Electronic banking (E-banking) systems provide a promising solution for breaking geographical, industrial, and regulatory barriers. Improved technology could help with creating anytime, anywhere services and new market opportunities, but does not necessarily ensure a risk-free transaction environment. A main aim for E-banking adopters is to include E-banking risk management to their overall risk management strategy. They must identify the tools and techniques available for managing such risk. In this chapter we provide an overview of E-banking and identify the various risks which exist within the system. The chapter focuses on analyzing state-of-the-art risk management tools and techniques, paying attention to models for internally managing E-banking operational risk. It discusses several soft computing techniques applied to E-banking operational risk as causal modeling tools. The tools include: Decision Trees, Artificial Neural Networks (ANN), Fuzzy Inference Systems, and Bayesian Networks. Some examples are presented to describe the models developed.
TopIntroduction
E-banking risks arise as a result of uncertainty in operational risk, compliance risks, reputational risk, strategic risk, credit risk and market risks. The general consensus is that traditional banking risk management principles, tools and techniques are applicable to E-banking activities and must be tailored to fit many activities and challenges the system presents. Banks are advised to take steps to ensure they have reviewed and modified where necessary their existing risk management processes and policies to cover their current or planned E-banking activities. In this chapter, we use the term E-banking risk management and risk management interchangeably. This chapter considers emerging and advanced causal modeling tools (soft computing techniques) for E-banking operational risk management. Before delving into the question of how causal modeling tools are used for managing E-banking operational risk, we begin by looking at why E-banking operational risk management has come into limelight. Recent surveys and reports have revealed that substantial financial losses on E-banking systems are a result of Information Systems (IS) malfunctions (such as SQL injections, prevalent phishing attacks, viruses, fraudulent attacks, money mules, and other factors); cyber criminals have continually targeted E-banking systems in order to acquire personal information and to gain financial advantages (Basel Committee on Banking Supervision, 2003).
In 2011, the Financial Fraud Action UK reported that even though the total fraud losses on UK plastic cards fell by 17% (£365.4 million) between 2009 and 2010, as against fraud losses in 2008 (£609.9 million), Card ID theft has, however, remained unchanged between the same period. The Card ID theft fraud occur when a criminal uses a fraudulently obtained card or card details, along with the victim’s personal information, to open (application fraud) or takeover a victim’s account. Further, the report also revealed that, even though online banking fraud fell by 22% (£46.7 million) from the previous year (£59.7 million), in 2009 the number of phishing websites targeting UK banks and building societies continue to rise from 1,700 reported in 2005 to 61,873 in 2010. This form of attacks occur when criminals set up a fake website version of a genuine bank, and then send out thousands to millions of spam emails asking people to click on a link that will send them to that fake website, and thereby steal victim’s account details, and further money from the account. In addition, phone banking fraud also went up by 5% (£12.7 million) compared with 2009, the first ever centrally collated figure (Financial Fraud Action UK, 2011). Criminals acquires victim’s personal and account information through social engineering, phishing, cold-calling (pretending to be from a bank or the police) and bin-raiding, to try to convince the phone banking system / operator that they are the genuine account holder. These are just some examples that have brought operational risk management into the limelight.
Although management of E-banking systems risks has become increasingly important, the common emerging guidelines and principles either focus on introductory basics or on a list of tools. The actual evaluation tools for risk learning and inference in such systems are still at their infant stages and have not yet reached a consensus. As a result, E-banking providers are faced with the question of how to manage effectively E-banking operational risk, the entire E-banking risks or even the organization operational risks as a whole. More also, the complexity of E-Banking technology has pushed some organizations providing financial services to have increased reliance on vendors, partners, other third parties for technology solutions and services, which may further increase the overall operational risks level. Before looking at the causal modeling tools, one must understand the general overview of E-banking system, the definitions, how it has evolved of the past decades, and also the E-banking risk management processes and approaches. We discuss in the following sections these issues.
The aim of this chapter is to discuss the relevance of causal modeling tools for E-banking operational risk management. The next five sections present an overview of E-banking definitions, evolution, benefits, its challenges, and E-banking risks and management processes. The final sections explain the existing approaches to E-banking operational risk management, and provide descriptions of causal models, and examples, applied to E-banking operational risks.