An Introduction to Internet Banking Milos Kovacevic, milos@grf. bg. ac. yu Nikola Klem, klem@grf. bg. ac. yu Veljko Milutinovic, vm@etf. bg. ac. yu University of Belgrade, Yugoslavia
Presentation Outline n Introduction to E-Banking n Internet bank demo – customer’s point of view n Security issues n Setting up an Internet bank channel n Internet bank demo – small community bank n Searching for financial information on the Web n Conclusions An Introduction to Internet Banking SSGRR 2001 2
Introduction to E-Banking The basis
Introduction to E-Banking n Introduction to E-Business n What is E-Bank n Why to do E-Banking n Some facts about E-Banking An Introduction to Internet Banking SSGRR 2001 4
Introduction to E-Business § We are living in the connected world! An Introduction to Internet Banking SSGRR 2001 5
Introduction to E-Business § It’s Monday. You have to: n Reserve airplane tickets for your vacation n Buy gifts for your child’s birthday n Pay bills for the current month (electricity, telephone …) n Check the bank account information n Inform relatives about family gathering next weekend § Thanks to the development of E-Business, you can do all of the above ; ; from your home or even from the car! An Introduction to Internet Banking SSGRR 2001 6
Introduction to E-Business § The transformation of key business processes through the use of of Internet and related technologies (IBM Corporation) § B-to-B (Business to Business) An Introduction to Internet Banking SSGRR 2001 § B-to-C (Business to Customer) 7
European E-Business momentum An Introduction to Internet Banking SSGRR 2001 8
European E-Business momentum An Introduction to Internet Banking SSGRR 2001 9
European E-Business momentum An Introduction to Internet Banking SSGRR 2001 10
What is E-Bank? § Traditional banking business assumes: n n customer desk at bank’s building working time from 8. 00 am to 19. 00 pm § Customers have : Collision! § their job during the day § family activities after job An Introduction to Internet Banking SSGRR 2001 11
What is E-Bank n n E-Bank is transforming banking business into E-Business thru utilizing various E-Channels are: n Internet n WAP based mobile network n Automated telephone n ATM network n SMS and FAX messaging n Multipurpose information kiosks n Web TV and others … An Introduction to Internet Banking SSGRR 2001 12
What is E-Bank? § E-Banking business assumes: n n E-Channels enable financial transactions from anywhere working time is non-stop § Customer requests are: Perfect match! § non-stop working time § using services from anywhere An Introduction to Internet Banking SSGRR 2001 13
Why to do E-Banking § Possibility to extend your market (even out of country) § Possibility to process more financial transactions § Possibility to lower your transaction cost An Introduction to Internet Banking SSGRR 2001 14
Some facts about E-Banking in Europe An Introduction to Internet Banking SSGRR 2001 15
Some facts about E-Banking in Europe An Introduction to Internet Banking SSGRR 2001 16
Some facts about E-Banking in Europe An Introduction to Internet Banking SSGRR 2001 17
Some facts about E-Banking in Europe An Introduction to Internet Banking SSGRR 2001 18
Some facts about E-Banking in USA An Introduction to Internet Banking SSGRR 2001 19
Some facts about E-Banking in USA An Introduction to Internet Banking SSGRR 2001 20
Internet Banking § Using Internet as an E-Channel makes financial services a; available to wide population § WWW service § In this tutorial we shall focus o; on Internet Banking An Introduction to Internet Banking SSGRR 2001 21
Internet Bank Demo Customer’s point of view
Internet Bank Demo customer’s point of view n What customer needs for online bank access n Equifax demo primer An Introduction to Internet Banking SSGRR 2001 23
Customer should have a … n Standard PC with Internet access n Internet browser that supports SSL and, n Money … An Introduction to Internet Banking SSGRR 2001 24
Equifax demo primer n Here goes presentation of Equifax demo primer for their Internet bank solution n n The aim is to show an online bank looks like from the customer’s point of view Presentation will be done thru Internet Explorer and with cached HTML pages An Introduction to Internet Banking SSGRR 2001 25
Security Issues How security works in Internet communications
