THE SECURITY OF ELECTRONIC BANKING

THE SECURITY OF ELECTRONIC BANKING

ABSTRACT

The Internet has played a key role in changing how we interact with other people and how we do business today. As a result of the Internet, electronic commerce has emerged, allowing businesses to more effectively interact with their customers and other corporations inside and outside their industries.

One industry that is using this new communication channel to reach its customers is the banking industry. The electronic banking system addresses several emerging trends: customers’ demand for anytime, anywhere service, product time to market imperatives and increasingly complex back office integration challenges. The challenges that oppose electronic banking are the concerns of security and privacy of information.

The current focus of security of information transfer is on the session layer protocols and the flaws in end-to-end computing. A secure end-to-end transaction requires a secure protocol to communicate over untrusted channels and a trusted code at both endpoints. The solution addresses the use of secure protocols because trusted channels don’t really exist in most of the environment, especially since we are dealing with linking to the average consumers.

The solutions to the security issues require the use of software based systems or hardware based systems or a hybrid of the two. These software based solutions involve the use of encryption algorithms, private and public keys, and digital signatures to form software packets known as Secure Electronic Transaction used by MasterCard and Pretty Good Privacy. Hardware based solutions such as the Smartcard and the Me Chip provide better protection for the confidentiality of personal information.

Software based solutions have the advantage over hardware based solutions in that they are easy to distribute and are generally less expensive.

ABBREVIATIONS

ATMs        Automated Teller Machine/Asynchronous Transfer Mode

B2B            business-to-business

B2C        business-to-consumer

B2G        business-to-government

C2C        consumer-to-consumer   

CA         certification authority

CEO        Chief Executive Officer

ESD        Electrostatic Discharge

ICT        Information Communication Technology

IT        Information Technology

ISP         Internet Service Provider

PCs        Personal Computers

PGP        Pretty Good Privacy

RSA    Right Shift Algorithm           

SMEs        Small and Medium Enterprises   

SET        Secure Electronic Transaction

SSL        Secure Socket Layer

WTO        World Trade Organisation

WWW        World Wide Web

1. INTRODUCTION

This paper highlights and cover the background of electronic banking, with the motivations and ventures in Electronic Banking, statement of the problem, objective, research question and justification of the study followed by scope and limitation of the study. Further, the discussion concerns about Electronic Banking from various perspectives, the security issue, with solutions in both software-based and hardware-based systems. Lastly, paper will be concluded with some final thoughts like conclusion and recommendation.

1.1 Background of the study

Internet and World Wide Web (www) in the developing countries has greatly changed the business environments of today’s world. In the developing countries consumers are now focusing into other substitute’s channels like electronic commerce for shopping which are offering them more and more choices of products and services in order to help in cost savings and its ease. Rapid growth of online shopping stuff and changing fashion of consumer behavior is attracting more and more companies to join the activity. Electronic commerce is not a new incident in the developing countries however dispersion of electronic commerce is very low in the country like Tanzania.

Information and Communication technology is helping to reduce the transaction cost of the business firms by providing cards and business services. Banking sector is very ideal for the successful development of electronic commerce. Electronic banking would help financial institutions to lower cost which is very crucial for the long term survival of the banks. It has been expected that those banks who are not responding to need electronic banking would more likely lose their customers. Financial institutions are now focusing on new delivery channels include virtual public and private networks, dial up connections, personal computers and ATMs. Electronic banking provides a reduced amount of time as compared with traditional banking but in order to get benefits from these services, readiness of consumers to aim and accept new technologies must be issue because consumers demands much more from financial institutions. Worldwide economic sectors are intensely reliant on the technologies, government policy and officially authorized frameworks which run the business very efficiently and transparently.

1.1.1. Electronic Commerce

The term electronic commerce refers to process of performing various business activities for products and services in which two parties interact with each other by electronic means, instead of interacting or having physical contact. Electronic commerce has the following major type’s business-to-business (B2B), business-to-consumer (B2C), business-to-government (B2G), consumer-to-consumer (C2C). So technology can consider as the major force to ensure the growth of e-commerce. This helps in providing more efficient, faster and much easier way of communication. Having online access anywhere is one of the main advantages of electronic commerce. The banking sector can be considered as the ideal platform for successful implementation of electronic commerce. Internet banking is the form of representing electronic channel for distributing and delivering the financial services at the virtual level.

1.1.2. Current Banking situation in Tanzania

The banking system in under developing countries is quite different from the banks operating in Europe. In Tanzania customers still face a lot of problems when they visit banks. In Tanzania, payment of utility bills by online means is not popular and even some banks are not offering the services. The utility bills are received by every home every month and these are water, telephone and electricity bill. But the problem is that these bills are send to homes at the different dates of months so people need to visit banks in order to pay utility bills. So the problem that mostly people face is that they have to stand and wait in the long queues for their turn so that they can be able to pay utility bills. The cash tradition is still ubiquitous in the banks of Tanzania. The most important reasons are lack of trust, non-availability of infrastructure, security and service charges. Consumer trust can play a vital role for the e electronic readiness among the people to use electronic banking services.

