Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
gobi arts

gobi arts

Ratings: (0)|Views: 6 |Likes:
Published by bhuvaneshkmrs

More info:

Published by: bhuvaneshkmrs on Apr 01, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less





One of several comprising the FFIEC Information Technology ExaminationHandbook (IT Handbook), provides guidance to examiners and financial institutions onidentifying and controlling the risks associated with electronic banking (e-banking)activities. The booklet primarily discusses e-banking risks from the perspective of theservices or products provided to customers. This approach differs from other bookletsthat discuss risks from the perspective of the technology and systems that supportautomated information processing. To avoid duplication of material, this booklet refersthe reader to other IT Handbook booklets for detailed explanations of technology-specificissues or control.
E-banking is defined as the automated delivery of new and traditional bankingproducts and services directly to customers through electronic, interactive communicationchannels. E-banking includes the systems that enable financial institution customers,individuals or businesses, to access accounts, transact business, or obtain information onfinancial products and services through a public or private network, including theInternet. Customers access e-banking services using an intelligent electronic device, suchas a personal computer (PC), personal digital assistant (PDA), automated teller machine(ATM), kiosk, or Touch Tone telephone. While the risks and controls are similar for thevarious e-banking access channels, this booklet focuses specifically on Internet-basedservices due to the Internet’s widely accessible public network. Accordingly, this bookletbegins with a discussion of the two primary types of Internet websites: informational andtransactional.
E-banking systems can vary significantly in their configuration depending on anumber of factors. Financial institutions should choose their e-banking systemconfiguration, including outsourcing relationships, based on four factorsStrategic objectives for e-banking;Scope, scale, and complexity of equipment, systems, and activities;Technology expertise; andSecurity and internal control requirements.Financial institutions may choose to support their e-banking services internally.Alternatively, financial institutions can outsource any aspect of their e-banking systemsto third parties. The following entities could provide or host (i.e., allow applications toreside on their servers) e-banking-related services for financial institutions:Another financial institution,Internet service provider,Internet banking software vendor or processor,Core banking vendor or processor,Managed security service provider,Bill payment provider,Credit bureau, andCredit scoring company.E-banking systems rely on a number of common components or processes. Thefollowing list includes many of the potential components and processes seen in a typicalinstitution:Website design and hosting,Firewall configuration and management,Intrusion detection system or IDS (network and host-based),
Network administration,Security management,Internet banking server,E-commerce applications (e.g., bill payment, lending, brokerage),Internal network servers,Core processing system,Programming support, andAutomated decision support systems.These components work together to deliver e-banking services. Each componentrepresents a control point to consider.Through a combination of internal and outsourced solutions, management has manyalternatives when determining the overall system configuration for the variouscomponents of an e-banking system. However, for the sake of simplicity, this bookletpresents only two basic variations. First, one or more technology service providers canhost the e-banking application and numerous network components as illustrated in thefollowing diagram. In this configuration, the institution’s service provider hosts theinstitution’s website, Internet banking server, firewall, and intrusion detection system.While the institution does not have to manage the daily administration of thesecomponent systems, its management and board remain responsible for the content,performance, and security of the e-banking system
In addition to traditional banking products and services, financial institutions can providea variety of services that have been designed or adapted to support e-commerce.Management should understand these services and the risks they pose to the institution.This section discusses some of the most common support services: web linking, accountaggregation, electronic authentication, website hosting, payments for e-commerce, andwireless banking activities.
A large number of financial institutions maintain sites on the World Wide Web. Some

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->