Data protection in online banking Essay


Online banking is the pattern of executing bank minutess over the cyberspace. Due to the advanced nature of engineering, most people use the cyberspace to carry through most of their personal demands, for case ; e-mails, internet calls, and picture conferencing. Information engineering is now being used to develop more supple and easy to utilize banking services ( Nadim and Noorjahan, 2007 ) . Online banking which can besides be called cyberspace banking is now being used and adopted by most people. Online banking can be utile in so many ways to both the client and the banking establishment, although the grade of its usefulness varies depending on whose point of position you look at it from. Online banking activities involves non merely Bankss and clients but includes 3rd parties excessively ( Guptar, 2006 ) . This essay would be looking at the privateness issues associating to the usage of client ‘s informations and minutess in online banking. This essay would besides be looking at the privateness concerns about how the clients personal informations is used by the bank and what sum of control a client has over the usage of his/her informations, how the bank portions clients personal informations with 3rd party or attached concerns and the rights and control clients have over the distribution of their informations. And besides what rights the authorities have over the monitoring of clients bank inside informations and information, the ethical, societal, professional and legal issues related to online banking services and the application of ethical/professional rules in the usage of online banking services.

Privacy issues in Online Banking

Internationally, clients of several administrations can now pay their measures, reassign money to multiple histories, make sedimentations, backdowns or payments with on-line cheques, view minutess on their history, trade bonds and securities, and all this can be done handily with merely the chink of the mouse and in the comfort of the clients place. The physical presence of clients are no longer needed for most minutess in the bank, as long waiting lines witnessed in crowded banking halls can now be avoided which saves the bank the overhead cost of pull offing a crowded bank hall. But still, so many clients are concerned about the security of their personal information while runing the online banking service. Harmonizing to Duquenoy et Al ( 2005, p. 1 ) , privateness is one of the chief concerns associated with the usage of online banking. I believe privateness is the most cardinal and relevant issue in on-line banking. Although there is non a specific privateness jurisprudence in regard to online banking, there is an copiousness of privateness Torahs that exist and this essay would be looking at a few of them as they are excessively many to compose on all of them here.

As noted by a few writers, Nadim and Noorjahan ( 2007 ) believed that privateness is one of the cardinal factors amongst other issues which have an consequence on a client ‘s acceptance of online banking engineering. Most clients are concerned about how their personal informations would be used when registering for an on-line banking history. What happens to their informations after giving out their personal information? They are non certain and convinced about how unafraid and safe their informations would be and how the information would be stored, manipulated, retrieved and updated. Mason ( 1986 ) stated that privateness concerns in online banking where raised by a few inquiries like ; what information do clients necessitate to uncover about themselves? ; on what conditions? ; what information can the client can maintain to themselves? Harmonizing to Earp and Payton ( 2006 ) some major privateness concerns about the usage of online banking engineering are aggregation ( tremendous sum of personal information informations collected and stored in databases ) , unauthorised secondary usage of informations ( personal informations used for intents other than they were chiefly collected for ) , improper entree ( personal information viewed by unauthorised forces ) , mistakes ( unintended or knowing ) , and what degree of protection could be put in topographic point against them in personal information informations. For illustration, there was a breach of information in which there was an individuality larceny of 3.3 million people with student loans in the weekend of March 20 – 21, 2010. Information such as name, references and societal security Numberss were stolen from a portable media device from the central office of Educational Credit Management Corporation, although the company claims it was a simple antique larceny and non a hacker incident ( WSJ, 2010 ) .

Howcroft et Al ( 2003 ) noted that clients have assurance in their Bankss but their trust in the engineering substructure of online banking was frail. Therefore privateness issues have proved to be an obstruction to the acceptance of online banking engineering ( Nadim and Noorjahan, 2007 ) . Most clients are disquieted about their personal informations and fiscal information being revealed online. Harmonizing to a survey by Paul ( 2005 ) , 94 % of the Bankss clients express their concern about their personal information being exposed online. Privacy in on-line banking can be said to be the protection of the client ‘s personal and fiscal information. It is the responsibility of IT professionals to procure and protect all clients ‘ personal information, they should conform to privacy statute law, professional codifications of behavior and ethical rules to derive clients assurance in the engineering and guard their repute. Although Dewan and Seidmann ( 2001 ) argue that the success of on-line banking is expected to come with a turning monetary value to personal privateness. They besides stated that

“ All online interactions leave detailed audit trails that continually depict a larger part of our lives ” .

