Online banking

Online banking, also known as internet banking, virtual banking, web banking or home banking, is a system that enables customers of a bank or other financial institution to conduct a range of financial transactions through the financial institution's website or mobile app. Since the early 2000s this has become the most common way that customers access their bank accounts. The online banking system will typically connect to or be part of the core banking system operated by a bank to provide customers access to banking services in addition to or in place of historic branch banking. Online banking significantly reduces the banks' operating cost by reducing reliance on a physical branch network and offers convenience to some customers by lessening the need to visit a branch bank as well as being able to perform banking transactions even when branches are closed, for example outside the conventional banking hours or on weekends and holidays.

Internet banking provides personal and corporate banking services offering features such as making electronic payments, viewing account balances, obtaining statements, checking recent transactions and transferring money between accounts.

Some banks operate as a "direct bank" or "neobank" that operate entirely via the internet or internet and telephone without having any physical branches relying completely on their online banking facilities.

Precursors
The precursor to the modern online banking services was distance banking electronically and by telephone since the early 1980s. The term 'online' became popular in the late 1980s and referred to the use of a terminal, keyboard, and TV or monitor to access the banking system using a phone line. 'Home banking' can also refer to the use of a numeric keypad to send tones down a phone line with instructions to the bank.

Emergence of computer banking
The first home banking service was offered to consumers in December 1980 by United American Bank, a community bank with headquarters in Knoxville, Tennessee. United American partnered with Radio Shack to produce a secure custom modem for its TRS-80 computer that allowed bank customers to access their account information securely. Services available in its first years included bill pay, account balance checks, and loan applications, as well as game access, budget and tax calculators and daily newspapers. Thousands of customers paid $25–30 per month for the service.

Large banks, many working on parallel tracks to United American, followed in 1981 when four of New York's major banks (Citibank, Chase Manhattan, Chemical Bank, and Manufacturers Hanover) offered home banking services, using the videotex system. Because of the commercial failure of videotex, these banking services never became popular except in France (where millions of videotex terminals (Minitel) where given out by the telecom provider) and the UK, where the Prestel system was used.

The first videotext banking service in France was launched on December 20, 1983, by CCF Bank (now part of HSBC). Videotext online Banking services eventually reached 19% market share by 1991

The developers of United American Bank's first-to-market computer banking system aimed to license it nationally, but they were overtaken by competitors when United American failed in 1983 as a result of loan fraud on the part of bank owner Jake Butcher, the 1978 Tennessee Democratic nominee for governor and promoter of the 1982 Knoxville World's Fair. First Tennessee Bank, which purchased the failed bank, did not attempt to develop or commercialize the computer banking platform.

Internet and customer reluctance and banking
When the clicks-and-bricks euphoria hit in the late 1990s, many banks began to view web-based banking as a strategic imperative. In 1996 OP Financial Group, a cooperative bank, became the second online bank in the world and the first in Europe. The attraction of online banking is fairly obvious: diminished transaction costs, easier integration of services, interactive marketing capabilities, and other benefits that boost customer lists and profit margins. Additionally, online banking services allow institutions to bundle more services into single packages, thereby luring customers and minimizing overhead.

In 1995, Wells Fargo was the first U.S. bank to add account services to its website, with other banks quickly following suit. That same year, Presidential became the first U.S. bank to open bank accounts over the internet. According to research by Online Banking Report, at the end of 1999 less than 0.4% of households in the U.S. were using online banking. At the beginning of 2004, some 33 million U.S. households (31%) were using some form of online banking. Five years later, 47% of Americans used online banking, according to a survey by Gartner Group. Meanwhile, in the UK online banking grew from 63% to 70% of internet users between 2011 and 2012.

By 2018, the number of digital banking users in the U.S. reached approximately 61 percent. The penetration of online banking in Europe has been increased as well. In 2019, 93 percent of the Norwegian population access online banking sites, which is the highest in Europe, followed by Denmark and Netherlands. Across Asia, more than 700 million consumers are estimated to use digital banking regularly, according to a 2015 survey by McKinsey and Company.

By 2000, 80% of U.S. banks offered e-banking. Customer use grew slowly. At Bank of America, for example, it took 10 years to acquire 2 million e-banking customers. However, a significant cultural change took place after the Y2K scare ended.

