Documentos de Académico
Documentos de Profesional
Documentos de Cultura
ON
O NLINE B ANKING
Table of Contents
T ABLE W HAT
OF
C O N T E N T S .................................................................................................. 1 I
MEAN NTRO BY TO
C HAPTER
IS
O N L I N E B A N K I N G ............................................................
BANKING
1 1
ONLINE
? .....................................................................
Why online?..............................................................................................................................................1 What is Bank Wire Transfers?..................................................................................................................1 Some terminologies explained:................................................................................................................2 T H E G L O B A L E - B A N K I N G S C E N A R I O ..................................................................... 3 Hurdles in implementation of E-Banking in the Region:...........................................................................4 I N T E R N E T S E R V I C E S P R O V I D E D B Y B A N K S ............................................................. 4 Issues in services provided by banks via internet.....................................................................................4 The regulatory and Supervisory concerns in i-banking.............................................................................5 State Bank of Pakistans Concerns over Internet Facilities.....................................................................9 The Global Scenario...............................................................................................................................10 Hurdles in implementation of E-Banking in the Region:.........................................................................10 I N T E R N E T I T S B A S I C S T R U C T U R E A N D T O P O L O G Y ............................................. 1 1 World Wide Web (WWW) ......................................................................................................................12 Wireless Application Protocol (WAP):....................................................................................................12 Security threats:.....................................................................................................................................13 E-Commerce:.........................................................................................................................................13 Business-to-Consumers (B2C):..............................................................................................................14 Opportunities:.........................................................................................................................................15 Concerns:...............................................................................................................................................15 Business to Business (B2B)...................................................................................................................16 The Growth of Internet Banking and common products:........................................................................17 Different Approaches..............................................................................................................................18 C H A P T E R 2 O N L I N E B A N K I N G V I Z A S K A R I B A N K ........................................... 1 9 L INKING B RANCH
OF BRANCHES
...........................................................................................
19 19
NETWORK
..................................................................................................
South Region Cities: ..............................................................................................................................20 North Region Cities: ..............................................................................................................................21 Center Region: ......................................................................................................................................21 North Region Cities: ..............................................................................................................................22 South Region Cities: ..............................................................................................................................22 W H Y A S K A R I O N L I N E B A N K I N G F A C I L I T I E S ? ...................................................... 23 Askari Bank Online Facilities..................................................................................................................23 ATM facility ............................................................................................................................................23 iNET Banking ........................................................................................................................................23 Virtual Private Networking (VPN)...........................................................................................................23 Inter Bank Fund Transfer IBFT............................................................................................................24 A S K A R I B A N K W H I L E F A C I L I T A T I N G B U S I N E S S E S ................................................. 25 Network specifications............................................................................................................................26 G L O S S A R Y ............................................................................................................... 29
______________________________________________________________________________ i
R EPORT
ON
O NLINE B ANKING
C HAPTER 1 I
NTRO
TO
O NLI NE B ANKI NG
Why online?
Today, banks seem to be jumping on the bandwagon of Internet banking. Why is there a sudden increase of bank interests in the Internet? The reasons are Because of the improved security and encryption methods developed on the Internet. Banks did not want to lose a potential market share to banks that were quick to offer their services on the Internet. Electronic banking is an activity that is not new to banks or their customers. Banks, having been providing their services to customers electronically for years through software programs, which allowed the users personal computer to dial up the bank directly. In the past however, banks have been very reluctant to provide their customers with banking via the Internet due to security concerns, but now its a reality. As high growth potential for ebanking the players focused on increasing and improving their E-banking services. As a part of this, the banks began to collaborate with functions online via Bank Wire Transfers.
