Transcript Internet Banking

UBank
Internet Banking Solution
By Integrated Digital Systems
Banking Anytime, Anywhere
• Internet Banking has become an essential service in the
banking sector. Using their PC, corporate and individual
clients will be able to get account information and post
their transactions easily and on the spot.
• You will now be able to provide the same services
provided on location for your clients in the comfort of
their home, shorten waiting line, and decrease the cost of
your transactions.
IDS Internet Banking System
•
IDS e-Banking allows your corporate and individual clients to benefit from informational
and transactional services provided by your bank using their PC and Internet connection
regardless of time and location.
•
The system is secure, user-friendly, and enables bank clients to perform all operations from
distance:
–
–
–
–
–
–
–
–
–
•
Cash management
Wire transfers
Bill presentment and payment
Balance inquiries
Funds transfers
Downloading transaction information
Loan applications
Investment activity
Other value-added services
The system is composed of the following four modules:
–
–
–
–
–
Internet Banking (User and Corporate Banking)
Internet Banking Administration
Customer Inquiry System
Customer Inquiry System Administration
Proxies for Mediation Services
Security
The application security tests are modeled along the methodologies
specified by the Open Web Applications Security Project (OWASP).
OWASP has rated the Top Ten Vulnerabilities found in web
applications worldwide:
•
•
•
•
•
•
•
•
•
•
Un-validated Parameters
Broken Access Control
Broken Account and Session Management
Cross-Site Scripting (XSS) Flaws
Buffer Overflows
Command Injection Flaws
Error Handling Problems
Insecure Use of Cryptography
Remote Administration Flaws
Web and Application Server Mis-configuration
The application was tested and proven safe against all the above
vulnerabilities. It also uses Secure Socket Layer technology.
Internet Banking
• The user interface is the
environment using which bank
clients can access and manage
their accounts through the
Internet.
• The following screenshots were
taken from the Commercial
Bank of Kuwait website,
designed and developed by IDS.
• Click to View:
–
–
–
–
–
Individual Banking
Corporate Banking
IB Administrator
Customer Inquiry System
Customer Inquiry
Administrator
– Proxy for Mediation Services
User Interface:
Individual and Corporate Use
View in this Section:
–
–
–
–
–
–
–
–
–
–
–
–
Website Homepage
First Time Registration
Profile
Session Log
Portfolio Display
Display Account Details
Download Statement
Transfers
Transfer History
Beneficiary Accounts
SWIFT Transfers
Bill Payment
Website Homepage
Users of the online banking system need to have a User ID and
Password for security purposes. In case the client is using the
system for the first time, he has to set up his account for future
use.
First Time Registration
During new user registration, the client should provide his
account number, and a pin number provided by the bank. He
also has to set a user ID and Password, and agree to the Terms
and Conditions.
Profile Update
User can edit his profile’s information: Name, Address, Phone
Numbers
Session Log
User Session Log shows the user the dates and times when he
accessed the pages of the internet banking system.
Portfolio
The previous page displays a consolidated view of the client’s assets and liabilities
at the bank.
At the top of the page, the system displays the total assets and the total liabilities
in the same currency.
In the details of the Assets accounts the system displays the following for each
account:
- Account Number
- Account Type
- Currency
- Available Balance (balance available for withdrawal or other
operations)
- Current Balance (real balance)
The Liabilities section shows Credit Card accounts and Loan accounts.
In the Credit Card section, user can view the account number, credit card type,
currency, limit amount, outstanding amount, and available limit.
In the Loans section, the user can view loan amount, balance, installments, and
past due amounts.
Display Account Details (Credit Card)
From the Portfolio page, the user can click on any account to
view its details. Here, credit card account information is
available to the user. He can check his limit amount and his
unbilled transactions for a month or for a date range he
specifies. Similarly, user can view loan, fixed deposits, foreign
currency accounts, and other.
Download Account Statement
User can download an Excel sheet containing account
information. User can define the account and the period for
which the statement will be issued.
Transfers
User is able to transfer amounts from an account to another
(own and third party). He has to specify the debit and the
credit accounts, the amount, the currency, and the effective
date of the transfer.
Transfers
After entering the required information to perform the transfer,
the user is required to confirm the transfer operation. Balance
amounts and other relevant information are displayed.
Transfers
When the transfer is confirmed, the system issues a confirmation
page containing all transfer information that the user can keep
for future reference.
Transfer History
The user can view his transfer transactions history with
information about the date, amount, account numbers, and the
status of each transfer.
Beneficiary Accounts
The user is able to keep a directory of accounts to which
he usually performs transfer operations. The user can
select an account number, currency, and a description.
SWIFT Transfers
In order to use the SWIFT transfers function of the system, the
client has to register his nickname, bank name, and other
information.
SWIFT Transfers
The SWIFT transfer form where the user should enter the
account to be debited, the name of the beneficiary, the amount
of the transfer, and other details.
Bill Payment
For a number of companies defined by the bank, the user can pay
his bills using the internet banking interface.
