mis report on online banking

RR E P O R TE P O R T O NO N O O N L I N EN L I N E B B A N K I N GA N K I N G

Table of Contents

CC H A P T E RH A P T E R 1 – I 1 – I N T R ON T R O T OT O O O N L I N EN L I N E B B A N K I N GA N K I N G .................................................................................................................................................................................... 11

WW H A TH A T I SI S M E A NM E A N B YB Y O N L I N EO N L I N E B A N K I N GB A N K I N G ?? .................................................................................................................................................................................................................... 11

Why online?............................................................................................................................................. 1

What is Bank Wire Transfers?................................................................................................................. 1

FIGURE 1.1 – Basic Illustration How Bank Wire Transfers Work.........................................................1

Some terminologies explained:................................................................................................................2

TT H EH E G G L O B A LL O B A L E - B E - B A N K I N GA N K I N G S S C E N A R I OC E N A R I O ............................................................................................................................................................................................................................ 33

Hurdles in implementation of E-Banking in the Region:...........................................................................4

II N T E R N E TN T E R N E T S S E R V I C E SE R V I C E S P P R O V I D E DR O V I D E D B YB Y B B A N K SA N K S ............................................................................................................................................................................................44

Issues in services provided by banks via internet....................................................................................4

The regulatory and Supervisory concerns in i-banking............................................................................5

FIGURE 1.2 – Information compromised through man-in-the-middle attack.........................................7

State Bank of Pakistan’s Concerns over Internet Facilities......................................................................9

The Global Scenario.............................................................................................................................. 10

Hurdles in implementation of E-Banking in the Region:.........................................................................10

II N T E R N E TN T E R N E T – – I T SI T S B A S I CB A S I C S T R U C T U R ES T R U C T U R E A N DA N D T O P O L O G YT O P O L O G Y ......................................................................................................................................1 11 1

World Wide Web (WWW)...................................................................................................................... 12

Wireless Application Protocol (WAP):....................................................................................................12

Security threats:..................................................................................................................................... 13

E-Commerce:......................................................................................................................................... 13

Business-to-Consumers (B2C):.............................................................................................................14

Opportunities:......................................................................................................................................... 15

Concerns:.............................................................................................................................................. 16

Business to Business (B2B)................................................................................................................... 16

The Growth of Internet Banking and common products:........................................................................17

Different Approaches............................................................................................................................. 18

CC H A P T E RH A P T E R 2 – O 2 – O N L I N EN L I N E B B A N K I N GA N K I N G V I ZV I Z A A S K A R IS K A R I B B A N KA N K ................................................................................................................................1 91 9

LL I N K I N GI N K I N G O FO F B R A N C H E SB R A N C H E S .......................................................................................................................................................................................................................................................................................... 1 91 9

BB R A N C HR A N C H N E T W O R KN E T W O R K ................................................................................................................................................................................................................................................................................................................ 1 91 9

FIGURE 2.1 – Askari Bank’s branch network across Pakistan region wise........................................19

South Region Cities:.............................................................................................................................. 20

North Region Cities:............................................................................................................................... 21

Center Region:....................................................................................................................................... 21

North Region Cities:............................................................................................................................... 22

South Region Cities:.............................................................................................................................. 22

WW H YH Y A A S K A R IS K A R I O O N L I N EN L I N E B B A N K I N GA N K I N G F F A C I L I T I E SA C I L I T I E S ?? ........................................................................................................................................................................2 32 3

Askari Bank Online Facilities.................................................................................................................23

ATM facility..................................................................................................................................... 23

______________________________________________________________________________i


iNET Banking................................................................................................................................. 23

Virtual Private Networking (VPN)...................................................................................................23

FIGURE 2.2 – Procedure showing how a VPN(Virtual Private Network) works..................................23

Inter Bank Fund Transfer – IBFT....................................................................................................24

FIGURE 2.3 – How AKBL’s Online transaction moves across the country.........................................24

Transaction via ATM to a Bank Account.............................................................................................25

Privacy guaranteed............................................................................................................................. 25

Network security................................................................................................................................. 25

AA S K A R IS K A R I B B A N KA N K W H I L EW H I L E F A C I L I T A T I N GF A C I L I T A T I N G B B U S I N E S S E SU S I N E S S E S ..................................................................................................................................................2 52 5

Network specifications........................................................................................................................... 26

Wide Area Network............................................................................................................................. 26

KBOX.................................................................................................................................................. 26

Bank’s IT Room.................................................................................................................................. 27

GG L O S S A R YL O S S A R Y ............................................................................................................................................................................................................................................................................................................................................................ 2 82 8

01. ATM........................................................................................................................................ 28

02. B2B......................................................................................................................................... 28

03. B2C........................................................................................................................................ 28

04. Bank-Wire Transfers...............................................................................................................28

05. Decrypt................................................................................................................................... 28

06. Encrypt................................................................................................................................... 28

07. FTP......................................................................................................................................... 28

08. IBAN....................................................................................................................................... 28

09. IBFT........................................................................................................................................ 28

10. Intranets and Extranets..........................................................................................................28

11. Middle-in-the-man attack........................................................................................................29

12. Spoof...................................................................................................................................... 29

13. SWIFT.................................................................................................................................... 29

14. System administrator..............................................................................................................29

15. TCP/IP.................................................................................................................................... 29

16. Topology................................................................................................................................. 29

17. Trojan..................................................................................................................................... 29

18. VPN........................................................................................................................................ 29

19. WAP....................................................................................................................................... 29

______________________________________________________________________________ii


CC H A P T E RH A P T E R 1 – I 1 – I N T R ON T R O T OT O O O N L I N EN L I N E B B A N K I N GA N K I N G

What is mean by online banking?Online banking (or Internet banking or Electronic banking) is an umbrella term for the process by

which a customer may perform banking transactions electronically without visiting a brick-and-mortar

institution. The following terms all refer to one form or another of electronic banking: personal computer

(PC) banking, Internet banking, virtual banking, online banking, home banking, remote electronic banking,

and phone banking. PC banking and Internet or online banking is the most frequently used designations.

It should be noted, however, that the terms used to describe the various types of electronic banking are

often used interchangeably.

Why online?Today, banks seem to be jumping on the bandwagon of Internet banking. Why is there a sudden

increase of bank interests in the Internet? The reasons are

Because of the improved security and encryption methods developed on the Internet.

Banks did not want to lose a potential market share to banks that were quick to offer their

services on the Internet.

Electronic banking is an activity that is not new to banks or their customers. Banks,

having been providing their services to customers electronically for years through

software programs, which allowed the user’s personal computer to dial up the bank

directly. In the past however, banks have been very reluctant to provide their customers

with banking via the Internet due to security concerns, but now it’s a reality. As high

growth potential for e-banking the players focused on increasing and improving their E-

banking services. As a part of this, the banks began to collaborate with functions online

via Bank Wire Transfers.

What is Bank Wire Transfers?Bank wire transfers is said to be the path or interface which allows bank-2-bank transactions

between two international banks, often the most expedient method for transferring funds between

bank accounts. A bank wire transfer is affected as follows

Sender’s Bank Account

SWIFT Receiver’s Bank Account

FIGURE 1.1 – Basic Illustration How Bank Wire Transfers Work.

In the light of above illustration, we understand that:

1. The entity wishing to do a transfer approaches a bank and gives the bank the order to transfer a

certain amount of money. IBAN and BIC codes are given as well so the bank knows where the

money needs to be sent.