1.1.3. Motivations of electronic banking

The Internet is growing at an exponential rate. According to a survey, the Internet has doubled its size from 6.6 million hosts in the mid 1995 to 12.8 million host in mid 1996. As a consequence of the popularity of the Internet, hundreds of thousands of Internet users are trying electronic banking. Internet continues to expand the convenience associated with electronic banking will attract more Customers. One expectation of electronic banking is that it will replace the need for writing checks. In today’s market, “According to preliminary data from the latest Federal Reserve survey of patterns of consumer spending, almost four-fifths of consumer expenditures are handled by checks, directly or indirectly.” This means that electronic banking has a very large potential for use since many people expect that electronic checks will substitute paper checks. Moreover, for consumers, electronic money (electronic cash and electronic checks) means greater efficiency than using coins, paper bills, and traditional banks.

The electronic banking system brings the convenience of 24-hour, seven days a week, banking by offering home personal computers (PCs) tied directly to a bank’s computers. In addition, electronic money also offers greater security than a paper and coin system. Users are able to make a backup copy of their funds and if the electronic money is stolen, the users can invalidate the serial number just as they now stop payment on a paper check.

1.1.4 Ventures in electronic banking

1.1.4.1. Domestic

In order for this industry (electronic banking) to expand further, secure transactions with the trust of the consumers are necessary. Many banks are advertising secure on line service, allowing their customers a wide range of activities that they can do. Security First Network Bank is the first federally approved on line bank that is certified by the Office of Thrift Supervision, the federal regulatory body for the saving bank industry. With the support of the federal agencies, Security First Network Bank can give their customers more than just their assurance, but the assurance of the government, which gives consumers a large incentive to try electronic banking.

For a truly convenient system, banks need to connect to customers as well as to other financial institutions. Creating a common link between multiple banks so that banks can better and more safely communicate amongst themselves is becoming more of a reality. Fifteen of North America’s leading banks and IBM are working together to form an integrated network called Integrion Financial Network. The banks will be able to offer their customers access to their services through the public Internet and parallel private network access, with security and privacy.

1.1.4.2. International

In Europe, the Inter-bank Standards Association Belgium has established the Belgium’s electronic banking system to connect Belgium’s three largest banks together to develop uniform standards for electronic payments in Belgium. This system, developed by Utimaco uses electronic signatures according to the RSA method to guarantee accountability and security against the forging of electronic transaction.

Internationally, GENDEX Bank International is trying to connect the banking systems of various nations, states, independent principalities, and sovereign individuals to form an international banking system. This integration of electronic banking communities will promote the standardization of this industry. However, the primary concern today is the security issue.

It is prudent before proceeding with further discussion of this paper to provide the meaning of some of the key terms or concepts that the work keeps referring to them occasionally.

Electronic Banking; The use of a computer to retrieve and process banking data (statements, transaction details) and to initiate transactions (payments, transfers, requests for services) directly with a bank or other financial services providers remotely via a telecommunications network.

Electronic Commerce; The use of an information infrastructure through which businesses can speed the exchange of information, improve customer service, reduce operating costs, and increase global competitiveness

Internet; A worldwide system of computer networks, Networks connected through the Internet use a particular set of communication standards, known as TCP or IP, to communicate.

Encryption; the scrambling, or encoding, of information to prevent anyone other than the intended recipient from reading the information, there are many types of encryption, and they are the basis of network security.

Public-key security; Also known as asymmetric-key security or public-key encryption technology, this is a security mechanism for securely distributing encryption keys that are used to “lock” and ”unlock” data across an unsecured path. Public-key security is based on encryption key pairs, in contrast to private-key security, which is based on having a single, shared key.

Private-key security; Also known as symmetric-key security, this is a security mechanism based on both parties have the same encryption key, as in secret-key cryptography. The client and server share a key to encrypt and decrypt information on a network. A common implementation of private-key security is the Kerberos distributed security system.

Secure Socket Layer (SSL); a security protocol developed by the Netscape Communications Corporation to encrypt sensitive data and verify server authenticity

1.2 Statement of the problem

The security of electronic banking radically undermines the relationship between legally significant phenomena and physical location. The rise of the global computer network is destroying the link between geographical location and the power of the local government to assert control over online behavior, the effect of the online behavior on individual or things, the legitimacy of the effort of a local sovereign to in force rules applicable to global phenomena and the ability of physical location to give notice of which sets of rules to apply.

Internet banking is the latest development that has added a new dimension to banking transactions by making it more convenient, which has eliminated the long wearisome waiting-lines. But, there are some serious problems that you may encounter while banking through the Internet, due to which many still prefer to go directly to the banks instead of availing this facility.

Internet Banking Issues for carrying out Internet banking properly, a basic knowledge of computers and the Internet is required, which limits the number of people willing to avail this facility. Many people, who are not comfortable with computers and the Internet, often find it difficult to use this service. Therefore, for beginners, it is really time-consuming. In addition to this, people also find a difficulty in trusting a completely mechanized system like Internet banking, in case of financial matters. In many instances, a simple mistake, like clicking a wrong button, may create a big problem. And so, many individuals often keep wondering if they have properly executed the transaction. However, this uneasiness can be avoided by printing the transaction receipt and keeping it with oneself, until the bank statement is received.

While banking through the Internet, you have to be careful about the security of your Internet bank account. The security of your Internet bank account depends to a great extent on the security of your computer, password and pin number. Any leakage of information regarding your password or pin number and banking transactions can allow computer hackers to gain access to your bank account, which is the most common online banking problem. This can lead to unauthorized and criminal transactions being conducted without your knowledge. By the time you get your bank statement and detect such transactions, it may be too late.

