The vulnerability of China's online banking system has once again been put under the spotlight after the website of the country's largest commercial lender was compromised by hackers. They posted their own programs on the website for free download.
The Industrial and Commercial Bank of China (ICBC), which outranks HSBC, the world's second largest bank by asset value, is trying to pacify customers who have expressed concerns about potential risks in the bank's Internet service.
How to safeguard e-banking users from online theft has become an urgent task not only for the ICBC but also for all other Chinese lenders.
Experts have warned that online banking safety issues could become more complicated as the service is extended to more customers.
IT specialists are calling on the government to set up an independent body to implement a certification system that is designed to resolve disputes arising from breaches of online banking security. They also want the government to enact stricter laws to discourage hackers.
Online banking involves performing transactions, payments and other businesses over the Internet through a bank's secure website.
Compared with traditional methods, online banking can be very useful, especially outside banking hours as long as Internet access is available.
Ever since the Bank of China launched its first online banking services in June 1996, other Chinese banks have wasted no time in jumping on the bandwagon, to tap into the new lucrative market, expand their customer base, or offset the disadvantage of not have sufficient branches.
Figures released last month by the China Financial Certification Authority a joint venture of 13 leading commercial banks of China showed that the number of individual Internet banking customers jumped 170 percent last year, to 40 million, while corporate users skyrocketed 300 percent year-on-year.
Jiang Jianqing, ICBC's chairman and president, intends to move 50 percent of the bank's business online in four years and increase it to 70 percent in 10 years.
Critics, however, point to a major problem in the development of online banking - safety.
A growing number of customers, who fell victim to e-bank scams and had their money siphoned off, are taking the banks to court.
A report by the China Financial Certification Authority indicates that more than 60 percent of customers refuse to use online banking services because of security concerns, a problem that has handicapped the healthy development of the business.
"In theory, it's safe to conduct online transactions," He Gongdao, an IT expert, said.
"Many banks have initiated multiple protection mechanisms such as digital certificates, the upgrading of firewalls and other safety measures," he said.
However, He, from the Beijing Jiangmin New Science and Technology Company a computer software and hardware producer, was quick to add that most lenders applied such mechanisms only to the servers of their networks, but overlooked the security of customers.
"The online bank is like a courtyard. Even though lenders make the gate pretty firm and safe, there are many holes in the surrounding walls. Thieves can easily enter and steal the money," he said.
The most contentious dispute over Internet banking safety is between ICBC, and its 487 e-banking customers from across the country.
These alleged victims claim they have lost sums up to 3.1 million yuan ($397,000) owing to ICBC's "online banking loopholes".
Pang Feng, allegedly a customer from Shanghai, suffered the biggest loss more than 380,000 yuan ($48,700).
What's more, the number of alleged victims and money stolen seems to be on the rise.
In August, when these victims formed an alliance to ask for compensation from the lender, they only totalled about 200 claiming a loss of 389,000 yuan ($48,600) much less than the current figure.
It seems the dispute is not likely to be resolved in the near future. Last week, alliance members in Shanghai filed a collective complaint to the city's consumer association, and also held talks with ICBC's Shanghai branch.
But the bank fought back, apportioning blame to the customers for failing to properly protect information about their accounts.
After the lender's website was intruded, it posted a notice alerting users not to access their Internet banking accounts through hyperlinks embedded in emails or Internet search engines.
Customers were also advised to access their e-banking accounts by keying in or book-marking the genuine website.
According to CCID Consulting, a market research company in Beijing, online transactions have become one of the most important businesses for modern commercial banks.
China's online banking business has been developing rapidly and the number of online customers may exceed 100 million by 2010, CCID said in its China Online Banking Market Research Report 2006.
It also said that by the end of last year, among the top 50 commercial banks in China, 37 set up websites, including 25 engaged in online banking.
China Construction Bank (CCB), the Chinese mainland's third-largest lender, has reported rapid development in its electronic banking business in recent years. At the end of 2004, the bank had 4.73 million e-banking customers, with online transactions totalling 3 trillion yuan ($385 billion).
In addition to the State-owned big four lenders, fast-growing stake-holding commercial lenders are hoping the online banking network will broaden their customer base.
Shenzhen-based China Merchants Bank (CMB), the Chinese mainland's six-largest lender, intends to establish a convenient online payment method in two years to offset its lack of outlets and compete with its State-owned counterparts.
Foreign lenders have also cast their eyes on the sector.
The Bank of East Asia was authorized to open an individual online banking business in August 2002; HSBC has been providing individual online banking services for local and international customers since December 2002.
From January 2004, the Hang Seng Bank began to provide individual online banking services in Shenzhen, Shanghai, Guangzhou, Fuzhou and other places.
The number of users has been increasing in recent years, especially in the developed cities, which has helped Internet banking to become popular.
But it seems domestic lenders have not done enough to ensure the safety of online banking at a time when an escalating number of computer viruses are threatening the sector.
A report compiled by the Beijing Jiangmin New Science and Technology Company said that during the period from August 2004 to October last year, the number of users infected with computer viruses targeting online banking services multiplied 600 times.
In the first 10 months of 2005, more than 37,000 computers were infected with the Trojan virus or its mutations.
To safeguard the security of online banking, Chinese lenders have introduced digital certificates or put a cap on the daily online transactions allowed.
For instance, the Bank of Communications has a daily limit of 5,000 yuan ($640).
The banking regulator issued rules last March demanding both domestic and overseas players to strengthen their supervision of the nation's e-banking business.
"Internet banking safety will become more complex as the battle between the hackers and financial institutions intensifies," He said.
Li Xiaofeng, general manager of the China Financial Certification Authority, believed that a unifying standard for issuing digital certificates would help resolve disputes between banks and users.
"It's unfair to victimize customers just because the banks shift their responsibilities by promoting certificate systems, such as U-key and USBkey," he said.
A third party, independent from banks and users, is needed to unify the certificate standards, he said, and in future users would need only one security certificate to conduct online transactions at different banks.
"Online banking security urgently needs protection laws," Li said.
(China Daily January 5, 2007)