Account Profile Management
User can add accounts to his profile and give each account a
description.
User Interface:
Corporate Use
• View in this section:
–
–
–
–
One-to-Many Transfers
Many-to-One Transfers
Payroll Management
Order Checkbook
Corporate User Interface
• In addition to the previously demonstrated features, the
system offers corporate users many additional features.
• These features include:
– One to Many transfers
– Many to One transfers
– Payroll Management of Corporation Employees
One-to-Many Transfers
Using the One to Many transfers page, the user can select a
Debit Account, from which he can transfer amounts he specifies
to an unlimited number of Credit Accounts.
Many-to-One Transfers
Using the Many to One transfers page, the user can select a
Credit Account, from which he can transfer amounts he specifies
to an unlimited number of Debit Accounts.
Payroll Session Setup
•
In “Session Parameter” a company’s accountant can set up the payroll by:
– Selecting the Debit Account from which to pay salaries
– Selecting the accounts to which salaries will be transferred (user is able to
upload a list existing on a file on his PC, or downloading accounts)
– Entering the maximum amount allowed to be paid to each account
– Creating the new session
– Going to “Payroll Page”
Payroll
In the Payroll page, the user enters the amounts to be paid to
each account. When the user clicks on “Submit”, he is
notified that the session will be processed.
Session Log
In the “Session Log” page, the user can view the history of his
sessions, and the status of each session. When the user clicks
on the session, a page containing session details is opened.
Order Checkbooks
Corporate users can order checkbooks using the website by
entering account number, number of checkbooks required, and
the name and e-mail of the authorized representative.
Internet Banking Administrator
• The Internet Banking Administrator system allows bank administrators
(depending on their rights) to manage IB website settings, set different
kinds of transfer limits, define special rate days, control user status, and
edit administrators rights.
• The internet banking administrator system allows bank administrator to:
–
–
–
–
–
–
–
–
–
–
–
–
Enable/disable the Internet Banking site.
Lock/Unlock Internet Banking user, logout user, delete user.
Set user and general fund transfer limits.
Authorize SWIFT beneficiary account numbers.
Edit special rate days.
Activate/Deactivate special exchange rates.
Issue treasury report for IB fund transfers.
Issue administrator audit report.
Edit country name for credit card transactions.
View session log for an Internet Banking user.
Set default session timeout for Internet Banking users.
Manage administrator site users and rights.
Manage Users and Users’ Rights
Using this screen, the system administrator specifies the users of the
IB system and their rights. User Rights allow or prohibit a user from
viewing or using certain features or system screens and information.
User Status Control
Here the administrator can disable or delete a specific user
or make a group of users log out. This is used in case abuse
is suspected.
Set Transfer Limits
The administrator can specify for accounts of his choice the
maximum allowed amount per transaction, per day, and per
month.
Manage Site Controls
•
Administrator can set:
– Session time out: the time elapsed before an idle
logged
in user is logged out by the system
– Transfer limit per transaction, per day, and per month
– Enable week end rate
– Enable holiday special rate
– Consider Ramadan Special Work Hours
Customer Inquiry System
• The customer information system is used by bank tellers to view
account balances and statements of bank clients by entering one of
the client's account numbers or the CIF number of the client.
• The CIS uses the same interface as the Internet Banking interface
previously demonstrated.
• The systems allows bank teller to:
– View the portfolio of the client's accounts and credit cards.
– View account details and query statements over different
periods of time.
– Download statements in different formats.
Customer Inquiry
System Administrator
• The CIS Administrator system is used by bank
administrators to manage users of the CIS system.
• The systems allows bank administrators to:
– Manage CIS Admin users and rights.
– Manage CIS users and rights.
– Issue audit reports
Proxy for Mediation Services
•
The Tr0909 Proxy is a system that allows mediation between different fund transfer
services in the bank and the core data of the bank on the Mainframe.
Communication with the mainframe is based on a TCP/IP messaging system. The
proxy validates incoming messages for the following conditions:
–
–
–
–
–
Service availability
Allowed originating IP address
Correct message format
Correct Hashing
Correct message timing
•
After validation, the proxy sends the message to the mainframe and waits for a
response from the mainframe or for another transfer message. Every message in the
queue has its own identification number so that, when the proxy get the answer to a
message from the mainframe, it returns the result to the originating application with
success or failure and the reason in case of failure.
•
Parties using this proxy include Fund Transfer through Internet Banking, Fund
Transfer through IVR banking, Labor payments, Bill Payments, etc.
Integrated Digital Systems
Lebanon Offices:
Bir Hassan, Embassy of Morocco
Str., Al Zahraa’ Bldg.
P.O. Box 25/95 Ghobeiry, Lebanon
Tel.&Fax: 01859501
IDS Homepage
Kuwait Offices
P.O. Box: 27927 Safat, 13001 Kuwait
Tel.: +9654718187
Fax: +9654722567
E-mail us for more Information