In this, you have to make sure that the banking session is secure, as in many instances you may encounter proxy websites. These proxy websites can easily access your bank account, if they can crack your user name, password or pin number. Sometimes, it can be time-consuming and tedious, as many websites take quite a long time to get started. Besides this, your Internet bank account may also take considerable time to get started. You may also encounter technical difficulties and connectivity problems while conducting banking transactions. Of course, there is a customer care department in almost every bank to look into such matters, but often you may not be able to get the necessary assistance due to the congestion in the computer and telephone network. On the other hand, in normal banking, you can simply converse with the bank officials to sort out any problem.

However, with the advances in technology, many banks have taken the adequate measures to ward off any problems related to the security of Internet banking. Customers can also follow some simple precautionary measures, like not disclosing the password and pin number to anyone, changing the password at regular intervals and installing antivirus software to ensure security and safety of their banking transactions. Online banking tutorials are also provided by many banks to help familiarize people with this service. So, you can avail this facility to use Internet effectively, for making your day-to-day financial transactions.

Authorities attempt to control these situations, but the inadequacy of laws and continued advancements in technology present real impediments to properly dealing with these crimes happen to electronic banking. There is a need of law to provide guidelines to investigator and public prosecutors on how to collect this new type of evidence and prosecution of the offenders.

3. Literature review

E-commerce literature has studied the phenomenon of e-banking from different perspectives. Some research has analyzed the adoption and growth of e-banking, whilst others describe the challenges and benefits to be gained from e-banking services.

It is conceived that e-commerce is a phenomenon of developed country and new technology generally put challenges for developing countries that lack the requisite capabilities, as well as the economic and financial resources to cope with the developed countries. Especially internet presents both opportunities for economic and social development, and a threat to further increasing the gap between developed and developing countries.

The experience of most developed countries shows that price and availability of the telecommunications infrastructure are clearly associated with competition and market access. Tanzanian Government has withdrawn import duties from computers and computer related peripherals. Due to the withdrawal of duties prices of computers and related products have become affordable to general communities. This to some extent has increased the use of computer for general purpose though effective applications of computers are still underutilized due to particularly government policy. However, it is revealed form recent survey that nearly 90% of the computers are Dar es Salaam based and there is little scope for decentralization of these PCs to different regions of Tanzania.

Very few standard IT institutions are providing high quality IT Education in Tanzania, but the costs are very high and consequently remain beyond the reach of general people. Some IT related private institutions opened and started to offer it courses but again they are centered on big cities such as Dar es Salaam, Mwanza and Arusha. These institutions suffer from lack of coordination and quality course materials, and inadequate technical facilities. In course of time, eventually situations have been improved as the government withdrew duties on Computers. Different patterns have been found in studies about the extent to which firms in developing countries embrace the internet..

In Brazil, telecommunication infrastructure is not considered a barrier for e-commerce, and financial services sectors have widely adopted the internet approach.

In Nigeria, e-mail was the prime aspect of the internet system and business people used email mostly for the purpose of communication. Low level of IT education was recognized as the underutilization of internet system in many developing countries.

In Hong Kong low e-shopping compatibility, e-shopping inconvenience, e-transaction insecurity, and low internet privacy, together with orientation toward social interaction and poor awareness on the part of the consumers, translate into supply-side hurdles.

It is found from various studies that in developing countries e-commerce have hindrances in the arena of cultural habit and business and technology infrastructures as well.

Various studies identified a number of factors that facilitate or limit internet-based businesses. The enablers are availability of information, access to price information, accessibility, and convenience. These are the factors that would benefit the online business. On the other hand, the limiters which inhibit the escalation of internet business include lack of trial, lack of interpersonal trust, lack of instant gratification, high shipping and handling costs, customer service issues, loss of privacy and security, lack of a stable customer base, and poor logistics..

4. Hypothesis

An assessment, using interviews with IT professionals of banks was performed and with the help and review of available studies in this field we conclude that effective factors for implementation and development of e-banking can be divided into two broad groups including soft and hard factors. Soft factors can be; culture, awareness, job and human relations, trust, resistance, coordination, and decision making. Hard factors include supporting soft factors with suitable technological and economic infrastructures, finance of network development and the preparation of software and hardware required of e-banking. Therefore, from all related factors we conclude that the barriers and challenges of electronic banking in Tanzania can be categorized into six main groups, including infrastructural barriers, knowledge barriers, legal and security issues, socio-cultural barriers, economic factors, management and banking issues.

5. Objective of the study

From the customer’s point of view, electronic banking is providing convenient and valuable source to deal with funding because it provides convenience to access account. For business consumer electronic banking is providing refined money management with the help of electronic banking which gives all the information within seconds.

Electronic banking is available in some bank while some of the banks are functioning to provide electronic banking solutions. Digital certificates accessibility and security concerns are impediment for the start of projects and interfering of the political parties in important plans of the bank to make decisions. Commerce plays a vital role to boost the economy of the country and there is a high level of risk involved in this industry. “In many industries such as banking and telecommunications, it is virtually impossible for an organization to compete unless its customers are given the level of service that is only possible with high technology systems”.

