ahenasah library al002SECURITY OF ELECTRONIC BANKING

ATTA AHENASAH LASTMBA-B & F, BSC-IcT, CIPD-CCNA, P.DIP-N&E

HISTORY OF ELECTRONIC BANKING

First online banking services in the United States

According to "Banking and Finance on the Internet," edited by Mary J.Cronin, online banking was first introduced in the early 1980s in NewYork. Four major banks—Citibank, Chase Manhattan, Chemical and Manufacturers Hanover—offered home banking services. Chemical introduced its Pronto services for individuals and small businesses in 1983. It allowed individual and small-business clients to maintainelectronic checkbook registers, see account balances, and transfer funds between checking and savings accounts. Pronto failed to attractenough customers to break even and was abandoned in 1989. Other bankshad a similar experience.

Online banking in the U.K.

Almost simultaneously with the United States, online banking arrived in the United Kingdom. The UK's first home online banking services known as Homelink was set up by Bank of Scotland for customers of theNottingham Building Society (NBS) in 1983. The system used was based on the UK's Prestel viewlink system and used a computer, such as the BBC Micro, or keyboard (Tandata Td1400) connected to the telephone system and television set. The system allowed on-line viewing of statements, bank transfers and bill payments. In order to make bank transfers and bill payments, a written instruction giving details of the intended recipient had to be sent to the NBS who set the details up on the Homelink system. Typical recipients were gas, electricity and telephone companies and accounts with other banks. Details of

ahenasah library al002payments to be made were input into the NBS system by the account holder via Prestel. A cheque was then sent by NBS to the payee and anadvice giving details of the payment was sent to the account holder. BACS was later used to transfer the payment directly.

Stanford Federal Credit Union was the first financial institution to offer online internet banking services to all of its members in October 1994.

Banks and the World Wide Web

In the 1990s, banks realized that the rising popularity of the World Wide Web gave them an added opportunity to advertise their services. Initially, they used the Web as another brochure, without interactionwith the customer. Early sites featured pictures of the bank's officers or buildings, and provided customers with maps of branches and ATM locations, phone numbers to call for further information and simple listings of products.

Interactive banking on the Web

Wells Fargo was the first U.S. bank to add account services to its website, in 1995. Other banks quickly followed suit. That same year Presidential became the first bank in the United States to open bank accounts over the Internet. According to research by Online Banking Report, by the end of 1999, less than 0.4% of households in the U.S. were using online banking. At the beginning of 2004, some 33 million U.S. households (31% of the market) were using one form or another ofonline banking. Five years later, 47% of Americans were banking online, according to a survey by Gartner Group. Meanwhile, in the UK e-banking grew its reach from 63% to 70% of Internet users between 2011 and 2012.

INTRODUCTION

ahenasah library al002The Internet has played a very key role in shifting how we interact withpublics and how we do commercials. Due to the Internet wok, electronic commerce has developed, allowing businesses toMore effectively interact with their customers/clients and other organizations inside and outside their industries.One industry that is using this new communication channel to reach its customers is the banking sector.The electronic banking system addresses several emerging trends: customers’ demand for better services, anywhere service, product time-to-market necessities and increasingly complex back-office integration experiments. The challenges that oppose electronic banking are the concerns of security and privacy and security of information.The current focus of security of information exchange is on the session layer protocols of the OSI reference model and the flaws in end-to-end computing. A secure end-to-end transaction requires a secure protocol to communicate effectively over untrusted channels and a trusted code at both endpoints. The solution addresses the use of secure protocols because trusted channels don’t really exist in most of the environment, especially since we are dealing with linkingto the normal consumers.The solutions to the security issues require the use of software-based systems or hardware-basedSystems or a hybrid of the two. These software-based solutions involve the use of encryption algorithms, private and public keys, and digital signatures to form software packets known as Secure Electronic Transaction used by Mastercard and P. Good Privacy. Hardware-based solutions such as the Smartcard and the MeChip providebetter protection for the confidentiality of personal information.Software-based solutions have the advantage over hardware-based solutions in that they are easy to

ahenasah library al002Distribute and are generally less expensive.In today’s highly technological world, the machine that destroys paper money and converts itinto electronic money is far from reality. But the part on the personinteracting with his or her bankingaccount late at night is becoming more of a reality. The information superhighway has found its way into many homes, schools, businesses, and institutions. Many people are cruising the Internet each day to obtain information on the weather, latest sport scores, local news, and many other exciting information.

ahenasah library al002

INTENTIONALY LEFT BLANK

These people also buy and sell goods on this new media. Consequently,many businesses are reachingout to customers worldwide using the Internet as its communication channel. This new electronic media of interaction has grown to be known as the electronic commerce. “Electronic Commerce integrates communications, data management, and security services, to allow business applications within different organizations to automaticallyinterchange information.” 1 Consequently, electronic commerce is comprised of interconnected communications networks; advanced computer hardware and software tools and services; established business transaction, data exchange, and interoperability standards; accepted security and privacy provisions; and suitable managerial andcultural practices. This infrastructure will facilitate diverse and distributed companies nationwide to rapidly, flexibly, and securely exchange information to drive their business processes.

ahenasah library al002The banking industries is one such business that is using this new communication media to offerits customer value added service and convenience. This system of interaction between the consumersand the banking industries is call the electronic banking system. “Electronic banking is the use of acomputer to retrieve and process banking data (statements, transaction details, etc.) And to initiatetransactions (payments, transfers, requests for services, etc.) directly with a bank or other financialservices provider remotely via a telecommunications network”. Electronic banking is a new industry which allows people to interact with their banking accountsvia the Internet from virtually anywhere in the world. The electronicbanking system addresses severalemerging trends: customer demand for anytime, anywhere service, product time-to-market imperativesand increasingly complex back-office integration challenges. This system allows consumers to accesstheir banking accounts, review most recent transactions, request a current statement, transfer funds, view current bank rates and product information and reorder checks. Some of the banks that are currently offering this service are Bank de America, Citibank, Nations Bank, Chevy Chase, Bank One, ABN AMRO, Barnett Bank, Comerica, First Bank Systems, First Chicago NBD, Fleet Financial Group, KeyCorp, Mellon Bank, PNC Bank, Royal Bank of Canada, and Washington Mutual Incorporated. The electronic banking system can be seen as an “extension of existing banks.”These banks are catering to a very large population of Internet users. Heidi Goff, Senior VicePresident for Global Point of Interaction of Mastercard, estimated that there will be more than 100

ahenasah library al002million users by the year 2000. Many other estimates conclude similarresults, which lead to theindication that the Internet will play a major role in everyone’s life and promote the electronic bankingindustry.This paper will first discuss the motivations and ventures in Electronic Banking. Second, it willtalk about the disastrous ventures in Electronic Banking with an example. Third, this paper will discussThe concerns about Electronic Banking from various perspectives. Fourth, the security issue and attacks Will also be discussed, with solutions in both software-based and hardware-based systems. Fifth, this Paper will examine the privacy technology and conclude with somefinal thoughts.

