1 / 19

Tools for Implementing Electroni c Banking and Security

Tools for Implementing Electroni c Banking and Security. Vijay V Vijayakumar. Contents. Implementations Server Side Security Transmission Security  Client Side Security ATM’s. Advantages . High Availability (24*7) Fast Efficient Effective. Implementations- Corniche.

hera
Download Presentation

Tools for Implementing Electroni c Banking and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tools for Implementing Electronic Banking and Security Vijay V Vijayakumar

  2. Contents • Implementations • Server Side Security • Transmission Security  • Client Side Security • ATM’s

  3. Advantages • High Availability (24*7) • Fast • Efficient • Effective

  4. Implementations-Corniche • Document repository for storage of scanned documents. • Unlimited number of account holders • Straight-through processing of SWIFT Messages • On-Line Banking • Integrate with third party debit and credit card provider • Transaction status notification to client and merchant

  5. Implementations-CYBERBANK • Account summary, transfer & transaction history. • Credit Card account summary & transaction history. Loan account summary & transaction history • Real time access to accounts, profiles and preferences. • Send statements online in a secure messaging environment. • Stop payment, checks re-order & other account management tasks. • Automate debits & transfers. Customer initiated account applications. • Credit Card applications. Loan & mortgage applications.

  6. Server Side Security   • User Authentication • Most basic • Inadequate in current scenario • Threats like Phishing, Session Hijacking • Firewalls • Prevent attacks from Internet or External Systems • Doesn’t prevent from Insider attacks • Encryption • All data stored in the server should be encrypted e.g. Triple DES • Hardware Security • The actual hardware of the server should be protected against breaches

  7. Transmission Security / Encryption • Secure E-Mail • E-Mails are generally sent/received in Plain-Text • Secure HTTP • All communication between Server and Client should be encrypted • Secure Electronic Transaction Secure message transfer during Electronic transactions

  8. Secure HTTP • Uses TCP port 443 • Additional security layer between HTTP and TCP • Provides authentication and encryption • Avoid eavesdropping and man-in-the-middle attacks • Only as secure as the Browser , Web Server and its security

  9. HTTPS Usage • Administrator must create a public key certificate for the web-server • Certificates signed by Certificate Authority • When browsers access web server they check it using the signing certificate provided by the CA • Only then is a connection established

  10. Identifying a Secure Connection

  11. Digital Signatures • Asymmetric Cryptography • Message signed using private key of sender and receiver decrypts using his public key • Users public key is tied to the user by a digital identity certificate issued by a certificate authority • Provides Authentication and Integrity • Authentication - a valid signature shows that the message was sent by that user • Integrity – checks for modification of message after transmission

  12. Working Model

  13. SWIFT • Society of World Wide Interbank Telecommunication – includes >200 banks worldwide • Objectives: High availability, Secure transmissions for EFT(Electronic Fund Transfers) ,financial traffic. • Standardized message format aimed for wide area networking • Proprietary algorithm

  14. SWIFT cont. • Terminals can connect only thro approved SWIFT mechanisms to the regional Processing Centers. • Secure sequencing procedures, transaction audit trails and delivery acknowledgements • SWIFT II- modular approach to handle more traffic and optimize resources

  15. Regional Banking Networks • Need to develop shared networks with other banks, in the same country, to enable fast money transfers in the local currency. • US banks are supported by the CHIPS, BANKWIRE, and FEDWIRE networks

  16. Client Side Security  • Anti-Virus • Anti-Spyware • Anti-Malware • Personal Firewalls • Latest Security Patches

  17. ATM’s • Data stored is encrypted using Triple DES • Message Authentication Code (MAC) is used to used to prevent tampering of messages. • Vulnerable to Social-Engineering Attacks

  18. References • http://www.megasol.se/ • http://www.technisys.net/default.asp?id=16&mnu=12 • http://www.iona.com/solutions/financial/library_iso20022.htm

  19. Questions?

More Related