Embed Size (px)
Citation preview
1 | P a g e
CAVENDISH UNIVERSITY ZAMBIA
Faculty of Information and Communications
Technology (ICT) ASSESSMENT OF THE SECURITY METHODS USED
IN E-BANKING TRANSACTIONS IN ZAMBIA. - CASE
STUDY ZANACO BANK ZAMBIA PLC
“A Dissertation submitted in partial fulfillment of
the requirement for the Bachelor’s Degree in
Computer Science”
NGWALE NKOSA
STUDENT NUMBER 003-633
2019
2 | P a g e
DECLARATION I declare that this work is my original work achieved through personal reading and
scientific research. This work has never been submitted to Cavendish University Zambia
or any other College or University for the award of a bachelor of science in Computing or
for any other academic award. All sources of data used, and literature on related works
previously done by others, used in the production of this report have been dully
acknowledged. If any omission has been made, it is not by choice but by error. Furthermore, I
hereby give consent for my dissertation if accepted to be available for photocopying and for
inter-library loan and for the title and summary to be made outside organization.
NGWALE NKOSA 003-633 MR. H SINKALA
CANDIDATE: SUPERVISOR:
--------------------------- ---------------------------
Date: Date:
-------------------------------- -----------------------------
3 | P a g e
List of Acronyms ATM - Automated Teller Machine.
BAZ-Bankers Association of Zambia.
BCP - Business Continuity Plans.
CAZ - Communications Association of Zambia.
DRS - Disaster Recovery Sites.
ICT - Information and Communication Technology.
IT - Information Technology.
PIN - Personal Identification Number.
ZICTA - Zambia Information Communication Technology Authority.
4 | P a g e
Acknowledgements This dissertation could not have been successfully completed if not for the assistance and
support rendered to me by numerous dedicated friends and family as well as university
lecturers who gave me constant advice and guidance. It is for this reason that I would like to
thank everyone that put in tremendous effort to the completion of my thesis.
Special gratitude goes to Mr. Henry Sinkala who supervised my work and guided me in
producing this work without his devoted time and assistance I would not have managed to
successfully complete this work.
Lastly, I take full responsibility for any omissions and errors in the document.
5 | P a g e
Dedication To my family, friends and relatives for always being with me. It has been a long journey but
through thick and thin you have been with me each and every step of the way. For all you
have done, may God continue to richly bless you and may His grace and favour continue to
follow you all the rest of your days.
6 | P a g e
Abstract With the advent of electronic technologies, electronic banking has become a significant
element in almost every business. One of the most significant developments in this aspect is
the banking industry. Electronic banking has the capability to integrate and transform a
traditional business to a model of electronic commerce (e-commerce) in providing banking
alternatives and facilitating for the convenience to their banking transactions. In fact, most of
the banks around the world have adjusted their business strategy to attain competitive
benefits, reduce operational costs and enhance their performance by offering an electronic
banking system to their banking customers. Hence, banking customers have the option of
accessing their bank accounts and making transactions anytime and anywhere. Electronic
banking systems provide us with easy access to banking services. The interaction between
user and the bank has been substantially improved by deploying ATM’s, phone banking,
internet banking, and more recently mobile banking. The new information technology is
becoming important factor in the financial services industry.
However, the electronic banking systems have associated information security threats and
risks which need assessment if the bank clients are to be satisfied with banking services.
Electronic banking, security threats and risks that impact both the banks and the banking
customers. Privacy and security of electronic banking transactions and confidentiality of
personal information are among the biggest concerns for both the banking industry and the
Internet banking customers. Furthermore, there are some additional electronic banking
systems that provide us with easy access to banking services. The interaction between user
and the bank has been substantially improved by deploying ATM’s, phone banking, internet
banking, and more recently mobile banking.
7 | P a g e
Therefore this paper examines the use of electronic technologies in the banking sector with
special attention on Zambia National Commercial bank. The paper looks at the assessment of
electronic security methods used in electronic banking transactions with a case study of the
aforementioned bank in Zambia. The main findings are that ZANACO offers three main
electronic banking services which are internet banking, mobile banking and ATMs. The main
methods of security are encryption, pin codes, pass codes and passwords. Although the bank
argues that their services are secure, some customers feel that the banks should put in more
security measures. Mostly in banks causes of fraud and source of fraud are due to lack of
customers to keep the security codes privately as others share these details with third parties.
The main recommendation is that the bank needs to be doing a routine security assessment
check-ups and upgrades. It is also recommended that the security codes should have a
maximum life span to avoid insecurity. This paper is organised into four main sections
namely introduction, methodology, presentation of findings, conclusions and
recommendations.
8 | P a g e
Table of Contents DECLARATION ......................................................................................................................................... 4
List of Acronyms ...................................................................................................................................... 5
Acknowledgements ................................................................................................................................. 6
Dedication ............................................................................................................................................... 7
Abstract ................................................................................................................................................... 8
CHAPTER ONE: INTRODUCTION AND BACKGROUND ........................................................................... 10
1.0. Introduction ............................................................................................................................... 10
1.1. Background of Zambia National Bank ........................................................................................ 10
1.2. Background to Study .................................................................................................................. 11
1.3. Statement of Problem ................................................................................................................ 12
1.4.0. Aims and objectives ................................................................................................................ 13
1.4.1. Aim ...................................................................................................................................... 13
1.4.2. Specific objectives ............................................................................................................... 13
Research Questions .......................................................................................................................... 13
1.5.1. General research question .................................................................................................. 13
1.5.2. Specific research questions ................................................................................................. 13
1.6. Significance of the Study ............................................................................................................ 13
1.7. Delimitation and Scope of Study ................................................................................................ 14
1.8. Definitions of terms ................................................................................................................... 14
CHAPTER TWO: LITERATURE REVIEW ................................................................................................... 15
2.0. Introduction ............................................................................................................................... 15
2.1. Scope of Electronic Banking (E-Banking).................................................................................... 15
2.2.0. Electronic banking services offered by Banks ......................................................................... 18
2.2.1. Automated Teller Machines ................................................................................................ 18
2.2.2 .Point of Sales (POS .............................................................................................................. 18
2.2.3. Mobile Banking Services ..................................................................................................... 19
2.3.0. Security Methods Used in Electronic Banking Transactions ................................................... 20
2.3.1. Security Mechanisms .......................................................................................................... 22
2.3.2. Authentication Methods ..................................................................................................... 23
2.4.0. Causes and Sources of Fraud in Electronic Banking Transactions .......................................... 25
2.5.0. Fraud and Insecurity in Electronic Banking Transactions ....................................................... 25
2.6.0. Challenges Faced By Banks in Facilitating Insecurity and Electronic Banking Fraud .............. 27
2.7.0. Measures to Reduce Electronic Banking Insecurity ................................................................ 29
9 | P a g e
CHAPTER THREE: METHODOLOGY ........................................................................................................ 32
3.0. Introduction ............................................................................................................................... 32
3.1. Research design ......................................................................................................................... 32
3.2. Study Population and sample .................................................................................................... 32
3.3. Sampling design and procedure................................................................................................. 33
3.4. Data collection instrument ........................................................................................................ 33
3.5. Administration of data collection schedule ............................................................................... 33
3.6. Data Analysis/processing procedure ......................................................................................... 33
3.7. Limitations of the methodology ................................................................................................ 34
CHAPTER FOUR: PRESENTATION AND ANALYSIS OF DATA................................................................... 35
4.0. Introduction ............................................................................................................................... 35
4.1. Respondents’ characteristics and classifications ....................................................................... 35
4.2. Responses From Clients ............................................................................................................. 36
4.3. Responses From Bank Employees .............................................................................................. 43
CHAPTER FIVE: SUMMARY, CONCLUSIONS, RECOMMENDATIONS ...................................................... 50
5.1. SUMMARY OF FINDINGS ............................................................................................................ 52
5.2. Conclusion .................................................................................................................................. 52
5.3. Recommendations ..................................................................................................................... 53
REFERENCES .......................................................................................................................................... 55
Appendix I: Questionnaire for clients/customers. ................................................................................ 57
Appendix II: Questionnaire for bank employees ................................................................................. 60
10 | P a g e
CHAPTER ONE: INTRODUCTION AND BACKGROUND
1.0. Introduction
This chapter gives the background of the target bank, and introduction to the research study.
It gives an insight on how the research was conducted, background of the study, problem
statement, overall and specific objectives. The chapter further provides the significance,
delimitation of the study as well as definitions of key terms.
1.1. Background of Zambia National Bank Zambia National Commercial Bank public known as ZANACO is one of the first banks to be
established in Zambia. It was created by the merger of the National Commercial Bank and
Commercial Bank of Zambia in 1975. The Commercial Bank of Zambia was incorporated in
Zambia in 1965 to take over the business previously transacted by the Netherlands Bank of
South Africa Limited. The National Commercial Bank was incorporated in 1969 as the first
wholly owned bank (Bank of Zambia, 1984). Furthermore ZANACO was established by the
government of the republic of Zambia to foster national development and has over the years
been and continues to be instrumental to the country’s progress through various achievements
particularly in providing the banking and financial services of the Zambian people. The bank
boasts of being the leading bank in the country with branches and agents spread across the
country (www.zanaco.co.zm ).
Prior to 2007, the bank was 100% owned by the government. In that year, 49% of its shares
were sold to the Rabobank Group, a banking company from the Netherlands (Zambia
National Commercial Bank, 2010). Under this partnership, ZANACO has designed broad
based, affordable banking services for its retail customers and structured innovative financial
solutions for large corporations, agri-business and the public sector. In 2008, the shares of
ZANACO were listed on the Lusaka Stock Exchange. The bank remains majority owned by
Zambians and thus is considered “citizen owned”. The relationship with Rabobank enables
ZANACO to benefit from technical assistance and best practice in various areas of banking
(Zambia National Commercial Bank, 2010). According to the Bank of Zambia, ZANACO
was the most profitable commercial bank in Zambia during the first six (6) months of 2009
(Zambia National Commercial Bank, 2010). ZANACO has invested substantially in a
versatile banking information technology platform. The bank offers various self-service
banking technologies from ATMs, POS (Point of Sale) terminals, ZANACO Bill Master,
Internet banking and Xapit instant banking which, with the use of a mobile phone; bill
11 | P a g e
payments, transfers and the buying of airtime can be done (Zambia National Commercial
Bank, 2010). ZANACO is well placed to respond to the diversity of Zambian society with a
national presence of 56 branches and agencies nationwide and the development of new
exciting ecommerce products (Ministry of Commerce, Trade and Industry 2010).