Security issues n What are the security problems in Internet communication n Cryptography basics n How digital signatures and certificates work? n Secure Sockets Layer protocol n Internet browsers and security n Useful links to visit An Introduction to Internet Banking SSGRR 2001 27
Security problem n Spoofing “How can I reassure customers who come to my site that they are doing business with me, not with a fake set up to steal their credit card numbers? ” n Eavesdropping “How can I be certain that my customers’ account number information is not accessible to online eavesdroppers when they enter into a secure transaction on the Web? ” n Data alteration “How can I be certain that my personal information is not altered by online eavesdroppers when they enter into a secure transaction on the Web? ” An Introduction to Internet Banking SSGRR 2001 28
What do we have to achieve n Authentication – no spoofing n Privacy – no eavesdropping n Data integrity – no data alteration n Non-repudiation – no claiming of user action An Introduction to Internet Banking SSGRR 2001 29
Solutions are. . . n n n Digital certificates for Web servers, to provide authentication and data integrity Cryptography algorithms to provide privacy Secure Sockets Layer (SSL) the basis for every e-business trust infrastructure An Introduction to Internet Banking SSGRR 2001 30
Cryptography basis n Cryptography provides privacy ENCRYPTED ENCRYPTION ALG. MESSAGE (CYPHERTEXT) DECRYPTION ALG. MESSAGE (PLAINTEXT) SENDER n n RECEIVER KEYES. Symmetric approach Hybrid approach An Introduction to Internet Banking SSGRR 2001 n Asymmetric approach 31
Symmetric approach n Both sides use the same key for encryption and decryption ENCRYPTED SYMMETRIC KEY MESSAGE (CYPHERTEXT) SYMMETRIC KEY MESSAGE (PLAINTEXT) SENDER n n RECEIVER Convenient for bulk data encryption (computationally faster then other methods) Examples: RSA RC 4, DES, IDEA … An Introduction to Internet Banking SSGRR 2001 32
Asymmetric approach n Sender uses public key for encryption receiver uses private key for decryption PUBLIC KEY ENCRYPTED MESSAGE (CYPHERTEXT) PRIVATE KEY MESSAGE (PLAINTEXT) SENDER n n RECEIVER Convenient for short data encryption (computationally slower then other methods) Examples: RSA, Diffie-Hellman , El. Gamal … An Introduction to Internet Banking SSGRR 2001 33
Hybrid approach n Using symmetric approach for data encryption n Using asymmetric approach for passing the symmetric key n Applied in SSL (Secure Sockets Layer) An Introduction to Internet Banking SSGRR 2001 34
Key management problem Key distribution (in symmetric approach) n Secure binding between public key and his owner (in asymmetric approach) n Q 1: “How can I be sure that the public key that my browser uses to send account number information is in fact the right one for that Web site, and not a bogus one? ” n Q 2: “How can I reliably communicate my public keys to customers so that they can rely on it to send me encrypted communications? ” n An Introduction to Internet Banking SSGRR 2001 35
Digital Signatures n n n To provide authentication and data integrity of electronic documents Creating message digest using one way hashing algorithm (MD 5, SHA …) Encrypting digest with private key An Introduction to Internet Banking SSGRR 2001 36
Digital Signatures Sender Receiver HA Message Msg* HA Digest’’ DS* Digest’ Public Key Private key DS Equal? An Introduction to Internet Banking SSGRR 2001 37
Digital Certificates n An electronic file that uniquely identifies communication entities on the Internet n Associates the name of an entity with its public key n Issued and signed by CA (Certification Authority) n n Everybody trust CA, and CA is responsible for entity name – public key binding Example CAs : Veri. Sign, Thawte, … An Introduction to Internet Banking SSGRR 2001 38
Digital Certificates How a X. 509 Certificate Is Issued 1. Key Generation 2. Matching of Policy Information 3. Sending of Public Keys and Information 4. Verification of Information 5. Certificate Creation 6. Sending/Posting of Certificate 7. The certificate is loaded onto an individual's computer. An Introduction to Internet Banking SSGRR 2001 39
Secure Sockets Layer § Together with DC enables secure communication over the TCP/IP network § SSL session consists of two phases: 1. handshaking phase 2. data exchange phase An Introduction to Internet Banking SSGRR 2001 40