Awareness, information, customer protection, response time, reliability, security, technology readiness all are considered to be an important elements for electronic banking. Nowadays employees are facing a lot of problems while facilitating the customers for doing transactions electronically. The banks have appointed customer relation officers for providing solutions of problems but customers are still reluctant to do online banking transactions.

The study aims to identify governmental, individual and financial institutions perspective of the electronic banking in Commercial banks of Tanzania and how to provide with customers enough knowledge so that they can start using electronic banking transactions.

The objective of the study is to find out why customer is reluctant to use electronic banking facility and to give answers to the question.

1.5.1 Study question

What are the hindrance and facilitators for the security of electronic banking in Tanzania? Why customer is reluctant to use electronic banking?

6. Justification of study

The term “e-” (electronic) is pretty used worldwide. They are very buzzing words, but electronic commerce is still in its immaturity stage in the economic sector especially in banks of emerging countries like Tanzania. The boom of internet has transformed societies. Distance is not more reality. Just clicking of mouse can connect people from all over the world which has resulted businesses to come up with the new idea of taking the advantage to internet by running business online that is commerce, and banking. Competition and limitation of resources placed banks under pressure to lower cost and improve their services and maintain quality of service. Hi-tech advances in bank industry modernize people to deal with their finance. Introduction of online banking facilitate people by gaining access to accounts anywhere at any time round the clock.

With the introduction of online banking in 1995, it allows people to get benefits of online stuff by having every kind of information. It provides benefits for customers and banks as well. Banks have lowered their transactions costs and advertising services with the help of websites while the customers can enjoy online banking by accessing internet which is very relaxing, time saving and cost reducing. Electronic banking provides reimbursement to customers including 24 hours access to their account and transferring of funds by just clicking of mouse seven days a week.

Banks are facing demands within the banking sector and particularly from the non-banking economic services area because they are moving towards multi-channel banking services which provide innovative products and services with lower costs to their customers. Online banking is very attractive to banks and to consumers who now have higher approval of new technologies and progressively more understanding of complex products. Banks are using their product names with large consumer base and highly market shares of firm financial products to remain their existing clients and to attract new ones.

7. Study Methodology

The study methodology followed to complete the study is on the basis of primary and secondary data. Secondary data were collected from relevant papers, daily newspaper, and IT magazines published in paper form and electronic form as well. Primary data were collected from three stakeholder groups namely, vendors (merchants), financial institutions, IT institutions and the consumers (mostly Small and Medium Enterprises (SMEs)). A critical analysis was done to determine the barriers that hinder the effective security of e-commerce in Tanzania.

8. Scope of the study

The scope of the research is to observe and analyze the electronic and online banking experiences of customers of the banks. There are different aspects of electronic banking which can be viewed from different views like; banks perspective and customer’s perspective.

       1.9. Limitation of the study

While conducting the study it comes up with some limitations. The generalization of the study may be affected because it is not possible to conduct interviews from every customer. Changing the customer’s attitude towards using the electronic banking is very difficult. Customers have more faith in using the conventional internet banking system rather than using the internet banking. Also, Customers may vary from bank to bank and it is very difficult to target the customers from all the bank branches of Tanzania.

2. CONCERNS ABOUT ELECTRONIC BANKING

Since Electronic Banking is a new technology that has many capabilities and also many potential problems, users are hesitant to use the system. The use of Electronic Banking has brought many concerns from different perspectives: government, businesses, banks, individuals and technology.

2.1 Government

From a government point of view, the Electronic Banking system poses a threat to the antitrust laws. Electronic Banking also arouse concerns about the reserve requirements of banks, deposit insurance and the consumer protection laws associated with electronic transfer of money. The US government is concerned with the use of high quality of encryption algorithms because encryption algorithms are a controlled military technology.

2.2 Businesses

Businesses also raise concerns about this new media of interaction. Since most large transfer of money is done by businesses, these businesses are concern about the security of their money. At the same time, these businesses also consider the potential savings in time and financial charges (making cash deposits and withdrawals which some banks charge money for these processes) associated with this system. Another businesses concern is connected to the customer. Businesses ponder the thought that there are enough potential customers who would not make a purchase because the business did not offer a particular payment system (example; electronic cash and electronic check). This would result in a loss of sales. On the other side of the coin, if this system becomes wide spread, this would allow more buying power to the consumer which puts pressure on businesses to allow consumers to use electronic transfer of money.

2.3 Banks

Banks are pressured from other financial institutions to provide a wide range of financial services to their customers. Banks also profit from handling financial transactions, both by charging fees to one or more participants in a transaction and by investing the funds they hold between the time of deposit and the time of withdrawal, also known as the “spread”. With more financial transactions being processed by their central computer systems, banks are also concern about the security of their system.

2.4 Individuals

Individuals are mainly concern with the security of the system, in particular with the unwarranted access to their accounts. In addition, individuals are also concern with the secrecy of their personal information. 82% of American poled expressed concern over privacy of computerized data. As more and more people are exposed to the information superhighway, privacy of information and the security that goes hand and hand with this information is crucial to the growth of electronic transactions.

2.5 Technology

In order to provide effective and secure banking transactions, there are four technology issues needed to be resolved. The key areas are: security, anonymity (privacy) technology, authentication, and Divisibility.

