBUTION TO KNOWLEDGE
The expected contributions to knowledge of this research work are to identify various theft and card authorisation, evaluate the problem concerning lost revenue and proffer solution to the problems.
2.0 LITERATURE REVIEW
It is my intention to survey literature review to reveal the level of knowledge and understanding of people about identity theft. A number of text books, articles and journals internet search are used for this purpose. Among these are:
a) 50 ways to protect your identity and your credit card - Steve weisman
The book is well written very relevant to the study and well referenced. Various types of identity thefts were discussed. It also explains that the motive behind identity theft could be for financial gain, revenge or malicious intent. The book goes further to suggest some protection rules such as only the credit cards that needed should be carried in the wallet, the practice of online account statement should be stick to, personal information should not be given on phone to unknown persons, shredding documents that containing personal detail after use and so on. But these protection rules only addressed offline identity theft, the issue of online identity theft or frauds which common to credit cards were not addressed at all.
b) Business Information system (Technology, Development & Management) - Paul, et al
The book looks at the issues of identity theft, brand abuse and costs of identity theft. The three issues discussed are equally paramount important to this research. The book is good for academic and well referenced. According to the book, “the term brand abuse is used to cover a wide range of activities, ranging from sale of counterfeit goods, for example software applications, to exploiting a well known brand name for commercial gain. It was further stated that with regards to identity theft, CIFAS(www.cifas.org), a UK-base fraud prevention service, report that there were 80,000 cases of identity theft in the UK in 2006.The coated in the company's web site showed that identity fraud cost UK economy £1.5b in 2005 and generates a revenue of £10m each day for fraudsters.
c) Identity theft literature review- Graeme, R.N &Megan M.M
It is a well written article and equally well referenced. In this article, the authors focused on two important issues, the first one is the cost of identity theft while the second one focuses on the issue of legislations. The two issues discussed are very relevant to this research. The authors look at various identity legislations passed to control the crimes of identity. (www.house.gov/apps/list/press/ca29schiff/062304idThef2.html).
d) Enquiry in to the credit card fraud in E- payment- Jithendra, D. &Laxman, G
In this article the authors look at credit card Hacking and types of credit card frauds. This article is not well referenced and authors failed to proffer adequate solutions at end of the discussion.
In my opinion, the article is much related to this research work but the sources of documents used to write the article cannot be easily traced because it is not properly referenced. However, it is very helpful reading in understanding the background of the topic.
e) Identity theft and credit card fraud - Sarah P. Miller
Sarah Miller's article examines the various tactics the fraudsters use to commit credit card fraud. Some of these tactics are; opening a new credit accounts, existed accounts hijacking, skimming tactic among the other. The article also looks at various ways of protections against credit card fraud and come up with some of security measures to guard against credit card fraud in our society.
The article is appropriately written and very useful for this research. The source of the article is also quoted as http://EzinArticles.com/?expert=sarahp.miller .
f) Improving response time of authorization process of credit card system- Humid, siti Hafizan Ab
It is a journal of computer science published in February 1 2008. The journal discusses the issue of credit card authorization process. It also explains the pitfalls and benefits of credit card authorization. The journal is very briefs about the topic but all the salient points are well discussed. It gives a website as the only source but fail to give other reference. It is very pertinent to mention that the journal would have been a great assistant to the realisation of the objectives of this research work if it has been properly referenced but the beauty of this journal is that it serves as basis of understanding of the topic.
g) 7 precautions that minimize the Risk of identity theft - Jesse Whitehead
In this article, Jesse looks at financial costs of identity theft and estimated it to be $50 billion. He further explains that researchers are yet to discover a precaution that is hundred percent guaranties against the risk of identity theft. In final analysis, Jesse recommends the following precautions to reduce the threat of identity theft in our society. One, he recommends that social security number should not be disclosed to anybody unless otherwise require by law. Secondly, it was also suggested that social security number should not be carried all about. Shredding all important documents immediate after use is strongly recommended and more emphasis should be placed on e- statements from our banks and credit issuers. It was also suggested that a strong password and pin should be created and printing of Driver licence number on our checks should be highly discouraged.
The author gives this website as the source of article http://EzinArticle.com/?expert=jessewhitehead but no other reference available. It is very relevant to this project as important aspect of the topic is being discussed.
2.1 DEFINITION OF INTERNET
According to Paul et al, “internet refers to the physical network that links computers across the globe”. From this definition, the interconnectivity of many computer devices all over the globe is done through the world-wide computer network known as internet. These computer devices store and transmit information like World Wide Web and electronic mail (e-mail) messages. There are other devices like mobile computer, pagers, web TVs that are connected to the internet. All these devices are revered to as host or end system. Both electronic mail and world -wide web are network application programs that run on host or end system. Like other internet units, end system run protocols that regulate the sending and receiving of information in the internet domain. Internet has two major protocols popularly called TCP (Transmission control protocol) and IP (internet protocol).
Communication links like coaxial cable, copper wire, fibber optics or radio spectrum link end systems together. Data transmission rate of all these links are not the same. This transmission rate is known as bandwidth and is measure in bit or second. End systems are indirectly join to one and other vial routers and a router receives information from the incoming communication links and send it to its outgoing communication links. The IP defines the format of receiving and sending information between the routers and end systems. The path on which information is transmitted is called route or path. The internet then utilises packet switching which gives room for multiple communicating end systems to share a path of a path simultaneously.
Connection of network to the internet needs to follow specific name and address and it must be run on the IP protocol. The arrangement of interconnection of the internet is from bottom to top. End systems is connected to local internet service providers by means of access network and this access network is refers to as local area network (LAW) or phone based access network. The local internet service providers are then connected to regional internet service providers. The regional internet providers will also connected to national and international internet service providers. This type of internet is called public internet. There are other private networks that cannot be accessed by public. It can only be accessed within the organisations and refer to as intranet. It also makes use of the same internet technology that public internet is using.
Another way of defining Internet is to look at its infrastructural that offers services to distributed application. Internet provides opportunity to distribute application on its end systems to share data with each other. The application could be inform of e-mail, file transfer, remote login, and world-wide web and so on. Web can be ran over network apart from the internet but this does not suggest that web is a separate network, instead it is one of the distribute applications that make use of services offer by the internet. Both connection-oriented services and connectionless services are two services offer by internet to the distributed application.
2.2 GROWTH OF INTERNET
Internet and computer networks began early 1960's. During this period, telephone was commonly employed as means of communication. This telephone network utilises circuit switching to transmit information from a sender to receiver and since then, internet continue to grow from strength to strength. There are a number of factors that contributing to this development. Financial analysts observe that costs, competition, demographic issues and customer service are the major considerations that make bankers to constantly review their internet bank strategies. It is the belief of these analysts that demand for internet banking products and services will continue to increase. But the major task facing banks now is how to ensure that the benefits of internet banking outweigh its costs and the risks. The strategies adopted by each bank to increase its market share and cost reduction vary from one bank to another. Internet is a platform through which customers access accounts and general information. It gives customers information about various products and services offer by the bank.
