About Raj





Online Stock Trading

By Vipul Shah

Part II Online Stocks Frauds Part III One Trick


Online stock trading is very old concept for big institutions who trade
thru private networks owned by Reuter's "Instinet" and a system called
"Posit" since 1969.

But It become internet based for lay men only in late 90s.

Funny, that actually idea was first time used by a company making Beer
called "WIT beer" to help its shareholders trade its shares. Thats how "WIT
Capital" was born which is considered pioneer of this concept. It was made
mainstream and household name by a offshot of Charles Schwab & Co called
eSchwab which is used by millions of people in USA. Lot of NRI's i know play
in US stock market even when they come to India for holidays via website
of eSchwabe.

There are other serious players like E*trade, DATEK online etc. All this
companies ask you to start account with US $5000 and you can buy and sell
stock using this funds. They also issue you a check book which you can use
to make payments from this account. Or use their ATM card to withdraw cash
from your stock trading account.

Today practically every big name brokerage firm offers online strock trading
as it reduces their costs. Earlier they had army of brokers on phone with
clients executing trade, now that is done by computers accepting orders from
clients directly. This firm now offer human access to high networth accounts
, and to rest at charge per trade. (e.g if web based trade will cost you $10
per 1000 shares, human assisted trade will set you back by $40 or more).

In last 2 year in India we have seen lot of developments in this, good and
bad, successful and not so successful. ICICI webtrade, Sharekhan are
considered biggest brands in this arena. ICICI webtrade is particularly very
attractive to users as it combines 3 segments of transactions , i.e., bank
account , demat account and stock trading account. ICICI being the owner of all the three services they are all very well integrated.. Other player's have tieups with Banks and Depository's but its not same as seeing all three in one webpage.

Frauds in this area were non existant in 2000 as it was still new for most of
indians. But in year 2001 and now 2002 we have been seeing perils of web
based stock trading and banking.

One thing which potential client should pay attention to is, agreement with
broker, how it defines risks of hacking and who bears it. In USA for web
banking and online stock trading risks are usually borne by company/bank and
not client. Companies have insurance coverage and that helps consumers move
on to online trade (companies save lot of money by not having human talking
to you, compared to this, fraud insurance cost is almost negligible).

But in India, because of tendency of consumers of not looking at agreements
carefully and companies also believe in passing all costs/risks to
consumbers and retain profits for themselves. Hence most online bank
accounts and stock trading accounts agreements clearly mention that
bank/broker is not liable for any loss leading from hacking of the account.
In this situation smart person would avoid using this services. Brokers and
Banks benefit tremendously when you use them via web and not call them on
phone, but most people are not aware of this, they try to create impression
as if they re doing "favour" to us when offering us web based bank/brokerage
account access.

In 1997 when ICICI BANK launched web banking they were charging Rs.1000 for
access thru web from their account holders and new accounts, and "waiving"
this charge for select few customers. Common sense would tell you that every
time 30 people access web for ICICI banks, ICICI BANK has to employ one less
person in its call centre. Now this kind of charges don't exist but still
they make it sound as if its "free" as favour.

Hacking on stock trading account happens in two ways.

1) When server of stock broker is hacked into by outsider or employee and
they insert trades of shares/security on account of clients, there by
exposing client to loss of his balanace in his/her account. To prevent this, broker has to implement state of art security policy and security measures
like best available firewall, keeping main database computer behind firewall
not accesible from outside internet and having only one or two key senior
employees access to this database. And their verification should not be just
by password but use of biometric authentication is must.

Also having outside experts doing ragular audit of system and network is
good idea to find out weaknesses before hacker finds them. Lot of young CAs in India now
specialize in IT audit and have CISA certification apart from being CA.

2) Keylogger. If hacker installs a software called "keylogger" on client pc,
it copies to a file , every keystroke typed on that pc. And at regular
interval without clients knowledge that file is sent via email on internet
to hacker. Hacker learns all username/account id and passwords of client
when client uses this pc for accessing his bank, demat and stock trading

Once this is done, hacker can go to any cybercafe and use this accounts to
empty balances (cybercafe so that authorities can't track him down via IP
address which will reveal his identity if he does from his home or office

There are ways to prevent this from happening. One should not use computers
to access accounts which are not trusted (like don't use cybercafe, or other
people's computers for accessing net based bank/brokerages). When you buy a
pc, buy it without Operating System and install OS (windows 2000 or XP) on
your own. If computer comes pre loaded with OS it may have Keylogger
installed by engineers of supplier.

Use OS like WinXP or Windows 2000 which will not allow anyone to access pc
without proper authorization. Don't use Windows98 or 95 which doesn't have
any security measures built into it.

Use firewall like "Zone Alarm Pro" to detect any suspiceous software sending
out data to outside world (like keylogger sending out email to hacker).

Keep antivirus software (like Norton Antivirus 2002) updated everyday to
detect new trojon viruses which do job of keylogger. Viruses now routinly
come as attachment to email and don't need use to click on attachment
anymore. They just execute themselves from outlook express email software.

All above are best one can do today, but in few months in year 2002 you will
see banks and brokers using Biometric security features which cannot be
hacked by hackers. It will use your thumb print or retina scan of your eyes as
method of establishing your identity and not require you to use any
passwords on keyboard. One may have to look in lense of scanner provided or
put thumb on small device which will transmit thumb impression to brokers
systems over net and verify if its really you using that account.

VIPUL SHAH is Mumbai based Chartered Accountant specialising in online
security and online transactions

You might want to read more:

Part II Online Stocks Frauds Part III One Trick


Copyright 1997-2001 Dr. Raj Mehta. All rights reserved.