Flaws in Users Usability and Custom

Flaws in Users Usability and Customer Awareness
The unique aspect about information security in banking industry is that the security posture of a bank does not depend solely on the safeguards and practices implemented by the bank, it is equally dependent on the awareness of the users. This makes the task for protecting information confidentiality and integrity a greater challenge for the banking industry. Financial institutions have made, and should continue to make, efforts to educate their customers. Because customer awareness is a key defense against fraud and identity theft, because the biggest threat to online banking is still malicious code executed carelessly on the end-user‟s computer. The attackers tend to target the weakest link. Once the attacker has control over a user‟s computer, he or she can modify the information flow to his or her advantage. So financial institutions should evaluate their consumer education efforts to determine if additional steps are necessary. Management should implement a customer awareness program and periodically evaluate its effectiveness. Methods to evaluate a program‟s effectiveness include tracking the number of customers who report fraudulent attempts to obtain their authentication credentials (e.g., ID/password), the number of clicks on information security links on Web sites, the number of statement stuffers or other direct mail communications, the dollar amount of losses relating to identity theft, etc.[11] Social networking sites such as Facebook, MySpace and LinkedIn are a great way to keep in contact with friends and update professional associates. Unfortunately these also offer cyber criminals another way to gather information about clients. For protection, while using these social networking sites :
• Make sure your profile pages are only accessible to people you trust and not to the general public by customizing the security settings
• Never publish personal or sensitive information such as your birthday, drivers license number, tax file number or bank account details
• Use a different email address if you want to publish this online
• Don‟t publish contact details such as your home address or phone number
• Don‟t use same security questions as used in banking accounts like your pet name etc.

Most of the Privacy policies contain the information that our web sites may contain links to non-Group web sites and links are provided for client‟s convenience.Banks say “we try to link only to websites that also have high standards and respect for privacy but we are not responsible for their security and privacy practices or their content. We recommend that you always read the privacy and security statements on these websites”.So users should review their bank‟s information about its online privacy policies and practices. By law, banks are required to send a copy of their privacy policies and practices annually to clients; clients may also request a copy of this information. Bank web sites should also have this information. As clients read this information, pay particular attention to any mention of the methods used for encrypting transactions and authenticating user information.
Online banking involves certain risks. For clients it is important to educate them self about these risks, how unauthorized access to their financial information occurs, and the steps they can take to protect their financial information. Learning about their rights and responsibilities as an online banking consumer can make a difference to their financial well-being by changing the age-old saying “A penny saved is a penny earned” to “A penny saved is a penny kept.”[6]. Banks also publish on website, security tips along with their security policy for online banking, so users should always use those tips before going for any transaction.
To ensure that bank security measures can‟t be undetermined by manipulation, it is essential that customers ,too take steps to protect the system they use. The ordinary PC environment is exposed to many types of threats because of unsafe web surfing , all types of games and installation and/or use of a variety of unverified programs. If a user carries out an online banking transaction in an environment exposed to various threats, there is no way to guarantee safety for that online banking transaction, because Anti-virus and Anti-Malware programs are installed in the PC to protect against these threats, are unable to counter the exponentially increasing new breed of malicious code. because the Anti-Malware technology is signature base which only detects known threats. For example, the hacking tool for online banking called, Zeus, contains a technology that detects and avoids the Anti- Malware software, and is constantly spreading new breeds or variants of Zeus mostly through famous Web sites, fake Web sites, phishing sites, e-mail, etc. So they should be security conscious when using internet and check their bank statements regularly. Most of the recent hacking tools are circulated throughout the Web, and they are downloaded and executed in the user‟s PC while the user is simply Web surfing or opening an e-mail. These hacking tools can easily capture the password, account number, and personal data which the user is inputting. In short, having no proper protective measures, a considerable number of PCs may be using the Internet banking even now, completely unaware that they are infected with a variety of hacking tools or malicious codes.[9]. Banks also advise their customers to keep an OS and browser up-to-date with security patches. Beyond the web browser, generally there are many more applications commonly used by millions of users like Microsoft Office products such as Word and Excel, Media players such as Windows Media Player, Realplayer also pose security threats if unpatched and thereby being targeted by attackers. In fact, users must keep all applications up-to-date to avoid known attacks , especially in a Windows environment, though its difficult. Other operating systems, e.g., Ubuntu Linux and Mac OS X provide an update mechanism to keep all installed (native)software packages updated – but these are used by less than 5% of the population[7].While online, user should never surf internet in administrator mode, only surf with minimal user rights, because this makes manipulations and unauthorized accesses more difficult.
The banking sites generally present many security guidelines on their websites. According to DSCI-KPMG Survey-2010 report 100% India‟s banking sites publish do and don‟ts on their websites and 53% Providing demo for secure usage of banking services [10].Banks display following security tips on their sites for clients for security of their funds and information.
1. Banks strongly recommend users to Access your bank website only by typing the URL in the address bar of your browser and also ensure the address on the address bar of your internet browser begins with https.
2. Do not enter login or other sensitive information in any pop up window and prefer to use virtual keyboard for entering login information.
3. Verify the security certificate by clicking on the padlock icon of your internet browser.
4. Use newer version of Operating System with latest security patches.
5. Use latest version of Browsers
6. Ensure that Firewall is enabled and Antivirus signatures applied
7. Scan your computer regularly with Antivirus to ensure that the system is Virus/Trojan free.
8. Change your Internet Banking password at periodical intervals.
9. Always check the last log-in date and time in the post login page.
10. Avoid accessing Internet banking accounts from cyber cafes or shared PCs.
11. Use SMS alert services of bank.
12. Keep your mobile phone and other information updated with bank for OTP and SMS alerts.
Some banks like ICCI bank, State Bank of Patiala also provide demo for how to use online banking that helps the customers a lot but the thing is that customer should have the awareness about what the bank is providing for the security and what the customers should do to make transactions completely secure.
According to DSCI-KPMG Survey-2010 measures such as SMS alert, separate transaction password, virtual keyboard seem to be more popular, adoption of the strongly advocated measures such as One-Time-Password (dynamic token), identity grid and risk based authentication are still at a nascent stage[10].But One of the most significant information security challenges highlighted by the banks in the survey is lack of customer awareness on information security and the threat from insecure customer end points.