2.3 RISKS OF INTERNET SERVICE
There are a number of internet threats around business world today. The threat continue to increase as internet become more acceptable means of conducting online business transactions. As banks so heavily rely on internet to reduce costs, so also they become more prone to some risks. Few examples of these risks are as followings:
Hacking involves attempting to gain unauthorised access to a computer system, usually across a network. Hackers only need limited programming knowledge to wreak large amount of havoc. The fact that billions of bits of information can be transmitted in bulk over the public telephone network has made it difficult to trace hackers, who can make repeated attempts to invade bank system. For instant, much damage could be done if people gain authorised access to bank's network service. Hacker may gain access to bank's internal network for two major reasons. It could be for monetary benefit which usually associated with identity theft where personal information as well as credit card details is obtained to perpetrate fraud. It could also come inform of malicious intent ranging from deletion of file, deliberate introduction of computer viruses into a system or forwarding vital organisation's information to rival. Counter measure like dial-back security can be used to prevent this problem. It operates by requiring the customer wanting access to the network to dial into it identity themselves first. The system then dials the customer back on their authorised number before allowing them access. Also, system can have firewall to prevent unauthorised access into bank system. Firewall software is use to monitor and control all incoming and outgoing traffic to deny intruders gaining access to the information system.
b) Malicious Code
Malicious code like worms, Trojan horse program and viruses are written to penetrate a system in order to have access to confidential information or disrupting the bank network. Through the help of the code, Fraudster can enter the network of a bank without its knowledge and valuable information can be stolen in the process. This stolen information can be used to commit identity theft or fraud. This code attacks are very delicate in that they can replicate and spread themselves without human intervention.
This is a process through which an intruder has access to bank network. Usually, the intruders are employees of the bank who have gained access to the authentication information of a bank customer. Intruder could also be an external person who has acquires some skills to get the authentication information of the bank customer. When internal or external intruders have unauthorised access to bank network, vital information about customers can be obtained and later use to perpetrate frauds or commit crimes. To guard against this ugly incident, bank must restrict its employees to some areas of its network.
d) Denial of services
Banks nowadays rely on internet for effective communication within and outside organisations. In the process of communication, the bank is subjected to the risk of denial of services. Communication channels of the bank can be blocked, web page may be changed or the system employ to process online business transaction may be attacked. A denial of service attack is associated with an attempt by attacker to prevent legitimate users of a service from using that service. The situation forces the bank to close down services until everything return to normal. This kind of criminal activity was hardly experience until 1999 when the crime became cankerworms in our business environments. The effect of this criminal activity is very great most especially when bank so heavily depend on the internet for online business transactions. Huge amount of money could be lost to the fraudster through the attack. Attack on Amazon and Yahoo servers in the year 2000 was a good example. The servers of Yahoo was engulfed with series of attacks and “The attack was estimated as costing £ 300,000 in the lost advertising revenue alone” (Financial Time of November 17, 2000). Another popular of denial of service attack was witnessed in 2004. During this time, a group of fraudsters from Russian embarked on a number of denials of service attack on UK bookmaker. The attackers demanded for certain amount of money before they could stop the attack, but the organisation in question (bookmaker) was not ready to give them any money at that time leading to a great losses of about forty million pound. The effect was very terrible on financial position of the company that very year.
e) Brand Abuse
It involves sale of counterfeit goods like software application to exploit a well recognised brand name for commercial benefit. Fraudster can imbedded the name of reputable organisation into a bogus web page just to portrait the page as high rank one. People that search for this reputable organisation can be routed to the false web page where the counterfeit goods are sold. A lot of people have intention of buying genuine products and services but end up in buying counterfeit one through the brand abuse. The effect of this is that people pay high price for less quality goods and services. The brand abuse practice costs most UK organisations huge amount of money and cost continue to increase year in year out. People also are no longer sure that the goods and services buy over web pages are actually genuine one. Many people have been victims of counterfeit unknowingly but thinking that they have bought the original goods and services they intend to buy even at exorbitant price.
f) Credit Card Fraud
The use of credit card online has become a global phenomenal. This card is being use all over the world to make payment for goods or services purchase on internet, retail shops or restaurants. The proliferation use of credit card online makes the users expose to various forms of risks. The risk could be in form of using people's personal information to open new accounts, hijacking existing accounts.
g) Opening of new account
After important details like name, date of birth, social security number is obtained, the fraudster can pretend to be another person in order to create new lines of credits. The victim's name can be used to secure credit cards and it may not be known to victim that someone has taken credit card on his or her name. Some people in many cases get to know when they receive calls from debt collectors or when they apply for loan and it is not granted due to bad credit rating. Many people have been forced to pay debt they didn't actually own through this process.
h) Hijacking account
Hijacking existing account is another method use to commit credit card fraud. Existing account can be hijacked by altering important details of the victims such as personal identification number, passwords, billing or mailing address. The purpose of this is to take perfect control of someone's account illegally. The original owner of the account may find it hard to regain the control of the account. Even if they regain the control, fraudsters might have wreck serious havoc on financial reputation of the original owner of the account. It takes victims some time and money before they could clear their names from this mess.
It is very common in the restaurants, stores or automated Teller machine. Skimming is done through the use of palm-sized card -reading devices. This device is capable of swiping credit card information. It is very delicate in that it may not be noticed until the victims witness unsolicited charges on the statement account of their credit cards. Many of these devices can be planted into Automated Teller machine slots or strategic locations that are not visible to the people. The aim and objective of doing this is to illegally capture important details of targeted victims. The details collected through this method can be used to perpetrate frauds on customers' accounts or use to commit crime in the name of the victims.
Phishing is another method that thieves use to lure people to supply their personal information through false e-mail and web sites. Customers may receive bogus electronic mail through a web site telling them to update their details. The web site may look like that of normal bank they use to visit. But when they access this web site, their account numbers and passwords will be demanded for. Both password and account number are collected through this method and later use to siphon money from customers' accounts or credit cards. Barclays Bank and some highly reputable organisations were a victim of the crime in 2003.This method of stealing is hardly to detect because the e-mail and web site are made so similar to that of original banks. The only preventive measure is for the banks to educate their customers to ignore such e-mail whenever they receive it. Although this will not totally wipe out the crime because many online customers will still respond to such e-mail but additional measure like authentication which involves adding an extra field to a record with the contents of this field derived from the remainder of the record by applying an algorithm that has previously been agreed between the bank and customers will go a long way in countering this crime. Multiple passwords can also be employed to counter the problem. Furthermore, there are many more of internet threats around but this research work will focus majorly on identity theft and card authorisation.
2.4 IDENTITY THEFT
According to available information, identity theft and identity fraud are not new crimes. Both have been in existent for a while and continue to be among the fastest growing crimes in the UK. These two crimes can be perpetrated without a thief even burgling into your home or have physical contact with your computer system. The problem is likely to get even worse because of economy recession that grips all the nations. Information gathered from banks reveal that insurance fraud is increase by 17% and identity fraud seems to be following the same pattern. If bank customer identity is compromised he or she may find it hard to have good access to a loan, credit card or mortgage until everything is resolved. We are all victims of these crimes. We eventually pay highest prices in shops, highest interest rate on mortgages and higher premium on our insurance policies for no other reasons than this problem of fraud.
