Introduction

Handling money from comfortable house atmosphere is standard and normal everyday activity for many people all around the world. This way of maintaining money with no physical contact and making money transactions is known as "online banking". There are many definitions of online banking provided by many researchers, but all of them have some main elements which are within the following definition, provided by Muniruddeen Lallmahamood (2007). He defined internet banking as banking services over the public network (the Internet), through which customers can use different kinds of banking services ranging from the payment of bills to making investments. Internet banking or online banking has created new ways of handling banking transactions for banking related services and for e-commerce related transactions such as online shopping (Lallmahamood, 2007).

However, development of handling money with no physical contact did not provide new opportunities only to clients, but to criminals as well. In fact, criminals are able to steal money with no physical contact and any tangible evidence remaining after their criminal transaction. In other words, they can conduct the robbery in their pijamas from their bed rooms. Knowing this fact turn on red alarm in heads of many clients. As banks' dependence on new technologies increases, their need to protect their own and assets of their clients increases as well. This is where importance of IT security for banks' clients starts. For this reason, it is of crucial importance for banks as provider of online banking services, to know awareness level and perceptions of their clients towards IT security of online banking. Since results of this research will enable banks to learn more about their clients, this research have potential to be important source of information for consideration by banks when it comes to their planning and development activities. If we consider gap in the literature on this issue in both countries, Bosnia and Herzegovina and Croatia, this article becomes even more valuable.

Results regarding both countries are collected and concluded after preparing survey based on six variables and specific questions assigned to each one of those variables. The survey was distributed to clients who are actively using online banking. It was completed in both Bosnia and Herzegovina and Croatia at very high response rates. Even 207 respondents replied from Bosnia and Herzegovina, while 203 respondents completed survey from Croatia. Results were analyzed and presented using descriptive statistics. The main objective of this paper was to analyze and compare perceptions of Bosnian and Croatian clients about IT security in online banking, to provide insight into similarities and differences of their view points and to create important set of information for all subjects active in banking industry.

In the following sections of this work, through theoretical background, all necessary definitions along with brief historical facts important for understanding this topic will be explained. Accordingly, information on online banking in Bosnia and Herzegovina and Croatia as countries in focus will be provided so readers can be more familiar with the situation in these states. Reason for selecting these two countries is their unique history. Both of the states were in a war in near history, but still one of them showed higher development level in terms of economy. Additionally, Croatia even became a member state of European Union, while Bosnia and Herzegovina is still not. After explaining used methodology, results will be analyzed, discussed and concluded.

Literature Review

Muniruddeen Lallmahamood (2007) defines internet banking as banking services over the public network (the Internet), through which customers can use different kinds of banking services ranging from the payment of bills to making investments (Lallmahamood, 2007). On the other hand, Jagdeep Singh (2012) defines internet banking as online systems which allow customers to plug into a host of banking services from a personal computer by connecting with the bank's computer over the telephone wires. He is also mentioning some synonyms for internet banking such as online banking, PC banking, home banking or electronic banking (Singh, 2012).

According to Gordon and Loeb (2002), Information security is concerned with the protection of three characteristics of information: confidentiality, integrity, and availability through the use of technical solutions and managerial actions (Gordon & Loeb, 2002).

Banks are not only dealing with intangible money transactions, but also with protection of highly sensitive information such are credit cards' PINs, data about the customers, customers bank accounts and all other kinds of information that could enable to third party conducting the criminal activities and making damage for both, customer and bank. According to Landwehr (2001), weaknesses of banks' information systems are named vulnerabilities, and it is likely that such vulnerabilities represent opportunities for crime by third parties (Landwehr, 2001).