MOTIVATIONS OF ELECTRONIC BANKING.The Internet is growing at an exponential rate. According to a survey, the Internet has doubledIts size from 6.6 million hosts2 in the mid 1995 to 12.8 million hostin mid 1996. As a consequence of the popularity of the Internet, hundreds of thousands of Internet users are trying electronic banking.Joshua Reymer, an analyst at Boston Consulting Group, estimates that 700,000 to 800,000 peopleCurrently are trying out PC banking, with Citibank being the leader among the banks. Internet continues to expand; the convenience associated with electronic banking will attract moreCustomers. One expectation of electronic banking is that it will replace the need for writing checks. InToday’s market, “According to preliminary data from the latest Federal Reserve survey of patterns of

ahenasah library al002Consumer spending, almost four-fifths of consumer expenditures are handled by checks, directly orIndirectly.” This means that electronic banking has a very large potential for use since many peopleExpect that electronic checks will substitute paper checks. Moreover,for consumers, electronic money(Electronic cash and electronic checks) means greater efficiency thanusing coins, paper bills, andTraditional banks. The electronic banking system brings the convenience of 24-hour, seven days a week, banking by offering home PCs tied directly to a bank’s computers. In addition, electronic money also offer greater security than a paper-and-coin system. Usersare able to make a backup copy of their funds and if the electronic money is stolen, the users can invalidate the serial number just as they now stop payment on a paper check. Ventures in Electronic Banking DomesticIn order for this industry to expand further, secure transactions with the trust of the consumersare necessary. Many banks are advertising secure on-line service, allowing their customers a wide range of activities that they can do.Security First Network Bank is the first federally approved on-line bank that is certified by the Office of Thrift Supervision, the federal regulatory body for the saving bank industry. With the support of the federal agencies, Security First Network Bank can givetheir customers more than just their assurance, but the assurance of the government, which gives consumers a large incentive to try electronic banking.For a truly convenient system, banks need to connect to customers as well as to other financialinstitutions. Creating a common link between multiple banks so that banks can better and more safely

ahenasah library al002communicate amongst themselves is becoming more of a reality. Fifteenof North America’s leadingbanks and IBM are working together to form an integrated network called Integrion Financial Network.The banks will be able to offer their customers access to their services through the public Internet andparallel private network access, with security and privacy.

International

In Europe, the Inter-bank Standards Association Belgium has established the Belgium’selectronic banking system to connect Belgium’s three largest banks together to develop uniformstandards for electronic payments in Belgium. This system, developed by Utimaco uses electronicsignatures according to the RSA method to guarantee accountability and security against the forging ofelectronic transaction.Internationally, GENDEX Bank International is trying to connect the banking systems of variousnations, states, independent principalities, and sovereign individuals to form an international bankingsystem. This integration of electronic banking communities will promote the standardization of thisindustry. However, the primary concern today is the security issue.Disastrous Ventures in Electronic BankingIn August of 1995, Citibank had problems with outsiders breaking intotheir system. A $10million computer fraud against Citibank was the first successful penetration by a hacker into the system

ahenasah library al002which transferred trillions of dollars a day around the world. Of the$10 million dollars illegallytransferred, $400,000 were not found. Many banking experts predicted that these break-ins were boundto occur with banking business being done electronically at a time when more sophisticated personalcomputers are available. Since this break-in, Citibank has required its customers to use an electronicdevice that creates a new password for every transfer.Concerns About Electronic BankingSince Electronic Banking is a new technology that has many capabilities and also many potentialproblems, users are hesitant to use the system. The use of ElectronicBanking has brought manyconcerns from different perspectives : government, businesses, banks,individuals and technology.

Government

From a government point of view, the Electronic Banking system pose athreat to the Antitrustlaws. Electronic Banking also arouse concerns about the reserve requirements of banks, depositinsurance and the consumer protection laws associated with electronictransfer of money. The USgovernment is concerned with the use of high quality of encryption algorithms because encryptionalgorithms are a controlled military technology.

Businesses

ahenasah library al002Businesses also raise concerns about this new media of interaction. Since most large transfer ofmoney are done by businesses, these businesses are concern about the security of their money. At thesame time, these businesses also consider the potential savings in time and financial charges (makingcash deposits and withdrawals which some banks charge money for theseprocesses) associated with this system. Another businesses concern isconnected to the customer. Businesses ponder the thought that there are enough potential customers who would not make a purchase because the business did not offer a particular payment system (e.g. electronic cash and electronic check). This would result in a loss ofsales. On the other side of the coin, if this system becomes wide spread, this would allow more buying power to the consumer which putspressure on businesses to allow consumers to use electronic transfer of money.

Banks

Banks are pressured from other financial institutions to provide a wide range of financial servicesto their customers. Banks also profit from handling financial transactions, both by charging fees to oneor more participants in a transaction and by investing the funds theyhold between the time of deposit and the time of withdrawal, also known as the “spread”. With more financial transactions being processed by their central computer systems, banks are also concern about the security of their system.

Individuals

ahenasah library al002Individuals are mainly concern with the security of the system, in particular with the unwarrantedaccess to their accounts. In addition, individuals are also concern with the secrecy of their personalinformation. 82% of American poled expressed concern over privacy of computerized data. As moreand more people are exposed to the information superhighway, privacy of information and the securitythat goes hand and hand with this information is crucial to the growth of electronic transactions. Someprivacy technologies related to the electronic banking industry are electronic cash and electronic checkswhich will be discussed in the software solution section.