Government and corporate individual organisations have been making frantic efforts to reduce these crimes. But in spite of all these efforts, the rate of identity theft and identity fraud are yet to reduce and number of victims of these crimes are also increasing on alarming rate. According to (UK payments, the UK trade association for payments, 2008) card fraud losses total £609.9m, online banking fraud losses £52.5m and cheque fraud losses £41.9m. Furthermore, of identity fraud in 2007 was quoted to be 65,043 according to CIFAS, the UK's fraud prevention service. The 2003 survey of Federal Trade Commission (FTC) indicated that about 3.25 million Americans had lodged complaints that their personal detail was illegitimately used to get credit cards, obtain loans, rent apartment, and enjoy medical facility and some time use to commit crimes. Also, more than 5 million Americans were victims of credit card frauds where personal detail was used to obtain lines of credit and twenty five million plus have been victim of identity theft.
WHAT ARE IDENTITY THEFT AND IDENTITY FRAUD THEN?
Identity Theft is situation where by an individual's personal information or confidential detail is steal by another person without their knowledge. But Identity fraud is committed when thieves use this information to secure credit, goods or other services in the name of targeted victim without his or her knowledge.
Another definition describe identity theft as “anyone who knowingly transfers or uses, without lawful authority, any name or number that may be used, alone or in conjunction with any other information, to identify a specific individual with the intent to commit or aid or abet, any unlawful activity that constitutes a violation of federal law, or that constitutes a felony under any applicable state or local law” (1998 identity Theft Act, U.S public Law 105-318).
2.5 REASON FOR IDENTITY THEFT FRAUD
Reports so far on various form of identity thefts indicated that fraudsters commit identity theft for a number of reasons. But the most common one are:
Many people commit identity theft simply because they want to cover their past criminal records. Some people in the past have committed one crime or the other and want to cover them to avoid arrest. A very good example of this scenario was that of September eleven terrorist. “All 19 of the September 11th terrorist were involved in identity theft in some way” (Willox and Regan 2002) many people were wrongly arrested because their identities have been stolen. Also, a number of people commit identity theft because they want to hide their bad financial records which denied them access to essential banks' products or services such as bank loans, mortgage, account opening or credit card. In some situations, identity theft can be committed to avoid payment of existing debts. These type of people may want to enjoy normal life again and the only way they can achieve this is to masquerade themselves under the identity of another person. The effects of these criminal activities are that warrant arrest and prosecution may be issued in the name of victim customer.
b) Financial benefit
Investigation conducted from various banks indicated that many fraud cases reported in the recent past revealed that people committing identity theft for financial gain. In some cases, thieves steal personal information of innocent persons to open a line of credit cards accounts. Along the line many goods and services can be purchased in the name of targeted victims. In the same manner, details of another person can be used to secure loan from bank and account abandon later after fraudsters might have make a lot of money from the accounts of victims. A friend narrated his experience where fraudster obtained his personal details to secure a loan of about £10.000 from a commercial bank without his knowledge. The fraud discovered some months later when he received a letter from the bank that sum of £10.000 plus accrued interest is due for payment in his account. The fraudsters have used his identity to have illegitimate financial gain. The case took him some legal battles and time before he could exonerate himself from this mess.
Many banks have witnessed identity theft through the activities of their employees. Some employees of bank may collude with fraudsters to steal details of customers as retaliation to the termination of their appointments or the bad treatments they received from their employers. In this process, valuable bank's information may be sold to competitors leading the bank to various litigations and financial lost. Also the reputation of the bank may be seriously damaged. The effect of this is decline in profits and low patronage of the customers.
2.6 TYPE OF IDENTITY THEFT
Many Bank customers have been victims of identity theft by one way or the other and type of identity will largely depend on the definition giving to it. But the most prominent one is credit card. Information available reveals that credit card fraud on internet has been seriously increase due to the opportunity offered by new improved internet technology. Apart from credit card fraud, there are other types of identity theft such as extortion, phishing, financial scam, avoiding arrest, organized identity theft and many others.
Fraudsters have many ways of extorting money from banks and customers but the two common one are cyber squatting and the threat of leaking customers' information. Cyber- squatting, this method of extortion related to registering a bogus internet domain to extort money from bank or its celebrity customers. After registration of a bogus domain, the fraudster will offer it for sale to potential buyer company or individual celebrity customer. When deal has been struck, the fraudster will demand for large sum of money from potential buyer. It may not end there, series of threats like defamation of characters or reputation damage may be followed. To avoid these and other negative publicity, potential buyer may negotiate with the fraudsters.
Another method of extorting money from banks is to have unauthorised access to sensitive information of the bank. When the information is obtained, fraudster will threat the bank to pay huge amount of money or else its information will be leaked to rivals or public. Banks have lost a lot of money through this process.
It involves distribution of fake e-mail to customers so as to induce them to willingly disclose their personal information that can employ to have access to their bank and credit card accounts. The e-mail will be perfectly designed in way that it will be so identical to the one that normally originate from bank so that the customer will not have any cause to doubt its authenticity. Customers will then ask to update their accounts by follow a link that will lead them to bank's website. Immediately they clique on this link, they will ask to supply their username and password thereafter; the link will direct them to false website that similar to that of the bank they accustomed to. It was through this process that fraudsters obtain password and other security information of the customers which can be later used to take money from their bank or credit card accounts.
d) Avoiding arrest
This is another type of identity theft whereby criminals use the identity of another person to commit crimes so that if they eventually caught warrant arrest will not be issued on their names. When crimes are committed in this way, police will not look for real offender but instead they will be looking for innocent victims.
e) Financial scam
This type of identity theft is committed with sole aim of getting some financial benefits such as bank loans, mortgage, bank accounts, goods; credit cards which fraudsters are not prepare to pay back.
f) Organised Identity Theft
Many other identity thefts can be committed by single individuals or by group of people. Some bank inter related frauds are committed through syndicate. Employee alone cannot successfully carry out heavy fraud in the organisation without join efforts of outsiders. For this type of identity theft, a group of experts are needed to carry it out successfully.
g) Burglary/ Robbery
Offenders use different traditional ways of obtaining personal information of bank customers. The common one employ is robbery or burglary. This traditional method of stealing is aim at obtaining important documents that can be used to get personal identification of the bank customers. Obtaining customer Personal identification in this manner could be dangerous because, the information could be used to perpetrate fraud or committing crimes.
2.7 STAGES OF IDENTITY THEFT
From research so far, three stages of identity theft were identified. They are as follows; acquisition stage, use stage and discovery stage. A class of identity theft may involve one or combination of all these stages.