1.2. Background to Study According to Allan (1998) the evolution of the Electronic banking started in the early 1980s
when banks begun to look at electronic banking as means to replace some of the traditional
branch functions, for two reasons. Firstly the branches were very expensive to set up and to
maintain due to the large overheads associated with them, secondly e-banking production
services like ATM’s and electronic funds transfer were a source of differentiation for banks
that utilized them being in a fiercely competitive industry. Further, Technology introduced
new ways of delivering banking to the customer, such as ATM’s, internet banking mobile
banking. Hence banks found themselves at the forefront of new technology adoption. Both in
the USA and the U.K, it really took off with the arrival of the world wide web (www), when
traditional banks offered their clients access online while some banks started operating on the
web only. Today almost half the Worlds’ banks are online. Online electronic banking was
preceded by home banking; hence electronic banking was put in effect in order to reduce
back office processing costs. According to “Banking and finance on the internet” edited by
Mary J. Coronin (1997), electronic banking was first introduced in the early 1980’s in New
York by four major banks: Citi bank, Chase Manhatan, Chemical Manufacturers and Hanova.
This allowed individuals and enterprises to maintain electronic checkbook registers, check
account balances, and transfer funds between different accounts.
However, with the advent of electronic banking, security concerns arose. The concept of
security has taken a different nature since the beginning of the modern computing era (Bobos,
2010). In order to understand electronic security, one must be able to clearly understand the
issue of confidentiality, confidentiality refers to the privacy of points of interest regarding an
information resource, and confidentiality could be applied via encryption for example. The
goal of confidentiality is to only allow access to resource to those that require access to it.
Zambia first became connected to the Internet in (1994) through a slow leased line from
South Africa with just about 250 users, many of whom were academicians and medical staff.
Over the years, the Internet has changed dramatically and has become an exceedingly
influential and indispensable tool to businesses and individuals alike. The number of Internet
users in Zambia was estimated at 50,000 in (December 2004) according to ZICTA. Business
12 | P a g e
houses and a growing number of individuals have adopted online identities that make it
possible for them to communicate worldwide in real-time and be part of the emerging
information society.
Since Banks are among the leaders in the business sector in Zambia, they too have moved
with the times and embraced the electronic age. The banking sector, however, has one of the
most liberal banking regimes in southern Africa. Recent developments have included the
drive to privatize many sub‐sectors of the financial sector; ZANACO being a good example
of this.
It should be further noted that what attracts customers to internet and or electronic banking is
the round the clock availability and ease of transactions. Studies estimate that internet
banking still has a long way to go. There are several banks that have customers who prefer
banking in the traditional ways. Some customers turn to internet banking facilities for
security reasons. This is mainly because of customers being assured of banks' ability to keep
transactions safe and secured. Most online transactions are made using the Internet Explorer
interface. The Internet Explorer has been around for more than ten years now. This study on
electronic Banking will provide detailed information on electronic banking which shall
include internet banking, mobile banking and ATMs. This shall be viewed in the light of
what is in practice at Zambia National Commercial Bank.
1.3. Statement of Problem There is a rapid increase in electronic banking transactions as well as a serious concern on
how secure the system is to avoid fraud in the banking system. Financial institutions that
provide electronic banking today have found customer security as a vital issue in their day to
day business transactions due to the fact that it involves the internet which is highly unsecure.
Moreover using the internet as a medium of electronic banking, it is prone to hacking and
third party access to private information like banking information.
Admittedly, the idea of electronic banking is a brilliant one, but attached to it are numerous
advantages and disadvantages. It must be noted that due to slow technological developments
in Zambia, the electronic banking in Zambia is not totally efficient and secure, as various
people have lost funds through their bank accounts inherent to various reasons, it must be
noted and also argued that the security methods used are not sufficient enough to ensure up to
standard security in the electronic banking transactions in the Zambian banking sector. This
has led to an increase in research and technology on how this must be avoided.
13 | P a g e
1.4.0. Aims and objectives
1.4.1. Aim
To assess the security methods used in electronic banking transactions in Zambia.
1.4.2. Specific objectives
To determine the levels of fraud and insecurity in electronic banking transactions.
To investigate the causes and sources of fraud in electronic banking transactions
To ascertain the challenges faced by banks in facilitating secure electronic banking
transactions.
Research Questions
1.5.1. General research question
What are the security methods used in electronic banking transactions in Zambia?
1.5.2. Specific research questions
What are the causes and sources of fraud in electronic banking transactions?
How prevalent are the levels of fraud and insecurity in electronic banking transactions?
What are the challenges faced by banks in facilitating insecurity and electronic banking
fraud?
What measures can be put in place to reduce electronic banking security?
1.6. Significance of the Study There has been an increasing concern from the general public in the use of electronic
transactions especially to a technology emerging nation like Zambia. Therefore the study
findings provide a compressive and overview electronic security methods used in banking
sector. Thus the findings of the study are a source of awareness to the users (customers) and
providers (banks) of electronic banking in ensuing that the electronic banking transactions are
secure from both parties. The findings are vital in a bid to bring awareness and provide
advice or workable solutions to prevent financial crime or fraud in the banking sector.
1.7. Delimitation and Scope of Study The study focused on assessing the security methods used in electronic banking in Zambia
through media such as mobile phones, internet and ATMs. The study focuses on Zambia
14 | P a g e
National Commercial Bank as a case study and all findings in this paper are based on
responses from ZANACO staff and customers. Additionally while there are numerous areas
in electronic banking, the study had overall goals of only assessing the security methods used
in security banking in Zambia. Zambia. Therefore there is a likelihood that the findings may
not be universal to the whole country especially that, there are a lot international banks
operating within the country which maybe using internationally acclaimed security methods
in electronic banking transactions.
1.8. Definitions of terms Electronic Commerce: Is the process of conducting business on the internet using
information technology to enhance communications and transactions with all of organizations
and stake holders.
Electronic Services: Is described as an infrastructure, content-cantered and internal based
customer service which is driven by the customer.
Electronic Banking: Is defined to include the provision of retail and small value banking
products and services through electronic channels as well as large electronic payments and
other wholesale banking services delivered electronically. It is considered to be a segment of
electronic business to the extent that banks are involved in the management of business
transactions via electronic media, other non-banking financial products are services such as
insurance.
Security: Is the protection of assets against danger of loss. Security is simple safety but with
emphasis to external threats, in other words security is the protection of data against
unauthorized access. “This is the major concern in this thesis.”
Information Security: Is the protection of information and information systems from
unauthorized access, use, disclosure, disruption, modification or destructions. There are three
concepts in relation to information security, which are confidentiality, Integrity, and
availability (CIA).
Internet: Is the network of computers through which anybody with a personal computer
which is properly connected to the existing telephone or cable system that can access several
millions of people around the world.
15 | P a g e
Information Technology: Is the study or the design, developmental implementation support
or management of computer based information systems particularly software applications and
computer hardware, IT deals with the electronic use of electronic computers and software
applications to convert, store, protect, process, transmit and retrieve information.
Electronic Payment System: Is the payment through which the electronic transfer of funds,
which is automatically transferred from the account of the payee to the account of the
receiver immediately after the transaction has been done electronically.
Automatic Teller Machine (ATM): Is a unit installed by a bank that gives customers access
to their accounts with the insertion of a magnetic card.
Card Reader: Can be described as a machine with a magnetic head that record information
and convert it into electronic signals.
Transaction: Is a business deal that is being negotiated or settled.
Pin: This is a multi-digit number used with a card to get money from a cash point machine or
to gain access to a computer or telephone system.
16 | P a g e
CHAPTER TWO: LITERATURE REVIEW
2.0. Introduction
This chapter allows for the review of published works and past research work that has been
done in relation to the study. This part also highlights some weaknesses and critically
analyses published body of knowledge by way of justification and comparison to prior
research studies. It thus comprises review of empirical data.
2.1. Scope of Electronic Banking (E-Banking) According to Ibrahim et al (2006), the changes occurring in the banking sector can be
attributed to increasing deregulation and globalization, the major stimulus for rationalization,
consolidation and increasing focus on costs. Further, the implementation of electronic
banking such as office banking software holds several advantages for the banks as the
outcome of revolutionary technology. Meanwhile the importance of the internet and other
electronic to users banking needs relates to the advantages that accrue to the users of the
technology in question. The literature on electronic banking is thus full of reference to the
convenience brought to the banking world with the advent of the internet. However, a number
of disadvantages still come into the fore with closer examination.
Electronic banking services are seen by banks as a better electronic banking system to
increase their market share (Beans, 1999). Electronic banking according to the Basel
committee report on the banking supervision (1988) refers to the provision of retail and small
value banking products and services through electronic channels. Regarding an overall
process of commercialization taken place in the payment market, electronic payments set to
be a huge growth market over the next few years, this is simply because advert of the internet
providers, electronic commerce opportunity with an instantaneous means of payments ( Liao
and Cheung, 2002).
Figure 2.1: Below is a diagram showing a simplified illustration of electronic banking:
17 | P a g e
Figure 2.1
Source: Saleh and Andrea (2000).
