Journal of Computer Science 8 (3): 374-381, 2012 ISSN 1549-3636 © 2012 Science Publications Information Technology Role in Reducing E-Banking Services Risk in Jordanian Banking Sector 1 Badi S. AL-Rawashdeh, 2Aymen M. Abu-Errub, 3 Ahmad Y. Areiqat and 4Mohammad Dbbaghieh 1 College of Business Administration, Princess Noura University, Saudi Arabia 2 Department of Computer Information Systems, Faculty of Information Technology, 3 Department of Business Administration, Faculty of Administrative and Financial Sciences, 4 Department of Accounting, Faculty of Administrative and Financial Sciences, Al-Ahliyya Amman University Amman, Jordan Abstract: Problem statement: This study aims to highlight the role of information technology in reducing risk of electronic banking services in the Jordanian banking sector. The study was conducted on three banks as a sample representative of the Jordanian banking sector. Approach: Data collection was through conducting personal interviews with the operations managers in the three banks (HBTF, JC Bank and Audi Bank). Results: The results showed that Jordanian banks showing highest attention toward risk management of e-banking, through their commitment to Basel Standards on risk management. Conclusion: Through the study, it will be clear that Jordanian banks committed to the standards of the Basel committee on safety and security of electronic banking services. These banks take into account all the potential risks before applying any system of electronic services. It is irrefutable evidence on the banks of Jordan keenness on protecting themselves and their customers from risk of theft through electronic means, the banks included their websites with detailed instructions to ensure that no customer fall prey to hackers. Key words: Results showed, risk management, Jordanian banks, information technology, electronic banking, Jordanian banking, banking services, information system, electronic banking services administrative processes in various types, activities and sizes of business organizations. It is not surprising that any system, maybe surrounded by several types of risks and these risks may be arising due to defects in the system itself, or in how to use it, or the possibility of storming by hackers. Since the banks, are among the most business organizations, that use information technology for the launch of its electronic banking services, this study aims to identify the means pursued by the Jordanian banks to reduce these risks. INTRODUCTION Any scientific discipline consists of its properties, its uniform and the terminology of Knowledge. Therefore , the automated information systems consist of the necessary equipment (Hardware) as property and information contained in the system (Software) and the terminology that help the user to access this information (instructions). In this sense, the information system acts as an intermediary between business management and computer science. In an age of advanced technology which we live now, we find that a lot of business organizations have become dependent on information and communication technology in the management of its business. And many of the stakeholders in these organizations became tend to prefer to deal with these organizations through technological means, because of the savings in time, effort and money. All this led to the growing role of information technology in all Problem statement and questions: Although there are many advantages to electronic banking services, but there are number of clients of Jordanian banks are reluctant to request of using them because they involve various risks. The study importance: The process of investment in information technology for the production of banking Corresponding Author: Aymen M. Abu-Errub, Department Computer Information Systems, Faculty of Information Technology, Al-Ahliyya Amman University, Amman, Jordan 374 J. Computer Sci., 8 (3): 374-381, 2012 services and the breadth of use, evidence on the evolution of the banking sector. According to statistics from the Association of Banks in Jordan, 2010, the number of ATMS operating in the Kingdom has risen to 1023 machines in 2009 compared to a 662 in 2005. The importance of this study lies in that it highlights the most important risks associated with electronic banking transactions, whether suffered by the bank or customer and procedures followed by the Jordanian banks to reduce these risks. study concludes that the majority of Jordanian banks have there own internet-sites, and that the number of clients who are using internt banking services is increasing. The study draw the attention to the increasing needs for the new E-Banking services due the new clients needs. The study recommend the following: • The study objectives: This study aims at the following: • • • • To identify the risks of electronic banking services from the customers point of view and the bank point of view To identify precautionary measures imposed by the banks of Jordan to electronic transactions in order to avoid risks Contribute to the submission of proposals, which may help in reducing these risks • Increasing and propagating awareness of EBanking and promotion campaigns to aware clients of Internet banking advantages and feasibility through reducing time, effort and cost Expanding E-Banking establishing and enhancing banks ability to provide executive banking services under the phenomena of banking merge and comprehensive banks Holding training courses for bank’s employees to understand E-Banking business to achieve the desired objectives A Research by Adeosun et al. (2009), “Strategic Application of Information and communication Technology for Effective Service Delivery in Banking Industry”, emphasized on the advantages and disadvantages of using digital ICTs in banking activities. The research results that solving complex problems in banking requires the expertise knowledge of several individuals scattered all over the remote areas of the world. The banks Igau et al. (2011) in there research: “NonBusiness E-Commerce in Malaysia: An Investigation of Key Adoption”, study the application of ECommerce by profit oriented organization. The research stated that understanding the key factor of facilitating and adopting the e-commerce in nonbusiness are still need enrich. The researh focus on the reason of rejecting new technology. The researchers collect data from 65 schools, centers and units from 5 public universities in Kota Kinabalu and Kuala Lumpur. The research result implies that the non-business sector should look into advantages, network orientation and information efficiency as a strategic based form implementing e-commerce in more effective manner to achieve there objectives. Study by Jimenez and Roman (2005) under the title: “Case Study on Philippines: Electronic Banking: Delivering Micro finance Services to the Poor in the Philippines”. The study aimed to provide a brief overview of the microfinance industry in the Philippines. The study was conducted by the style of the case study of two types of electronic banking services that can be used by those borrowers to repay their loan installments. First, is the MATERIALS AND METHODS Implementation of this study was based on qualitative data obtained through personal interviews conducted by the researcher with the operations managers in three Jordanian banks to identify the electronic banking services offered by these banks and the types of risks that accompanied the provision of such services, as contact was made with a number of clients of these banks to identify the electronic banking services they use and whether their bank accounts have been subjected to any risks. The study population and sample: The banking sector in Jordan is the study population represented by the Housing Bank for Trade and Finance, Jordan Commercial Bank and Bank Audi as a sample, in addition to 30 of the clients of these banks. Literature review: Literature contains many research and studies related to the electronic banking services and associated risks. A research by Siam (2006) titled “Role of the Electronic Banking Service on the Profits of Jordanian Banks” studied the effects of E-Banking on banking profiability in Jordan. The study also compares between banks services and profits before and after E-Banking technology revolution and the new challenges facing the banking sector. The study investigates the reasons behind providing E-Banking services through Internet. The 375 J. Computer Sci., 8 (3): 374-381, 2012 will help bankers to control and monitor these services around the world. A study under the title: “How Dangerous is online Banking.” This study aimed to review some cases of theft from the accounts of certain customers of U.S. banks and measures implemented by the banks to protect depositors funds, where the researcher indicates that one of Bank of America clients lost from his account the amount of $90000, this happened by a malicious virus had infected his computer, enabling a hacker to capture his user name and password and transfer the amount from his account. In his attempt to overcome these situations, Bank of America recently introduced the safe pass card, a wallet-sized card embedded with a button that, when pressed, sends the customer a six-digit security code via text message. Then the customer can enter the code along with his user name and password to access an online account. A study by Al-Haj and Abu-Errub (2008), ”Perfrmance Optimization of Discrete Wavelets Transform Based Image Watermarking Using Genetic Algorithms”. Introduces a novell techniqe to use watermarking in icreasing the security of using Internet, by securing the ways of copyright protection and ownership validation. The study pointed out that the widespread of using Internet and the continuous advancements in computer technology have facilitated the unauthorized maniupulation of digital content. The researchers introduce new technique using genetic algorithm and DWT, and challenges that the new technique increases the security of using Internet by preventing an uthorized using of transmitted data. use of mobile telephones through the Short Messaging Services (SMS) to pay for microfinance loan amortizations using