An Introduction to Internet Banking

About This Presentation

Title:

An Introduction to Internet Banking

Description:

Title: An Introduction to Internet Banking Last modified by: Milos Kovacevic Document presentation format: On-screen Show Other titles: Times New Roman Tahoma ... – PowerPoint PPT presentation

Number of Views:24

Avg rating:3.0/5.0

Slides: 114

Provided by: grfBgAcR

more less

Transcript and Presenter's Notes

Title: An Introduction to Internet Banking

1
An Introduction toInternet Banking

Milos Kovacevic, milos_at_grf.bg.ac.yu
Nikola Klem, klem_at_grf.bg.ac.yu
Veljko Milutinovic, vm_at_etf.bg.ac.yu
University of Belgrade, Yugoslavia

2
Presentation Outline

Introduction to E-Banking

Internet bank demo customers point of view

Security issues

Setting up an Internet bank channel

Internet bank demo small community bank

Searching for financial information on the Web

Conclusions

3
Introduction to E-Banking

The basis

4
Introduction to E-Banking

Introduction to E-Business

What is E-Bank

Why to do E-Banking

Some facts about E-Banking

5
Introduction to E-Business

We are living in the connected world!

6
Introduction to E-Business

Its Monday. You have to

Reserve airplane tickets for your vacation

Buy gifts for your childs birthday

Pay bills for the current month (electricity,
telephone )

Check the bank account information

Inform relatives about family gathering next
weekend

Thanks to the development of E-Business, you
can do all of the above from your home or
even from the car!

7
Introduction to E-Business

The transformation of key business processes
through the use of of Internet and related
technologies (IBM Corporation)

B-to-B (Business to Business)

B-to-C (Business to Customer)

8
European E-Business momentum
9
European E-Business momentum
10
European E-Business momentum
11
What is E-Bank?

Traditional banking business assumes

customer desk at banks building
working time from 8.00 am to 19.00 pm

Customers have

their job during the day
family activities after job

12
What is E-Bank

E-Bank is transforming banking business into
E-Business thru utilizing various E-Channels

E-Channels are

Internet

WAP based mobile network

Automated telephone

ATM network

SMS and FAX messaging

Multipurpose information kiosks

Web TV and others

13
What is E-Bank?

E-Banking business assumes

E-Channels enable financial transactions from
anywhere
working time is non-stop

Customer requests are

non-stop working time
using services from anywhere

14
Why to do E-Banking

Possibility to extend your market (even out of
country)

Possibility to process more financial
transactions

Possibility to lower your transaction cost

15
Some facts about E-Banking in Europe
16
Some facts about E-Banking in Europe
17
Some facts about E-Banking in Europe
18
Some facts about E-Banking in Europe
19
Some facts about E-Banking in USA
20
Some facts about E-Banking in USA
21
Internet Banking

Using Internet as an E-Channel makes financial
services aavailable to wide population

WWW service

In this tutorial we shall focus oon
Internet Banking

22
Internet Bank Demo

Customers point of view

23
Internet Bank Democustomers point of view

What customer needs for online bank access

Equifax demo primer

24
Customer should have a

Standard PC with Internet access

Internet browser that supports SSL and,

Money

25
Equifax demo primer

Here goes presentation of Equifax demo primer
for their Internet bank solution
The aim is to show how an online bank looks like
from the customers point of view
Presentation will be done thru Internet Explorer
and with cached HTML pages

26
Security Issues

How security works in Internet communications

27
Security issues

What are the security problems in Internet
communication

Cryptography basics

How digital signatures and certificates work?

Secure Sockets Layer protocol

Internet browsers and security

Useful links to visit

28
Security problem

Spoofing How can I reassure customers who come
to my site that they are doing business with me,
not with a fake set up to steal their credit card
numbers?

Eavesdropping How can I be certain that my
customers account number information is not
accessible to online eavesdroppers when they
enter into a secure transaction on the Web?

Data alteration How can I be certain that my
personal information is not altered by online
eavesdroppers when they enter into a secure
transaction on the Web?