In 2001, Bank of America became the first bank to top 3 million online banking customers, more than 20% of its customer base. In comparison, larger national institutions, such as Citigroup claimed 2.2 million online relationships globally, while J.P. Morgan Chase estimated it had more than 750,000 online banking customers. Wells Fargo had 2.5 million online banking customers, including small businesses. Online customers proved more loyal and profitable than regular customers. In October 2001, Bank of America customers executed a record 3.1 million electronic bill payments, totaling more than $1 billion. As of 2017, the bank has 34 million active digital accounts, both online and mobile. In 2009, a report by Gartner Group estimated that 47% of United States adults and 30% in the United Kingdom bank online.

The early 2000s saw the rise of the branch-less banks as internet only institutions. These internet-based banks incur lower overhead costs than their brick-and-mortar counterparts. In the United States, deposits at some direct banks are FDIC-insured and offer the same level of insurance protection as traditional banks. Neobanks are branch-less banks in the United States which are not FDIC-insured.

The United Kingdom
Online banking started in the United Kingdom with the launch of Nottingham Building Society (NBS)'s Homelink service in September 1982, initially on a restricted basis, before it was expanded nationally in 1983. Homelink was delivered through a partnership with the Bank of Scotland and British Telecom's Prestel service. The system used Prestel viewlink system and a computer, such as the BBC Micro, or keyboard (Tandata Td1400) connected to the telephone system and television set. The system allowed users to "transfer money between accounts, pay bills and arrange loans... compare prices and order goods from a few major retailers, check local restaurant menus or real estate listings, arrange vacations... enter bids in Homelink's regular auctions and send electronic mail to other Homelink users." In order to make bank transfers and bill payments, a written instruction giving details of the intended recipient had to be sent to the NBS who set the details up on the Homelink system. Typical recipients were gas, electricity and telephone companies and accounts with other banks. Details of payments to be made were input into the NBS system by the account holder via Prestel. A cheque was then sent by NBS to the payee and an advice giving details of the payment was sent to the account holder. BACS was later used to transfer the payment directly.

The United States
In the United States in-home banking was "is still in its infancy" with banks "cautiously testing consumer interest" in 1984, a year after online banking went national in the UK. At the time Chemical Bank in New York was "still working out the bugs from its service, which offers somewhat limited features". The service from Chemical, called Pronto, was launched in 1983 and was aimed at individuals and small businesses. It enabled them to maintain electronic checkbook registers, see account balances, and transfer funds between checking and savings accounts. The other three major banks — Citibank, Chase Bank and Manufacturers Hanover — started to offer home banking services soon after. Chemical's Pronto failed to attract enough customers to break even and was abandoned in 1989. Other banks had a similar experience.

Since it first appeared in the United States, online banking has been federally governed by the Electronic Funds Transfer Act of 1978.

France
After a test period with 2,500 users starting in 1984, online banking services were launched in 1988, using Minitel terminals that were distributed freely to the population by the government. By 1990, 6.5 million Minitels were installed in households. Online banking was one of the most popular services.

Online banking services later migrated to the Internet.

Japan
In January 1997, the first online banking service was launched by Sumitomo Bank. By 2010, most major banks implemented online banking services, however, the types of services offered varied. According to a poll conducted by Japanese Bankers Association (JBA) in 2012, 65.2% were the users of personal internet banking.

China
In January 2015, WeBank, the online bank created by Tencent, started 4-month-long online banking trail operation.

Australia
In December 1995, Advance Bank acquired by St.George Bank, started to provide customers with online banking with the rollout of the C++ Internet banking program.

India
In 1998, ICICI Bank introduced internet banking to its customers.

Brazil
In 1996, Banco Original SA launched its online-only retail banking. In 2019 new banks began to emerge as the Conta Simples, focused only for companies.

Slovenia
Virtual or online banking became a reality in Slovenia in 1997, when SKB bank launched this service under the name of SKB Net. Two years later, they were followed by the largest Slovenian bank, NLB bank, who started offering online banking services in 1999 under the name of NLB Klik. Nowadays, actually every bank in Slovenia is offering online banking services. The Slovenian Central bank's data shows that there was a rise of 5,1% in 2017 from the previous year and the number almost doubled from more than ten years ago. At the end of 2019, the number of users was almost 1 million. The number of payments is around 26 million per quarter, which means that there are more than 100 million payments made online in Slovenia every year, and another 3 million made to offshore accounts. Data from the Slovenian Central bank also show that the total value of payments in 2017 reached more than €240 million. More than 900,000 use online banking in Slovenia

Canada
Virtual banking first became a possibility in 1996 with the Bank of Montreal's mbanx. mbanx was released at the very beginning of the internet banking revolution in Canada and was the first full-service online bank Also in 1996, RBC started providing banking information online and had the first personal computer banking software released that year

In 1997, the bank ING Direct Canada (now known as Tangerine Bank) was founded with almost entirely online banking using only small cafes for meetings and very few physical branches. This was completely different from how banks had operated in Canada previously. By the early 2000s, all of the major banks in Canada rolled out some form of online banking.

