• No se han encontrado resultados

The development of e-banking may contribute to improved efficiencies in the banking and payment system. E-banking could give banks greater capability to offer a new and wider range of products and services such as electronic payment systems with lower operating costs, expand their market for traditional deposit-taking and credit extension

63 activities, and strengthen their competitive position in offering existing payment services.251 Schaechter noted that e-banking enables new and existing customers to no longer be subject to time and geographic limits.252

Along with opportunities, e-banking generates expanded risks for financial institutions.253 It increases the bank’s dependence on information technology and the computer-networked environment.254 All of these factors increase the technical complexity of many operational and security issues, and greatly magnify the importance of security controls, customer authentication techniques, data protection, and customer privacy standards.255 Not to mention that the ramifications include effects on various legal aspects, such as the rights and liabilities of the parties involved in e-banking transactions.

With the pervasive development of electronic payment system technology, the dimension and scale of payments fraud has grown accordingly. Electronic communication and technology that support electronic payment system and e-commerce have been utilised in recent years exhaustively by fraudsters to commit fraud.256 The natural advantages of electronic payment systems, where computer data is easily stored, copied and manipulated, can also be a disadvantage when it comes to fraud.257 Gates and Jacob argued that this specific condition along with the swiftness of electronic payments, modern databases, online information sharing, and the number of bank

251

Basel Committee on Banking Supervision, ‘Risk Management for Electronic Banking and Electronic Money Activities’, above n 3, 1.

252 Schaechter, above n 91, 2. See also Tyree, E-Commerce and Retail Banking, above n 86, 1.

253 Rambure and Nacamuli, above n 32, 63. See also Bruce J Summers, 'The Payment System in a Market

Economy' in Bruce J Summers (ed), The Payment System: Design, Management, and Supervision (International Monetary Fund, 1994) 4.

254 A computer network is the connection of multiple computers owned by multiple owners under

contract or agreement, so that all information, applications and equipment as an object of the arrangement can be shared, typically through telephone lines, cable systems and/or wireless connection. The purpose of a computer network is to increase efficiency, convenience and access to bank consumers. However, this design by nature is more difficult to control compared to ‘stand alone’ computers that used to be used in traditional banking services. See Division of Supervision, Federal Deposit Insurance Corporation (FDIC), 'Electronic Banking: Safety and Soundness Examination Procedures' (Federal Deposit Insurance Corporation, 1998) 1–2.

255 Atiqur Rahman Khan and Masud Karim, 'E-Banking and Extended Risks: How to Deal with the

Challenge? ' (Working Paper, University of Rajshahi, 2010)

<http://www.ru.ac.bd/finance/images/stories/working_papers/ebanking-edited.pdf> 2.

256 Drugs and Crime Prevention Committee, ‘Inquiry into Fraud and Electronic Commerce’ (Parliament

of Victoria, 2004) 1.

257 Rambure and Nacamuli, above n 32, 63. See also Richard J Bolton and David J Hand, 'Statistical

Fraud Detection: A Review' (2002) 17(3) Statistical Science 235; Hayashi, Sullivan and Weiner, above n 199, 99.

64 access points increased by bank, non-banks and third-party service providers have caused the scope of fraud to become more extensive.258

Glaessner, Kellermann and McNevin discovered that fraudsters now have more efficient and quicker ways to perpetrate old crimes such as fraud and theft, facilitated by an on- line environment, remote access, high-quality graphics and printing, and new multipurpose tools and platforms that are easily obtained.259 Furthermore, they state that the most distressing aspect of this fraud is that fewer skills are required to commit electronic payment crimes. This can occur because underground hacker websites provide multifaceted tools necessary to break into financial platforms.260

System efficiency in e-banking depends on public confidence and trust.261 Confidence in the safety of payments is particularly important.262 CPSS-BIS further emphasises that safety in retail payment systems is very important because it attracts public interest and affects consumer confidence and the functioning of commerce.263 Hence, any actual and reported risks could shake consumer confidence in retail payments systems.264

However, to maintain safety in retail payment systems is not an easy task. The regulator and the payment system industry have to be able to identify and understand what sort of risks may be involved in payment system transactions from time to time. Some questions — such as how they occur and are transmitted within the system, by whom they are borne, who are the perpetrators — are very important to know, before trying to find the right risk mitigation answer.