______________________________________________________________________________ 1
R EPORT
ON
O NLINE B ANKING
2. The sending bank transmits a message, via a secure system (such as SWIFT) to the receiving bank, requesting that it effect payment according to the instructions given. 3. The message also includes settlement instructions. The actual transfer is not instantaneous: funds may take several hours or even days to move from the sender's account to the receiver's account. 4. Either the banks involved must hold a reciprocal account with each other, or the payment must be sent to a bank with such an account, a correspondent bank, for further benefit to the ultimate recipient. Banks collect payment for the service from the sender as well as from the recipient. The sending bank typically collects a fee separate from the funds being transferred, while the receiving bank and intermediate banks through which the transfer travels deduct fees from the money being transferred so that the recipient receives less than what the sender sent.
______________________________________________________________________________ 2
R EPORT
1. 4 letters: Institution Code or bank code. 2. 2 letters: ISO 3166-1 alpha-2 country code 3. 2 letters or digits: location code
ON
O NLINE B ANKING
4. if the second character is "0", then it is typically a test BIC as opposed to a BIC used on the live network. 5. if the second character is "1", then it denotes a passive participant in the SWIFT network 6. if the second character is "2", then it typically indicates a reverse billing BIC, where the recipient pays for the message as opposed to the more usual mode whereby the sender pays for the message. 7. 3 letters or digits: branch code, optional ('XXX' for primary office) Where an 8-digit code is given, it may be assumed that it refers to the primary office. SWIFT Standards, a division of The Society for Worldwide Interbank Financial Telecommunication (SWIFT), handles the registration of these codes. For this reason, Business Identifier Codes (BICs) are often called SWIFT addresses or codes.
______________________________________________________________________________ 3
R EPORT
ON
O NLINE B ANKING
______________________________________________________________________________ 4
R EPORT
ON
O NLINE B ANKING
1. It removes the traditional geographical barriers as it could reach out to customers of different countries/legal jurisdiction. This has raised the question of jurisdiction of law/supervisory system to which such transactions should be subjected, 2. It has added a new dimension to different kinds of risks traditionally associated with banking, heightening some of them and throwing new risk control challenges, 3. Security of banking transactions, validity of electronic contract, customers privacy, etc., which have all along been concerns of both bankers and supervisors have assumed different dimensions given that Internet is a public domain, not subject to control by any single authority or group of users, 4. It poses a strategic risk of loss of business to those banks who do not respond in time, to this new technology, being the efficient and cost effective delivery mechanism of banking services, 5. A new form of competition has emerged both from the existing players and new players of the market who are not strictly banks.
______________________________________________________________________________ 5
R EPORT
Security Incidents
ON
O NLINE B ANKING
2003 and 2004 saw the emergence of fraudulent activities pertaining to Internet Banking or better known in the industry as phishing. A total of 92 phishing cases were reported to the Malaysian Computer Emergency Response Team (MyCERT, www.mycert.org.my) in 2004. The modus operandi of this activity is to use spoofing techniques to gain names and passwords of account holders. The victims reported being deceived into going to a fake website where perpetrators stole their usernames and passwords and later use the information for the perpetrators own advantage. Phishing is an attempt to commit fraud via social engineering. The impact is the breach of information security through the compromise of confidential data. The Association of Banks Malaysia (ABM) has urged both commercial banks and their customers to be extra vigilant following reports of fraudulent email purportedly sent by banks with Internet banking services to online customers. The fraudulent activities mentioned above are not limited to the Malaysian banking industry. It is a worldwide problem particularly in the United States. There, 2560 new unique phishing sites were reported to the Anti Phishing Working Group (APWG) in this year. (see http://antiphishing.org/APWG_Phishing_Activity_Report_Feb05.pdf). It was an increase of 47 percent over the December 2004 figure. APWG is an industry association focused on eliminating identity theft and fraud that result from the growing problem of phishing and email spoofing. This voluntary based organization provides a forum to discuss phishing issues, trials and evaluations of potential technology solutions, and access to a centralised repository of reports on phishing attacks. In China, it was reported that the National Computer Network Emergency Response Technical Team / Coordination Centre of China (CNCERT/CC) received 223 Phishing reports from over 33 worldwide financial and security organization. Attack Techniques Nowadays, the nature of attacks is more active rather than passive. Previously, the threats were all passive such as password guessing, dumpster diving and shoulder surfing. Here are some of the techniques used by the attackers today: Trojan Attack. 1 The attacker installs a Trojan, such as key logger program, on a users computer. This happens when users visited certain websites and downloaded programs. As they are doing this, key logger program is also installed on their computer without their knowledge.
