risks involved in internet banking is now getting its due share of publicity. it is being discussed in the media, in seminars and even in street corner gatherings. know your enemy seems to be the buz word these days.

latest in the internet banking frauds is the website that fakes the website of a bank. let us focus on this single issue for the time being.

in any deal the two parties invloved should be identified uniquely. banking is no exception. under conventional banking the procedure is fool proof. customer identifies the bank by its location and its familiar officers. the bank has photos signature and the past history to identify the customer. so no problem there.

come to internet banking and think of the identifcations. the customer has no land marks to go by. no building. no physical assets to show him the way. this probably is the biggest problem internet banking is facing right now.

think of the identification process at the bank. no face or signature . but yes the banker has the password and the history. so that is the crux of the matter. banker is in a better position than the customer. so the solution in its simplest form is that the bank should take the full
responsibility of identification . in conventional banking customer was equally responsible . in internet banking the bank should take over the customers share of identification responsibility.

to start with the bank should satisfy itself that it is dealing on line with a known customer. the easiest way is to check the history . when anyone logs in tell him that he logged in last at so and so time and logged out at so and so time. a genuine customer can cross check and quit in case of errors.

a few banks and many equity trading websites are using this. this should be made compulsory for all transactions.

if the history is not available the bank should simply not permit trnsaction. customer should not proceed to transact unless his history appears on the screen. so no one without a history can transact any business over the internet.

but then how does a customer get a history . create the history when the customer is allowed internet banking facilities for the first time. make the customer
log in for the first time from the bank premises itself . final confirmation of the internet facility should be given by the official of the branch where from the customer has logged in for the first time.

of course every branch which authorises internet banking should have an inernet enabled computer for the use of the customer. private and foreign banks who deal only in virtual space can outsource this function to any earth based bank.

but history is not the only feature which can be used by the internet banker to identify his customer. photo is another option. bank can send back the photo to the customer who should click a transaction only if his photo correctly
appears on the transaction screen . but this is a complex procedure and may not be affordable at the current level of technology.

so let us revisit the fake website . let us assume that the itnernet banker has now implemented the history verification precaution. a customer logs in to the website which fakes the genuine website very skillfully. but he gets back no history
as he is logging into this website for the first time. so the customer should quit the website immdly.

so what we have seen is that impersonation in internet net banking can be prevented almost completely by the following steps

.. make the customer login for the first time from a bank computer.
.. enable internet banking only after this.
.. send back the last login details during every login thereafter .
.. customer should do no transaction if last login details are not proper.
.. bank should not allow transaction if the last login details
( or photo if the photo option is implemented ) is not confirmed.

m k mathai
marangattil
105 A / XXII
tripunithura
682301

mkmathai@yahoo.com