Security of Internet Banking - A Comparative Study of Security Risks and Legal Protection in Internet Banking in Thailand and Germany
By Miss Parichat Jantori
Professor at Thammasat Business School
Educational Background
Integrated Bachelor’s and Master’s Degree program in Business and Accounting at Thammasat University in Bangkok, Thailand.
2003 – 2007 University of Applied Sciences Gelsenkirchen, Germany, faculty of business law: (Bachelor of Law)
2007- 2009 Munich University of Applied Science, Germany, faculty of business administration, major European Business Management (Master of Arts)
Abstract
Internet banking is widely spread among the banks and its customers. Using internet as an alternative means to transmit customer instruction to the bank for the performance of fund transfer does not only lead to cost reduction but it is a way to improve bank competitiveness and increase customer flexibility. But the main barriers to Internet banking are the security of the system, lack of trust and legal support. Liability is seen as a key legal issue and plays an important role in the evaluation of Internet banking. This can enhance customer trust and encourage them to switch from the traditional method to a modern information technology system. The purpose of this article is to compare the regulations on Internet banking between Germany and Thailand, since German Law is seen as well established and the Thai electronic transaction law is currently in the early stage, and to highlight the liability issues and also the implications for Internet banking users.
Introduction
The banking sector is one of the interesting cases for service innovation, as it changed from traditional operational methods toward using the information system and technology to optimize its service. Using internet, a bank can reach out to customers and provide them the opportunities to access their financial information and also to perform banking transactions.
Internet banking refers to several types of services, through which the bank customers can request information and perform banking transactions such as inquiries about outstanding balances, inter-account transfers, bill payment etc. via internet without leaving their homes or organizations. Therefore internet banking is a service delivery channel that offers flexibility and comfort to customers and helps the bank to reduce cost and competitiveness, because the bank to extend its market by attracting a new customer, who use internet frequently (Sagunthai et al., 2001; Dannenberg and Kellner, 1998).
For this reason, internet banking is widely spread, according to the survey by Pew Internet and American Life, internet banking has been the fastest growing Internet activity in the U.S. The number of users increased 47 percent since 2002. In Germany, 6.7 trillion money transfers were undertaken in internet (BSI, 2011). AC Nielsen (2002) also found that internet or online banking is expanding in many Asian countries, including South Korea, Hong Kong, Singapore and China. Thai Banks also follow this trend but in some way, the developing and the number of users of online banking is slightly behind other Asian countries (Rotchanakitumnuai et al., 2010).
Main barriers to Internet banking are the security of the system, the distrust of service providers and worries about the reliability of internet services (Lee and Turban, 2001; Min and Galle 1999; Paul, 1996). Although the bank can develop the system to a certain security standard which can protect the security breaches and the reputation of the internet provider can be improved from time to time with increasing experiences in business functions, but the lack of specific laws for Internet banking can discourage bank customers from using Internet banking (Larpsiri et al., 2002).
This present paper emphasizes on security problems occurred in Internet banking and the legal protection in case of security breaches and frauds by making reference to German law.
The Internet banking system
Internet banking refers to the provision of electronic banking services, which can divided into three sections, namely the internet banking, the closed-access home banking and the ATMs. The common form of Internet banking is the services run through a personal computer (PC). And the telephone banking refers to services provided via telephone or more advanced screen-enable terminal. During home banking means any remote delivery channel, including telephone banking. Interchangeably, people use the word Online banking and Internet banking (Gkoutzinis, 2006).
The Internet banking in Thailand was first introduced in 1999 by Siam Commercial Bank (SCB), nowadays major commercial banks have their own Internet banking website. To use Internet banking, bank customers must have an account at the bank and personally register into the system at the bank branch; this requires an application form, personal document such as ID card or valid passport and passbook(s). These documents provide an opportunity to the bank to verify its customer and to check the validity of the information. After the approval, the customer will receive the confirmation and are able to access the online banking. To secure the system from the unauthorized access, most the bank use SSL technique (Secure Socket Layer), bank customers need User ID which means a personal number issued by the bank and given to service user to be used as a code to access and password (a code selected by the Service User) and/or PIN. A PIN or Personal Identity Number refers to a code issued by the Bank and given to Service User to access the system for the first time to log on. For making funds transfers, or for confirmation of any change in data or adding international accounts, a security password or one-time password (OTP) is required. The OPT will be sent on request via the mobile phone and must be used within specific time (6-15 minutes) depends on the bank to activate the transaction (SCB, Kbank, Bangkok Bank).
The same system exists in Germany. Internet banking users must fill register form and sign the agreement on online banking using condition. To access the Internet banking system, a PIN, user ID, or password is required. In contrast from Thailand’s system, German bank customers receive the TAN (Transaction number) which has the same function as OTP in Thailand per post. This random TAN number is for a one-time use to activate the transaction and it is possible to receive this TAN number via mobile phone. In order to enhance security niveau, some German banks are using HBCI or Home Banking Computer Interface. Bank customers who use the HBCI system need an external device (a chip card reader), a chip card and specific HBCI software to gain access to Internet banking. The advantage from this system is that the PIN number must be keyed via the external device; the personal information cannot be spied through personal computer (Banking Online Deutschland, 2011).
In Thailand, only HSBC offers a security device as an addition layer of security to maximum protection of online banking service (HSBC, 2011).
Although many banks use specific software, external device and require personal PIN or password to secure the Internet banking access, there are risks associated with Internet banking in many ways; no matter you are in Thailand or in Germany. |