Introduce the System and Those Using It

IN320
Strategic Use of Information Technology - Spring 2000

Subject: Internet Banking – Sparebanken Møre

Group nr. 10

Jarle Strømmen

Tove Korsfur

Silje Brandal

Lilja Salminen

Kristin Monsen

CONTENTS

1. A presentation of Sparebanken Møre
2. A survey of the PC-bank Sparebanken Møre

3. Strategies by expansion on the internett

4. Different elements of risk connected with internet-Banking

5. Safety in general

6. Summary

1. A presentation of Sparebanken Møre.

Sparebanken Møre was grounded April 1, 1986, by a union of several local banks in Møre and Romsdal. It is today the biggest bank in Møre and Romsdal.

Sparebanken Møre’s most important advantage is to be close to the customers and to have the knowledge about local conditions.

The challenge for Sparebanken Møre is to improve the market- and customermanagement to keep excisting customers, and at the same time make possibilities to create new and good customersrelationships.

The bank puts stress on the local marketsknowledge, and uses the new technology in new and more effective bankservices.

Sparebanken Møre uses their competence and hightechnology to meet the demands of their customers, and is the only local bank in the north-west of Norway with a web-banktrading.

Sparebanken Møre’s goalgroup for the web-bank has always been ALL their customers, but primary is the goalgroup PERSONCUSTOMERS, smaller industrycustomers and all clubs/ teams.

After todays picture of web-bank- users, it shows that the goalgroup has hit well. After the start in mai 1999 has the bank per todagy over 7000 customers.

The distribution is about 30% in the web-bank and 70% in the Phone-bank, but Sparebanken Møre v/ Geir Johnson assume that this would be 50-50 at the end of the year. Their expetition is about 15 000 customers at the end of year 2000, that would make a double in the last year.

2.A survey of the PC-bank "Sparebanken Møre"

- image 1 -

This is the opening page of the web pages to "Sparebanken Møre" From this site can you navigate yourself among the information and the functions of the web pages. One of these functions is the PC-bank. At this site can you do stock- or funds trading. You can for an example buy a fund share directly at the page from "Avanse Forvaltning"

"Sparebanken Møre"´s web pages contains also all the information you need about the bank, such as different types of creditt cards, savings acounts or loan-possibilities.

- image 2 -

When you choose the PC-bank link from the opening page, you get a new

image.(#image 2#) At this page you have to dial in your acount number and your personal four numbered code. You have the same personal code for all your accounts. If the code and the account number are right, you get the opening page of the PC-bank. At the top of this page you will see #image3#. This is the menu-navigater in the PC-bank. This menu contains all the functions that are available for the users.

-image 3 -

If you want to look at a view of all the transactions you have made, at a special account of yours, you just choose the account number (if it is different from the one you logged yourself in with) from "annen konto". After this you choose "konto informajon" , and you get a copy of all the transaction you have done the last two or three monhts.

-image 4 -

From the menu, can you also look at the status at all your accounts in the bank, or easily transfer money from one of your accounts to another. You do not need your personal code, or any other code to do this.

These functions are named " total engasjement" and " Overføring"

- image 6 -

- image 7 -

If you want to pay a bill, you choose "Betale regninger" from the menu. Then you get a form that you have to fill inn corectly with the acount number and the amount you want to pay. You can store the different names and acount numbers, and give them names, so you can pick them out of a list the next time you want to pay your rent or the phone bill.. At this page can you also choose the date you want the bill to be paid. You van se a view of all future-payments by choosing " Forfallsregister" in the menu.

-image 8 -

If you have filled in the form properly, you get a new page, where you can confirm all the information you wrote in at the last page, and then you have to write in a "one-time-only"-code and conferm your payment.

If the transaction should be aproved, you must dial a code. You get this code after you have started a membership with the PC-bank. These codes are numbered from 1 to 50, and the PC will tell you wich code you should dial each time. You get a new set of codes from the bank after you have used all your 50 codes.