SSL handshaking phase (simplified) Server Client List of supported ciphers Strongest cipher supported + DC SSK generated and encrypted with PK Encrypted SSK Decrypts SSK with own SK and sends ack. From now use SSK! An Introduction to Internet Banking SSGRR 2001 41
SSL data exchange phase (simplified) Client Server Fragments msg. into blocks (bytes) Msg. block MAC Calculates MAC and appends it to msg. Decrypts data with SSK Encrypts data with SSK Calculates new MAC and verifies the old one Reassembles the msg. An Introduction to Internet Banking SSGRR 2001 42
Verification of DCs in user browser An Introduction to Internet Banking SSGRR 2001 43
About SSL strength § Two variants of SSL: 40 -bit and 128 -bit (refers to SSK length) § According to RSA Labs it would take a trillion years t; …to crack 128 -bit SSL using today’s technology! § US export restrictions apply to issued digital certificates a; ; ; and browser implementations (support for 128 -bit SSL) § From recently Veri. Sign is allowed to issue Global DCs ; ; that work both in US and export versions of browsers; (128 -bit SSL) An Introduction to Internet Banking SSGRR 2001 44
Useful links to visit § www. verisign. com , how to apply for DC, security related stuff § www. thawte. com , how to apply for DC, security related stuff An Introduction to Internet Banking SSGRR 2001 45
Setting up an Internet Bank Channel Banker’s point of view
Setting up an Internet Bank Channel n Internet bank architecture n Planning phase in setup process n Choosing strategic and technology partners n Required tasks after initial introduction of new channel An Introduction to Internet Banking SSGRR 2001 47
Internet bank architecture Bank back office system Internet front office system Web server Branch office terminals Security subsystem Internet An Introduction to Internet Banking SSGRR 2001 SSL connection 48
In-house architecture (Customer. Link primer) In-house Web Server On Site Customer. Link Server On Site Core System On Site Security Firewall On Site § All components in the bank Router On Site Local Internet POP Internet An Introduction to Internet Banking SSGRR 2001 49
Out-of-house architecture (Customer. Link primer) Web server Customer. Link server Data transfer server Core server Router Firewall Bank site ASP (Equifax) An Introduction to Internet Banking SSGRR 2001 50
Banking software architecture n Before Internet revolution banking software systems were dominantly of client-server type data management business logic presentation logic An Introduction to Internet Banking SSGRR 2001 51
Banking software architecture Data management logic In the Internet era banking software systems are n-tier (n>2) Presentation logic n Business logic An Introduction to Internet Banking SSGRR 2001 52
Presentation logic https = ssl+http web server thin client Java Server Pages/Servlets Active Server Pages PHP … An Introduction to Internet Banking SSGRR 2001 Presentation logic forms HTML and interacts with application tier 53
Application logic Business objects, can be on a single or multiple app. servers Written in C/C++, Java(EJB), COBOL … CORBA, DCOM, RMI 1 4 Request for service and data response An Introduction to Internet Banking SSGRR 2001 SQL thru JDBC/ODBC to data tier 2 3 Required data 54
Planning phase in setup process n What are the services to be installed? n What services we (bank) could implement in-house? n What services we could implement thru ASPs (out-of-house)? n Who are technology partners? An Introduction to Internet Banking SSGRR 2001 55
Application service providers n n n ASP offers standardized packages of applications, necessary infrastructure, and certain degree of service Main characteristics of ASPs is that they offer applications that are already purchasable ASP > one-to-many solution Classic IT outsourcing > one-to-one solution An Introduction to Internet Banking SSGRR 2001 56
Application service providers – division Vertical ASP Horizontal ASP An Introduction to Internet Banking SSGRR 2001 57
Application service providers – pros and cons An Introduction to Internet Banking SSGRR 2001 58
Planning phase in setup process (revisited) n Complexity of a problem: n n n telecommunications infrastructure security multi-tier software infrastructure maintenance… We recommend using ASPs for setting up new Internet channel in the case of mid and small size banks! The biggest banks should reconsider which services to delegate to ASPs An Introduction to Internet Banking SSGRR 2001 59