One of the alternatives when it comes to keeping money in safer forms than cash is electronic handling of money, where no physical contact is necessary. This means that almost all transactions can be realized via different devices including computers, mail or telephone, without physical contact. Such an operation resulted in new types of crime, and some of them are still new to the legal systems. Main problem is that allowing people to make transactions with no physical contact opens the door for criminals to gain access and make transactions. Accordingly, beside the physical security systems of banks, possibility of crime is still very high. Sometimes, in order to keep public image, banks do not even investigate and prosecute cybercrimes. If they would do that, customers wouldn't deposit money in their banks (Pfleeger & Pfleeger, 2006). In short, big question emerge in heads of clients: "Is electronic way of handling money safe?"

According to Shrinath (1997), "information is power "has nowhere been realized more significantly than in the banking industry. When discussing the risks and challenges for IT security in that period of time, Shrinath mentioned four risks: unauthorized system/data access by business users in the bank; unauthorized system/data access by application/system support personnel; unauthorized system/data access by customers; unauthorized system/data access by the public at large. Since most people do not realize that large banks are prone to high risk of security breakdown even without going so far as the Internet, author decided to examine and explain the most critical areas (Shrinath, 1997).

Lawrence A. Gordon and Martin P. Loeb (2002) wrote an article which presents an economic model that determines the optimal amount to invest to protect a given set of information. Their model takes into account the vulnerability of the information to a security breach and the potential loss should such a breach occur. After analysis conducted by Gordon and Loeb (2002), they suggested that in order to maximize the expected benefit from investment in information protection, a firm should spend only a small fraction of the expected loss due to a security breach (Gordon & Loeb, 2002).

Authors found very important to know about perceptions of users about specific technologies. This is how technology acceptance model was born. Pikkarainen et al. (2004) conducted a study about consumer acceptance of online banking. They investigated online banking acceptance in the light of the traditional technology acceptance model (TAM). The data for their results was consisted of group interview with banking professionals, TAM literature and e-banking studies. According to their results, perceived usefulness and information on online banking on the Web site were the main factors influencing online-banking acceptance (Pikkarainen et al., 2004).

When it comes to explanation of basic concepts involved with system security, helpful was introductory chapter of book entitled "Security in computing "written by Charles P. Pfleeger & Shari Lawrence Pfleeger (2006). Their book deals with broad range of computer security related topics such are: cryptography; secure systems development; basic communications technologies; advices on planning, risk, and policies; Intellectual property; computer crime, and ethics. In short, it is possible to conclude that this book can serve as great guide to information about computer security attacks and countermeasures (Pfleeger & Pfleeger, 2006).

Interesting research was made by Luis V. Casalo, Carlos Flavian and Miguel Guinaliu (2007) who conducted it with purpose to analyze the influence of perceived web site security and privacy, usability and reputation on consumer trust in the context of online banking. Their paper described the positive effects of security and privacy, usability and reputation on consumer trust in a web site in the online banking context. This study is very interesting and valuable since it proposes link between security, privacy and trust, amongst others, in the online banking context (Casaló et al., 2007).

Muniruddeen Lallmahamood (2007) explored the impact of perceived security and privacy on the intention to use Internet banking. He used an extended version of the technology acceptance model (TAM) is to examine the above perception and concluded that while perceived usefulness is a critical factor in explaining users' intention to use Internet banking, it is important to pay attention to the security and privacy of users' of Internet banking. According to results, convenience, ease and time saving are the main reasons for the adoption of Internet banking, whereas security, trust and privacy appear to be the top main concerns for non-Internet banking users. As author mentioned, this may also imply that security concerns and privacy protection are perceived to be part of the overall service provided by the Internet banking services providers, and he suggests that banks should gain customers' confidence through raising security levels of the bank (Lallmahamood, 2007).

Many studies that are dealing with evaluation of clients' trust when it comes to banking are including "security" as important construct. This leads to conclusion that IT security is important for getting customer's trust in banking business. Yap, K. B., Wong, D. H., Loh, C., & Bak, R. (2010) wrote a paper with aim to examine the role of situation normality cues (online attributes of the e-banking web site) and structural assurance cues (size and reputation of the bank, and quality of traditional service at the branch) in a consumer's evaluation of the trustworthiness of e-banking and subsequent adoption behavior. One of their findings in this work stated that web site features that give customers confidence are significant for promotion of e-banking (Yap et al., 2010).