After this you can go back and get a blank form, and pay more bills, or close the pay and get a last confirm that the payment is ok. ( see image 9)

- image 9-

"Sparebanken Møre"´s web pages are made together with "Sparebanken Nor" and the web design company "Gazette". "Gazette" is a daugther-company of "Objective As"

3. STRATEGIES BY EXPANSION ON THE INTERNETT

According to Geir Johnson at Sparebanken Møre, their primary goal was to offer their customers more automatic “channels” and services, and especially to offer good service outside normal working hours. Their target is to have a 24 – hour “bank” where the customers can do mostly everything themselves whenever it suits them, he says.

The information – system which are used on the “Nettbank” are strategic to Sparebanken Møre because:

• The bank keeps their customers by keeping up with time and competition.
• Customers who no longer lives in areas where Sparebanken Møre has their branch offices, can keep being customers in the bank by using the “Nettbank”.
• The bank keeps up with the constant faster development on the technology. They are doing this by for example offering the “Nettbank” to the customers, and further this again will give the bank more lojal customers.
• By offering cheaper “Nettbank” – services than bar – services, the bank is able to save up the costs with branch offices, giving individual attention to customers and several earlier rather high expenses. For example by making electronic brochures as a replacement for the paper based.
• By doing the bank services more automatics the bank resources will be released. And this again will benefit the service for the customers.
• The “Nettbank” will again gain a competition advantage because the customer databases stores a lot of information about the customers use of the bank. From this information the bank is able to adjust the bank services and the information that they give particularly to each customer.
• One of the benefits with the “Nettbank” is that it gives you a general view over your economy. You are able to print out your own bank statement.
• If the system is good enough, there is not supposed to be any queue on the “Nettbank” …and it’s possible to do your bank services whenever you like, 24 – hours a day.
• The “Nettbank” service is also supposed to make the bank visible for the customers and to make sure that the customers do know about their products and services.
• By doing the marketing on the internett, the bank is able to utilize the information, which they get in a strategic way.
• The presence of a business on the internett, gives the business a reputation of being creative, innovative and keeping up with the development. Something that can part this business from other competitors who does not have this kind of reputation.

The payment arrangement is a very strong binding mechanism and therefor very strategic. This is the heart of almost every relationship the banks have with their customers. If you have the payment stream to a customer, you will also get to sell other bank services to the same customer.

It is strategic thinking behind the resources which the banks puts in to keep their old customers, instead of doing marketing to gain new once. It is actually too expensive – 5 time as much! It is really hard for the local banks to keep their old customers, that is why they often give extra offers / or they are early with strategic means that is up to date.

Price theory – in accordance to the transaction perspective increases the customer benefit through purchasing cheap goods. From the relation perspective the customer is only tied up to one supplier. Because this is talking about large exchange costs, the customer rarly change their suppliers. If a customer leaves the bank, it is just as difficult to get that customer back again as it was the first time. The benefits with the relation principal are that the customer gets tied to the supplier on a permanent basis and therefor in long perspective.

Customer relationships is looked at as a series of incomes which the bank can have several of years. If they can manage to increase their customer relationships, and give even stronger relations, their incomes from an existing customer will increase, and the bank can reduce their marketing.

4. Different elements of risk connected with internet-Banking

There will always be risk connected with the establishmnent off all kinds of business, also internt-banking.

The risk can destroy the foundation of internt-banking if the customers dont use the bank, or if the bank is losing existing customers. For internet-banking we have identified three maincategories of risk:

4.1 Operative risk elements:

- Safetyrisk

- Falsifys

- Defects with systemdesign, implementation and maintenance

- Dependence to suppliers

- Abuse from customers

4.2 Risk elements from reputation:

-If the customers get a negative opinion of the internet-expansion, the bank might get a bad reputation.

- Risk elements comes into being when the system or the product don`t function as expected for exampel because of internal or external security-breaks.

- Bad treatment or behaviour when mistakes from users comes into being can also lead to a bad reputation.

4.3 Risk elements from public laws:

- Violation of the laws or if the bank dont follow the laws at all

- Violation of rules or regulations, or violation of routines.

- Bad established rights and dutys towards participant in the internetbank

- Whitewashing of black money

- Alteration of the internetbank that contrary the contract with the customers.

Some of the risk-elements cross the categorys above, an example of that is the security-brake that happends when unauthorized users get acces to information about customers. A security-brake like that can be classified as an operative risk, buth also as reputation- and law-risk. As we can see can a single problem lead to many types of risk.