______________________________________________________________________________ 6
R EPORT
ON
O NLINE B ANKING
When users log into their banks website, the information keyed in during that session will be captured and sent to the attacker. Here, the attacker uses the Trojan as an agent to piggyback information from the users computer to his backyard and make any fraudulent transactions whenever he wants. Man-in-the-Middle Attack. Here, the attacker creates a fake website and catches the attention of users to that website. Normally, the attacker was able to trick the users by disguising their identity to make it appear that the message was coming from a trusted source. Once successful, instead of going to the designated website, users do not realize that they actually go to the fraudsters website. The information keyed in during that session will be captured and the fraudsters can make their own transactions at the same time.
______________________________________________________________________________ 7
R EPORT
ON
O NLINE B ANKING
However, the use of password does not provide adequate protection against Internet fraud such as phishing. The problem with password is that when it has been compromised, the fraudsters can easily take full control of online transactions. In such cases, the password is no longer works as an authentication token because we cannot be sure who is behind the keyboard typing that password in. However, easy access and convenience should not be at the expense and mercy of the security of information. This is important in order to ensure the confidentiality of information and that it is not being manipulated or compromised by the fraudsters. There are several methods of ensuring a more secure Internet banking: 1. Minimum Requirement: Two Factor Authentication Based on the above method, the security measures in place are not adequate to prevent fraud. The current method of using only one factor of authentication definitely has its weaknesses. The security aspects of Internet banking need to be strengthened. At minimum, a two-factor authentication should be implemented in order to verify the authenticity of the information pertaining to Internet banking services. The first authentication factor can be the use of passwords and the second authentication factor can be the use of tokens such as a smartcard. MyKAD is a good avenue to introduce the second factor. The above security measures will greatly minimize incidents of Internet banking fraud. The smartcard here provides a second layer of authentication. This will stop a perpetrator even if he manages to obtain the users password. Intercepted passwords cannot be used if fraudsters do not have the Smartcard. Besides addressing fraudulent activities, this can instill customers confidence in Internet banking. 2. Additional Requirement: Three Factor Authentication However, for a better security, a three factor authentication process should be considered. The third authentication factor is the use of biometric such as iris or thumbprint recognition. This ascertains who one is, biologically. This method of authentication has been introduced by the
______________________________________________________________________________ 8
R EPORT
the latest statements of a member.
ON
O NLINE B ANKING
With a three-factor authentication a more secure method can be implemented - a password to ascertain what one knows, a token (smartcard) to ascertain what one has, and biometric recognition (for example fingerprint or thumbprint) to ascertain who one biologically is. As such, if passwords have been compromised, fraudsters need to get through another two levels of authentication to access a customers account. This would be difficult, if not totally impossible. SUPERVISORY AND OPERATIONAL ISSUES The supervisory and operational issues include risk control measures, advance warning system, Information technology audit and re-engineering of operational procedures. The regulator would also be concerned with whether the nature of products and services offered are within the regulatory framework and whether the transactions do not camouflage money-laundering operations.
______________________________________________________________________________ 9
R EPORT
technologies, which is a much bigger challenge.
ON
O NLINE B ANKING
have systems in place, but the systems must be constantly upgraded to changing and well-tested
The other aspect is to provide conducive regulatory environment for orderly growth of such form of banking. Central Banks of many countries have put in place broad regulatory framework for ibanking.
