Predavanja e Bankarstvo 1376644091634

An Introduction
to
Internet Banking
Milos Kovacevic, milos@grf.bg.ac.yu

Nikola Klem, klem@grf.bg.ac.yu
Veljko Milutinovic, vm@etf.bg.ac.yu
University of Belgrade, Yugoslavia
Presentation Outline
 Introduction to E-Banking
 Internet bank demo – customer’s point of view
 Security issues
 Setting up an Internet bank channel
 Internet bank demo – small community bank
 Searching for financial information on the Web
 Conclusions
An Introduction to Internet Banking SSGRR 2001 2 of 110

Introduction to E-Banking
The basis
Introduction to E-Banking
 Introduction to E-Business
 What is E-Bank
 Why to do E-Banking
 Some facts about E-Banking

Introduction to E-Business
 We are living in the connected world!

 It’s Monday. You have to:
 Reserve airplane tickets for your vacation
 Buy gifts for your child’s birthday
 Pay bills for the current month (electricity, telephone …)
 Check the bank account information
 Inform relatives about family gathering next weekend
 Thanks to the development of E-Business, you can do all of the above

;;;;from your home or even from the car!

 The transformation of key business processes through the use

of of Internet and related technologies (IBM Corporation)
 B-to-B (Business to Business)  B-to-C (Business to Customer)

European E-Business momentum



What is E-Bank?
 Traditional banking business assumes:

 customer desk at bank’s building
 working time from 8.00 am to 19.00 pm
 Customers have :
Collision!
 their job during the day
 family activities after job

What is E-Bank
 E-Bank is transforming banking business into E-Business

thru utilizing various E-Channels
 E-Channels are:
 Internet
 WAP based mobile network
 Automated telephone
 ATM network
 SMS and FAX messaging
 Multipurpose information kiosks
 Web TV and others …

What is E-Bank?
 E-Banking business assumes:

 E-Channels enable financial transactions from anywhere
 working time is non-stop
 Customer requests are:

Perfect match!
 non-stop working time
 using services from anywhere

Why to do E-Banking
 Possibility to extend your market (even out of country)

 Possibility to process more financial transactions
 Possibility to lower your transaction cost

Some facts about E-Banking in Europe




Some facts about E-Banking in USA

Some facts about E-Banking in USA

Internet Banking
 Using Internet as an E-Channel makes financial services

a;available to wide population
 WWW service
 In this tutorial we shall focus

o;on Internet Banking

Internet Bank Demo
Customer’s point of view

Internet Bank Demo
customer’s point of view
 What customer needs for online bank access
 Equifax demo primer

Customer should have a …
 Standard PC with Internet access
 Internet browser that supports SSL and,
 Money …

Equifax demo primer
 Here goes presentation of Equifax demo primer

for their Internet bank solution
 The aim is to show how an online bank looks like

from the customer’s point of view
 Presentation will be done thru Internet Explorer

and with cached HTML pages

Security Issues
How security works in Internet communications

Security issues
 What are the security problems in Internet communication
 Cryptography basics
 How digital signatures and certificates work?
 Secure Sockets Layer protocol
 Internet browsers and security
 Useful links to visit

Security problem
 Spoofing “How can I reassure customers who come to my site that

they are doing business with me, not with a fake set up to steal their
credit card numbers?”
 Eavesdropping “How can I be certain that my customers’ account

number information is not accessible to online eavesdroppers when they
enter into a secure transaction on the Web?”
 Data alteration “How can I be certain that my personal information is

not altered by online eavesdroppers when they enter into a secure
transaction on the Web?”

What do we have to achieve
 Authentication – no spoofing
 Privacy – no eavesdropping
 Data integrity – no data alteration
 Non-repudiation – no claiming of user action

Solutions are . . .
 Digital certificates for Web servers,

to provide authentication and data integrity
 Cryptography algorithms to provide privacy
 Secure Sockets Layer (SSL)

the basis for every e-business trust infrastructure

Cryptography basis
 Cryptography provides privacy
ENCRYPTED
ENCRYPTION ALG. MESSAGE DECRYPTION ALG.
(CYPHERTEXT)
MESSAGE MESSAGE
(PLAINTEXT) (PLAINTEXT)
SENDER RECEIVER
KEYES.
 Symmetric approach
 Asymmetric approach
 Hybrid approach

Symmetric approach
 Both sides use the same key for encryption and decryption
ENCRYPTED
SYMMETRIC KEY MESSAGE SYMMETRIC KEY
(CYPHERTEXT)
MESSAGE MESSAGE
SENDER RECEIVER
 Convenient for bulk data encryption