Technology

In order to provide effective and secure banking transactions, there are four technology issuesneeded to be resolved. The key areas are:1. SecuritySecurity of the transactions is the primary concern of the Internet-based industries. The lack ofsecurity may result in serious damages such as the example of Citibank illustrated in the earlier section.The security issue will be further discussed in the next section along with the possible attacks due to the insufficient protections. The examples of potential hazards of the electronic banking system are duringon-line transactions, transferring funds, and minting electric currency, etc.2. Anonymity (Privacy)

ahenasah library al002Generally speaking, the privacy issue is a subset of the security issue and thus will be discussedin the Privacy Technology section later. By strengthening the privacytechnology, this will ensure thesecrecy of sender’s personal information and further enhance the security of the transactions. Theexamples of the private information relating to the banking industry are: the amount of the transaction,the date and time of the transaction, and the name of the merchant where the transaction is taking place.3. AuthenticationEncryption may help make the transactions more secure, but there is also a need to guarantee thatno one alters the data at either end of the transaction. There are two possible ways to verify the integrityof the message. One form of verification is the secure Hash algorithmwhich is “a check that protectsdata against most modification.” [3] The sender transmit the Hash algorithm generated data. Therecipient performs the same calculation and compares the two to make sure everything arrived correctly.If the two results are different, a change has occurred in the message. The other form of verification isthrough a third party called Certification Authority (CA) with the trust of both the sender and the receiverto verify that the electronic currency or the digital signature that they received is real.4. DivisibilityElectronic money may be divisible into different units of currency, similar to real money. Forexample, electronic money needs to account for pennies and nickels.

ahenasah library al002ELECTRONIC BANKING SECURITY ISSUES

Dr. David Chaum, CEO of DigiCash said that “Security is simply the protection of interests.People want to protect their own money and banks their own exposure. The role of government is tomaintain the integrity of and confidence in the whole system. With electronic cash, just as with papercash today, it will be the responsibility of government to protect against systemic risk. This is a seriousrole that cannot be left to the micro-economic interests of commercial organizations.”The security of information may be one of the biggest concerns to theInternet users. Forelectronic banking users who most likely connect to the Internet via dial-up modem, is faced with asmaller risk of someone breaking into their computers. Only organizations such as banks with dedicated Internet connections face the risk of someone from the Internet gaining unauthorized access to their computer or network. However, the electronic banking system users still face the security risks with unauthorized access into their banking accounts. Moreover, the electronic banking system usersalso concern about non-repudiability which requires a reliable identification of both the sender and thereceiver of on-line transactions. Non-secure electronic transaction can be altered to change the apparentsender. Therefore, it is extremely important to build in non-repudiability which means that the identityof both the sender and the receiver can be attested to by a trusted third party who holds the identitycertificates.

ahenasah library al002Electronic Banking Attacks

The Citibank $10 million break-in is one example of how the system isvulnerable to hackers.Hackers have many different ways that they can try to break into the system. The problem of the systems today are inherent within the setup of the communications and also within the computers itself. Thecurrent focus of security is on session-layer protocols and the flawsin end-to-end computing. A secure end-to-end transaction requires a secure protocol to communicate over untrusted channels, and a trustedcode at both endpoints. It is really important to have a secure protocol because the trusted Channelsreally don’t exist in most of the environment. For example, downloading a game off the Internet wouldbe dangerous because Trojan horses and viruses could patch the clientsoftware after it is on the localdisk, especially on systems like windows 95 which does not provide access control for files. This leadsto the use of software-based protections and hardware-based protections.Many systems today use some form of software-based protection. Software-based protection areeasily obtained at lower costs than hardware-based protection. Consequently, software-based protectionis more widely used. But, software-based protection has many potential hazards. For software-basedsystems, there are four ways to penetrate the system. First of all, attacking the encryption algorithms isone possible approach. This form of attack would require much time and effort to be invested to breakin. A more direct approach would be using brute force by actually trying out all possible combinations to find the password. A third

ahenasah library al002possible form of attack is to the bank’s server which is highly unlikelybecause these systems are very sophisticated. This leaves the fourth possible method, which alsohappens to be the most likely attack, which is to attack the client’spersonal computers. This can be done by a number of ways, such as planting viruses (e.g. Trojan Horse) as mentioned above. But, unlike the traditional viruses, the new viruses will aim to have no visible effects on the system, thus making them more difficult to detect and easy to spread unintentionally.Many problems concerning the security of transactions are the result of unprotected being sentbetween clients and servers. In systems such as NFS, AFS, and WindowsNT, there is no authenticationof file contents when sent between the client and server. In these systems, file contents read from theservers are not authenticated in any secure fashion. Consequently, the client does not have anymechanism to determine if the bytes are indeed being sent by the server and not from a hacker’s program.Given this information, one possible scenario of attack is presented as follows: The attacker is assumed to have network access to any machine on any Ethernet sub-net between the file/server and the clients under attack. In under a day, a software package could be designed to exploit the lack of authentication in the NFS security product to patch the object code of any executable on-the-wire as it travels between the NFS server and the client machine. When the client retrieves data from the NFS server, it sends a short request message detailing which block from the file it is interested in. The attack software is located on an Ethernet segment between the client and the NFS server, so it is able to sense this traffic.

ahenasah library al002The attack software waits for any request for a particular block of aparticular executable such as the block containing the session key generation code in the Netscape executable. The software then is ableto forge a reply from the NFS server and transmit it to the client. If the forged packet reaches the client before the real reply, it is accepted and the real reply is discarded as a duplicate. The forged reply generally reaches the client before the real reply. Given this ability,hackers could locate the code that selects the session key within Netscape. Then they can patch only 4 bytes into the code which causesthe selection of a predictable session key every time the browser engages in the SSL (Secure Socket Layer) protocol. With this, hackersare able to decrypt all traffic from the browser to secure servers, obtaining information on credit card numbers or other privateinformation. Credit card numbers are especially easy to recognized since they aregrouped in 16 digits that have a distinct mathematical relationship. Solutions Software-Based SystemsIn software-based security systems, the coding and decoding of information is done using specialized security software. Due to the easy portability and ease of distribution through networks, software-based systems are more abundant in the market. Encryption is the mainmethod used in these software-based security system. Encryption is a process that modifies information in a way that makes it unreadable until the exact same process is reversed. In general, there are two types of encryption. The first one is the conventional encryption schemes, one key is used by two parties to both encrypt and decrypt the information. Once the secret key is entered, the information looks like a meaningless jumble of random characters. The file can only be viewed once it has been decrypted using the exact same key.The second type of encryption is known as public key encryption. In this method, there are two different keys held by the user: a public

ahenasah library al002key and a private key. These two keys are not interchangeable but they are complementary to each other, meaning that they exists in pairs. Therefore, the public keys can be made public knowledge, and posted in a database somewhere. Anyone who wants to send a message toa person can encrypt the message with the recipient public key and this message can only be decrypted with the complementary private key. Thus, nobody but the intended receiver can decrypt the message.The private key remains on one’s personal computer and cannot be transferred via the Internet. This key is encrypted to protect it from hackers breaking into the personal computer.