Required services for Internet banking n Services offered by ASPs: n n n Online personal banking (account information, transfers, deposits…) Online cash management for companies Bill payment Check payment Card payment solutions Insurance services Web presentation design Web presentation hosting Web presentation administration Security Testing of electronic business software Remote administration of bank’s servers … An Introduction to Internet Banking SSGRR 2001 60
Choosing strategic and technology partners n n Choosing the right ASP is the most important task in setup procedure An ASP must: n n n be an expert for Internet access have experience in electronic business have a secure and fault-tolerant local area network have a good software solution have well-educated IT staff accessible 24 hours, 365 days An Introduction to Internet Banking SSGRR 2001 61
Choosing ASPs – the cost of downtime An Introduction to Internet Banking SSGRR 2001 62
Choosing ASPs – personal banking, cash management n Equifax www. equifax. com www. efx-ebanking. com , Customer. Link An Introduction to Internet Banking SSGRR 2001 63
Choosing ASPs – personal banking, cash management n Digital Insight, www. digitalinsight. com, AXIS An Introduction to Internet Banking SSGRR 2001 64
Choosing ASPs – personal banking, cash management n Vifi, www. vifi. com, Internet. Banker An Introduction to Internet Banking SSGRR 2001 65
Choosing ASPs – bill payment n Check. Free, www. checkfree. com An Introduction to Internet Banking SSGRR 2001 66
Choosing ASPs – card payment processing n RS 2 Software Group , www. rs 2 group. com, Bank. Works An Introduction to Internet Banking SSGRR 2001 67
Choosing ASPs – web hosting n Digex , www. digex. com An Introduction to Internet Banking SSGRR 2001 68
Choosing ASPs – web design for banking n Diamond. Bullet , www. diamondbullet. com, , , , , , , ; www. bankingwebsites. com An Introduction to Internet Banking SSGRR 2001 69
Required tasks after initial introduction of new channel n Education of bank’s staff n Permanent marketing n Obtaining information about competition and potential customers (investors) An Introduction to Internet Banking SSGRR 2001 70
Education of staff n n n Studies show that education of bank staff in using Internet channel is often incomplete Staff should provide answers to FAQ about using Internet channel to their customers Conclusions deduced from incompetence of staff are: n n n we do it (Internet banking) because all do it we do it but we don’t think it is important to us Education process can be done thru: n n courses after job by stimulating staff to use Internet Banking from home (participating in PC purchase, obtaining discounts from local ISP) An Introduction to Internet Banking SSGRR 2001 71
Permanent marketing n n n We have a good solution for Internet banking but number of online users is very low after initial setup what’s wrong? The answer is: we need permanent marketing campaign! Customers who were not ready for new service at the moment of the initial introduction will be ready after few months Marketing cycles – to involve customers that became ready in the meanwhile Key of success – enthusiasm, especially among management An Introduction to Internet Banking SSGRR 2001 72
How to do marketing n Spreading enthusiasm among staff n Utilizing common media for advertising (professional agencies) n n Organizing education about Internet technologies and new banking services among customers Agreements with local ISPs and resellers of PC equipment An Introduction to Internet Banking SSGRR 2001 73
Education of customers n Studies show that 7% of bank users are technically advanced while 25% is open to new banking services but they lack technical experience An Introduction to Internet Banking SSGRR 2001 74
Education of customers n In order to attract more online customers, bank should: n n organize courses for using PCs and Internet provide PC installations inside bank halls and rooms, accessible to customers make agreements with local ISP to give discounts for online bank customers organize periodical meetings where online customers can exchange information about Internet banking services and E-Business in general An Introduction to Internet Banking SSGRR 2001 75