Furthermore, privateness criterions associated with the usage of online banking engineering in the banking industry ( industry rules ) presently exist. For illustration the American Bankers Association, Bankers Roundtable, Consumers Bank Association to call a few, have all approved every bit to a set of privateness rules to portray a broad and united industry. They all have duties to the similar set of steering rules like ; acknowledging an person ‘s outlook of privateness ; utilizing, roll uping and retaining personal information merely if it produces the greatest benefit to such individual ; keeping an up-to-date and accurate information ; doing persons cognizant of the privateness policies ; confine exposure of client ‘s personal information ; established security steps to protect information and keeping an person ‘s privateness in concern relationships with 3rd parties ( Earp and Payton, 2006 ) .

How can personal informations be protected?

Technological solutions that can give clients direct control over their personal information on their computing machine like cooky director, encoding package, ad blocker to advert a few, give clients an sum of control over invasions by hackers, Spam and cookies. Besides client activism making a policy taking direct action in online or offline environments to accomplish coveted sweetenings in privateness policy, for illustration the American civil autonomies Union ‘s “ Take Back Your Datas Campaign ” ( Ashworth & A ; Free, 2006 ) . Besides privacy codifications of pattern like the BCS and ACM guide professionals on how to make and implement systems that protects the privateness of 3rd parties.

Privacy Torahs have been largely controversial when sing the Torahs associating to how much control client ‘s have in the sharing of their personal information with 3rd party administrations or attached concern. Personal information in the control of Bankss about their client ‘s informations and minutess base on ballss through different custodies legion times ( Gupta, 2006 ) .It is about non possible for Bankss to retain client informations within their computing machine web allow alone their legal power. The hazards of meddling of information, obstruction and escape are high and hence needs an equal legal and proficient protection ( Gupta, 2006 ) . Most Bankss tend to utilize the personal informations of their client ‘s while publicizing some of their other merchandises and services. Third parties could utilize this information for selling intents, advertizements and clients normally view this as Spam or unwanted information or some could besides utilize it for illicit grounds like individuality larceny. The sale and distribution of client personal informations to 3rd parties is a really moneymaking concern and generates a batch of gross for companies. Duquenoy ( 2005 ) found out that the industry was valued at two billion lbs as at 2003. But how ethical is the sale or distribution of client informations to third parties? How does the 3rd party make usage of this information? These are some of the inquiries most Bankss have failed to look into in the usage of personal informations to do other merchandises in online banking. Most clients find it a spot complicated commanding their personal information given out and collected by the bank, and its other concerns or authorities bureaus that they could be shared with or sold to. It is required by the jurisprudence that clients have to be given an option in order to make up one’s mind what personal informations can be collected and given out to third party or attached concerns, such options include the “ opt-in ” and “ opt-out ” methods.

The UK follows the “ opt-in ” strategy under the commissariats of the privateness and Electronics Communications Regulations 2003. The proviso of an “ opt-out ” method gives the client the pick of forestalling personal information being disclosed to consort or non-affiliated concerns and 3rd parties, while supplying an “ opt-in ” option is the contrary which allows for the sharing of information for intents specified by the bank ( Giglio, 2005 ) . Further, research discovered that clients must clearly inform companies of their wants to “ opt-in ” or “ opt-out ” when registering or make fulling out online signifiers for the usage of online banking or other cyberspace services provided by the bank. In that instance clients are to be told what, which and how their informations can or may be used, they should besides be given an account or description about what fortunes or state of affairss by which personal information may be disclosed to 3rd parties. The rules of rights based moralss ( contractrianism ) states that the client besides has the right to cognize, the right to privateness and the right to belongings. Although, some clients might non mind holding their personal informations being shared, others might mind and be given to mind a batch. A major challenge being faced in the IT industry today is guaranting that sharing of informations is unafraid and safe guarded ( Raab, 2008 ) . An IT professional should guarantee that client personal information is protected and is merely shared with trusty 3rd parties. And it is besides the duty of the IT professional to guarantee that personal information is used merely for its primary or intended intent or that which has been specified by the client. One of the ethical rules in the BCS ( British Computer Society ) codification of behavior provinces that

