Indonesian Political, Business & Finance News

Internet Banking Security, the BCA story

| Source: JP

Internet Banking Security, the BCA story

By Kostaman Thayib

JAKARTA (JP): The Internet is inevitably becoming more popular
and exerting a greater influence in our daily life.

The Internet makes life easier.

With the Internet, we can now quickly and easily search for
information all over the world. It also makes communication
around the world faster, easier and cheaper.

Internet has developed into a powerful medium of information,
communication and human interaction in a relatively short period
of time.

Banks have also embraced Internet technology to make banking
easier, more convenient and available anywhere and anytime.

With the Internet, banking transactions are only a click away.

Several banks in Indonesia have introduced Internet Banking
(IB).

Among these banks, BCA -- although not the first bank to
launch Internet banking -- has recorded some remarkable results.
Since its introduction on Aug. 17, 2000, after its grand launch
on March 30, 2001, more than 200,000 customers have registered
for Internet banking services (KLIK BCA), and 70 percent of them
have logged in and performed banking transactions at its website
(www.klikbca.com).

In Internet banking, the main concern is security. Customers
are not asking about the conveniences of IB, they are asking
about the security of IB transactions. Security remains one of
the biggest barriers to consumer acceptance of IB.

Customers have heard of the attacks on several websites,
including bank websites by hackers. Sometimes the hackers breach
the security of Internet systems and deface the front page of the
websites. Actually in cases like this, customers' accounts are
safe and not affected.

In Indonesia, over 70 percent of credit card transactions done
through the Internet are fraudulent. Credit card transactions via
the Internet require customers to divulge their credit card
number and its expiry date.

These information is not secure because it is even printed on
the credit card and transaction receipt. In most cases, carders
who steal the credit card information do not hack the website.
The carders steal the data from conventional transactions such as
payments at hotels, restaurants, etc, by working with the service
providers.

BCA realizes that the security of Internet banking
transactions is an issue of utmost importance for customers.
Therefore the bank has protected its Internet banking system to
ensure a high level of security.

From the very first step in Internet banking, i.e. the
registration, BCA has taken security into consideration.

Customers should register through ATM BCA to ensure the person
registering is the account holder.

After inserting the ATM Card (Paspor BCA), enter the correct
ATM PIN and select the Internet registration menu. The customer
is asked to enter his IB PIN, and his user ID will be given right
away.

This user ID and IB PIN can be used immediately to log into
the website. IB registration through ATM is secure and yet very
fast, easy and convenient.

To access an account through IB, the customer is verified
through his user ID and IB PIN. This identification and
authentication process makes on-line transactions very secure.

Unlike credit card numbers and expiry dates, user IDs and IB
PINs are not printed on the card nor on transaction receipts.

No one should have knowledge of this information. For this
reason, customers should be careful when making IB transactions
in public areas. Make sure there is no one behind you peeking at
your user ID and PIN. If you are doubtful of the confidentiality
of your PIN, you can change it at KLIKBCA's website.

To protect the security of data during its transmission from
the user's computer to the IB server, Klik BCA is secured with
128 bits SSL (Secure Socket Layer) 3.0, verified by Verisign.

If someone taps the transmitted data, the data would look
meaningless, and if he tries to decrypt the encrypted data,
according to Onno Purbo, he would need 12,710,204,652,610
trillion years to do so.
The URL address of the website secured by SSL will begin with
https instead of http.

Klik BCA servers are also protected by Firewall to prevent
illegal access by unauthorized users.

Customers should make sure they log out of the IB website
after they have completed their transactions. They should not
leave their computers in a login state as others can then access
their bank accounts.

To prevent financial loss when customers are careless in this
respect, Klik BCA automatically logs out if no transaction is
made in 10 minutes.

For every financial transaction, Klik BCA will ask the user to
enter his IB PIN. Although this procedure seems repetitive, it
will prevent others from making transactions from your account if
you forget to log out.

To monitor the usage of your IB account, Klik BCA provides the
last login information on the main menu every time customers
login to the website. Every transaction done through Klik BCA
will also be reported, through an automatic e-mail notification,
to the customer's e-mail address.

Actually IB has provided enough security for online
transactions. To breach the IB security is very expensive and
very difficult, if not impossible.

Sometimes people who do not understand IB are fooled into
revealing their user ID and IB PIN.

With the your user ID and PIN, others can make a transaction
from your account. Off course, this is faster, cheaper and easier
than breaching the IB security system!

Customers should be aware that the user ID and PIN are keys to
their banking account. Therefore they should keep them
confidential.

To protect customers who do not understand IB or who are
careless, especially during the early stages of IB in Indonesia,
Klik BCA has set the limit for transfers at Rp 3 million.

If IB users need to transfer more than Rp 3 million, Klik BCA
will provide a security token called Key BCA. Key BCA is a
security device, which looks like a calculator, for
authorization.

If the transaction amount exceeds Rp 3 million, IB will
display a challenge code.

IB users could activate Key BCA by entering the Key BCA PIN
and then entering the challenge code seen on the screen on Key
BCA.

Key BCA will then generate the response code. Users should
enter this response code on the IB screen. If it is matches the
number in the IB Server, the transaction will be authorized.

The response code generated by Key BCA will be different every
time. In other words, Key BCA is a device to generate dynamic
PINs or a One Time Password (OTP). Key BCA helps make customers
feel secure in using Klik BCA.

IB offers a lot of conveniences for customers.

Like other conveniences, it is also vulnerable to misuse and
crime. Klik BCA offers an up-to-date system and the tools to
ensure the security of its IB.

Customers, on their part, should keep their user ID and IB PIN
confidential, and conduct their transactions discreetly.

The writer is deputy chief of BCA's Consumers Banking Division.

View JSON | Print