Monitoring activity on Internet channel n In order to react fast we should gather information about channel use n Different statistics should be made: n n number of visitors number of transactions which services are most/least used average time spend at Web site by common user Feedback support (customer forms, e-mail for additional questions/services) An Introduction to Internet Banking SSGRR 2001 76
Obtaining information about competition and potential customers (investors) n To be successful in every business (banking services) you constantly need information about: n competition (what they offer, what are the complaints of their customers) n n potential customers Among other ways to find information it is useful to monitor the Web and Web activity using search engines An Introduction to Internet Banking SSGRR 2001 77
Internet Bank Demo Small community bank
Internet Bank Demo n Small community bank primer n The Bank of Northern Michigan (BNM) An Introduction to Internet Banking SSGRR 2001 79
BNM Profile n n n n Community bank from Petoskey, Michigan, USA Independent, full service financial institution More then 140 years of experience Strong customer-bank relationship Commitment to new banking technologies A FDIC member Contact addresses : n Web www. bankofnorthernmichigan. com n Email talktous@bankofnorthernmichigan. com An Introduction to Internet Banking SSGRR 2001 80
BNM web presence n BNM web site is created and maintained by ASP n ASP is Diamond Bullet Design An Introduction to Internet Banking SSGRR 2001 81
BNM online banking services An Introduction to Internet Banking SSGRR 2001 82
Login to online bank An Introduction to Internet Banking SSGRR 2001 83
Who is the real online bank provider? n BNM uses Equifax as an ASP for online bank services n www. efxibank. com/clkpcb/072414006/default 1. asp An Introduction to Internet Banking SSGRR 2001 84
Security is essential n Customer session is established thru 128 -bit SSL connection n SSL between client browser and online bank ASP (Equifax) An Introduction to Internet Banking SSGRR 2001 85
Security is essential n Customer session is timed out after 10 minutes of inactivity n Browser cache is disabled when working thru security connection An Introduction to Internet Banking SSGRR 2001 86
Services … An Introduction to Internet Banking SSGRR 2001 87
Services … An Introduction to Internet Banking SSGRR 2001 88
Pay Bill option thru Check. Free n Customers pay their bills thru Check. Free n Online bank software redirects us automatically to www. checkfree. com An Introduction to Internet Banking SSGRR 2001 89
Front end system architecture An Introduction to Internet Banking SSGRR 2001 90
Out-of-house architecture (BNM) Web server Customer. Link server Data transfer server Core server Router Firewall BNM Equifax An Introduction to Internet Banking SSGRR 2001 91
Distribution of services n Web design Diamond Bullet Design n Web hosting Local ISP n Web administration Diamond Bullet Design n Core online bank services Equifax n Paying bills and e-bills Check. Free An Introduction to Internet Banking SSGRR 2001 92
Searching for financial information on the Web A necessary step to be successful in banking business
Searching the Web n Importance of web search (WS) in banking business n Searching services on the Web n General search engines – how do they work? n Searching financial data by using focused crawlers n Useful links to visit An Introduction to Internet Banking SSGRR 2001 94
Financial data on the Internet n n n Huge amount of financial data publicly available on the Internet Among 660 largest companies from 22 countries (30 from each) 62% had some form of financial data on their Web sites (IASC Report for 1999) The role of outsiders: n Digi. TRADE n EDGAR n Wall Street City. Com n Yahoo! Finance An Introduction to Internet Banking SSGRR 2001 95
Nature of the financial data on the Web n Among others, we can find information about: § Quarterly and annual financial reports § Financial history § SEC filings § Stock quotes § Press releases § Information request forms § Other shareholder information An Introduction to Internet Banking SSGRR 2001 96
Importance of WS in banking business n Internet Banking market is very dynamic An Introduction to Internet Banking SSGRR 2001 97
