Banking and Shopping

Online banking (or Internet banking) allows customers to conduct financial transactions on a secure website operated by their retail or virtual bank, credit union or building society.

Features

Online banking solutions have many features and capabilities in common, but traditionally also have some that are application specific.

The common features fall broadly into several categories

• Transactional (e.g., performing a financial transaction such as an account to account transfer, paying a bill, wire transfer, apply for a loan, new account, etc.)
  • Payments to third parties, including bill payments and telegraphic/wire transfers
  • Funds transfers between a customer's own transactional account and savings accounts
  • Investment purchase or sale
  • Loan applications and transactions, such as repayments of enrollments

• Non-transactional (e.g., online statements, cheque links, cobrowsing, chat)
  • Viewing recent transactions
  • Downloading bank statements, for example in PDF format
  • Viewing images of paid cheques
• Financial Institution Administration
• Management of multiple users having varying levels of authority
• Transaction approval process

Features commonly unique to Internet banking include

• Personal financial management support, such as importing data into personal accounting software. Some online banking platforms support account aggregation to allow the customers to monitor all of their accounts in one place whether they are with their main bank or with other institutions.

Security

Security token devices

Protection through single password authentication, as is the case in most secure Internet shopping sites, is not considered secure enough for personal online banking applications in some countries. Basically there exist two different security methods for online banking.

• The PIN/TAN system where the PIN represents a password, used for the login and TANs representing one-time passwords to authenticate transactions. TANs can be distributed in different ways, the most popular one is to send a list of TANs to the online banking user by postal letter. The most secure way of using TANs is to generate them by need using a security token. These token generated TANs depend on the time and a unique secret, stored in the security token (this is called two-factor authentication or 2FA). Usually online banking with PIN/TAN is done via a web browser using SSL secured connections, so that there is no additional encryption needed.

Another way to provide TANs to an online banking user, is to send the TAN of the current bank transaction to the user's (GSM) mobile phone via SMS. The SMS text usually quotes the transaction amount and details, the TAN is only valid for a short period of time. Especially in Germany and Austria, many banks have adapted this "SMS TAN" service as it is considered as very secure.

• Signature based online banking where all transactions are signed and encrypted digitally. The Keys for the signature generation and encryption can be stored on smartcards or any memory medium, depending on the concrete implementation.

Attacks

Most of the attacks on online banking used today are based on deceiving the user to steal login data and valid TANs. Two well known examples for those attacks are phishing and pharming. Cross-site scripting and keylogger/Trojan horses can also be used to steal login information.

A method to attack signature based online banking methods is to manipulate the used software in a way, that correct transactions are shown on the screen and faked transactions are signed in the background.

A recent FDIC Technology Incident Report, compiled from suspicious activity reports banks file quarterly, lists 536 cases of computer intrusion, with an average loss per incident of $30,000. That adds up to a nearly $16-million loss in the second quarter of 2007. Computer intrusions increased by 150 percent between the first quarter of 2007 and the second. In 80 percent of the cases, the source of the intrusion is unknown but it occurred during online banking, the report states.

The most recent kind of attack is the so-called Man in the Browser attack, where a Trojan horses permits a remote attacker to modify the destination account number and also the amount.

Countermeasures

There exist several countermeasures which try to avoid attacks. Digital certificates are used against phishing and pharming, the use of class-3 card readers is a measure to avoid manipulation of transactions by the software in signature based online banking variants. To protect their systems against Trojan horses, users should use virus scanners and be careful with downloaded software or e-mail attachments.

In 2001 the FFIEC issued guidance for multifactor authentication (MFA) and then required to be in place by the end of 2006.

Mobile banking (also known as M-Banking, mbanking, SMS Banking) is a term used for performing balance checks, account transactions, payments, credit applications and other banking transactions through a mobile device such as a mobile phone or Personal Digital Assistant (PDA). The earliest mobile banking services were offered over SMS. With the introduction of the first primitive smart phones with WAP support enabling the use of the mobile web in 1999, the first European banks started to offer mobile banking on this platform to their customers.