electronic Cash platforms. The other case is the use of Automated Teller Machines (ATM) Cards, which aims to lower costs for the microfinance institutions while increasing convenience for the clients. In order to reduce the risks of using any of the methods, the Philippine Central Bank (BSP) Bangko Sentral Philippine responded to the decisions of Basel Committee and issued the following legislations: • • • Banks should provide a written memorandum to the central Bank, asking for introduction or development of an electronic service and that this memo must be signed by the president. The request must include, the action by the bank to ensure the security of this service, such as An adequate risk management process is in place to assess, control, monitor and respond to potential risks arising from the proposed electronic banking activities. A manual on corporate security policy and procedures exists that shall address all security issues affecting its electronic banking system. The system had been tested prior to its implementation and that the test results are satisfactory A study by Sanayei and Noroozi (2009) under the title. “Security of Internet Banking and its Linkages with users’ Trust: A Case Study of Parsian Bank of Iran and CIMB Bank of Malaysia”. The study aimed at exploring the linkage between the security and trust in internet banking. The researchers have investigated the users of Parsian Bank of Iran Isfahan Province and CIMB Bank of Malaysia-Kuala Lampur. Due to the nature of internet banking that occurs in the web network, not face to face, expected security is very important, the results showed a positive correlation between the two variables security and trust. A study under the title “Internet Banking” the study aimed to identify the banking services through internet in India and the security risks that may face these services. The author believes that security risk arises on account of unauthorized access to a bank’s critical information stores like accounting system, risk management system, portfolio management system. There are other important risks such as loss of reputation and violation of customer privacy and its legal implications. Therefore, the Basel Committee on Banking Supervision has taken the lead in this area. The major tasks of EBG’s work has been to develop risk management guidance for internet banking that Theoretical background: Electron banking services: Electronic services consist of the following: banking Automated teller machines: The electronic banking has enabled the customers to have access to the cash from the banks round the clock through ‘Automated Teller Machines’ (ATM). These machines are installed not only within the premises of the banks but also additionally at various market and common places of importance and convenience to customers. The ATM not only provides access to get ‘All Time Money’ but also facilitates universal withdrawal of money any time, any place’. Regardless of customer’s affinity of accounts with any bank, the customers can withdraw money from ATM’s at any time and at any place in the country by the use of their ATM cards. 376 J. Computer Sci., 8 (3): 374-381, 2012 The function can be used to: Numerous other banking services emerging from the application of information technology in the banks of Jordan and have been provided to the customers are discussed below. • • • • • On-line banking services: On line banking allows the customers to perform some specific banking facilities without requiring the customer’s physical presence at the bank. It enables the customer to perform all routine transactions through their traditional banks; such as: • • • • • • Customer who elects and sign-up to use the transfer function, has to designate the transfer amount, from and to accounts and when one wants the transaction to occur, i.e., now or on a future date. Some banking sites also offer an ~rray of transfer tools that allow one to set or change recurring transfers, check the status of a transfer, cancel a pending transfer and receive a transfer alert via e-mail when the transfer clears. View account balances Access account history Transfer of funds between accounts Schedule future transfers Pay bills Schedule automatic recurring bill payment Very few banks through their on-line banking sites also offer the following capabilities: • • • • • • Transfer money between accounts within one’s bank Make a payment on a loan within one’s bank Take an advance on one’s bank credit line Wire money to one’s account at another bank Transfer money from one’s account at another bank to one’s account within the bank Trade securities: This function, provided by Jordan banks, provides the authorized use of the site to purchase, redeem or exchange equity shares through the banks securities subsidiary. This function can be used to: Account aggregation: View balances and market values of on-line accounts held at other institutions, including investments, credit cards Send payments to individuals via e-mail Trade stocks and mutual funds Track real time stock quotes Receive trust and stock statements on-line View images