Online Banking
What Is Online Banking?
Online banking is a digital service model through which financial institutions deliver account management, payment processing, loan origination, and related financial services to customers via internet-connected applications, bypassing the need for in-person branch transactions. Accessed through web browsers and dedicated mobile applications, online banking systems allow customers to view balances, initiate wire transfers, pay bills, deposit checks using device cameras, and interact with customer service, all within a secure authenticated session. The service model has become the dominant channel for retail banking interactions, with branch visit frequency declining substantially as internet adoption expanded through the late 1990s and 2000s.
Online banking builds on electronic banking infrastructure developed for automated teller machines and interbank clearing networks, extending the reach of these systems to any device with an internet connection. Its integration with broader electronic commerce ecosystems connects deposit accounts, credit instruments, and payment rails to merchant platforms and marketplace systems.
Core Services and Architecture
Online banking platforms deliver a tiered service stack. At the transaction layer, account holders initiate credit transfers, automated clearing house (ACH) payments, and real-time payment network transactions through authenticated sessions. The messaging layer translates these user actions into standardized financial messaging formats, such as ISO 20022, which the banking system uses to route instructions between financial institutions. The data layer maintains account records, transaction histories, and customer identity information in core banking systems, many of which originate from mainframe architectures dating to the 1970s and have been progressively wrapped in modern application programming interfaces (APIs). Open banking initiatives, mandated by regulatory frameworks such as the EU's Payment Services Directive 2 (PSD2), have further extended this architecture by requiring banks to expose customer-consented account data and payment initiation APIs to licensed third-party providers. The FDIC's overview of online banking service delivery and consumer security describes the foundational structure of online account access and the protections institutions are expected to maintain.
Security and Authentication
Authentication is the technical and regulatory linchpin of online banking security. Single-factor password authentication has been progressively replaced by multi-factor authentication (MFA), which combines a knowledge factor (password or PIN) with a possession factor (a one-time passcode delivered to a registered mobile device) or an inherence factor (biometric verification such as fingerprint or facial recognition). The Federal Financial Institutions Examination Council (FFIEC) issued guidance in 2021 directing financial institutions to assess their authentication controls against an updated threat landscape. Layered security architectures supplement authentication with behavioral analytics, device fingerprinting, transaction anomaly detection, and real-time fraud scoring. Encryption in transit uses TLS 1.2 or 1.3, while data at rest is protected through AES-256 or equivalent symmetric encryption standards. The FFIEC's 2021 guidance on authentication and access to financial institution services provides the regulatory framework for authentication risk management in US institutions.
Regulatory and Compliance Frameworks
Online banking operates within overlapping regulatory obligations covering consumer protection, data privacy, anti-money laundering, and know-your-customer (KYC) requirements. In the United States, the Gramm-Leach-Bliley Act (GLBA) governs the disclosure and protection of customer financial data, while the Bank Secrecy Act (BSA) requires suspicious activity reporting for transactions that may indicate money laundering or fraud. Digital identity verification at account opening must comply with FFIEC guidance and FinCEN customer due diligence rules. Bitcoin and other digital assets have intersected with online banking regulation as institutions assess whether to offer custody, exchange, or payment services involving cryptocurrencies, prompting the OCC and FDIC to issue interpretive guidance on permissible bank activities. The OCC's information security bulletin on authentication for financial services illustrates the regulatory architecture that online banking security programs must satisfy.
Applications
Online banking has applications in a range of fields, including:
- Retail consumer banking, providing 24-hour account access, mobile check deposit, and peer-to-peer payment services
- Small business banking, supporting payroll, supplier payments, and cash flow management through online portals
- Electronic commerce, integrating bank payment initiation directly into merchant checkout flows
- Digital asset custody and exchange services, as regulated institutions develop cryptocurrency-adjacent banking products
- Cross-border remittance, using online banking rails to reduce the cost and time of international transfers