Information Technology Capabilities in Enabling Electronic Banking : Case Study of a Bank in a Developing Country

This exploratory study is aimed at identifying and exploring the key components of Information Technology (IT) capabilities that enable e-banking. It attempts to generate a framework that illustrates the variables, which led to a specific performance. The performance (independent variable) was linked with three dependent variables: Information security (ISec), regularity, and reliability. The study focused on the ISec factor and its effect on e-banking. This factor was analysed through the confidentiality, integrity, and availability (CIA) elements. The study presents the case study of a Libyan bank and the challenges from the ISec perspective. It explains how the bank attempted to improve the legacy bank system in terms of raising the level of CIA elements. The study collected 30 participants’ opinions via an online survey. The responses were analysed statistically using SPSS software to identify the most important elements for ISec, to raise the level of e-banking services and also to identify whether these three elements were equally significant or different. Likert scale was used to rate the questionnaire responses. Integration was found to be one of the most vital elements, and should be given high priority in any bank operating in developing countries followed by the confidentiality and integrity elements. To ensure the technical success of e-banking services, banks in developing countries should provide awareness and training programmes to increase the level of security. Moreover, the banks need to establish reliable polices that can control staff behaviour and minimise the level of risk in e-banking services.


Introduction
In recent years, e-services have gradually and significantly expanded from the perspective of buying and selling of a service or product.Despite the early failure of its popularity due to high equipment cost necessary for the operations and high connection fees, the _______________ Nader Hassan Khalifa (2013), Journal of Electronic Banking Systems, DOI: 10.5171/2013. 803655 World Wide Web (www) has paved the way to enable the developers in the area of banking applications to take advantage of the Internet as a means to support and spread their service.E-banking creates unprecedented opportunities for the banks in the manner they organise financial product development, delivery, and marketing via the Internet.The speed and scale of these challenges have rapidly increased with the pervasiveness of the Internet and the extension of information economy (Holland and Westwood, 2001).The use of e-banking technologies such as Automated Teller Machines (ATMs), Telebanking, home banking and internet banking in the delivery of banking products and services has increasingly become an essential aspect of contemporary banking systems (Mols, 1998).
The use of technology in various segments of society around the world has given the opportunity to all service providers to offer a bouquet of services in the e-banking framework.Wei and Howell (2010) classified e-banking services from the e-business perspective: Business to Business (B2B), Business to Government (B2G), Customer to Business (C2B), and Business to Customer (B2C).This expansion and diversification requires provision of service 24/7 with very low failure rates to customers.This indeed shows the progress and expansion of ebanking services.

While
e-banking has offered new opportunities, it also poses many challenges such as the innovation of IT applications, the blurring of market boundaries, the breaching of industrial barriers, the entrance of new competitors, and the emergence of new business models (Saatcioglu et al., 2001;Liao and Cheung, 2003).Banks must constantly reconfigure, renew, or gain organisational capabilities and resources to meet the demands of the dynamic environment (Wu et al., 2006).
A review of literature showed that only been a few studies are available about ICT adoption in developing countries compared to the developed countries.Therefore, this paper aimed to bridge this gap by identifying and exploring the key components that enable e-banking in an integrated picture to the banks customers; this may also help in avoiding wastage of investment and efforts of decision-makers and developers when seeking to develop e-banking services.It also aimed to determine the technical resources and IT capabilities that must be taken into consideration for raising the level of ebanking in commercial banks.The key strategic decisions of a bank in developing ebanking capabilities and factors that influenced these decisions and the lessons that can be drawn from this case were explored as a whole.The use of case study approach facilitated the evaluation of these issues of e-banking within the real-life context.This research attempted to address how IT capabilities enabled e-banking.This project studied previous literature, which discussed IT capabilities and its relationship to performance within firms.This review has compiled all the factors and combined them according to the conclusions that resulted from these previous studies so as to clarify the relationship of IT capabilities in enabling e-banking services.