Research found to be very useful for this article is the one completed by Mohanad Halaweh (2012) who was writing about user perceptions of e-commerce security (Halaweh, 2012). In fact, both online banking and e-commerce are having common characteristic which is no physical (face to face) contact between parties involved in transaction, and using same technologies for doing transaction. This means that both of them are exposed to same risks. Accordingly, this common characteristic was very useful while identifying relevant variables for this study since some of them are simply modified and used for this research. Results of study conducted by Mohanad Halaweh (2012) showed that user characteristics, psychological state and intangible security features have a significant influence on e-commerce security perception. Additionally, in contrast, tangible security features and cooperative responsibility have a non-significant influence (Halaweh, 2012).

Singh (2012) commented that customers, both corporate as well as retail ones are no longer willing to queue in banks, or wait on the phone, for the most basic of services. Therefore, electronic delivery of banking services is becoming the ideal way for banks to meet their clients' expectations. Accordingly, author got idea to study the scenario of e-banking, and in his study he considered opinions of 100 customers from Ludhiana. The results of this work revealed that people are aware of e-banking, but not fully. In fact, the Customers are at ease after using e-banking since it saves the precious time of the customer. It has also been found that Customer satisfaction varies according to age, gender, occupation etc. (Singh, 2012).

Briefly about online banking in Croatia & Bosnia and Herzegovina

In the following two paragraphs, online banking will be explained more specifically regarding every country individually.

Online banking in Croatia

After the war, in 1995, Croatian banking industry, along with all other industries was in recovery process. Number of banks was changing quickly since the situation was not stable yet. Process of elimination and merging the banks was accelerated after 2000 (Roncevic, 2006). When it comes to online aspect of Croatian banks, Roncevic (2006) emphasized that in year 2000, Croatian banks provided an opportunity for clients to see different information on their web pages. Technological development resulted in quite different and improve situation till now. In 2000, only 37 banks had cash machines, only 5 banks provided sms services, and only 7% offered services of reading status of accounts on their web. Nowadays, more than 74% of banks provide online access to data for its clients, most of the banks offer cash machines, and almost all of them offer online services (Roncevic, 2006). According to data of Croatian National Bank, in second quarter of 2007 there was 385 000 of citizens and 120 000 businesses which used internet banking. 40.6 % of total number of transactions was electronic, and 7.6% of them were internet payment. In a case of businesses, even 18.1% of transactions were internet transactions (Ministry of Businesses, Work and Entrepreneurship, 2007). It is interesting that when it comes to situation in 2013, Erstre Bank (2013) reported that almost one in three Croatian citizens uses internet banking. Additionally, according to information based on survey conducted in September 2013 on 3000 respondents in Croatia and other countries Erstre group operates in, about 27% of Croatian citizens over the age of 15 use internet banking. The internet banking service is most used by people between 15 and 29 years of age (43%) and those between 30 and 49 years of age (36%). The lowest number of internet banking users is in the over 50 age group (13%). A part of the respondents who are not using internet banking listed an overall lack of interest in the service (33%), problems with internet or PC access (24%) and a feeling of insecurity (18%) as the main reasons for not using internet banking. Unlike internet banking, when asked whether they are using banking apps on their smartphones or tablets, only 5% of respondents said 'yes' (Erstre Bank, 2013).

Online banking in Bosnia and Herzegovina

The biggest expansion in terms of online banking development happened in Bosnia and Herzegovina in year 2010 when there was 19.257 business subjects and 48.545 citizens using the online banking (Central Bank of BiH, 2010)

According to report of Central Bank of Bosnia and Herzegovina in 2013, internet banking has increased for 23.11 percentage compared to previous years. Still, this information is not perceived as significant increase by Central Bank of Bosnia and Herzegovina (Central Bank of BiH, 2013).

