The Business Technology Management of HSBC Bank - Research Paper Example

Contents Contents 1 1 List of tables and diagrams 1 2 Summary 3 ,4 3 Introduction 5 3.1 I.T Security at HSBC………………………………………………………..5,6 4 Methodology and tools 6,7,8 5 Problem Identification…………………………………………………………….8 - 10 5.1 Prevailing Scenario 8,9 5.2 Required Interventions…………………………………………………………9, 10 6 Discussion 10-13 7 Conclusions and recommendations 13 8 References 14-15 List of tables and diagrams Figure 1: Nolan's stages of SISP growth model 7 Figure 2 : Five forces model to assess the impact of information system 8 Summary HSBC bank is one of the largest globally operated banking organisations, having its presence in more than 10,000 offices spread across 83 countries (HSBC, 2009). HSBC establishment dated back to the year 1865, when it was known as ‘Hong Kong Shanghai Bank’. Its objective then was to consolidate the financial and trade relationships between China, USA and Europe. Accruing experience and expertise over the years, in the field of banking and financial services, HSBC has become one of the most preferred banking companies throughout the world. Thus, in order to deliver the requirements of global interconnectivity demand, the technological choice at HSBC is hence very critical. Inevitably, the organisation evolved to be able to develop strategic plans for the effective management of technological systems that supports its business operations – most primarily, focusing on internet transactions and eCommerce applications. The internet trade service of HSBC bank provides the customer with a wide range of financial products at a single point of entry. In the case of large organisations, banking with HSBC would be a unique experience considering their access to large volumes of data and better financial control, through setting reasonable transfer limits across different people and easy access to tools and services. In addition, HSBC has developed tremendous support for the export/import business units as well, be it a new player in the business or person with considerable years of experience. In order to better banking experience for its customers, HSBC has been trying hard to promote the internet banking among its customers. This would require more efficient operational systems which include robust security systems to protect the transfer of private information. Thus the possible improvements in this connection can be proposed only after a closer introspection of prevailing technological competence of HSBC. The HSBC has the privilege of having the best I.T. security systems to protect the transactions through the internet. But as the technology is changing rapidly to prevent any large scale frauds or possibility of any losses it need to evolve appropriate SISP considering the business growth potential. The potential use of techniques like biometrics could also be attempted to strengthen its security systems. The report presents the various opportunities that HSBC could explore to strengthen its security systems for the benefit of customers. Introduction The impact of the information and communication technologies have revolutionized majority of banking and related operations all over the world. Being very dynamic sector the banking operations need to incorporate the cutting edge technologies that would give them a competitive edge in the business. Thus, the success of any globally operated commercial bank rests on how they are able to effectively integrate the technological developments for the benefit of the customers. Therefore, evolving appropriate strategies on planning and implementation of information management systems have become the corner stone of all the business success models. The success of the business involves the effective management of data and thus the role of ICT systems are very vital in this connection. For proper functioning of these unit’s an efficient I.T. security infrastructure need to be in place. This would demand investment for sophisticated software and hardware along with recruiting, training and retaining competent workforce to manage these systems. As a case for the analysis HSBC bank which have globally spread operations and having wide customer base is chosen for the study. The analysis would be focussed on the I T security systems followed in the HSBC bank and evaluating the reliability in their operations are incorporated. Based on the information collected and comparing this information it would be possible to evolve a strategic information system design procedures that would help the HSBC bank gain upper hand in internet banking and other eCommerce activities. I.T Security at HSBC HSBC bank repeatedly emphasises through their corporate communication systems about the priority they place to ensure the safe and secure banking and internet transactions for the customers. Inspite of the highest level of online security systems are put in operation, HSBC consistently reminds their customers about their responsibility of keeping their personal information protected. The security infrastructure at HSBC consists of following aspects (HSBC ,2009) The 128 Bit secure socket layer Encrypton being used at HSBC is one the most secure form of the data security available for internet operations today. The Encryption could successfully keep the information between the client browser and the bank’s server private by converting the client data into encoded form before being transferred across the internet. Installation of effective firewall systems for the personal computers and banking units is another security measure taken against the hackers and viruses. Another major security support being provided is by using the mechanism of digital certificates. The digital certificates are helpful while using the personal internet banking facility by preventing access to fraudulent web sites that operates in the name of HSBC. In additional to the username and password and security devices installed by HSBC generates single user security codes to add more protection for various internet and eCommerce operations. Another hardware support provided for the online banking operation is Server gated cryptography (SSG) which would avoid the downloading an updated browser (HSBC, 2009). In addition clear instructions for customers are updated on the bank website and also as email alerts. Also, necessary guidance for installing ant-virus, anti-spam and firewall software are provided to the customers. Methodology and tools The methodology involved in the selection of SISP approaches for any business proposal can be a very complex and cumbersome exercise. The major factors that need to be incorporated in these processes are; assessment