Electronic banking is concerned with the internet portal, providing the facility to its
customers and allowing them to use different kinds of on line services like payment of utility
bills, purchasing mobile recharge and making investments. It is essential for the banks to
have the official bank website providing the possibility to do transactions so that banks can
be qualified as providing the online banking services (Pikkarainen et al 2004). According to
(Gigolio 2002 and Robinson 2000) for delivering banking products the cheapest delivery
channel can be done only through electronic banking.
According to Karjalinto et al (2002), with the help of electronic banking services the
branching of networks of banks have reduced and also the staff for working in banks and
customers satisfied to use electronic banking services as it will serve a lot of time and effort
to go to branch of bank to perform these transactions. So the main reason behind accepting
the electronic banking is the time, cost saving and freedom from the place (Polatoglu, 2001).
There are a lot of reasons which hinder the popularity of Electronic banking services in spite
of the fact that bankers and customers can get benefits from the online banking services. The
majority of private banks are banking through the electronic banking channel.
18 | P a g e
According to Hagel and Hewlin (1997) the electronic banking became very attractive to
customers and lots of banks because the technology is accepted by them and they can now
understand and have information on complex product. Nowadays banks are facing a lot of
competition and need a high market share and provide better services to its customers so that
they can attract the new customers and old customers do not try to leave them.
While using the electronic or online banking there are a lot of advantages that customers are
getting, these advantages are that customers can access their bank accounts at anytime and
anywhere, twenty four hours seven days a week. The management of funds and availability
of various banking services can be carried out by customers very easily. Electronic banking
provides benefits to the users and also to the banks; users can use the services dependent on
convenience which is independent of time and constraints. Electronic banking helps banks to
reduce transaction costs and cost of operation in the form of reducing staff and physical
branches. There is an urgent need to create awareness amongst the business group of people
about the importance of electronic services and to prepare people to accept the challenge
which electronic services offer (Karjalinto et al 2002).
2.2.0. Electronic banking services offered by Banks With the increase in the use of technology particularly in the field of electronic banking. A
number of products have been developed in the banking sector. There are various services
offered in electronic banking services, which include: use of ATMs; internet or online
banking; SMS and telephone banking; electronic bill payment, and Point of Sale transactions.
These electronic banking services and products are briefly explained herein (Hagel and
Hewlin, 1997).
2.2.1. Automated Teller Machines
ATMs were the first known machines to provide electronic access to customers (Singh and
Komal, 2009). Khan, 2010: p333) says the “ ATM is an innovative service delivery mode that
offers diversified financial services like cash withdrawals, funds transfer, cash deposits,
payment of utility and credit card bills, cheque book requests and other financial enquiries”.
The ATM services that are offered by banks have evolved and have become better and more
advanced.
These machines perform the basic deposit and withdraw tasks of tellers and are more
dependable as most customers prefer ATMs to error prone human tellers. Automated banking
focuses on automated teller machine or ATM as many usually call it. The first ATM was
19 | P a g e
installed into a bank some 40 years ago by Barclays bank England, for the first time
customers could get hold of their money without having to queue in a bank. This saved bank
customers time, it also saved the bank huge money in that they could now only have few
staff. Modern ATM’s provide customers with their bank account balance. They can also issue
money print statements and even take cash deposits. Customers are able to use almost any
ATM in any bank, supermarket or garage, and in some countries this facility is usually free
(Jaffee, 1989). The ATM facility has a number of benefits; according to Brain (2000) the
benefits of that can be derived from ATM facility usage is so numerous. Flexible account
access allows clients to access their accounts at their convenience.
2.2.2 .Point of Sales (POS)
This is an electronic banking service that uses debit cards. The customers use the debit card
to make payments at any shop or place with a designated point of sale. The customers swipe
the debit card on the point of sale machine and enters pin code authentication and the bank
debits the client account and credits the seller or shops account. In the case of online buying
and selling the visa debit card number is used to authorise the bank to debit your account. Of
course there are security requirements depending on regulations. It is among the widely used
electronic banking in buying and selling in the world.
2.2.3. Mobile Banking Services
Mobile banking is the provision of banking services, notably a bank account, which can be
accessed via a mobile phone. It’s generally banking using a mobile phone. Laukkanen and
Pasanen (2005) define mobile banking as a channel whereby the customer interacts with a
bank via a mobile device, such as a mobile phone. There are several services that a bank can
offer through mobile banking. For instance, payment of bills can be done using mobile
banking as well as money deposited and transferred from one account to another. Mobile
banking is popularly known as Short Message Service (SMS) banking or M-banking; and has
been facilitated using restrictions of passwords for security reasons.
According to the United Nations Economic and Social Commission for Asia and the Pacific
and the International Trade Centre (2005) in countries with high ICT literacy rates and well-
developed telecommunications networks, customers can make financial arrangements
wherever they are and at any time. However a congested network may result in poor
reception. For mobile banking to be able to 11 take place and to be of benefit to the bank and
the customer, there needs to be a telecommunications network.
20 | P a g e
Commercial banks and telecommunication networks sign agreements on how the mobile
banking services will be provided to the client. The agreement outlines how much the client
is charged on each transaction and how much goes to the telecommunication network. The
user of a mobile banking service must be a client to both the bank and the telecommunication
network. Banking transactions over mobile phones are usually performed by sending an SMS
requesting a financial transaction, it travels to the SMS centre of the clients’ cellular service
provider and from there it goes to the bank’s system. Then the client receives the response
that is sent by the bank via the service provider, all within a few seconds. Therefore, for
mobile banking to be effective and a success, commercial banks have to establish agreements
with telecommunication companies (i.e. Airtel, MTN and Cell-Z) as these are the mobile
phone network providers in Zambia (United Nations Economic and Social Commission for
Asia and the Pacific and the International Trade Centre, 2005).
The most exciting service to which ZANACO has beaten all other competitors is the Xapit, a
kind of cell phone banking that allows customers to buy airtime, pay bills such as DSTV and
make money transfers to third parties using the ATM. ZANACO is the first bank to
implement such a service, which will operate 24 hours a day. “It will be made available to the
existing customers, but ultimately also to the (two) 2 million people who have a cell phone
but not a bank account,” said Wiessing. This facility, if well implemented, will allow most
Zambians who have no access to banking facilities to access financial services using their cell
phones. The Xapit account is the only instant ZANACO Bank account that can be opened
within minutes offering customers a Visa card and services such as purchasing of airtime,
electricity and paying for DSTV.
2.3.0. Security Methods Used in Electronic Banking Transactions According to Thomas et al, (2002), the security of electronic banking refers to any tool,
techniques or process used to protect a systems information asset, or is a risk management or
risk mitigation tool. Muella (2001) stated that security deals with how a website ensures that
hacker and others cannot access customer’s information or their credit card numbers. It is
further highlighted electronic security adds value to a naked network. It is composed of soft
and hard infrastructure, the soft infrastructure components consist of policies, processes,
protocols, and guidelines that protect the system and the data from compromise. The hard
infrastructures consist of hardware and software needed to protect the system and data from
threats to security from inside or outside the organization.
21 | P a g e
As the internet is broadcasting medium, the need for security is constant requirement of doing
business over the internet, any lapse of security in internet usage may likely to increase fear
and anguish among the consumers psychological state that may bar them to use the system as
they may be required to key in their valuable personal information. Thomas et al (2002)
stated that although technology opens up new dimensions of the scope of timing but it creates
the possibility for crimes to be committed very quickly. In the past to steal 50000 credit card
numbers would have taken months or even years for highly organized criminals. However
today criminal using tools available on the web can hack into a data base and steal scores of
identities in seconds.
According to Thomas et al (2003) these are few reasons why electronic security must be
taken very seriously now. However Raigaga 2000) pointed that security concerns have been
the most important issue facing the bankers among various banks which has drastically
delayed the expansion of technology among banks. Ratnasigum (2002) argued that the impact
of technology trust in web services implies the use of security services such as digital
signatures, encryption mechanisms and authorization mechanisms.
Raigaga (2000) explains the electronic banking transaction is only as secure as the people
who use it. If a consumer chooses a weak password, or does not keep their password
confidential, then an attacker can pose as that user. This is significant if the compromised
password belongs to an administrator of the system. In this case, there is likely physical
security involved because the administrator client may not be exposed outside the firewall.
Users need to use good judgment when giving out information, and be educated about
possible phishing schemes and other social engineering attacks.In internet banking electronic
transactions, one of the security methods is the personal firewalls.When connecting your
computer to a network, it becomes vulnerable to attack. A personal firewall helps protect
your computer by limiting the types of traffic initiated by and directed to your computer
(Ratnasigum (2002).
Additionally Secure Socket Layer (SSL) is a protocol that encrypts data between the
consumer’s computer and the site's server. Secure Socket Layer (SSL) encryption is a secure
communication protocol that encrypts client information during transmission over the
Internet. It is one of the strongest encryption technologies available today, providing server
authentication, and ensuring that all data transferred over the Internet is encrypted to protect
22 | P a g e
against it being disclosed to eavesdroppers. It also ensures that any attempt by hackers to
tamper with the information will be detected (Thomas et al, (2002).
When an SSL-protected page is requested, the browser identifies the server as a trusted entity
and initiates a handshake to pass encryption key information back and forth. Now, on
subsequent requests to the server, the information flowing back and forth is encrypted so that
a hacker sniffing the network cannot read the contents. The SSL certificate is issued to the
server by a certificate authority authorized by the government. When a request is made from
the consumer’s browser to the site's server using https://, the consumer’s browser checks if
this site has a certificate it can recognize.
A firewall is like the moat surrounding a castle online security methods. It ensures that
requests can only enter the system from specified ports, and in some cases, ensures that all
accesses are only from certain physical machines. A common technique is to setup a
demilitarized zone (DMZ) using two firewalls. The outer firewall has ports open that allow
ingoing and outgoing HTTP requests. This allows the client browser to communicate with the
server. A second firewall sits behind the e-Commerce servers. This firewall is heavily
fortified, and only requests from trusted servers on specific ports are allowed through. Both
firewalls use intrusion detection software to detect any unauthorized access attempts. Another
common technique used in conjunction with a DMZ is a honey pot server. A honey pot is a
resource (for example, a fake payment server) placed in the DMZ to fool the hacker into
thinking he has penetrated the inner wall. These servers are closely monitored, and any access
by an attacker is detected (Thomas et al, 2002).
