Data protection in online banking

info security system in online imprecateingIntroductionOnline patoising is the practice of performing imprecate proceedings over the internet. Due to the advanced nature of engineering, intimately pot recitation the internet to fulfil most of their private take, for instance e-mails, internet calls, and video conferencing. Information technology is at present being procedured to bust more(prenominal) supple and easy to persona swaning services (Nadim and Noorjahan, 2007). Online banking which can too be called internet banking is presently being employ and adopted by most people. Online banking can be useful in so some ways to both the customer and the banking institution, although the tip of its usefulness varies depending on whose point of view you estimate at it from. Online banking activities involves non unaccompanied banks and customers but includes ternion parties too (Guptar, 2006). This essay would be looking at the hiding issues relating to the use of customers info and minutes in online banking. This essay would also be looking at the hiding concerns more or less how the customers private info is used by the bank and what amount of encounter a customer has over the use of his/her randomness, how the bank shares customers face-to-face teaching with triad party or affiliated businesses and the even ups and escort customers spend a penny over the distribution of their data. And also what disciplines the government have over the manageing of customers bank details and discipline, the honorable, brotherly, professional and legal issues related to online banking services and the application of ethical/professional principles in the use of online banking services.Privacy issues in Online boundingInternationally, customers of several organisations can now pay their bills, transfer money to multiple accounts, deliver deposits, withdrawals or payments with online cheques, view proceedings on their account , trade bonds and securities, and all this can be done handily with just the click of the mouse and in the comfort of the customers home. The physical presence of customers are no nightlong needed for most transactions in the bank, as long queues witnessed in crowded banking halls can now be avoided which saves the bank the overhead cost of managing a crowded bank hall. just now still, so many customers are concerned around the security of their in the flesh(predicate) information while operating the online banking service. gibe to Duquenoy et al (2005, p. 1), seclusion is one of the main concerns associated with the use of online banking. I believe covert is the most fundamental and pertinent issue in online banking. Although in that respect is non a specific privacy virtue in lever to online banking, there is an abundance of privacy impartialitys that exist and this essay would be looking at a hardly a(prenominal) of them as they are too many to write on all of the m here.As note by a few authors, Nadim and Noorjahan (2007) believed that privacy is one of the key factors amongst separate issues which have an effect on a customers ad plectron of online banking technology. nearly customers are concerned ab bulge out how their personal data would be used when registering for an online banking account. What happens to their data after endowment out their personal information? They are not sure and convinced about how control and safe their data would be and how the data would be stored, manipulated, retrieved and updated. Mason (1986) stated that privacy concerns in online banking where raised by a few questions like what information do customers require to reveal about themselves? on what conditions? what information can the customer can give to themselves? According to Earp and Payton (2006) some major privacy concerns about the use of online banking technology are collection (enormous amount of personal information data equanimous and st ored in databases), unauthorized secondary use of data (personal data used for purposes other than they were primarily quiet for), improper access (personal information viewed by unauthorized personnel), errors (unintended or intentional), and what level of defendion could be enjoin in place against them in personal information data. For example, there was a breach of information in which there was an identity theft of 3.3 million people with student loans in the weekend of parade 20 21, 2010. Information such(prenominal) as name, addresses and social security numbers were stolen from a portable media device from the supply of Educational Credit Management Corporation, although the companionship claims it was a simple old-fashioned theft and not a hacker incident (WSJ, 2010).Howcroft et al (2003) noted that customers have confidence in their banks but their trust in the technology infrastructure of online banking was frail. in that respectfore privacy issues have proved to b e an obstacle to the adoption of online banking technology (Nadim and Noorjahan, 2007). Most customers are worried about their personal data and financial information being revealed online. According to a study by Paul (2005), 94% of the banks customers express their concern about their personal information being exposed online. Privacy in online banking can be said to be the cherishion of the customers personal and financial information. It is the duty of IT professionals to secure and comfort all customers personal information, they should conform to privacy legislation, professional codes of take and ethical principles to gain customers confidence in the technology and guard their reputation. Although Dewan and Seidmann (2001) argue that the success of online banking is expected to deduce with a growing price to personal privacy. They also stated thatAll online interactions leave detailed inspect trails that continually depict a larger portion of our lives.Furthermore, privac y standards associated with the use of online banking technology in the banking application (industry principles) currently exist. For example the American Bankers Association, Bankers Roundtable, Consumers Bank Association to name a few, have all canonical equally to a get of privacy principles to