stock trading is very old concept for big institutions who trade
thru private networks owned by Reuter's "Instinet" and a system
"Posit" since 1969.
But It become internet
based for lay men only in late 90s.
that actually idea was first time used by a company making Beer
called "WIT beer" to help its shareholders trade its shares.
Thats how "WIT
Capital" was born which is considered pioneer of this concept. It
mainstream and household name by a offshot of Charles Schwab & Co
eSchwab which is used by millions of people in USA. Lot of NRI's i know
in US stock market even when they come to India for holidays via website
There are other serious
players like E*trade, DATEK online etc. All this
companies ask you to start account with US $5000 and you can buy and sell
stock using this funds. They also issue you a check book which you can
to make payments from this account. Or use their ATM card to withdraw
from your stock trading account.
every big name brokerage firm offers online strock trading
as it reduces their costs. Earlier they had army of brokers on phone with
clients executing trade, now that is done by computers accepting orders
clients directly. This firm now offer human access to high networth accounts
, and to rest at charge per trade. (e.g if web based trade will cost you
per 1000 shares, human assisted trade will set you back by $40 or more).
In last 2 year in
India we have seen lot of developments in this, good and
bad, successful and not so successful. ICICI webtrade, Sharekhan are
considered biggest brands in this arena. ICICI webtrade is particularly
attractive to users as it combines 3 segments of transactions , i.e.,
account , demat account and stock trading account. ICICI being the owner
of all the three services they are all very well integrated.. Other player's
have tieups with Banks and Depository's but its not same as seeing all
three in one webpage.
Frauds in this area were non existant in 2000 as it was still new for
indians. But in year 2001 and now 2002 we have been seeing perils of web
based stock trading and banking.
One thing which potential
client should pay attention to is, agreement with
broker, how it defines risks of hacking and who bears it. In USA for web
banking and online stock trading risks are usually borne by company/bank
not client. Companies have insurance coverage and that helps consumers
on to online trade (companies save lot of money by not having human talking
to you, compared to this, fraud insurance cost is almost negligible).
But in India, because of tendency of consumers of not looking at agreements
carefully and companies also believe in passing all costs/risks to
consumbers and retain profits for themselves. Hence most online bank
accounts and stock trading accounts agreements clearly mention that
bank/broker is not liable for any loss leading from hacking of the account.
In this situation smart person would avoid using this services. Brokers
Banks benefit tremendously when you use them via web and not call them
phone, but most people are not aware of this, they try to create impression
as if they re doing "favour" to us when offering us web based
In 1997 when ICICI
BANK launched web banking they were charging Rs.1000 for
access thru web from their account holders and new accounts, and "waiving"
this charge for select few customers. Common sense would tell you that
time 30 people access web for ICICI banks, ICICI BANK has to employ one
person in its call centre. Now this kind of charges don't exist but still
they make it sound as if its "free" as favour.
Hacking on stock trading
account happens in two ways.
1) When server of
stock broker is hacked into by outsider or employee and
they insert trades of shares/security on account of clients, there by
exposing client to loss of his balanace in his/her account. To prevent
this, broker has to implement state of art security policy and security
like best available firewall, keeping main database computer behind firewall
not accesible from outside internet and having only one or two key senior
employees access to this database. And their verification should not be
by password but use of biometric authentication is must.
Also having outside
experts doing ragular audit of system and network is
good idea to find out weaknesses before hacker finds them. Lot of young
CAs in India now
specialize in IT audit and have CISA certification apart from being CA.
2) Keylogger. If hacker installs a software called "keylogger"
on client pc,
it copies to a file , every keystroke typed on that pc. And at regular
interval without clients knowledge that file is sent via email on internet
to hacker. Hacker learns all username/account id and passwords of client
when client uses this pc for accessing his bank, demat and stock trading
Once this is done,
hacker can go to any cybercafe and use this accounts to
empty balances (cybercafe so that authorities can't track him down via
address which will reveal his identity if he does from his home or office
There are ways to
prevent this from happening. One should not use computers
to access accounts which are not trusted (like don't use cybercafe, or
people's computers for accessing net based bank/brokerages). When you
pc, buy it without Operating System and install OS (windows 2000 or XP)
your own. If computer comes pre loaded with OS it may have Keylogger
installed by engineers of supplier.
Use OS like WinXP
or Windows 2000 which will not allow anyone to access pc
without proper authorization. Don't use Windows98 or 95 which doesn't
any security measures built into it.
Use firewall like
"Zone Alarm Pro" to detect any suspiceous software sending
out data to outside world (like keylogger sending out email to hacker).
Keep antivirus software
(like Norton Antivirus 2002) updated everyday to
detect new trojon viruses which do job of keylogger. Viruses now routinly
come as attachment to email and don't need use to click on attachment
anymore. They just execute themselves from outlook express email software.
All above are best
one can do today, but in few months in year 2002 you will
see banks and brokers using Biometric security features which cannot be
hacked by hackers. It will use your thumb print or retina scan of your
method of establishing your identity and not require you to use any
passwords on keyboard. One may have to look in lense of scanner provided
put thumb on small device which will transmit thumb impression to brokers
systems over net and verify if its really you using that account.
SHAH is Mumbai based Chartered Accountant specialising in online
security and online transactions
You might want to
Copyright © 1997-2001 Dr. Raj
Mehta. All rights reserved.