(computationally faster then other methods)
 Examples: RSA RC4, DES, IDEA …

Asymmetric approach
 Sender uses public key for encryption
receiver uses private key for decryption
ENCRYPTED
PUBLIC KEY MESSAGE PRIVATE KEY
(CYPHERTEXT)
MESSAGE MESSAGE
SENDER RECEIVER
 Convenient for short data encryption

(computationally slower then other methods)
 Examples: RSA, Diffie-Hellman , ElGamal …

Hybrid approach
 Using symmetric approach for data encryption
 Using asymmetric approach for passing the symmetric key
 Applied in SSL (Secure Sockets Layer)

Key management problem
 Key distribution (in symmetric approach)
 Secure binding between public key and his owner

(in asymmetric approach)
Q1: “How can I be sure that the public key that my browser uses to send
account number information is in fact the right one for that Web site, and
not a bogus one?”
 Q2: “How can I reliably communicate my public keys to customers

so that they can rely on it to send me encrypted communications?”

Digital Signatures
 To provide authentication and data integrity of electronic documents
 Creating message digest using one way hashing algorithm

(MD5, SHA …)
 Encrypting digest with private key

Digital Signatures
Sender Receiver
HA
Message Msg* Digest’
’
HA DS*
Digest
Digest’
Public Key
Private key DS
Equal?

Digital Certificates
 An electronic file that uniquely identifies

communication entities on the Internet
 Associates the name of an entity with its public key
 Issued and signed by CA (Certification Authority)
 Everybody trust CA, and

CA is responsible for entity name – public key binding
 Example CAs : VeriSign, Thawte, …

Digital Certificates
How a X.509 Certificate Is Issued

1. Key Generation
2. Matching of Policy Information
3. Sending of Public Keys and

Information
4. Verification of Information
5. Certificate Creation
6. Sending/Posting of Certificate
7. The certificate is loaded onto an

individual's computer.

Secure Sockets Layer
 Together with DC enables secure communication

over the TCP/IP network
 SSL session consists of two phases:

1. handshaking phase
2. data exchange phase

SSL handshaking phase (simplified)
Client Server
List of supported
ciphers
Strongest cipher
supported + DC
SSK generated
and encrypted Encrypted SSK
with PK
Decrypts SSK with own
From now
SK and sends ack.
use SSK!

SSL data exchange phase (simplified)
Client Server
Fragments msg.
into blocks (bytes) Msg. block MAC
Calculates MAC and

appends it to msg.
Decrypts data with
Encrypts data with SSK
SSK
Calculates new MAC
and verifies the old one
Reassembles the msg.

Verification of DCs in user browser

About SSL strength
 Two variants of SSL: 40-bit and 128-bit (refers to SSK length)
 According to RSA Labs it would take a trillion trillion years t;

…to crack 128-bit SSL using today’s technology!
 US export restrictions apply to issued digital certificates a;

;;and browser implementations (support for 128-bit SSL)
 From recently VeriSign is allowed to issue Global DCs

;;that work both in US and export versions of browsers;(128-bit SSL)

Useful links to visit
 www.verisign.com , how to apply for DC, security related stuff
 www.thawte.com , how to apply for DC, security related stuff

Setting up an Internet Bank Channel
Banker’s point of view

Setting up an Internet Bank Channel
 Internet bank architecture
 Planning phase in setup process
 Choosing strategic and technology partners
 Required tasks after initial introduction of new channel

Internet bank architecture
Bank back office Internet front office

system system
Web server
Branch office
terminals
Security
subsystem
SSL connection
Internet
User

In-house architecture (CustomerLink primer)
In-house Web Server

On Site
CustomerLink Server
On Site Core System
On Site
Security Firewall
On Site
Router  All components in the bank

On Site
Local Internet
POP
Internet

Out-of-house architecture
(CustomerLink primer)
Synchronization
Web server CustomerLink Data transfer Core server

server server
Router
Firewall
Bank site
ASP (Equifax)
Internet
User 50 of 110
An Introduction to Internet Banking SSGRR 2001
Banking software architecture
 Before Internet revolution banking software systems

were dominantly of client-server type
data management
Server
business logic
Network
presentation logic
Client
Client
Client

Banking software architecture
 In the Internet era banking software systems are n-tier (n>2)
Data management
Client
Presentation logic
Intranet Intranet
logic
Internet
Web server Aplication server Database server
Business
Client
logic

Presentation logic
https = ssl+http
thin client web server
Java Server Pages/Servlets

Presentation logic forms HTML
Active Server Pages
and interacts with application tier
PHP …

Application logic
Business objects, can be on a single

or multiple app. servers
Written in C/C++, Java(EJB), COBOL …
CORBA, DCOM, RMI
App. server
1 SQL thru JDBC/ODBC to data tier
4
Request for service 2
and data response Required data
3
Planning phase in setup process
 What are the services to be installed?
 What services we (bank) could implement in-house?
 What services we could implement thru ASPs (out-of-house)?
 Who are technology partners?