One year later, new report of Central Bank of Bosnia and Herzegovina prepared in year 2014 did not bring some extraordinary different results. Still, even though there is an increase in both, number of banks offering electronic banking and number of users, the increase trend is not impressive. In 2014, the number of electronic banking users was 213.562, while even 25 banks were offering this type of service. This number of users is only 0.01 % of total number of cards in the country, which is the main reason why the Central Bank is not impressed with this fact (Central Bank of BiH, 2014).

Research and Methodology

For conducting this research, with aim to get closer insight into clients' perceptions towards online banking in Croatia, six variables were identified as a result of literature review. Those variables are as follows:

a) Privacy aspect refers to confidence in the technology and online banking service provider when it comes to protection against privacy issues such are private information of client, information about money transactions conducted by client, information about client's personal passwords etc. Pikkarainen et al (2004) stated that as the amount of products and services offered via the Internet grows rapidly, consumers are more and more concerned about security and privacy issues (Pikkarainen et al., 2004).

b) Control aspect - When it comes to control perspective of IT security, as it is possible to conclude from survey questions of Yap, K. B., Wong, D. H., Loh, C., & Bak, R. (2010), this aspect refers to strictness of identity ascertaining when sending messages to client, or doing transactions by client, but also general control by bank when it comes to online transactions' confidentiality (Yap et al., 2010).

c) Psychological aspect - According to Halaweh, Mohanad (2012) The psychological aspect of security incorporates the feeling of fear, the need to feel that one's money is secure, and the ability to control the payment process and performance of online transactions. Even though he made research about e-commerce, because of same nature of e-commerce and e-banking which is remote rather than face-to-face, his work was useful for preparation of survey in this study (Halaweh, 2012).

d) Therefore, it is possible to conclude that many customers have the misconception that the use of e-banking is vulnerable and that there is a high probability that their money will be lost.

e) Tangible features - Halaweh, Mohanad (2012) defines tangible indicators as those technological security features of websites that can be checked by users, such as https, padlocks and security certificates. Tangible features need to be understood and checked by the customer over the website rather than captured through social communication; this involves having knowledge and experience of these features, such as knowing what a security certificate means and how to check whether it has expired (Halaweh, 2012).

f) Intangible indicators - When talking about intangible indicators such are famous website and reputation, Halaweh, Mohanad (2012) says that they are not seen on the website and cannot be directly checked over the website. They are affected by society in terms of communication and the environment: where the customer lives and what they hear from others, as well as their past experience (Halaweh, 2012).

g) Perceived IT security Perceived IT security refers to general perception of online e-banking services by clients when it comes to IT security.

Accordingly, survey consisted of twenty questions was created. Questions were mainly adapted from previous researches considering Pikkarainen et al (2004), Casaló, Flavián, and Guinalíu (2007), Yap, K. B., Wong, D. H., Loh, C., & Bak, R. (2010), Halaweh, Mohanad (2012), Muniruddeen Lallmahamood (2007). All questions prepared for the survey, along with their references they were adapted from, are presented in Table 1 available in the next page.

Pikkarainen et al. (2004) conducted group interview with banking professionals in order to learn about consumer acceptance of online banking (Pikkarainen et al., 2004). Specific questions related to privacy aspect from his interview were adapted and used in this research to examine clients' concerns about their privacy and security issues in e-banking. Casaló, Flavián, and Guinalíu (2007) made research with purpose to analyze the influence of perceived web site security and privacy, usability and reputation on consumer trust in the context of online banking (Casaló et al., 2007). Since they are dealing with similar issue, questions regarding security and privacy were adapted and used in this study. Yap, K. B., Wong, D. H., Loh, C., & Bak, R. (2010) used survey to evaluate trustworthiness of e-banking and subsequent adoption behavior through several factors (Yap et al., 2010). Accordingly, several questions helpful to measure control aspect of IT security in e-banking were used in our study.

