Introduction
Using Internet communications channels is one of the main
necessities for expanding modern electronics banking services. Security is the
major backbone of such systems. Hackers might be able to exploit one or more
vulnerabilities in web based applications or related systems (web server,
Operating System, Database, Firewall) and plan for various attacks against the
system. Therefore identifying a variety of security attacks (at various levels
such as Internet Banking Application Programs) and also elimination of commonly
exploited deficiencies is one of the major necessities during planning and
implementation of these service channels.
Advantages of BITA Internet Banking System
- Secure
system with possibility of easy usage for customers of bank
- Expandability
and giving bank desired services in a short time
- Reducing the necessity
for customer presence in the branch and thereby cost reduction
Features of BITA Internet Banking System
Architectural Features
Major architectural features of the system are as follows:
- System
programming and development environment based on JAVA and J2EE
·
Using different architectural patterns
including integration and J2EE
·
Multi-layer architecture: Internet banking
system architecture is an independent multilayer architecture.
·
Object-Oriented design: Internet banking system
design is based on Object Oriented design observing the best production
patterns.
·
Scalable architecture: Software technology,
design and architecture used in implementing this system have added scalability
to the system.
·
Appropriate integration of commercial
components and open standards
·
Ease of extensibility and offering new services
·
Easy to configure: Configurable through XML
configuration files and Graphical user interfaces without changing the
application code in various positions
·
Independence from hardware platforms, software
and operating system:
o
Hardware independence and supporting Mainframe,
Midrange and PC
o
Independence from Operating System and
supporting ZOS, Linux and Windows
o
Independence from Application Server and Web
server
o
Independence from Data Base
User Interface Features
Due to wide spectrum
of Internet Banking System users, the ability of performing intended services
is essential for the users. To achieve this purpose, the following features
have been implemented:
- Flexible
and attractive user interface
·
Special attention to Usability
·
Special attention to Look and Feel
·
Maintain the integrity and continuity of design
and adherence to standards
·
Use of Ajax technology to facilitate usage
·
Use of three types of guide
·
Timely and appropriate messaging and feedback
·
Using special components such as Iranian and
Gregorian calendar, multi-lingual keyboard
Usage Features
Providing the
following banking services:
- List
of accounts
- Balances
- Billing
- Funds
transfer
- Periodic
funds transfer
- Interbank
funds transfer
- Card
to Card money transfer
- Paying
the bills
- Premiums
paid by employers
- Check
observation
- Check
payment order
- View
the last successful login in other channels
- Change
login password
- Track
financial transactions by customer
- Transaction
monitoring and registration
- Logging
and tracking transactions by admin
Operational Features
Operational features
of Internet banking system are as follows:
·
Supporting different languages (Multi-lingual
capability)
·
Supporting banking standards
·
Web based user interface for system
administration
·
Supporting various communications protocols:
currently JMS communications protocols and especially IBM MQ, TCP/IP, HTTP, and
VM are supported.
·
Supporting common browsers such as IE, Mozilla
Firefox, and Opera
Security Features
One of the most important requirements of electronic funds transfer
(Financial transactions) is to make sure of secure transactions and
communication between different components. In the Internet banking system,
high level security features have been built keeping in mind the latest
security threats.
Some of the main implemented security features are as follows:
- Countering
the latest cyber attacks
o
Keeping necessary controls (data type, data
length, maximum and minimum valid amount, data structure) on all transmitted
data
o
Keeping control on input data size which is
registered in a buffer (countering buffer overflow attack)
o
Countering denial of services
o
Applying the latest security patches for
operating system, web server software and other systems involved in management
channel system (countering software security holes)
o
Countering code injection attacks
o
Hiding local information including security
settings and confidential data
o
Preventing from producing spurious data by the
hacker
o
Restrictions on layers after user interface
o
Correct security settings for components
involved in channel management system (web server, operating system components,
data base)
o
Possibility of personalizing the website login
page for each user
o
Using SSL protocol on all web pages
o
Possibility of web sessions administration:
Setting the session idle time and maximum session active time
·
Ensuring the accuracy of the message and
controlling the integrity of the message in the message path
·
Maintaining confidentiality: message encoding
and decoding in the path
·
User authentication and authorization
o
Authentication for external systems in the bank
and second level authentication for financial transactions
o
Possibility of system login restrictions based
on access identifiers such as IP, specified phone or mobile number
o
Logging successful and failed login attempts
o
Possibility to define different input ports
according to user’s role
o
Possibility of role based access level
controlling
o
Password Strength Checker
o
Security tips
o
Auto logout in session expiration
Transaction Management
- Observing
principles of concurrency and duplicate transactions prevention
- High
volume transaction processing capability
- Possibility
to track the status of a transaction
- Instant
payment processing