LOCAL financial and banking companies offering Internet banking services need to look into continuous technology enhancement, consumer education and effective legal measures to prevent more fraud cases stemming from Internet-related scams.

These measures are especially important in ensuring that trust is inculcated among consumers which would consequently pave the way for greater uptake of such services, according to cyber security experts.

National ICT Security and Emergency Response Centre (Niser) director Lt Col Husin Jazri said banks have responsibilities to ensure that their computer systems are secure and properly managed and, at the same time, consumers must be made aware of the risks associated with Internet banking and how to mitigate them.

"I believe it is now time for Malaysian banks to optimise the digital certificate feature in the national identity card (MyKad) as additional security requirements on top of password protection," he told Computimes last Friday. "This means the consumer is required not only to log in but also to authenticate themselves using MyKad over the Internet."

Banks too have to start investing some money in educating its customers, preferably face-to-face, on best practices in dealing with Internet banking, Husin said.

"This is for the good of both parties. Perhaps, the respective banks should take the initiative to ensure their customers go through a short formal course before granting them access to their Internet banking facilities."

Wordware Distributors (M) Sdn Bhd's managing director Wilson Wong advised banks to have more stringent controls when it comes to Internet banking services.

"Since online operations are vulnerable to theft and interception of information/data by unscrupulous people, banks must ensure the software/hardware/peripherals used are as fool-proof as possible," Wong said, adding that with fraud cases on the rise, banks should take the responsibility to conduct regular penetration tests, seal loopholes, and provide as little information about the security/technical aspect of their online banking system, which could be used against them by innovative hackers and fraudsters.

He said banks should also make an effort to inform and educate customers on the downside of online banking and offer tips on what to look out for and how to address irregularities.

If the security systems in place are already top-notch, Wong said the banking industry would then need to be vigilant and on-call 24 hours.

"Clearly defined laws must be put in place to ensure cyber criminals can be arrested, tried and prosecuted. Computer forensic experts need to be hired to ensure prosecution. And, sentences must be painful enough to serve as deterrents - not just prison sentence but hefty fines as well," he stressed, adding that the banking industry must work with the relevant law enforcement agencies to ensure this is done quickly.

Alan See, chief executive officer of e-Cop.net Surveillance Sdn Bhd, agreed on the importance of law enforcement in preventing Internet banking fraud.

"The financial and banking industry should pursue after the fraudsters, both as a form of deterrent and also for legal persecution to address such scams, which had been ongoing for many months globally."

In addition, See said that the financial and banking industry would generally want to pursue and enhance their online financial transaction facility, especially in terms of security.

"However, with today's technology, and depending on the level of general security awareness of consumers, tightening Net security would usually be at the expense of consumer's convenience, for example, the user-friendliness of the additional online login requirements, and cost of added security features," he said. "All these have to be weighed in the consideration of tightening security."