______________________________________________________________________________1


2. The sending bank transmits a message, via a secure system (such as SWIFT) to the receiving

bank, requesting that it effect payment according to the instructions given.

3. The message also includes settlement instructions. The actual transfer is not instantaneous:

funds may take several hours or even days to move from the sender's account to the receiver's

account.

4. Either the banks involved must hold a reciprocal account with each other, or the payment must be

sent to a bank with such an account, a correspondent bank, for further benefit to the ultimate

recipient.

Banks collect payment for the service from the sender as well as from the recipient. The sending bank

typically collects a fee separate from the funds being transferred, while the receiving bank and

intermediate banks through which the transfer travels deduct fees from the money being transferred so

that the recipient receives less than what the sender sent.

Some terminologies explained:

THE INTERNATIONAL BANKING ACCOUNT NUMBER SYSTEM

The International Bank Account Number (IBAN) is an international standard for identifying

bank accounts across national borders with a minimal of risk of propagating transcription errors. It

was originally adopted by the European Committee for Banking Standards (ECBS), and was later

adopted as an international standard under ISO 13616:1997 and now as ISO 13616-1:2007.The

official IBAN registrar under ISO 13616-2:2007 is SWIFT.

Why IBAN?

The IBAN was originally developed to facilitate payments within the European Union but

the format is flexible enough to be applied globally. It consists of an ISO 3166-1 alpha-2

country code, followed by two check digits that are calculated using a mod-97 technique

and Basic Bank Account Number (BBAN) with up to thirty alphanumeric characters. The

BBAN includes the domestic bank account number and potentially routing information.

The national banking communities decide individually on a fixed length for all BBAN in

their country.

SWIFT CODE:ISO 9362 (also known as SWIFT-BIC, BIC code, SWIFT ID or SWIFT code) is a standard format

of Business Identifier Codes approved by the International Organization for Standardization

(ISO). It is a unique identification code for both financial and non-financial institutions. These

codes are used when transferring money between banks, particularly for international wire

transfers, and also for the exchange of other messages between banks. The codes can

sometimes be found on account statements.

______________________________________________________________________________2


The latest edition is ISO 9362:2009 (dated 01-10-2009). The SWIFT code is 8 or 11 characters,

made up of:

1. 4 letters: Institution Code or bank code.

2. 2 letters: ISO 3166-1 alpha-2 country code

3. 2 letters or digits: location code

4. if the second character is "0", then it is typically a test BIC as opposed to a BIC used on

the live network.

5. if the second character is "1", then it denotes a passive participant in the SWIFT network

6. if the second character is "2", then it typically indicates a reverse billing BIC, where the

recipient pays for the message as opposed to the more usual mode whereby the sender

pays for the message.

7. 3 letters or digits: branch code, optional ('XXX' for primary office)

Where an 8-digit code is given, it may be assumed that it refers to the primary office.

SWIFT Standards, a division of The Society for Worldwide Interbank Financial

Telecommunication (SWIFT), handles the registration of these codes. For this reason, Business

Identifier Codes (BICs) are often called SWIFT addresses or codes.

The Global E-Banking Scenario The banking industry is expected to be a leading player in e-business. While the banks in developed

countries are working primarily via Internet as non-branch banks and operating virtually, banks in the

developing countries use the Internet as an information delivery tool to improve relationship with

customers.

In early 2001, approximately 60 percent of e-business in the UK was concentrated in the financial services

sector, and with the expected 10-fold increase of the British e-business market by 2004, the share of the

financial services will further increase. Around one fifth of Finish and Swedish bank customers are

banking online, while in the US, according to UNCTAD, online banking is growing at an annual rate of 60

percent and the numbers of online accounts are expected to reach 15 million near future.

Banks have established an Internet presence with various objectives. Most of them are using the Internet

as a new distribution channel. Financial services, with the use of Internet, may be offered in an equivalent

quantity with lower costs to the more potential customers. There may be contacts from each corner of the

world at any time of day or night. This means that banks may enlarge their market without opening new

branches. The banks in the US are using the Web to reach opportunities in three different categories: to

market information, to deliver banking products and services, and to improve customer relationship.

______________________________________________________________________________3


Hurdles in implementation of E-Banking in the Region:In Asia, the major factor restricting growth of e-banking is security factor, in spite of several

countries being well connected via Internet. Access to high-quality e-banking products is an issue

as well. Majority of banks in Asia are just offering basic services compared with those of

developed countries. Still, e-banking seems to have a future in Asia. According to McKinsey

survey, e-banking will succeed if the basic features, especially bill payments, are handled well. Bill

payment was the most popular feature, cited by 40 percent of respondents of the survey.

However, providing this service would be difficult for banks in Asia because it requires a high level

of security and involves arranging transactions with a variety of players,

In 2001, over 50 percent of the banks in the US were offering e-banking services. However, large

banks appeared to have a clear advantage over small banks in the range of services they offered.

Some banks in the US were targeting their Internet strategies towards business customers. Apart

from affecting the way customers received banking services; e-banking was expected to influence

the banking industry structure. The economics of e-banking was expected to favor large banks

because of economies of scale and scope, and the ability to advertise heavily. Moreover, e-

banking offered entry and expansion opportunities that small banks traditionally lacked.

Internet Services Provided by BanksBroadly, the levels of banking services offered through INTERNET can be categorized in to three types:

1. The Basic Level Service is the banks’ websites which disseminate information on different

products and services offered to customers and members of public in general. It may receive and

reply to customers’ queries through e-mail,

2. In the next level are Simple Transactional Websites which allow customers to submit their

instructions, applications for different services, queries on their account balances, etc, but do not

permit any fund-based transactions on their accounts,

3. The third level of Internet banking services are offered by Fully Transactional Websites which

allow the customers to operate on their accounts for transfer of funds, payment of different bills,

subscribing to other products of the bank and to transact purchase and sale of securities, etc.

The above forms of Internet banking services are offered by traditional banks, as an additional method of

serving the customer or by new banks, who deliver banking services primarily through Internet or other

electronic delivery channels as the value added services. Some of these banks are known as ‘virtual’

banks or ‘Internet only’ banks and may not have any physical presence in a country despite offering

different banking services.

Issues in services provided by banks via internetFollowing are some of the issues which are being faced by the banks while providing internet

banking facilities

______________________________________________________________________________4


1. It removes the traditional geographical barriers as it could reach out to customers of

different countries/legal jurisdiction. This has raised the question of jurisdiction of

law/supervisory system to which such transactions should be subjected,

2. It has added a new dimension to different kinds of risks traditionally associated with

banking, heightening some of them and throwing new risk control challenges,

3. Security of banking transactions, validity of electronic contract, customers’ privacy,

etc., which have all along been concerns of both bankers and supervisors have

assumed different dimensions given that Internet is a public domain, not subject to

control by any single authority or group of users,

4. It poses a strategic risk of loss of business to those banks who do not respond in

time, to this new technology, being the efficient and cost effective delivery mechanism

of banking services,

5. A new form of competition has emerged both from the existing players and new

players of the market who are not strictly banks.

