國內網路銀行現況發展及交易安全之研究

Abstract

網際網路的興起，掀起電子商務的狂潮，銀行業者在電子商務中扮演重要的角色，一是銀行業者本身的電子商務，另一是提供電子商務金流作業的服務。網路銀行是透過網際網路，讓客戶可以在銀行網站上，取得各項金融服務，為客戶提供另一新的通路。對銀行業者而言，除了有延伸營業時間、降低營運成本的優點外，尚可以提供多元化服務與加速國際化的好處。但是，網路銀行的服務項目涉及個人或公司資金移轉敏感的交易訊息，交易安全是銀行客戶最關心的議題，亦是網路銀行成功的關鍵。 本論文以國內網路銀行為對象，透過調查及收集相關資料，瞭解發展之現況，針對交易安全問題探討，並分析影響網路銀行發展相關議題，以期對金融主管機關及銀行業者提出建議，以利銀行及其他產業電子商務之發展，讓消費者與業者獲得雙贏。網路銀行系統除從技術面達成資訊安全目標之外，應適當加入管理措施及作業程序，論文中闡述BS 7799資訊安全管理之標準系列文件，做為網路銀行系統安全保證之建議。 金融主管機關財政部強調在安全無虞及確保消費者權益兩大前提下，政策上積極鼓勵銀行辦理網際網路金融服務，提供社會大眾更便捷之金融服務；國內銀行業者也紛紛投入網路銀行，投入相當多的資金建置交易平台；但是網路銀行的使用者並未顯著的增加。由本論文的探討可以瞭解，交易安全問題是一專門的技術，並不是一般消費者大眾可以輕易了解的，如何讓網路銀行蓬勃發展是值得深思的。建議銀行業者積極的利用行銷手段讓客戶有使用網路銀行的動機為第一要務，同時業者需整合各通路服務的銀行系統，才能建立客戶的忠誠度。另外，建立網路銀行系統資訊安全認證制度取得客戶的信賴度以及金融主管機關與業者應儘速建立交易安全風險分擔制度，讓客戶在網路銀行進行交易時風險降到最低，才能提升網路銀行的使用率。

The banking sector plays a significant role in the development of electronic commerce in two ways. One is that banks must evolve into corporations of e-business. The other is that the commercial services provided by banks must take the advantages of personalized communication offered by the Internet. To customers, Internet banking bring them several advantages such as extending service hours, providing variety of service, and remove restriction to location. However, banking services are usually involved sensitive information. Confidentiality protection, integrity guarantee, user authentication, and other security issues turn out to be the most concerned. Security assurance is the key to the success of Internet banking. In this thesis, the author reports an investigation into the state-of-the-art practices of Internet banking in Taiwan. Emphasis is focused on the adoption of security technology. Three kinds of security utilities—SSL, SET, and NON-SET—are compared in terms of risks and supported functions. The author also analyzes factors that influence the development of Internet banking, including internal control procedures viewed from managerial aspects. BS7799 is the standard that guides the design of security management systems. The Ministry of Finance of the Taiwanese government has adopted a policy that fosters the development of Internet banking. However, understanding security technologies demands in depth expert knowledge, and goes beyond the capacity of general citizens. The author suggests that the first priority is given to marketing efforts to motivate customers’ participation. Second, the banking industry needs to integrate existing services channels to win consumers’ loyalty. Third, trusted systems for members’ certification must be installed; trusted certification systems would help to remove fear and doubt from customer’s minds. Finally, risk insurance against hackers’ attacks or against other loss from security flaws must be sincerely considered as new business opportunities of the insurance industry and be encouraged by government.