Online banking access system : Principles behind choices and further development, seen from a managerial perspective

Abstract: Online banking is a young way for banks to reach new and old customers. The concept has emerged over the last decade from being not very utilized to become a major channel for the bigger banks in Sweden but also in the world. This thesis will present a study of what principles the four major Swedish banks have based their decision on when choosing what type of online access system to use. Furthermore try to present what the future principles might be toward online banking access systems. This might also show how new systems might look like and what the banks strives to achieve when making these systems not only safer but more available and usable. The thesis will present what authentication is and how the authentication process is used today. Today in general what is used is the two factor au-thentication which is based upon passwords. This two factor authentication makes it hard for attackers to breach the systems in use today, but there are ways which are emerging to gain access. Such an emerging threat is the SSL-evading Trojans. Still these kinds of threats are not common at all but they need to be considered. Today passwords are the only means we can use to make the authentication processes safe but they are not enough, according to Bill Gates. Therefore we have looked at new ways to complement today’s password based authentication processes; such compliments might be the use of biometrics, which seems to be an emerging technology. This study have been a challenge from the beginning since we knew that this is a very in-tense subject for the banks to discuss and therefore we have had to be persuasive in many cases and let the banks answer anonymously to be able to gather as much information as possible from our sample banks. Furthermore we have collected up to date articles and studies to be able to get as accurate information as possible. The main findings we have discovered is the trade-off between security versus availability and flexibility and these factors were the same no matter what online access system, PDA or smart card, they have in use. But also that all the banks states that their authentication process is very safe and striving to become 100% secure, even though we have found new threats which is not of an authentication problem but a matter of transactional problem. The banks have shown through the interviews that they lack awareness of such a threat.