Mobile banking has until recently (2010) most often been performed via SMS or the Mobile Web. Apple's initial success with iPhone and the rapid growth of phones based on Google's Android (operating system) have led to increasing use of special client programs, called apps, downloaded to the mobile device.

 A mobile banking conceptual model

In one academic model, mobile banking is defined as:

Mobile Banking refers to provision and availment of banking- and financial services with the help of mobile telecommunication devices.The scope of offered services may include facilities to conduct bank and stock market transactions, to administer accounts and to access customised information."

According to this model Mobile Banking can be said to consist of three inter-related concepts:

• Mobile Accounting
• Mobile Brokerage
• Mobile Financial Information Services

Most services in the categories designated Accounting and Brokerage are transaction-based. The non-transaction-based services of an informational nature are however essential for conducting transactions - for instance, balance inquiries might be needed before committing a money remittance. The accounting and brokerage services are therefore offered invariably in combination with information services. Information services, on the other hand, may be offered as an independent module.

Mobile phone banking may also be used to help in business situations

 Trends in mobile banking

The advent of the Internet has enabled new ways to conduct banking business, resulting in the creation of new institutions, such as online banks, online brokers and wealth managers. Such institutions still account for a tiny percentage of the industry.^{[citation needed]}

Over the last few years, the mobile and wireless market has been one of the fastest growing markets in the world and it is still growing at a rapid pace. According to the GSM Association and Ovum, the number of mobile subscribers exceeded 2 billion in September 2005, and now exceeds 2.5 billion (of which more than 2 billion are GSM).With mobile technology, banks can offer services to their customers such as doing funds transfer while travelling, receiving online updates of stock price or even performing stock trading while being stuck in traffic. Smartphones and 3G connectivity provide some capabilities that older text message-only phones do not.

Mobile Banking Services

Mobile banking can offer services such as the following:

 Account Information

1. Mini-statements and checking of account history
2. Alerts on account activity or passing of set thresholds
3. Monitoring of term deposits
4. Access to loan statements
5. Access to card statements
6. Mutual funds / equity statements
7. Insurance policy management
8. Pension plan management
9. Status on cheque, stop payment on cheque
10. Ordering cheque books
11. Balance checking in the account
12. Recent transactions
13. Due date of payment (functionality for stop, change and deleting of payments)
14. PIN provision, Change of PIN and reminder over the Internet
15. Blocking of (lost, stolen) cards

 Payments, Deposits, Withdrawals, and Transfers

1. Domestic and international fund transfers
2. Micro-payment handling
3. Mobile recharging
4. Commercial payment processing
5. Bill payment processing
6. Peer to Peer payments
7. Withdrawal at banking agent
8. Deposit at banking agent

A specific sequence of SMS messages will enable the system to verify if the client has sufficient funds in his or her wallet and authorize a deposit or withdrawal transaction at the agent. When depositing money, the merchant receives cash and the system credits the client's bank account or mobile wallet. In the same way the client can also withdraw money at the merchant: through exchanging sms to provide authorization, the merchant hands the client cash and debits the merchant's account.

 Investments

1. Portfolio management services
2. Real-time stock quotes
3. Personalized alerts and notifications on security prices
4. mobile banking

 Support

1. Status of requests for credit, including mortgage approval, and insurance coverage
2. Check (cheque) book and card requests
3. Exchange of data messages and email, including complaint submission and tracking
4. ATM Location

 Content Services

1. General information such as weather updates, news
2. Loyalty-related offers
3. Location-based services

Based on a survey conducted by Forrester, mobile banking will be attractive mainly to the younger, more "tech-savvy" customer segment. A third of mobile phone users say that they may consider performing some kind of financial transaction through their mobile phone. But most of the users are interested in performing basic transactions such as querying for account balance and making bill payment.