Literature Review
During the period 2000-2011, a number of studies, as discussed below, were conducted on the impact and role of IT capabilities in ebusinesses, particularly, the banking sector.These studies focused on examples from both developed and developing countries, as well as on all the electronic banking (e-banking) divisions.Most of them presented the concept of adoption or acceptance of ebanking from the perspectives of both consumers and service providers.Moreover, other researchers have shown a framework for assessing e-banks (Al Saud and Abdallah, 2004).The objective of this research was an attempt to analyse previous research studies that dealt mainly with IT capabilities enabled e-banking in developed countries, and in developing countries in particular.Yoon (2011) defined IT capabilities as the ability to integrate with other resources within the organisation through the use and employment of IT resources.This definition conformed to Bharadwaj et al. (1999) and Jiao et al. (2008).Furthermore, Yoon (2011) and Bharadwaj et al. (1999) formulated this definition more precisely by stating ITC to be the ability to organise in support of organised activities and workflow through the disposition of IT resources and integration of other relevant resources.Here, Lee et al. (1995) particularly agreed that ITC is a kind of organisational ability to unite relevant resources.
De Jong et al. (2009) used "IT resources" as a generic term encompassing the IT infrastructure, people, capital cost, and all other elements that lead to the delivery of IT services.Moreover, it was assumed that both IT resources and IT capabilities are part of IT assets that should aim to deliver the potential services.
However, most studies that dealt with ways of measuring IT capabilities examined these capabilities on several levels and influencing factors.• Knowledge related to software, hardware, and database.
• Knowledge related to operations systems.

IT operations
• Utilisation of the solutions of ERP, SCM, CRM, and KMS, DW, etc.
• Utilisation of executive information systems.
• Utilisation of organisational security solutions and system.
• Application of solutions and information systems to B2E, B2C, and B2B.

IT department contacts
• IT department has contact with production, administration, customers, other companies and businesses.