Acquisition of the identity theft: Identity could be obtained via theft, fraud, trickery, computer hacking, redirecting mail. It could be also acquire by legal means through internet. Vital information of organisation or individuals customers can be bought on the internet.
Use of identity: Identity of the victim can be used for many purposes. It could be used for financial rewards or to prevent arrest or to conceal one's identity from bills collectors. This stage of identity theft comprise of
1. New account opening
2. Account take-over
3. use of victim credit card
4. sale of identity or details on the black market
5. Cars rental stealing
6. insurance fraud
7. Fraudulent tax returns
Discovery of theft: In some cases, many cases of credit cards frauds can be earlier discovered but identity theft may take longer time to discover. It could take months or years to discover it. The earlier it takes to discover the theft, the smaller the loss incurred by the victims. Many bank customers have been carrying heavy financial burden today simply because their identities or credit cards have been compromised and the problem is not discover on time.
2.8 TECHNIQUES OF IDENTITY THEFT
There are many ways in which fraudsters perpetrate an identity theft. As technology improve so do the technology of fraudsters and thus the approach they use to execute fraudulent activities. They have devised various methods to take advantage of the information age. Many techniques that fraudster uses to steal identity are very simple. Few of them are enumerated below:
a) Bin raiding
Offenders sometime go to customer dustbin or recycling bin at mild night to steal documents that may assist them to build a new profile. This new profile can give them opportunity to concealment and financial gains.
b) Card skimming
Personal information of a bank customer can be obtained when credit card is use to purchase goods and services in the retail shops or restaurants. This is done through the help of palm sized card reading devices. This device is use to swipe important details of customer's credit card. Customer's information can also be obtained in similar manner when debit card is use at ATM that has been planted with this skimming device.
c) Stealing wallets
It is a common practice among the fraudsters to steal a customer purse or wallet that contain important items that may assist them to obtain essential information needed to carry out fraudulent activities. If the problem is not detected on time serious havoc can be done to social and financial reputations of the victim.
d) Unsolicited contact
At one time of the other, customers have been receiving bogus phone calls from individuals claiming to be from bank. Sometime the caller may offer series of incentives to the customer just to get their personal information that required for accessing their bank or credit cards accounts.
e) Mail interception
Mail of many customers have been intercepted and many important documents that contain personal information haven stolen in this process.
f) Mail forwarding
Address of many customers has been changed by fraudsters. They do this just to redirect all mails of targeted victims. Instead of mails go to the true owner, the mails will go to the fraudster. From there, important information about the victim can be extracted and later use for frauds.
Personal details of many customers have been obtained electronically. Some victims get their identities stolen through the means of bogus e-mails or internet viruses such as phishing or hacking.
A lot of bank employees have been bribed by criminals to hand over sensitive information of their organisations to them. Series of incentives are offered to the employees in order to get credit card information of the victims. Both bank and customers have loss huge amount of money through this practice.
2.9 REVENUE LOST IN IDENTITY THEFT
Revenue lost through identity theft is one of the problems facing the bank today. Huge amount of revenue is being loss every year on the problem of identity theft. Card fraud losses total £609.9m, online banking fraud losses £52.5m and cheque fraud losses £41.9m (UK payments, the UK trade association for payment, 2008). UK payments 2009 also revealed that card identity theft losses have increase by 39% to £47.4m. Account take-over where fraudsters take over the operating of another person's credit or debit card accounted for this increment.
According to Federal Trade Commission (FTC) survey, the total annual loss to business owing to the problem of identity theft is closed to fifty billion US dollar and total annual cost of this problem to victims was estimated to be about five billion US dollar. The survey further stated that three hundred million hours of time were also use to resolve different types of identity theft. Individual victims of identity theft spend nothing less than five hundred dollars and thirty hours to resolve the problem. Every single Victim spent an average of one thousand one hundred and eighty dollars and sixty hours in tackling problem of identity theft relating to new accounts and other frauds. Also, American Bankers Association revealed in its 2000 bank industry survey that losses related to cheque fraud in commercial bank accounts in 1999 carped at two billion, two hundred million dollars. Identity theft related to cards fraud losses in the year 2000 amounted to one hundred and fourteen million dollars.
Furthermore, there are many other ways that banks loss revenue due to the problem of identity theft. Interruption of business activities due to the hacker attack or virus cause severe lost of revenue to the banks. . Activities of third party that use banks' computers to steal their money also resulted in big revenue losses. Citibank lost six million two hundred and fifty thousand pounds to third party (hacker) that use its old computer in St. Petersburg USA. In the recent past, many banks lost huge revenue as a result of various claims and charges made against them by the customers. Also, Introduction of malicious code to computer systems by intruders could cause serious damage to the system and Repairing this damage and restoration of records gulp a lot of money from banks profits. Every year banks make provision for bad debts. Most of these debts are related to various types of frauds committed through identity theft. In many occasions, fraudsters use details of victims to open accounts. In the process, the accounts might have been used to secure credit or purchase goods and service without repayment. Abandon accounts in this way resulted in heavy lost and no other bear these losses except Banks. The use of fake identity to open accounts make it practical impossible for banks to recover the money when the accounts abandon later.
2.10 CARD AUTHORISATION
Card authorisation is a method use by the banks to approve or reject transactions carried out by cardholders. The process involves a number of validations of the card's risk management profile to ascertain that the account of cardholder is open. Not only that but also the transaction falls within the limit of cardholder and originate from authorise cardholder. Card risk management profile is divided into two groups. The first one is card restriction validation and the second one is online fraud validation. Cad restriction validation deals with issues of financial and non financial relating to the card. But online fraud validation comprises of cryptographic operation via host security module to prove the security part of the authorisation in a way to ascertain the validity of the card. Host security module is an outward device fixed to the authorisation host that hold the secret information of the card issuer in hardware. This hardware serves as a means of verifying the credit card transaction.
The disadvantage of this process is that longer time is required to complete authorisation of credit card transaction owing to series of validation involved. Also, security validation of card consumes a lot of time and efficiency reduces whenever many authorisations are involved. Many authorisation accepted at one point of time will not give response on time. Failure of transaction is refer to as time out. Multi-threaded authorisation system that has share-memory is needed to solve the problem of slow authorisation of single-threaded model and the response time of authorisation process. To be able to have an appreciative response time of card authorisation process, an invention of Host security module and implementation of distributed authorisation required. Host security module performs so many duties. Among these duties are to verify online PIN, card transaction validations through security code of cards and doing the work of host processing of master card visa.
2.11 CUSTOMER SATISFACTION
Customer satisfaction is all about knowing the customer needs and satisfies those needs. According to (Anderson and Roland 1997) “Customer satisfaction is Result-Expectation”. Bank customers want the bank to meet their expectations at all time even the insatiable one. Different parameters are used to measure customer satisfaction. What one customer count as satisfaction another may not count it. It all depends on individual. While many customers see services beyond banking hours, convenience and low costs as satisfaction other perceive services like reliability, accuracy, wider geographical coverage, wider range of products and services offering as satisfaction. But every customer sees security as major motivational factor. They are more satisfied if their bank business activities are free from any form of financial injury or losses such as identity theft or frauds.