The regulatory and Supervisory concerns in i-bankingThe Regulatory and Supervisory concerns in i-banking arise mainly out of the distinctive features

outlined above. These concerns can be broadly addressed under three broad categories, viz,

1. Legal and regulatory issues,

2. Security and technology issues and

3. Supervisory and operational issues.

LEGAL AND REGULATORY ISSUES:

Legal issues cover those relating to the jurisdiction of law, validity of electronic

contract including the question of repudiation, gaps in the legal / regulatory environment

for electronic commerce. On the question of jurisdiction the issue is whether to apply the

law of the area where access to Internet has been made or where the transaction has

finally taken place. Allied to this is the question where the income has been generated

and who should tax such income. There are still no definite answers to these issues.

SECURITY AND TECHNOLOGICAL ISSUES

Security of i-banking transactions is one of the most important areas of concerns to

the regulators. Security issues include questions of adopting internationally accepted

state-of-the art minimum technology standards for access control, encryption/decryption

(minimum key length etc), firewalls, verification of digital signature, Public Key

Infrastructure (PKI) etc. The regulator is equally concerned about the security policy for

the banking industry, security awareness and education.

______________________________________________________________________________5


Security Incidents

2003 and 2004 saw the emergence of fraudulent activities pertaining to Internet

Banking or better known in the industry as “phishing”. A total of 92 phishing cases

were reported to the Malaysian Computer Emergency Response Team (MyCERT,

www.mycert.org.my) in 2004. The modus operandi of this activity is to use spoofing

techniques to gain names and passwords of account holders.

The victims reported being deceived into going to a fake website where perpetrators

stole their usernames and passwords and later use the information for the

perpetrators’ own advantage. Phishing is an attempt to commit fraud via social

engineering. The impact is the breach of information security through the compromise

of confidential data.

The Association of Banks Malaysia (ABM) has urged both commercial banks and

their customers to be extra vigilant following reports of fraudulent email purportedly

sent by banks with Internet banking services to online customers.

The fraudulent activities mentioned above are not limited to the Malaysian banking

industry. It is a worldwide problem particularly in the United States. There, 2560 new

unique phishing sites were reported to the Anti Phishing Working Group (APWG) in

this year. (see

http://antiphishing.org/APWG_Phishing_Activity_Report_Feb05.pdf).

It was an increase of 47 percent over the December 2004 figure. APWG is an

industry association focused on eliminating identity theft and fraud that result from the

growing problem of phishing and email spoofing. This voluntary based organization

provides a forum to discuss phishing issues, trials and evaluations of potential

technology solutions, and access to a centralised repository of reports on phishing

attacks.

In China, it was reported that the National Computer Network Emergency Response

Technical Team / Coordination Centre of China (CNCERT/CC) received 223 Phishing

reports from over 33 worldwide financial and security organization.

Attack Techniques

Nowadays, the nature of attacks is more active rather than passive. Previously, the

threats were all passive such as password guessing, dumpster diving and shoulder

surfing. Here are some of the techniques used by the attackers today:

• Trojan Attack.

The attacker installs a Trojan, such as key logger program, on a user’s computer.

This happens when users visited certain websites and downloaded

programs. As they are doing this, key logger program is also installed on their

computer without their knowledge.

______________________________________________________________________________6


When users log into their bank’s website, the information keyed in during that

session will be captured and sent to the attacker.

Here, the attacker uses the Trojan as an agent to piggyback information from

the user’s computer to his backyard and make any fraudulent transactions

whenever he wants.

• Man-in-the-Middle Attack.

Here, the attacker creates a fake website and catches the attention of users

to that website. Normally, the attacker was able to trick the users by

disguising their identity to make it appear that the message was coming from

a trusted source. Once successful, instead of going to the designated

website, users do not realize that they actually go to the fraudster’s website.

The information keyed in during that session will be captured and the

fraudsters can make their own transactions at the same time.

FIGURE 1.2 – Information compromised through man-in-the-middle attack.

Striking a Balance

Presently, Internet banking customers only need a computer with access to the

Internet to use Internet banking services. Customers can access their banking

accounts from anywhere in the world. Each customers is provided a login ID and

a password to access the service. It is indeed easy and convenient for

customers. ______________________________________________________________________________

7


However, the use of password does not provide adequate protection against

Internet fraud such as phishing. The problem with password is that when it has

been compromised, the fraudsters can easily take full control of online

transactions. In such cases, the password is no longer works as an authentication

token because we cannot be sure who is behind the keyboard typing that

password in.

However, easy access and convenience should not be at the expense and mercy

of the security of information. This is important in order to ensure the

confidentiality of information and that it is not being manipulated or compromised

by the fraudsters.

There are several methods of ensuring a more secure Internet banking:

1. Minimum Requirement: Two Factor Authentication

Based on the above method, the security measures in place are not

adequate to prevent fraud. The current method of using only one factor of

authentication definitely has its weaknesses. The security aspects of

Internet banking need to be strengthened. At minimum, a two-factor

authentication should be implemented in order to verify the authenticity

of the information pertaining to Internet banking services.

The first authentication factor can be the use of passwords and the

second authentication factor can be the use of tokens such as a

smartcard. MyKAD is a good avenue to introduce the second factor.

The above security measures will greatly minimize incidents of Internet

banking fraud. The smartcard here provides a second layer of

authentication. This will stop a perpetrator even if he manages to obtain

the user’s password.

Intercepted passwords cannot be used if fraudsters do not have the

Smartcard. Besides addressing fraudulent activities, this can instill

customers’ confidence in Internet banking.

2. Additional Requirement: Three Factor Authentication

However, for a better security, a three factor authentication process

should be considered. The third authentication factor is the use of

biometric such as iris or thumbprint recognition. This ascertains who one

is, biologically. This method of authentication has been introduced by the

______________________________________________________________________________8


Employee Provident Fund (EPF) for it members, but is limited to getting

the latest statements of a member.

With a three-factor authentication a more secure method can be

implemented - a password to ascertain what one knows, a token

(smartcard) to ascertain what one has, and biometric recognition (for

example fingerprint or thumbprint) to ascertain who one biologically is.

As such, if passwords have been compromised, fraudsters need to get

through another two levels of authentication to access a customers

account. This would be difficult, if not totally impossible.

SUPERVISORY AND OPERATIONAL ISSUES

The supervisory and operational issues include risk control measures, advance

warning system, Information technology audit and re-engineering of operational

procedures. The regulator would also be concerned with whether the nature of products

and services offered are within the regulatory framework and whether the transactions do

not camouflage money-laundering operations.

State Bank of Pakistan’s Concerns over Internet FacilitiesThe Central Bank may have its concern about the impact of Internet banking on its monetary and

credit policies. As long as Internet is used only as a medium for delivery of banking services and

facilitator of normal payment transactions, perhaps, it may not impact monetary policy. However,

when it assumes a stage where private sector initiative produces electronic substitution of money

like e-cheque, account based cards and digital coins, its likely impact on monetary system can not

be overlooked.

Even countries where i-banking has been quite developed, its impact on monetary policy has not

been significant. Even in Pakistan, such concern, for the present is not addressed as the Internet

banking is still in its initial stages.

The world over, central bankers and regulators have been addressing themselves to meet the

new challenges thrown open by this form of banking. Several studies have pointed to the fact that

the cost of delivery of banking service through Internet is several times less than the traditional

delivery methods. This alone is enough reason for banks to flock to Internet and to deliver more

and more of their services through Internet and as soon as possible. Not adopting this new

technology in time has the risk of banks getting edged out of competition.

