Online Banking Security Risks: Electronic Payment System


Please note! This essay has been submitted by a student.

Download PDF

Online banking also known as internet banking is an electronic payment system that enables customers of a bank or other financial institution to conduct a range of financial transactions through the financial institution’s website . The online banking system will typically connect to or be part of the core banking system operated by a bank and is in contrast to branch banking which was the traditional way customers accessed banking services . the e-banking technology can be impacted by a range of fraud incidents and cyber-attacks. The present article aims to give a clear definition of the e-banking term

Online banking systems have become quite popular in the last ten years . It is an online payment system that enables different customers to conduct online financial transactions on a website . Customers from an online bank can manage their accounts with their own electronic devices such as laptop , mobile phones or other as long as an Internet connection is available. Online banking is also referred as e-banking , virtual banking, Internet banking and by other terms . There are mainly two phases in any online banking system , registration phase and login phase. Registration phase of all the banks are having nearly same structure. Login phase is divided into two security levels , first is using user id and transaction password and second level password security is using advanced system like one time password , grid authority card , QR code , Security questions and etc . All this security systems are developed to protect customer’s bank accounts from any black hat or hackerm from community member. Bank information can be compromised by expert criminal hackers by modifying a financial institution’s online information system , spreading malicious viruses , corrupt data , and degrade the quality of an information systems performance . So , High level security systems are used by banks to protect from such type of attacks .

Essay due? We'll write it for you!

Any subject

Min. 3-hour delivery

Pay if satisfied

Get your price

Banking activity is now no longer confined to the branches where a customer has to approach the branch in person , for withdrawing cash or deposit a cheque or request for a statement of Accounts . In accessing a true internet banking , any inquiry or transaction is processed online without any reference to the branch (anywhere banking) at any time . Thus providing Internet banking is gradually becoming a “need to have” than a “nice to have” service . The net banking is , therefore , more of a norm rather than an exception in many developed countries because it is the cheapest way of providing banking services . Under this system , online banking is possible where every bank customer is provided with a personal identification number (PIN) for making online transactions with the bank through internet connections .


A computer security risk is anything that can negatively affect confidentiality , integrity or availability of data . Examples of computer risks would be misconfigured software, unpatched operating systems, and unsafe habits that cause vulnerabilities .

Computer security risk can be defined as probability of negative outcome for a compute if negative forces will be applied. For example, if you disable firewall then when someone launches attacks on a computer (negative force) the probability of your computer getting damaged is higher than with firewall on. Disabling firewall increases the risk because probably of negative outcome increases if negative forces will be applied. Computer security risk measures probability of negative outcome if negative forces applied .

A computer security risk is really anything on your computer that may damage or steal your data or allow someone else to access your computer, without your knowledge or consent. There are a lot of different things that can create a computer risk, including malware, a general term used to describe many types of bad software. We commonly think of computer viruses, but, there are several types of bad software that can create a computer security risk, including viruses, worms, ransomware, spyware, and Trojan horses. Misconfiguration of computer products as well as unsafe computing habits also pose risks.

Types of security risks

Malicious Codes

Malicious code is the term used to describe any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system. Malicious code is an application security threat that cannot be efficiently controlled by conventional antivirus software alone. Malicious code describes a broad category of system security terms that includes attack scripts, viruses, worms, Trojan horses, backdoors and malicious active content

1) Computer Virus

A computer virus is a self replicating computer program which can attach itself to other files/programs, and can execute secretly when the host program/file is activated. When the virus is executed, it can perform a number of tasks, such as erasing your files/hard disk, displaying nuisance information, attaching to other files, etc.

2) Worms

A worm is a self-replicating program that does not need to attach to a host program/file. Unlike viruses, worms can execute themselves. Worms have the ability to spread over a network and can initiate massive and destructive attacks in a short period of time.

One typical example of a massive attack is the ‘SQL Sapphire Slammer (Sapphire)’ that occurred on 25 January 2003. The Sapphire exploited an MS SQL Server or MSDE 2000 database engine vulnerability. The weakness lays in an underlying indexing service that Microsoft had released a patch in 2002. It doubled in size every 8.5 seconds, and infected more than 90 percent of vulnerable hosts within 10 minutes. It eventually infected at least 75,000 hosts and caused network outages that resulted in:

• Canceled airline flights

• Interference with elections

• Bank ATM failures

3) Trojan Horses

A trojan horse is a non-replicating program that appears legitimate , but actually performs malicious and illicit activities when executed. Attackers use trojan horses to steal a user’s password information, or they may simply destroy programs or data on the hard disk.A trojan horse is hard to detect as it is designed to conceal its presence by performing its functions properly.

Some recent examples are :

• Trojan horses embedded into online game plug-ins which will help online gamer to advance their game characters; however, the online game account and password are also stolen. The gamer’s cyber assets are therefore stolen.

• Trojan horses are embedded into popular commercial packages and uploaded to websites for free download or to be shared across peer-to-peer download networks.

Trojan horses are particularly dangerous due to the fact that they can also open a back door into a system and allow an attacker install further malicious programs on your computer. Back Orifice and SubSeven are two well-known remote access trojan horses that allow attackers to take control of a victim’s computer.

Tips for Prevention

Besides the following common best practices, you should:

• Install a file and directory integrity checker.

• Be alert to suspicious hard disk activity and/or network activity e.g. if your hard disk access LED light is always on.

• Be alert to suspicious deletion or modification of files.