1. Security issue

Security of the transactions is the primary concern of the Internet-based industries. The lack of security may result in serious damages. The examples of potential hazards of the electronic banking system are during on-line transactions, transferring funds, and minting electric currency.

Dr. David Chaum, Chief Executive Officer (CEO) of DigiCash said that “Security is simply the protection of interests. People want to protect their own money and bank their own exposure. The role of government is to maintain the integrity of and confidence in the whole system. With electronic cash, just as with paper cash today, it will be the responsibility of government to protect against systemic risk. This is a serious role that cannot be left to the micro-economic interests of commercial organizations.”

The security of information may be one of the biggest concerns to the Internet users. For electronic banking users who most likely connect to the Internet via dial-up modem, is faced with a smaller risk of someone breaking into their computers. Only organizations such as banks with dedicated Internet connections face the risk of someone from the Internet gaining unauthorized access to their computer or network. However, the electronic banking system users still face the security risks with unauthorized access into their banking accounts. Moreover, the electronic banking system users also concern about non-repudiability which requires a reliable identification of both the sender and the receiver of on-line transactions. Non-secure electronic transaction can be altered to change the apparent sender. Therefore, it is extremely important to build in non-repudiability which means that the identity of both the sender and the receiver can be attested to by a trusted third party who holds the identity certificates.

2. Anonymity (privacy) technology

Generally speaking, the privacy issue is a subset of the security issue and by strengthening the privacy technology; this will ensure the secrecy of sender’s personal information and further enhance the security of the transactions. The examples of the private information relating to the banking industry are; the amount of the transaction, the date and time of the transaction, and the name of the merchant where the transaction is taking place.

Privacy technology can be used to assure that consumers, merchant’s, and the transactions themselves remain confidential. For instance, companies sending important, secret information about their marketing strategy to one of its partners would like to keep that information private and out of the hands of its competitors. This technology will keep all information secure and can be applied to electronic cash, also known as “e-cash”. The privacy technology provides a fully digital bearer instrument that assigns a special code to money, just like a bank note. The security of e-cash is superior to paper cash because even if it is stolen, it cannot be used. However, e-cash has its share of disadvantages because it lacks the privacy of use. “This system is secure, but it has no privacy.” This would make it possible to create spending profiles on consumers and threaten their privacy. Furthermore, records based on digital signatures are more vulnerable to abuse than conventional files. Not only are they self-authenticating, but they also permit a person who has a particular kind of information to prove its existence without either giving the information away or revealing its source.

Whereas the security of digital signatures is dependent on the difficulty of particular computations, the anonymity of blinded notes is limited only by the unpredictability of the user’s random numbers. The blinded electronic bank notes protect an individual’s privacy, but because each note is simply a number, it can be copied easily. To prevent double spending, each note must be checked on-line against a central list when it is spent which makes this verification procedure unacceptable for many applications, especially for minor purchases. Thus, this technology currently, is only applicable for large sums of money.

3. Authentication

Encryption may help make the transactions more secure, but there is also a need to guarantee that no one alters the data at either end of the transaction. There are two possible ways to verify the integrity of the message. One form of verification is the secure Hash algorithm which is “a check that protects data against most modification.”  The sender transmits the Hash algorithm generated data. The recipient performs the same calculation and compares the two to make sure everything arrived correctly. If the two results are different, a change has occurred in the message. The other form of verification is through a third party called Certification Authority (CA) with the trust of both the sender and the receiver to verify that the electronic currency or the digital signature that they received is real.

4. Divisibility

Electronic money may be divisible into different units of currency, similar to real money. For Example, electronic money needs to account for pennies and nickels.

3. SOLUTIONS

1. Software-based systems

In software-based security systems, the coding and decoding of information is done using specialized security software. Due to the easy portability and ease of distribution through networks, software-based systems are more abundant in the market. Encryption is the main method used in these Software-based security systems. Encryption is a process that modifies information in a way that makes it unreadable until the exact same process is reversed. In general, there are two types of encryption.

The first one is the conventional encryption schemes, one key is used by two parties to both encrypt and decrypt the information. Once the secret key is entered, the information looks like a meaningless jumble of random characters. The file can only be viewed once it has been decrypted using the exact same key.

The second type of encryption is known as public key encryption. In this method, there are two different keys held by the user: a public key and a private key. These two keys are not interchangeable but they are complementary to each other, meaning that they exist in pairs. Therefore, the public keys can be made public knowledge, and posted in a database somewhere. Anyone who wants to send a message to a person can encrypt the message with the recipient public key and this message can only be decrypted with the complementary private key. Thus, nobody but the intended receiver can decrypt the message. The private key remains on one’s personal computer and cannot be transferred via the Internet. This key is encrypted to protect it from hackers breaking into the personal computer. There are four examples of current encryption technology presented below: Digital Signature, Secure Electronic Transaction, Pretty Good Privacy, and Kerberos;

1. Digital Signature

Digital Signature is a coded message added to a document or data that guarantees the identity of the sender. Digital Signature was first proposed in 1976 by Whitfield Duffie, at Stanford University. A digital signature transforms the message that is signed so that anyone who reads it can know who sent it. The use of digital signatures employs a secret key (private key) used to sign messages and a public key to verify them. The message encrypted by the private key can only be verified by the public key. It would be impossible for any one but the sender to have created the signature, since he or she is the only person with the access to the private key necessary to create the signature. In addition, it is possible to apply a digital signature to a message without encrypting it. This is usually done when the information in the message is not critical. In addition, this allows people to know who compose the message. Because of the signature contains information so called “one way hash”, it is impossible to forge a signature by copying the signature block to another message. Therefore, it is guaranteed that the signature is original.

