Electronic banking , e-banking , online banking , home banking or electronic banking (e-bank) is the processing of banking transactions via data lines with the help of PCs, smartphones and other electronic devices or via telephone connections with the help of telephones ( telebanking , telephone banking or Phonebanking ).
Postbank was one of the pioneers of online banking, and it began with screen text in the 1980s . This technique did not catch on as expected and was discontinued in 2001, although the program itself continued to operate until 2007. The Sparda-Bank took from 1996 developed by the grown up in East Germany, young entrepreneurs Jozsef BUGOVICS hardware solution MeChip . In the beginning, the differentiation from home banking was not clear, as some activities (e.g. transfers) could be carried out in different ways, i. H. on the screen or by sending it by post, while this was not possible for numerous other banking transactions, at least for private customers (e.g. securities transactions ). In individual cases, orders can also be sent to the bank by fax . With the development of the Internet and corresponding web browsers , a clear trend can be observed. In Germany alone, the share of online banking transactions increased from 8% in 1998 to 36% in 2008.
According to a survey carried out by RCG-Retailbanking in 2017, 28% of private customers worldwide carried out their banking transactions online in 2015, compared to 43% in 2017. In 2014, 55% of Germans did their banking online; in 2017, 50% only used online offers. In 2008 there were 24 million people online banking, which corresponds to 38 percent of the 16 to 74 year olds. Various systems have been developed to protect banking transactions against misuse, such as a separate portal for brokerage , queries via SMS , PIN , etc., especially in the securities business .
Electronic banking is a generic term for a number of different methods to be able to conduct banking transactions independently of bank branches and bank opening hours. One can delimit these methods as follows:
The individual methods have been developed for specific target groups. So z. For example, the classic data carrier exchange is preferred by larger business customers, while telephone banking, which is very simple to use, and whose importance is gradually disappearing in favor of e-banking, is more appealing to private customers. In practice, however, mixing often takes place.
Data carrier exchange
In addition to the electronic transmission of files via FTAM / BCS (see below), the physical exchange of data carriers is mainly used by large companies and municipalities with a large number of orders.
In this case, transfers and direct debits are submitted to the bank in file form on diskettes or CD-ROMs , previously also on magnetic tapes. The structure of the file (" DTAUS file") is standardized across all banks by the Deutsche Kreditwirtschaft and contains not only the client and recipient data, but also the type of order (transfer or direct debit) and summary data for control purposes.
The legitimation and authorization of the orders takes place by means of a data carrier slip with the signature of an authorized representative.
Within Switzerland there is a uniform and standardized structure for the DTA format. The data carrier exchange format (DTA) is defined by SIX Interbank Clearing AG (a joint venture of the Swiss banks). The Swiss format is not compatible with the German format.
Online banking means direct access to the bank computer. (e.g. via the Internet or direct dial-in at the bank via remote data transmission ).
Two procedures are common here:
- Browser-based Internet banking on the website of the bank , mostly through TLS secured.
- Use of an online banking program (so-called client program) with which the transactions are initially prepared offline , i.e. without a network connection, by filling out a transfer slip, for example. Only then is a network connection established to transmit the collected transactions.
The orders are signed with the help of an electronic signature . Several procedures have become established here:
- PIN / TAN (with paper TAN list, TAN generator, eTAN, sm @ rt TAN, chipTAN, optical TAN or mobile TAN, e.g. via SMS)
- Homebanking Computer Interface ( HBCI ) or Financial Transaction Services ( FinTS ) with legitimation by chip card or key disk.
- File Transfer and Access Management ( FTAM ) with electronic signature (EU); especially widespread in the corporate sector; Direct dial-in to the bank computer via ISDN or DATEX-P .
- Banking Communication Standard ( BCS ), i. d. Usually identical to FTAM, mostly used by larger companies using electronic signatures.
- Electronic Banking Internet Communication Standard ( EBICS ): Extension of the Banking Communication Standard for communication via the Internet using electronic signatures. Future multi-bank standard for corporate customer business via the Internet (nationwide introduction in Germany on January 1, 2008).
Modern browser-based internet banking systems are characterized, among other things, by portal functions, accessibility , various security mechanisms (e.g. against phishing ), notification options (e.g. in the event of an account balance change via SMS or email ), mobile TAN procedures and freely selectable ones Login name. All known browser-based internet banking systems have been implemented using proprietary software to date .
In Austria , the MBS / IP process is mainly used.
Online banking security
A distinction must be made between the security of the actual data transfer to or from the bank and data processing at the workplace.
In all browser and client-based electronic banking systems, encryption of the data transmission by the banks is guaranteed. This cannot be manipulated according to human judgment - or only with considerable expenditure of time and resources. The HTTPS transmission protocol can use various encryption algorithms that are differently secure. When the connection is established, the web browser and bank server negotiate the encryption algorithm, with most banks working with the Advanced Encryption Standard with 256-bit keys.
The first point of attack for a fraudster is the home PC. Computers should always be secured by an up-to-date virus scanner and a firewall to prevent the spread of malware such as B. to prevent viruses , keyloggers or Trojans . With such malware z. B. remote control of the computer possible.
By phishing , pharming or SIM-swapping is attempted directly to the order necessary for the signature of data (for. Example PIN / TAN) to arrive. Every bank customer can protect himself by not passing on the access authorizations provided by the banks or storing them in the computer.