of any suitable advantages; realistic evaluation of the assumed operational conditions; easy and economic availability of necessary competence; resources and attitudes; an evaluation of risks and uncertainties; flexibility in operations and provision of proper time allocation (Allan, 2007). In the assessment of suitable advantages, the strategic evaluation process must be able to bring out a comprehensive SWOT analysis of the I.T security systems planned for the particular business case (Allan, 2007). The major factors that need to be considered in the selection of methodology are as follows: ICT strategy: As the I.T systems forms the core of all online banking operations , appropriate strategy need to be planned in the selection and use of both hardware and software units. Also, being involved with the financial transaction undertaken remotely the reliability of the operational efficiency and security also need to be assessed. Though most of the organisations have been exposed to I.T. related operations in the past , a committed effort to ensure its proper return on the investments were absent (Francik et al, 1991). Thus based on the Nolan.s stages of SISP growth model (Figure 1) a balanced approach incorporating both technology management and information management alone could be of significant advantage to the organisation. Figure 1: Nolan's stages of SISP growth model (Galliers and Sutherland, 1991). Effective Systems: The systems that are required for the ensuring I.T security in banking operations are numerous. It starts from simple software installed on personal computer against virus, spams or as fire wall protection to large online security surveillance by the organisation, digital authentication systems and high end Encryption systems that are capable of encoding while transferring information across the internet. Roles and skills: Absence of proper personal could become one of the prime reasons for the failure of the initiative. A competent project manager shall be given the responsibility to coordinate, motivate mange and direct the project for its successful completion. And also to plan method of practices that would create high level of confidence among the customers. Mindset: Creation of the positive and supportive mindset from the entire team could certainly make a significant difference towards the objective of creating security awareness among the users and the organisation. Being IT based operation the models that are proposed to assess the impact of information systems in organisations is given in figure 2. Implementing a effective IT policy for an organisation is the primary step in this direction. Figure 2: Five forces model to assess the impact of information system (Source: Business Information Management) Problem identification Prevailing Scenario The perception of security systems to prevent the banking problems is still in its nascent stage among both the organisations and the customers. Most of the organisations involved in the business of banking have adopted their own ways to address the issue of security in their online or internet based transactions. The high investments requirement and rapid changes or innovations in the products that are capable of arresting the frauds often results in the delayed decision making from the part of the company owners. In some instances, the company owners always prefer to settle the compensation to the customers based on the degree of damage rather than investing on technology to contain any such incidents. Security policy of any organisation, particularly in the banking sector, need to be continuously evolving as newer type of threats and frauds emerges quite often . Banks must be able to continuously assess the situation and quantify the cost required for such technological improvements and upgradations. Even the presently offered solutions vary widely across different scenarios and one-stop solutions for entire type of issues don’t exist. Another major aspect that demands serious attention is in the field of consumer education. This would call for increased attention from the part of banks for proper communication with the customer where personal education could be easily undertaken with the help of ICT systems. The most important aspect to be observed is , most of the fresh online banking customers tend to lose the confidence in the technologically driven banking operations when encountered with even trivial issues, not necessary security related, and would revert back to the conventional banking system immediately. Thus as most of the banks start offering various IT enabled services like e-banking, e-commerce online banking, ATM facilities etc proper customer support facility on the security systems becomes an immediate necessity (Indiatimes info tech, n.d.). Required Interventions The need for I T security in banking sector have resulted in the wide variety of technological support to the banking organisations. It varies from product support operation to owning the responsibility for the establishing secure online or internet operations by the customers. The support extended by InApp for various banking companies in the Middle East and South Asian countries highlights this issue (InApp, n.d.). A signature authentication module developed by them had been of significant support for incorporating the security component in their online banking operations. Various components for this purpose involved efficient software modules integrated with the high performance servers for the client information transfer and authenticating the validity of the user. Another major contribution on the development of security systems was the implementation of product called “Money Trans” which assured high security for the financial data transfer and also various core banking support activities (InApps, n.d.). In spite of various advantages proposed by internet based operations , the internet based banking and eCommerce organisations face numerous hurdles in the form of security risk, operational risk, reputation risk and legal risk etc. The available information from the experience of such initiatives in a fast growing developing economy show the lack of proper advanced technological support, absence of regulatory framework and customer mindset being the major reasons that hinder internet based customer operations. Most of the banks too have a wrong perception of internet based eCommerce operations . Majority of them used their online space to display their products or as a notice board for the release of company information rather than giving adequate thrust to shift the commercial operations online (ICMR, 2002). Discussion The banking sector involves operations with large