“ You shall hold respect to the legitimate right of 3rd parties ”

Third parties being referred to here could be viewed as the client, and it is expected of an IT professional to cognize, understand and stay by the jurisprudence and are besides expected to see and esteem the rights of persons, 3rd parties and the society at big ( Duquenoy et al 2005, p. 2 ) . There have been a batch of instances whereby personal information is used for intents other than which they have been collected for and this is ethically incorrect. It is besides called the secondary usage of personal information which is the usage of such information other than the intent it was supplied for ( Duquenoy et al 2005, p. 5 ) . Harmonizing to a research conducted through the distribution of inquirers to a few people who make the usage of online banking services with their Bankss in the UAE, 75 % of clients get unasked mails about the Bankss new merchandises and offers which they ne’er requested for or signed up for, 8 % position this as an invasion of their privateness and stipulate non to be mailed about such future merchandises. The staying 17 % seem non to hold been educated and informed decently about how to “ opt-out ” from the usage of their personal informations for distribution and selling intents or “ opt-in ” if they require being cognizant of publicities and offers the bank makes. It is indispensable for the bank to further trust between itself and the client as this is good for concern and it is a known fact that it is harder to recover trust than ab initio deriving it. This is why it is indispensable that much more attempt be put in topographic point to procure client informations sharing ( Raab, 2008 ) .

While carry oning an interview with Suhail bin Taraff, an IT staff of Emirates NBD which is the largest bank in the UAE, it was noted that the clients that make usage of the cyberspace banking services of the bank would necessitate to “ opt-in ” by clicking a cheque box in their personal online banking history if they require to be notified of merchandises the bank offers and if they would besides necessitate their personal informations passed on to 3rd parties and affiliates of the bank bring forthing similar or specific merchandises or services.Online banking has two types of hazard: maintaining unity of client information and preventing unauthorized usage of such informations ( Gupta, 2006 ) . The indiscriminate usage of personal informations is viewed as a misdemeanor of an person ‘s privateness right and in the UK the right to privateness is covered by the Data Protection Act. The 2nd rule of the Data Protection Act 1998 provinces that the client has the right of information about the processing of their personal informations, including the right to be informed either at the clip the information is first processed or when that information is foremost disclosed to a 3rd party, and besides the right of entree to their personal informations ( Duquenoy et al 2005, p. 20 ) . Although the jurisprudence can non maintain gait with engineering, under the Data Protection Act a individual has to show if they have been subjected to indefensible distress/damages through their informations ‘s exposure in order to claim any kind of compensation ( Raab, 2008 ) .

Does the authorities have the right to supervise on-line banking minutess?

Businesss view the usage of information as a agency to doing more money while the authorities tend to see information as a agency to protect security. However, in both instances persons or groups have limited control on how their personal informations is used. It is found to be known that cognition is power and the more information the authorities gathers about clients ‘ bank minutess the more power they have over them and the less power the clients have. And there could be abuse of such power by the authorities or whoever is in charge to utilize such power, for selfish agencies or politically motivated purposes. The authorities claims that they use the capablenesss offered by IT to acquire the intelligence that enables them to run into their duties to protect citizens. But most persons have small assurance in the authorities ‘s handling of their informations and fright that there could be a abuse or misunderstanding which could take to persecution and prosecution of guiltless people in the application of jurisprudence and order and besides while protecting national security. There is besides found to be a deficiency of assurance in the authorities ‘s ability to protect personal informations and maintain it unafraid, most on-line banking clients fear that this could give the authorities excessively much power and control over them. Most clients tend to mind if the authorities or jurisprudence enforcement bureaus read their communications or view their bank minutess, even if they have non done anything incorrect or have nil to conceal. Part two of article eight of the Human Rights Act, 1998 provinces therefore:

‘There shall be no intervention by a public authorization with the exercising of this right except such as is in conformity with the jurisprudence and is necessary in a democratic society in the involvement of national security, public safety or the economic wellbeing of the state, for the bar of upset or offense, for the protection of wellness or ethical motives, or for the protection of the rights and freedom of others ‘ ( Duquenoy et al 2005, pg. 11 ) .