ENCRYPTION TECHNOLOGIES

There are four examples of current encryption technology presented below: Digital Signature, Secure Electronic Transaction, Pretty Good Privacy, and Kerberos.

1. Digital SignatureDigital Signature was first proposed in 1976 by Whitfield Duffie, at Stanford University. A digital signature transforms the message that is signed so that anyone who reads it can know who sent it.The use of digital signatures employs a secret key (private key) usedto sign messages and a public key to verify them. The message encrypted by the private key can only be verified by the public key. It would be impossible for anyone but the sender to have created the signature, since he or she is the only person with the access to the private key necessary to create the signature. In addition, it is possible to apply a digital signature to a message without encryptingit. This is usually done when the information in the message is not critical. In addition, this allows people to know who compose the message. Because of the signature contains information so called “one-way hash”, it is impossible to forge a signature by copying the

ahenasah library al002signature block to another message. Therefore, it is guaranteed that the signature is original.One example of the use of digital signature in the electronic bankingindustry is by First Digital Bank.The First Digital Bank offers electronic bank notes: messages signed using a particular private key toprovide unforgettable credentials and other services such as an electronic replacement for cash. “Allmessages bearing one key might be worth a dollar, all those bearing adifferent key five dollars, and so on for whatever denominations wereneeded. These electronic bank notes could be authenticated using the corresponding public key which the bank has made a matter of record. First Digital Bank would also make public a key to authenticate electronic documents sent from the bank to its customers.”

2. Secure Electronic Transaction (SET)Secure Electronic Transaction (SET) software system, the global standard for secure cardpayments on the Internet, which is defined by various international companies such as Visa MasterCard, IBM, Microsoft, Netscape Communications Corp., GTE, SAIC, Terisa Systems and Verisign. SET promises to secure bank-card transactions online. Lockhart, CEO of MasterCard said, “ …We are glad to work with Visa and all of the technology partners to craft SET. This action means that consumers will be able to use their bank cards to conduct transactions in cyberspace as securely and easily as they use cards in retail stores today.” SET adopts RSA public key encryption to ensure message confidentiality. Moreover, this system uses a unique public/private key pair to create the digital signature. The main concerns for the transaction include not only to ensure the privacy of data in transit, but also prove the authenticity which both the sender and the receiver are the ones they claim to be. Digital signature is used

ahenasah library al002to achieve the authenticity. A digital signature is produced by firstrunning the message through a hashing algorithm to come up with the message digest. Next, by encrypting the message digest with sender’s private key, this would uniquely identify the sender of the message. When receiving the message, the receiver decrypts the encrypted message with sender’s public key. This ensures that the message was actually from the appropriate person. Besides uniquely identifying the sender, the digital signature also ensures that the original message was not tampered with in transit. The receiver can use the original hashing algorithm to create a new message digest after decrypting the message and compare the new message digest to the original digest. If they match each other, it can be sure that the message has not been altered in transit.Although the public key encryption and the digital signature ensures the confidentiality and theauthenticity of the message, there is still a potential danger existed in that the information the senderprovides may not be real. For example, the sender may encrypt a bank card number which belongs tosomeone else by using his/her own private key. To ensure the true authentication, there is a need for aprocess of certification. A third party who is trusted by both the sender and the receiver will issue thekey pair to the user who provides sufficient proof that he is who he claims to be. One assumption lies inthe receiver’s trust that the CA’s own key pairs, which are used in the certification process, have not been compromised. “Assuming SET will impact the deployment of RSA encryption for home banking and bill payment services online, one might wonder whether the banking industry should just adopt SET for other non-credit card transactions, as well. A senior banking executive at a major US bank contends, SET has the capability to allow payments that are not card-

ahenasah library al002based. The processes in SET are not specific to card transactions. They are generic: authentication, certification, encryption and so on.”

3. Pretty Good Privacy (PGP)Pretty Good Privacy (PGP), created by Philip Zimmermann, is a “hybridcryptosystem thatcombines a public key (asymmetric) algorithm, with a conventional private key (symmetric) algorithm to give encryption combining the speed of conventional cryptography with the considerable advantages of public key cryptography.” The advantage of PGP is that it does notrequire a trusted channel oftransmitting the encryption key to the intended recipient of your message. Furthermore, it has the ability to sign the messages by encrypting them with sender’s private key which can not be replaced by any other key. Once the receiver received the message, he/she can then decrypt the message with thesender’s public key which can not be forged and represents the true identity of the sender.

4. KerberosKerberos is named after the three-headed watchdog of Greek mythology and it is one of the bestknown private-key encryption technologies. Kerberos creates an encrypted data packet, called a ticket,which securely identifies the user. To make a transaction, one generates the ticket during a series ofcoded messages by making exchanges with a Kerberos server, which sitsbetween the two computersystems. The two systems share a private key with the Kerberos serverto protect information from

ahenasah library al002hackers and to assure that the data has not been altered during the transmission. One example of thisencryption is NetCheque which is developed by the Information Sciences Institute of the University ofSouthern California. NetCheque uses Kerberos to authenticate signatures on electronic checks thatInternet users have registered with an accounting server.

Hardware-Based SystemsHardware-based systems offer a more secure way to protect information, but, it is less portableand more expensive than software-based systems. The hardware-based security system creates a secure, closed channel where the confidential identification data is absolutely safe from unauthorizedusers.There are two hardware-based systems discussed in this section: Smartcard system and MeCHIP.1. Smartcard SystemSmartcard System is a mechanical device which has information encodedon a small chip on thecard and identification is accomplished by algorithms based on asymmetric sequences. Each chip on the Smartcard is unique and is registered to one particular user, which makes it impossible for a virus to penetrate the chip and access the confidential data. However, practical limitations in the Smartcardsystem prevent it from broad acceptance for major applications such as home banking or on-linedistribution. One draw-back for the Smartcard is that it cannot handle large amounts of informationwhich need to be decoded. Furthermore, the Smartcard only protects the user’s private identification and it does not secure the transferof information. For example, when the information is keyed into the

ahenasah library al002banking software, a virus could attack the information, altering its destination or content. The Smartcard would then receive this alteredinformation and send it, which would create a disaster for the user. Nevertheless, the Smartcard is one hardware-based system that offers confidential identification.