IT support personnel
• Ability sufficiency, project management implementation, assessment and control system, and planning ability.Rahman's (2007) study attempted to explore the role of IT within the banking sector.His study focused on the role of IT from a single perspective, which was the investment of banks in developing an IT infrastructure.He listed out the technology products offered by the banking sector (Table 2).(2007) suggested that more research should be done in this field in future, especially in developing countries.There is lack of sufficient studies on this aspect of banking.
Their study confirmed that IT has a major impact on all stages of banking applications and that banks should invest in IT infrastructure to give them significant help in providing a variety of channels to deliver banking services to their customers.The adoption of innovations in IT and the factors that contributed to the delay in the adoption of these innovations among the e-services sectors in developing countries were highlighted.This present study has discussed these points by exploring a case study of a Nigerian bank.The study researched a number of questions regarding the causative factors in adopting new IT to provide eservices; they included applying the latest technology to information, the factors that cause the adoption of new technology, and the main obstacles that hinder the adoption of IT.Although the researchers discussed these issues in order to understand how to apply new technologies within financial eservice institutions, the study itself did not focus directly on IT capabilities or on its impact on e-services.Okunoye et al.'s (2007) study listed the IT capabilities in a number of small and medium enterprises (SMEs), but does not provide detailed information that would explain the differences between these institutions in their reliance on IT.
Electronic banking services, encountered as one of the common delivery channels of commercial banks, have enabled most businesses to complete payment processing and transfer funds electronically.A number of researchers have concluded that the adoption of Internet technology in the banking sector is the chief factor in the spread of e-banking.Floh and Treiblmaier (2006) asserted that online banking, which provides different banking services, is a key player in attracting customers.This point may explain the existence of the common connection between e-banking and IT capabilities that is held by commercial banks.
On the other hand, other researchers like Almazari et al. (2008) were of the view that attracting new customers or keeping the loyalty of the current customers cannot be accomplished adequately through websites of bank services.Since this method offers little or even no focus on customer relationship management (CRM) by the banks, it may result in loss of customers, who will move on to other competitors who do a better job of managing customer relationships.
A number of banks operating in developing countries have adopted e-services as one of the emerging technologies where the various e-services were affected by culture, environment, or the adoption by customers and services providers themselves (Ben-Jadeed 2004).However, knowledge in e-_______________ Nader Hassan Khalifa (2013), Journal of Electronic Banking Systems, DOI: 10.5171/2013.803655 banking remains the real challenge to the growth of e-banking in developing countries (Salehi 2010).Auta (2010) claimed that ebanking in developing economies faced other challenges such as security, user-friendliness, queue management, accessibility, time factors, and funds transfer.Researchers have tried to discuss the factors affecting ebanking services from several aspects of the pool.The majority of studies show that the element of security and knowledge are major players affecting the success of these services in developing countries.Al-Hajri (2008) noted in his study on the adoption of ebanking by the Omani banks that security and knowledge are not the only factors, but the communications infrastructure also affects the adoption of it.This clearly refers to the ITC in enabling e-banking and raising the quality of e-banking services.
Berger ( 2003) pointed out that Internet banking, electronic payment, and information exchange are not the most important technological products in the banking sector, but illustrated the potential differences and measured technological progress in the front office.
Most of these studies focused on the role of IT capabilities in the firms and their relationship with the performance only.International standards frameworks such as Control Objectives for Information and Related Technology (COBIT), Information Technology Infrastructure Library (ITIL), or Capability Maturity Model (CMM), etc. aimed to provide solutions to measure IT capabilities and the way of business processing in any commercial enterprise to determine their level of performance.Davenport (2005) classified these standards based on three main areas: the first group of standard focused on the process activities and flows, the second group of standards focused on press performance and the last set of standards focused on the process management.He confirmed that these international standards alone are not sufficient to achieve the goals of the company.Each firm has a business theme, which is unique and truly impacts the performance of work; and this really complicates the issue for the developers or decision-makers within commercial banks to create a specific mechanism to determine the capacity of IT that enables e-banking on a higher level in line with the ambition of customers.Such international standards only help in facilitating the operations outsourcing to keep up with the technical complexities in business processes; but what if these international standards are hampered by various factors such as local laws, regulations, policy, security aspect or organisation culture within the banks (operating in the developing countries in particular), which are the subject of the study?Previous studies that were reviewed did not study this aspect of the commercial banking sector and did not link the extent of the IT capabilities to enable e-banking services or even research on banks operating in developing countries, which was the aim of this study.There is a clear gap in the field of research studies pertaining to developing countries.There is lack of research on the banks in developing countries from the viewpoint of investors, technical solutions providers, or decision-makers within those banks.
Most of the banks strive to remain updated with the modern and advanced systems of banking operations.It is important to know the role of development of information and communications technology (ICT) to give banks the opportunity to provide innovative financial services so that they become most versatile and comfortable without adding new branches.

Methods
This research illustrated the methodology of designing a case study, collecting data, and analysing data.A framework was designed that contained internal variables that affected the capabilities of IT to enable ebanking services.The case study strategy was chosen to answer the research question regarding realistic service in the banking sector, especially in developing countries.This strategy helped to discover how or why IT capabilities enabled e-banking.This approach helps to understand or diagnose the problem in a more comprehensive study, which helps open the area for further research.The case study was focused on the Gumhouria Bank, Libya.For applying the above concepts to the current draft of the study focusing on the Gumhouria bank, a step-by-step process was set up: 1. Assess the level of e-banking services in Libyan banks and in developing countries.
2. Determine the level of e-services in Libyan banks associated primarily with technical resources available and the investment in IT in Libya.
3. Discover the necessary level to provide the required e-services to bank customers to meet their needs.
4. Identify the IT capabilities and necessary components to provide e-banking services of high quality.
5. Framework that is considered to form the basis of IT capabilities that enables ebanking.
6. Identify the internal variables that have an impact on the relationship of IT capabilities and e-banking, focusing on those that can raise the level of e-banking services.
The time period for the case study was from 2005-2009.This period was vital in understanding the ISec variable and its impact on e-banking because of the rapid changes that occurred during that period in the Libyan banking sector and within the bank, in particular.This change included the development of the bank infrastructure and establishment of a core banking system to take into account the international standards in the management of banking operations.
Previously, the bank dealt with its customers through different local systems; these systems were not able to provide integrated e-services to its customers.The main weakness was on the availability side.For example, the local systems were not linked with centralised databases.This resulted in problems with follow-up and maintenance, complications in modernisation and development, middleware problem between the ATMs and the bank system, challenges in adopting merge technologies, frequent need to use banking operations manually, and provision of e-banking that did not exceed the borders of the branch building.
Therefore, the Gumhouria Bank tried to find new channels to provide e-banking services to its customers, with a focus on reducing the level of concern in regard to ISec.This study highlighted information security (ISec) as one of the variables that could affect the level of e-banking in Libyan banks.
This study adopted the flowchart model suggested by Yin (2003) (Figure 1).3). 1) The bank has a specific strategy for data encryption and secure communication networks between the customer and the bank system.

