People's lack of trust poses big challenge in online banking

People's lack of trust poses big challenge in online banking

Rudijanto, Contributor, Jakarta

Transferring funds to one's bank account by a few clicks of
the computer mouse or some touches on a mobile phone's buttons
using today's sophisticated IT and cellular network system, with
its layers of security protection, sounds like a practical
solution for modern people, but what if things go wrong and the
funds are diverted to the incorrect bank account?

That is the most common concern among people who are still
traumatized by unfavorable events in cyberworld, especially the
emergence of increasingly sophisticated hackers who seem to have
very sharp eyes for any minor weakness in the internet system, as
well as various cybercrimes that have already inflicted financial
losses on numerous internet banking users.

The cellular world of mobile phones has its own crimes that
have also caused major losses to some mobile phone users. The
media has frequently reported about people who have obediently,
as if under a hypnotic spell, transferred their money via the ATM
to swindlers who have cheated by sending misleading SMSs, like,
"Transfer this amount as an advance for your prize," and so
forth.

With all of those disheartening events in both the cyber as
well as the cellular worlds, many people have their own
legitimate reasons to question their safety, as many aspects
still remain obscure to most laymen.

While both the internet and mobile banking systems in most
banks have significantly improved, bankers admit that they have
difficulty changing this negative perception among a significant
portion of customers.

Citibank's vice president for e-Business, Rico Usthavia Frans,
compares the current doubt of people on the security of internet
and mobile banking with the same hesitancy toward using the ATM
in the 1980s.

"But I do believe that in the not-too-distant future the
internet and mobile banking service will be acceptable here just
like in advanced countries where the infrastructure is already
good. In Indonesia, the infrastructure is improving," said Rico.

Citibank has been among the pioneers in internet banking in
Indonesia since the bank started this service in November 2001.
However, the bank seems very cautious in promoting their internet
banking services.

"We have not really launched the internet banking services. As
of now, we only offer it to our existing customers because we are
still enriching our experience," said Rico.

This learning process of Citibank's personnel on the internet
banking services reflects the bank's care in safeguarding and
developing its internet banking system.

"For every system that we are developing, we submit it to the
Ethical Hacking Test by a group of professional hackers in the
United States to make sure that the system is secure enough. And
we pay between US$20,000 and $30,000 for such security test,"
said Rico.

Other banks have their own standard security systems such as
Secure Socket Layer (SSL) 128 bit Encryption to process and
safeguard data into secret codes.

To give more security to internet banking users, Bank Mandiri
also offers Token PIN (Personal Identification Number), which
functions to generate a new PIN for each financial transaction by
every user of the bank's internet banking services.

These PINs, often called dynamic PINs, make it almost
impossible for those with bad intentions to find out the PIN for
individual users since the PIN keeps on changing in every
transaction and each customer's ID number has a link only to one
TOKEN PIN series number.

"To protect our internet banking users we also limit the
internet banking transaction to Rp 10 million per day," said
Kostaman Thayib, Bank Mandiri's senior vice president group head
for consumer liabilities.

In mobile banking, this bank's tight security system is backed
with another sophisticated security system belonging to major
cellular phone operators like Telkomsel, Excelcomindo Pratama and
Satelindo.

Aside from the bank's own security system, cellular phone
operators still provide mobile banking users with a security key
in their SIM card. The key functions to encrypt data that is
uploaded by mobile banking users.

"We provide a system in our SIM card that can encrypt data
being sent via cellular phone to the bank. Only the bank, not
even us, can open this data. Therefore, transactions via our
network are end-to-end secure," said Reyhan, Telkomsel's mobile
banking manager.

These two layers of security systems from the bank and
cellular phone operators lead some people to believe that mobile
banking is more secure than internet banking. Multimedia expert
Roy Suryo is among those who believe in the security of mobile
banking due to this double security systems.

Internet expert Onno Purbo said that the level of encryption
applied by cellular operators was equal to or higher than Wired
Equivalent Privacy that makes mobile banking already secure.

However, Citibank's vice president Rico believes that internet
banking and mobile banking have the same level of security since
there is practically no technological defect in either system,
especially the ones used by Citibank.

He said that although technologically it is difficult to break
the security system in both its internet and mobile banking, he
emphasized that the human factor or the users themselves play an
important role in safeguarding the transactions.

"Therefore, we should pay attention not only to the technology
but also enhance the level of customer awareness of the
technology," said Rico.

Based on a number of media reports, human error rather than
technological defect has trapped some internet users. Spoofing is
a part of this trap that can lead people to reveal their data to
unauthorized persons.

"Usually, users receive emails that ask them to update their
data. This email has a hyperlink to a typo site. Once people
update their data, they automatically give away their most
confidential data," said Rico.

Another human error is lending one's cellular phone to others,
and some of them may well be ill-intentioned people or some
borrowers may unknowingly let other people find out one's PIN.
This will lead to the phone owner's to suffer financial losses.

The rapid growth of cellular phone users that constitutes a
potential market for mobile banking should at the same time raise
the vigilance on the danger of crimes through Short Message
Services (SMS). PT Telkomsel's Reyhan said that his company
cannot do much to prevent such crimes except by providing
education to its users.

The Indonesia Cellular Telecommunication Association recently
reported the number of cellular phone users has reached 18.5
million in 2003. The association predicted that the number may
increase to 25 or 27 million within this year.

This steady growth of cellular phone users has exceeded that
of internet users which is estimated between three and four
million in 2003. Not only this figure provides a big opportunity
for mobile banking but certainly opportunities for evil doers as
well.

Technologically, both the internet and mobile banking systems
applied by banks and cellular phone operators have improved to
such a sophisticated level that creates major headache for the
criminals. But human carelessness remains as a crucial factor for
the effective implementation.

That is why continuous education by both banks and cellular
operators become critical in protecting their customers from
swindlers. Without this the promise of easy and practical
transactions may prove to be as easy for evil people to enrich
themselves at the cost of internet and mobile banking users.