2.3.1. Security Mechanisms
There are general security mechanisms for database systems. However, the increasing
accessibility of databases in the public internet and private intranets requires a reanalysis and
extension of the approaches there are various identified mechanisms that are employed by
many organisations such as the banks, financial institutions, and online shops among others
that use to secure the interests of both parties (Connolly and Berg. 1997)
Encryption: Secure Socket Layer (SSL) encryption is a secure communication protocol that
encrypts client information during transmission over the Internet. It is one of the strongest
encryption technologies available today, providing server authentication, and ensuring that all
data transferred over the Internet is encrypted to protect against it being disclosed to
eavesdroppers. It also ensures that any attempt by hackers to tamper with the information will
23 | P a g e
be detected. Another protocol for transmitting data securely over the web that the banks
employed is Secure HTTP (SHTTP). It is a modified version of the standard HTTP protocol.
By convention, web page that requires an SSL connection starts with https, instead of http.
The study in Nigeria discovered that two modes of encryption are in use among Nigerian
commercial banks, they are 128 bit and 256 bit SSL. This encryption technology ensures that
data passing between customer computer and the bank is secure and that customer accounts
cannot be accessed by anyone else online.
Digital Certificate: Connolly and Berg (1997) defines digital certificate as an attachment to
an electronic message used for security purposes, most commonly to verify that a user
sending a message is who he or she claims to be, and to provide the receiver with the means
to encode a reply. For compliance and security reasons all the banks applied and signs for
digital certificate to send encrypted messages. Digital certificate authentication is generally
considered one of the stronger authentication technologies, and mutual authentication
provides a defence against phishing and similar attacks. The use of shared secrets such as
digital images is another technique. An image recognition and selection is used to identify the
genuineness of the customer.
Firewall: When the Web server has to be connected to an internal network, for example to
access the company database, firewall technology can help to prevent unauthorised access,
provided it has been installed and maintained correctly. A firewall is a system designed to
prevent unauthorised access to or from a private network. Following this, it was gathered
from the study that all the banks install robust firewalls to protect their internal systems
(intranet) and customer’s information against intrusion from the interne (Mary Jane Cronin,
1997).
2.3.2. Authentication Methods
There are a variety of technologies and methods financial institutions can use to authenticate
customers. These methods include: Use of customer passwords, Personal identification
numbers (PINs), Digital certificates using a public key infrastructure (PKI), Physical devices
such as smart cards, One-time passwords (OTPs), Use of “tokens” such as USB plug-ins,
Transaction profile scripts, Biometric identification and others (Khan, 2010).
The authentication methods adopted by Nigerian banks are passwords, PINs, tokens and One-
Time passwords. The level of risk protection afforded by each of these techniques varies. The
selection and use of authentication technologies and methods should depend upon the results
24 | P a g e
of the financial institution’s risk assessment process. Existing authentication methodologies
involve three basic “factors”:
Something the user knows (e.g., password, PIN);
Something the user has (e.g., ATM card, smart card, token) and
Something the user is (e.g. Biometric characteristic, such as a fingerprint)
Authentication methods that depend on more than one factor are more difficult to
compromise than single-factor methods. Accordingly, properly designed and implemented
multifactor authentication methods are more reliable and stronger fraud deterrents. For
example, the use of a logon ID/password is single-factor authentication (i.e., something the
user knows); whereas, an ATM transaction requires multifactor authentication: something the
user possesses (i.e., the card) combined with something the user knows (i.e., PIN). A
multifactor authentication methodology may also include “out–of–band” controls for risk
mitigation (Santos, 2003).
Shared Secrets: Shared secrets (something a person knows) are information elements that are
known or shared by both the customer and the authenticating entity. Passwords and PINs are
the best known shared secret techniques but some new and different types are now being used
as well. The security of shared secret processes can be enhanced with the requirement for
periodic change. Shared secrets that never change are described as “static” and the risk of
compromise increases over time. The use of multiple shared secrets also provides increased
security because more than one secret must be known to authenticate (Cronin 1997),
Tokens can be also used, Tokens are physical devices (something the person has) and may be
part of a multifactor authentication scheme. The hardware consists of a key-fob with an LCD
screen on it. A code is displayed on the screen and changes frequently, usually every 60
seconds. The device is generating keys based on a 128-bit encryption seed. When this number
is fed to a server that has a copy of that seed, it is used as an additional verification to the
other login data. There are three general types of token: the USB token device, the smart
card, and the password-generating token. It was gathered from the study that only the
password generating token is in used by the banks (Singh and Komal 2009).
Password-Generating Token:A password-generating token produces a unique passcode, also
known as a one-time password each time it is used. The token ensures that the same OTP is
25 | P a g e
not used consecutively. The OTP is displayed on a small screen on the token. The customer
first enters his or her user name and regular password (first factor), followed by the OTP
generated by the token (second factor). The customer is authenticated if (1) the regular
password matches and (2) the OTP generated by the token matches the password on the
authentication server. A new OTP is typically generated every 60 seconds in some systems,
every 30 seconds. This very brief period is the life span of that password. OTP tokens
generally last 4 to 5 years before they need to be replaced. Password-generating tokens are
secure because of the time sensitive, synchronized nature of the authentication. The
randomness, unpredictability, and uniqueness of the OTPs substantially increase the difficulty
of a cyber thief capturing and using OTPs gained from keyboard logging. The two
aforementioned methods of 2-factor authentications (2FA) are ones basically in use by
commercial banks. There are others methods in use globally such as: USB Token devices,
Smart Cards, Biometrics, out of-Band Authentication and Mutual Authentication. (Ziqi.
Michael. 2003)
2.4.0. Causes and Sources of Fraud in Electronic Banking Transactions It should be noted that there exist fraud in relation to ATMs. According to Bankers
association of Zambia as at December 2010, Zambia recorded a total number of 489 ATM
machines and over a million card holders (1,082,417) to be exact. It is clear that as the ATM
card holders will continue to grow as a result of electronic awareness.
Majority of Zambian banks notably ZANACO, FINANCE, and STANBIC banks to mention
a few warned card users nationwide against disclosing their ATM card details to second party
as a result of fraud stars who are said to be on the prowl. Diebold (2002) stated some ATM
frauds in a paper titled “ATM fraud and Security”.
2.5.0. Fraud and Insecurity in Electronic Banking Transactions The most notable of the challenges of ATMs is Card theft. In an attempt to obtain actual
cards, criminals have used a variety of card trapping devices comprised of slim mechanical
devices often encased in plastic transparent films inserted into the card reader throat. Hooks
are attached to the probes preventing the card from being returned to the consumer at the end
of the transaction. When the ATM terminal user shows concern due to the captured card, the
criminal usually in close proximity of the ATM, will offer prompt support suggesting the user
enter the pin again, so that the criminal is able to view the entry and remember the pin. After
the consumer leaves the area, believing the card has been captured by the ATM, the criminal
26 | P a g e
will then probe ( fishing Device) to extract the card having viewed the pin the criminal may
easily withdraw money.
Another is the use of Skimming Devices. This is another method of accessing a consumer’s
account information is to skim the information off of a card. Skimming is the most frequently
used method of illegally obtaining card track data “skimmers” are devices used by criminals
to capture the data stored in the magnetic stripe of the card. Reading and deciphering the
information on a magnetic stripe of the card, which is accomplished through the application
of small card readers in close proximity to or on top of the actual card reader input slot, so it
is able to read and record the information stored on the magnetic track of the card. The device
is then removed allowing the downloading of the recorded data (Ziqi. 2003).
Shoulder surfing: Shoulder surfing is the act of direct observation, watching what number
that a person taps onto the keypad. The criminal usually positions himself in close proximity
to the ATM to watch as the ATM user enters their pin, sometimes miniature video cameras
that are easily obtained might be installed discretely on the fascia or somewhere close to the
pin pad, to record the pin entry information.
Utilizing a fake pin pad overlay: A fake pin pad is placed over the original keypad, this
overlay captures the pin data and stores the information into its memory, the fake pin pad is
then removed and recorded pins are downloaded, fake pin pads can almost be identical in
appearance and size to the original. An additional type of overlay that is more difficult to
detect is a thin overlay that is transparent to the consumer. This method used in conjunction
with card data theft provides the criminal with the information needed to access an
unsuspecting consumer’s account (Bambos, 2010).
Pin Interception: After pin is entered the information is captured in electronic format through
an electric data recorder. Capturing the pin can be done either inside the terminal or as the pin
is transmitted to the host computer for the online pin check. In order to capture the pin
internally the criminal would require access to the communication cable of the pin pad inside
the terminal which can more easily be done at off premise locations (Bernkopf, 1996)
27 | P a g e
2.6.0. Challenges Faced By Banks in Facilitating Insecurity and Electronic
Banking Fraud According to Fojt (1996), Electronic banking like any other thing in life has its own
drawbacks and challenges both to the bank and the customers. A customer needs access to the
internet being connected which signifies that the access to a customer’s account is solely
dependent in the case of electronic banking. Furthermore, Electronic banking is subject to
dependability of other computers and web server, which means that if it is faulty a customer
cannot access his or her account.