of bill statements, cheques and deposit slips • • • • Purchase trade securities from one’s bank’s funds by transferring money from an account Redeem fund shares via transfer into a deposit account Exchange shares between fund accounts Transfer from a brokerage account and a secondary bank account Large banks of Jordan as well as foreign banks offer fully secure, fully functional online banking for free or for a small fee. Some smaller banks offer limited access, for example, one may be able to view only one’s account balance and history but not initiate transactions online. Sooner than later, as more banks in Jordan succeed online and more customers use their sites, fully functional online banking likely will become as commonplace as automated teller machines in the country. When a customer signs up for online banking and designates the account to access online, the customer is issued a .user ID and a temporary password via regular mail or e-mail or both, with instructions on how to use them to access the secure online banking portion of one’s bank site where one’s account information is available 24/7. Paying bills online: Today, more and more banking sector in Jordan is offering this free as an online service on one’s banking site. One only needs to register the accounts OI; le wishes to pay from and the Payee’s account one wishes to pay to. Enter the account information once only and one’s private banking site will keep those accounts available until one removes them. One can always change the accounts from which one wishes to pay one’s bills and add more payees as needed. One also is given the opportunity to receive one’s bills online. An increasing number of larger national banks as also foreign banks in Jordan now offer electronic billing, or e-bills and accept e-payments. Electronic Fund Transfer (EFT): Computerized electronic fund transfer services are common place in Jordan banking sector. EFT uses computer and electronic technology as a substitute for cheques and other studys transactions. Electronic payments: The most common mode of payment, especially for low value purchases, is by cash. However, in modem age of information technology, customer feels convenient to pay for high value purchase through electronic payment technology. 377 J. Computer Sci., 8 (3): 374-381, 2012 certificate, signature and cheque, attaches his deposit slip and public key certificate, encrypt and send it to his bank. The vendor’s bank checks the signature and certificate and send to the clearing house. On clearance, the amount is credited to vendor’s account and credit advice sent. The purchaser gets a debit advice. Banking sector in Jordan, like their counterparts in other countries, offer e-payment services for their customer’s open market purchases. The most popular form of electronic payments is by credit or debit cards. Credit cards: Currently, on line shoppers use credit cards for a majority of their internet purchases. Banks issue credit cards to their customers. A credit card has a preset spending limit based on the user’s credit limit. A user can pay off the entire credit card balance or pay a minimum amount each billing period. Credit card issuers charge interest on any unpaid balance. Electronic wallet payments: The electronic wallet serves function similar to a physical wallet, holds credit cards, electronic cash, owner identification and owner address information at an electronic commerce sites check-out counter. Electronic wallets make shopping and payments more convenient. The customer clicks on items to purchase and then click on their electronic wallet to order the items quickly Alrawahdeh (2010). Debit cards: Debit cards are issued by the banks for use by customers for their commercial transaction in much the same way as a credit card. But fewer sites of banks in Jordan offer the facility to use debit cards. Debit cards are not appropriate for small transactions and do not afford anonymity. The major problem with the debit cards is that they are very less secured than the most commonly used credit cards. Electronic banking services provided by bank in the study sample: Bank audi: When conducting the interview with the operations manager in Bank Audi, the researcher has asked the following question: what are the electronic services that you provide to your customers and how do you ensure their integrity from the risk? The answer was that Bank Audi provides the services of Automated Teller Machine services which include: Smart cards: The smart card is the latest addition in the application of information technology in the banking sector of Jordan. The card promises secure transactions using existing infrastructure. Smart cards are credit/debit cards and other card products (health insurance cards, employee or student identification card, driving license card,) enhanced with microprocessors capable of holding more information than the traditional magnetic strip cards. Smart cards can hold significantly greater amount of data almost hundred times more than the magnetic strip cards. Smart cards are also not exposed to external physical damages. But