In such a scenario, the thrust of regulatory thinking has been to ensure that while the banks

remain efficient and cost effective, they must be aware of the risks involved and have proper built-

in safeguards, machinery and systems to manage the emerging risks. It is not enough for banks

______________________________________________________________________________9


to have systems in place, but the systems must be constantly upgraded to changing and well-

tested technologies, which is a much bigger challenge.

The other aspect is to provide conducive regulatory environment for orderly growth of such form

of banking. Central Banks of many countries have put in place broad regulatory framework for i-

banking.

The Global ScenarioThe world over, central bankers and regulators have been addressing themselves to meet the

new challenges thrown open by this form of banking. Several studies have pointed to the fact that

the cost of delivery of banking service through Internet is several times less than the traditional

delivery methods. This alone is enough reason for banks to flock to Internet and to deliver more

and more of their services through Internet and as soon as possible.

Not adopting this new technology in time has the risk of banks getting edged out of competition. In

such a scenario, the thrust of regulatory thinking has been to ensure that while the banks remain

efficient and cost effective, they must be aware of the risks involved and have proper built-in

safeguards, machinery and systems to manage the emerging risks.

It is not enough for banks to have systems in place, but the systems must be constantly upgraded

to changing and well-tested technologies, which is a much bigger challenge. The other aspect is

to provide conducive regulatory environment for orderly growth of such form of banking. Central

Banks of many countries have put in place broad regulatory framework for i-banking.

Hurdles in implementation of E-Banking in the Region:In Asia, the major factor restricting growth of e-banking is information security factor, in spite of

several countries being well connected via Internet. Access to high-quality e-banking products is

an issue as well. Majority of banks in Asia are just offering basic services compared with those of

developed countries. Still, e-banking seems to have a future in Asia. According to McKinsey

survey, e-banking will succeed if the basic features, especially bill payments, are handled well. Bill

payment was the most popular feature, cited by 40 percent of respondents of the survey.

However, providing this service would be difficult for banks in Asia because it requires a high level

of security and involves arranging transactions with a variety of players,

In 2001, over 50 percent of the banks in the US were offering e-banking services. However, large

banks appeared to have a clear advantage over small banks in the range of services they offered.

Some banks in the US were targeting their Internet strategies towards business customers. Apart

from affecting the way customers received banking services; e-banking was expected to influence

the banking industry structure. The economics of e-banking was expected to favor large banks

because of economies of scale and scope, and the ability to advertise heavily. Moreover, e-

banking offered entry and expansion opportunities that small banks traditionally lacked.

______________________________________________________________________________10


Internet – its basic structure and topology Internet is a vast network of individual computers and computer networks connected to and communicate

with each other using the same communication protocol – TCP/IP (Transmission Control Protocol /

Internet Protocol). When two or more computers are connected a network is created; connecting two or

more networks create ‘internetwork’ or Internet. The Internet, as commonly understood, is the largest

example of such a system. Internet is often and aptly described as ‘Information Superhighway’, a means

to reach innumerable potential destinations. The destination can be any one of the connected networks

and host computers.

Internet has evolved to its present state out of a US Department of Defense project ARPANet (Advanced

Research Project Administration Network), developed in the late 1960s and early 1970s as an experiment

in wide area networking. A major perceived advantage of ARPANet was that the network would continue

to operate even if a segment of it is lost or destroyed since its operation did not depend on operation of

any single computer. Though originally designed as a defence network, over the years it was used

predominantly in areas of scientific research and communication. By the 1980s, it moved out of

Pentagon’s control and more independent networks from US and outside got connected to it. In 1986, the

US National Science Foundation (NSF) established a national network based on ARPA protocol using

commercial telephone lines for connectivity. The NSFNet was accessible by a much larger scientific

community, commercial networks and general users and the number of host computers grew rapidly.

Eventually, NSFNet became the framework of today’s Internet. ARPANet was officially decommissioned

in 1990.

It has become possible for innumerable computers operating on different platforms to communicate with

each other over Internet because they adopt the same communication protocol, viz, TCP/IP. The latter,

which stands for ‘Transmission Control Protocol / Internet Protocol’, is a set of rules which define how

computers communicate with each other. In order to access Internet one must have an account in a host

computer, set up by any one of the ISPs (Internet Service Providers). The accounts can be SLIP (Serial

Line Internet Protocol) or PPP (Point to Point Protocol) account. These accounts allow creating temporary

TCP/IP sessions with the host, thereby allowing the computer to join the Internet and directly establish

communication with any other computer in the Internet. Through this type of connection, the client

computer does not merely act as a remote terminal of the host, but can run whatever programs are

available on the web. It can also run several programs simultaneously, subject to limitations of speed and

memory of the client computer and modem. TCP/IP protocol uses a unique addressing scheme through

which each computer on the network is identified.

TCP / IP protocol is insecure because data packets flowing through TCP / IP networks are not normally

encrypted. Thus, any one who interrupts communication between two machines will have a clear view of

the data, passwords and the like. This has been addressed through Secured Socket Layer(SSL), a

Transport Layer Security (TLS) system which involves an encrypted session between the client browser

and the web server.

______________________________________________________________________________11


FTP or File Transfer Protocol is a mechanism for transferring files between computers on the Internet. It

is possible to transfer a file to and from a computer (ftp site) without having an account in that machine.

Any organization intending to make available to public its documents would normally set up a ftp site from

which any one can access the documents for download. Certain ftp sites are available to validated users

with an account ID and password.

E-Mail: The most common and basic use of Internet is the exchange of e-mail (electronic mail). It is an

extremely powerful and revolutionary result of Internet, which has facilitated almost instantaneous

communication with people in any part of the globe. With enhancements like attachment of documents,

audio, video and voice mail, this segment of Internet is fast expanding as the most used communication

medium for the whole world. Many websites offer e-mail as a free facility to individuals. Many

Corporate have interfaced their private networks with Internet in order to make their email accessible from

outside their corporate network.

World Wide Web (WWW) Internet encompasses any electronic communication between computers using TCP/IP protocol,

such as e-mail, file transfers etc. WWW is a segment of Internet, which uses Hyper Text Markup

Language (HTML) to link together files containing text, rich text, sound, graphics, video etc. and

offers a very convenient means of navigating through the net. It uses hypertext transfer protocol

(HTTP) for communication between computers. Web documents, which are referred to as pages,

can contain links to other related documents and so on, in a tree like structure. The person

browsing one document can access any other linked page. The web documents and the web

browsers which are the application programs to access them, are designed to be platform

independent. Thus any web document can be accessed irrespective of the platform of the

computer accessing the document and that of the host computer. The programming capabilities

and platform independence of Java and Java applets have further enriched the web. The ‘point

and click’ method of browsing is extremely simple for any lay user of the net. In fact, the

introduction of web since early 1990 has made Internet an extremely popular medium and its use

in business has been enhanced dramatically.

The next in the HTML genre is the Extensible Markup Language (XML), which allows automated

two-way information flow between data stores and browser screens. XML documents provide

both the raw content of data and the data structure and is projected by its proponents as taking

the web technology beyond the limits of HTML.

