Experiences Reported by Banks in Implementing On-line Banking
GGD-98-34: Published: Jan 15, 1998. Publicly Released: Feb 17, 1998.
Pursuant to a congressional request GAO reviewed: (1) the channels used to deliver online banking services; (2) the reasons for implementing online banking; (3) whether online banking met or exceeded expectations; and (4) the electronic links that banks had with other payment systems.
GAO noted that: (1) as of June 1997, an estimated 7 percent of U.S. banks offered online banking services, which most typically allow customers to access account information and transfer funds between their accounts; (2) on the basis of plans reported to GAO by surveyed banks, GAO projected rapid growth in online banking over the next year and a half as the number of U.S. banks implementing online systems is expected to increase about fivefold nationwide; (3) bank officials identified three primary reasons for their banks' offering online banking: keeping existing customers, remaining competitive, and attracting new customers; (4) officials of 170 of the 185 surveyed banks offering online services said their online banking systems had met or exceeded their expectations; (5) although an estimated 47 percent of U.S. banks reported that they expect to offer online banking services by the end of 1998, introduction of this technology brings with it some attendant risks; (6) responses from 93 of the banks GAO surveyed indicated that some had not performed risk assessments, which can serve as a tool to protect the integrity, confidentiality, and availability of their online operations; (7) although 65 of the banks responded that their banks had assessed the potential risk exposure of their systems, 12 banks reported that they had not assessed these types of security risks, and another 16 banks said that they did not know if they had assessed such risks; (8) risk assessments are an important step in protecting an online system so that appropriate controls can be implemented to mitigate risks; (9) although many of the 93 banks that responded to this question reported they had implemented controls to prevent unauthorized access to their online systems, 9 banks said they lacked firewalls for restricting access between computer networks; (10) 10 banks reported that they did not have such basic security features as detection software for computer viruses and worms; (11) many of the 93 banks that responded indicated they had experienced lapses in service, security problems, or system operation difficulties; and (12) with the projected rapid growth in online banking, it is important that banks take those steps necessary to ensure they protect their online banking operations.