2. Secure Electronic Transaction (SET)

Secure Electronic Transaction (SET) software system, the global standard for secure card payments on the Internet, which is defined by various international companies such as Visa MasterCard, IBM, Microsoft, Netscape Communications Corp., GTE, SAIC, Terisa Systems and VeriSign. SET promises to secure bank-card transactions online. Lockhart, CEO of MasterCard said, “We are glad to work with Visa and all of the technology partners to craft SET. This action means that consumers will be able to use their bank cards to conduct transactions in cyberspace as securely and easily as they use cards in retail stores today.” SET adopts RSA public key encryption to ensure message confidentiality. Moreover, this system uses a unique public or private key pair to create the digital signature. The main concerns for the transaction include not only ensuring the privacy of data in transit, but also proving the authenticity which both the sender and the receiver are the ones they claim to be. Digital signature is used to achieve the authenticity. This ensures that the message was actually from the appropriate person. Besides uniquely identifying the sender, the digital signature also ensures that the original message was not tampered with in transit. The processes in SET are not specific to card transactions; they are generic to authentication, certification, and encryption and so on.”

3. Pretty Good Privacy (PGP)

Pretty Good Privacy (PGP), created by Philip Zimmermann, is a “hybrid cryptosystem that combines a public key (asymmetric) algorithm, with a conventional private key (symmetric) algorithm to give encryption combining the speed of conventional cryptography with the considerable advantages of public key cryptography.” The advantage of PGP is that it does not require a trusted channel of transmitting the encryption key to the intended recipient of your message. Furthermore, it has the ability to sign the messages by encrypting them with sender’s private key which cannot be replaced by any other key. Once the receiver received the message, he or she can then decrypt the message with the sender’s public key which cannot be forged and represents the true identity of the sender.

4. Kerberos

Kerberos uses private key security. Kerberos is named after the three-headed watchdog of Greek mythology and it is one of the best known private-key encryption technologies. Kerberos creates an encrypted data packet, called a ticket, which securely identifies the user. To make a transaction, one generates the ticket during a series of coded messages by making exchanges with a Kerberos server, which sits between the two computer systems. The two systems share a private key with the Kerberos server to protect information from hackers and to assure that the data has not been altered during the transmission. Example of this encryption is NetCheque that uses Kerberos to authenticate signatures on electronic checks that Internet users have registered with an accounting server.

2. Hardware-based systems

Hardware-based systems offer a more secure way to protect information, but, it is less portable and more expensive than software-based systems. The hardware-based security system creates a secure, closed channel where the confidential identification data is absolutely safe from unauthorized users. There are two hardware-based systems discussed in this section: Smartcard system and MeCHIP.

1. Smartcard System

Smartcard System is a mechanical device which has information encoded on a small chip on the card and identification is accomplished by algorithms based on asymmetric sequences. Each chip on the Smartcard is unique and is registered to one particular user, which makes it impossible for a virus to penetrate the chip and access the confidential data. However, practical limitations in the Smartcard system prevent it from broad acceptance for major applications such as home banking or on-line distribution. One draw-back for the Smartcard is that it cannot handle large amounts of information which need to be decoded. Furthermore, the Smartcard only protects the user’s private identification and it does not secure the transfer of information. The Smartcard is one hardware-based system that offers confidential identification.

2. MeCHIP

MeCHIP which developed by ESD is connected directly to the PC’s keyboard using a patented connection. All information which needs to be secured is sent directly to the MeCHIP, circumventing the client’s vulnerable PC microprocessor. Then the information is signed and transmitted to the bank in secure coded form. A closed, secure channel from the client to the bank is assumed in this case. All information which is transmitted and received is logged and verified to ensure that it has not been tampered with. If there are any deviations, the session is immediately terminated. This hardware-based solution offers the necessary security at the personal computer to transfer confidential information.

Therefore; the findings of the studies have a significant inference for the study and financial institutions contributing to offer electronic banking services and for those banks that are setting up their minds to start electronic banking services. Giving high-quality of customer services by convincing the clients concerning the comparison of credit and debit cards with notes will incline the adoption of electronic banking in Tanzania. Findings of the studies give opening view in favor of Human Resource approach of the banks which necessitate adjustment of Information Technology strategies within it. Staff of the bank can endorse an efficient power to the trade and marketing of the electronic banking artifact which can be perceived only by the help of valuable electronic banking for the routines of the actions which can benefit both the banks and consumers.     

4. CONCLUSION

Despite a few stumbles, the future is bright for e-commerce. The 20th Century, shaped by the Industrial Revolution, became the age of the automobile and the television. The 21st Century, shaped by the Technological Revolution, is the age of globalization. The Internet massively impacts all aspects of business. In the 21st century, e-business is no longer an option for businesses it is a necessity.