29
What do we have to achieve

Authentication no spoofing

Privacy no eavesdropping

Data integrity no data alteration

Non-repudiation no claiming of user action

30
Solutions are . . .

Digital certificates for Web servers,
to provide authentication
and data integrity

Cryptography algorithms to provide privacy

Secure Sockets Layer (SSL)
the basis for every e-business
trust infrastructure

31
Cryptography basis

Cryptography provides privacy

Symmetric approach

Asymmetric approach

Hybrid approach

32
Symmetric approach

Both sides use the same key for encryption and
decryption

Convenient for bulk data encryption
(computationally faster then other
methods)

Examples RSA RC4, DES, IDEA

33
Asymmetric approach

Sender uses public key for encryption
receiver uses private key for decryption

Convenient for short data encryption
(computationally slower then other
methods)

Examples RSA, Diffie-Hellman , ElGamal

34
Hybrid approach

Using symmetric approach for data encryption

Using asymmetric approach for passing the
symmetric key

Applied in SSL (Secure Sockets Layer)

35
Key management problem

Key distribution (in symmetric approach)

Secure binding between public key and his owner
(in asymmetric approach)

Q1 How can I be sure that the public key that
my browser uses to send account number
information is in fact the right one for that Web
site, and not a bogus one?

Q2 How can I reliably communicate my public
keys to customers so that they can rely on it to
send me encrypted communications?

36
Digital Signatures

To provide authentication and data integrity of
electronic documents

Creating message digest using one way hashing
algorithm (MD5, SHA )

Encrypting digest with private key

37
Digital Signatures
38
Digital Certificates

An electronic file that uniquely identifies
communication entities on the Internet

Associates the name of an entity with its public
key

Issued and signed by CA (Certification Authority)

Everybody trust CA, and
CA is responsible
for entity name public key binding

Example CAs VeriSign, Thawte,

39
Digital Certificates

How a X.509 Certificate Is Issued
Key Generation
Matching of Policy Information
Sending of Public Keys and Information
Verification of Information
Certificate Creation
Sending/Posting of Certificate
The certificate is loaded onto an individual's
computer.

40
Secure Sockets Layer

Together with DC enables secure communication
over the TCP/IP network

SSL session consists of two phases
1. handshaking phase
2. data exchange phase

41
SSL handshaking phase (simplified)
Server
Client
42
SSL data exchange phase (simplified)
Client
Server
Fragments msg. into blocks (bytes)
Calculates MAC and appends it to msg.
Decrypts data with SSK
Encrypts data with SSK
Calculates new MAC and verifies the old one
Reassembles the msg.
43
Verification of DCs in user browser
44
About SSL strength

Two variants of SSL 40-bit and 128-bit (refers
to SSK length)

According to RSA Labs it would take a trillion
trillion years t to crack 128-bit
SSL using todays technology!

US export restrictions apply to issued digital
certificates a and browser
implementations (support for 128-bit SSL)

From recently VeriSign is allowed to issue
Global DCs that work both in
US and export versions of browsers(128-bit SSL)

45
Useful links to visit

www.verisign.com , how to apply for DC, security
related stuff

www.thawte.com , how to apply for DC, security
related stuff

46
Setting up an Internet Bank Channel

Bankers point of view

47
Setting up an Internet Bank Channel

Internet bank architecture

Planning phase in setup process

Choosing strategic and technology partners

Required tasks after initial introduction of new
channel

48
Internet bank architecture
49
In-house architecture (CustomerLink primer)

All components in the bank

50
Out-of-house architecture (CustomerLink primer)
51
Banking software architecture

Before Internet revolution banking software
systems were dominantly of client-server type

business logic
52
Banking software architecture

In the Internet era banking software systems are
n-tier (ngt2)

53
Presentation logic
Java Server Pages/Servlets Active Server
Pages PHP
54
Application logic
Written in C/C, Java(EJB), COBOL
55
Planning phase in setup process

What are the services to be installed?
What services we (bank) could implement in-house?
What services we could implement thru ASPs
(out-of-house)?
Who are technology partners?

