Wednesday ,Apr 25, 2018, 03:06

DPI Bita Internet Bank

Introduction

Using Internet communications channels is one of the main necessities for expanding modern electronics banking services. Security is the major backbone of such systems. Hackers might be able to exploit one or more vulnerabilities in web based applications or related systems (web server, Operating System, Database, Firewall) and plan for various attacks against the system. Therefore identifying a variety of security attacks (at various levels such as Internet Banking Application Programs) and also elimination of commonly exploited deficiencies is one of the major necessities during planning and implementation of these service channels.

10

Advantages of BITA Internet Banking System

  • Secure system with possibility of easy usage for customers of bank
  • Expandability and giving bank desired services in a short time
  •  Reducing the necessity for customer presence in the branch and thereby cost reduction

Features of BITA Internet Banking System

Architectural Features

 

Major architectural features of the system are as follows:

  • System programming and development environment based on JAVA and J2EE

·         Using different architectural patterns including integration and J2EE

·         Multi-layer architecture: Internet banking system architecture is an independent multilayer architecture.

·         Object-Oriented design: Internet banking system design is based on Object Oriented design observing the best production patterns.

·         Scalable architecture: Software technology, design and architecture used in implementing this system have added scalability to the system.

·         Appropriate integration of commercial components and open standards

·         Ease of extensibility and offering new services

·         Easy to configure: Configurable through XML configuration files and Graphical user interfaces without changing the application code in various positions

·         Independence from hardware platforms, software and operating system:

o    Hardware independence and supporting Mainframe, Midrange and PC

o    Independence from Operating System and supporting ZOS, Linux and Windows

o    Independence from Application Server and Web server

o    Independence from Data Base

User Interface Features

Due to wide spectrum of Internet Banking System users, the ability of performing intended services is essential for the users. To achieve this purpose, the following features have been implemented:

  • Flexible and attractive user interface

·         Special attention to Usability

·         Special attention to Look and Feel

·         Maintain the integrity and continuity of design and adherence to standards

·         Use of Ajax technology to facilitate usage

·         Use of three types of guide

·         Timely and appropriate messaging and feedback

·         Using special components such as Iranian and Gregorian calendar, multi-lingual keyboard

Usage Features

Providing the following banking services:

  • List of accounts
  • Balances
  • Billing
  • Funds transfer
  • Periodic funds transfer
  • Interbank funds transfer
  • Card to Card money transfer
  • Paying the bills
  • Premiums paid by employers
  • Check observation
  • Check payment order
  • View the last successful login in other channels
  • Change login password
  • Track financial transactions by customer
  • Transaction monitoring and registration
  • Logging and tracking transactions by admin

Operational Features

Operational features of Internet banking system are as follows:

  • UTF8 support

·         Supporting different languages (Multi-lingual capability)

·         Supporting banking standards

·         Web based user interface for system administration

·         Supporting various communications protocols: currently JMS communications protocols and especially IBM MQ, TCP/IP, HTTP, and VM are supported.

·         Supporting common browsers such as IE, Mozilla Firefox, and Opera

Security Features

One of the most important requirements of electronic funds transfer (Financial transactions) is to make sure of secure transactions and communication between different components. In the Internet banking system, high level security features have been built keeping in mind the latest security threats.

Some of the main implemented security features are as follows:

  • Countering the latest cyber attacks

o    Keeping necessary controls (data type, data length, maximum and minimum valid amount, data structure) on all transmitted data

o    Keeping control on input data size which is registered in a buffer (countering buffer overflow attack)

o    Countering denial of services

o    Applying the latest security patches for operating system, web server software and other systems involved in management channel system (countering software security holes)

o    Countering code injection attacks

o    Hiding local information including security settings and confidential data

o    Preventing from producing spurious data by the hacker

o    Restrictions on layers after user interface

o    Correct security settings for components involved in channel management system (web server, operating system components, data base)

o    Possibility of personalizing the website login page for each user

o    Using SSL protocol on all web pages

o    Possibility of web sessions administration: Setting the session idle time and maximum session active time

 

20

 

·         Ensuring the accuracy of the message and controlling the integrity of the message in the message path

·         Maintaining confidentiality: message encoding and decoding in the path

·         User authentication and authorization

o    Authentication for external systems in the bank and second level authentication for financial transactions

o    Possibility of system login restrictions based on access identifiers such as IP, specified phone or mobile number

o    Logging successful and failed login attempts

o    Possibility to define different input ports according to user’s role

o    Possibility of role based access level controlling

o    Password Strength Checker

o    Security tips

o    Auto logout in session expiration

Transaction Management

  • Observing principles of concurrency and duplicate transactions prevention
  • High volume transaction processing capability
  • Possibility to track the status of a transaction
  • Instant payment processing