______________________________________________________________________________ 10
R EPORT
ON
O NLINE B ANKING
______________________________________________________________________________ 11
R EPORT
ON
O NLINE B ANKING
FTP or File Transfer Protocol is a mechanism for transferring files between computers on the Internet. It is possible to transfer a file to and from a computer (ftp site) without having an account in that machine. Any organization intending to make available to public its documents would normally set up a ftp site from which any one can access the documents for download. Certain ftp sites are available to validated users with an account ID and password. E-Mail: The most common and basic use of Internet is the exchange of e-mail (electronic mail). It is an extremely powerful and revolutionary result of Internet, which has facilitated almost instantaneous communication with people in any part of the globe. With enhancements like attachment of documents, audio, video and voice mail, this segment of Internet is fast expanding as the most used communication medium for the whole world. Many websites offer e-mail as a free facility to individuals. Many Corporate have interfaced their private networks with Internet in order to make their email accessible from outside their corporate network.
______________________________________________________________________________ 12
R EPORT
ON
O NLINE B ANKING
adequate security. Wireless Transaction Protocol (WTP), which is the equivalent of TCP, sets the communication rules and Wireless Transport Layer Security (WTLS) provides the required security by encrypting all the session data. WAP is set to revolutionize the commercial use of net.
Security threats:
One of the biggest attractions of Internet as an electronic medium is its openness and freedom. It is a public domain and there is no restriction on who can use it as long as one adheres to its technical parameters. This has also given rise to concerns over the security of data and information transfer and privacy. These concerns are common to any network including closed user group networks. But over the Internet, the dimensions of risk are larger while the control measures are relatively fewer. These issues are discussed in detail in Chapter5 and Chapter6 of the report. It will be sufficient to say here that the key components of such concern are, i. ii. iii. iv. v. authentication, viz., assurance of identity of the person in a deal, authorization, viz., a party doing a transaction is authorized to do so, the privacy or confidentiality of data, information relating to any deal, data integrity, viz., assurance that the data has not been altered and non repudiation, viz., a party to the deal can not deny that it originated the communication or data.
E-Commerce:
Even though started as network primarily for use by researchers in defense and scientific community, with the introduction of WWW in early 1990s, use of Internet for commerce has grown tremendously. E-commerce involves individuals and business organizations exchanging business information and instructions over electronic media using computers, telephones and other telecommunication equipments. Such form of doing business has been in existence ever since electronic mode of data / information exchange was developed, but its scope was limited only as a medium of exchange of information between entities with a pre-established contractual relationship. However, Internet has changed the approach to e-commerce; it is no longer the same business with an additional channel for information exchange, but one with new strategy and models. A business model generally focuses on i. ii. iii. iv. where the business operates, that is, the market, the competitors and the customers, what it sells, that is, its products and services the channels of distribution, that is, the medium for sale and distribution of its products and the sources of revenue and expenditure and how these are affected.
______________________________________________________________________________ 13
R EPORT
ON
O NLINE B ANKING
Internet has influenced all the four components of business model and thus has come to influence the business strategy in a profound way. The size of the market has grown enormously as technically, one can access the products and services from any part of the world. So does the potential competition. The methods of reaching out to customers, receiving the response and offering services have a new, simpler and efficient alternative, now, that is, Internet. The cost of advertisement, offer and delivery of services through Internet has reduced considerably, forcing most companies to rework their strategies to remain in competition. A research note by Paul Timmers of European commission had identified eleven business models, which have been commercially implemented. These are e-shop, e-procurement, e-auction, e-mall, Third-party market place, Virtual communities, Value chain service providers, Value chain integrators, Collaboration platforms and Information brokers. He classified business models along two dimensions, i.e, degree of innovation and extent of integration of functions. The innovation ranged from the electronic version of a traditional way of doing business (e-shop) to more innovative ways by offering functions that did not exist before. The second dimension, i.e, extent of integration ranges from a single function business model (like e-shop) to fully integrated functionality (value chain integrator). In the top end of the graph are models, which cannot be implemented in a traditional way and are critically dependent upon information technology and creating value from information flow. Business models, in between these two limits are a combination of both dimensions in different degrees and have some degree of analogy in traditional firms. There are two types of e-commerce ventures in operation: the old brick and mortar companies, who have adopted electronic medium, particularly Internet, to enhance their existing products and services, and / or to offer new products and services and the pure e-ventures who have no visible physical presence. This difference has wider ramifications than mere visibility when it comes to issues like customers trust, brand equity, ability to service the customers, adopting new business culture and cost. These aspects of e-commerce will be touched upon in the following discussions. Another way of classifying the e-commerce is by the targeted counterpart of a business, viz, whether the counterpart is a final consumer or another business in the distribution chain. Accordingly, the two broad categories are: Business-to-Consumer (B2C) and Business-toBusiness (B2B).