Today, e-commerce is an ever expanding consumer industry. For an e-commerce site to succeed it must understand its customers’ mindset. Although price is always an issue, it is rarely the primary motivator for buying a product online. Customers are looking for convenience, and or products they can’t find elsewhere. Vendors should not wait until the removal of the current obstacles in the online business environment. The effort is to be exerted towards the development of appropriate e-commerce model that is suitable for the products being marketed. The business model has to encompass the three major factors: attracting potential customers, timely delivery, and comfortable payment methods.

The e-commerce innovation programme will build capacities in Tanzania to small and medium ICT enterprises to make a business with ICT utilizations. E-commerce innovation aims to encourage the growth of Tanzanian ICT industries and SMEs, particularly in selected regions, Dar-es salaam, Arusha, Mwanza, Morogoro and southern regions through three main actions: Strengthening and improving security models for ecommerce in Tanzania in banking systems, fostering SMEs groups use of ICT and supporting innovative local applications that is websites sustainability and Single government institution managed portals development.

In order to reduce the potential vulnerabilities regarding to the security, many vendors have developed various solutions in both software-based and hardware-based systems. Generally speaking, software-based solutions are more common because they are easier to distribute and are less expensive. In order for electronic banking to continue to grow, the security and the privacy aspects need to be improved. With the security and privacy issues resolved, the future of electronic banking can be very prosperous. The future of electronic banking will be a system where users are able to interact with their banks “worry-free” and banks are operated under one common standard.

5. RECOMMENDATIONS

Since Tanzania is developing country and private organizations are not organized enough to provide with IT infrastructure, Government should initiate programs to reduce the barriers in the security of electronic banking.  

Establishing a task force at the government level to coordinate the activities related to ICT of different stakeholders. As a long-term investment government should invest in basic and higher education to reap the real benefits of ICT especially in the concerned matter, which is security of electronic banking. One of the main bottlenecks of e-commerce in Tanzania is e-payment system operation, which suffers from lack of convertibility of e-currency. The balance in any e-cash account is not convertible like cash without the help of any intermediating third party, which it attracts special hardware arrangement. Hence, banks also need to adopt legal frameworks for the successful transformation of electronic business in Tanzania.

Government policies can play a vital role to successfully implement the policies for the banks regarding secure payments, low cost and regulatory frameworks for the implementation of electronic banking.

Financial institutions should provide powerful methods for security issues, risk management, technological enhancement and attract the consumers by developing their trust. Autonomy of the judiciary is supposed to be re-established to get better supremacy and to stop the political intervention. The financial institutions should provide modern electronic banking mediums that can eradicate the troubles that include distrust on technology, unreliable transactions, slow response time and security. Financial institution needs to establish a link with the customers to determine their requirements that can lead to successful electronic banking solutions. Electronic banking can abolish the problems of processing notes, cheque, theft and waiting in the queues for hours.

Website and the outlook of the bank plays an important role to attract the customer‘s if the detailed information provided is understandable and brief. Demo provides help to use the electronic banking. Customer complaint management system can boost customer constancy and trust on the electronic banking. Bank can develop an attractive website to provide handiness for the consumer’s.

Proper awareness can produce more results by creating awareness to all the people to use the electronic banking facility. These actions might aid to attract the customers to use electronic banking which can result in considerable amount of profits and low transaction costs. Example educating consumers about the ease and benefits of online shopping Information of online banking is very necessary for the customer, because it helps the customer to know about the electronic banking.

Substantially enhancing transaction security and product quality, showing the customers that the company cares and shares about buyers’ well-being is instrumental to enhancing customer loyalty and to help them understand that virtual shops are safe and legitimate. Also, Building effective distribution channels namely postal service, direct delivery, third party delivery, and alliances with other established companies.

Adopting and implementing the WTO Information Technology agreement on financial services and the WTO agreement on basic Telecommunications are essential for international business relating to e-commerce (Worldwide Coalition Calls for WTO Policy Agenda to Enhance Growth of E-Commerce)

Removing any obstacles that hinder the effective methods of both online and offline payment systems. Security and privacy are the major elements of electronic banking because the security and privacy issues are very important for the customer if the customer is satisfied with the security and privacy of the bank the customer will then used electronic banking service.

Quality of internet is also important because the internet is not good in Tanzania and electronic banking needs good internet connection to perform complete transaction. Perceived usefulness and Perceived usage are also important elements of the electronic banking which is related to the enjoyment and satisfaction of the customer.

Trust plays an important role to build the confidence on the technology provided by the banks to its customers. Quality of services can be only provided by good infrastructure with the adoption of latest technology.

The reason behind using of this recommendations is to analyze the customer acceptance of using the online banking service and at the same time having better knowledge of the government policies, infrastructure problems and lacking behind of technology that hinders the electronic banking. So the Customer acceptance and electronic banking are two main concepts that hinder or facilitate the use of internet banking in commercial banks of Tanzania.