The retail payment system generally does not take elaborate and costly security measures, such as in the wholesale payment system. It would be far too expensive, involve longer processing times, or otherwise not be suitable for the retail payment

258 Tiffany Gates and Katy Jacob, 'Payments Fraud: Perception versus Reality - A Conference Summary'

(2009) XXXIII(1) Economic Perspectives 7. See also Glaessner, Kellerman and McNevin, above n 51, 1; Pattama Malakedsuwan and Kenneth J Stevens, 'A Model of E-Fraud' (Paper presented at the 7th Pacific Asia Conference on Information Systems, Adelaide, 2003) 1819.

259 Glaessner, Kellerman and McNevin, above n 51, 5. 260 Ibid 9.

261

Federal Reserve Bank of Kansas City, ‘The Changing Retail Payment Landscape: What Role for Central Banks?’ (2009) xlvi.

262 Richard J Sullivan, 'The Changing Nature of US Card Payment Fraud: Industry and Public Policy

Options' (2010) 95 Economic Review 101.

263

CPSS, ‘Policy Issues for Central Banks in Retail Payments’, above n 177, 8.

65 system.265 Conversely, the retail payment system with a larger numbers of participants generally employs a more moderate security system (having to adapt to the technology owned by the participants who are very diverse with not only domestic but also international participants).

While e-banking does not generate new types of risk compared to traditional banking products and services, nevertheless, because of the mixture of advanced and swift technology changes, third party service provider involvement in delivering e-banking products and services, lack knowledge in technology and e-banking risk issues among bank management and staff, and legal and regulatory ambiguity and uncertainty of the existing law on e-banking, and so on, e-banking has altered and sometimes amplified banking’s traditional risks.266

Following the abundance of online fraud/crime, the United Nations267 concluded that fraud development could be attributed to several factors such as technological advances,268 lack of education,269 shortcomings in technology related laws,270 and fear of adverse publicity.271

Many institutions and experts such as the Federal Financial Institution Examinations Council (FFIEC),272 the United Nations Commission on International Trade Law (UNCITRAL),273 Roberds,274 Rusch,275 Pennathur,276 and Gates and Jacobs,277 concur

265 William Roberds, 'The Impact of Fraud on New Methods of Retail Payment' (1998) First Quarter

Federal Reserve Bank of Atlanta Economic Review 43.

266

Electronic Banking Group, 'Electronic Banking Group Initiatives and White Papers' (Basel Committee on Banking Supervision, 2000) 12. See also Kondabagil, above n 194, 11, 15–16; FFIEC, ‘E-Banking’, above n 115, 18; Peter Grabosky, Russell G Smith and Gillian Dempsey, Electronic Theft: Unlawful Acquisition in Cyberspace (Cambridge University Press, 2001) 179.

267

United Nations, ‘International Review of Criminal Policy’ cited in Harry S K Tan, 'E-Fraud: Current Trends and International Developments' (2002) 9 Journal of Financial Crime 347, 347.

268 ‘[T]he easy availability of new technologies with high operational speeds, capacity and connectivity

make [it easier for] unlawful activities … to escape detection. Conversely, a majority of cybercrime victims are not technologically sophisticated or equipped enough to prevent, detect or deal with computer crime.’: ibid

269 ‘[T]he lack of awareness of how to maintain a minimum level of security with regard to personal

information or electronic property.’: ibid.

270

‘[M]ost law enforcement agencies lack the technical expertise as well as sufficient regulatory powers and equipment to investigate and prosecute fraudulent digital transactions.’: ibid.