portray a wide and united industry. They all have obligations to the similar set of guiding principles like recognizing an individuals expectation of privacy using, collecting and retaining personal information entirely if it produces the greatest benefit to such person maintaining an up-to-date and accurate information making individuals aware of the privacy policies confine exposure of customers personal information established security measures to protect information and maintaining an individuals privacy in business relationships with third parties (Earp and Payton, 2006).How can personal data be protected?Technological solutions that can devolve customers direct control over the ir personal information on their computer like cookie manager, encoding software, ad blocker to mention a few, give customers an amount of control over intrusions by hackers, email and cookies. Also customer activism creating a policy taking direct action in online or offline environments to strike desired enhancements in privacy policy, for example the American civil liberties Unions Take Back Your Data head for the hills (Ashworth Free, 2006). Also privacy codes of practice like the BCS and ACM guide professionals on how to create and implement systems that protects the privacy of third parties.Privacy constabularys have been mostly controversial when viewing the laws relating to how much control customers have in the share of their personal information with third party organisations or affiliated business. Personal information in the control of banks about their customers data and transactions passes by representation of different hands numerous clocks (Gupta, 2006).It is almost not possible for banks to retain customer data within their computer ne cardinalrk let alone their jurisdiction. The take a chances of monkey of information, blockage and leakage are high and therefore needs an adequate legal and technical protection (Gupta, 2006). Most banks tend to use the personal data of their customers while advertising some of their other products and services. trine parties could use this data for marketing purposes, advertisements and customers usually view this as spam or unwanted information or some could also use it for illegitimate reasons like identity theft. The sale and distribution of customer personal data to third parties is a very lucrative business and generates a lot of revenue for companies. Duquenoy (2005) put out that the industry was valued at two billion pounds as at 2003. But how ethical is the sale or distribution of customer data to third parties? How does the third party defy use of this information? These are some of t he questions most banks have failed to look into in the use of personal data to learn other products in online banking. Most customers find it a bit complicated overbearing their personal information given out and smooth by the bank, and its other businesses or government agencies that they could be shared with or sold to. It is required by the law that customers have to be given an option in order to decide what personal data can be collected and given out to third party or affiliated businesses, such options include the opt-in and opt-out methods.The UK follows the opt-in scheme under the provisions of the privacy and Electronics Communications Regulations 2003. The provision of an opt-out method gives the customer the choice of preventing personal information being disclosed to affiliated or non-affiliated businesses and third parties, while providing an opt-in option is the reverse which allows for the sharing of information for purposes specified by the bank (Giglio, 2005). Further, research discover that customers must clearly inform companies of their wishes to opt-in or opt-out when registering or filling out online forms for the use of online banking or other internet services provided by the bank. In that case customers are to be told what, which and how their data can or may be used, they should also be given an explanation or commentary about what circumstances or situations by which personal information may be disclosed to third parties. The principles of rights based ethics (contractrianism) states that the customer also has the right to know, the right to privacy and the right to property. Although, some customers baron not mind having their personal data being shared, others might mind and tend to mind a lot. A major challenge being faced in the IT industry today is ensuring that sharing of data is secure and safe guarded (Raab, 2008). An IT professional should ensure that customer personal data is protected and is only shared with trustwo rthy third parties. And it is also the responsibility of the IT professional to ensure that personal data is used only for its primary or intended purpose or that which has been specified by the customer. One of the ethical principles in the BCS (British ready reckoner Society) code of conduct states thatYou shall have regard to the legitimate right of third parties triplet parties being referred to here could be viewed as the customer, and it is expected of an IT professional to know, understand and abide by the law and are also expected to regard and respect the rights of individuals, third parties and the society at large (Duquenoy et al 2005, p. 2). There have been a lot of cases whereby personal data is used for purposes other than which they have been collected for and this is ethically wrong. It is also called the secondary use of personal information which is the use of such information other than the purpose it was supplied for (Duquenoy et al 2005, p. 5). According to a r esearch conducted through the distribution of questioners to a few people who make the use of online banking services with their banks in the UAE, 75% of customers get unsolicited mails about the banks new products and offers which they never requested for or signed up for, 8% view this as an intrusion of their privacy and contract not to be mailed about such future products. The remaining 17% seem not to have been educated and informed properly about how to opt-out from the use of their personal data for distribution and marketing purposes or opt-in if they require