2. MeCHIPMeCHIP which developed by ESD is connected directly to the PC’s keyboard using a patentedconnection. All information which needs to be secured is sent directly to the MeCHIP, circumventing the client’s vulnerable PC microprocessor. Then the information is signed and transmitted to thebank in secure coded form. A closed, secure channel from the client to the bank is assumed in this case. Allinformation which is transmitted and received is logged and verified to ensure that it has not beentampered with. If there are any deviations, the session is immediately terminated. This hardware-basedsolution offers the necessary security at the personal computer to transfer confidential information.

Privacy TechnologyPrivacy technology can be used to assure that consumers, merchant’s, and the transactionsthemselves remain confidential. For instance, companies sending important, secret information abouttheir marketing strategy to one of its partners would like to keep that information private and out of thehands of its competitors. This technology will keep all information secure and can be applied toelectronic cash, also known as “e-cash”. The privacy technology provides a fully digital bearer

ahenasah library al002instrument that assigns a special code to money, just like a bank note. The security of e-cash is superiorto paper cash because even if it is stolen, it can not be used. However, e-cash has its share ofdisadvantages because it lacks the privacy of use. “This system is secure, but it has no privacy. If thebank keeps track of note numbers, it can link each shop’s deposit to the corresponding withdrawal and so determine precisely where and when Alice spends her money.” This would make it possible to create spending profiles on consumers and threaten their privacy. Furthermore, records based on digitalsignatures are more vulnerable to abuse than conventional files. Not only are they self-authenticating,but they also permit a person who has a particular kind of information to prove its existence withouteither giving the information away or revealing its source. “For example, someone might be able toprove incontrovertibly that Bob had telephoned Alice on 12 separate occasions without having to reveal the time and place of any of the calls.” One solution to this lack of privacy is the implementation of “blind signatures”. How it works is that before sending the bank note number to the bank for signing, the user multiplies the note number by a random factor. Consequently, the bank knows nothing aboutwhat it is signing except that the note has a specific digital signature belonging to a person’s account. After receiving the blinded note signed by the bank the user can divide out the random factor and use it by transferring it to a merchant’s account as a payment for merchandise. The blinded note numbers are untraceable because the shop and the bank cannot determine who spent which notes.This is because the bank has no way of linking the note numbers that the merchant deposited with the purchaser’s withdrawals. Whereas the security of digital signatures is dependent on the difficulty of

ahenasah library al002particular computations, the anonymity of blinded notes is limited only by the unpredictability of the user’s random numbers. The blinded electronic bank notes protect an individual’s privacy, but because each note is simply a number, it can be copied easily. To prevent double spending, each note must be checked on-line against a central list when it is spent which makes this verification procedureunacceptable for many applications, especially for minor purchases. Thus, this technology currently, is only applicable for large sums ofmoney.

The Internet has grown exponentially, with more than 30 million usersworldwide currently. TheInternet enhances the interaction between two businesses as well as between individuals and businesses.As a result of the growth of the Internet, electronic commerce has emerged and offered tremendousmarket potential for today’s businesses. One industry that benefits from this new communicationchannel is the banking industry. Electronic banking is offering its customers with a wide range ofservices: Customers are able to interact with their banking accounts as well as make financialtransactions from virtually anywhere without time restrictions.Electronic Banking is offered by many banking institutions due to pressures from competitions.To add further convenience to the customers, many banking institutions are working together to form an integrated system such as the Integrion Financial Network and the Gendex Bank International.On the other hand, this has not been readily accepted by its users due to the concerns raised by various groups, especially in the areasof security and privacy. Moreover, there are many potential problems associate with this young industry due to imperfection of the

ahenasah library al002security methods. The example of Citibank’s disaster due to hackers has led to more concerns about this system.In order to reduce the potential vulnerabilities regarding to the security, many vendors havedeveloped various solutions in both software-based and hardware-basedsystems. Generally speaking,software-based solutions are more common because they are easier to distribute and are less expensive.In order for electronic banking to continue to grow, the security andthe privacy aspects need tobe improved. With the security and privacy issues resolved, the future of electronic banking can be very prosperous. The future of electronic banking will be a system where users are able to interact with their banks “worry-free” and banks are operated under one commonstandard.

ENHANCED SECURITY TIPS FOR ELECTRONIC CARDS

Internet crime, online scams, credit card fraud. There are easy things you can do to help prevent these from happening.

Here are a few tips to keep your debit card, credit card, PIN, Telephone / Internet Banking passwords and authentication device secure. It’s also helpful to show these tips to anyone else authorised to use your account.

By working together we can improve internet security and reduce crime, identity fraud and identity theft.

Card security tips

•Immediately sign the back of your card.

•Don’t let anyone else use your card, NAB ID or authentication device.

ahenasah library al002•Always know where your card is, keep it safe from loss or theft and keep your eye on home security.

•Be mindful of card fraud and security on the internet. You don’t want your identity stolen.

•Don’t forget your card and receipt at the ATM.

•Let your provider know immediately if your card is lost or stolen.

•Upon expiry cut your card diagonally in half (including any embeddedmicrochip on the card; magnetic strip and security code).

•Don’t use an ATM if you think something’s not right.

Password, PIN and Telephone / Internet Banking security tips

•Keep security details confidential and do not record them and store with your cards.

•Memorise your details if you can.

•Banks should never asks for security details online so ignore any emails purporting to be from a bank asking you to enter your details.

•Don’t let anyone see you entering your password or PIN.

•Notify your bank immediately if you lose or forget a password or PINor if someone else uses it.

•Avoid easy to guess combinations of numbers or letters or ones easily identifiable with you ie. your birthday, car rego, mobile, post code, and so on.

•Regularly change your PIN and passwords.

•Contact your provider to see what added security features they offer.

Tips to avoid scams and hoaxes

ahenasah library al002•Banks should never ask for security details online, so ignore any emails purporting to be from a bank asking you to enter them.

•Ensure your computer has the latest security software and operating system updates.

•Be cautious when using computers in internet cafes, hotels and airport lounges, refer to online security tips.

•Type the full web link (such as www.nab.com.au) into your browser when you plan to use lnternet Banking.

•“SCAMwatch” at www.scamwatch.gov.au is a good resource.

•Contact your provider if something looks suspicious.

Tips to reduce the risk of identity theft

•Secure your letterbox as thieves can use the personal details in your mail.

•Notify your provider immediately of any change to your address or contact details.

•Destroy or shred any documents containing personal information before throwing them out.