BIBLIOGRAPHY

BOOKS

Ahmed, A, “Policies & Regulations for Expanding e-banking to the Poor”, The First

        Microfinance Bank Ltd, 2006

Andam, Z.R. “e-Commerce and e-Business”, e-ASEAN Task force UNDP-APDIP, 2003

Armstrong, Gary and Phillip Kotler Marketing: An Introduction New Jersey: Prentice Hall, (6th

        ed.) 2002

Bwana, A. J., Electronic Banking and Law in Tanzania: Approaches to its Regulation. Tanzania

        Lawyer, 2003

Burnham, B. “The Internet’s Impact on Retail Banking”, Booz-Allen Hamilton, (1996)

Cheung, Michael T. and Ziqi Liao “Supply-Side Hurdles in Internet B2C E-Commerce”, IEEE

        Transactions on Engineering Management, 2003

Edwards and Waelde, Law and the Internet, North America: 3rd Edition, Hart Publishing, 2009

Furuholt, Bjørn “A Rural-urban digital divide? Regional aspects of Internet use.” Proceedings of the 9th International Conference on Social Implications of Computers in Developing Countries, São Paulo, Brazil, May 2007.

Information Technology Law, 6Th Edition, United States: Oxford University Press, 2011

Kothari, C.R., Research Methodology- Methods and Techniques, New Delhi, Wiley Eastern

        Limited, 1985 Lloyd, J. I

Mambi, J. A., ICT Law Book: A Source Book for Information & Communication Technologies

        and Cyber Law, Tanzania: Mkuki na Nyota Publishers LTD, 2010.

Mollel, L. A, & Lukumay, N. Z., Electronic Transactions and the Law of Evidence in Tanzania,

        Iringa University College, 2007

Paulo B. Tigre, “E-Commerce Readiness and Diffusion: The Case of Brazil”, I-WAYS, Digest

        of Electronic Commerce Policy and Regulation, 2003

Pfleeger, Charles P. Security in Computing. Prentice Hall, 1997

Reiser, S.J, “The Information highway and Electronic Commerce: What does it mean: Current

        Issues, 1997

Sachs, J. D., Readiness for the networked world: A guide for developing countries. Cambridge,

        MA: Center for International Development, Harvard University 2000.

Shahzada, A.M. Country report of Pakistan on initiatives of information society by Pakistan

        Telecommunication Authority, 2006

Tigre, Paulo Bastos, “Brazil in the Age of Electronic Commerce”, The Information Society, 2003

STATUTES

Electronic Communications Act, 2000 (U.K)

The Tanzanian Communications Regulatory Authority Act of 2003

Uniform Electronic Evidence Act of 1999 (Canada)

United Kingdom Electronic Communications Act

JOURNALS

Applegate, L.M. et al. (1996), “Electronic commerce: Building blocks of new business opportunity”, Journal of Organizational Computing and Electronic commerce, 6 (1)

Dilruba Khanam, Mohiuddin Ahmed, Sohrab Husain Khan, “E-Banking: An Emerging Issue of Developing Country Like Bangladesh”, Journal of Social Sciences, Grace Publication, 3 (3).

Karadaras, D., & Papathanassiou, E. (2001), “The development of B2C e-commerce in Greece: current situation and future potential”, International Journal of Information Manage, Vol. 23

Karjaluoto, H., Mattila, M. and Pento, T. (2002), “Factors underlying attitude formation towards online banking”, International Journal of Bank Marketing, ISSN 0265-2323, Vol.20

Kundi, G.M. & Shah, B, “IT, Threats & Opportunities for e-business”, The Electronic Journal on Information Systems in Developing Countries, 2009

Linus Osuagwu, “Internet Appreciation in Nigerian Business Organizations”, Journal of Internet Commerce, 2 (1), 29-47, 2003

Lucking-Reiley, D. and Spulber, D.F. (2001), "Business-to-Business Electronic Commerce", Journal of Economic Perspectives, 15 (1)

Oinus, Paivi (2002), “Towards Understanding Network Relationships in Online Retailing”, International Review of Retail, Distribution, and Consumer Research, 12 (3)

Orr, B. (1999), “At Last, Internet Banking Takes off”, ABA Banking Journal, Vol. 91

Srinivasan, Srini S., Rolph Anderson, and Kishore Ponnavolu, “Customer Loyaltyin E-commerce: An Exploration of Its Antecedents and Consequences”, Journal of Retailing, 78 (1), 41-50. 2002

Yu, Jun”B2C Barriers and Strategies: A Case Study of Top B2C Companies in China”, Journal of Internet Commerce, 2006.

RESEARCH PAPERS

Ally Abdallah, The Impact of ICT Revolution in Tanzania Legal System; A critical Analysis of Cyber crime and Computer Forensic Evidence, Master of Law (LLM) Thesis, Open University, 2011

Bakari, J. K., A Holistic Approach for Managing ICT Security in Non Commercial Organisation, Doctoral Thesis, Stockholm University Sweden, 2007

Pikkarainen, T., Pikkarainen, K. Karjaluoto, H. and Pahnila, S. (2004), “Consumer acceptance of online banking: an extension of the technology acceptance model”, Internet Research, Vol. 14 No. 3, ISSN 1066-2243.

ONLINE SOURCES

Law Reform Commission of Tanzania, “Position Paper on E-commerce”, accessed at http://www.http:lrct.tz 27 May 2012

Security Comes First With Online Banking at Security First Network Bank. Http://www.hp.com/ibpprogs/gsy/advantage/june96/custspot.html

Solving the Puzzel of Secure Electronic Commerce Http://www.rsa.com/set/bankset.htm

How PGP works. Http://rschp2.anu.edu.au:8080/howpgp.html

The Internet 1996 Http://www.iw.com/1996/12/charts.html

The MeCHIP Http://www.esd.de/eng/chip/index3.htm