Three different categories of technologies are now used by banks to improve the customers' satisfactions namely; customer independent technology, customer assisted technology and customer transparent.
Customer Independent Technology
This makes it possible for bank customers to conduct bank business transactions without necessary have physical contact with the bank. This self-service facility gives customers opportunity to do a lot of thing such as opening of account online, apply for credit facility, fund transfer, online statement accounts without bank intervention. Valuable time of customers and transportation fares are equally saved in this regards as customer no longer required moving out of his/ her living room before carry out bank transactions.
Customer Assisted Technology
This is another tool used to increase customer satisfaction. In this scenario, customer relationship management is use at call centre to identify the profile of the customer in order to provide prompt and caring services as well as quick response to customer inquiries.
The last one is an invisible technology used to improve customer transaction. It is an essential service which customers want the bank to provide and failure to provide it may lead to complaint and dissatisfaction. If the service of this technology is up to expectation, the customer will keep quieted but if otherwise they will quickly lodge complaint or give feedback.
The methods I employed in this research work are literature review, field survey through interview and direct observation. I used interview because it brings highest co-operation and lower refusal rates. Primary data which is most reliable source of information can be collected through this method and also gives me opportunity to have first hand information from the bank and the customers which on a good day I did not have access to. Another reason for using interview in this research work is person-to-person contact. It gives room for me to examine the details of the respondents. Not only has that but also probed for more information in a particular method.
I used direct observation so that I can have first hand information from both bank and customers. Direct observation is more reliable because the whole exercise is performed by the researcher and information gather through the personal observation of the people and their environments are always gives desire results because, the observer only concentrated on the area of interest. Also, it gives me the true position of how customers transmitted their details on the internet and frauds countermeasures that the bank provided for online customers.
Also, I visited the bank premises at different banking hours to have a look at the bank system facilities and physical access control security put in place by the bank. I spent few hours in banking Hall watching the activities of both the customers and the bank. One of the officers of the bank took me round. The area visited includes customer services department, frauds prevention section, manager's office and Tellers section. Effective control measures were put in place in all areas visited. The purpose of this visit is to ascertain the level of control measures implemented in this bank.
During my visit, access to main compute room, close-circuit Television and vault room were denied due to security reasons
3.1 DATA COLLECTION
Both primary and secondary sources of data were employed in this research work. The primary data were collected through the help of employees of Penny-Wise Bank and its customers. Secondary data were also gathered from the internet explorer Google at http://www.google.com, related text books, published journals and articles. Also, data was gathered from case study.
The objective of this research is to have insight and in-depth knowledge into the impact of internet Technology on Penny-Wise Bank, its employees and customers. My main concept is how to prevent risks associated with the internet banking such as identity theft, or frauds which a bit complex concept.
3.2 Personal interview
Based on the above information, two sets of interviews were conducted addressing two sets of respondents: Bank employees and customers. The first set of respondents was the branch manager of Penny-Wise and a staff working in frauds prevention and IT department. The questions were ten in numbers and prepared in such a way that dig out more fact about the bank security. The second set was five customers selected randomly. The selection cut across all types of customers ranging from retails to corporate. Six questions were set out for this group and the questions were centred on their experiences on the internet banking, online frauds, how the fraud occur and reporting to the fraud to the police or bank. The purpose of these questions were to get information on how secure internet banking of this bank.
These sets of respondents were chosen for the research study because bank customers are the major players which internet threats would greatly affect. Also, the customers are the major party agitating for implementation of better solutions to the problem of identity theft in the bank and they are in best position to adopt or reject any solution. On the other hand, the bank is the security provider on the internet; ensure professionalism in the conduct and implementation of internet banking and server as the watch dog of IT technology.
3.3 CASE ANALYSIS
After gathering data from the case study, critical analysis of the case was conducted through the major five factors such application, activation, monitoring behaviour of transactions and the prevention of frauds on the internet
4.0 RESULT AND ANALYSIS
Wake-up branch of Penny-Wise bank London was chosen as my case study, because the branch has witnessed the highest cases of identity theft and frauds in the recent past. Brief information of this bank is giving and results of interviews conducted are logically presented in this chapter. The two employees and customers of the bank interviewed were not mentioned by name. Letters and s were used to represent their names. The bank (Penny-Wise bank) was chosen to collect my primary data.
4.1 Background Information of Penny-Wise bank
Penny-Wise bank has grown into a financial oak since March 1973 when it opened to customers in the heartland of London. Being a commercial Bank born out of a vision to set standards in customers' satisfaction, the seeds of passion, creativity and team sprit sown by its founders did not take much time to blossom.
Penny-Wise bank is specialised in issuing credit cards such as visa Electron, visa Gold, MasterCard, and maestro. It has 250 ATM located in different location in London. The ATM services provide opportunity for cash withdrawals at any time. Among other services provided by this bank are, Internet banking, telephone banking, wireless Banking and many other.
Authentication is the method employed by Penny-Wise bank to verify a user's identity. Many internet bank customers access servers every day, so the bank makes it a point of duty to keep an eye on every activity on these services. Authentication can take various forms such as customer verification value two (CVV2), Personal identification number (PIN), password and many others. When the customers swipe the credit card via a reader, the electronic data capture with the aid of modem dial the telephone number of a store to call an organisation that takes credit authentication request. The authentication request will be taken from merchants and payment assurance is also given. When credit card authentication request obtained, the organisation that collect the request will check the identity of merchant, limit and usage of the card, validity of card number and expiring date of the card.
In this process, the card holder key in PIN through keypad. The PIN is encrypted in the database of the card not on the card itself. For instant, when customer takes cash from automated teller machine (ATM) it encrypts the personal identification number and forwards it to the database to check if there is a uniformity. At times, intruder may have access to computer database of the bank but with this system the card users are adequately protected from any form of impersonations. The bank use internet and point of sale as means of detecting frauds.
The 1st step of risk management protection is through application process. The detail of an applicant is authenticated via many data sources. Cards issuer calls the number of customer that was written on the application form and verification of customer address is also carry out. Applications with higher risk are subjected to cru tine. Applications receive from internet or areas that are very much prone to frauds are also subjected to critical review. Irregularity test of applications receive from credit bureaus will also be carried out. Such test reveals any discrepancy in the customer's name, address and telephone number. The test is necessary to detect any attempt to open a fraudulent account.
Problem of Credit card frauds and identity theft can be reduced to lowest level if due caution is exercise and the application is well vet.
Activation of card by customer undergoes fraud control laid down by card issuer. If the telephone number use to activate the card is different from the one written on the application, then a flag will raise. In this situation, the card will not be activated instead the call will be forwarded to customer service department. In this department, the identity of the caller will be verified via the other details on the application.
The application process gives opportunity to compare the details of caller with that of cardholder. If caller supply information that is different from the one on application, the activation will be subjected to further inquiry. Activation process is an effective security measure the bank use to curb the identity theft frauds, account take over and fake credit card.