When you should notify your provider

•If you tell anyone else your PIN, codes or passwords

•Your card or authentication device is misused, lost or stolen.

•There is an error, unauthorised access or transaction on your account.

•Your mobile phone is lost or stolen and your mobile phone number is registered for SMS Security.

ahenasah library al002•If there is a breach in your security, change your password and notify us immediately.

TIPS IN ENSURING THE SAFETY OF ELECTRONIC CARD

To access a financial institution's online banking facility, a customer with Internet access would need to register with the institution for the service, and set up a password and other credentials for customer verification. The credentials for online banking is normally not the same as for telephone banking. Financial institutions now routinely allocate customers numbers, whether or notcustomers have indicated an intention to access their online banking facility. Customers' numbers are normally not the same as account numbers, because a number of customer accounts can be linked to the one customer number. The customer number can be linked to any accountthat the customer controls, such as cheque, savings, loan, credit card and other accounts.

To access online banking, a customer visits the financial institution's secure website, and enters the online banking facility using the customer number and credentials previously setup. Online banking services usually include viewing and downloading balances andstatements, and may include the ability to initiate payments, transfers and other transactions, as well as interacting with the bank in other way

Always remember to withdraw your card whenever you finish using an ATM. You’re liable for any money lost as a result of someone else using your card to withdraw or transfer fun

What type of Internet security do you provide your customers?

SOME KEY ELECTRONIC BANKING SECUITIES

1. BDO Securities

ahenasah library al002Using the current security technologies and processes, BDO assures its clients of the confidentiality and privacy of their online banking sessions. BDO Internet Banking security uses the following securities:

(a)Authentication - Authentication ensures that only authorized users can access the BDO Internet Banking system by verifying theidentity of the user. This is enforced through the use of a User Name and Password.

(b) Network Security – BDO uses a firewall to protect its Internet banking servers from unauthorized Internet access. A firewall is a combination of systems that enforces a boundary between the Internet and the bank's network, while blocking out all unwanted access.

(c)Encryption - Encryption converts data on the system to a format that is unreadable by anyone who does not have the proper authorization. Currently, BDO Internet Banking uses 128-bit Secure Sockets Layer (SSL) to secure all banking transactions. 128-bit encryption means that there are 2128 - or 3.4 with 38 zeros after it - possible combinations that could access your account information but only one that works for each online banking session.

(d) Automatic Log-out - BDO Internet Banking automatically logs youout of the system if it detects no user activity for a fixed number of minutes. This protects your accounts from being accessed by the next PC user, especially when using a public or shared computer.

(e)Password strength – an on-screen meter that indicates the strength of your nominated password..Security of a customer's financial information is very important,without which online banking could not operate. Similarly the reputational risks to the banks themselves are important.[5] Financial institutions have set up various security processes to

ahenasah library al002reduce the risk of unauthorized online access to a customer's records, but there is no consistency to the various approaches adopted...The use of a secure website has become almost universally adopted.Though single password authentication is still in use, it by itself is not considered secure enough for online banking in somecountries. Basically there are two different security methods in use for online banking.• The PIN/TAN system where the PIN represents a password, usedfor the login and TANs representing one-time passwords to authenticate transactions. TANs can be distributed in different ways, the most popular one is to send a list of TANs to the online banking user by postal letter. Another way of using TANs is to generate them by need using a security token. These token generated TANs depend on the time and a unique secret, stored in the security token (two-factor authentication or 2FA).

2. TAN generators (chipTAN) also include the transaction data into the TAN generation process after displaying it on their own screen to allow the user to discover man-in-the-middle attacks carried out by trojans trying to secretly manipulate the transaction data in the background of the PC.Way to provide TANsto an online banking user is to send the TAN of the current banktransaction to the user's (GSM) mobile phone via SMS. The SMS text usually quotes the transaction amount and details; the TAN is only valid for a short period of time. Especially in Germany,Austria and The Netherlands, many banks have adopted this "SMS TAN" service. Usually online banking with PIN/TAN is done via a web browser using SSL secured connections, so that there is no additional encryption needed.

ahenasah library al0023. Signature based online banking where all transactions are signed

and encrypted digitally. The Keys for the signature generation and encryption can be stored on smartcards or any memory medium,depending on the concrete implementation. (See, e.g., the Spanish ID card DNI electronic.

OTHER THOUGHTS OF ELECTRONIC BANKING

Electronic banking, also known as electronic funds transfer (EFT), issimply the use of electronic means to transfer funds directly from one account to another, rather than by check or cash. You can use electronic funds transfer to:

• have your paycheck deposited directly into your bank or credit union checking account.

• withdraw money from your checking account from an ATM machine with a personal identification number (PIN), at your convenience, dayor night.

• instruct your bank or credit union to automatically pay certain monthly bills from your account, such as your auto loan or your mortgage payment.

• have the bank or credit union transfer funds each month from your checking account to your mutual fund account.

• have your government social security benefits check or your tax refund deposited directly into your checking account.

• buy groceries, gasoline and other purchases at the point-of-sale, using a check card rather than cash, credit or a personal check.

ahenasah library al002• use a smart card with a prepaid amount of money embedded in it for use instead of cash at a pay phone, expressway road toll, or on college campuses at the library's photocopy machine or bookstores.

• use your computer and personal finance software to coordinate your total personal financial management process, integrating data and activities related to your income, spending, saving, investing, recordkeeping, bill-paying and taxes, along with basic financial analysis and decision making.

TYPES OF ELECTRONIC BANKING DEVICES

1. Automated Teller Machines (ATMs) also called 24-hour tellers areelectronic terminals which give consumers the opportunity to bank at almost any time. To withdraw cash, make deposits or transfer funds between accounts, a consumer needs an ATM card and a personal identification number. Some ATMs charge a usage fee for this service, with a higher fee for consumers who do nothave an account at their institution. If a fee is charged, it must be revealed on the terminal screen or on a sign next to thescreen.

2. Direct Deposit and Withdrawal Services allow consumers to authorize specific deposits, such as paychecks or social security checks, to their accounts on a regular basis. It is also possible to authorize the bank, for a fee, to withdraw funds from your account to pay your recurring bills, such as mortgage payment, installment loan payments, insurance premiums and utility bills.

3. Pay by Phone Systems let consumers phone their financial institutions with instructions to pay certain bills or to transfer funds between accounts.