Halaweh, Mohanad (2012) studied user perceptions of e-commerce security (Halaweh, 2012). Since both e-commerce and e-banking are having the same characteristics such is lack of face to face communication and physical contact which implies same issues and concerns for final users of such a services, many questions were adapted from his survey in order to measure psychological aspect, tangible and intangible indicators, and perceived IT security in general when it comes to online banking. Also, when it comes to Muniruddeen Lallmahamood (2007), one of questions used in his study was useful to adapt for this research when it comes to measuring psychological aspect of IT security (Lallmahamood, 2007).

Empirical Data and Analysis

Data for this study was collected by the means of a survey conducted in Croatia and Bosnia and Herzegovina in 2013. A total of 500 questionnaire forms were delivered to respondents in both countries. Half of the surveys (250) was delivered to Bosnia and Herzegovina, while half (250) was delivered to Croatia. Most of surveys were answered with good response rates. In Croatia even 203 respondents out of 250 completed the survey giving a response rate of 81.2 percent. Situation was slightly better in Bosnia and Herzegovina since 207 clients out of 250 completed the survey giving a response rate of 82.8 percent.

Surveys were filled at universities by students, academic and administrative staff, and in branches of different institutions of Croatia and Bosnia and Herzegovina by randomly selected clients. This resulted in a sample that was well distributed in terms of demographic information (e.g. age, and education).

Data is mainly numerical except demographics part which is categorical. Seven point Likert scale was used in order to test the agreements of the respondents on six variables through twenty questions. The collected data is then inserted into an excel spreadsheet and analyzed descriptively. The surveys were distributed both online and personally. Online version of survey was created, and its link was sent via e-mail to potential participants.

Results and Discussion

Demographics

Demographics information includes respondents' department, positions within the department and their education levels, gender and age. When it comes to gender, in Bosnia and Herzegovina more respondents were males while in Croatia more respondents were females. Detailed information on gender are presented in figure 1 presented below.

When it comes to educational background of respondents, in both countries more than 50% of surveyed respondents had undergraduate degree. Around 50 respondents of both countries (Bosnia and Herzegovina - 53; Croatia - 51) had Master degree and only few had a PhD level (Bosnia and Herzegovina - 4; Croatia - 9). Twenty one out of all surveyed respondents in Bosnia and Herzegovina did not have higher education, while only 13 of surveyed respondents in Croatia had the same status.

When it comes to job positions of respondents, since surveys have been distributed to clients who are working in various institutions of Bosnia and Herzegovina and Croatia, sample is well distributed in this aspect. All details regarding job positions of respondents are presented in Figure 3.

Survey Results

Before interpretation of results, to assure that reader will properly understand all tables and related explanations, it is important to explain interpretation values for used 7 point Likert scale. The meaning of interpretation values is as follows:

1 - Respondent strongly disagrees with the statement

2 - Respondent disagrees with the statement

3 - Respondent slightly disagrees with the statement

4 - Respondent is neutral (he/she neither agrees not disagrees with the statement)

5 - Respondent slightly agrees with the statement

6 - Respondent agrees with the statement

7 - Respondent strongly agrees with the statement

From Table 2, it is possible to conclude that privacy aspect of IT security in online banking of Croatia is perceived as less acceptable by clients of Bosnia and Herzegovina (BiH) compared to those of Croatia. In fact, mark of 6.191 indicates that clients agree that banks are able, and doing their best to protect their privacy. Bosnian respondents answered in a quite different manner. Results from BiH indicated that privacy aspect of IT security in online banking of BiH is perceived as acceptable by clients of this region, but not that much as in case of Croatia. In fact, mark of 5.223 indicates that clients slightly agree that banks are able, and doing their best to protect their privacy.

When it comes to control aspect, by agreement with offered statements, Bosnian clients think that high level of control is necessary. Their answers regarding statements in this variables was close to 6 in all cases, which means that clients from BiH agreed with statements about ascertaining their identities while using online banking and they believed that banks are using security controls to improve confidentiality of online transactions (Table 3). Croatian clients strongly agreed with statements about ascertaining their identities while using online banking and they believed that banks are using security controls to improve confidentiality of online transactions.