A manipulation of the domain name system to convert the URL of an online banking site to the IP address of an attacker ( DNS spoofing ) would also be conceivable . This would redirect the web browser to another web server even though the correct URL was entered.
A more complex attack on online banking is the man-in-the-middle attack , in which the attacker switches between the user and the bank. So it is necessary to monitor the traffic directly in real time. Corresponding attacks are carried out on the user's computer using Trojans , for example . In 2012, the European Agency for Network and Information Security therefore recommended that all banks consider their customers' PCs as infected and to use security procedures in which the customer can once again check the actual transfer data independently of the PC, such as - with the proviso that the security of the mobile phone can be guaranteed - mTAN or smart card-based solutions with their own control display such as chipTAN .
Measures for secure online banking
The prerequisite for secure online banking is a secure procedure for authentication and authorization. In web browser-based online banking, the chipTAN process corresponds to the current state of technology (2012). In the area of home banking, for which home banking software must be installed on the customer's computer, HBCI with a chip card and Secoder- enabled card reader is the most secure method, whereby the respective bank and home banking software must support the Secoder extension for HBCI.
In addition, there are a number of technical measures that can be implemented on the customer's computer. This includes, for example, the installation of anti-virus software and a personal firewall. Especially for users of older TAN procedures, such as TAN lists made of paper or simple TAN generators (not chipTAN), where the transfer data are not included in the TAN calculation, the use of a live CD or a live USB can also be used Sticks with the free Knoppix make sense. Live systems usually do not contain banking Trojans and can thus protect the user from the trojan problem. These measures focus on the technical aspects.
An equally important aspect for secure online banking is to raise the user's level of knowledge and awareness of possible frauds (see also: "Social Engineering" ). Banking Trojans such as Tatanga or Matsnu.J have made it clear that the conscious manipulation of the user does not make it necessary to circumvent the technical security measures. By faking false facts, e.g. B. an alleged "test" or "return transfer", taking advantage of the ignorance of the bank customer, a number of bank customers have already been defrauded of considerable amounts.
Payment methods based on online banking
Giropay and Sofortüberweisung are online payment methods that are based on transfers via online banking and have been specially optimized for the requirements of e-commerce . Real-time transfers in the European Payments Area (SEPA) have been gradually becoming the standard since November 2017 .
With telephone banking, account balance inquiries, transfers, and often securities transactions are processed over the telephone. Voice computers, but also call center or combined solutions are used here.
Paying by credit card , debit card or cash card is also part of the electronic banking sector. Depending on the card used, the payment is authorized by PIN or signature. With the cash card and some VISA cards, authentication only takes place when topping up.
See also: Cashless payment transactions
In Switzerland, companies can send electronic invoices to their customers (private individuals or corporate customers) in the form of e-bills ; Customers can then use their online banking account to see an overview of all invoices and approve open invoices for payment.
- Jürgen Krumnow (ed.): Management manual eBanking . Schäffer-Poeschel, Stuttgart 2001, ISBN 3-7910-1841-8 .
- Heinz Sauerburger (Ed.): Payment systems / e-banking. HMD 224, dpunkt.verlag, Heidelberg 2002, ISBN 3-89864-154-6 .
- Markus Knüfermann: Designing Internet banking services for private customers of German savings banks . Springer / Bank-Verlag, Vienna / New York, 2003, ISBN 3-85136-065-6 .
- Ernst Stahl, Thomas Krabichler, Markus Breitschaft, Georg Wittmann: Electronic Banking 2007 - Trends and Future Requirements in Corporate Banking. Part 1 . Delphi expert survey, IBI Research, Regensburg 2007, ISBN 978-3-937195-14-8 .
- Online banking - convenient and secure - information brochure from the Federal Association of German Banks
- Study cycle of the University of Regensburg on electronic banking in corporate banking
- Trojan-proof online accounts - Bernd Borchert, University of Tübingen
- The security of TAN procedures and HBCI
- Study group for cooperation in payment transactions (standardization institute of banks in Austria, including the MBS standard)
- ↑ Online banking and security at postbank.de, accessed on October 10, 2017
- ↑ "110 years of Sparda-Bank Hamburg. From the railroad to the data highway ( Memento from September 8, 2017 in the Internet Archive )
- ↑ Figures according to the Federal Association of German Banks on bankenverband.de: 'Figures, data, facts of the banking industry' (December 2015; PDF, page 13)
- ↑ http://www.fondsprofessionell.de 3/2017, print edition page 288
- ↑ Online banking is only growing slowly heise.de, February 22, 2009
- ↑ Report on Heise on the use of encryption algorithms
- ↑ Katusha: LKA smashes ring of online fraudsters WinFuture.de, October 29, 2010
- ^ "High Roller" online bank robberies reveal security gaps European Union Agency for Network and Information Security, July 5, 2012
- ↑ Secoder 2.0 standard in StarMoney ( memento from November 18, 2015 in the Internet Archive ) starmoney.de, Star Finanz-Softwareentwicklung und Vertriebs GmbH, accessed on November 18, 2015.
- ↑ ZKA: Specification FinTS 3.0 Alternative ZKA security procedures (PDF; 1.2 MB)
- ↑ Knoppix website
- ↑ https://www.visa.de/produkte/lösungen-mit-visa
- ↑ eBill - send and pay bills digitally. In: ebill.ch. Accessed December 1, 2019 .
- ^ Nicole Roos: E-Banking: E-Bill with teething problems. In: srf.ch. February 22, 2019, accessed December 1, 2019 .