being aware of promotions and offers the bank makes. It is essential for the bank to foster trust surrounded by itself and the customer as this is good for business and it is a known fact that it is harder to regain trust than initially gaining it. This is why it is essential that much more effort be put in place to secure customer data sharing (Raab, 2008).While conducting an interview with Suhail bin Taraff, an IT st aff of Emirates NBD which is the largest bank in the UAE, it was noted that the customers that make use of the internet banking services of the bank would require to opt-in by ticking a check box in their personal online banking account if they require to be notified of products the bank offers and if they would also require their personal data passed on to third parties and affiliates of the bank producing similar or specific products or services.Online banking has two types of risk maintaining integrity of customer information and preventing unauthorised use of such data (Gupta, 2006). The indiscriminate use of personal data is viewed as a violation of an individuals privacy right and in the UK the right to privacy is covered by the Data Protection consummation. The second principle of the Data Protection Act 1998 states that the customer has the right of information about the processing of their personal data, including the right to be informed either at the time the data is fir st processed or when that data is first disclosed to a third party, and also the right of access to their personal data (Duquenoy et al 2005, p. 20). Although the law cannot keep pace with technology, under the Data Protection Act a person has to demonstrate if they have been sheathed to unwarranted distress/damages through their datas exposure in order to claim any sort of compensation (Raab, 2008).Does the government have the right to monitor online banking transactions? artes view the use of information as a means to making more money while the government tend to view information as a means to protect security. However, in both cases individuals or groups have limited control on how their personal data is used. It is fix to be known that knowledge is power and the more information the government gathers about customers bank transactions the more power they have over them and the less power the customers have. And there could be abuse of such power by the government or whoever is in charge to use such power, for selfish means or politically motivated aims. The government claims that they use the capabilities offered by IT to get the intelligence that enables them to meet their responsibilities to protect citizens. But most individuals have little confidence in the governments handling of their data and fear that there could be a misuse or misinterpretation which could lead to persecution and prosecution of innocent people in the application of law and order and also while protecting national security. There is also found to be a lack of confidence in the governments ability to protect personal data and keep it secure, most online banking customers fear that this could give the government too much power and control over them. Most customers tend to mind if the government or law enforcement agencies read their communications or view their bank transactions, even if they have not done anything wrong or have nothing to hide. Part two of condition eight of th e Human Rights Act, 1998 states thusThere shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the by-line of national security, public golosh or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedom of others (Duquenoy et al 2005, pg. 11).In the United States of America, the government created a secret programme to monitor bank transactions of suspected terrorists or people having ties with them that routes through the Belgian based financial company SWIFT (Society for Worldwide Interbank Financial Telecommunication), since the terrorist attack that occurred on the 11th of September 2001. The proprietary electronic network, SWIFT, hence gives the US government access to financial data from institutions human beingwide (Jacobs, 2007). Banks tend to vie w privacy matters almost completely in conditions of regulatory conformity. But the same government that claims to protect the rights and freedom of individuals seem to lodge in it also. The Regulation of Investigatory Powers Act 2000 and the USA Patriot Act 2001 are legislations that tend to serve the interest of the state related to issues of counter terrorism and crime detection and support the monitoring and surveillance of individuals. professor Charles Raab (2008) said that there is a need to question the sharing of personal data to cater the needs of society other than the protection of privacy. Some may argue that the monitoring of an individuals bank account transactions without their consent violates the rights of confidentiality and anonymity of such customer. Any country that signs up to the UN Declaration of Human Rights must make sure they take steps to protect privacy. In Europe the EU includes privacy in its prescript on Human Rights while the UK includes it in the Data Protection Act. In the UK the monitoring of a customers bank transactions and data can be viewed as an invasion of the customers privacy by the government and violates the privacy rights of the customer and goes against the data protection act which states that personal data can only be processed when consent has been given or necessary to contract and must be only for specified purposes, adequate, germane(predicate) and not excessive, not kept longer than necessary and processed in accordance with rights of data subject (ICO, 2010). According to a research conducted by the BCS, 61% of members believe that there is an inequality between the data rights of the individual and the state while only 17% believe that the present legal regulations on data are sufficient (BCS, 2010).The secure handling of a customers personal information is a legal, ethical and social requirement in online banking (Duquenoy et al, 2005). The potential for abuse is great in online banking therefore et hics plays a bouncy role. estimable issues that arise in