Future of E-banking Strategies & Concepts
-
Upload
amershoter -
Category
Documents
-
view
371 -
download
0
Transcript of Future of E-banking Strategies & Concepts
![Page 1: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/1.jpg)
„Future of eBanking, Strategies and Concepts“ITUG Europe 2006, 15th of May, Amsterdam
![Page 2: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/2.jpg)
Vision
Today’s banking platforms need to cope with continuously changing business environments, and a continuous flood of new requirements, while staying sufficiently agile.
Banking platform renewal requires thorough preparation based on a business foundation, including a description of what functionality the business side can expect.
Jost Hoppermann, Forrester Research(from „Vintage Banking Platforms Need Renewal“)
![Page 3: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/3.jpg)
XCOM AG
• The XCOM Group is a Full Service Provider for the Financial Services Industry in the area of eBanking
• XCOM AG has the four large German private banks as their customers (Deutsche Bank, Dresdner Bank, Hypovereinsbank, Commerzbank), as well as some regional private banks and special institutions.
• XCOM AG has decided for expanding its business internationally.
![Page 4: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/4.jpg)
eBanking - Definitions
• eBanking – is about electronic banking transactions
• eBanking – is meant to at least partially replace traditional branch office functions
• eBanking - is a expanding sales channel for banks
• eBanking - Is a dynamic high tech channel, highly competitive, international and customer oriented
• eBanking – the basis for STP processing
• eBanking – bank access 24 x 7 on a worldwide scale
![Page 5: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/5.jpg)
Current Status of eBanking
• „Room for improvement“, particularly in the area of Internet banking for retail customers
• Customer acceptance issues• Pressing security issues • Many different and costly products offered for
improving security, which one to select ?• Fraud losses• Operational cost issues• Cost savings vs. traditional banking transactions not
as high as projected
![Page 6: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/6.jpg)
eBanking on the retreat ?
• In Germany, the number of bank branches has been declining since 1991
• Now, the number of bank branches is increasing again !
(HANDELSBLATT, Donnerstag, 06. April 2006)
• In 2005, the total number of branches increased by 2.6 %
• What are the reasons ?
![Page 7: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/7.jpg)
The need for better eBanking
• Current eBanking is somewhat unpractical and does not provide the level of personal comfort known from branch banking
• Lack of individual consulting• Fear from online fraud and subsequent hassle• Banks need „2nd Generation eBanking“ !• A quantum leap in Security is required• Better personalization ...
![Page 8: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/8.jpg)
Fundamentals of eBanking
Adaptability• multi protocol capability• multi language capability
Trust• Authentity, Integrity• Identity, Confidentiality
Access• Available “around the clock”• failsafe
![Page 9: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/9.jpg)
Complexity in eBanking
• Generating new channels and products
„Many-to-many“
![Page 10: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/10.jpg)
Disadvantages of the traditional approach
• Multiple frontends, multiple backends, each connection implemented separately – high project cost !
• Running front end solutions on standard servers causes high system management cost due to the required security patching
• Each frontend needs separate access control and workflow provisioning
• When problems come up: Difficult to trace, as frontends typically have separate logfiles …
• Changing components cause high project cost, as multiple interfaces are affected
• High maintenance cost
![Page 11: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/11.jpg)
Reducing complexity by MiddleWare
„Hub and spoke“
![Page 12: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/12.jpg)
MiddleWare requirements
• Very high availability• High scalability• Central logging• Central user and security administration• Provides the business logic • Easy to modify:
• Business transactions• Communication protocols• Security mechanisms
• Central security administration
![Page 13: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/13.jpg)
Frontend integration
• Frontend systems:• Browser-banking• External systems run by the customer• Telephone banking• Hotline/Support
• Frontend integration via standard interfaces • National / international standards• Industry standards, e.g WebServices • Business transactions are XML-defined • Standardized security functions, eg. XML-En-/Decryption, XML-Signature /
dynamic passwords
![Page 14: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/14.jpg)
Load scenarios
Load
Frontend MiddleWare Backend
with MiddleWare
without MiddleWare
![Page 16: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/16.jpg)
Secure systems need a secure platform
• Very hard to build a secure system on a vulnerable platform
• no known vulnerabilities on HP NonStop ...