they are more expensive to issue. • • • • • • • • Electronic cheque payments: Electronic cheques are another popular form of payment. Most of the cheques based transactions are usually held between business and are practicable where the business organization is willing to invest in speqial hardware (normally an electronic circuit attached to a P.C.) to sign payments. Hardware encryption of the signature is secure as it will be difficult for hackers to steel keys stored by certification agencies. It is also assumed that banks have trusted relationship among them and the clearing house which settles the cheque payments. The purchaser fills an order form, attaches payment advice (i.e., electronic cheque), signs it with his private key using his signature hardware, attaches his public key certificate, encrypts it using the vendor’s public key and sends it to the vendor. The vendor decrypts the information using his private key, check buyer’s Cash/ Cheque deposit Direct cash deposit Cash withdrawal Balance inquiry Internal transfer between accounts Cheque book request Mini statement request Change pin number Audi online required from the customer to fill his custom ID and user ID and password. This service enables the customer includes many services such as: • • • • • Viewing the account summary Creating new fund transfer requests Modifying pending transfer requests Deleting pending transfer requests Bill payment and many (www.banqueaudi.com) others Also the bank issues credit cards for customers and SMS alert on the mobile to notify the customer about checks that will be removed from his account and to confirm the withdrawal. In order to overcome potential risks Bank Audi is using the social engineering as a 378 J. Computer Sci., 8 (3): 374-381, 2012 technique used to manipulated people into performing actions or divulging confidential information by tricking or misleading them to bypass security measures and tools. For example, Bank Audi asking his clients to beware that it is not the practice of Bank Audi to ask clients to update or verify their personal details by email and if the client received such emails he must simply delete them. transactions such as bill payments to third party using HBTF website (www.hbtf.com). The operations manager in the HBTF pointed out that the bank has published the security tips on its website, these tips include the following: The housing bank for trade and finance: The Housing Bank for Trade and Finance was at the forefront of Jordanian banks in the application of various technological techniques to save time and effort to its customers. The customer can enjoy the following benefits through using the electronic services: • • • • • • • • Convenience while conducting several banking transactions such as bill payments, money transfers and buying products There is no need to customers for waiting the branch opening to conduct several activities because of the a availability of the alternative electronic means all the time Absolute confidentiality and security on all transactions made through e-channels Convenience in managing accounts whenever and wherever customers are • And an increase in the bank’s Keenness to avoid the risk of theft of customer accounts by hackers, the bank has lowered the ceiling of cash withdrawals from ATMs to 500 dinars a day. And the bank adopted other means safer than only enter pin number for the client, but means like fingerprint and iris of the eye. The operations manager also pointed out that HBTF applies all the principles of electronic banking risk management issued by Basel Committee. The most important principle says that “E-banking data and systems should be classified according to their sensitivity and importance and protected accordingly. Appropriate Mechanisms, such as encryption, access control and data recovery plans should be used to protect all sensitive and high-risk e-banking systems, servers, databases and applications. The bank has succeeded in developing highly competent e-channel services in order to meet the different needs by customers, through the availability of e-channels (24/7), they include the following: • • • • • • • • Select a password that is difficult for to guess, do not associated your password with personal events such as birthday or others Change the password from time to time Keep the banking information (password, credit card number and so on), confidential and do not record them any where Do not respond to any email or call asking for personal information, because HBTF will never ask you for such information The customer can view the security certificate before entering user name and password ATM Iskan SMS Iskan online E-payments Call centre Phone bank Virtual bank Kiosks Jordan commercial bank: The electronic channels of Jordan Commercial Bank include. SMS banking which enable the customer to manage his account through SMS Push messages and Pull Messages, SMS push messages provide the customer with: RESULTS AND DISCUSSION • • • The Housing Bank for Trade and Finance has now over 164 ATM machines distributed in different locations across the Kingdom