In the United States of America, the authorities created a secret programme to supervise bank minutess of suspected terrorists or people holding ties with them that routes through the Belgian based fiscal company SWIFT ( Society for Worldwide Interbank Financial Telecommunication ) , since the terrorist onslaught that occurred on the 11th of September 2001. The proprietary electronic web, SWIFT, so gives the US authorities entree to fiscal informations from establishments worldwide ( Jacobs, 2007 ) . Banks tend to see privateness affairs about wholly in conditions of regulative conformance. But the same authorities that claims to protect the rights and freedom of persons seem to occupy it besides. The Regulation of Investigatory Powers Act 2000 and the USA Patriot Act 2001 are statute laws that tend to function the involvement of the province related to issues of counter terrorist act and offense sensing and back up the monitoring and surveillance of persons. Professor Charles Raab ( 2008 ) said that there is a demand to oppugn the sharing of personal informations to provide the demands of society other than the protection of privateness. Some may reason that the monitoring of an person ‘s bank history minutess without their consent violates the rights of confidentiality and namelessness of such client. Any state that marks up to the UN Declaration of Human Rights must do certain they take stairss to protect privateness. In Europe the EU includes privateness in its convention on Human Rights while the UK includes it in the Data Protection Act. In the UK the monitoring of a client ‘s bank minutess and informations can be viewed as an invasion of the clients privateness by the authorities and violates the privateness rights of the client and goes against the information protection act which states that personal informations can merely be processed when consent has been given or necessary to contract and must be merely for specified intents, adequate, relevant and non inordinate, non kept longer than necessary and processed in conformity with rights of informations topic ( ICO, 2010 ) . Harmonizing to a research conducted by the BCS, 61 % of members believe that there is an inequality between the information rights of the person and the province while merely 17 % believe that the present legal ordinances on informations are sufficient ( BCS, 2010 ) .

The secure handling of a client ‘s personal information is a legal, ethical and societal demand in online banking ( Duquenoy et al, 2005 ) . The possible for maltreatment is great in on-line banking therefore moralss plays a critical function. Ethical issues that arise in on-line banking gives a cause for concern, for illustration more than 24,000 HSBC clients were affected by a breach in the storage of their personal information in the Bankss data Centres on the 15th of March 2010, this was as a consequence of informations larceny by one of the IT employee ( BCS, 2010 ) . This shows a neglect of the ethical rule which implies “ regard for other people ” . Unauthorised usage of an person ‘s personal computing machine without their permission or cognition could be termed as an invasion of that person ‘s privateness. Unauthorized entree of personal information or hapless security steps in Information Systems put clients ( society ) at hazard and this could ensue in a loss of assurance by the general populace and could hold a negative consequence on the usage of online banking services. It is besides viewed as a societal issue due to the consequence it has on the general populace and prospective clients. This could take to choping or installing of spyware in the person ‘s computing machine and puts the proprietor ‘s personal informations at hazard. There are many legal issues that affect on-line banking like individuality larceny, protecting privateness, on-line offense and abuse of informations. Using the cyberspace has its ain hazard and most clients expect Torahs to be in topographic point that will protect them while banking online. In the banking industry, the Gramm-Leach-Biley Act of 1999 ( GLBA ) was passed to augment the protection of privateness while the Data Protection Act ( 1998 ) covers the right to privateness in the UK. The jurisprudence is in topographic point to protect digitally stored personal information from being widely distributed and mismanaged. Administrations are required by the act to do certain that personal information is unbroken secure. Professional issues could connote how a professional should move and besides their function in the design, execution of informations systems and in the use, alteration of informations and the of import function they play. The BCS is the professional organic structure for those employed in the IT industry in the UK. One of the purposes of the BCS is to keep criterions in the industry and in most instances these are translated into rules set out in a codification of behavior ( Duquenoy et al 2005, p. 5 ) . IT professionals are expected to cognize the jurisprudence and abide by it. They are besides expected to guarantee public safety and esteem the rights of 3rd parties like the general populace.


