In recent years, e-Business has come of age, with most users increasingly preferring to transact over the worldwide web. However, connectivity and availability of sensitive data in the virtual world has brought forth a host of related issues involving online fraud. Pre-empting and preventing online fraud has become one of the prime focus areas for most businesses today. According to a recently released report, online fraud has caused:
- A loss of over Rs. 42 crores from banks across India, and credit card fraud to the tune of Rs.36.54 crore
- A total of 233 reported crimes in 2008, and internet fraud of Rs.6.57 crore reported by various states, with Maharashtra having the highest incident rate of 23 and Tamil Nadu, the highest loss of Rs.2.09 crore
An effective answer to dealing with such crimes is the use of digital signatures powered by PKI technology for electronic transactions, thereby e
nsuring security, authenticity, confidentiality and non-repudiation. Since transactions signed with a digital certificate cannot be intercepted or hacked, it engenders confidence and comfort in both the bank and the customer.
The bank benefits through minimized physical document handling, reduced logistics cost, an opportunity window for cross-selling multiple
products (applications digitally signed), reduced service turnaround time and consequently, a high level of customer satisfaction. The non-repudiation characteristic of the digital signature is recognized by the IT Act, 2000 and provides the bank with legal sanctity in case of dispute.
Where do I use Digital Certificates?
- Manage all service requests from customer locally as well as NRI (Non-Resident-Indians)
- Account Origination, Credit Card or Loan application (applications digitally signed)
- 2-Factor Authentication for authentication net banking user
- Net banking Transaction verification
- Online trading for authentication and for conducting transactions
- Managing Service Requests Using Digital Signature
Let us look at a scenario where the customer wants to register an address change. Normally, the customer needs to log in to the bank’s website, call up the requisite form, download, fill and attach the relevant supporting documents and submit the completed physical form. Alternatively the customer has to visit the branch and fill and submit the physical form.
Today, with most banks offering services through their websites, customer fulfillment is increasingly taking the online route and is looking for easier and convenient way to conduct transactions. Address change using digital signatures not only provide a hassle-free banking option to the customer, it also significantly brings down the cost of servicing as show in the two scenarios below.
Scenerio 1: Banks can redesign their websites and segregate all financial and non-financial transactions. Customers no longer need to log in to the Net Banking accounts to request services. In this case, the application to request an address change is available as an Web Form that the customer can fill out, sign digitally using the digital certificate and submit securely through the bank’s website. This fulfills customer requirements and at the same time reduces load on the net banking site.
Scenerio 2: Customers can download a PDF application, fill the request for address change – sign the PDF using digital signature and email the request. Alternatively banks can accept a digitally signed email directly.
In both the scenario customer identity is clearly established and data integrity is maintained, as Digital signatures powered by PKI technology are accepted as a universal industry best practice and have revolutionized web transacting. Reserve Bank of India has encouraged banks to embrace PKI technology.
Snippets
- National Australia Bank leapfrogs rivals with three-factor authentication
- Online banking fraud rises by 55% to record £39 million, reports Financial Fraud Action, UK
- Fixed passwords inherently prone to phishing; one time password model mooted
- Implementing an Enterprise Content Management System (ECMS) helps tackle webmail based brute force attacks
- ‘Money mule’ Trojan skims money from online banking accounts and befuddles cybersleuths
- Web security checklist and warning about mobile phone banking – by Biz Coach Terry Corbell
- President Obama’s new Cyber Security Strategy hinges on identity authentication through PKI
For more information on these snippets, contact us at info@emudhra.com
---
Word of the Day (Virtual Vocabulary)
PKI: Public Key Infrastructure Technology
CA: Certification Authority – someone or some entity that can issue a digital signature
CR: Certificate Repository – a virtual area where all digital signature certificates are stored
RA: Registration Authority – Partner who enables the customer to procure digital signature certificate
Posts