• Check if your system is accessed without your knowledge, e.g. your email accounts.

the act of stealing computer equipment. Hardware vandalism is the act of defacing or destroying computer equipment. Hardware vandalism takes many forms, from someone cutting a computer cable to individuals breaking into a business or school computer lab and aimlessly smashing computers.

Software theft

the unauthorized or illegal copying, sharing or usage of copyright-protected software programs. Software theft may be carried out by individuals, groups or, in some cases, organizations who then distribute the unauthorized software copies to users.

Software theft is committed when someone performs any of the following:

• Steals software media

• Deliberately erases programs

• Illegally copies or distributes a program

• Registers or activates a software program illegally

Information Theft

Identity Theft Definition.

Information theft or Identity theft is the crime of obtaining the personal or financial information of another person for the sole purpose of assuming that person’s name or identity to make transactions or purchases. Identity theft is committed in many different ways. Some identity thieves sift through trash bins looking for bank account and credit card statements

Definition of Security Measures


Data Backup is a program of file duplication. Backups of data applications are necessary so that they can be recovered in case of an emergency.Depending on the importance of the information, daily, weekly or biweekly backups from a hard disk can be performed.


Cryptography is a process of hiding information by altering the actual information into different representation.

Almost all cryptosystems depend on a key such as a password like the numbers or a phrase that can be used to encrypt or decrypt a message.The traditional type of cryptosystem used on a computer network is called a symmetric secret key system.


An antivirus program protects a computer against viruses by identifying and removing any computer viruses found in the computer memory, on storage media or incoming e-mail files.

An antivirus program scans for programs that attempt to modify the boot program, the operating system and other programs that normally are read from but not modified.


Spyware is a program placed on a computer without the user’s knowledge. It secretly collects information about the user.The spyware program communicates information to the outside source.An anti-spyware application program sometime called tracking software or a spybot is used to remove spyware.


Firewall is a piece of hardware or software which functions in a networked environment to prevent some communications forbidden by the security policy.

Firewall implements a security policy. It might permit limited access from in or outside the network perimeters or from certain user or for certain activities.

6) Physical Access Control

Access control is a security technique that regulates who or what can view or use resources in a computing environment. It is a fundamental concept in security that minimizes risk to the business or organization.


– expose employees or staff to computer security

– make a routine check to updates new virus , worm or other malicious threat

– proper handling of computer and information

 Security Risk 1 : Malicious code

Malicious code refers to a broad category of programs that can cause damage or undesirable effects to computers or networks . It is a type of threat that may not be blocked by antivirus software on its own . In this situation , malicious code involved are more to computer virus and trojan horses . With computer virus , “ The victims reported being deceived into going to a fake website “ when they log in their account because the hacker had put a fake website or make a change of user’s information to make victim believed and trojan horses is used to steal user’s information such as username and password . Trojan Horses always used because its hard to detect more than other security risks .

 Security Risk 2 : Unauthorized Access

Unauthorized Access is viewing or log in private accounts when they has not been given permission from the owner to do so . In this case , the fact is the majority of the problems above are unauthorized access because viewing and taking other people’s usernames and passwords without their permission illegally . In addition, hackers use it as much as they want.

 Security Risk 3 : Information Theft

Identity theft or better known as information theft is the crime of using another person’s personal information, credit history or other identifying characteristics in order to make purchases or borrow money without that person’s permission . The hackers also stealing your mail including credit and bank statements, phone or utility bills, new checks, and tax information, then call your creditors and change your mailing address on your credit card account to do any transaction whenever they want .

Security Measure 1 : Antivirus

Antivirus software is a type of utility used for scanning and removing viruses from your computer . To this case , antivirus is essential to help the victim resolve malicious code by trying to recover and identify any programs that hackers have changed after logging into their account and help to tight the security of the account to prevent the same thing to happen again .

 Security Mesure : Firewall

firewall is a software program that prevents unauthorized access to or from a private network and it is play a similar role in this issue . Firewalls are tools that can be used to enhance the security of computers connected to a network . A firewall protects you against the hackers that want to breaking into your computer to stole your personal information that related to your online banking. It also protects your online banking data and another important information from the hackers.

Security Measure : Cryptography

Cryptography very helpful to solve the information theft problems because it involves creating written or generated codes that allow information to be kept secret to the hacker . Cryptography converts data into a format that is unreadable for an unauthorized user, allowing it to be transmitted without unauthorized entities decoding it back into a readable format, thus compromising the data.


From the scenario problem above , we can detected some of the security risks that can be mitigated in the scenario problem including malicious code, unauthorized access and information theft . so , since we know that the Internet is not originally designed for Online Banking . Online Banking now is facing a wide range of security risks for both the banks and the Online Banking users such as increase in phishing cases . The banks have to increase their Online Banking security system constantly, which means the banks have to keep investing on the security systems all the time. . On the other hand, the necessity for privacy must be balanced with security requirements for the advantage of the general public . Bank should have best backup and contingency strategies and should formulate best security plans and practicesThe banks have to increase their Online Banking security system constantly, which means the banks have to keep investing on the security systems all the time to ensure that consumers are satisfied when using online banking for not having to deal with issues that may be affecting their emotions such as loss money or loss important data that is used in any transaction of money .  

writers online
to help you with essay
banner clock
Clock is ticking and inspiration doesn't come?
We`ll do boring work for you. No plagiarism guarantee. Deadline from 3 hours.

We use cookies to offer you the best experience. By continuing, we’ll assume you agree with our Cookies policy.