Behaviour of transaction monitoring
Card issuers use special software to monitor behaviours of transactions and activities on individual customer account. The card issues pay more attention on new account opening and unusual withdrawal of cash on the account that don't normally withdraw cash. Any abnormal transactions on the customers' account will be flag and investigated. Also, the affected customer will be contracted for confirmation of genuineness of the transaction immediately. The step is necessary to safeguard against any fraudulent activities on the account of customers. Transaction behaviours monitoring therefore, serve as a good method to prevent fraud in this bank.
Prevention of frauds on the internet
The basic method that Penny-Wise bank use to curb internet frauds is authentication. Different kind of authentications are available for use but the particular one that the bank is using is cards verification value 2. The three digits number on the opposite side of most cards is exclusive to each card. Any merchant that asks online customers to put the three digits in conjunction with real card number put more security measure on the transaction. There is a great chance that the buyers are in possession of the cards because the 3-digits number can only be seen on the card itself not on the receipt. Even if the receipt is lost or stolen it cannot be successfully used to perpetrate fraud because the 3-digits number will not appear on the receipt. But the only problem with this method is that it cannot prevent stolen cards frauds.
Another method use by the bank to check internet frauds is account number concealment software. When customers shopping online they need to long on to the website of the bank and after log in their details, they also requested to enter the first, middle and last digit of their memorable names. Thereafter, the customers will be transferred to another stage where the payment will be authorised. In this method, a single number is use for every single transaction. That mean for every single transaction, the customers need to go through the same process. For this reason, customers perceived this method as waste of time and they are not willing to adopt it.
Bank worker Result
Respondent number one is an operational manager of the bank. He has been working in the same branch of the bank for almost five years. According to him, the bank service in area of credit card providers is second to none. About two thousand of their customers are regular users of credit cards. There are many reported credit card frauds cases, online transaction recorded highest number of these credit card frauds. Most of these frauds happened in online shopping, making online stores a danger zone. Online stores are characterised with many threats such as credit card identity theft, hacking, site clone, breach of data protection Acts, accounts hijacking and many other. The manager also said that the present predicament they are facing now is about whom to trust because everybody is claiming that their online shops are not prone to any risks. Upon all these claims, there are thousands of companies that are using bogus website that are very identical to that of trusted Banks and the owner of these bogus websites trick customers to supply their credit cards information. Immediately they get the credit card information they needed the site will be shut down. This is the experience of the customers in online transactions. He stated that it is herculean task to put a stop to these problems. He also added that bank staff is working round the clock to protect customers' interest. He then advised the customers to be mindful of how they use their credit cards online. Not only that, but also exercise cautions while buying goods in online stores. He noted that registration of cases like this has been embarking upon in their bank. He finally stated that arrangement has been made to launch a new improved authentication system which will provide adequate security to the credit card users. He even stated that the system will protect the customers against the evils of hacker if it finally introduced.
The second respondent is an employee of the bank who has worked for four years in fraud prevention and IT department. His response goes thus; “different types of frauds relating to identity theft and credit cards are reporting to me on daily basis”. Majority of these cases are related to online credit cards identity theft. He noted that personal identification number authentication is one of the best forms of security measures that bank put in place. In that case, customers at all time are enjoined not to reveal their personal identification number to anybody.
He also said that many of preventive measures can come from the customers. The bank therefore enlightens its customers on the dangers in leaving their cards details unprotected. They (bank) also focus more attention on how customers supply their details and used their credit cards on different sites in internet.
He further mentioned that data gather from customers are employed to improve the security measures. According to him, responses of the customers who are regular users of the card have been obtained. Security issue is a peculiar problem to all of them. All of them narrated different types of problems they are facing in using their credit cards.
1. Do you use internet to conduct banking business transactions?
(8 ) 80%
2. Have you experience online identity fraud before
(7 ) 70%
3. Did you look forward to more security on the internet of this bank
(9 ) 90%
4. Are you feeling comfortable with the fingerprint or voice recognition as a form of security protection against identity fraud
(7 ) 70%
5. How long have you been using Internet banking?
6. What is your experience using Penny-Wise bank's internet banking?
Case study: Penny-Wise Bank
The analysis is base on the results of interview presented above and four important factors that the Penny-Wise Bank presently use to check identity frauds online and offline. This will be used to analyse the results. They include:
1. Application processing
The first step taken by the bank to minimize risks is through Application. The bank use initial application form that customers filed to verify their information. In addition, telephone address is use to confirm if the telephone number written on the application form tally with the address given by the customer. But this has not helped to properly scrutinised applications from both high risk area and online. Thus, there is every tendency to accept fraudulent applications.
2. Activation processing
The activation system of Penny-Wise bank serves as fraud control measure when new cards are activated. The activation is done manually by a member of staff limiting the usage of facility to banking hours only since there is no staff after banking hour to pick calls for card verification. Thus the faith of card holders is limited to banking hours.
3. Behaviour of transaction monitoring
Penny-Wise bank is not among high rating card issuer banks. Presently the bank doesn't have powerful or effective software to monitor high-risk transactions. When a customer lodges complaint about a missing card or attempted fraud, the bank placed technical suspension on the account of such customer. All the balance in the account is move to a special account called Suspense. Although the customer is allow carrying out the normal banking transaction, but will not allow using the lost card for any transaction. This method has not prevented identity frauds.
4. Prevention of fraud on the internet
Internet fraud prevention is a major headache of Penny-Wise bank. Online credit card frauds are very common in this bank. This is because the Card Verification values 2 that the bank presently use can only prevent frauds such as skimming, fake card frauds, account take-over but the system could not prevent frauds associated with stolen cards Therefore, identity frauds continues to increase on daily basis in this bank. Online customers are also exposed to different forms of threats and financial losses. Also, the other method, Account Number Concealment that looks a bit promising was not adopted by the customers because they viewed it as unnecessary waste of time. The situation made the bank handicap in providing effective security for online customers.
This section provides the recommendations I believe, if fully implemented in the Penny-Wise Bank will reduce the problem of identity theft and frauds. These recommendations should not be regarded as hundred percent perfect. There may be other exist internet risk which are not discovered during this project study. The recommendations include:
1. Access control
Security of bank premises should not be handled with levity hands because if there is no adequate access control, then other security like online authentication is meaningless. Most of the cases of identity thefts reported are committed offline through a simple tradition method. For this reason, access to the area where sensitive information or valuable documents are kept should be highly restricted. Employees of the bank and other users of bank's facilities should be restricted to only aspect they are authorised to use. This will help the bank to prevent the danger of identity theft or any form of intruders.
Ina addition, all entrances and doors to the bank should be well guarded with different forms of security locks such as swipe cards and press lock to prevent unauthorised.
To implement this control, credential information will be forwarded to control panel through a reader. Control panel then match the number of this credential with access control list. Base on this, request may be granted or denied. If access control denies the access the door will be remained shut. On the other hand, if the access control and credential correspond a relay will be operated via control panel and the door will be opened. Sometime, control panel may disregard door open sign to avert an alarm. Red LED show is an indication of access denies and green LED indicated that access has been granted.