Wireless Application Protocol (WAP):WAP is the latest industry standard which provides wireless access to Internet through handheld

devices like a cellular telephone. This is an open standard promoted by WAP forum and has been

adopted by world’s all major handset manufacturers. WAP is supplemented by Wireless

Application Environment (WAE), which provides industry wise standard for developing

applications and services for wireless communication networks. This is based on WWW

______________________________________________________________________________12


technology and provides for application for small screens, with interactive capabilities and

adequate security. Wireless Transaction Protocol (WTP), which is the equivalent of TCP, sets the

communication rules and Wireless Transport Layer Security (WTLS) provides the required

security by encrypting all the session data. WAP is set to revolutionize the commercial use of net.

Security threats:One of the biggest attractions of Internet as an electronic medium is its openness and freedom. It

is a public domain and there is no restriction on who can use it as long as one adheres to its

technical parameters. This has also given rise to concerns over the security of data and

information transfer and privacy. These concerns are common to any network including closed

user group networks. But over the Internet, the dimensions of risk are larger while the control

measures are relatively fewer. These issues are discussed in detail in Chapter–5 and Chapter–6

of the report. It will be sufficient to say here that the key components of such concern are,

i. authentication, viz., assurance of identity of the person in a deal,

ii. authorization, viz., a party doing a transaction is authorized to do so,

iii. the privacy or confidentiality of data, information relating to any deal,

iv. data integrity, viz., assurance that the data has not been altered and

v. non repudiation, viz., a party to the deal can not deny that it originated the communication

or data.

E-Commerce:Even though started as network primarily for use by researchers in defense and scientific

community, with the introduction of WWW in early 1990s, use of Internet for commerce has grown

tremendously. E-commerce involves individuals and business organizations exchanging business

information and instructions over electronic media using computers, telephones and other

telecommunication equipments. Such form of doing business has been in existence ever since

electronic mode of data / information exchange was developed, but its scope was limited only as

a medium of exchange of information between entities with a pre-established contractual

relationship. However, Internet has changed the approach to e-commerce; it is no longer the

same business with an additional channel for information exchange, but one with new strategy

and models.

A business model generally focuses on

i. where the business operates, that is, the market, the competitors and the customers,

ii. what it sells, that is, its products and services

______________________________________________________________________________13


iii. the channels of distribution, that is, the medium for sale and distribution of its products

and

iv. the sources of revenue and expenditure and how these are affected.

Internet has influenced all the four components of business model and thus has come to influence

the business strategy in a profound way. The size of the market has grown enormously as

technically, one can access the products and services from any part of the world. So does the

potential competition. The methods of reaching out to customers, receiving the response and

offering services have a new, simpler and efficient alternative, now, that is, Internet. The cost of

advertisement, offer and delivery of services through Internet has reduced considerably, forcing

most companies to rework their strategies to remain in competition.

A research note by Paul Timmers of European commission had identified eleven business

models, which have been commercially implemented. These are e-shop, e-procurement,

e-auction, e-mall, Third-party market place, Virtual communities, Value chain service providers,

Value chain integrators, Collaboration platforms and Information brokers. He classified business

models along two dimensions, i.e, degree of innovation and extent of integration of functions. The

innovation ranged from the electronic version of a traditional way of doing business (e-shop) to

more innovative ways by offering functions that did not exist before. The second dimension, i.e,

extent of integration ranges from a single function business model (like e-shop) to fully integrated

functionality (value chain integrator). In the top end of the graph are models, which cannot be

implemented in a traditional way and are critically dependent upon information technology and

creating value from information flow. Business models, in between these two limits are a

combination of both dimensions in different degrees and have some degree of analogy in

traditional firms.

There are two types of e-commerce ventures in operation: the old brick and mortar companies,

who have adopted electronic medium, particularly Internet, to enhance their existing products and

services, and / or to offer new products and services and the pure e-ventures who have no visible

physical presence. This difference has wider ramifications than mere visibility when it comes to

issues like customer’s trust, brand equity, ability to service the customers, adopting new business

culture and cost.

These aspects of e-commerce will be touched upon in the following discussions.

Another way of classifying the e-commerce is by the targeted counterpart of a business, viz,

whether the counterpart is a final consumer or another business in the distribution chain.

Accordingly, the two broad categories are: Business-to-Consumer (B2C) and Business-to-

Business (B2B).

Business-to-Consumers (B2C):In the B2C category are included single e-shops, shopping malls, e-broking, e-auction,

e-banking, service providers like travel related services, financial services etc., education,

______________________________________________________________________________14


entertainment and any other form of business targeted at the final consumer. Some of the

features, opportunities and concerns common to this category of business irrespective of the

business segment, are the following.

Opportunities:Internet provides an ever-growing market both in terms of number of potential customers and

geographical reach. Technological development has made access to Internet both cheaper and

faster. More and more people across the globe are accessing the net either through PCs or other

devices. The purchasing power and need for quality service of this segment of consumers are

considerable. Anybody accessing Internet is a potential customer irrespective of his or her

location. Thus, any business targeting final consumers cannot ignore the business potential of

Internet.

Internet offers a unique opportunity to register business presence in a global market. Its

effectiveness in disseminating information about one’s business at a relatively cost effective

manner is tremendous. Time sensitive information can be updated faster than any other media. A

properly designed website can convey a more accurate and focused image of a product or

service than any other media. Use of multimedia capabilities, i.e., sound, picture, movies etc., has

made Internet as an ideal medium for information dissemination. However, help of other media is

necessary to draw the potential customers to the web site.

The quality of service is a key feature of any e-commerce venture. The ability to sell one’s product

at anytime and anywhere to the satisfaction of customers is essential for e-business to succeed.

Internet offers such opportunity, since the business presence is not restricted by time zone and

geographical limitations. Replying to customers’ queries through e-mail, setting up (Frequently

Asked Questions) FAQ pages for anticipated queries, offering interactive help line, accepting

customers’ complaints online 24 hours a day and attending to the same, etc. are some of the

features of e-business which enhance the quality of service to the customers. It is of crucial

importance for an e-venture to realize that just as it is easier to approach a customer through

internet; it is equally easy to lose him. The customer has the same facility to move over to another

site.

Cost is an important issue in an e-venture. It is generally accepted that the cost of overhead,

servicing and distribution, etc. through Internet is less compared to the traditional way of doing

business. Although the magnitude of difference varies depending on the type of business and the

estimates made, but there is unanimity that Internet provides a substantial cost advantage and

this, in fact, is one of the major driving forces for more number of traditional business adopting to

e-commerce and pure e-commerce firms to sprout.

Cost of communication through WWW is the least compared to any other medium. Many a time

one’s presence in the web may bring in international enquiries, which the business might not have

targeted. The business should have proper plans to address such opportunities.

______________________________________________________________________________15


Concerns:There are a number of obstacles, which an e-commerce venture needs to overcome. Trust of

customers in a web venture is an important concern. Many customers hesitate to deal with a web

venture as they are not sure of the type of products and services they will receive. This is

particularly true in a B2C venture like e-shop, e-mall or e-auction site. Traditional business with

well established brands and goodwill and having a physical presence face less resistance from

customers in this regard than a pure e-venture.

Many B2C ventures have ultimately to deliver a product or service in physical form to the

customer for a deal contracted through Internet. This needs proper logistics, an efficient

distribution network, and control over quality of product or service delivered. These issues are not

technology related and any let off in this area can drive the customer away to the competitor or

from e-commerce. The privacy of information on the customer’s preferences, credit card and bank

account details etc. and customers’ faith in a system where such privacy is stated to be ensured

are important issues to be addressed. These are mainly technological issues, but human factor is

important both at the business and at the customers’ end and also in building the trust in the

system.