It also means that a customer has to know how to use a computer before he or she can carry
out any transaction. There are a set of people e.g. the older ones who do no not want to follow
the technological trend, probably being scared and doesn’t want to learn and prefer the
traditional banking way. The other issue concerns the governmental policies that guide
electronic banking operations across international borders not being efficient (Fojt, 1996)
Further, the services of a third party are usually required by bank to run the online services to
their clients ( Kannan, 2004)
In addition to the above, Ziqiand Michael (2003) argued that the electronic banking being
new technology faces a problem of acceptability. This means it has a battle with the
competition in the driving force behind the introduction of electronic banking. The banking
system being an oligopolistic market( a market condition in which sellers are so few that the
actions of any one of them will materially affect the price and have a measurable impact on
competitors) it is necessary for the electronic bank to compete in the first place through the
sub strategy of product service differentiation. Therefore in order to enhance the product
service the internet should be exploited as a channel to build, maintain, and develop long
term client relationships through the ready access to broad and increasing array of products,
services and low-cost financial shopping, rapid response to customer inquiries and
personalized product-service innovation.
Another challenge prone to electronic banking is transaction security, due to open nature of
the internet; this is likely to emerge as the biggest concern among the electronic banking.
Since transaction risks would create significant barrier to market acceptance, its management
and control are crucial for business reputation and promotion of consumer confidence as well
as operational efficiency. To safeguard this, it is imperative the electronic bank to implement
measure to protect client assets and information. The electronic banking is also likely to be
28 | P a g e
challenged by demographics; this can prevent some commercial banks future access to
profits. To exploit this challenge and increase market share, financial institutions must seek to
attract and capture computer literate internet users who are young and educated as early as
possible to supplying at low cost technology innovative and sophisticated products and
services such as globally mobile banking and electronic financial transactions over the
internet (Fojt, (1996).
Electronic banking has also brought new challenges for bank management, supervisory and
regulatory authorities. It should also be noted that operational Risk of electronic banking is
the central system of availability and security to the dependability of new technology which
provides services, security threats can be external or internal to the system due to this,
banking regulators and supervisors must check that banks have the right measures in place to
secure data integrity and confidentiality. These security practices should be listed on a regular
basis by technical skilled persons to analyze network vulnerabilities and recovery
preparedness. The integral part of the overall management of the heightened operational risks
in their safety and soundness evaluations (Government of the Republic of Zambia, 1994).
As noted by Ziqi and Michael (2003) another drawback to electronic banking is that it carries
heightened legal risks for banks. Banks have grown geographically faster in terms of services
which they render through Electronic banking compared to traditional .banking methods. In
some cases, however, the banks rendering these services might not fully acquired with laws
and regulations abiding in that area before offering such services either with permission
(License) or not. When this permission is not there, a virtual bank not having adequate
contact with its supervisor from the host country may find problems adapting to regulatory
changes. As a result, virtual banks being unaware unknowingly could go against the
protection laws of a customer, including data collection and privacy. After which they subject
themselves to losses through lawsuits or crimes that are not prosecuted because of
jurisdictional disputes. Money laundering has been on for some time now which is being
facilitated by electronic banking due to anonymity it affords. Many countries have issued
proper rules for the identification of customers when an account is being opened.
Another is what is called Reputational Risk- banks reputation can be damaged due to
violation of security and disruption to availability of the system, reputational risk is more
dependent on the reliance on electronic delivery channels which in turn increases its
potentials, for instance, bank that offers electronic services experienced any problems that
29 | P a g e
might lead to the lost confidence customers have for electronic delivery channels in general.
These problems can potentially affect other providers of electronic services. Reputational
risks also stem from customer misuse of security precautions. Security risks can be amplified
and may result in the loss of confidence in electronic delivery channels (John, 1997).
Banks have made, and should continue to make, efforts to educate their customers. Because
customer awareness is a key defence against fraud and identity theft, financial
institutions should evaluate their consumer education efforts to determine if additional steps
are necessary. Management should implement a customer awareness program and
periodically evaluate its effectiveness. Methods to evaluate a program’s effectiveness include
tracking the number of customers who report fraudulent attempts to obtain their
authentication credentials (e.g., ID/password), the number of clicks on information security
links on Web sites, the number of statement stuffers or other direct mail communications, the
amount of losses relating to identity theft, etc. while disclosing the ID/passwords is a
common source of insecurity, a study on whether banks are making efforts to educate its
clients, The study found out that all banks are making efforts to educate their customers on
how to handle any suspicious attempt on their financial details; to ignore any mail requesting
for their PIN and or card details as the bank would not for any reason request for them, to not
enter the bank’s website from links from their email boxes, to access the internet banking
portal from a designated web address (BOZ, 2013)
2.7.0. Measures to Reduce Electronic Banking Insecurity According to the Bank of Zambia guidance banks should introduce logical access controls
over ICT infrastructure deployed. Controls instituted by banks should be tested through
periodic Penetration Testing, which should include but should not be limited to;
Password guessing and cracking
Search for back door traps in programs.
Attempts to overload the system using Ddos (Distributed Denial of Service &DoS
(Denial of Service) attacks.
Check if commonly known vulnerabilities in the software still exist.
e. Banks may for the purpose of such Penetration Testing employ external experts
30 | P a g e
Continuous and regular customer awareness program to educate customers. A further
study to evaluate the reliability and effectiveness of each of the two most used 2-
factor authentication methods, that is, the hardware token and the PIN.
Financial institutions offering electronic products and services should have reliable and
secure methods to authenticate their customers. The level of authentication used by the
financial institution should be appropriate to the risks associated with those products and
services. Furthermore financial institutions should conduct a risk assessment to identify the
types and levels of risk associated with their Internet banking applications. Where risk
assessments indicate that the use of single-factor authentication is inadequate, financial
institutions should implement multifactor authentication, layered security, or other controls
reasonably calculated to mitigate those risks. The Central Bank of Nigeria (CBN) consider
single-factor authentication, as the only security control mechanism, to be inadequate in the
case of high-risk transactions involving access to customer information or the movement of
funds to other parties ( Mc Gill, 2004).
John (1997argues that the success of a particular authentication method depends on more
than the technology. It also depends on appropriate policies, procedures, and controls. An
effective authentication method should have customer acceptance, reliable performance,
scalability to accommodate growth, and interoperability with existing systems and future
plans. In securing customer data through access control, it is assumed that all bank customers
fall in the same user group. They all can perform similar operations after gaining access to
the bank’s domain through the internet. Customers on electronic banking platform can do
balance enquiry, check transaction details, make payments and transfer fund within the same
bank.
Legislative and Regulatory Issues is best measure at various levels to ensure that e-banking
transactions are secure by following the laid down procedures. For the implementation of
electronic banking, national, regional and international law, rules and regulations are
required. Legal support is necessary for protecting the interests of banks and customers in
various areas relating to electronic banking transactions. Some of the important issues like
liability loss whenever fraud occur, to provide loss allocation in case of insolvency, to
preserve records, prevention of fraud etc. are to be cleared in the legislation.
In Zambia, Zambia information technology authority (ZICTA) formerly known as
Communication authority of Zambia (CAZ) is a statutory body established under the
31 | P a g e
information and communication (ACT number 15 of 2009) of the laws of Zambia. This Act
mandates the authority to provide the regulation of information and technology were the
Electronic banking technology falls. Its mandate is to facilitate access the information and
technology as well as to protect the rights of consumers and service providers (Henry, 1997)
Analysis of the security logs can detect patterns of suspicious behavior, allowing the
administrator to take action. In addition to security logs, use business auditing to monitor
activities such as payment processing. You can monitor and review these logs to detect
patterns of inappropriate interaction at the business process level. The infrastructure for
business auditing and security logging is complex, and most likely will come as part of any
middleware platform selected to host your site (Kannan, 2004)
Therefore the future of electronic banking will be a system where users are able to interact
with their banks “worry-free” and banks are operated under one common standard. Most
research studies have indicated that the common problem affecting information security and
privacy of customers is e-services provider’s lack of security control which allows damaging
privacy losses. Apart from that, another problem is the subsequent misuse of consumers’
confidential information, as in identity theft. These may affect customer’s confidence toward
online business transaction in a variety of privacy risk assessments by consumers. Current
technology allows for secure site design. It is up to the development team to be both
proactive and reactive in handling security threats, and up to the consumer to be vigilant
when doing business online (Blake, 2000).
32 | P a g e
CHAPTER THREE: METHODOLOGY
3.0. Introduction
This study was premised on the fact that there is an increasing use of electronic technologies
in the banking sector and at the same time there has been security concerns by both banks and
customers over the use of electronic and mobile transactions in the banking and financial
services sector ( Muhammad Bilal and GaneshSankar, 2011) The study was grass-root
oriented research with a view to bring about an understanding about the security methods
used in electronic banking transactions and bring about a more secure and sustainable
electronic banking services. Thus the study was centred on assessing security methods used
in electronic banking transactions, challenges faced in facilitating secure electronic banking,
levels and cases of frauds and as well as causes and sources of fraud in electronic banking
transactions.
Therefore this chapter of the research proposal provides the methodology that was employed
in the study. It presents target population, research instruments, sample size and sampling
procedures, data analysis and ethical considerations. Finally it presents a conclusion on
methodology.
3.1. Research design According to Kombo and Tromp (2013), a research design is the structure of the research. It
is refers to as the ‘glue’ that holds the entre research process together. The function of a
research design is to ensure that the evidence obtained enables us to answer the initial
question as unambiguously as possible. . In social sciences research, obtaining information
relevant to the research problem generally entails specifying the type of evidence needed to
test a theory, to evaluate a program, or to accurately describe and assess meaning related to
an observable phenomenon. ( Trochim, William M.K,2001). It is arrangement of conditions
for collection and analysis of data in a manner that aims to combine relevance to research
purpose.
3.2. Study Population The research targeted a population of 500 customers and 500 members of staff, drawn from
ZANACO. It was from this population that a sample size of ten percent was drawn. It should
be noted that the population was restricted to those in Lusaka. Therefore, a total of one
hundred people were chosen as the sample population, which consisted fifty customers and
fifty members of staff. Interviews were conducted and questionnaires were distributed and
administered respectively. These were used to gather information on how secure electronic
banking transactions are. In order to ensure an accurate representation an equal number of
33 | P a g e
respondents were chosen from the customers and employees. Because security issues in
banking sectors affect both the customers and employees.
