E-Banking: Features, Advantages, Disadvantages, Attacks, Frauds Commerce YouTube Lecture Handouts Part 2

Get top class preparation for competitive exams right from your home: get questions, notes, tests, video lectures and more- for all subjects of your exam.

E-Banking: Features, Advantages, Disadvantages, Attacks, Frauds | Commerce


  • Cross-site scripting and keylogger/Trojan horses can also be used to steal login information.
  • A method to attack signature based online banking methods is to manipulate the used software in a way, that correct transactions are shown on the screen and faked transactions are signed in the background.
  • Another kind of attack is the so-called man-in-the-browser attack, a variation of the man-in-the-middle attack where a Trojan horse permits a remote attacker to secretly modify the destination account number and also the amount in the web browser.
  • As a reaction to advanced security processes allowing the user to cross-check the transaction data on a secure device.
  • There are also combined attacks using malware and social engineering to persuade the user himself to transfer money to the fraudsters on the ground of false claims (like the claim the bank would require a “test transfer” or the claim a company had falsely transferred money to the user՚s account and he should “send it back” )
  • “Trojan Horse” scheme unfolds when malicious software (malware) embeds to a consumer՚s computer without the consumer being aware of it.
  • Trojans often come in links or as attachments from unknown email senders.
  • After installation the software detects when a person accesses online banking sites and records the username and password to transmit to the offender.
  • People using public computers, in places like Internet cafes, are often susceptible to Trojans like malware or spyware.
  • Users should therefore never perform bank transfers they have not initiated themselves.

Internet Banking Frauds

  • Internet Banking Fraud is a fraud or theft committed using online technology to illegally remove money from a bank account and/or transfer money to an account in a different bank.
  • Internet Banking Fraud is a form of identity theft and is usually made possible through techniques such as phishing.
  • Now internet banking is widely used to check account details, make purchases, pay bills, transfer funds, print statements etc.
  • Generally, the user identity is the customer identity number and password is provided to secure transactions. But due to some ignorance or silly mistakes you can easily fall into the trap of cyber criminals.


  • A person՚s personal details are obtained by fraudsters posing as bankers, who float a site similar to that of the person՚s bank. They are asked to provide all personal information about themselves and their account to the bank on the pretext of database upgradation. The number and password are then used to carry out transactions on their behalf without their knowledge.
  • Phishing involves using a form of spam to fraudulently gain access to people՚s online banking details. As well as targeting online banking customers, phishing emails may target online auction sites or other online payment facilities.
  • Typically, a phishing email will ask an online banking customer to follow a link in order to update personal bank account details.
  • If the link is followed, the victim downloads a program which captures his or her banking login details and sends them to a third party.


It is an illegal practice used by identity thieves to capture credit card information from a cardholder surreptitiously. Fraudsters often use a device called a skimmer that can be installed at gas pumps or ATM machines to collect card data. Some machines act like point-of-sale technology.


Spyware such as Trojan Horse is generally considered to be software that is secretly installed on a computer and takes things from it without the permission or knowledge of the user. Spyware may take personal information, business information, bandwidth; or processing capacity and secretly gives it to someone else.


  • Spam is an electronic ‘junk mail’ or unwanted messages sent to your email account or mobile phone.
  • These messages vary, but are essentially commercial and often annoying in their sheer volume.
  • They may try to persuade you to buy a product or service, or visit a website where you can make purchases; or they may attempt to trick you into divulging your bank account or credit card details.

Nigerian Scam

  • Niegerian or Frauds 409 or 419 are basically the lottery scam in which some overseas persons are involved to cheat innocent persons or organizations by promising to give a good amount of money at nominal fee charges.
  • Their intention is to steal money in the form of fee against the lottery prize.

Public Access Can be Injurious

  • Don՚t leave the PC unattended after keying in information while transacting on the website. Avoid accessing your bank online at cyber cafes or on a share or public computer.
  • Also, avoid locations that offer online connections through wireless networks (Wi-Fi) , where privacy and security are minimal.

Follow Bank Instructions

  • Banks say that appropriate upgradations are carried out from time to time by their IT departments for risk mitigation.
  • They issue instructions to the customers to manage their accounts through virtual keyboards by way of which the characters typed by them are not identified by hackers.
  • SMS alerts are also an important tool since any transaction carried out on account is reported to the account holder through an SMS.


  • Learn the ways to protect yourself from online banking fraud schemes. Detect Trojans that appear on your PC in the form of viruses, spyware or malware through Antivirus Software, anti-Spyware, and Adware.
  • Also, learn to keep your cards, documents and passwords safe, and monitor your accounts to safeguard yourself from bank fraud committed through identity theft.

Securing Your Account

  • Avoid online banking on unsecured Wi-Fi systems and operate only from PCs at home. Never reveal password to anyone. Do not even write it on a piece of paper on diary. Just memorise it. It should be alphanemeric and change it frequently.
  • Never reply to queries from bank online about account or personal details. The personal information should not be kept in a public computer or in emails.


  • Always check the URL of your bank՚s web site. Fraudsters can lure you to enter your user ID and password at a fake website that resembles your bank. If you see anything other than the bank՚s genuine URL, it has to be fake.
  • Never enter your user ID or password or such sensitive information without ascertaining that you are on the right website. Always type the Web address of your bank into the browser address space. Never click on the link in the email.

Keep Your System up to Date

  • Regularly check for security updates for your computer operating system. Most security updates are aimed at reducing risks to your computer, these may be data-related or otherwise. Make sure that your operating system and browser have the latest security patches installed. And, always install these only from trusted websites.
  • Install a personal firewall to prevent hackers from gaining unauthorised access to your computer, especially if you connect to the Internet through a cable or a DSL modem.

Fool-Proof Password

  • Change your online banking password at regular intervals.
  • Also, avoid easy-to-guess passwords, like first names, birthdays, kid՚s or spouse՚s name and telephone numbers. Try to have an alpha-numeric password, one that combines alphabets and numbers.
  • If you have several bank accounts, never use the same online banking password for all.
  • Never select the option on browser that stores or retains user name and password. As it can easily be cracked by cyber criminals.
  • Also, never paste your password, always type it in. This little amount of finger exercise will go a long way in safety.

Always Check ‘Last Logged’

  • Most banks have a ‘last logged in’ panel on their websites.
  • If your bank, has it, check the panel whenever you log in. If you notice irregularities (like you are logging in after two days, but the panel says you logged in that morning!) , report the matter immediately to your bank and change your password right away.
  • Always log out when you exit the online banking portal.
  • Close the browser to ensure that your secure session is terminated.
  • Never exit simply by closing the browser.


Q. ________ is an illegal practice used by identity thieves to capture credit card information from a cardholder surreptitiously.

Answer: Skimming

Q. ________ involves using a form of spam to fraudulently gain access to people՚s online banking details.

Answer: Phishing

Developed by: