medium, provided that original work is properly cited. Trust and Security in E-banking Adoption in Romania Authors

Romania, like other nations, is moving forward in developing its electronic services to meet the challenges of this century. One of the electronic services which is gaining more popularity and attention is e-banking. The consideration given to the e-banking by the current traditional banking customers may be due to the changes in the banking consumers’ lifestyle, and this lifestyle has become compatible to the new way of conducting banking services online. However, literature related to e-banking shows that trust and security are among the central factors that influence banking customers’ acceptance of the service. The purpose of this paper is to review measures taken by the government of Romania and major banks in the country in tackling the issue of trust and security on e-banking. In particular, the study focuses on reviewing legal provisions instituting by related ministry on e-banking practices and strategies taken by banks to address the security concerns of the service. Based on the review, it was found that Romania has legal frameworks in place and banks have also adopted measures to address the issue. However, whether or not these measures are effective in mitigating banking consumers’ security concerns is yet uncharted and need to be investigated.


Introduction
The growth and magnitude of digital economy is forcing banks, regardless of their size, to spend a significant proportion of their budget on information technology.The reasons for investing in the technology are numerous; but two distinct reasons are obvious: to streamline work processes and to provide the best service to their customers.Today, the prevalence and availability of broadband Internet technology has made conducting online banking transactions a reality.With the increasing use and acceptance of electronic banking, banks have increased their range of services available and diversified some of the facilities they offer.Increasingly, banks are starting to offer most of the financial services online, traditionally given over the counter, pushing technology to the customers.E-banking is changing the way banking customers conduct their banking transactions.They no longer have to visit their bank to perform banking activities.Bank customers can conduct their banking activities almost everywhere as long as they have devices with Internet connection.This new innovation raises the needs to assess factors that influence its acceptance (Rogers, 1995;Liao and Cheung, 2002).For banks, knowing the factors that affect the acceptance of e-banking will assist them in developing and introducing suitable strategies to enhance its usage.
There are many factors that have been suggested and found to influence Communications of the IBIMA 2 individuals to accept a technology.These factors can be grouped into three categories depending on which perspective they are looked from (Md Nor, 2008).The first category is factors related to the characteristics of the technology.Examples of these factors are ease of use, usefulness, trialability and playfulness.The second category is factors that are related to the individual attributes of adopters.The attitude, self-efficacy, perceived behavioral control, personal innovativeness and trust are examples that fall in this category.Finally, factors that influence the acceptance of the technology are those linked to external or social environment.Examples of these factors are subjective norm, external control beliefs and facilitating conditions.
Researchers have developed and proposed theories and model that can be used to predict individuals' intention to use a technology.Three popular theories are innovation diffusion theory (Rogers, 1985), theory of planned behavior (Ajzen, 1991) and technology acceptance model (Davis, 1989).These theories have been used in the eBanking acceptance studies and they have provided useful insights on factors that influence individuals' attitude of e-banking, their intention and finally their decision to use the service.
Reviewing the literatures and empirical studies related to e-banking show that trust and security are among the central factors that influence banking customers' acceptance of the service.The purpose of this paper is to review measures taken by the government of Romania and major banks in Romania in tackling the issue of trust and security on e-banking.In particular, the study is focused on reviewing legal provisions instituting by related ministry on e-banking practices and strategies taken by banks to address the security concern of the service.

Methodology
In conducting the study, it was ccommenced with reviewing the literatures and theories related to e-banking acceptance.Based on the review, two prominent factors that are consistently considered playing a fundamental role in influencing individuals' decision to use e-banking are related to security and trust.Next, it was identified by Romanian commercial banks that offer e-banking services as presented on the website of the National Bank of Romania (NBR).E-banking services offered by the identified banks as they are authorized by OMCT 389/2007 were reviewed.Also, : e-services offered, charges, accessibilty and security features were analyzed.
Finally, the legal framework which governs the security aspects of online banking transactions in Romania was also analyzed.

Trust, Privacy and Security in an Online Context
Studies investigating determinants of e-banking adoption are abundant.While many factors have been identified to influence e-banking adoption, security and trust are found to be the common factors which are present in most of these studies (Kim and Prabhakar, 2000;Grabner-Krauter and Faullant, 2008).This is not surprising given the fact that e-banking is delivered online, which basically is exposed to all the risk associated with online activities (Md, Nor and Pearson, 2007).Trust has been suggested to be one of the major obstacles that hinder individuals from adopting online related technology (Gefen et al., 2003;Md Nor and Pearson, 2007).As technology uses Internet as its delivery platform, it is expected that potential users may perceive it to be vulnerable to online negative activities.The activities of hackers and the widespread phishing websites, for instance, have projected the perceived unsafe nature of the Internet and these have been frequently highlighted in the mass media and also on the banks websites.These indirectly have affected consumers' trust level of the online technology and services, including e-banking.
From literature search, many studies are found that empirically support the importance of trust and security as direct or indirect influencing factors in an individual's intention to engage in online transactions.Trust refers to a degree of an individual willingness to be vulnerable to the actions of others (Mayer, Davis, and Schoorman, 1995).A high trust an individual has in another person indicates his or her expectation that the other person will behave in a responsible manner and will not take advantage of a dependence upon him or her (Gefen, Karahanna, and Straub, 2003).Berry (1995) contends that trust is a foundation of a relationship.According to McKnight and Chervany (2001), trust is a very important element in a relationship and it is especially important when individuals engage in a relationship that involves risk and uncertainty.
Trust has been found to influence individuals' acceptance of a technology and loyalty.In their study, Hernández-Ortega (2011) found that trust can improve the technologies' acceptance in the early stages of implementation.Moreover, trust has been considered as an important antecedent for customers' loyalty (Hong and Cho 2011;Kim et al., 2011).
In a study focused on e-banking, Bhattacherjee (2002) found that banking customers' willingness to transact online is influenced by trust, which in turn is affected by familiarity.Trust influences behavioral intention (Lu et al., 2011) and has been found as an important factor for less experienced users (Liao et al., 2011).In a study on mobile instant message services, Deng and Zhang (2010) found that trust positively affect customers' loyalty to the service, which may indicate the intention to reuse the service.Similar findings are also found by Kim et al. (2009).Other researchers have investigated the antecedents of trust.
Several previous studies that investigated trust in online environment and e-banking respectively are shown in Table 1 and 2  below Trust is an important factor for less experienced shoppers.
As mentioned previously, security and trust are present in all of these studies.
Researchers have suggested that typical customers are reluctant to provide confidential information online.Their reluctance is related to their perception of the level of security of the technology and their level of trust of the technology in safeguarding their confidential information.
Security and trust in the Internet are two important issues that need to be resolved by all countries moving towards information society.Literature has shown that information security issues have been addressed by relevant parties using numerous means.Technically, banks have taken initiatives to adopt and deploy more secured online transaction systems and technologies that reduce the chances of online transactions being intercepted by third parties and the main data system being cracked by hackers.However, the efforts seem not successful in mitigating the security concerns.In addition to the initiatives from the banks, security needs to be regulated at the national and international levels by effective legal framework which may be established by relevant authorities and bodies.Like other countries, Romania also has legal framework which is used to address the issue of online security.
An empirical study conducted in 2002 among the European Unions countries and ascension countries shows that, in comparison with the European Union countries and the Central and East European candidate countries, Romania's online customers have the lowest sensitivity to security concerns (SIBIS, 2003).Eight years later, another empirical study conducted in Romania put in evidence that the online banking security concerns is not among the first eight factors that influence enterprises owners in their decision to use the service.The results of the study are synthetized in Table 3.At the national level, there is a dispute about the equilibrium point between accessibility and security.The online service providers, including banks and online shops, are more willing to invest to increase the accessibility of the service as compared to security.A higher accessibility means a higher number of users in using the service; hence higher income for the service providers.Therefore, there is a need to have a proper legal framework that could protect the Romanian online consumer.

Romanian
Legal Framework on E-banking Romania, as a former communist country, has a short history in privacy and personal data protection.Major changes in this domain only occur after the revolution in December 1989.The first reference to the right to privacy appears in the Constitution adopted in 1991.But it must be recognized that in a short period of time, the Romanian Legislative Forum has established a fundamental legal framework for the protection of individuals related to processing personal data.The laws follow very closely the European Union Regulations.
In Romania, the legal framework for e-banking services in addressing the issue of trust and security are well-covered in numerous normative acts.As a phenomenon characteristic for Romania, the laws are periodically updated, completed or replaced with new ones.However, these acts may not be familiar among practitioners in the field and even much less by users of e-banking.Seventyfive regulations must be respected by relevant parties who plan to provide or who are currently offering the service.In this context, it is obvious that some Romanians have a low level of information of the regulations.A study conducted on this shows that they show little interest in knowing the current legislation (Table 4).This aspect shows that they do not realize the risks to which they could be exposed to.MCIT 389/2007, under Annex "List of legislative and normative acts, regulations and standards in force, in the information society, security and banking systems".It must be mentioned that a part of them are issued by Romanian bodies and the rest are European Union or international regulations that are in force in Romania too.Reviewing the documents, it was found that the normative acts cover many matters related to the security issues as listed below: • procedure for approving payment instruments with remote access and applications such as Internet Banking, Home Banking or Mobile Banking; • issue and use of electronic payment instruments and the relationship between participants in transactions with these instruments; • protection of personal data and movement of such data and processing of personal data and privacy; • copyright and related rights; • free access to information for public; • electronic signature; • transparency in the exercise of public dignities, public functions and in business, in preventing and punishing corruption; • protection of classified information and intelligence service protection; • archiving electronic form; • methodological norms data centers authorization; • cyber-crime; • foreign operations; • organizing technical endorsement of payment systems and cashless settlements; • exchange arrangements; • payment order used in credit transfer; • business banking and bank secrecy; • prevention and punishment of money laundering; • border transfers; • expanding terms of payment orders in electronic messages used in ReGIS (RTGS) and Automated Clearing House; • enforcement of standing orders; • international standards in information technology/security, security techniques and security management; • national standards for information technology/security, security techniques, security management; • protection of classified information; • recommendations of the Internet Engineering Task Force (IETF) -Type Request for Comments (RFC) in the Internet environment; • recommendations of the International Telecommunication Union (ITU).
MCIT Order no.389/2007 on the procedure for approval of payment instruments with remote access applications such as Internet Banking or Home Banking is currently subject to the new order of Ministry of Communications and Information Society (MCIS).This procedure applies to banks, bank branches in Romania, Romanian legal entities and foreign legal entities.It aims to establish the procedure according to the Ministry of Communications and Information Society's guidelines in payment instruments with remote access such as Internet Banking and Home Banking or Mobile Banking.
The Order of MCIT defines the following terms, which are used in e-banking security field.Most used terms defined by this regulation are: security plan and opinion.
Security plan refers to the document that describes all technical and administrative measures taken by the issuer for the safe use of payment instrument with remote access.
Opinion refers to administrative act issued by the Ministry of Communications and Information Technology in accordance with Art. 30 point d) National Bank of Romania No.6/2006 on the issue and use of electronic payment instruments and the relationship between participants in transactions with these instruments, which gives to applicant the right to obtain authorization from the National Bank to issue payment instrument with remote access.
The aim of the opinion is to verify that the issuer's computer system and the software solution through which the payment instrument with remote access is provided meets the minimum safety requirements related to the following aspects: • confidentiality and integrity of communications; • confidentiality and non-repudiation of transactions; • confidentiality and data integrity; • authenticity of the parties involved in transactions; • protection of personal data; • bank secrecy; • traceability of transactions; • continuity of offered services to customer; • prevention, detection and monitoring of intrusion in the system; • restoration information system for managed and natural disasters and unforeseen events; • management and management of information system; • any other business or technical measures taken for the safe operation of the system.

Trust and Security in E-Banking Services in Romanian Banking Sector
Electronic banking services, included under the umbrella of "e-banking site", can be divided into three categories: Internet Banking, Home Banking and Mobile Banking.Internet banking refers to banking services that can be made available to individuals and companies by a bank through electronic means or electronic part, generally via a fixed or mobile phone and also via the Internet.These services allow total or partial management of a bank account made by the account holder.The account may be current, or by card and can be managed without the account holder to be present at the counter of the bank.Home banking refers to payment instrument with remote access software that is installed on a single work station or network.Phone Banking refers to payment tool with remote access which requires the use of a mobile device (phone, PDA -Personal Digital Assistant, etc.) and services offered by telecoms operators.
Of those presented, it is clear that all the three services offer nearly the same facilities to clients.The differences between them are basically in the freedom of movement provided in the channel of communication with the bank.To have a true picture of the development of e-banking services in Romania at this time, the present study conducted a check on how many banks offer e-banking services and what those services are.
Communications of the IBIMA 8 For this aim, the services offered by all commercial banks listed on the site of the National Bank of Romania (NBR) were analyzed, in concordance with each bank website.The status of banking institutions and payment instruments with remote access offered is shown in Table 5.

Security Status in Internet Banking among Romanian Banks
Security elements are other items of particular importance in the decision to use the Internet Banking.From the study, it was found that 93.94% of the analyzed banks publish on their websites that they have adopted measures for secure transactions and/or warn users about the dangers and the most common methods of theft.The main security features that banks have adopted are summarized in Table 6.

Home Banking
Security features are characterized by number of security levels, encryption of information transmitted, Digipass password, Verisign Certificate and secure electronic signature.Reviewing home banking services, very little information was found available.In more detail, two of the Romanian banks use the secure electronic signature and two banks use encryption of information.Regarding the number of security levels, one bank offers 5 security levels and another provides 3 security levels.

Mobile Banking
As elements of security to Mobile Banking services, password is used by 4 of the 6 banks that use the service and banking signature is used only by one bank.

Conclusions
E-Banking is changing the way customers conduct their banking transactions.Nevertheless, there are many factors that may influence the individuals' intention to accept the technology; trust and security are among the pivotal factors.Indeed, typical customers are reluctant to provide confidential information online.Their reluctance is related to their perception of the level of security of the technology and also their level of trust in the technology in safeguarding their confidential information.
In conducting the study, after reviewing the literatures, e-banking services offered by the identified banks were reviewed.Also, it analyzed the offered e-services, charges, accessibility and security features of those banks.Furthermore, the legal frameworks which govern the security aspects of online banking transactions in Romania were also analyzed.
In short, in Romania and also other countries, trust and security of e-banking activities are considered important issues.However, the legal framework for e-banking services in addressing the issue of trust and security are well-covered in numerous normative acts in Romania? both parties (service providers and users) must be more familiar with them.Moreover, almost all banks in Romania offer e-banking services.However, the security features provided by those banks are different and need to be developed especially in home banking and phone banking services.Furthermore, many rules and regulations are provided by government and banks in Romania.However, the effectiveness of those rules and their functions in mitigating banking consumers' security concerns still need more investigations.

Table 1 : Trust and Security in Online Environment
.