Professional Documents
Culture Documents
OF BANKING
MODULE C
BANKING TECHNOLOGY
CORE BANKING
NTRODUCTION
More and more innovations are being introduced in both the
cash payment systems.
Banking paper instrument: Cheques and Credit Transfer
Networking of ATMs
For optimising the cost on investments in ATMs, Banks joined together in
small clusters to share their ATM networks. In order to facilitate interoperability among these clusters at the national level, the IDRBT has
initiated the process of setting up a National Financial Switch to
facilitate apex level connectivity of other switches established by banks.
IBA was the first to set up a shared network system (SPNS) or SWADHAN
network of ATMs of its member banks in mumbai. The network went live
on 01/02/1997.
Objective: 24*7 electronic service to customer of member bank in
mumbai
ATM Customer Interfac
The following components of the ATM provide the customer interface:
a) Video Display Monitor
b) Keyboard/Keypad
c) Touch Screen
d) Slots : Card Reader, Cash Dispenser, Envelope Dispenser, Deposit Slot
Electromagnetic Cards
Smart Cards
Plastic Card with an INTegrated Circuit IC Chip installed
The IC chip contains memory, may contain a processor, and
communications with the external world through contacts
on the surface of the card.
The size , position and utility of the contacts are specified
by an international standard (ISO 7816) so that the card
interact with a variety of equipment.
Types: Intelligent Memory Chip and Micro processor Cards
Processor smart cards are the most advanced and are
ideally suited foe banking & financial applications where
reuse of the card is allowed.
ISO 7816 defines the physical features and the
communication protocol
ISO 10202 defines the security features.
ELECTRONIC BANKING
1. Anytime Banking
2. Anywhere Banking
3. Home Banking
Corporate Banking
Personal Banking: Telebanking,
4. Internet Banking
5. Mobile Banking
CHEQUE TRUNCATION
Data Mining
Data Mining is a technique to reveal the strategic information hidden in
the data warehouse. It is the process of automatically finding patterns
and relations in large databases.
Storage of data warehouses and their extraction through data mining
techniques can be applied in:
Loan risk analysis, Credit risk analysis, stock portfolio creation & analysis
ROLES AND USES OF TECHNOLOGY UPGRADATION
Data and Message Transferring
Electronic Data Interchange (EDI)
Banks have been using EDI in the form of SWIFT messages.
IN India, VSNL provides Gateway for Electronic Data Interchnage
Services (GEDIS) worldwide.
EDI is usually referred to as electronic funds transfer (EFT).
Electronic Mail
E-mail is basically used for transmitting unstructured messages.
Corporate Websites
Used for marketing products and services
The banks are using websites for follwing purposes:
Dissemination of information, Financial Advice, Selling financial
services,
Account services, Gateway to the internet.
Management Information System (MIS)
The concept of MIS places particular emphasis on the
availability of data and the ease, with which it can be analysed
and turned into meaningful information for managerial decision
making.
Computer based information Systems
Decision Support System : ad hoc report generations, statistical
analysis,
graphics, tools to analyse what
if analysis.
IMPACT OF IT ON BANKS
33. SECURITY
CONSIDERATIONS
RISK CONCERN AREAS
Data and Software : A lack of control over data can lead to frauds
by unscrupulous elements.
Infrastructure : Computer servers, terminal, disk, printers,
controllers, modems, switches, UPS, power supply all ths are required
to be in place.
Peopleware : Group of persons
DIFFERENT TYPES OF THREATS
Accidental Damages : Environmental Hazards, Human Erros &
Ommisions
Unreliable systems
Malicious Damages: Interruption in services, Frauds
CONTROL MECHANISM
Physical Controls : Control over assets, over outputs, smoke
detectors,
fire extinguishers, protection against
hardware failures
Internal Controls : Accounting control & Administrative control
Operational Control :
Audit Trails: chronological record of all events occuring in a system
for tracing of irregularities and to detect consequences of error.
Data Encryption: process of systematic encoding of data before
transmitting so that an unauthorised person cant decipher it.
COMPUTER AUDIT
A regular programme of independent tests of security and control
procedures by auditors help in identifying lapses.
Aim: evaluation of the asset safeguarding, data integrity , system
effectivenss, and system efficiency.
Audit Approaches :
Audit around the computer: examines internal control system
of the computer installation, input-output of the application
system
Does not work with systems that are complex and auditors cant
anticipate any problems that may come up due to deficiencies in
software.
Audit through the computer :
Useful when: application system is complex
IS AUDIT
This audit is carried out through the IT systems with the aid of
Computer Aided Audit Tools and Techniques CMTTs. CMTT is a
readily available user friendly software and various types are
used, with relevance to the purpose of IS audit.
Objective: to determine whether a computer system could
safeguard its assets (hardware, software, and data).
IS SECURITY
Objective
CONFIDENTIALITY : To prevent unauthorized discloure of inf
INTEGRITY: To prevent the accidental or unauthorized deliberate
alteration or deletion of information
AVAILABILITY
Controls Required
User ID password, Authorisation, Access control, Alternate
authentication
Control
IS SECURITY IN BANKING
Threats to IS security
Email Viruse, Phishing Attacks etc.
Measures to ward off threats
IS security assessment,
Firewalls for data integrity
Change management of computer hardware and software
EVALUATIN REQUIREMENTS
Computer Hardware
Computer Software
Data
Communication channels
Disaster recovery Management for Computer environment
Disaster is any event which results in direct denial or
stoppage of essential business functions for a considerable
period of time.
Business Impact Analysis (BIA)
Before devising any Distaster recovery plan, BIA must be
carried out.
Disaster Recovery Planning
Phases of Distaster Recovery Planning:
Awareness, Preparation, Testing, Recovery
1.
2
a)
b)
c)
d)
e)
Objective of IS audit is
Conidentiality
Integrity
Avaiability
All of the above
None of the above
6. Expand EFT
A) Electronic Foreign Transfer
B) Electronic Foreign Telecommunication
C) Electronic Fund Transfer
D) Electronic Fund Trade
E) none of the above
7. The credit card offers
A) revolving credit for certain period
B) online recovery of credit
C) pay off entire amount of card usage
D) all of the above
E) none of the above
8. Cheque truncation can be done by
A) using MICR data
B) sending cheque by speed post
C) using image processing D) A & C
E) none of the above
15 . Communication Technology
A) facilitates the processing of data B) helps in transmission of data
C) enables decision support system D) is a tool for data mining
16. Banks can use a corporate website for
A) dissemination of information
B) financial advice
C) accounts sevices
D) selling products
E) all of the
above
17. The phases of distaster recovery panning are;
A) awareness
B) preparation C) testing
D) recovery
E) all of the above
18. A typical computerised environment constitutes;
A) softaware, hardware, data
B) hardaware software UPS
C) software, modem, networking D) software, people data
19. Objective of iS security is to ensure
A) Confidentiality
B) integrity
C) availability
D) all of the above
E) none of the above
1) b
2) d
3) c
4) b
5) b
6) c
7) a
8) d
9) a
10) e
11) d
12) e
13) a
14) b
15) b
16) e
17) e
18) a
19) d
20)a