1. Vijay V Vijayakumar

2.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s

3.  High Availability (24*7)  Fast  Efficient  Effective

4.  Document repository for storage of scanned documents.  Unlimited number of account holders  Straight-through processing of SWIFT Messages  On-Line Banking  Integrate with third party debit and credit card provider  Transaction status notification to client and merchant

5.  Account summary, transfer & transaction history.  Credit Card account summary & transaction history. Loan account summary & transaction history  Real time access to accounts, profiles and preferences.  Send statements online in a secure messaging environment.  Stop payment, checks re-order & other account management tasks.  Automate debits & transfers. Customer initiated account applications.  Credit Card applications. Loan & mortgage applications.

6.  User Authentication Most basic Inadequate in current scenario Threats like Phishing, Session Hijacking  Firewalls Prevent attacks from Internet or External Systems Doesn’t prevent from Insider attacks  Encryption All data stored in the server should be encrypted e.g. Triple DES  Hardware Security The actual hardware of the server should be protected against breaches

7.  Secure E-Mail ◦ E-Mails are generally sent/received in Plain-Text  Secure HTTP ◦ All communication between Server and Client should be encrypted  Secure Electronic Transaction Secure message transfer during Electronic transactions

8.  Uses TCP port 443  Additional security layer between HTTP and TCP  Provides authentication and encryption  Avoid eavesdropping and man-in-the-middle attacks  Only as secure as the Browser, Web Server and its security

9.  Administrator must create a public key certificate for the web-server  Certificates signed by Certificate Authority  When browsers access web server they check it using the signing certificate provided by the CA  Only then is a connection established

11.  Asymmetric Cryptography ◦ Message signed using private key of sender and receiver decrypts using his public key ◦ Users public key is tied to the user by a digital identity certificate issued by a certificate authority ◦ Provides Authentication and Integrity ◦ Authentication - a valid signature shows that the message was sent by that user ◦ Integrity – checks for modification of message after transmission

13.  Society of World Wide Interbank Telecommunication – includes >200 banks worldwide  Objectives: High availability, Secure transmissions for EFT(Electronic Fund Transfers), financial traffic.  Standardized message format aimed for wide area networking  Proprietary algorithm

14.  Terminals can connect only thro approved SWIFT mechanisms to the regional Processing Centers.  Secure sequencing procedures, transaction audit trails and delivery acknowledgements  SWIFT II- modular approach to handle more traffic and optimize resources

15.  Need to develop shared networks with other banks, in the same country, to enable fast money transfers in the local currency.  US banks are supported by the CHIPS, BANKWIRE, and FEDWIRE networks

16.  Anti-Virus  Anti-Spyware  Anti-Malware  Personal Firewalls  Latest Security Patches

17.  Data stored is encrypted using Triple DES  Message Authentication Code (MAC) is used to used to prevent tampering of messages.  Vulnerable to Social-Engineering Attacks

18.  http://www.megasol.se/  http://www.technisys.net/default.asp?id=16 &mnu=12  http://www.iona.com/solutions/financial/libr ary_iso20022.htm

19.  Questions?