271 ‘[I]n some cases when a crime is detected, business[es] have been reluctant to report criminal activity

because of their concern as to how the publicity can cause embarrassment, loss of public confidence, investor loss or economic repercussion[s].’: ibid.

272 FFIEC, ‘Retail Payment Systems’, above n 180, 25.

273 UNCITRAL, ‘UNCITRAL Legal Guide on Electronic Funds Transfers’, above n 189, 11. 274 Roberds, above n 265, 1.

275

Rusch, above n 106, 566.

66 on natural risks and vulnerabilities inherent in the operation of retail payment systems. As the CPSS asserts in its report:

From the moment of initiation of a non-cash payment until its settlement with finality, the participants in a transaction (payer, payee and one or more financial institutions) may be exposed to certain risks. These risks arise at the level of the individual payment, and where payments are netted at the aggregate level as well.278

The CPSS states in its report on ‘Clearing and Settlement Arrangements for Retail Payments in Selected Countries’, that (in general) risk in the retail payment system is comprised of fraud risk, operational risk, legal risk, and settlement risk (including liquidity and credit risks),279 and systemic risk. This view is consistent with that of the Basel Committee on Banking Supervision,280 Akindemowo,281 Pennathur,282 and Nsouli and Schaechter,283 who found in their studies that for e-banking activities, besides standard risks for traditional banking activities, particular risks are also applicable, namely operational risk, reputational risk,284 and legal risk.

Regarding concerns about security and fraud, Vrîncianu and Popa point out that ‘security is considered the central operational risk of e-Banking’, therefore security problems such as fraud risk cut across risk categories and can be classified not only as an operational risk,285 but also as a risk that would expose the bank to legal risk286and reputational risk.287

277 Gates and Jacob, above n 258, 7.

278 CPSS, ‘Clearing and Settlement Arrangements for Retail Payments in Selected Countries’, above n

245, 11–12. See also FFIEC, ‘Retail Payment Systems’, above n 180, 24.

279 For risk definition, see CPSS, ‘A Glossary of Terms’, above n 5, 29, 45. Settlement risk: ‘general term

used to designate the risk that settlement will not take place as expected. This risk comprises both credit and liquidity risk’. Liquidity risk: ‘the risk that a counterparty (or participant in a settlement system) will not settle an obligation for full value when due. Liquidity risk does not imply that a counterparty or participant is insolvent since it may be able to settle the required debit obligations at some unspecified time thereafter’. See also Michele Braun et al, 'Understanding Risk Management in Emerging Retail Payments' (2008) 14(2) Economic Policy Review - Federal Reserve Bank of New York 137, 140.

280

Basel Committee on Banking Supervision (BCBS), 'Risk Management Principles for Electronic Banking' (Bank for International Settlement, 2003) 5–9.

281 Akindemowo, above n 95, 126–27. 282 Pennathur, above n 54, 2111–13. 283 Nsouli and Schaechter, above n 10, 3–5. 284

Reputational risk is the risk of significant negative public opinion that results in a critical loss of funding or customers. Reputational risk may arise among other things from a significant breach of security, whether as a result of external or internal attacks on a bank’s system, including mistakes, malfeasance, and fraud by third parties. See BCBS, ‘Risk Management for Electronic Banking and Electronic Money Activities’, above n 3, 7.

285 Operational risk has an array of risks included in its definition, including security risk, fraud risk, and

legal risk. For further explanation, see BCBS, ‘Risk Management for Electronic Banking and Electronic Money Activities’, above n 3, 58. See also FFIEC, ‘Retail Payment Systems’, above n 180, 279; CPSS, ‘Clearing and Settlement Arrangements for Retail Payments in Selected Countries’, above n 245, 10–11.

67 Kondabagil echoes Vrîncianu and Popa’s view by stating that any kind of unauthorised disclosure or exploitation of consumer data will expose banks to both reputational and legal risks.288 Braun et al further highlight that it becomes more important to raise the question of legal risk if case law is less well developed or simply that the drafters of established laws may not have foreseen some of the ways in which payments are initiated, processed, and settled.289

Documento similar