Ukraine
Remote customer service of banks via the internet or Online banking (e-banking) in Ukraine was introduced more than two decades ago. Legal entities have been using the remote control of bank accounts since the mid-1990s. PrivatBank, which launched the “Privat24” system in 2000, became a pioneer in retail online banking.

Since 2000, most financial institutions have been actively implementing online offices and web banking. 2007 - the number of Ukrainian banks that introduced Online Banking exceeded 20. 2018 - the ability to manage accounts and make transfers online is available in almost all financial institutions in Ukraine.

Nowadays, the list of Internet banking services, with rare exceptions, repeats the entire product line of banks. With the help of Internet banking (IB), you can not only control the movement of funds in their accounts, but also perform more complex operations: for example, order a payment card or open a deposit account, repay the loan, and recently it became possible to buy and sell currency.

The rapid development of Internet banking in Ukraine is provoking the growth of Internet users. It is important to mention that the largest functionality, more than 40 options - from transfers and opening deposits to home accounting and purchasing tickets are available in PrivatBank. There are 37 options in the Internet banking system of the First Ukrainian International Bank, 35 - in Alfa-Bank. One of the most popular services in which Internet banking users are interested in the ability to pay remotely for utilities.

Νorth Macedonia
Compared to several years ago, when the people living in Macedonia had to go directly to the banks to perform financial transactions, today there is a widely functional e-banking system. Macedonian banks today offer conventional e-banking services, electronic products including debit/credit cards and e-trading and contemporary electronic services like internet banking and online investing. What is important when it comes to e-banking is the trust in banks, usability of the platforms and the overall marketing for e-banking from banks. Moreover, it's also important to constantly update the e-banking services. One successful example regarding the above-mentioned characteristics in Macedonia is “Stopanska Banka” AD Skopje. In the country, several factors significantly influence the level of adoption and usage of e-banking services, such as age, level of education and complexity of the e-banking services offered by banks. Naturally, elderly clients use e-banking services less than younger people. In addition, the level of education has a significant influence on the level of usage, meaning that the higher the education level, the more likely is for the citizen to use e-banking services. As for the satisfaction, citizens are generally more satisfied with the e-banking services offered by various banks when they have a diverse portfolio of services and offer fast and simple completion of transactions.

Cook Islands
The Bank of the Cook Islands introduced online banking in 2015, under the leadership of Vaine Nooana-Arioka.

Operation
To access a bank and online banking facility, a customer with internet access will need to register with the bank for the service, and set up a password and other credentials for customer verification. The customer visits the financial institution's secure website, and enters the online banking facility using the customer number and credentials previously set up.

Each financial institution can determine the types of financial transactions which a customer may transact through online banking, but usually includes obtaining account balances, a list of recent transactions, electronic bill payments, financing loans and funds transfers between a customer's or another's accounts. Most banks set limits on the amounts that may be transacted, and other restrictions. Most banks also enable customers to download copies of bank statements, which can be printed at the customer's premises (some banks charge a fee for mailing hard copies of bank statements). Some banks also enable customers to download transactions directly into the customer's accounting software. The facility may also enable the customer to order a cheque book, statements, report loss of credit cards, stop payment on a cheque, advise change of address and other routine actions.

Some financial institutions offer special internet banking services, for example, Personal financial management support, such as importing data into personal accounting software. Some online banking platforms support account aggregation to allow the customers to monitor all of their accounts in one place whether they are with their main bank or with other institutions.

Security
Security of a customer's financial information is very important, without which online banking could not operate. Similarly the reputational risks to banks themselves are important. Financial institutions have set up various security processes to reduce the risk of unauthorized online access to a customer's records, but there is no consistency to the various approaches adopted.

The use of a secure website has been almost universally embraced.

Though single password authentication is still in use, it by itself is not considered secure enough for online banking in some countries. There are essentially two different security methods in use for online banking:
 * The PIN/TAN system where the PIN represents a password, used for the login and TANs representing one-time passwords to authenticate transactions. TANs can be distributed in different ways, the most popular one is to send a list of TANs to the online banking user by postal letter. Another way of using TANs is to generate them by need using a security token. These token generated TANs depend on the time and a unique secret, stored in the security token (two-factor authentication or 2FA).