Technology Confidentiality
2) The bank has clear policies in determining the powers of the authorised and non-authorised parties to access the customer data, clients of the bank, or staff within the bank. Management 3) The bank has a clear plan to save the data and documents of the bank in case of a computer malfunction.
4) The IT department and legal department establish policies that must be followed in the work environment and that can control the behaviour of the employees in the work environment; these policies have the ability to stand in front of the courts in the event of a deliberate breach of security by the staff.
5) The management board evaluates the impact on the bank's security program in case of changing business arrangements, such as mergers and outsourcing arrangements.
6) The bank has a clear classification of types of data: confidential data, data for informational purposes only, and data for publication.
7) The bank provides educational programmes for IT engineers, staff, technicians, and operators in the system of the bank to raise their knowledge of how to protect information.
Culture 8) The bank provides visual (e.g.posters, newsletters) and audio means of raising awareness of the importance of information security and confidentiality when dealing with data within the bank in various sections.
9) The bank has a system to audit and review the information system to assess the risks that affect the control rooms, data centres, Management Integrity _______________ Nader Hassan Khalifa (2013), Journal of Electronic Banking Systems, DOI: 10.5171/2013.803655 databases, servers, network components, and applications that provide protection to the bank system. 10) The bank has Bank Access Control for control rooms, data centres, and stores.

11)
The bank has installed an anti-virus program on bank servers and desktops. 12) The bank provides Internet banking to its customers; it is integrated with their database accounts.

13)
The bank website has adopted Secure Socket Layer (SSL) verification.

14)
In servers of ATMs, mobile banking, gasoline e-cards, and domestic cards, there is a program installed to combat worms and viruses.

15)
The IT staff in the bank regularly makes a back-up copy of the customer database to prevent the loss of data.

Management 16)
The IT department has a strategy to recover data in case of any technical fault in the bank's servers that contain databases.

17)
The bank has systems that enable the staff to deal with the data easily and without any complications.

18)
The bank has a local network secured within the IT department and its branches, which provide the following: • The ability to manage networks.
• The ability to identify the powers of the network users.
• Firewalls between the LAN and the International Network.
• Software to track and analyze the performance of the LAN.

Economy
Availability

19)
The bank has an administrative mechanism to know and identify information assets* that are: • Most important to the success of the bank.
• Most important for return of investment.
• Most expensive in maintenance and replacement.
• Mandated to require protection.*This can be a server, LAN components, a terminal device, application software etc.

Economy
The researcher designed this questionnaire to cover these four aspects and explained the impact of ISec through the CIA elements.The participants had to evaluate the 19 sentences with one of these responses: strongly agree, fairly agree, agree, disagree, or strongly disagree.The participants' responses would show the impact of a changing ISec on ebanking services.
These 19 sentences were selected to interpret and illustrate the impact of ISec variables on e-banking services.According to Whitman and Mattrod (2010), these variables are linked to three main elements of CIA.
These three elements, according to Syamsuddin and Hwang (2009), can be studied through four aspects: management, technology, economy, and culture (Figure 2).
With regard to the online survey on how the ISec and CIA triangle was applied inside the bank correctly, the responses of 30 participants out of 50 employees working in the IT and e-services departments in the Gumhouria Bank were recorded.The online survey contained a number of statements which the participants were required to evaluate by selecting their degree of satisfaction with these statements based on their work experience and knowledge (Appendix A).The participants were required to assess these statements _______________ Nader Hassan Khalifa (2013), Journal of Electronic Banking Systems, DOI: 10.5171/2013. 803655 technically from an information security perspective.The statements were mainly about Information Security (ISec) factors inside Gumhouria Bank, and classified into four areas: 1-Management, 2-Technology, 3-Economy, and 4-Culture.SPSS software (Version 18) was used to analyse the data in a descriptive statistics format and to conduct complex statistical analyses.ANOVA was used to determine whether there was a difference in mean scores for the three aspects of information security (CIA aspects).