Security of a transaction, authenticity of a deal, identification of a customer etc. are important

technological and systems issues, which are major sources of concern to ecommerce. Equally

important are questions of repudiation of a deal, applicability of law, jurisdiction of tax laws etc.

These are important to all forms of e-commerce, whether B2C or B2B and all segments of

business, i.e. manufacturing, services and finance and are addressed in different chapters of this

report. Accessibility to Internet by the consumers is an important issue in B2C domain. This is

particularly so in countries like India where penetration of PCs and other devices to households

for access to Internet is minimal. Also important are availability of bandwidth and other

infrastructure for faster and easier access. Considering that ecommerce aims at global market,

deficiencies of these kinds in the developing world are no longer concerns confined to these

areas, but are global e-commerce concerns.

Business to Business (B2B)As opposed to B2C e-commerce, in B2B domain, the parties to a deal be at different points of the

product supply chain. Typically, in a B2B type domain, a company, its suppliers, dealers and

bankers to all the parties are networked to finalize and settle all aspects of a deal, online.

Perhaps, only the goods in different stages of processing physically move from the supplier to the

dealer. This scenario can be extended to include the shipper, providers of different ancillary

services, IT service provider and the payment system gateway, etc., depending on the degree of

sophistication of the available systems.

Another important feature of a B2B domain, as distinct from B2C, is that business information /

data is integrated to the back office systems of parties to a deal and the state of straight through

______________________________________________________________________________16


processing (STP) or near STP is achieved. This is a very significant aspect of B2B model of e-

commerce, which results in improved profits through lowering cost and reducing inventories.

For example, in a B2B environment, typically, the back office system of a company controls

inventory requirement with reference to the order book position updated regularly on the basis of

orders received from dealers through Internet. At the optimum level of inventory it raises a

purchase order with the supplier, whose system in turn, personnel, etc., since they involve large

investments and are critical to success. Several studies have attempted to assess the relative

importance of B2B and B2C business domains. There is wide difference in estimates of volume of

business transacted over Internet and its components under B2C and B2B. However, most

studies agree that volume of transactions in B2B domain far exceeds that in B2C. This is

expected result. There is also a growing opinion that the future of e-business lies in B2B domain,

as compared to B2C. This has several reasons some of which are already discussed earlier, like

low penetration of PCs to households, low bandwidth availability etc., in a large part of the world.

The success of B2C ventures depends to a large extent on the shopping habits of people in

different parts of the world. A survey sponsored jointly by Confederation of Indian Industries and

Infrastructure Leasing and Financial Services on e-commerce in India in 1999 made the following

observations. 62% of PC owners and 75% of PC non-owners but who have access to Internet

would not buy through the net, as they were not sure of the product offered. The same study

estimated the size of B2B business in India by the year 2001 to be varying between Rs. 250

billion to Rs. 500 billion. In a recent study done by Arthur Anderson, it has been estimated that

84% of total e-business revenue is generated from B2B segment and the growth prospects in this

segment are substantial. It has estimated the revenues to be anywhere between US $ 2.7 trillion

to over US $ 7 trillion near future.

The Growth of Internet Banking and common products:Internet Banking is a product of e-commerce in the field of banking and financial services. In what

can be described as B2C domain for banking industry, Internet Banking offers different online

services like balance enquiry, requests for cheque books, recording stop-payment instructions,

balance transfer instructions, account opening and other forms of traditional banking services.

Mostly, these are traditional services offered through Internet as a new delivery channel. Banks

are also offering payment services on behalf of their customers who shop in different e-shops,

emails etc. Further, different banks have different levels of such services offered, starting from

level-1 where only information is disseminated through Internet to level-3 where online

transactions are put through. These aspects have been dealt with in brief in the introductory

chapter and again detailed products and services are discussed in chapters 3 and 4. Hence, in

the following paragraphs I-banking concerns in B2B domain are discussed.

Considering the volume of business e-commerce, particularly in B2B domain, has been

generating, it is natural that banking would position itself in an intermediary role in settling the

transactions and offering other trade related services. This is true both in respect of B2C and B2B

domains. Besides, the traditional role of financial intermediary and settlement agents, banks have

______________________________________________________________________________17


also exploited new opportunities offered by Internet in the fields of integrated service providers,

payment gateway services, etc. However, the process is still evolving and banks are repositioning

themselves based on new emerging e-commerce business models.

In B2B scenario, a new form of e-commerce market place is emerging where various players in

the production and distribution chain are positioning themselves and are achieving a kind of

integration in business information flow and processing (STP or near STP) leading to efficiencies

in the entire supply chain and across industries. Banks are positioning themselves in such a

market in order to be a part of the financial settlements arising out of transactions of this market

and providing wholesale financial services. This needs integration of business information flow not

only across the players in the supply chain, but with the banks as well.

With the integration of business information flow and higher degree of transparency, the banks

and other financial services institutions have lost some of the information advantage they used to

enjoy and factor in to pricing of their products. However, such institutions have the advantage of

long standing relationships, goodwill and brand, which are important sources of assurance in a

virtual market. Banks are in fact, converting this goodwill into a business component in e-

commerce scenario in providing settlement and other financial services. Some banks have also

moved to providing digital certificates for transactions through e-markets. Banks’ strategies in B2B

market are responses to different business models emerging in e-commerce. A recent study by

Arthur Andersen shows that banks and financial service institutions generally adopt one of three

business models to respond to e-business challenges. In the first place, they treat it as an

extension of existing business without any significant changes other than procedural and what

technology demands. The second strategy takes the same approach as the first but introduces

structural changes to the underlying business. In the third approach banks launch e-business

platform as a different business from the existing core business and as a different brand of

product.

Different ApproachesThere is no definite answer as to which approach is appropriate. Perhaps it depends on the type

of market the bank is operating, its existing competencies and the legal and regulatory

environment. It is, however, sure that e-banking is evolving beyond the traditional limits of banking

and many new products / services are likely to emerge as ecommerce matures.

______________________________________________________________________________18


CC H A P T E RH A P T E R 2 – O 2 – O N L I N EN L I N E B B A N K I N GA N K I N G V I ZV I Z A A S K A R IS K A R I B B A N KA N K

As explained earlier how Banks work online with different challenges they face while operating online.

Similarly is the case with the bank we have chosen i.e. Askari Bank Limited. As we already know that the

purpose of having online facility is to have real-time transactions without having a customer to present

physically in the home branch and only with mere virtual presence like internet access, phone-banking,

mobile banking, inter-branch funds transfer etc.

Linking of branchesAll branches of Askari Bank Limited are connected but not limited only via:

Satellite links

Copper-wire media

Radio links

Fiber-optics

Nostra etc.

Branch network

FIGURE 2.1 – Askari Bank’s branch network across Pakistan region wise.