 * More advanced TAN generators (chipTAN) also include the transaction data into the TAN generation process after displaying it on their own screen to allow the user to discover man-in-the-middle attacks carried out by Trojans trying to secretly manipulate the transaction data in the background of the PC.


 * Another way to provide TANs to an online banking user is to send the TAN of the current bank transaction to the user's (GSM) mobile phone via SMS. The SMS text usually quotes the transaction amount and details, the TAN is only valid for a short period of time. Especially in Germany, Austria and the Netherlands many banks have adopted this "SMS TAN" service. There is also "PhotoTAN" service, where the bank generates and sends a QR code image to a smartphone device of the online banking user.
 * Usually online banking with PIN/TAN is done via a web browser using SSL secured connections, so that there is no additional encryption needed.


 * Signature based online banking where all transactions are signed and encrypted digitally. The Keys for the signature generation and encryption can be stored on smartcards or any memory medium, depending on the concrete implementation (see, e.g., the Spanish ID card DNI electrónico ).

Attacks
Attacks on online banking used today are based on deceiving the user to steal login data and valid TANs. Two well known examples for those attacks are phishing and pharming. Cross-site scripting and keylogger/Trojan horses can also be used to steal login information.

A method to attack signature based online banking methods is to manipulate the used software in a way, that correct transactions are shown on the screen and faked transactions are signed in the background.

Another kind of attack is the so-called man-in-the-browser attack, a variation of the man-in-the-middle attack where a Trojan horse permits a remote attacker to secretly modify the destination account number and also the amount in the web browser.

A 2008 U.S. Federal Deposit Insurance Corporation Technology Incident Report, compiled from suspicious activity reports banks file quarterly, lists 536 cases of computer intrusion, with an average loss per incident of $30,000. That adds up to a nearly $16-million loss in the second quarter of 2007. Computer intrusions increased by 150 percent between the first quarter of 2007 and the second. In 80 percent of the cases, the source of the intrusion is unknown but it occurred during online banking, the report states.

In 2014 in the UK, losses from online banking fraud rose by 48% compared with 2013. According to a study by a group of Cambridge University cybersecurity researchers in 2017, online banking fraud has doubled since 2011.

As of 2012 there were also combined attacks using malware and social engineering to persuade the user himself to transfer money to the fraudsters on the ground of false claims (like the claim the bank would require a "test transfer" or the claim a company had falsely transferred money to the user's account and he should "send it back").

Countermeasures
There exist several countermeasures which try to avoid attacks.

Whatever operating system is used, it is advised that the operating system is still supported, and properly patched.

Digital certificates are used against phishing and pharming, in signature based online banking variants (HBCI/FinTS) the use of "Secoder" card readers is a measurement to uncover software side manipulations of the transaction data.

In 2001, the U.S. Federal Financial Institutions Examination Council issued guidance for multifactor authentication (MFA) and then required to be in place by the end of 2006.

In 2012, the European Union Agency for Network and Information Security advised all banks to consider the PC systems of their users being infected by malware by default and therefore use security processes where the user can cross-check the transaction data against manipulations like for example (provided the security of the mobile phone holds up) SMS TAN where the transaction data is sent along with the TAN number or standalone smartcard readers with an own screen including the transaction data into the TAN generation process while displaying it beforehand to the user (see chipTAN) to counter man-in-the-middle attacks.

Criticism and problems
The increase in online banking with a concomitant closure of local bank branch offices or reduced retail opening hours discriminates against people who cannot use online banking, for physical or mental limitations like age, or illness.

In 2022, a retired Spanish urologist with Parkinson's disease gathered more than 600,000 signatures in an online petition asking banks and other institutions to serve all citizens, and not discriminate against the oldest and most vulnerable members. In Spain, the number of bank branches had shrunk to about 20,000 in 19 years since the bailout of 2012 and with the Coronavirus pandemic another 3000 branches closed in 2 years. "They are excluding those of us who have trouble using the internet." In February 2022, Spanish banks signed a protocol at the Ministry of Economy (Spain) pledging to offer better customer services to senior citizens, for example by "extending again their branch opening hours, giving priority to older people to access counters and simplifying the interface of their apps and web pages".

With online banking, race discrimination is even less likely to be pinpointed, because of intransparent decision-making by algorithms.

Online banking requires access to broadband services. However not everyone has equal access to the internet, which has been called the digital divide. In March 2022, the U.S. Federal Communications Commission formed a task force to prevent digital discrimination.