Business-to-Consumers (B2C):
In the B2C category are included single e-shops, shopping malls, e-broking, e-auction, e-banking, service providers like travel related services, financial services etc., education, entertainment and any other form of business targeted at the final consumer. Some of the features, opportunities and concerns common to this category of business irrespective of the business segment, are the following.
______________________________________________________________________________ 14
R EPORT
ON
O NLINE B ANKING
Opportunities:
Internet provides an ever-growing market both in terms of number of potential customers and geographical reach. Technological development has made access to Internet both cheaper and faster. More and more people across the globe are accessing the net either through PCs or other devices. The purchasing power and need for quality service of this segment of consumers are considerable. Anybody accessing Internet is a potential customer irrespective of his or her location. Thus, any business targeting final consumers cannot ignore the business potential of Internet. Internet offers a unique opportunity to register business presence in a global market. Its effectiveness in disseminating information about ones business at a relatively cost effective manner is tremendous. Time sensitive information can be updated faster than any other media. A properly designed website can convey a more accurate and focused image of a product or service than any other media. Use of multimedia capabilities, i.e., sound, picture, movies etc., has made Internet as an ideal medium for information dissemination. However, help of other media is necessary to draw the potential customers to the web site. The quality of service is a key feature of any e-commerce venture. The ability to sell ones product at anytime and anywhere to the satisfaction of customers is essential for e-business to succeed. Internet offers such opportunity, since the business presence is not restricted by time zone and geographical limitations. Replying to customers queries through e-mail, setting up (Frequently Asked Questions) FAQ pages for anticipated queries, offering interactive help line, accepting customers complaints online 24 hours a day and attending to the same, etc. are some of the features of e-business which enhance the quality of service to the customers. It is of crucial importance for an e-venture to realize that just as it is easier to approach a customer through internet; it is equally easy to lose him. The customer has the same facility to move over to another site. Cost is an important issue in an e-venture. It is generally accepted that the cost of overhead, servicing and distribution, etc. through Internet is less compared to the traditional way of doing business. Although the magnitude of difference varies depending on the type of business and the estimates made, but there is unanimity that Internet provides a substantial cost advantage and this, in fact, is one of the major driving forces for more number of traditional business adopting to e-commerce and pure e-commerce firms to sprout. Cost of communication through WWW is the least compared to any other medium. Many a time ones presence in the web may bring in international enquiries, which the business might not have targeted. The business should have proper plans to address such opportunities.
Concerns:
There are a number of obstacles, which an e-commerce venture needs to overcome. Trust of customers in a web venture is an important concern. Many customers hesitate to deal with a web venture as they are not sure of the type of products and services they will receive. This is
______________________________________________________________________________ 15
R EPORT
ON
O NLINE B ANKING
particularly true in a B2C venture like e-shop, e-mall or e-auction site. Traditional business with well established brands and goodwill and having a physical presence face less resistance from customers in this regard than a pure e-venture. Many B2C ventures have ultimately to deliver a product or service in physical form to the customer for a deal contracted through Internet. This needs proper logistics, an efficient distribution network, and control over quality of product or service delivered. These issues are not technology related and any let off in this area can drive the customer away to the competitor or from e-commerce. The privacy of information on the customers preferences, credit card and bank account details etc. and customers faith in a system where such privacy is stated to be ensured are important issues to be addressed. These are mainly technological issues, but human factor is important both at the business and at the customers end and also in building the trust in the system. Security of a transaction, authenticity of a deal, identification of a customer etc. are important technological and systems issues, which are major sources of concern to ecommerce. Equally important are questions of repudiation of a deal, applicability of law, jurisdiction of tax laws etc. These are important to all forms of e-commerce, whether B2C or B2B and all segments of business, i.e. manufacturing, services and finance and are addressed in different chapters of this report. Accessibility to Internet by the consumers is an important issue in B2C domain. This is particularly so in countries like India where penetration of PCs and other devices to households for access to Internet is minimal. Also important are availability of bandwidth and other infrastructure for faster and easier access. Considering that ecommerce aims at global market, deficiencies of these kinds in the developing world are no longer concerns confined to these areas, but are global e-commerce concerns.