Application service providers
 ASP offers standardized packages of applications,

necessary infrastructure, and certain degree of service
 Main characteristics of ASPs is that they offer applications

that are already purchasable
 ASP > one-to-many solution

Classic IT outsourcing > one-to-one solution

Application service providers – division
Vertical ASP
Horizontal ASP

Application service providers – pros and cons

Planning phase in setup process (revisited)
 Complexity of a problem:
 telecommunications infrastructure
 security
 multi-tier software infrastructure
 maintenance…
 We recommend using ASPs

for setting up new Internet channel
in the case of mid and small size banks!
 The biggest banks should reconsider

which services to delegate to ASPs

Required services for Internet banking
 Services offered by ASPs:

 Online personal banking
(account information, transfers, deposits…)
 Online cash management for companies
 Bill payment
 Check payment
 Card payment solutions
 Insurance services
 Web presentation design
 Web presentation hosting
 Web presentation administration
 Security
 Testing of electronic business software
 Remote administration of bank’s servers …
Choosing strategic and technology
partners
 Choosing the right ASP is the most important task

in setup procedure
 An ASP must:
 be an expert for Internet access

 have experience in electronic business
 have a secure and fault-tolerant local area network
 have a good software solution
 have well-educated IT staff accessible 24 hours, 365 days

Choosing ASPs – the cost of downtime

Choosing ASPs – personal banking,
cash management
 Equifax www.equifax.com www.efx-ebanking.com , CustomerLink

cash management
 Digital Insight, www.digitalinsight.com, AXIS

cash management
 Vifi, www.vifi.com, InternetBanker

Choosing ASPs – bill payment
 CheckFree, www.checkfree.com

Choosing ASPs – card payment
processing
 RS2 Software Group , www.rs2group.com, BankWorks

Choosing ASPs – web hosting
 Digex , www.digex.com

Choosing ASPs – web design for banking
 DiamondBullet , www.diamondbullet.com,
,,,,,,,,,,,,,,,,,,,,,,,,;www.bankingwebsites.com

Required tasks after initial introduction of new
channel
 Education of bank’s staff
 Permanent marketing
 Obtaining information about competition and

potential customers (investors)

Education of staff
 Studies show that education of bank staff in using Internet channel

is often incomplete
 Staff should provide answers to FAQ about using Internet channel to

their customers
 Conclusions deduced from incompetence of staff are:

 we do it (Internet banking) because all do it
 we do it but we don’t think it is important to us
 Education process can be done thru:

 courses after job
 by stimulating staff to use Internet Banking from home
(participating in PC purchase, obtaining discounts from local ISP)

Permanent marketing
 We have a good solution for Internet banking

but number of online users is very low after initial setup
what’s wrong?
 The answer is: we need permanent marketing campaign!
 Customers who were not ready for new service

at the moment of the initial introduction
will be ready after few months
 Marketing cycles – to involve customers that became ready

in the meanwhile
 Key of success – enthusiasm, especially among management

How to do marketing
 Spreading enthusiasm among staff
 Utilizing common media for advertising (professional agencies)
 Organizing education about Internet technologies

and new banking services among customers
 Agreements with local ISPs and resellers of PC equipment

Education of customers
 Studies show that 7% of bank users are technically advanced

while 25% is open to new banking services
but they lack technical experience

Education of customers
 In order to attract more online customers, bank should:
 organize courses for using PCs and Internet
 provide PC installations inside bank halls and rooms,

accessible to customers
 make agreements with local ISP to give discounts for

online bank customers
 organize periodical meetings where online customers

can exchange information about Internet banking services
and E-Business in general

Monitoring activity on Internet channel
 In order to react fast we should gather information about channel use
 Different statistics should be made:
 number of visitors
 number of transactions
 which services are most/least used
 average time spend at Web site by common user
 Feedback support
(customer forms, e-mail for additional questions/services)

Obtaining information about competition and
potential customers (investors)
 To be successful in every business (banking services)

you constantly need information about:
 competition
(what they offer, what are the complaints of their customers)
 potential customers
 Among other ways to find information

it is useful to monitor the Web and Web activity using search engines

Internet Bank Demo
Small community bank

Internet Bank Demo
 Small community bank primer
 The Bank of Northern Michigan (BNM)

