Saugumo rizikos valdymas internetinėje bankininkystėje

LTStraipsnyje analizuojami saugumo rizikos pasireiškimo internetinėje bankininkystėje būdai, pristatomos galimos pasekmės. Pateikiamas Lietuvos komercinių bankų klientų internetinės bankininkystės vertinimas. Aptariamos internetinės bankininkystės saugumo rizikos valdymo galimybės. [Iš leidinio]Reikšminiai žodžiai: Internetinė bankininkystė; Elektroninė bankininkystė; Saugumo rizika; Saugumo rizikos valdymas; Biometrija; Internet banking; Electronic banking; Security risk; Security risk management; Biometrics.

ENThe main goal of this paper is to present the analysis of security risk in Internet banking. The growth of this activity has been phenomenal in the world. Internet banking develops very quickly in Lithuania, too. This activity has its own advantages and disadvantages as any other process. Banks can offer more services at lower costs, maintain existing clients and attract more potential clients by delivering Internet banking services. Internet banking means lower prices and greater convenience for bank clients. But there are significant deficiencies of this activity, too. Banks must make big investments in the infrastructure of the Internet banking services. Banks spend much money on the advertising of these services and on the ensuring of their safety. Security concerns arc one of the main obstacles for the development of these services. Open electronic delivery channels create new security issues for banks with respect to confidentiality and integrity of information, non-repudiation of transactions, authentication of users and access control. In scientific literature there exist many opinions about security risks in Internet banking. According to many authors, the main challenge for banks will be to convince their clients that the Internet banking services arc secure. Only then the clients will show their interest in Internet banking services. Scientists affirm that banks often overvalue the efficiency of their security granting means for Internet banking. The attention of Basel Committee for Banking Supervision paid to Internet banking security shows the seriousness of this problem. Many scientists analyze such cases as personal identity thefts. These crimes leave not only material, but very serious moral losses, too. The inquery of the Lithuanian commercial banks' clients shows that a significant part of them distrust the safety of Internet banking.Almost all respondents know that banks deliver electronic banking services, but they need more specific in formation: about security granting means, using instructions, etc. So, one of the biggest obstacles for the rapid Internet banking development in Lithuania is the security risk of Internet banking. It is reasonable to use the Internet banking services only if they are secure. Otherwise, the clients and the banks risk to suffer huge losses. The lack of the Internet banking security can arise when hackers damage the bank databases of the or the information systems arc affected by viruses. Serious problems arise when bank clients, bank employees use internet banking services illegally or incorrectly. The losses due to the security lack are very huge in Internet banking. These crimes do not have boundaries. The criminals have more anonymity than in the cases of ordinary crimes. Usually only after some time victims understand that they have been robbed or their identity has been stolen. So, it is even more difficult to catch these criminals. The electronic crime is one of the fastest growing types of crime in the world. The scientists notice that the number of hackers who attack financial institutions grows very quickly. The effective risk management is essential in the Internet banking activities. The bank managers must act very carefully in order to be successful. They must assess, control and monitor all the risks, but the security risks require particular attention. Banks should prepare management plans for special situations. There must be foreseen actions in the case of the information systems' failures, responses to the clients' complaints, etc.The information systems' specialists must have a necessary qualification. If banks lack such specialists, they can buy these services from the third parties. The regular review of hardware and software is very useful. Banks should observe new technologies in the market and select the things that would be useful for them. Banks must assure the security of their clients' data, the quick and accurate delivery of the services that were asked by their customers. Banks use various means for the ensuring of confidentiality and correctness of information: passwords, biometrics methods and other user identification mechanisms. But sometimes it is even more important to inform clients how they can protect themselves from the electronic crimes. It is important to fight with various viruses. There should be a constant revision of the weak sides of the bank information systems. The bank employees arc the source of serious risk, too. So all the actions of the information systems' users must be fixed and monitored. Each employee who works with the Internet banking system must have strictly established functions. It is very useful to improve constantly the professional qualification of the bank employees. There should be prepared a good internal control of employees that could perform the monitoring of other employees' work. For the Internet banking development in Lithuania it is very important that the Lithuanian banks have started to collaborate with each other in order to improve the Internet banking security. It can induce the clients to start using these services more frequently. [From the publication]