______________________________________________________________________________ 16
R EPORT
ON
O NLINE B ANKING
purchase order with the supplier, whose system in turn, personnel, etc., since they involve large investments and are critical to success. Several studies have attempted to assess the relative importance of B2B and B2C business domains. There is wide difference in estimates of volume of business transacted over Internet and its components under B2C and B2B. However, most studies agree that volume of transactions in B2B domain far exceeds that in B2C. This is expected result. There is also a growing opinion that the future of e-business lies in B2B domain, as compared to B2C. This has several reasons some of which are already discussed earlier, like low penetration of PCs to households, low bandwidth availability etc., in a large part of the world. The success of B2C ventures depends to a large extent on the shopping habits of people in different parts of the world. A survey sponsored jointly by Confederation of Indian Industries and Infrastructure Leasing and Financial Services on e-commerce in India in 1999 made the following observations. 62% of PC owners and 75% of PC non-owners but who have access to Internet would not buy through the net, as they were not sure of the product offered. The same study estimated the size of B2B business in India by the year 2001 to be varying between Rs. 250 billion to Rs. 500 billion. In a recent study done by Arthur Anderson, it has been estimated that 84% of total e-business revenue is generated from B2B segment and the growth prospects in this segment are substantial. It has estimated the revenues to be anywhere between US $ 2.7 trillion to over US $ 7 trillion near future.
______________________________________________________________________________ 17
R EPORT
ON
O NLINE B ANKING
In B2B scenario, a new form of e-commerce market place is emerging where various players in the production and distribution chain are positioning themselves and are achieving a kind of integration in business information flow and processing (STP or near STP) leading to efficiencies in the entire supply chain and across industries. Banks are positioning themselves in such a market in order to be a part of the financial settlements arising out of transactions of this market and providing wholesale financial services. This needs integration of business information flow not only across the players in the supply chain, but with the banks as well. With the integration of business information flow and higher degree of transparency, the banks and other financial services institutions have lost some of the information advantage they used to enjoy and factor in to pricing of their products. However, such institutions have the advantage of long standing relationships, goodwill and brand, which are important sources of assurance in a virtual market. Banks are in fact, converting this goodwill into a business component in ecommerce scenario in providing settlement and other financial services. Some banks have also moved to providing digital certificates for transactions through e-markets. Banks strategies in B2B market are responses to different business models emerging in e-commerce. A recent study by Arthur Andersen shows that banks and financial service institutions generally adopt one of three business models to respond to e-business challenges. In the first place, they treat it as an extension of existing business without any significant changes other than procedural and what technology demands. The second strategy takes the same approach as the first but introduces structural changes to the underlying business. In the third approach banks launch e-business platform as a different business from the existing core business and as a different brand of product.
Different Approaches
There is no definite answer as to which approach is appropriate. Perhaps it depends on the type of market the bank is operating, its existing competencies and the legal and regulatory environment. It is, however, sure that e-banking is evolving beyond the traditional limits of banking and many new products / services are likely to emerge as ecommerce matures.
______________________________________________________________________________ 18
R EPORT
ON
O NLINE B ANKING
C HAPTER 2 O
NLI NE
B ANKI NG
VIZ
A SKARI B A NK
As explained earlier how Banks work online with different challenges they face while operating online. Similarly is the case with the bank we have chosen i.e. Askari Bank Limited. As we already know that the purpose of having online facility is to have real-time transactions without having a customer to present physically in the home branch and only with mere virtual presence like internet access, phone-banking, mobile banking, inter-branch funds transfer etc.