BNM Profile
 Community bank from Petoskey, Michigan, USA

 Independent, full service financial institution
 More then 140 years of experience
 Strong customer-bank relationship
 Commitment to new banking technologies
 A FDIC member
 Contact addresses :
 Web www.bankofnorthernmichigan.com
 Email talktous@bankofnorthernmichigan.com

BNM web presence
 BNM web site is created and maintained by ASP

 ASP is Diamond Bullet Design

BNM online banking services

Login to online bank

Who is the real online bank provider?
 BNM uses Equifax as an ASP for online bank services

 www.efxibank.com/clkpcb/072414006/default1.asp

Security is essential
 Customer session is established thru 128-bit SSL connection

 SSL between client browser and online bank ASP (Equifax)

Security is essential
 Customer session is timed out after 10 minutes of inactivity
 Browser cache is disabled when working thru security connection

Services …

Services …

Pay Bill option thru CheckFree
 Customers pay their bills thru CheckFree

 Online bank software redirects us automatically to
www.checkfree.com
Front end system architecture
CheckFree
Other FSP
Equifax
Security border
Security border
Security border
The Bank of
?$ Web Hosting
Provider
Northern Michigan
www.bankofnorthernmichigan.com
Security border
Customer's PC
Out-of-house architecture
(BNM)
Synchronization
Web server CustomerLink Data transfer Core server

server server
Router
Firewall
BNM
Equifax
Internet
User 91 of 110
An Introduction to Internet Banking SSGRR 2001
Distribution of services
 Web design Diamond Bullet Design
 Web hosting Local ISP
 Web administration Diamond Bullet Design
 Core online bank services Equifax
 Paying bills and e-bills CheckFree

Searching for financial
information on the Web
A necessary step to be successful in banking
business
Searching the Web
 Importance of web search (WS) in banking business
 Searching services on the Web
 General search engines – how do they work?
 Searching financial data by using focused crawlers
 Useful links to visit

Financial data on the Internet
 Huge amount of financial data publicly available on the Internet
 Among 660 largest companies from 22 countries (30 from each)

62% had some form of financial data on their Web sites
(IASC Report for 1999)
 The role of outsiders:
 DigiTRADE
 EDGAR
 Wall Street City.Com
 Yahoo! Finance

Nature of the financial data on the Web
 Among others, we can find information about:
 Quarterly and annual financial reports

 Financial history
 SEC filings
 Stock quotes
 Press releases
 Information request forms
 Other shareholder information

Importance of WS in banking business
 Internet Banking market is very dynamic

Importance of WS in banking business
 To be successful in business we need information about:
 Potential customers
 Potential competitors
 A vast amount of information can be acquired

using search engines and monitoring interesting web sites

Searching services on the Web
 We can generally search the Web

using three types of searching services:
 subject directories
 search engines that use

crawlers for collecting
data
 meta-crawlers

Subject directories
 Links to web sites are collected

according to topics they treat
 Links are collected by humans who evaluate them
 Useful when searching about some topic in general
 Not effective when trying to find something specific
 Examples: Yahoo!, World Wide Web Virtual Library …

Search engines
 They try to collect as many as possible pages from the Web

and store them locally for later keyword search
 Pages are collected by using crawlers (sw components)
 Good for search on specific query
 Result pages are sorted by relevancy
 Results can be out of date (currency problem)
 Examples: Google, Fast, AltaVista, Inktomi…

Search engines – how do they work?
Html page
Search Crawler
Engine
Parser
Link
Indexer
URL queue
List of pages
Searcher
Word Index Query

+ URLs
Meta-crawlers
 They utilize other search engines concurrently

by sending user’s query to them
 Good for queries about exotic topics
 Queries are simple because of different formats

;;;among search engines
 Examples: MetaCrawler, Dogpile, …

Search engines – comparisons
 Estimated size of the Web as of 2000 – 7.4 billion documents

(source OCLC)

Searching financial data by using focused
crawling
 Focused crawlers visit only topic-specific pages
I’ll go only this way

Banking Crawler
 Focused crawlers versus classic crawlers (solve currency problem)
standard focused

Useful links to visit
 www.searchenginewatch.com , search engine comparisons
 www7.scu.edu.au/programme/fullpapers/1921/com1921.htm
the anatomy of the Google search engine
 http://www.streeteye.com/cgi-bin/allseeingeye.cgi ,
financial data meta-crawler
 www.moneysearch.com , finance specific directory search
 www.dailystocks.com , excellent financial portal for investors
 www.companysleuth.com , excellent financial portal for

investors

Conclusions
Final words…
 Every bank should implement its Internet channel

(reduced cost of transaction, global connectivity )

Final words…
 Small and mid-size banks could benefit using ASPs

;;;for different kind of services
 Choosing the right ASP

;;;is the most important step!