When it comes to psychological aspect whose results are presented in Table 6, Bosnian clients' perceptions towards offered statements is within "slight agreement" region. This indicated that they are to some extent paranoiacs, and that there is fear, misconceptions and anxiety exist while using online banking. On the other hand, situation in Croatia appeared to be a little bit better in favor of control. Croatian respondents agreed with the statements that there is no fear, misconceptions and anxiety while using online banking, but also they slightly agreed when asked about their feeling of safety when releasing credit card information through internet banking.

Results showed that Bosnian clients are not completely aware of importance of tangible features for security while doing online transactions. In fact, clients were mainly slightly agreeable with the statements which indicated that they are not very careful when it comes to paying attention to presence of http(s) in the URL and small padlock icon. When it comes to digital security certificate of the web site, they were neutral which gives information that they pay attention to this specific aspect of online banking IT Security. Results from Croatia showed that Croatian clients are aware of importance of tangible features for security while doing online transactions. Respondents were mainly disagreeing with statements that they are not very careful when it comes to paying attention to presence of http(s) in the URL, small padlock icon and digital security certificate of the web site. More details about this aspect are available in Table 5.

This research showed that marketing and intangible assets of banks are slightly influential in Croatia. Clients are paying more attention to tangible rather than intangible ones such are banks' reputation, location and its concern towards security provision for its clients when making their decision to use online banking services. This could mean that clients perceive security provision as standard that must be respected by all banks. In other words, they are aware that banks will respect their privacy especially because of the competition in banking industry. According to results, this is not the case in BiH. Marketing and intangible assets of banks are quite influential in this country. Bosnian clients are paying more attention to intangible features such are banks' location and its concern towards security provision for its clients when making their decision to use online banking services. This is not the case with the bank's reputation in eyes of Bosnian clients. More details about influence of intangible features to clients' perceptions of IT security of online banking are available in Table 6.

When it comes to general opinion about IT security of online banking, from Table 7, it is possible to conclude that Croatian clients strongly believe that using e-banking services online is secure, and they use e-banking services with feeling of security. However, Bosnian clients are not the same. They didn't have specific opinion about the mentioned statements, and showed that they do not completely believe in secure online banking.

Conclusion

This research provided important insights about clients' perceptions towards IT security of online banking in Croatia and Bosnia and Herzegovina (BiH). Careful comparative analysis of results collected from these two countries has been conducted. Response rate was good in target samples, 81.2% in Croatia and 82,8% in BiH. Fact that surveyed people are coming from various companies, departments and positions within those departments gives even more importance and value to the results of this work. Limitations of this research are relatively small sample and quite generic approach to problem. Accordingly, recommendations for future researches would be based on going more deeply into the issue and analyzing larger samples. This article represents very unique set of information for the banks already operating in Croatia and BiH, or having tendency to start business in these countries. This research empirically proved that clients of Croatia and BiH do not have same perceptions towards online banking. While Croatian clients with no fear and misconceptions, aware of tangible features' importance, think that banks are able to protect their privacy completely and that bank are doing their best to improve confidentiality of online transactions, clients of BiH do not think that banks are able to protect their privacy completely. They agree and trust to bank when it comes to control aspect, but still there is certain amount of feeling unsafe in psychology of people which could be the reason why there is no significant increase in trend line of electronic banking development of BiH. The fact that Bosnian clients are not very safe with tangible features of IT Security in online banking says that banks should work more to boost awareness of people and stress importance of this issue in conducting online transactions. Intangible features were of medium importance for Bosnian clients, and in general they slightly believe and feel that online banking is secure. Are these differences related to different development levels in economies of BiH and Croatia, or they are based on fact that Croatia is member state of European Union while BiH is still striving to get there, these could be good questions for some other research in other area.