Security of electronic banking in Lebanon : status and prospects

Abstract

Internet banking is somehow a new technology used by banks to interact with their customers providing them with a wide range of services available online. These services can be classified into 5 categories: informational, administrative, transactional, portal and others. However with these come new challenges, risks and threats when adapting internet banking that are either inherited from the internet or that are specific to the open banking environment. Therefore, specific security requirements to the internet banking environment should be adopted aiming to control these risks and manage them. These generally can be categorized as: authentication, non repudiation, data and transaction integrity, data confidentiality and system availability. Basel Committee, a part of the oldest international financial institution BIS (Bank for International Settlement), has proposed some internal and operational security practices. This thesis is trying to map the Lebanese market to these practices and to assess, to which level the later is compliant to these requirements as Lebanon is already compliant with the previous guidelines. For this reason, we performed a survey on the web sites of all of the Lebanese banks and we tried to map the Lebanese market to the standard categorization proposed by Basel. Later, two surveys were issued. The first directed towards the Lebanese customers, in order to evaluate their security awareness and fears, along with their evaluation of the Internet banking technology. The other, directed towards the banks, in order to evaluate the bank's security practices and to which level they are compliant to the Basel Committee's requirements. The result is a description on the different aspects adopted in the Lebanese internet banking activities describing security, risks management and actual internal practices implemented from the bank's side and their impact on the different bank services in addition to the customer's interaction to the out coming services provided. This was somehow limited due to the small number of banks that replied the questionnaire but gave a clear view of the current status and the main points needed to be developed in order to adapt all the guidelines of Basel.