______________________________________________________________________________19


South Region Cities: » Chaman

» Dharki

» Ghotki

» Gwadar

» Hyderabad

» Jacobabad

» Jamshoro

» Kandhkot

» Karachi

» Khairpur

» Larkana

» Mirpur Khas

» Nawabshah

» Quetta

» Shikarpur

» Sukkur

» Tando Adam

______________________________________________________________________________20

http://askaribank.com.pk/network_branches_address.php?id=91


















North Region Cities: » Abbotabad

» Allai

» Chaksawari

» Chakwal

» Chashma

» Dadyal

» Dera Ismail Khan

» Gilgit

» Gujar Khan

» Haripur

» Hazroo

» Islamabad

» Jatlan

» Jhelum

» Kamra

» Mangla

» Mardan

» Mirpur

» Muzaffarabad

» Nowshera

» Peshawar

» Pindi Gheb

» Rawalpindi

» Risalpur

» Swat

» Taxila

» Wah Cantt

Center Region: » Bahawalpur

» Bhalwal

» Burewala

» Chiniot

» Daska

» Depalpur

» Dera Ghazi Khan

» Faisalabad

» Gujranwala

» Gujrat

» Hasil Pur

» Jalalpur Bhattian

» Jhang

» Khanewal

» Kharian

» Lahore

» Lalamusa

» Layyah

» Mandi Bahauddin

» Mianwali

» Multan

» Okara

» Phool Nagar

» Pir Mahal

» Rahim Yar Khan

» Sadiqabad

» Sahiwal

» Sargodha

» Sheikhupura

» Sialkot

» Toba Tek Singh

» Vehari

______________________________________________________________________________21





























































North Region Cities: » Abbotabad

» Allai

» Chaksawari

» Chakwal

» Chashma

» Dadyal

» Dera Ismail Khan

» Gilgit

» Gujar Khan

» Haripur

» Hazroo

» Islamabad

» Jatlan

» Jhelum

» Kamra

» Mangla

» Mardan

» Mirpur

» Muzaffarabad

» Nowshera

» Peshawar

» Pindi Gheb

» Rawalpindi

» Risalpur

» Swat

» Taxila

» Wah Cantt

South Region Cities: » Chaman

» Dharki

» Ghotki

» Gwadar

» Hyderabad

» Jacobabad

» Jamshoro

» Kandhkot

» Karachi

» Khairpur

» Larkana

» Mirpur Khas

» Nawabshah

» Quetta

» Shikarpur

» Sukkur

» Tando Adam

______________________________________________________________________________22














































Why Askari Online Banking Facilities?Askari Bank online banking facility is unique in its own way because they provide this facility to each and

every of their valued customers and that’s not it, online banking in a same city is free, apart from having

facility of making online cheques, payorders, demand-draft (DD) etc. i.e. having facility to make online

cheques, PayOrders/Demand draft from anywhere across Pakistan, plus Askari Bank (AKBL) has an

excellent credit rating compared to the banks of its stature.

Askari Bank Online FacilitiesAskari Bank has always been a pioneer in providing some of the top-notch services to its consumer base,

which includes some of the following service

ATM facility Including AskCard, Askari Visa Debit Cards, Askari MasterCard etc are to name some, which with

the power of Visa and MasterCard, gives you the privilege of using it globally.

iNET Banking Internet, intranet and online banking to their valuable customers via bank’s 24/7 intranet

Virtual Private Networking (VPN)

FIGURE 2.2 – Procedure showing how a VPN(Virtual Private Network) works.

A virtual private network (VPN) is a computer network that uses a public telecommunication

infrastructure such as the Internet to provide remote offices or individual users secure access to

their organization's network. It aims to avoid an expensive system of owned or leased lines that

can be used by only one organization.

It encloses data transfers using a secure cryptographic method between two or more networked

devices which are not on the same private network so as to keep the transferred data private from

other devices on one or more intervening local or wide area networks via security checks like

firewalls and head-office which is generally referred as EDT/Phoenix. There are many different

classifications, implementations, and uses for VPNs.

______________________________________________________________________________23

http://en.wikipedia.org/wiki/Wide_area_network

http://en.wikipedia.org/wiki/Local_area_network

http://en.wikipedia.org/wiki/Private_network

http://en.wikipedia.org/wiki/Host_(network)

http://en.wikipedia.org/wiki/Host_(network)

http://en.wikipedia.org/wiki/Data_transfer

http://en.wikipedia.org/wiki/Encapsulation_(networking)

http://en.wikipedia.org/wiki/Internet

http://en.wikipedia.org/wiki/Computer_network


Inter Bank Fund Transfer – IBFTNo branch of AKBL far for you when having the privilege of transferring cash and funds from

anywhere to anywhere in Pakistan. Every AKBL consumer can avail this facility complimentary.

FIGURE 2.3 – How AKBL’s Online transaction moves across the country

Similarly, AKBL’s online network is centrally controlled from AWT Plaza, Rawalpindi, which they in short

call as ETD and system administrators and network auditors as Phoenix, where all their online records are

verified and are put in black and white, whether its day-end reporting, branch report, 100, 40 reports,

which includes all transactions to and from a particular branch.

As far as the above diagram concern, it is showing that a person whose home branch is in Islamabad, and

he’s in Karachi for some business work, so whenever he’ll be needing an online bank fund transfer option,

it’ll go through Phoenix in Islamabad and a log will be created there which will be including agent ID

(usually the CD incharge is the person who’s responsible for all such transactions) and than the

transaction will move forward to its final destination. All this takes merely 60 seconds to authenticate and

______________________________________________________________________________24

1Link / MNet

DHA Branch Khayaban-e-

Ittehad Branch, Karachi

Blue Area Branch,

Islamabad

HEAD-OFFICE/ETD/

PHOENIX


verify. In 40 report, all this log from a branch’s point-of-view is printed at day end and a CC is sent to the

ETD for reconciliation and only AFTER verification and rectification from Phoenix, the system

administrator is allowed to switch off the branch’s online network and most of the time he’s the last person

to leave the office building.

Transaction via ATM to a Bank Account

Thanks to the online banking network, you do not have to be physically present to make a

transaction or send or receive money. With having power of ATM in our ATM cards, we are able

to transfer funds and cash easily not limited to AKBL-to-AKBL but AKBL to all those banks which

support either MNET or 1Link (Cirrus network still in progress to be commonly used ATM network,

right now only SAMBA Bank is using it).

Not only that, ATMs now also allows us to have bill payments (not limited to utility bills payments

but also cell phone bill payments, school colleges university fees payments as well, provided that

particular bank supports such transactions as well.

Privacy guaranteed

Privacy while using ATM services matters greatly as all these transactions and printing of receipt

are system generated and under no circumstances, private information which could disclose

one’s identity is not a matter of concern as even when a particular branch network administrator

takes out the 40 report from ATM, even in that report, only first and last 4 digit of their card

numbers are visible and rest is hidden behind asterisks. Although those reports are kept in the

branch till Saturday and on every Saturday, they put those bundles of ATM receipt sheet which

includes their transaction activities across the week is dispatched in a folder and iFax one copy to

ETD on weekly basis with their particular branch ID.

Network securityNetwork security in current environment is a great matter of concern for banks because at times,

a little mishap can result a catastrophic output. That’s why all AKBL’s transactions are fully

secured by keeping it encrypted algorithm while using ATM facility, using up-to-date antivirus

security (at AKBL they are using Kaspersky Antivirus), last but not the least is Firewall guard.

These steps also applicable for having batch-transfers in real-time transaction and general

ledgers especially when they are being printed from out-of-network to AKBL ATM.