3.3. Sampling design and procedure According to Strydom et al (2005), sampling simply means taking any portion of a
population or universe as representative of that population. The major reason for sampling is
feasibility. A complete coverage of the total population is seldom possible and all the
members of a population of interest cannot possibly be reached. Meanwhile sampling design
refers to that part of research plan that indicate how cases are to be selected for observation.
In this study, non-probability sampling design known as purposive sampling was used. This
was used because the sample needed to sample purposively. Thus customers can only been
sampled purposively because this sample is difficult to identify using other methods of
sampling. For ZANACO employees, this vital because the employees best to provide the
responses were those in departments such as bank operations, and risks/internal security
whom could not be selected using other sampling techniques.
3.4. Data collection instrument The data collection instrument in this study was questionnaires for bank employees and an
interview schedule for bank customers. The questionnaires contained both open ended and
closed ended questions. This instrument was used because the employees are literate and also
saves time, confidentiality and overcomes aspects of interview bias. Meanwhile the
interviews was suitable for customers because the respondent’s literate was unknown and
also due to the fact that they were selected on a walk in model when ever find making it hard
to use other form sampling design.
3.5. Administration of data collection schedule Therefore to attain the study objectives, a purposive sample of fifty (50) questionnaires were
administered to the ZANACO bank employees in the various branches in Lusaka. Notably
customers were purposively sampled at convenient points such as ZANACO ATM queues
and those waiting to be attended to at various branches within Lusaka. The target employees
were those in bank operations and or risk/internal security departments. These were chosen
because they are responsibly for dealing with issues security and receive complaints from
customers including those regarding security for customers. The questionnaires and
interviews were personally administered because personal administration of data collection
instruments (such as interviews and questionnaires) provided high response rate. The
questionnaire and interviews schedules both consisted of perpetual measures assessed by
34 | P a g e
statements evaluated on a scale: (strongly agree, agree, strongly disagree, disagree), some
questions involved a yes or no answer, were others involved the employees to give written
statements of certain questions.
3.6. Data Analysis/processing procedure According to Strydom, el al (2005), data analysis means the categorization, ordering,
manipulating and summarizing data to obtain answers to research questions. In this study, the
collected data was analysed qualitatively and quantitatively. The analysis was be based on
research questions. Thus the content analysis of the responses was done under various themes
which were later be presented using descriptive statistics. Themes salient across all cases
were kept as well as those that were extremely different. Thus descriptive analysis of data
was used in this study. The descriptive analysis used average and percentage. In analysing the
data the researcher did a lot of cross-referencing with magazines, journals, text books, and
other research works done by others available on the internet. The nature of this research did
not require extensive mathematical tools. Thus mathematical tools have been scarcely used.
According to Stake (2006), the researcher whose priority is to merge the findings across cases
would use this particular method. This method also allows the researcher to make
generalizations about the cases. Quantitative data on the other hand was analyzed by using
Microsoft excel
3.7. Limitations of the methodology Due to limited time and resources the study was done only with one bank otherwise having a
comparative analysis to at least two banks would have been more comprehensive.
Nevertheless caution was taken to ensure that data collection and analysis is away from bias.
The data collection process took longer than expected because some customers could cut the
interview in the middle of the interview as interviewing them was on a voluntary basis. This
meant that the incomplete interview was not counted. This took time to have fifty complete
interviews. There is also likelihood that those responding to the questionnaires, some
respondents may have their responses influenced by the preceding question owing to the fact
that ZANACO employees are normally busy especially during month. Nevertheless this was
overcomed by administering questionnaire at the mid of the month. The data may also have a
limitation of collecting both data sets just from Lusaka town alone.
35 | P a g e
CHAPTER FOUR: PRESENTATION AND ANALYSIS OF DATA
4.0. Introduction
This chapter presents the findings of the study. It analyses the data and information and
brings out the assessment if the security methods used in electronic banking transactions.
Thus the chapter presents the findings based on the research questions and objectives. The
objectives of the study were to ascertain the challenges faced by banks in facilitating secure
electronic banking transactions, find out the levels of fraud and insecurity in electronic
banking transactions as well as to investigate the causes and sources of fraud/insecurity of
electronic banking transactions.
4.1. Respondents’ characteristics and classifications The respondents for the study were categorised into two namely the customers and bank
employees. In the process of data collection from customers, an equal number of customers
were interview which consisted of twenty five males and twenty five females. Nevertheless
for the respondents from the bank employees, the composition was subject to the available
people to attend to the questionnaires. It should be noted that the responses from the bank
was meant for expert knowledge hence aspects of gender were of less significant hence of
gender on the bank employee respondents was left out.
36 | P a g e
4.2. Response from Clients.
4.2.1 Customer’s Education Level.
The information regarding the customers’ education levels was also covered and the table
below show the education of levels of respondents
Table 4.1: Customers’ Education Level
Education level Frequency Percentage
Primary 3 6%
Basic 10 20%
Secondary 17 34%
Tertiary/postsecondary 20 40%
Total 50 100%
Source: Author, 2016
Figure 4.1: Customers’ Education Level
37 | P a g e
Source Table 4.1
Figure 4.1 shows that 40% of customers were Tertiary/postsecondary, 34% secondary level,
20% basic and only 6% primary level.
4.2.2 Customers’ Responses on E-Banking
The clients were asked of the e-banking services offered by the bank. There was a good
response as shown in table 4.2 below. When asked whether they clients are regular users of
these e-banking services. The responses were as follows.
Table 4.2: Frequency of using electronic service
38 | P a g e
e-banking
Services
Very Regular Regular Rarely Very rarely
Mobile banking 30 17 2 1
ATM 47 2 1 0
Internet banking 1 2 17 30
Source: Author, 2016
Figure 4.2: Frequency of using electronic service
Source: Table 4.2
Figure 4.1 shows that 94% of clients very regularly used the ATM and 60% very rarely used
internet banking facilities.
4.2.3 Responses on Modes of Security Used By Clients
The data below shows responses from clients when asked on what kind of mode of security
they use, When asked on how their accounts are secured in an electronic banking, all the 50
were of the view that the main security securing methods used were passwords, passcodes,
pins and encryption in case of internet banking.
39 | P a g e
Table 4.3: Mode of security used
Mode of security used Response from clients
Password 19
Passcodes 15
PINs 13
Encryption 3
TOTAL 50
Source: Author, 2016
Figure 4.3: Mode of security used
Source: Table 4.3
Figure 4.3 shows that 38% of customers used passwords, 30% used pass codes, 26% used
PINs and 6% used encryption methods as modes of security
40 | P a g e
4.2.4 Client’s Security Feeling On E-Banking Services Offered By ZANACO.
This was asked with reference to the security methods the banks use to secure users privacy
and money. The majority of the clients asked felt were secure, others said were very insecure
and a few said were very insecure.
Table 4.4: Client’s Security Feeling On E-Banking Services at ZANACO
Customers feeling and security level Frequency
Very secure 12
Secure 28
Insecure 7
Very Insecure 3
Source: Author, 2016
Figure 4.4: Customers feeling and security level
Source: Table
4.4
Figure 4.4 shows that 24% of customers felt very secure, 56% felt secure, 14% felt insecure
and 6% felt very insecure about the security levels offered by ZANACO
4.2.5Challenges Faced By Customers in Electronic Banking Services
41 | P a g e
The clients were asked on what challenges they face in using these electronic banking
services. Most of the customers mentioned that sharing their security codes with third party
especially their spouses was the main challenges. Other also mentioned that in some times of
the month especially month end, there is a lot of congestion in accessing these services such
as ATMs. They also added that that sometimes some ATMs are off services. furthermore the
customers complained that ZANACO does not have tall free line where customers can report
immediate fraud and theft case as they call centre is a chargeable line is costly for a customer
Table 4.5: Challenges faced by customers in Electronic Banking
Challenges faced by customers Number of clients
Sharing security codes 26
Congestion when accessing ATMs 14
ATMs out of service 10
TOTAL 50
Source: Author, 2016
Figure 4.5 : Challenges faced by customers in Electronic Banking
Source: Table 4.5
42 | P a g e
Figure 4.5 shows that 52% of customers shared security codes, 28% experienced that ATMs
were congested and 20% experienced that ATMs were out of service.
4.2.6 Victims of Fraud, Hacking and Theft
When asked if the customers have been victims of fraud, hacking and theft in the process of
doing an electronic transaction, the responses were classified as very often, often, never as
shown below
.
Table 4.6: Victims of fraud, hacking and theft
Victims of Very often Often Never TOTAL
Fraud 1 6 5 12
Hacking 1 5 10 16
Theft 2 6 14 22
TOTAL 4 17 29 50
Source: Author, 2016
Figure 4.6: Victims fraud, hacking and theft
43 | P a g e
Source Table 4.6
Figure 4.6 shows that 58% of customers never experienced any form of fraud, hacking and
theft, 34% of customers often experienced some form of fraud, hacking and theft while 8% of
customers very often experienced some form of fraud, hacking and theft,
4.3.1 Bank Employees Responses on Fraud Detection Respondents were asked whether the bank offers fraud detection systems and whether they
have people who monitor it. The results depicted in figure 4.7 shows that 100% of the
respondents fully agreed that ZANACO bank does offer fraud detection systems and that
there are people who monitor this system.
Table 4.7: Bank detection system
Bank detection systems Responses percentage
Yes 50 100
No 0 0
Total 50 100
Source: Author, 2016
Figure 4.7: Bank detection system
44 | P a g e
Source: Table 4.7
4.3.2 How often does the bank incur fraud to the system?
The bank employees were asked on the frequency the bank receives Fraud and theft reports
relating to electronic banking. The results are shown below.
Table 4.8: Frequency of fraud cases at ZANACO
How often does the bank incur fraud Responses
45 | P a g e
Daily 0
Weekly 19
Monthly 21
Annually 0
Never 10
Other 0
Source: Author, 2016
Figure 4.8: Frequency of fraud cases at ZANACO.