Pricerisk is also a problem in Internt-banking. This is a situation where the bank sets the price of the product or the service too high, or too low, above the customer. There is an understanding that Internet-banking is cheaper to run than traditional banking, nevertheless the implementation, the marketing and running the internet userface costs money. The bank must cover the expenditures from the customers, but the bank takes a risk when they are pricing the service, because if the customers choose not to use the internet-service, then the bank can`t manage to cover the expenses, or to make a profit of the internet-expansion.

In traditional banking there are also creditrsik, liquid-risk, interest-risk and market-risk. These categorys of risk is also current in internet-banking, and also in other business which involves electronic money.

The Internet-Banks must consider all types of risks when they expands on the web, because eaven small internal problems can lead to an external problem if the rumour spreads that the bank has problems.

A method to be in front of the problems, and to assure the customers that safety is taken serious, might be to write about the subject on the web-pages. It is also important to have cleared up the responsibilitys between the bank and the customers, because then both of the participants might know their own responsibility.

5. Safety in general

The safety in internet-banks is quite good today, but there is still room for improvements. A computer-expert claims that if the development of pc capacity continues like today, the existing solutions will be worthless in 3-5 years.

More than 200.000 Norwegians are paying their bills over the internet today. The communication with the internet-bank is however sent through ordinary telephone-lines, and these can be tapped by anyone. Therefore, the banks offer cryptation as a safety-net, briefly this means that when the payments are transferred to the bank, they changes to almost unreadable information. The job is done by cryptationkeys who are placed in the micro-processors.

Among the information that is cryptated , is also a four- or six-figured code. This is both the customers identification and a signature towards the bank. The code is either found on a plastic-card, or is generated by a calculator. According to Karlsbakk at Fellesdata, the company who delivers software for more than 2/3 of Norwegian internet banks, use of calculator has the advantage that it changes the codes every 30th second. Such a code is valid for the customer in 5 - 15 minutes in the internet bank. This is all the time an intruder has available for breaking the cryptation key.

The plastic-card such as "Sparebanken Møre", among others, are using, consists of static nonce-codes that is unreplaceable. The time available for "breaking in" is thereby unlimited, and could, according to the article, be traced by someone who puts their soul to it.

JavaScript is developed by Netscape, and is not an actual standard. Microsoft has made a copy of this language, named JScript, og there are compatibility-problems between the two versions.

A lightweight language which, when integrated with HTML, can make web-sites more interactive for such things as:

• control that forms are properly filled
• change a picture when the mousepointer is lead over it

JavaScript is not related to the software-language Java, and their functions are quite different. JavaScript are codes who appears directly onto the HTML-file that manipulates the different parts of the web-site.

Frames on web-sites used to be a problem, since they weren't supported by all web-readers. However, most of the web-readers today support the use of frames. With frames you can divide the screen in several parts, where each part contains a document who can be used independent of the other parts. The starting point is a superior document called a frameset, which divides the screen and tells what documents to be put in each frame. On a web-site, the framesets might be in several layers.

(Extract from Dagens Næringsliv June 11th, 1999)

One of the leading Norwegian experts within internet warns against insecure internet-services from Norwegian banks. The safety is, according to researcher Gisle Hannemyr at " instituttet for Informatikk" at the university in Oslo, sacrificed for the sake of techniques that give the internet-banks fancy looks.

"Sparebanken NOR" has received harsh criticism for its internet-bank. The critic, who is just finishing his study in computer science abroad, claims that several of the new creatures within the service involves a safety-risk. Gisle Hannemyr agrees in this criticism. It turns out that this criticism also can be aimed at Sparebanken Møre, as they have the same supplier as Sparebanken NOR.

The use of frames and JavaScript have, according to Hannemyr, in common that they make it easier for swindlers to make fools out of naive users. The use of frames makes it harder to see if the bank-service is sertified for cryptated transfers of data on the open internet. At worst, JavaScript can be used to copy contents from the users hardware.

It turns out that Sparebanken NOR in its first version of the internet-bank put out a warning against these two techniques, while they today don't see any reasons to avoid JavaScript and Frames. Still, they are now going to remove these functions in their new version. However, they claimes that the main reason for these changes has nothing to do with security, but it is to make an easier service.