Linking of branches
All branches of Askari Bank Limited are connected but not limited only via: Satellite links Copper-wire media Radio links Fiber-optics Nostra etc.
Branch network
FIGURE 2.1 Askari Banks branch network across Pakistan region wise.
______________________________________________________________________________ 19
R EPORT
ON
O NLINE B ANKING
______________________________________________________________________________ 20
R EPORT
ON
O NLINE B ANKING
Center Region:
Bahawalpur Bhalwal Burewala Chiniot Daska Depalpur Dera Ghazi Khan Faisalabad Gujranwala Gujrat Hasil Pur Jalalpur Bhattian Jhang Khanewal Kharian Lahore Lalamusa Layyah Mandi Bahauddin Mianwali Multan Okara Phool Nagar Pir Mahal Rahim Yar Khan Sadiqabad Sahiwal Sargodha Sheikhupura Sialkot Toba Tek Singh Vehari
______________________________________________________________________________ 21
R EPORT
ON
O NLINE B ANKING
______________________________________________________________________________ 22
R EPORT
ON
O NLINE B ANKING
ATM facility
Including AskCard, Askari Visa Debit Cards, Askari MasterCard etc are to name some, which with the power of Visa and MasterCard, gives you the privilege of using it globally.
iNET Banking
Internet, intranet and online banking to their valuable customers via banks 24/7 intranet
______________________________________________________________________________ 23
R EPORT
classifications, implementations, and uses for VPNs.
ON
O NLINE B ANKING
firewalls and head-office which is generally referred as EDT/Phoenix. There are many different
HEADOFFICE/ETD/ PHOENIX
1Link / MNet
FIGURE 2.3 How AKBLs Online transaction moves across the country
Similarly, AKBLs online network is centrally controlled from AWT Plaza, Rawalpindi, which they in short call as ETD and system administrators and network auditors as Phoenix, where all their online records are verified and are put in black and white, whether its day-end reporting, branch report, 100, 40 reports, which includes all transactions to and from a particular branch. As far as the above diagram concern, it is showing that a person whose home branch is in Islamabad, and hes in Karachi for some business work, so whenever hell be needing an online bank fund transfer option,
______________________________________________________________________________ 24
R EPORT
ON
O NLINE B ANKING
itll go through Phoenix in Islamabad and a log will be created there which will be including agent ID (usually the CD incharge is the person whos responsible for all such transactions) and than the transaction will move forward to its final destination. All this takes merely 60 seconds to authenticate and verify. In 40 report, all this log from a branchs point-of-view is printed at day end and a CC is sent to the ETD for reconciliation and only AFTER verification and rectification from Phoenix, the system administrator is allowed to switch off the branchs online network and most of the time hes the last person to leave the office building.
Privacy guaranteed
Privacy while using ATM services matters greatly as all these transactions and printing of receipt are system generated and under no circumstances, private information which could disclose ones identity is not a matter of concern as even when a particular branch network administrator takes out the 40 report from ATM, even in that report, only first and last 4 digit of their card numbers are visible and rest is hidden behind asterisks. Although those reports are kept in the branch till Saturday and on every Saturday, they put those bundles of ATM receipt sheet which includes their transaction activities across the week is dispatched in a folder and iFax one copy to ETD on weekly basis with their particular branch ID.
Network security
Network security in current environment is a great matter of concern for banks because at times, a little mishap can result a catastrophic output. Thats why all AKBLs transactions are fully secured by keeping it encrypted algorithm while using ATM facility, using up-to-date antivirus security (at AKBL they are using Kaspersky Antivirus), last but not the least is Firewall guard. These steps also applicable for having batch-transfers in real-time transaction and general ledgers especially when they are being printed from out-of-network to AKBL ATM.