online banking gives a cause for concern, for example more than 24,000 HSBC customers were affected by a breach in the storage of their personal information in the banks data centre on the fifteenth of March 2010, this was as a result of data theft by one of the IT employee (BCS, 2010). This marchs a neglectfulness of the ethical principle which implies respect for other people. Unauthorised use of an individuals personal computer without their permission or knowledge could be termed as an invasion of that individuals privacy. Unauthorised access of personal information or brusque security measures in Information Systems put customers (society) at risk and this could result in a outlet of confidence by the general public and could have a negative effect on the use of online banking services. It is also viewed as a social issue due to the effect it has on the general public and potential customers. This could lead to hac king or installation of spyware in the individuals computer and puts the owners personal data at risk. There are many legal issues that affect online banking like identity theft, protecting privacy, online crime and misuse of data. victimisation the internet has its own risk and most customers expect laws to be in place that will protect them while banking online. In the banking industry, the Gramm-Leach-Biley Act of 1999 (GLBA) was passed to augment the protection of privacy while the Data Protection Act (1998) covers the right to privacy in the UK. The law is in place to protect digitally stored personal information from being widely distributed and mismanaged. Organisations are required by the act to make sure that personal information is kept secure. Professional issues could imply how a professional should act and also their role in the design, death penalty of data systems and in the manipulation, modification of data and the important role they play. The BCS is the professi onal body for those employed in the IT industry in the UK. One of the aims of the BCS is to maintain standards in the industry and in most cases these are translated into principles set out in a code of conduct (Duquenoy et al 2005, p. 5). IT professionals are expected to know the law and abide by it. They are also expected to ensure public safety and respect the rights of third parties like the general public.ConclusionOnline banking technology seems to be slowly adopted by majority of prospective customers despite being aware about the usefulness of this technology and this is due to the fact that customers are disadvantageously concerned about the privacy of their data and do not really feel secure giving out their personal data digitally. A number of privacy issues have been analysed and discussed in this essay and the rights and control customers have of the use of their personal data, the measures and steps they can use to protect their personal information and the degree to which government agencies have access to the customers bank transactions and personal data. The professional, legal, ethical and social requirement in online banking technology and how an IT professional should apply ethical principles in the use and handling of a customers personal data. elongation ListAshworth, L. Free, C. (2006), Marketing Dataveillance and Digital Privacy Using Theories of Justice to Understand Consumers Online Privacy Concerns, daybook of Business Ethics, Vol. 67, pp. 107-123.Duquenoy, P, Jones, S, Rahanu, H, Diaper, D, (2005) Social, Legal and Professional put outs of Computing. Middlesex University Press 2005Stamatellos, G. (2007), Computer Ethics A Global Perspective, Jones and Bartlett PublishersMason, R, 0, (1986) Four Ethical publications of the Information Age, Issues and opinions, MIS quarterlyEarp, J. B. Payton, F. C. (2006), Information Privacy in the Service Sector An Exploratory Study of wellness Care and Banking Professionals, Journal of organ izational computing and electronic commerce, vol. 16, no. 2, pp. 105 122.Giglio, V. (2005), Privacy in the world of cyberbanking Emerging legal issues and How You Are Protected.Ng, P. (2010), What is online banking? viewed 20 February 2010, http//www.wisegeek.com/what-is-online-banking.htmRoundtree, D. (2001), Taking Care of Customer Privacy, Bank Technology News, Vol.14 Issue 11, p.20.European Parliament Blocks US powers to monitor EU bank transactions, viewed 21 February 2010, http//www.out-law.com/page-10748Nadim, J and Noorjahan, B. (2007), Effect of perceived Usefulness, Ease of Use, Security and Privacy on Customer Attitude and Adaptation in the Context of E-Banking, Journal of Management Research, vol. 7, no. 3, pp. 147 157Howcroft, B, Hamilton, R. and Hewer, P. (2002), Consumer Attitude and the Usage and Adoption of Home-based Banking in the United Kingdom, The International Journal of Bank Marketing, 20(3) 111-121.Jamieson, P (2005), Consumers and Online Banking, Point fo r Credit Union Research AdviceDewan, R and Seidmann, A. (2001), Current Issues in E-BANKING, Communications of the ACM Vol.44 Issue 6, p. 31-32Raab, C. (2008), The privacy conundrum, viewed 13 March 2010, http//www.bcs.org/server.php?show=conWebDoc.17577The office of the Information Commisioner, viewed 13 March 2010, http//www.ico.gov.ukBritish Computer Society (2010). Code of Conduct, viewed 10 March 2010, http//www.bcs.org/server.php?show=nav.6030Gupta, A, (2006), Data Protection in Consumer E-banking, Journal of profits Banking and Commerce, vol. 11, no. 1State has more data on citizens than necessary, say BCS members, viewed 26th March 2010, http//www.bcs.org/server.php?show=conWebDoc.34817Jacobs, E, (2007), SWIFT Privacy Data Processor Becomes Data Controller, Journal of Internet Banking and Commerce, vol. 12, no. 1The basics, in Information Commisioners office, viewed 9th March 2010, http//www.ico.gov.uk/what we cover/freedom of information/the basics.aspxFreedom of Informat ion Act (2000), viewed 15th March 2010, http//www.opsi.gov.uk/Acts/acts2000/ukpga 20000036 en 1Pilon, M, (2010), Data Theft Hits 3.3 Million Borrowers, The Wall Street Journal, viewed 29th March 2010,http//online.wsj.com/article/SB10001424052702304434404575150024174102954.html?KEYWORDS=data+theft+hits+33+million+borrowers