Final picture
About some Internet myths

(from “European ECM momentum”, Maria Luisa Rodriguez, San Jose State University)

An Introduction
to
Internet Banking
Milos Kovacevic, milos@grf.bg.ac.yu

Nikola Klem, klem@grf.bg.ac.yu
Veljko Milutinovic, vm@etf.bg.ac.yu
University of Belgrade, Yugoslavia
Evaluating important pages (links)
 Important metrics for evaluating pages(links) in searching process are:
 Back link count

IB(P)= number of links that point to P
 Page Rank
IR (P )  1  d  d *  IR (Ti ) /Ci
i
Ti – pages that point to P, Ci – num. of outgoing links
from Ti , d – dumping factor
 Location metric
IL(P)= F(u), u is link to P

Evaluating important pages (links)
 Important metrics for evaluating pages(links) in searching process are:
 Forward link count

IF(P)= number of links that go from P
 Similarity to a driving query Q

IS(P,Q)= <w1,…,wn >P o <w1,…,wn >Q
wi=0 for ith word from the lexicon not in document, else
wi=f * idf, f – frequency of the ith word in the document
idf – inverse document frequency of the ith word

Predavanja e Bankarstvo 1376644091634

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Predavanja e Bankarstvo 1376644091634

Caricato da

Copyright:

Formati disponibili

An Introduction

Milos Kovacevic, milos@grf.bg.ac.yu

 Internet bank demo – customer’s point of view

 Setting up an Internet bank channel

 Internet bank demo – small community bank

 Searching for financial information on the Web

An Introduction to Internet Banking SSGRR 2001 2 of 110

 Some facts about E-Banking

An Introduction to Internet Banking SSGRR 2001 4 of 110

 We are living in the connected world!

An Introduction to Internet Banking SSGRR 2001 5 of 110

 It’s Monday. You have to:

 Reserve airplane tickets for your vacation

 Buy gifts for your child’s birthday

 Pay bills for the current month (electricity, telephone …)

 Check the bank account information

 Inform relatives about family gathering next weekend

 Thanks to the development of E-Business, you can do all of the above

An Introduction to Internet Banking SSGRR 2001 6 of 110

 The transformation of key business processes through the use

 B-to-B (Business to Business)  B-to-C (Business to Customer)

An Introduction to Internet Banking SSGRR 2001 7 of 110

An Introduction to Internet Banking SSGRR 2001 8 of 110

An Introduction to Internet Banking SSGRR 2001 9 of 110

An Introduction to Internet Banking SSGRR 2001 10 of 110

 Traditional banking business assumes:

An Introduction to Internet Banking SSGRR 2001 11 of 110

 E-Bank is transforming banking business into E-Business

An Introduction to Internet Banking SSGRR 2001 12 of 110

 E-Banking business assumes:

 Customer requests are:

An Introduction to Internet Banking SSGRR 2001 13 of 110

 Possibility to extend your market (even out of country)

An Introduction to Internet Banking SSGRR 2001 14 of 110

An Introduction to Internet Banking SSGRR 2001 15 of 110

An Introduction to Internet Banking SSGRR 2001 16 of 110

An Introduction to Internet Banking SSGRR 2001 17 of 110

An Introduction to Internet Banking SSGRR 2001 18 of 110

An Introduction to Internet Banking SSGRR 2001 19 of 110

An Introduction to Internet Banking SSGRR 2001 20 of 110

 Using Internet as an E-Channel makes financial services

 In this tutorial we shall focus

An Introduction to Internet Banking SSGRR 2001 21 of 110

Customer’s point of view

 What customer needs for online bank access

 Equifax demo primer

An Introduction to Internet Banking SSGRR 2001 23 of 110

 Standard PC with Internet access

 Internet browser that supports SSL and,

An Introduction to Internet Banking SSGRR 2001 24 of 110

 Here goes presentation of Equifax demo primer

 The aim is to show how an online bank looks like

 Presentation will be done thru Internet Explorer

An Introduction to Internet Banking SSGRR 2001 25 of 110

How security works in Internet communications

 What are the security problems in Internet communication

 How digital signatures and certificates work?

 Secure Sockets Layer protocol

 Internet browsers and security

 Useful links to visit

An Introduction to Internet Banking SSGRR 2001 27 of 110

 Spoofing “How can I reassure customers who come to my site that