providing a variety of comprehensive banking services. In addition to the availability of mobile ATM van on all days even in weekends and official holidays. Moreover, the customer can receive messages on his mobile phone about transactions on his account in anytime and anywhere, also the customer can perform online banking Account balance notification Salary transfer notification Several other advanced services SMS Pull messages allow the customer to: • • 379 Money transfer between accounts within bank branches Money transfer to a third party within bank branches J. Computer Sci., 8 (3): 374-381, 2012 • • committee on safety and security of electronic banking services. And that these banks take into account all the potential risks before applying any system of electronic services. It is irrefutable evidence on the banks of Jordan keenness on protecting themselves and their customers from risk of theft through electronic means, the banks included their websites with detailed instructions to ensure that no customer fall prey to hackers. Stopping a check Several other advanced services Phone banking: It is a free electronic feature that enables client to manage his accounts with the bank via phone and includes the following services: • • • Account balances inquiry Money transfer between accounts within bank branches Money transfer to third party within bank branches Recommendations: The researcher offers the following suggestions to the banks that could reduce the risks of electronic banking transactions: E-statement: The customer can receive his account statement from JC Bank via e-mail whenever and wherever he wants. • ATM NetWork: ATM services include: • • • • Cash withdrawal in Jordanian Dinars and in Dollars Cash and check deposits Mini or detailed account statement The ability to transfer money between the customer accounts within bank branches (www.jcbank.com.jo) • • • In providing protection to its clients, according to director of operations in Jordan Commercial Bank that the bank has the unprecedented step in this regard, which send SMS messages to inform them about the existence of checks drawn on their accounts of more than 1000 dinars to make sure that the check is not forged or stolen. Moreover, in order to develop customer service according to more secure standards, the bank recently launched the Iris Recognition System in Some of its branches to perform all financial transactions without the need to use the personal identification card for the customer. And this system comes as a respond to reduce the counterfeiting, monument and hacking operations, also the application of security systems are evidence of the bank commitment to Basel Principles. The operations manager in the three banks indicated that they did not happen to any attempts by hackers to steal funds from customer accounts. The researcher addressed questions for over 20 of the banks’ customers, according to one of the ladies, that she lost her handbag which keeps the ATM card and the password and before telling the bank, some money had been stolen from her account. To instruct each bank to develop its own program (Software), to resist the virus and the customer can download it for free To put a limit to the validity of PN number given to the client, for example three months, forcing the client to change it periodically Supply shops that accept credit cards with hidden cameras to film the card user Meaningful communication with customers to get feedback on them about the problems arising electronic banking REFERENCES Adeosun, O.O., T.H. Adeosun and I.A. Adetunde, 2009. Strategic application of information and communication technology for effective service delivery in banking industry. J. Soc. Sci., 5: 47-51. DOI: 10.3844/jssp.2009.47.51 Al-Haj, A. and A. Abu-Errub, 2008. Performance optimization of discrete wavelets transform based image watermarking using genetic algorithms. J. Comput. Sci., 4: 834-841. DOI: 10.3844/jcssp.2008.834.841 Alrawahdeh, B.S., 2010. A study of auditing practices of banking sector in Jordan. PHD Thesis, Aligrah Muslim University, India. Igau, O.A., A.W.M. Kassim, S. Tahajuddin, N.O. Ndubisi and M.G. Hassan, 2011. Non-business ecommerce in malaysia: An investigation of key adoption. Am. J. Econ. Bus. Admin., 3: 177-185. DOI: 10.3844/ajebasp.2011.177.185 Jimenez, E.C. and P.B. Roman, 2005. Electronic banking: Delivering microfinance services to the poor in the Philippines. Banking with the Poor Network. CONCLUSION Through the study, it is clear that the Jordanian banks are committed to the standards of the Basel 380 J. Computer Sci., 8 (3): 374-381, 2012 Siam, A.Z., 2006. Role of the electronic banking services on the profits of Jordanian Banks. Am. J. Applied Sci., 3: 1999-2004. DOI: 10.3844/ajassp.2006.1999.2004 Sanayei, A. and A. Noroozi, 2009. Security of internet banking services and its linkage with users' trust: A case study of Parsian bank of Iran and CIMB bank of Malaysia. Proceedings of the International Conference on Information Management and Engineering, Apr. 3-5, IEEE Xplore Press, Kuala Lumpur, pp: 3-7. DOI: 10.1109/ICIME.2009.153 381