4. Point-of-Sale Transfer Terminals allow consumers to pay for retail purchase with a check card, a new name for debit card. This card looks like a credit card but with a significant

ahenasah library al002difference the money for the purchase is transferred immediatelyfrom your account to the store's account. You no longer have thebenefit of the credit card "float", that is the time between thepurchase transactions and when you pay the credit card bill. With immediate transfer of funds at the point-of-sale, it is easy to overdraw your checking account and incur additional charges unless you keep careful watch on spending.

5. Personal Computer Banking Services offer consumers the convenience of conducting many banking transactions electronically using a personal computer. Consumers can view their account balances, request transfers between accounts and pay bills electronically from home.

TYPES OF ELECTRONIC CURRENCY

Check Cards, the new name for debit cards, can be used instead of cash, personal checks or credit cards. As stated, when you use a check card you transfer funds immediately from your account to the store's account. A growing number of consumers use check cards because they eliminate the hassle and risks of writing checks or carrying large amounts of cash. Important facts you need to know are:

•You have less bargaining power with a check card than with a credit card. With a credit card you have the right to refuse to pay for the purchase if you are not satisfied. With a debit card you have alreadypaid for the product, so you have less bargaining power with the merchant.

•A thief with your check card and PIN number can take all the money in your account. The thief can even make point-of-sale purchases without your PIN.

•Your liability is limited to $50 if you report the checkcard loss within two days, any longer and your liability can go to $500. After 60 days, you can be responsible for the entire amount.

ahenasah library al002

Note: MasterCard and Visa have voluntarily capped the loss liability of checkcard holders at $50. "As welcome as these voluntary protections are, they are too important to be left to the kindness ofbank marketing departments," writes Consumer Reports. The consumer advocacy magazine advocates federal law changes to make consumer liability caps mandatory.

•In an era of increasing bank fees, consumers can expect to pay for the service of using a checkcard.

•It is the consumer's responsibility to keep checkcard receipts and deduct the dollar amounts of the purchase from your bank balance immediately, in order to avoid overdraft changes.

Smart Cards, sometimes called stored-value cards, have a specific amount of credit embedded electronically in the card. For example, a $100 smart card that you have purchased in advance can be used to cover expenses such as pay phone charges, bridge or expressway tolls,parking fees or Internet purchases. These cards make the transaction fast, easy and convenient.

Smart card technology is in a period of rapid change. Ultimately consumers should be able to customize their smart cards to suit theirfinancial needs with access from their personal computer or cellular phone. Some important consumer issues are:

•Smart cards are the equivalent of cash so must be guarded.

•Procedures for recovering the value of a malfunctioning smart card are unclear.

•The computer chip within the card will contain both financial and personal information. Privacy and security issues could be a problem.

ahenasah library al002Smart cards may not be covered by the Electronic Funds Transfer Act in case of loss or misuse of the card.

Digital Cash is designed to allow the consumer to pay cash rather than use a credit card to purchase products on the Internet. One typeof digital cash allows consumers to transfer money from a financial institution or a credit card into an "electronic purse". The cash is held in a special bank account that is linked to your computer. Another type of digital cash converts money into digital coins that can be placed on your computer's hard drive.

Digital checks allow consumers to use their personal computers to payrecurring bills. Consumers can use computer software provided by a bank, or they can use personal finance software packages such as Quicken or Microsoft Money and subscribe to an electronic bill-payingservice.

The technology of paying bills electronically by home computers is advancing rapidly, but relatively few businesses currently can acceptpayments made directly by computers. Digital checking is expensive. Fees generally run from $5 to $10 a month for 20 transactions. Privacy and security issues are major consumer concerns. Encryption technology may lessen privacy concerns in the future.

LEGALITIES GOVERNING ELECTRONIC BANKING

Consumer Protection -- Electronic Funds Transfer Act

The 1978 Electronic Funds Transfer Act is the governing statute whilethe Federal Reserve Board's Regulation "E" provides guidelines on electronic funds transfer card liability. The regulations require that:

•A valid EFT card can be sent only to a consumer who requests it.

ahenasah library al002•Unsolicited cards can be issued only if the card cannot be used until validated.

•The financial institution must inform you of your rights and responsibilities under the law in a written Disclosure Statement, including the procedure to correct errors in your periodic statements.

•Phe user is entitled to a written receipt when making deposits or withdrawals from an ATM or using a point-of-sale terminal to make a purchase. The receipt must show the amount, date and type of transfer.

•Periodic statements must confirm the amount of all transfers, the dates and types of transfers, type of accounts to or from which fundswere transferred, and the address and phone number to be used for inquiries regarding the statement.

Problems and Errors. You have 60 days from the date a problem or error appears on your written terminal receipt or on your periodic statement to notify your financial institution. If you fail to notifythe financial institution of the error within 60 days, you may have little recourse. Under federal law, the financial institution has no obligation to conduct an investigation if you have missed the 60-day deadline.

Lost cards. If you report an ATM or EFT card missing before it is used without your permission, the card issuer cannot hold you responsible for any unauthorized withdrawals. If unauthorized use occurs before you report it, the amount you can be held responsible for depends upon how quickly you report the loss.

If you report the loss within two business days after you realize thecard is missing but you do report its loss within 60 days after your

ahenasah library al002statement is mailed to you, you could lose a much as $500 because of an unauthorized withdrawal.

If you do not report an unauthorized withdrawal within 60 days after your statement is mailed, you risk losing all the money in your account plus the unused portion of your maximum line of credit established for overdrafts.

Advantages

There are some advantages on using e-banking both for banks and customers:

• Permanent access to the bank

• Lower transaction costs / general cost reductions

• Access anywhere

Countermeasures

There exist several countermeasures which try to avoid attacks. Digital certificates are used against phishing and pharming, in signature based online banking variants (HBCI/FinTS) the use of "Secoder" card readers is a measurement to uncover software side manipulations of the transaction data.[11] To protect their systems against Trojan horses, users should use virus scanners and be carefulwith downloaded software or e-mail attachments.

In 2001, the U.S. Federal Financial Institutions Examination Council issued guidance for multifactor authentication (MFA) and then required to be in place by the end of 2006.[12]

In 2012, the European Union Agency for Network and Information Security advised all banks to consider the PC systems of their users being infected by malware by default and therefore use security processes where the user can cross check the transaction data against

ahenasah library al002manipulations like for example (provided the security of the mobile phone holds up) SMS TAN where the transaction data is send along withthe TAN number or standalone smartcard readers with an own screen including the transaction data into the TAN generation process while displaying it beforehand to the user (see chipTAN) to counter man-in-the-middle attacks.