Results
The results showed that the variable ISec (dependent variable) was one of the factors that affected the level of performance (independent variable), which was already assumed to link the capabilities of IT and ebanking services.The analytical part focused on ISec through three main aspects: confidentiality, integrity, and availability.This analysis concluded that the element of integration is the most important element required by the banks followed by confidentiality and availability.The researcher can state that the availability score is statistically lower than that of confidentiality and integrity.There is no statistical difference between confidentiality and integrity.As availability has a lower score compared to others and is statistically different, it stems from the survey that the participants have a negative perspective on the availability aspect of the concerned organisation.
The responses on the confidentiality section show the bank's clear policies in determining who is authorised and not authorised to access the bank system, which was confirmed by 40% of the participants (Table 4).But the bank does not have a documented policy that describes or explains the work procedures, which must be followed inside the bank to access the bank system.This was confirmed by 36% of participants.In sentence 1 and 3, there is a clear debate about this aspect from the IT and e-service departments (Figure 3).18.The bank provides training programmes for employees such as IT engineers, bank staff, technicians, and operators on the systems of the bank to raise their knowledge of how to protect the bank's information.
6.7 16.7 60.0 6.7 10.0 30 2.97 19.The bank provides programmes using visual and audio techniques, posters, or newsletters designed to raise the awareness of the importance of information security and confidentiality when dealing with the data of the bank and its customers.The bank offered a training programme to improve the level of knowledge about how the ISec factor is vital to the bank operations and e-banking.This was confirmed by 60% of participants (Figure 4[S18]).However, the results showed that the bank neglected the visual aids, which help to raise the securityawareness level among the employees of the bank and minimize the hazards in dealing with bank information (Figure 4[S19]).Enterprises and banks in particular are keen on data classification.This was confirmed by 60% of participants (Figure 5[S5]).The results showed that the bank set a strategy in classifying the data into confidential data, data for informational purposes only, and data for publication, which aimed to raise the level of confidentiality.Also, the bank had a clear procedure for storing data and documents (Figure 5[S2]).

Figure 5: Bar Chart Shows the Responses on Sentence 5 and 2
There were different views as to whether the bank had a specific strategy in evaluating the impact of outsourcing on security programme or not (Figure 6).

Table 5: Summary Results for Integrity Element
With regard to the integrity element (Table 5), the survey results in Figure 7(S10) shows that although the bank owns access control system for data centers and control rooms, the bank does not have a system to review and assess the risks that could affect the control rooms, data centers, databases, servers, network components, and all applications that provide a protection mechanism to the bank's systems.Around 43% of participants confirmed this whereas 36.7% opposed it (Figure 7[S6]).
Table 5 and Figure 8 (S7 and S8) indicate that the bank used protection mechanism to secure the e-banking service and could recover the system any time.This was confirmed by 40% of participants.According to the IT staff response (Figure 9[S12 and S13]), the main challenge for the bank was how to offer a secure Internet banking package to the bank's customers after deploying the core banking system.This part needs further research.
1.The bank has a system to review and assess the risks that could affect the control rooms, data centres, databases, servers, network components, and all applications that provide a protection mechanism to the bank's systems.
3  In the survey responses regarding availability, the results show that the bank system provides this feature and this is due to the bank adopting the i-FlexCube system as core banking (Table 6 and Figure 10[S15]).To determine whether there was a difference in mean scores for the three aspects of information security, an ANOVA was conducted (Table 7).The Levene's test was significant, F (2, 87) = p < .05.Thus, the variances of the three aspects: confidentiality, integrity and availability are different to each other (Table 8).11).