![Page 17: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/17.jpg)
Security issues
• Staged attacks, affecting the bank and/or customers
• Examples• Phishing - deceive customers to provide personal IDs (PIN),
passwords and transaction numbers (TAN) • Trojans – capturing security-relevant information via
malicious code (in the end user’s PC or on the bank server)• Trojans – creating fake transactions
• Just using firewalls and virus scanning software is not enough !
![Page 18: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/18.jpg)
Security functions
• Secure authentication• Use one-time passwords when logging on to the frontend• Quantum leap in security by two-channel approach
• End user creates transaction and transmits it to the bank • Elektronic signature is supplied via a separate channel, which
cannot be affected by malicious code
Example: electronic signature contained in the SIM card of the end user’s mobile phone, verification via GSM network
![Page 19: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/19.jpg)
Further considerations
• The bank system needs to be flexible, to allow easy integration of new security technology
• All business transactions need to be centrally logged• Business Intelligence functionality to improve
security, eg. data mining, blacklist generation etc. to combat fraud
![Page 20: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/20.jpg)
The XCOM and HP solution
![Page 21: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/21.jpg)
eBanking - failsafe and virus-free
• XCOM – eBanking with TRISTANTM-Server• Supports wholesale and retail banking • multi-institution, multi-language support• multi channel support • Optimized for the HP Nonstop platform (based on Pathway)• High scalability, failsafe operation, no vulnerabilities• Modular application structure• No foreign software within the kernel• NonStop SQL support using SQL/MX• Flexible interfaces for backend integration (communication
using server classes without protocol switching)• Supports various security technologies, eg. Valimo mobile ID
management, two-factor authentication tokens etc.)
*betrifft C/C++ - Version
![Page 22: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/22.jpg)
eBanking - failsafe and virus-free
• TRISTANTM-Server• Provides limit management (order limits, rolling limits incl.
currency conversions)• Distributed electronic signature schemes • Data conversions (eg. creation and decomposition of
MT/S.W.I.F.T messages)• Handling of orders with future execution (dated orders,
standing orders)
![Page 23: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/23.jpg)
Operational characteristics
• Central security administration• central tracking facility for business transactions • Failsafe 24 x 7 operations, including business
continuity functions (eg. remote backup center)• central monitoring – operational and business
statistics available in real time• Data warehouse functionality to support flexible
analysis over extended periods
![Page 24: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/24.jpg)
eBanking - failsafe and virus-free
• XCOM – eBanking Components (WebFiliale)• Browser based online banking system suites for private
customers as well for business use • providing a combination of professional functions and simple
use• Can be installed easily on J2EE compliant application
containers/servers• Data transfer between customer‘s web browser an the
remote application is secured by encryption• Multi language support from day one• Support electronic signatures, eg. Valimo mobile ID mgmt.
![Page 25: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/25.jpg)
eBanking - failsafe and virus-free
Why is HP NonStop more secure ?
• Built for security from day one – worldwide leader in electronic paments
• Not a single known case of electronic fraud without possesion of the required security credentials (UserIDs, passwords, PINs etc.)
• Sophisticated protection against internal attacks, eg. separated roles/functions for system administrators and security managers
• Sophisticated protection against external attacks, the common attack schemes like Buffer Overflow just don‘t work on HP NonStop systems
![Page 26: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/26.jpg)
eBanking - failsafe and virus-free
• No known vulnerabilities on HP Nonstop, hence no security patching
• Limited threat potential – HP NonStop is used only in business-critical areas within large enterprises. Nonstop hardware, software and in-depth system knowhow is definitely out of reach for the average hacker
• Highest level of security at lowest operational cost • No security patching means elimination of the
related efforts, costs, operational risks and downtimes
Why is HP NonStop more secure ?
![Page 27: Future of E-banking Strategies & Concepts](https://reader033.fdocuments.net/reader033/viewer/2022051515/5525a6574a7959f90c8b497d/html5/thumbnails/27.jpg)
eBanking - failsafe and virus-free
• XCOM Group has designed and implemented new concepts in eBanking in Germany, with considerable success in the German market
• In cooperation with HP, we are ready to bring modern eBanking with much more security to the international banking community