Importance of WS in banking business n To be successful in business we need information about: n n n Potential customers Potential competitors A vast amount of information can be acquired using search engines and monitoring interesting web sites An Introduction to Internet Banking SSGRR 2001 98
Searching services on the Web We can generally search the Web using three types of searching services: n n subject directories search engines that use crawlers for collecting data meta-crawlers An Introduction to Internet Banking SSGRR 2001 99
Subject directories n Links to web sites are collected according to topics they treat n Links are collected by humans who evaluate them n Useful when searching about some topic in general n Not effective when trying to find something specific n Examples: Yahoo!, World Wide Web Virtual Library … An Introduction to Internet Banking SSGRR 2001 100
Search engines n They try to collect as many as possible pages from the Web and store them locally for later keyword search n Pages are collected by using crawlers (sw components) n Good for search on specific query n Result pages are sorted by relevancy n Results can be out of date (currency problem) Examples: Google, Fast, Alta. Vista, Inktomi… n An Introduction to Internet Banking SSGRR 2001 101
Search engines – how do they work? Search Engine Html page Crawler Parser URL queue Link Indexer Searcher Word Index + URLs An Introduction to Internet Banking List of pages Query SSGRR 2001 102
Meta-crawlers n n They utilize other search engines concurrently by sending user’s query to them Good for queries about exotic topics Queries are simple because of different formats ; ; ; among search engines n n Examples: Meta. Crawler, Dogpile, … An Introduction to Internet Banking SSGRR 2001 103
Search engines – comparisons Estimated size of the Web as of 2000 – 7. 4 billion documents (source OCLC) n An Introduction to Internet Banking SSGRR 2001 104
Searching financial data by using focused crawling n Focused crawlers visit only topic-specific pages I’ll go only this way Banking Crawler n Focused crawlers versus classic crawlers (solve currency problem) standard An Introduction to Internet Banking focused SSGRR 2001 105
Useful links to visit n n n www. searchenginewatch. com , search engine comparisons www 7. scu. edu. au/programme/fullpapers/1921/com 1921. htm the anatomy of the Google search engine http: //www. streeteye. com/cgi-bin/allseeingeye. cgi , financial data meta-crawler n www. moneysearch. com , finance specific directory search n www. dailystocks. com , excellent financial portal for investors n www. companysleuth. com , excellent financial portal for investors An Introduction to Internet Banking SSGRR 2001 106
Conclusions
Final words… n Every bank should implement its Internet channel (reduced cost of transaction, global connectivity ) An Introduction to Internet Banking SSGRR 2001 108
Final words… Small and mid-size banks could benefit using ASPs ; ; ; for different kind of services n Choosing the right ASP ; ; ; is the most important step! n An Introduction to Internet Banking SSGRR 2001 109
Final picture About some Internet myths (from “European ECM momentum”, Maria Luisa Rodriguez, San Jose State University) An Introduction to Internet Banking SSGRR 2001 110
An Introduction to Internet Banking Milos Kovacevic, milos@grf. bg. ac. yu Nikola Klem, klem@grf. bg. ac. yu Veljko Milutinovic, vm@etf. bg. ac. yu University of Belgrade, Yugoslavia
Evaluating important pages (links) n Important metrics for evaluating pages(links) in searching process are: n Back link count IB(P)= number of links that point to P n Page Rank Ti – pages that point to P, Ci – num. of outgoing links from Ti , d – dumping factor n Location metric IL(P)= F(u), u is link to P An Introduction to Internet Banking SSGRR 2001 112
Evaluating important pages (links) n Important metrics for evaluating pages(links) in searching process are: n Forward link count IF(P)= number of links that go from P n Similarity to a driving query Q IS(P, Q)= <w 1, …, wn >P o <w 1, …, wn >Q wi=0 for ith word from the lexicon not in document, else wi=f * idf, f – frequency of the ith word in the document idf – inverse document frequency of the ith word An Introduction to Internet Banking SSGRR 2001 113
Скачать презентацию An Introduction to Internet Banking Milos Kovacevic milos grf
3958a2fa15f1b845ad662ce4b359a884.ppt