Source: Table 4.8
The results in figure 4.8 above depicts that the system of the bank incur fraud mostly monthly
which depicts 42%. This shows that the bank has a challenge to ensure that there is safety in
the use of the e-banking services.
Figure 4.9: Fraud alerts services by ZANACO
46 | P a g e
Source: Author, 2016
The responses as depicted in figure 4.9 suggest that the system does give the customers alerts
in relation to fraudulent activities. 57.1% represent the highest number of people that suggest
the bank system does give alerts to its customers concerning electronic fraud.
4.3.3 Does the bank have firewall protection?
When asked if the bank offers firewall security, the responses were as shown below.
Table 4.10: Response on firewall protection
Response on firewall protection Responses Percentage
Yes 50 100
No 0 0
Total 50 100
Source: Author, 2016
47 | P a g e
Figure 4.10: Response on firewall protection
Source: Author, 2016
Respondents without prompting were required to indicate whether the bank has firewall
protection to its system, which prevents hackers from penetrating through the banks system.
As results show in figure 8 above 100% of the respondents without prompt agreed that the
bank does have firewall protection that prevents hackers from penetrating the banks system.
4.3.4 How often does the institution reinvest in the security system to strengthen and
tighten security
Figure 4.11: institution investment level
Source: Author, 2016
48 | P a g e
According to the results depicted in figure 4.11 above 85.7% of the respondents representing
the majority of the sample pointed out the bank reinvests in its security system once a year or
rather annually.
4.3.5 How secure are electronic banking transactions and services in the institution in
relation to fraud and crime
Figure 4.12: Security levels with regards to fraud and crime
Respondents were asked to perceive how secure electronic banking transactions are in this
institution, by rating their services excellent, very good, good or poor. As results show in
figure 10 the majority of the respondents representing 71.4% perceived that the electronic
services offered by this institution were very good in relation to how secure electronic
banking transactions are secure from fraud.
4.3.6 Does the institution offer training awareness programs for customers to use
electronic banking services.
Figure 4.13: Institutional client training and awareness
49 | P a g e
As shown in figure 4.13, the respondents were required to strongly agree, agree, be moderate,
strongly disagree or agree to the idea that the bank offers training awareness programs to its
customers. According to results depicted in the figure 4.13 above results show a good number
of the sample who represent 37.1% agree to the idea that the bank offers training services
while 22.8% strongly agreed that the bank does offer training awareness to customers to its
customers. These results represent or support the notion that the bank does offer training
awareness programs to educate the customers on the use of electronic banking services.
4.3.7 Do you think the infrastructure offered by the bank is able to provide efficient
utilization of electronic banking transactions?
Figure 4.14: views on infrastructure in enhancing security
Source: Author, 2016
Respondents were asked on their thought as to whether the institutions infrastructure is able
to provide efficient utilization of electronic banking services by its customers. 57% of the
50 | P a g e
respondents agreed that the infrastructure that the bank offers is able to provide efficient use
of the services, 25.7% of the respondents strongly agreed that the infrastructure offered by the
bank is capable to provide efficient utilization of the electronic banking services.
4.3.8 Do customers trust the electronic technology offered by your bank
Figure 4.15: Customers trust of electronic services
Source: author, 2016
The respondents were asked to depict whether the banks technology in form of electronic
banking transactions is trusted by the customers. With reference to the figure above it is clear
that 40% of the respondents were moderate about the idea that the bank offers technology
that is trusted by its customers, this means that 40% of the sample were not clear as to
whether customers trust the technology being used or not, hence forth 34.3% of the sample
agreed that the customers of the bank did trust the technology of the bank.
4.3.9 What are the measures the institution has put in place to ensure that security of
electronic banking transactions is increased?
From a sample of 50 respondents on average 100% of the respondents mentioned that
password control is one of the measure that the bank had put in place to increase security’
Other respondents also mentioned that security codes were also used as a measure to ensure
that the security of electronic banking transactions is put into effect.
51 | P a g e
4.3.10 What methods does the institution use in the security of electronic banking
transactions?
From the sample of 50 respondents it was clearly pointed out by all of them that the notion
that data encryption and the use of passwords as well as security codes were the major forms
that the bank is using to secure the electronic banking transactions.
4.3.11 What are the challenges being faced to ensure that electronic banking
transactions are kept secure
The sample of 50 respondents clearly pointed out that on average the major challenge the
bank faced in keeping electronic banking transactions safe was that most customers share
their passwords with a third party. Therefore, it becomes very difficult to stop fraud in that
once a fraudster is in possession of one’s password it is very easy for them to access that
specific persons account without any difficulty. Another important issue that was raised by
respondents is that customers tend not to follow instructions. When instructions are not
properly followed it could lead to one losing their funds in many ways. Not following
instructions thus has dire consequences for the customer.
52 | P a g e
CHAPTER FIVE: SUMMARY, CONCLUSIONS, RECOMMENDATIONS
5.1. SUMMARY OF FINDINGS
From the findings it can be shown that a good number of clients have been enjoying good
relations with the bank. This can be justified by the fact that there were a very few clients
among those interviewed who are subjected to fraud, theft and hacking. However it should be
noted that the electronic transactions such as internet banking which is more prone to
insecurity is not widely used in ZANACO. This could be attributed to the fact that the bank is
a traditional bank where most civil and public workers use it for salaries thus it may not have
a lot of clients involved in internet banking. Furthermore it has been established from
findings that in creating awareness of fraud and insecurity issues, the bank has put in place
measures such as awareness campaigns and other media such as sms alerts and call centre.
However, the making of the call centre a cost line has the capacity to jeopardise the reporting
system in times of emergencies.
The findings from the respondents from the bank show that there are others that have not
been fully convinced that the infrastructure is at par to the standards of proving secure
banking transactions. This can be proved or justified in figure 4.4 of chapter four where 24%
of the clients felt not secure of the E-Banking services offered by ZANACO. However, it has
been seen that the government has continued to put in measures to ensure that the structures
are update and able to provide comprehensive security to its clients. The coming of Rabo
banking has brought improved security into the ZANACO bank since 2007.
The customers interviewed from the study show that the level of trust for the security of their
accounts within the bank differs as per individual and the findings were corresponding with
responses from bank employees. They also added that that sometimes some ATMs are off
services. Furthermore the customers complained that ZANACO does not have toll free line
where customers can report immediate fraud and theft cases as the call centre is a chargeable,
this can be seen in table 4.6 of the data analysis which explains victims of fraud, hacking and
theft results. Moreover, the customer care line is costly for a customer especially in
emergency services. The findings according to figure 4.14 show that 17% of the respondents
were moderate about the idea that the bank offers technology that is trusted by its customers,
this means that 17% of the sample were not clear as to whether customers trust the
technology being used or not. The findings from the bank employees however show that the
bank does not fully have strict security systems to protect the welfare of its banking clients.
53 | P a g e
Nevertheless it has been established from the study findings that , in the process of ensuring
that the banking transactions of the clients are safe and secure, the findings show that the
bank faces a number of challenges was that the client share the security codes with the third
parties. Notably the finding show that use of passwords as well as security codes were the
major forms that the bank is using to secure the electronic banking transactions In African
societies like Zambia, it is believed that sharing secrets in relationships such as marriage is a
source trust hence spouse don’t bother sharing the passcodes such as ATM pins with
husbands and wife. In addition the sharing of security could be to high levels of ignorance
and illiteracy. For example withdrawing from inside the counter is expensive and any
personal accounts is entitled to the ATM whether they know or not hence such clients seek
help by sharing their security codes. Therefore the bank finds it hard to stop fraud in that once
a fraudster is in possession of one’s password it is very easy for them to access that specific
persons account without any difficulty. Another important issue that was raised by
respondents is that customers tend not to follow instructions. When instructions are not
properly followed it could lead to one losing their funds in many ways.
In a nutshell from the results presented above, a number of observations can be made. Firstly
although the bank under discussion has fraud detection system as indicated by the results,
there exists challenges in curbing fraud. As shown in figure 4.8, the bank has reports of fraud
to the system at least on a monthly basis. The bank therefore has a challenge in ensuring
safety for its electronic banking system.
The bank must do better than just reinvesting in security software annually. For a bank to be
secure it could better to strengthen security on a monthly basis. It can be noted that Zambian
Electronic banking industry is making numerous changes to the way it conducts its
transactions in relation to safety due to largely changing ICT developments as well as due to
hackers being more sophisticate in finding new innovations as to how they may capitalize on
the weaknesses of the electronic banking system through various banks in the country. With
regard to the preceding discussion the following conclusions could be drawn: there have been
little research conducted on the security of electronic banking transactions as it is known that
Zambia is a developing country and such facilities relating to electronic banking have only
come into the country recently. As a result of these facilities only coming into the country
recently customers are not well equipped with sufficient information that allows them to be
able to work hand in hand with the service providers in order to ensure that there is safety in
the use of electronic services. The exchange of personal passwords by customers makes it
54 | P a g e
difficult to ensure safety as this could lead to crooked people using that shared information to
hack into other people’s accounts, thus another conclusion seen is that the service providers
of these facilities do not efficiently give guidelines and free security software to their
customers to use on their personal computers as they access the banks facilities which could
maximize the service quality and security of these transactions.
5.2. Conclusion From the discussion thus far, it has been observed and established from the study that the
specific banks are lagging behind in terms of innovations relating to the services provided in
the electronic banking. Therefore if the bank is to gain competitive advantage through the
provision of electronic banking services they must be able to spot opportunities around the
world of international banking in order to increase the services and also to seek the
weaknesses in the system so as to be able to educate and use the services efficiently with
minimal fraud.