Authentication is another solution to the problem of identity theft or fraud. It is best form of preventing online frauds or identity theft and can be employed through various methods. Self authentication must be first conducted to the system by the user. This will then verify by the system and access will only be permitted if user has adequate access to the resources he is attempting to access. Not this alone, accounting process is also involved. Accounting is a method of record keeping of access to a resource and also a major factor in the process of authentication. It is a good practice to identify the user that is accessing the system and time he is accessing it. This will go a long way in the process of investigating any problem that might occur in the nearest future. Such authentication methods include:
According to a research, there are no two human beings on the surface of the earth that have exact fingerprint; to the extent that every finger pattern of a man is not the same. Even the so-called identical twins have different finger patterns. For this singular reason, finger print authentication was classified as an effective method to distinguish users. It is also a good security mechanism to curb online frauds or identity theft.
To implement fingerprint, users need to first scan a particular finger during enrolment process into a computer system. Scanner measures some specific data points on user's finger that are encrypted into a unique mathematical equation to identify user and also access his or her bank account. With this particular fingerprint of the user on file, a wall fixed device can be positioned at any place that authentication is needed. The user will then put the same finger that was initially scanned on the biometric reader. Score will be calculated according to the fingerprints on the record. The system confirms the uniformity of fingerprints and grants or reject access if the score is more than or less than a particular threshold.
The benefit of this method is that it is readily available at all time and practically impossible to steal. Not this alone but also difficult to fake or forged. The negatives aspects of this technology are that a number of people may not get fingerprints due to the finger burn. Also, false negative can happen if finger is not properly place on the scanning machine.
b. Speech authentication
Voice authentication software gives bank opportunity to confirm the identity of users on phone or the internet. This method helps to prevent online identity frauds.
A user has to enrol his or her voice first by recording and storing the voice on the computer system. Computer measures various attributes of the user's voice and keeps the information. This recorded voice could be in form of the user's name or any memorable name. Anytime the user intends to authenticate, he says the exact statement he made initially when the voice was recorded. Computer will then match the voice pattern with the one initially recorded and stored on the system. If the voice patterns the same, access will be granted or if otherwise access will be equally denied. Simplicity and non-invasive are the major benefits of this of this method. Also the disadvantage of this method is that voice changes over time and can be manipulated by a high skill identity thief.
3. Behaviour of transaction monitoring
The operation patterns of each account-holder should be properly monitored. Unusual lodgements or withdrawals should call for investigation. For instant, constant withdrawal of cash on account that hardly take cash calls for confirmation from account-holder. Proper review of activities on individual account should be carried out on daily basis. The use of audit trail will enable the manager to follow transaction pattern of the customers. The purpose of audit trail is to detect fraud and unusual activities.
For additional security, message of transaction notice should be sent to the mobile line and e-mail of customer most especially when the transaction looks suspicious. Detail of this transaction such as date, time, beneficiary, amount, debit or credit should be included in the message. This to alert customer of any suspected transaction or attempted fraud on his/ her account.
5.1 COSTS BENEFITS OF THE RECOMENDED SOLUTIONS
The costs benefits of implementing the recommended solutions to the problem of identity theft include.
A. Cost savings
The bank will have extra saving or revenue because the costs are designed to prevent the problem of identity frauds. By not having so many frauds, the bank looks to save overhead costs and pass this savings on to the price or profit. For this reason, the bank will be able to offer products and services to the customers at reduced prices leading to competitive advantage. Also, there is going to be availability of fund to cater for unforeseen contingencies. The ultimate aim of any organisation is to maximize profit and minimize costs.
B. Customer satisfaction.
There is going to be a greater customer satisfaction arising from a more security and enable environment. The major factors in choosing a bank are security, convenience and costs and the first problem keeping customers away from internet banking was concern over security. If the above proposed solutions are fully implemented then, security on internet banking is guaranteed and customers' loyalty as a result of satisfaction will increase leading to high retention of existing customers and winning new more one.
C. Staff morale
It will improve staff morale because they will be happy to work with a better system that will less prone to the risk of frauds or identity theft which at time may affect jobs security. Also, availability of funds or profits means more money for the bank staff. Management will also benefit from these costs. Better decision making is very hard to quantify, if bank does not witness heavy frauds the management will be able to concentrate on other important issues which may lead to better decision making.
D. Performance improvement
Almost costs incurred in organisation are centred on performance improvement. It will be wise for organisation to have system that will be freed from frauds or identity theft. Running organisation in this manner will greatly improve bank-customer relationship and services delivery.
E. Image and financial reputation of the bank will certainly increase if the bank's operation is free from frauds and other direct financial losses due to poor information handling. No reasonable thinking customer will like to entrust his/her hard earn y income to the bank that has bad financial reputation. One of the yardsticks that customers use to rate the performance and efficiency of the bank is ability to manage its internal operation successfully.
F. Litigation is a serious problem facing the banks. In the recent past, many Banks have paid a lot of compensation to their customers through the courts for damage and any associated distress caused by the loss, destruction or unauthorised disclosure of data about them. But with these costs measures, the number of both identity theft and litigation will drastically reduce.
The focal point of this research has been the impact of internet technology on bank, its employees and the customers at large. This impact could be negative or positive depend on the kind of risk countermeasures being put in place by the bank. The above mentioned case study revealed that security mechanics in combating online frauds or identity theft should be a major concern of all stakeholders. A problem that is complex as identity theft suggests that bank alone cannot solve it. Support and cooperation from the many parties that are part of this problem such as customers, employees, retail stores, and card issuing authorities are highly necessitated in the process of their operations. Past experience and findings from this research reveal that the issue of security in banking industry is a capital intensive project. For this reason, small institution like Penny-Wise Bank that doesn't has strong financial capability would continue to strive looking for effective solutions to this teething problem.
The general overview of Penny-Wise Bank online security measures indicated that there is no effective mechanism in place to test irregularity of information obtained from other credit bureaus. Also, online frauds are continued to increase on alarming rate. Incessant exposure of customers' credit cards details online is a contributing factor to this problem. Presently, the bank has provided the highest level of its available security for its customers but from all indication, this is not good enough to protect the customers in online transactions. The present threat on the internet makes security on bank's system a must, technology is growing faster; so security on the internet must follow the same pattern. Better alternate securities solutions are required for online customers. Therefore, frantic efforts must be channelled towards the provision of effective lasting solutions to the problem if the bank still wants to remain in the business in this highly competitive environment.
For Penny-Wise Bank to sustain its success, reputation and also maintain customers' confidence, the above recommended methods of authentication have to be fully implemented. The combination of fingerprint and voice recognition is very effective in combating online frauds. The method is also difficult to counterfeit because no two human beings have the same fingerprint and voice. In addition, these two properties (voice & fingerprint) are hereditary in nature and if that be the case, stolen card frauds which highly dominated the bank online bank can now be eliminated.