SMS BANKING

SMS banking is a technology-enabled service offering from banks to its customers, permitting them to operate selected banking services over their mobile phones using SMS messaging.

Push and pull messages

SMS banking services are operated using both push and pull messages. Push messages are those that the bank chooses to send out to a customer's mobile phone, without the customer initiating a request for the information. Typically push messages could be either Mobile marketing messages or messages alerting an event which happens in the customer's bank account, such as a large withdrawal of funds from the ATM or a large payment using the customer's credit card, etc. (see section below on Typical Push and Pull messages).

Another type of push message is One-time password (OTPs). OTPs are the latest tool used by financial and banking service providers in the fight against cyber fraud. Instead of relying on traditional memorized passwords, OTPs are requested by consumers each time they want to perform transactions using the online or mobile banking interface. When the request is received the password is sent to the consumer’s phone via SMS. The password is expired once it has been used or once its scheduled life-cycle has expired.

Pull messages are those that are initiated by the customer, using a mobile phone, for obtaining information or performing a transaction in the bank account. Examples of pull messages for information include an account balance enquiry, or requests for current information like currency exchange rates and deposit interest rates, as published and updated by the bank.

The bank’s customer is empowered with the capability to select the list of activities (or alerts) that he/she needs to be informed. This functionality to choose activities can be done either by integrating to the internet banking channel or through the bank’s customer service call centre.

BANKING AND SHOPPING

Home banking

Here are some banks (including mine, PCF) with their on-line banking links. The cost saving to banks of on-line banking is huge.

• President's Choice Financial no-fee banking, tel 1-888-872-4724
• Bank of Montreal
• Solutions Banking - Investors Group
• ATM locations in Ottawa
• Bank of Nova Scotia.
• Citizens Bank of Canada
• Citi cards online
• RBC Visa online

Home shopping

Listed below are e-commerce sites that I have either used or find interesting.
(Short cut to my favourite stores in the Ottawa area)

• Book Seekers of Ottawa - used and/or rare books
• CIBC Hot line - credit card protection
• The Country Grocer - Groceries in the Ottawa region
• Canada.com
• Antiques auction
• Audi cars
• Auto Mall
• Barnes and Noble
• Big Planet Store - for thousands of consumer items
• British Fan-Fayre British foods
• Broken Records Christian music distribution
• Chapters.ca
• Chum eShop.com Shop on-line at Ottawa area stores
• Compare.Net - Interactive Buyers' Guide
• Digibid music gear auction
• Discontinued China
• Egghead.com
• Evoclix printer supplies
• FeelBest.com Canada's largest online pharmacy
• Gardens-online (UK)
• e-Garden (UK)
• iCards: e-post cards for birthdays and other occasions
• IGS classifieds
• IGS marketplace
• Kanata Audio Books & Music Associate of Amazon.com
• Mount Carmel - Christian music supplies for missionaries
• Musical Instruments
• Online Grocer - Ottawa
• O'Shea's Market Ireland
• Ottawa Pennysaver
• Pathlight Christian Marketplace
• Perfect Greeting - eCards
• Potato Skins - for made-to-order slipcovers for furniture
• Priceline.com - reverses the buying algorithm
• Products that Matter
• Psychological and health products, Spanish and English
• RMB Internet advertizing
• Stria-Sphere E-Commerce solutions
• Rescue Island
• River of Life Discount Christian Bookstore
• Rogers on-line
• Sears
• Silversmith
• Snap.com - Auto sales, etc (USA)
• Staples Business Depot
• Sympatico Shopping
• Thorntons toffee and chocolate
• Gifts-to-Britain.com
• Trailing Edge.com - yesterday's computers
• The Yellow Pages
• World Line Long distance service. This is what I use. 0 cents / minute.

We all shop from time to time, and occasionally have an exceptional experience of products and/or service.
Here are some traditional (not necessarily e-commerce) stores and businesses in the Ottawa area that I can highly recommend.