Online banking engineering seems to be easy adopted by bulk of prospective clients despite being cognizant about the utility of this engineering and this is due to the fact that clients are earnestly concerned about the privateness of their informations and do non truly experience secure giving out their personal informations digitally. A figure of privateness issues have been analysed and discussed in this essay and the rights and control clients have of the usage of their personal informations, the steps and stairss they can utilize to protect their personal information and the grade to which authorities bureaus have entree to the client ‘s bank minutess and personal informations. The professional, legal, ethical and societal demand in on-line banking engineering and how an IT professional should use ethical rules in the usage and handling of a client ‘s personal informations.

Reference List

  1. Ashworth, L. & A ; Free, C. ( 2006 ) , “ Selling Dataveillance and Digital Privacy: Using Theories of Justice to Understand Consumers Online Privacy Concerns ” , Journal of Business Ethics, Vol. 67, pp. 107-123.
  2. Duquenoy, P, Jones, S, Rahanu, H, Diaper, D, ( 2005 ) Social, Legal and Professional Issues of Computing. Middlesex University Press 2005
  3. Stamatellos, G. ( 2007 ) , “ Computer Ethics: A Global Perspective ” , Jones and Bartlett Publishers
  4. Mason, R, 0, ( 1986 ) Four Ethical Issues of the Information Age, Issues and sentiments, MIS quarterly
  5. Earp, J. B. & A ; Payton, F. C. ( 2006 ) , “ Information Privacy in the Service Sector: An Exploratory Study of Health Care and Banking Professionals ” , Journal of organisational computer science and electronic commercialism, vol. 16, no. 2, pp. 105 – 122.
  6. Giglio, V. ( 2005 ) , “ Privacy in the universe of cyberbanking: Emerging legal issues and How You Are Protected ” .
  7. Ng, P. ( 2010 ) , What is on-line banking? viewed 20 February 2010, hypertext transfer protocol: //
  8. Roundtree, D. ( 2001 ) , “ Taking Care of Customer Privacy ” , Bank Technology News, Vol.14 Issue 11, p.20.
  9. European Parliament Blocks US powers to supervise EU bank minutess, viewed 21 February 2010, hypertext transfer protocol: //
  10. Nadim, J and Noorjahan, B. ( 2007 ) , “ Consequence of Perceived Usefulness, Ease of Use, Security and Privacy on Customer Attitude and Adaptation in the Context of E-Banking ” , Journal of Management Research, vol. 7, no. 3, pp. 147 – 157
  11. Howcroft, B, Hamilton, R. and Hewer, P. ( 2002 ) , “ Consumer Attitude and the Use and Adoption of Home-based Banking in the United Kingdom ” , The International Journal of Bank Marketing, 20 ( 3 ) : 111-121.
  12. Jamieson, P ( 2005 ) , “ Consumers and Online Banking ” , Point for Credit Union Research & A ; Advice
  13. Dewan, R and Seidmann, A. ( 2001 ) , “ Current Issues in E-BANKING ” , Communications of the ACM ; Vol.44 Issue 6, p. 31-32
  14. Raab, C. ( 2008 ) , The privateness riddle, viewed 13 March 2010, hypertext transfer protocol: // show=conWebDoc.17577
  15. The office of the Information Commisioner, viewed 13 March 2010, hypertext transfer protocol: //
  16. British Computer Society ( 2010 ) . Code of Conduct, viewed 10 March 2010, hypertext transfer protocol: // show=nav.6030
  17. Gupta, A, ( 2006 ) , “ Data Protection in Consumer E-banking ” , Journal of Internet Banking and Commerce, vol. 11, no. 1
  18. State has more informations on citizens than necessary, say BCS members, viewed 26th March 2010, hypertext transfer protocol: // show=conWebDoc.34817
  19. Jacobs, E, ( 2007 ) , “ Fleet Privacy: Data Processor Becomes Data Controller ” , Journal of Internet Banking and Commerce, vol. 12, no. 1
  20. The rudimentss, in Information Commisioner ‘s office, viewed 9th March 2010, hypertext transfer protocol: // we cover/freedom of information/the basics.aspx
  21. Freedom of Information Act ( 2000 ) , viewed 15th March 2010, hypertext transfer protocol: // 20000036 en 1
  22. Pilon, M, ( 2010 ) , Data Theft Hits 3.3 Million Borrowers, The Wall Street Journal, viewed 29th March 2010, hypertext transfer protocol: // KEYWORDS=data+theft+hits+33+million+borrowers