E-commerce fundamentally focuses on the electronic exchange of information using information and telecommunication infrastructures (particularly the World Wide Web and the Internet). E-commerce encompasses a wide range of commercial activities that can be categorised into business-to-consumers and business-to-business sectors. Industry sectors such as banking have openly embraced e-commerce to improve their performance and gain a strategic competitive advantage.
Discussion
There are four interlinked factors driving the global acceleration of banking on the Internet. These are (NOIE et al., 1999):
1. (1) accelerating customer demand;
2. (2) increased competition between banks and new entrants;
3. (3) the relentless drive by the banks to reduce costs and achieve new levels of efficiency; and
4. (4) world-wide deregulation of the financial services market.
Statistics indicate that ATMs, telephone banking and home banking presently make up more than 50 percent of all banking transactions and total non-branch activity is expanding at a rate of 15 percent per year (Hutchinson, 2000). In common with many electronic surveys that point to information security being the number one concern for both businesses and consumers (Ernst & Young, 1999), this uptake is being challenged by concerns of users and potential users towards the security and privacy of Internet banking transactions as well as confidentiality regarding the processing of personal information (Hutchinson and Warren, 2001).
This paper is concerned with the service of Internet banking and the issues surrounding authentication, which is the mechanism at the heart of e-commerce security. The content draws a correlation between the concepts depicted in Figure 1, by presenting a framework that when applied to certain Internet banking scenarios can offer the customer guidelines regarding the implementation of appropriate authentication mechanisms to ensure an adequate level of trust between the parties conducting the transaction. It should be noted that previous research into e-commerce security has been focused upon generic online security risks, but this paper focuses on the security requirements of Internet banking, that is critical system security protection.
Internet Banking Security
While it is acknowledged that Australian banks have an excellent record concerning security of customer information, surveys indicate that Internet users are weary about privacy issues including transparency, collection, use and disclosure of their personal information. This concern primarily relates to authentication. The banking and finance industries report the highest incidence of misuse being 57 percent, which is directly related to these industries having one of the highest dependencies on computers in the workplace (Hutchinson, 2000).
The Citibank breach of security six years ago is still extensively recalled in banking and security circles, since it is one of the few successful electronic bank frauds on record (Barlotta, 1999). The incident portrays hackers who penetrated Citibank's security system and progressively wired money to banks around the world. When the heist was discovered in September 1994, $10 million was gone. All but $400,000 was eventually recovered.
One of the latest security threats is a computer program known as “Nmap” which is a network exploration tool and security scanner. On execution it causes a bank's intrusion-detection system to falsely believe it ...