Askari Bank while facilitating Businesses

Askari Bank is currently facilitating businesses to a great deal. They are providing facilities like

Free-Fund-Transfer from Business-to-Business Account,

Business Visa Debit Cards

Country-to-Country Money and Fund Transfer via Nostra

______________________________________________________________________________25


Insurance

o Includes all business transactions

o All ATM transactions are fully insured

o All these facilities are complimentary for their customers

Business loans with low mark-up

Askari Paishgi Munafa Account

SWIFT Accounts

Network specificationsAs we know that there are many types of networks which are being used, most commonly is the LAN or

local area network. But Askari Bank uses WAN or Wide Area Network because of its wide array of

networked branches.

Wide Area NetworkWANs are used to connect LANs and other types of networks together, so that users and

computers in one location can communicate with users and computers in other locations. Many

WANs are built for one particular organization and are private. Others, built by Internet service

providers, provide connections from an organization's LAN to the Internet. WANs are often built

using leased lines. At each end of the leased line, a router connects to the LAN on one side and a

hub within the WAN on the other. Leased lines can be very expensive. Instead of using leased

lines, WANs can also be built using less costly circuit switching or packet switching methods.

Network protocols including TCP/IP deliver transport and addressing functions. Protocols

including Packet over SONET/SDH, MPLS, ATM and Frame relay are often used by service

providers to deliver the links that are used in WANs. X.25 was an important early WAN protocol,

and is often considered to be the "grandfather" of Frame Relay as many of the underlying

protocols and functions of X.25 are still in use today (with upgrades) by Frame Relay.

Academic research into wide area networks can be broken down into three areas: Mathematical

models, network emulation and network simulation.

Performance improvements are sometimes delivered via WAFS or WAN optimization.

As mentioned earlier, they also provide extranet support to their customers so that they can access their

account anywhere in the world. AKBL’s iNET banking is a prime example of their WAN accessibility

features.

KBOXKBOX is another of the software which is included with their WAN network package and the

purpose of this software is to limit personalized use of office computers and while at the day-end,

this report is also forwarded to ETD and a copy is saved in home branch, by personalized use we

mean:

______________________________________________________________________________26

http://en.wikipedia.org/wiki/WAN_optimization

http://en.wikipedia.org/wiki/Wide_area_file_services

http://en.wikipedia.org/wiki/Network_simulation

http://en.wikipedia.org/wiki/Network_emulation

http://en.wikipedia.org/wiki/Mathematical_model

http://en.wikipedia.org/wiki/Mathematical_model

http://en.wikipedia.org/wiki/X.25

http://en.wikipedia.org/wiki/X.25

http://en.wikipedia.org/wiki/Frame_relay

http://en.wikipedia.org/wiki/Asynchronous_Transfer_Mode

http://en.wikipedia.org/wiki/Multiprotocol_Label_Switching

http://en.wikipedia.org/wiki/Packet_over_SONET/SDH

http://en.wikipedia.org/wiki/TCP/IP

http://en.wikipedia.org/wiki/Communications_protocol

http://en.wikipedia.org/wiki/Packet_switching

http://en.wikipedia.org/wiki/Circuit_switching

http://en.wikipedia.org/wiki/Router

http://en.wikipedia.org/wiki/Leased_line

http://en.wikipedia.org/wiki/Internet_service_provider

http://en.wikipedia.org/wiki/Internet_service_provider


Playing games and listening music

Installing software other than the prescribed ones from ETD

Using any other source of connecting to internet (as apart from Branch manager and

Operations manager, no one in the branch is allowed to use internet of any means, even

anti-virus software is also to be updated directly by the system/network administrator and

no officer is allowed to do the same from his/her own) like internet device, USB stick etc.

Unauthorized flash-drive activity

Attaching any other device to office computers except office printers, scanners etc like

cell phones, smart phones, laptops (even though manager grades have such privileges)

Bank’s IT Room

All these records are initially kept at the branch’s IT room. An IT room is a place where usually on

a common day, no one is allowed to enter the room as case sensitive information is placed over

there,

like server configuration,

bandwidth distribution and allocation,

printing and saving logs of customer statements,

direct connected to the ETD,

usually the IT room is placed upstairs under the surveillance of CCTV cameras as voiding

it is a audit objection,

any network or equipment problem is referred to the network administrator,

Even in case of a problem with ATM like machine out of order or customer card stuck is

only recovered when there’s a network administrator around, because of his peculiar ID

he’s able to forward the complain to ETD therefore no one else in the branch have the

privilege of doing the same, else even in case of a problem with ATM no one is allowed to

touch it,

Therefore, in the light of above, one can’t deny the importance of a network administrator

and its room in Bank.

______________________________________________________________________________27


Glossary

01. ATMAutomatic Teller Machine

02. B2BBusiness-to-Business

03. B2CBusiness-to-Customers

04. Bank-Wire TransfersBank wire transfers is said to be the path or interface which allows bank-2-bank transactions between

two international banks, often the most expedient method for transferring funds between bank

accounts.

05. DecryptTo decode -

06. EncryptTo encode -

07. FTPFile Transfer Protocol

08. IBANThe International Bank Account Number (IBAN) is an international standard for identifying bank

accounts across national borders with a minimal of risk of propagating transcription errors.

09. IBFTInter-Bank-Fund-Transfer – Allows a customer to access his bank account away from his home-

branch and able to transfer cash and funds to and from a remote branch without physically present at

his home-branch.

10. Intranets and Extranets Intranet

Intranet is a network which is only available inside an organization or a company. It can be

accessed by all the computers that are operated inside the company's premises and is not

connected to the Internet. The purpose is to keep information contained inside the organization

and prevent leak of information due to employee errors or hacking attempts.

ExtranetExtranet is an extension of intranet to some entities outside the organization or a company. For

example if a company allows its customers to connect to the company intranet, then it will form an

______________________________________________________________________________28


extranet, which is composed of computers inside the company and outside the company but still

is separated from the regular internet.

11. Middle-in-the-man attackNormally, the attacker was able to trick the users by disguising their identity to make it appear that the

message was coming from a trusted source. Once successful, instead of going to the designated

website, users do not realize that they actually go to the fraudster’s website. The information keyed in

during that session will be captured and the fraudsters can make their own transactions at the same

time

12. SpoofA mail from hacker which misguides the end user to enter his personal details, and on the basis of

which, the log of the keys pressed on that spoof website, is directly key-logged into hackers’ computer

and therefore he’s able to use that information to personify others.

13. SWIFTISO 9362 (also known as SWIFT-BIC, BIC code, SWIFT ID or SWIFT code) is a standard format of

Business Identifier Codes approved by the International Organization for Standardization (ISO).

14. System administratorA system administrator or network administrator in a bank is a person who controls all network

transaction made through bank’s computer systems, which can include but not limited to printing of

receipts like statements, day-end procedures etc. It also helps connect the bank to the central network

and is the body responsible for keeping network server and its related equipments in well working

conditions. Apart from that he’s responsible for keeping the ATM machine well intact and any problem

in that machine has to be rectified by him.

15. TCP/IP

16. Topology

17. Trojan

18. VPNVirtual Private Network - A virtual private network (VPN) is a computer network that uses a public

telecommunication infrastructure such as the Internet to provide remote offices or individual users

secure access to their organization's network. It aims to avoid an expensive system of owned or

leased lines that can be used by only one organization.

19. WAPWireless Application Protocol –

______________________________________________________________________________29

http://en.wikipedia.org/wiki/Internet

http://en.wikipedia.org/wiki/Computer_network

mis report on online banking

Documents