volume of information mostly related to customer transactions either individual or organizational located at different parts of the world. (Pun and Lee, 2000). Thus strategic information systems design is a very vital component for ensuring an affective I.T. security management systems for banking units. Various effective systems are in operation that have emphasized SISP in their operations based on enterprise data warehouse created using large enterprise wide servers. These systems promise to manage the banking company’s information assets. Also, these systems are capable of undertaking “structured data analysis and reporting, forecasting and control, risk management and informed decision making” (Silicon.com, n.d.). Also, the research undertaken has reported the requirement of sound methodology for evaluation of the nature of requirement for the security systems (Vanove et al, 2008). Fraud detection facilities have become more efficient and effective as a result of implementation of advanced software. One of the features that is said to be in practice is the continuous monitoring on the check-writing profiles of the customers over a certain period and identifies the potentially fraudulent activity and prevents any loss (SQN banking, n.d.). The banks like HSBC need to incorporate innovative ways to thwart the security threats. One new emerging ways of implementing security against the frauds are using the technique of biometrics. The various parameters of biometrics usually proposed are finger prints, vein pattern, voice and hand geometry (Steve 2005). The biometrics have large scale potential in the applications related to transaction and network security. The transaction security refers to the various security means provided or client transactions and the network security is the protection provided for the network infrastructure of the banking unit. Banco Azteca , a commercial bank in Mexico had tried this technique of security system using the fingerprints as most of its customers are from low income and poor educational background (Steve, 2005). Though the project was successfully implemented, the technical issues prevalent in the units prevented a wide scale enrolment with the bank. Also, Bank of Central Asia in Indonesia had also installed similar type of systems to protect against high scale electronic fraud transactions. Also, speech enabled recognition systems are successfully implemented in the South America’s largest private bank Branco Bradesco (Steve, 2005). Thus HSBC bank in spite of making huge investments for IT security measures lot more scope exist in improving the system using various emerging techniques. Thus as the business of the bank expands the biometric techniques could also be used as an added measure of security. Thus the SISP frame work for HSBC shall incorporate following major components. Technological Aspects Incorporation of high end network security systems with advanced Encrypron software. Use of software for firewall and also for anti-virus, anti-spam. Adopting emerging techniques like biometrics to give added security especially in the less educated and developing countries. Managerial Aspects Continuous customer awareness on the security aspect of the private information. Email alerts on any indication of any fraudulent practice . Effective customer support to alleviate fears of frauds and security issues of internet based personal banking Conclusions and recommendations The report presented here for the business technology management of HSBC bank highlights the importance of evolving SISP in order to create better reliability of ICT technologies to gain global competitiveness in the banking business. The process involved analyzing the various I.T security initiatives taken by HSBC bank and the assessing their competence in terms of the global benchmarks of operation in this category. The technologies like 128 Bit SSL Encryption systems are the most advanced encoding systems that would ensure better protection of private data during personal banking operations. Further additional network security systems could also be installed which could eliminate the risk involved in the online business operations. Incorporating the emerging techniques like biometric , which uses parameters like finger printing, voice and hand geometry could give added security against personal frauds involved in remote or online transactions. Finally, the customers too need to be made sensitive on the precautions that need to be taken by protecting their personal information and also updating them with the timely information. This would give them added confidence on the online operations and help the HSBC units to expand the business of banking to newer frontiers. References Allan, U., (2007). ‘Business Strategy Evaluation’ Available from: http://www.web-articles.info/e/a/title/Business-strategy-evaluation/ [Accessed on 8th April 2009]. Chaffey, D. & Wood, S. (2005). Business Information Management. Prentice Hall, Pearsons Education Ltd Davern, M J and Kauffman R J (2000), Discovering potential and realizing values from information technology investments, Journal of Management Information Systems, 16(4): 121-143. Dos Santos, B L, Peffers K and Mauer D C (1993), “Impact of information technology investment announcement on the market value of the firm“, Information Systems Research, 4(1): 1-23. Francik, E., Rudman, S E, Cooper D and Levine S (1991), “Putting Innovation to work: adoption strategies for multimedia communication systems“, Communications of the ACM, 34 (12): 52-63. Galliers, R.D., Leidner, D.E. (2003). Strategic Information Management: Challenges and Strategies in Managing Information Systems, 3rd ed. Butterworth-Heinemann: Boston, MA (658.4038 GAL). HSBC (2009), ‘Who is HSBC?’ Available from: http://www.hsbc.com/1/2/about-hsbc [Accessed on 22 April 2009] InApp (n.d.) Banking and data security, [Online] Available at [22 April 2009] ICMR (2002), Case studies on management resources [Online] Available at [22 April 2009] India times InfoTech (n.d.) Business security : Challenges ahead [Online] Available at [ 22 April 2009] Rivard S., Raymond L, Verreault D (2006), “Resource based view and competitive strategy - An integrated model of the contribution of information technology to firms performance“, The Journal of strategic Information systems, 15(1) : 29-50. Silicon.com (n.d.) , Finmatica Strategic Information System for Financial Institutions [Online] available at < http://whitepapers.silicon.com/0,39024759,60261742p,00.htm> [ 21 April 2009] SQN banking (n.d.), Sentry : Detect, [Online] Available at [22 April 2009] Steve, K (2005), Biometrics in banking Industry [Online] available at [22 April 2009] Read More