5.3. Recommendations The following are the areas in which the bank needs to look at in order to increase its
customer retaining, as well as gaining competitive advantage in the market:
The bank must be able to educate its customers on how to efficiently use electronic
banking services as well as pointing out to them that their personal bank information
is confidential and must not be given to any other persons at what so ever extent.
Banks should also be able to outsource credible I.T specialists to be able to service the
banks security system.
Banks should also ensure that they procure efficient ICT security gadgets in order to
ensure that there is efficient and improved security to the system of the bank
Banks should also offer customers a toll free number to allow customers be able to
communicate with their banks effectively should any anonymous activity relating to
their bank account occur.
The use of outside consultants to identify information security risks and their
management
55 | P a g e
Financial institutions (banks) should use this guidance when evaluating and
implementing authentication systems and practices whether they are provided
internally or by a service provider.
recommend a minimum of two-factor authentication process for all user access to the
services provided which could be high-risk transactions involving access to customer
information or the movement of funds to other parties .
The authentication techniques employed by the financial institutions should be
appropriate to the risks associated with those products and services. Account fraud
and identity theft are frequently the result of single-factor (e.g., ID/password)
authentication exploitation.
Where risk assessments indicate that the use of single-factor authentication is
inadequate, financial institutions should implement multifactor authentication,
layered security, or other controls reasonably calculated to mitigate those risks
Mobile Telephony: Mobile phones are increasingly being used for financial services in
the world. Banks are enabling the customers to conduct some banking services such
as account inquiry and funds transfer. Therefore the Networks used for transmission
of financial data must be demonstrated to meet the security standards
Automated Teller Machines (ATM): In addition to guidelines on e-banking in
general, Networks used for transmission of ATM transactions must be
demonstrated to meet the guidelines specified for data confidentiality and
integrity.
56 | P a g e
REFERENCES Alder, E. (2002), “Smart Card Technology – Hong Kong, Legal Issues in Smart Card.
Alfred. J. Menezes, Paul. C. Van Oorschot and Scott. A. Vanstone (1996). Handbook of
applied cryptography. London: CRC press.
Allan, A., (1998) “Innovation management”. London: oxford press,
AMA Workshop Event (2006). Misc. materials distributed related to event(s).San Diego,
Bambos. N. (2010). “A Risk management view to information security”. Berlin gamesec
proceedings of the first international conference decision and game theory on security.
Basel committee report on supervision (1998), Basel Risk management for electronic
banking and electronic money activities. Bank of international settlements Basel.
Beans K.M (1999) “Internet banking is the future of community banks” Journal of Lending
and credit Risk Management vol. 81 no 11 pp. 47-49.
Bernkopf, (1996) Electronic cash and monetary policy. Hong Kong, Legal Issues in Smart
Blake J. (2000), ATM security measures. London: McGill Hill
Fojt.M. M. (1996) “Doing business on the information highways” internet research:
Electronic Networking applications and policy vol, 6.2/3 pp 79
Government of the Republic of Zambia (1994), the banking and financial services Act
(1994). The Laws of Zambia.
Henry C. Lucas, JR. (1997).Information Technology for Management. 6th Edition. London:
Pearson Education.
John Mc Gill (2004), ATM’s Technological change. London: McGill Hill
John W. (1997) Banking and Finance on the Internet. New Yolk. John Wiley and Sons.
Kannan R, (2004) Project on internet banking report of (RBI) Reserve Bank of India, working
group. www.geocities.com/kstability/student/internet-banking /
57 | P a g e
Khan, M.A (2010). An empirical study of Automated Teller Machines service quality and
customer satisfaction in Pakistani Banks. European Journal of Social Sciences, 13(3), 333-
344.
Mary Jane Cronin (1997), Banking and finance on interest (Interest management series Mary
J Cronin (August 29th 1997)
Pakistan" (2000), International Journal of Commerce & Management, Vol. 13 No.2, pp. 29-
53.
Santos, J. (2003), "E-service quality: a model of virtual service quality dimensions"
Managing Technology” Computer Law & Security Report, Vol. 18, No. 2, pp. 120-123.
Singh, S. and Komal, M. (2009). ‘Impact of ATM on customer satisfaction: a comparative
study of SBI, ICICI & HDFC bank’. Business Intelligence Journal, 2(2), 276- 287.
Zambia National Commercial Bank (2010). Annual Report. Lusaka: Zambia National
Commercial Bank
ZICTA (2009), Zambia information and communications statutory act # 15 of 2009. Lusaka:
ZICTA
Ziqi.L. L. Michael. T.C. (2003) ‘Challenges to internet, electronic banking’, Communications
of ACM archive. Mobile computing opportunities and challenges Vol. 46, issue 12, pp 248-
250
www.networkworld.com/article 2276425/lan-wan/Zesco-begins-leasing-fiber-
communication-backbone.html – accessed on October 9, 2018
58 | P a g e
Appendix I:
CAVENDISH UNIVERSITY ZAMBIA
Questionnaire for clients/customers
Faculty of Business Information and Technology
PROJECT TITLE: ASSESSMENT OF THE SECURITY METHODS USED IN E-
BANKING TRANSACTIONS IN ZAMBIA. - CASE STUDY ZANACO BANK
ZAMBIA PLC
Am a 4th year student the Cavendish university Zambia pursuing a Bachelor of science
degree in Computing, currently conducting a research themed the methods of security of
electronic banking transactions in Zambia.
The purpose of this interview is to seek your views concerning the security of electronic
banking transactions in the Zambian banking sector your responses will provide important
information in relation to how secure your services are to the consumers. The ultimate
objective of this questionnaire therefore is to evaluate and document the current position of
security in electronic banking transactions in Zambia.
All efforts will be made to maintain confidentiality of all responses as the answers are for
academic purposes only.
Indicate with circle where appropriate.
1) What is your education level?
a) Primary
b) Basic
c) Secondary
d) Tertiary/postsecondary
2) What e-banking services does ZANACO offer?
a) Mobile banking
b) ATM
c) Internet banking
3) How frequent do you use the named e-banking facilities in question 2?
59 | P a g e
a) Very regular
b) Regular
c) Rarely
d) Very rarely
4) Do you feel safe and secure when using these services
a) Very Secure
b) Secure
c) Insecure
d) Very Insure
5) What methods do you and your bank use to ensure security of your privacy and
money?
a) Password
b) Passcodes
c) PINs
d) Encryption
6) How reliable do you feel these security methods are (from question 5)?
a) Very reliable
b) Reliable
c) Unreliable
d) Very unreliable
7) What challenges do you face with regards to using these electronic banking services?
a) Sharing security codes
b) Congestion when accessing ATMs
c) ATMs out of service
8) i) How often if any have been a victim of fraud involving electronic banking
transaction?
60 | P a g e
a) Very often
b) Often
c) Never
ii) How often if any have been a victim of hacking involving electronic banking
transaction?
a) Very often
b) Often
c) Never
iii) How often if any have been a victim of theft involving electronic banking
transaction?
a) Very often
b) Often
c) Never
9) How are the levels of fraud and insecurity in electronic banking transactions?
a) Very high
b) High
c) Moderate
d) Low
e) Very low
10) What measures do you think ZANACO need to put in place to reduce electronic
banking insecurity?
a) Sensitive clients on frauds
b) Prompt clients to change passwords regularly
61 | P a g e
c) Send fraud alerts to clients
Appendix II- Questionnaire for bank employees.
Dear Respondent,
The researcher is a 4th year student in the school of business at the university of Lusaka
pursuing a bachelor of science degree in banking and finance, currently conducting a research
themed the methods of security of electronic banking transactions in Zambia.
The purpose of this questionnaire is to seek your views concerning the security of electronic
banking transactions in the Zambian banking sector your responses will provide important
information in relation to how secure your services are to the consumers. The ultimate
objective of this questionnaire therefore is to evaluate and document the current position of
security in electronic banking transactions in Zambia.
Please take a few minutes to fill in this questionnaire. All efforts will be made to maintain
confidentiality of all responses.
Ngwale Nkosa
Instructions
Please do not write your name.
Simply fill in the blank spaces and ticks where applicable.
Name of Institution………………………………………………….
1. Does your bank offer fraud detection systems and do you have people who monitor it?
a) Yes……
b) No…….
62 | P a g e
2. How often does your bank incur fraud to the system? (Tick were applicable)
a. Daily………
b. Weekly…….
c. Monthly……
d. Annually…….
e. Never………..
f. Other……….
3. Does your system give your customers any fraud alerts? (Tick were applicable)
a. Yes……..
b. No………
c. Sometimes……
d. Never………….
4. What kind of security methods do you offer your clients with regards to electronic
banking?............................
5. Do you offer free security software to your customers? Tick were applicable
a. Yes ……
b. No……
c. Sometimes…….
d. Never………….
6. Does your system have firewall protection?
Yes……
No……..
63 | P a g e
7. What measures has your institution put in place to increase security in electronic banking
transactions?.................................................................................................................................
......................................................................................................................................................
....
8. How many Electronic banking services does your institution offer? Please name them
……………………………….
9. What Challenges is your institution facing in facilitating electronic banking security?
…………………………………………………………………………………………………
10. How often does your institution reinvest in your security system to strengthen and tighten
security? Tick were applicable
a. Weekly
b. Monthly
c. Annually
d. Other
11. How secure are electronic banking transaction services in your institution in relation to
fraud and crime?
a. Excellent
b. Very good
c. Good
d. Poor
e. Other
12. Does your institution provide training awareness programs for customers to use electronic
banking services?
a. Strongly Disagree
b. Disagree
64 | P a g e
c. Moderate
d. Agree
e. Strongly Agree
13. Do you think the infrastructure in your institution is able to provide efficient utilization of
electronic banking transactions?
a. Yes
b. No
c. Somewhat yes
d. No really sure
14. To what extent do customers trust the electronic technology offered by your bank?
a. Strongly trust
b. Moderate tryst
c. Not sure
15. Any other comments relating to the topic or study.
Thank you for taking time to answer this questionnaire.
65 | P a g e
