Online banking

Online banking (or Internet banking) allows customers to conduct financial transactions on a secure website operated by their retail or virtual bacnk, credit union or building society

Features
Online banking solutions have many features and capabilities in common, but traditionally also have some that are application specific.
The common features fall broadly into several categories
Transactional (e.g., performing a financial transaction such as an account to account transfer, paying a bill, wire transfer... and applications... apply for a loan, new account, etc.)
Electronic bill presntment and payment - EBPP
Funds transfer between a customer's own checking and saving accounts, or to another customer's account
Investment purchase or sale
Loan applications and transactions, such as repayments
Non-transactional (e.g., online statements, check links, cobrowsing, chat)
Bank Statement
Financial Institution Administration -
Support of multiple users having varying levels of authority
Transaction approval process
Wire transfer
Features commonly unique to Internet banking include
Personal financial management support, such as importing data into personal accounting software. Some online banking platforms support account aggregation to allow the customers to monitor all of their accounts in one place whether they are with their main bank or with other institutions

Security

Protection through single password authentication, as is the case in most secure Internet shopping sites, is not considered secure enough for personal online banking applications in some countries. Basically there exist two different security methods for online banking.
The PIN/TAN system where the PIN represents a password, used for the login and TANs representing one-time passwords to authenticate transactions. TANs can be distributed in different ways, the most popular one is to send a list of TANs to the online banking user by postal letter. The most secure way of using TANs is to generate them by need using a security token. These token generated TANs depend on the time and a unique secret, stored in the security token (this is called two-factor authentication or 2FA). Usually online banking with PIN/TAN is done via a web browser using SSL secured connections, so that there is no additional encryption needed.
Signature based online banking where all transactions are signed and encrypted digitally. The Keys for the signature generation and encryption can be stored on smartcards or any memory medium, depending on the concrete implementation.
Attacks
Most of the attacks on online banking used today are based on deceiving the user to steal login data and valid TANs. Two well known examples for those attacks are phishing and pharming. Cross site scripting and keylogger/Trojan horses can also be used to steal login information.
A method to attack signature based online banking methods is to manipulate the used software in a way, that correct transactions are shown on the screen and faked transactions are signed in the background.
A recent FDIC Technology Incident Report, compiled from suspicious activity reports banks file quarterly, lists 536 cases of computer intrusion, with an average loss per incident of $30,000. That adds up to a nearly $16-million loss in the second quarter of 2007. Computer intrusions increased by 150 percent between the first quarter of 2007 and the second. In 80 percent of the cases, the source of the intrusion is unknown but it occurred during online banking, the report states.
The most recent kind of attack is the so-called Man in browser attack, where a Trojan horses permits a remote attacker to modify the destination account number and also the amount