The precursor for the modern home online banking services were the distance banking services over electronic media from the early 1980s.The term 'Online' became popular in the late '80s and referred to theuse of a terminal, keyboard and TV (or monitor) to access the bankingsystem using a phone line. 'Home banking' can also refer to the use of a numeric keypad to send tones down a phone line with instructionsto the bank. Online services started in New York in 1981 when four ofthe city's major banks (Citibank, Chase Manhattan, Chemical and Manufacturers Hanover) offered home banking services.[1][2][3] using the videotex system. Because of the commercial failure of videotex these banking services never became popular except in France where the use of videotex (Minitel) was subsidised by the telecom provider and the UK, where the Prestel system was used. For more information about the latter see Online banking in the U.K.

When the clicks-and-bricks euphoria hit in the late 1990s, many banksbegan to view Web-based banking as a strategic imperative. The attraction of banks to online banking are fairly obvious: diminished transaction costs, easier integration of services, interactive marketing capabilities, and other benefits that boost customer lists and profit margins. Additionally, Web banking services allow institutions to bundle more services into single packages, thereby luring customers and minimizing overhead.

A mergers-and-acquisitions wave swept the financial industries in themid-and late 1998s, greatly expanding banks' customer bases. Following this, banks looked to the Web as a way of maintaining their

ahenasah library al002customers and building loyalty. A number of different factors are causing bankers to shift more of their business to the virtual realm.

While financial institutions took steps to implement e-banking services in the mid-1990s, many consumers were hesitant to conduct monetary transactions over the web. It took widespread adoption of electronic commerce, based on trailblazing companies such as America Online, Amazon.com and eBay, to make the idea of paying for items online widespread. By 2000, 80 percent of U.S. banks offered e-banking. Customer use grew slowly. At Bank of America, for example, it took 10 years to acquire 2 million e-banking customers. However, asignificant cultural change took place after the Y2K scare ended. In 2001, Bank of America became the first bank to top 3 million online banking customers, more than 20 percent of its customer base. In comparison, larger national institutions, such as Citigroup claimed 2.2 million online relationships globally, while J.P. Morgan Chase estimated it had more than 750,000 online banking customers. Wells Fargo had 2.5 million online banking customers, including small businesses. Online customers proved more loyal and profitable than regular customers. In October 2001, Bank of America customers executed a record 3.1 million electronic bill payments, totaling morethan $1 billion. In 2009, a report by Gartner Group estimated that 47percent of U.S. adults and 30 percent in the United Kingdom bank online.

Today, many banks are internet only banks. Unlike their predecessors,these internet only banks do not maintain brick and mortar bank branches. Instead, they typically differentiate themselves by offering better interest rates and more extensive online banking features.

Scenario

ahenasah library al002Imagine yourself in this situation. You are at home alone one eveningand you have your computer connected to your banking account. You arechecking out your banking account to see how much money you have. Like many people, you still have a lot of money at home because you don’t fully trust the banking system. Suddenly, you hear a noise outside and jump right out of your chair. You rush over to the windowto see who is outside and realize that it is a burglar. You have a lot of money placed under your mattress and you fear that the burglarwill take it. Since this is an age of advance technology, you have a mechanical device that lets you transfer paper money into electronic money which can then be sent to your bank via the Internet. This machine destroys the money and keeps track of the amount destroyed. You realized that you can save your money from the burglar and rush to get it immediately. You place all your money in the machine and itquickly converts the paper money into electronic money. By the touch of a button, you transfer your money to your banking account where itis safe. Now your money is safe. Now all you have to worry about is yourself.

Key Words

AuthenticationA process that grants access to a local or remote computer system, a network, or online information.

CA (certification authority)An entity or service that distributes electronic keys for encrypting information and electronic certificates for authenticating user and server identities.

Digital SignatureA coded message added to a document or data that guarantees the identity of the sender.

ahenasah library al002

Electronic BankingThe use of a computer to retrieve and process banking data ( statements, transaction details, etc.) and toinitiate transactions (payments, transfers, requests for services, etc.)directly with a bank or other financial services providers remotely via a telecommunications network.

Electronic CommerceThe use of an information infrastructure through which businesses canspeed the exchange ofinformation, improve customer service, reduce operating costs, and increase global competitiveness.

EncryptionThe scrambling, or encoding, of information to prevent anyone other than the intended recipient fromreading the information. There are many types of encryption, and theyare the basis of network security.

Hash CodeA unique, mathematical summary or “fingerprint” of a document that serves to identify the document andits exact contents. Any change in the hash code is an alert that the document’s contents have beenaltered.

InternetA worldwide system of computer networks. Networks connected through the Internet use a particular setof communication standards, known asTCP/IP, to communicste.

ahenasah library al002Kerberos

A distributed security system developed by the Massachusetts Institute of Technology. It uses privatekey security.

Private-key securityAlso known as symmetric-key security, this is a security mechanism based on both parties have the same encryption key, as in secret-key cryptography. The client and server share a key to encrypt and decrypt information on a network. A common implementation of private-key security is the Kerberos distributed security system.

Public-key securityAlso known as asymmetric-key security or public-key encryption technology, this is a securitymechanism for securely distributing encryption keys that are used to “lock” and ”unlock” data across an unsecured path. Public-key security is based on encryption key pairs, in contrast to private-keysecurity, which is based on having a single, shared key.

RSAAn encryption mechanism by RSA Data Security that uses both a privateand a public key. RSA is alsoused for authentication.

Secure Socket Layer (SSL)A security protocol developed by the Netscape Communications Corporation to encrypt sensitive dataand verify server authenticity.

ahenasah library al002References:

Banking: There's No Place Like Home by Kathy Yakal. Kiplinger's Personal Finance Magazine, pp. 61-66, (December 1997).

Check Cards: Should you replace your ATM card? Consumer Reports, pp. 68-69, (October 1997).

Electronic Commerce and The Future of Money; Technology and You, by Tariq K. Muhammad, Black Enterprise, pp. 255-259, (June 1997).

How Will We Pay On The Internet? by James McAndrews, Consumers' Research, pp. 29-33, (April 1997).

Paying Bills By Computer; Time to switch to digital checks? Consumer Reports, pp. 54-55, (August 1997).

What to know before you spend cyberdough, by Ellen Start, Money Magazine, pp. 33-35, (January 1997).

What works and what doesn't in the world of Digital Finance, by PeterKeating, Money Magazine, pp. 135-143, (July 1996).