56
Application service providers

ASP offers standardized packages of applications,
necessary infrastructure, and
certain degree of service

Main characteristics of ASPs is that they offer
applications that are already purchasable

ASP gt one-to-many solution
Classic IT outsourcing gt one-to-one
solution

57
Application service providers division
58
Application service providers pros and cons
59
Planning phase in setup process (revisited)

Complexity of a problem
telecommunications infrastructure
security
multi-tier software infrastructure
maintenance

We recommend using ASPs
for setting up new Internet channel
in the case of mid and
small size banks!

The biggest banks should reconsider
which services to delegate to ASPs

60
Required services for Internet banking

Services offered by ASPs
Online personal banking
(account information,
transfers, deposits)
Online cash management for companies
Bill payment
Check payment
Card payment solutions
Insurance services
Web presentation design
Web presentation hosting
Web presentation administration
Security
Testing of electronic business software
Remote administration of banks servers

61
Choosing strategic and technology partners

Choosing the right ASP is the most important task
in setup procedure
An ASP must
be an expert for Internet access
have experience in electronic business
have a secure and fault-tolerant local area
network
have a good software solution
have well-educated IT staff accessible 24 hours,
365 days

62
Choosing ASPs the cost of downtime
63
Choosing ASPs personal banking, cash
management

Equifax www.equifax.com www.efx-ebanking.com ,
CustomerLink

64
Choosing ASPs personal banking, cash
management

Digital Insight, www.digitalinsight.com, AXIS

65
Choosing ASPs personal banking, cash
management

Vifi, www.vifi.com, InternetBanker

66
Choosing ASPs bill payment

CheckFree, www.checkfree.com

67
Choosing ASPs card payment processing

RS2 Software Group , www.rs2group.com, BankWorks

68
Choosing ASPs web hosting

Digex , www.digex.com

69
Choosing ASPs web design for banking

DiamondBullet , www.diamondbullet.com,
,,,,,,,,,,,,,,,,,,,,,,,,www.bankingwebsit
es.com

70
Required tasks after initial introduction of new
channel

Education of banks staff

Permanent marketing

Obtaining information about competition and
potential customers (investors)

71
Education of staff

Studies show that education of bank staff in
using Internet channel is often incomplete
Staff should provide answers to FAQ about using
Internet channel to their customers
Conclusions deduced from incompetence of staff
are
we do it (Internet banking) because all do it
we do it but we dont think it is important to us
Education process can be done thru
courses after job
by stimulating staff to use Internet Banking from
home (participating in PC purchase,
obtaining discounts from local ISP)

72
Permanent marketing

We have a good solution for Internet banking
but number of online users
is very low after initial setup whats
wrong?

The answer is we need permanent marketing
campaign!

Customers who were not ready for new service
at the moment of the initial
introduction
will be ready after few months

Marketing cycles to involve customers that
became ready in the meanwhile

Key of success enthusiasm, especially among
management

73
How to do marketing

Spreading enthusiasm among staff
Utilizing common media for advertising
(professional agencies)
Organizing education about Internet technologies
and new banking services among
customers
Agreements with local ISPs and resellers of PC
equipment

74
Education of customers

Studies show that 7 of bank users are
technically advanced while 25 is open
to new banking services
but they lack technical experience

75
Education of customers

In order to attract more online customers, bank
should

organize courses for using PCs and Internet

provide PC installations inside bank halls and
rooms, accessible to customers

make agreements with local ISP to give discounts
for online bank customers

organize periodical meetings where online
customers can exchange information about
Internet banking services and E-Business in
general

76
Monitoring activity on Internet channel

In order to react fast we should gather
information about channel use
Different statistics should be made
number of visitors
number of transactions
which services are most/least used
average time spend at Web site by common user
Feedback support
(customer forms, e-mail for additional
questions/services)

77
Obtaining information about competition and
potential customers (investors)

To be successful in every business (banking
services) you constantly need
information about
competition
(what they
offer, what are the complaints of their
customers)
potential customers
Among other ways to find information
it is useful to
monitor the Web and Web activity using search
engines

78
Internet Bank Demo