The process of authentication in these two methods (fingerprint & voice) made frauds difficult to perpetrate because the voice and fingerprint of the card holders will be March with the one initially recorded in the system before the authorisation is granted. Since two fingerprints are never the same, fraudsters will find impossible to realise their ambitions. This technology (internet) as good as it is, may turn to be an agent of destruction if all elements of risks associated with this technology are not properly address. Necessary precaution measure and effective control must be in place so that the benefits of this technology are not countered by its abuse.
The people that would be greatly affected if adequate security is not provided on the internet banking include:
- Customers: Most customers apart from few one heavily rely on internet technology to carry out banking business transactions.
- Bank and its employee's at large: Valuable time that could have been devoted for other productive activities would have to be used for inquiry or investigation of various frauds or theft and this would cost the bank huge amount of money and bad reputation. Also, employees can equally lose their jobs if the fraud is heavy or many.
5.3 FUTURE WORK
When I completed this research work, I realised that much attention has been focused on prevention of frauds on the internet but little research work has been done in area of offline fraud preventions. It is my belief that this research work has sufficient principles for future research studies. Future research work could concentrate more efforts on offline fraud preventions and legal frame work on identity theft.
5.4 LEANING EXPERIENCE
This is a value-added project. It has impacted more knowledge and experience on me in some areas that I have never worked on before. Few examples of these areas are:
- Risks of internet services
- Techniques of identity theft
- Countermeasures to identity theft
Apart from these, I equally acquired more knowledge from the various text books, articles and past research studies I used in the process of this project. Also, it has been good a chance for me to rub minds together with the manager of the bank and the experts in frauds preventions on the issue of online securities. More importantly, I have access to some information which I did not previously have access to. Therefore, I have no doubt in my mind that this will greatly assist me in future endeavours.
5.5 LEGAL CONSIDERATION
Dealing with complex issue like identity theft or fraud requires legal consideration. Privacy which is the right of the individual not to suffer unauthorised disclosure of information must be a concern of organisation or individual that handle sensitive information about the people. That was main reason why individual interviewed was not mention by name instead, number and letter were used to represent their names.
On the issue of authentication which was one of recommended solutions to the problem of identity theft, care must be exercised in processing personal data of the customers. Consent of the customers and contractual agreement is highly necessitated to avoid breach of contract and Data protection Act 1998.
5.6 PROBLEMS ENCOUNTERED
It is general belief that any research work is always associated with a lot of constraints. This research work cannot be an exemption. Below are some of the problems encountered during this research.
Barclays Bank was my initial target to use for my case study but the bank was not willing to discuss its security issues with me hence the request was turned down. I made another request to NatWest Bank but to no avail. The situation putting me in a serious trouble, I began to panic and frustration set in and I don't even know what to do again. It took the intervention of my supervisor before the issue was resolved that I should use imaginary bank as my case study.
Time factor was another problem encountered during this project. Research planning requires breaking down the work load into manageable units and this is a long process that consume a lot of time. All other activities were suspended and normal pattern of my sleeping was distorted just to meet up with deadline but at end of day the job was done. The whole exercise was full of challenges.
Applegate, Lynda M. (1996) corporate information system management: the issues facing senior executive (4th Ed) Chicago, 111; London: Irwin.
Alexander, Michel, (1995) the underground guide to computer security: slightly askew advice on protect- Reading, mass; (2nd Ed.) Workingham: Addison- Wesley publishing company
Basta, Alfred, (2006) computer security and penetration testing/ Alfred Basta, Wolf Halton- Boston, mass: Thomson course Technology
Bocij, Paul (2008) Business information system: technology, development and management (4th Ed.) Harlow: Financial Times Prentice Hall
Chaffey, Dave, (2007) B-business and e-commerce management; strategy implementation and practice (3rd Ed.) -Harlow: Financial Times Prentice Hall
Cleary, Timothy (1998) Business information technology- London: Financial Times/Pitman
Curwin, Jon. (2002) Quantitative methods for business decision /Jon Curwin and Roger Slater (5th Ed.) - London: Thomason Learning
Dieter, Gollmann (2006) Computer security (2nd Ed.) England: John Wiley & sons Ltd
Frenzel, Carroll W. (2003) Management information technology /Carroll W. Frenzel (4th Ed.) Cambridge, Mass; London: Course Technology
Hamid, Siti (2008) Journal of computer science: improving response time of authorization process of credit card system
Harold F. Tipton (2005) information security management handbook /vol. 2/ Micki (5th Ed.) Boca Raton, Fla; London: Auerbach
Jayaratna, Nimal, (1994) Understanding and evaluating methodologies: NIMSAD: a system framework - London: McGraw-Hill
Jesse Whitehead 7 precautions to minimize the Risk of identity theft
Post, Geraid V. (2006) management information systems: solving Business problems with information (4th Ed.) Boston [Mass]; London McGraw-Hill/Irwin
Rachael Russell (2005) Phishing: cutting the identity Theft Line USA: Wiley publishing, Inc. Indianapolis, Indiana
Robson, Wendy (1997) strategic management and information systems: an integrated approach (2nd Ed.) London: pitman
Sarah P. Miller (2008) identity theft and credit card fraud (Article)
Stanford, Calif (2003) Business driven information technology: answer to 100 critical questions; Stanford Business Books
Sulivan, Bob (2004) your evil twin: behind the identity theft epidemic- Hoboken, N.J.: Wiley
Taylor, Paul A. (1999) 1967- Hackers: crime in the digital sublime/ Paul A. Taylor- London: Rutledge
Weisman, Steve (2005) 50 ways to protect your identity and your credit: everything you need to know- upper Saddle River, NJ: Pearson/Prentice Hall
Wisniewski, Mik (2005) Quantitative methods for decision makers/ Mik Winsniewski (4th Ed.) -Harlow: Financial Times Prentice Hall
Yar, Majid (2006) Cybercrime and society / Majid Yar - London: SAGE
Bankers Interview Questions
1. Have you ever work in security department?
2. How many years of experience do you have on security?
c. Do you experience identity theft or frauds in online/ offline?
d. How do you discover these theft or frauds?
e. What did you do when the frauds were detected?
f. How frequently does identity theft or frauds occur in this bank?
g. What precaution measures do you put in place to prevent identity theft and other online crimes
h. Customers are in habit of using card authorisation before they use their cards for online business transaction. Could you please educate me on how this system operates?
i. How successful has that card authorisation?
j. What security suggestions do you have for your internet user customers?
Customer Interview Questions
1. Do you use internet to conduct banking business transactions?
2. How long have you been using Internet banking?
3. What is your experience using Penny-Wise bank's internet banking?
4. Have you experience online identity fraud before?
5. How did the fraud occur?
6. Did you look forward to more security on the internet of this bank?
7. Are you feeling comfortable with the fingerprint or voice recognition as a form of security protection against identity fraud?
1. What solution could you proffer in eradicating this problem?
2. How long have you been banking with Penny-Wise bank?