______________________________________________________________________________ 25
R EPORT
Business Visa Debit Cards Country-to-Country Money and Fund Transfer via Nostra Insurance o o o Includes all business transactions All ATM transactions are fully insured All these facilities are complimentary for their customers
ON
O NLINE B ANKING
Business loans with low mark-up Askari Paishgi Munafa Account SWIFT Accounts
Network specifications
As we know that there are many types of networks which are being used, most commonly is the LAN or local area network. But Askari Bank uses WAN or Wide Area Network because of its wide array of networked branches.
______________________________________________________________________________ 26
R EPORT
ON
O NLINE B ANKING
KBOX
KBOX is another of the software which is included with their WAN network package and the purpose of this software is to limit personalized use of office computers and while at the day-end, this report is also forwarded to ETD and a copy is saved in home branch, by personalized use we mean: Playing games and listening music Installing software other than the prescribed ones from ETD Using any other source of connecting to internet (as apart from Branch manager and Operations manager, no one in the branch is allowed to use internet of any means, even anti-virus software is also to be updated directly by the system/network administrator and no officer is allowed to do the same from his/her own) like internet device, USB stick etc. Unauthorized flash-drive activity Attaching any other device to office computers except office printers, scanners etc like cell phones, smart phones, laptops (even though manager grades have such privileges)
Banks IT Room
All these records are initially kept at the branchs IT room. An IT room is a place where usually on a common day, no one is allowed to enter the room as case sensitive information is placed over there, like server configuration, bandwidth distribution and allocation, printing and saving logs of customer statements, direct connected to the ETD, usually the IT room is placed upstairs under the surveillance of CCTV cameras as
voiding it is a audit objection, any network or equipment problem is referred to the network administrator, Even in case of a problem with ATM like machine out of order or customer card
stuck is only recovered when theres a network administrator around, because of his peculiar ID hes able to forward the complain to ETD therefore no one else in the branch have the privilege of doing the same, else even in case of a problem with ATM no one is allowed to touch it,
______________________________________________________________________________ 27
R EPORT
and its room in Bank.
ON
O NLINE B ANKING
Therefore, in the light of above, one cant deny the importance of a network administrator
______________________________________________________________________________ 28
R EPORT
ON
O NLINE B ANKING
Glossary
ATM
Automatic Teller Machine
B2B
Business-to-Business
B2C
Business-to-Customers
Bank-Wire Transfers
Bank wire transfers is said to be the path or interface which allows bank-2-bank transactions between two international banks, often the most expedient method for transferring funds between bank accounts.
Decrypt
To decode -
Encrypt
To encode -
FTP
File Transfer Protocol
IBAN
The International Bank Account Number (IBAN) is an international standard for identifying bank accounts across national borders with a minimal of risk of propagating transcription errors.
IBFT
Inter-Bank-Fund-Transfer Allows a customer to access his bank account away from his homebranch and able to transfer cash and funds to and from a remote branch without physically present at his home-branch.
______________________________________________________________________________ 29
R EPORT
separated from the regular internet.
ON
O NLINE B ANKING
extranet, which is composed of computers inside the company and outside the company but still is
Middle-in-the-man attack
Normally, the attacker was able to trick the users by disguising their identity to make it appear that the message was coming from a trusted source. Once successful, instead of going to the designated website, users do not realize that they actually go to the fraudsters website. The information keyed in during that session will be captured and the fraudsters can make their own transactions at the same time
Spoof
A mail from hacker which misguides the end user to enter his personal details, and on the basis of which, the log of the keys pressed on that spoof website, is directly key-logged into hackers computer and therefore hes able to use that information to personify others.
SWIFT
ISO 9362 (also known as SWIFT-BIC, BIC code, SWIFT ID or SWIFT code) is a standard format of Business Identifier Codes approved by the International Organization for Standardization (ISO).
System administrator
A system administrator or network administrator in a bank is a person who controls all network transaction made through banks computer systems, which can include but not limited to printing of receipts like statements, day-end procedures etc. It also helps connect the bank to the central network and is the body responsible for keeping network server and its related equipments in well working conditions. Apart from that hes responsible for keeping the ATM machine well intact and any problem in that machine has to be rectified by him.
WAP
Wireless Application Protocol
______________________________________________________________________________ 30