Conclusion
The present study compiled and examined a number of previous studies that focused mainly on IT capabilities and e-banking.The overall body of research inferred, but did not directly discuss IT capabilities in enabling ebanking.This paper tried to link the IT capabilities with e-banking.The research found that IT capabilities are divided into three levels, and these levels can be described as components of IT capabilities, which helps to identify the variables or the elements that would directly affect the content of IT capabilities.The study also concluded that the outcome of IT capabilities can be seen as a performance from a technical perspective.The author has interpreted this performance based on four dependant variables: security, reliability, data integrity, and regulatory environment.These four variables can also be considered from the perspective of e-banking as capabilities.The study helped to configure a model framework that contributes to create and determine the IT capabilities needed to operate an e-services model, particularly in developing countries.
This study's framework showed the components of IT capabilities and e-banking.Many internal variables were proposed.This study identified 'performance' as an independent variable that linked IT capabilities and e-banking.The performance was interpreted by the researcher into four variables: security, reliability, data integrity, and the regularity environment.However, due to time constraints, the researcher examined only one variable.Therefore, in order to clarify and understand the performance variable, there is a need to fully study the rest of the variables to find which of these three factors are vital for the performance variable and how these factors can be analysed and examined.Future research on these variables can explain and determine the key elements needed by the ebanking services in the banking sector, particularly in developing countries.The Management Aspect

Statement 1
The bank has clear policies to determine the powers of authorized and non-authorized access to information on customers, partners, service providers, or staff within the bank.

Agree
Fairly Agree Strongly Agree

Statement 2
The bank has clear procedures for storing the data and documents of the bank.

Agree
Fairly Agree Strongly Agree

Statement 3
The Information Technology department and Legal department have established policies that should be followed in the work environment and these policies should be able to control the behaviour of the employees in the work environment.

Agree
Fairly Agree Strongly Agree

Statement 4
The management board evaluates the impact of changing business arrangements such mergers outsourcing arrangements on the bank's security program.Strongly agree

Statement 11
The bank has installed anti-virus programs on all bank servers and desktops.

Agree
Fairly agree

Statement 12
The bank provides Internet banking services to its customers which are integrated with their database accounts.

Agree
Fairly agree

Statement 13
The bank website is adopting secure socket layer (SSL) verification.

Agree
Fairly agree

Statement 14
In servers of e-banking services such as the ATMs, mobile banking, gasoline e-cards, and domestic cards, there is a program installed to combat worms and viruses.
Strongly disagree

Figure 1 :
Figure 1: Case Study Method (Source: Yin, 2003, p. 50)The study focused on a small IT-skilled work group in two technical departments in a commercial bank in Lybia: the IT department and the electronic services department.The question structure was in the Likert scaling

Figure 3 :
Figure 3: Bar Chart Shows the Reponses on Sentence 1 and 3

Figure 4 :
Figure 4: Bar Chart Shows the Reponses on Sentence 18 and 19

Figure 6 :
Figure 6: Bar Chart Shows the Responses on Evaluates the Impact of Outsourcing on Security Program

Figure 7 :
Figure 7: Bar Chart Shows the Reponses on Sentence 6 and 10

Figure 8 :
Figure 8: Bar Chart Shows the Response on Sentence 7 and 8

Figure
Figure 9: Bar Chart Shows the Response on Sentence 12 and 13Table 6: Summary Results for Availability Element

Figure 10 :
Figure 10: Bar Chart Shows the Response on Sentence 15 and 17

Table 10 : Dependent Variable by Multiple Comparisons
_______________Nader Hassan Khalifa (2013), Journal of Electronic Banking Systems, DOI: 10.5171/2013.803655 Journal of Electronic Banking Systems, DOI: 10.5171/2013.803655AcknowledgmentThiseffort was the result of research and study, which required significant amount of time.Here I will never forget the sacrifices of my wife, who stood by me, and gave me the necessary time to complete this project.I also express deep gratitude to my parents for their contribution in my education.This research also required, in some cases, academic advice and technical suggestions from some specialists in the field of information technology.I extend my sincere thanks to Professor Peter Hyland, who encouraged me and gave me the confidence in my abilities to write this scientific research.