THE ROLE OF ITSG IN E-BANKING
Prophetically, Dewan and Seidmann (2001) predicted the e-banking will consist of two classes namely very large banks and small niche banks. This distinction was clarified in a study from Southard and Siau (2004) in which depicted that smaller banks can actually compete with larger national banks at the same level through the use of technology.
This capability to obtain a market share regardless of size shows how the banking industry is polarizing with very large banks and small niche banks at either end of the spectrum. As Figure 4 illustrates, banks will need to focus their Internet technology strategy along this continuum. Movement along the continuum is only toward the upper left. This restricted movement foretells the future of e-banking. Banks will either maintain their positions or will be forced, through acquisition or merger, towards the upper-left segment of the continuum.Information security (IS), which may include protection of consumers’ personal data and safe transactions to prevent misuse, is paramount for the growth of any sort of online trade, including e-banking. This factor has been cited as the most critical success factor for e-banking among others (Shah and Siddiqui, 2006). The same author outlines the importance of upgrading the technological infrastructure of e-banking, not only with advanced legacy systems but also with policies and user management practices that will enable a safer e-banking environment. Along with IS the strategic nature of e-banking has been identified as a success factor for the adoption and usage of e-banking however, little empirical evidence exists in the literature (Gikandi and Bloor, 2010).
In a real-world context banks refuse to publish security incidents to the general public for fear of losing customers and reputation. In this respect, they frequently lack in a sound ITSG program capable to assure that e-banking will satisfy business and security requirements.
An ITSG program can actually increase IT performance and Risk Management in e-banking through management or leadership processes where visibility to the effectiveness of the security program will be the key to verify results and promote a security culture. In other words, organizational accountability for security is the pathway to future security and business investments in the e-banking domain (ITSG, 2007). In Figure 5 we represent the role of ITSG in e-banking taking into consideration the e-banking continuum described in Figure 4.This figure indicates that smaller banks that usually lack in resources contrary to larger banks, can build an ITSG framework which will differentiate them from competition and gain the
Figure 4. E-banking continuum
Source: Adopted from Southard and Siau (2004)
Figure 5. ITSG framework for e-banking
relative advantage in the e-banking services. Relative advantage is the degree to which consumers perceive a new product or service as different as and better than its substitutes in which the theory “diffusion of innovation” stands (Rogers, 1962).
In this respect the security culture requires active participation and a shared understanding among stakeholders in order to coordinate activities and adapt to changing circumstances including social, technological and business environment. Training and security awareness programs are of paramount importance from the Board of Directors to future customers but this may not be sufficient enough if banks do not publicize their improvements through the media and press in order to increase consumer confidence in e-banking (Gikandi and Bloor, 2010). The security culture highly depends on the security strategy the bank employs for e-banking. Small, niche banks focused more on external portals can create a dynamic and constantly evolving security strategy which will enable them to compete with larger banks.
Most critical factors included in a security strategy usually are1. Business integration,
2. Building e-trust
3. Obtain support from upper management and
4. Promote and protect the functional areas of e-banking (Shah and Siddiqui, 2006).
Within the security strategy, clear policies should be formed in compliance with industry- related standards based on the unique environment of the service provider.
Security is useless if it cannot be communicated in clear and unambiguous terms. This is highly important in e-banking since the complexity of technological advances usually distracts users and inhibits adoption of e-banking. For this reason, monitoring and communication can increase performance, user satisfaction and minimize security incidents. New trends in monitoring complex systems such as e-banking include automated methods with consistent metrics such as the Security Content Automated Protocol (SCAP) from the National Institute of Standards and Technology (NIST) which is described later.
Smaller banks that concentrate on local accessibility as their niche advantage rather than full e-banking services can enhance their e-banking status by focusing on the service quality. Contrary to larger banks which focus on mass-customization, small banks through their own unique security strategy can compete on a local level with a greater service quality. Key components that are considered important in the quality of service in e-banking, with an emphasis on Internet banking, include speed of service (e.g. download e-banking content), enhanced navigation and interactivity (Vachirapornpuk and Broderick, 2002).
Therefore, the main purpose of ITSG in ebanking is to offer a shield against the diversity of risks that can impact the security objectives of e-banking, however, the security objectives for ebanking do not include the usual triad namely the confidentiality, integrity, availability but extend to non repudiation and authentication of information (Basel Committee, 2003). Moreover, the role of
ITSG in e-banking is to combat risks and result in tangible benefits such as improved internal processes and controls, potential lower audit and insurance costs, market and customer differentiation and as tool for competitive advantage (Reserve Bank of India, 2011). An ITSG program for ebanking should rely on a well-defined organization structure to eliminate gaps between business and IT and also to minimize overlaps in technology management (Kondabagil, 2007).