m




  


Ô
 
   
  

Today¶s banking platforms need to cope with continuously

changing business environments, and a continuous flood
of new requirements, while staying sufficiently agile.

Banking platform renewal requires thorough preparation

based on a business foundation, including a description of
what functionality the business side can expect.

½
 

 
 
 

 
 

  
 
 
˜

ΠThe XCOM Group is a Full Service Provider for the
Financial Services Industry in the area of eBanking

ΠXCOM AG has the four large German private banks

as their customers (Deutsche Bank, Dresdner Bank,
Hypovereinsbank, Commerzbank), as well as some
regional private banks and special institutions.

ΠXCOM AG has decided for expanding its business

internationally.
       
Π  is about electronic banking transactions

Π  is meant to at least partially replace traditional branch

office functions

Π 
is a expanding sales channel for banks

Π 
Is a dynamic high tech channel, highly competitive,

international and customer oriented

Π  the basis for STP processing

Π  bank access 24 x 7 on a worldwide scale



 



Œ oom for improvement³, particularly in the area of

Internet banking for retail customers
ΠCustomer acceptance issues
ΠPressing security issues
ΠMany different and costly products offered for
improving security, which one to select ?
ΠFraud losses
ΠOperational cost issues
ΠCost savings vs. traditional banking transactions not
as high as projected



 

ΠIn Germany, the number of bank branches has been

declining since 1991
Πow, the number of bank branches is increasing
again !
(HADELSBLATT, Donnerstag, 06. April 2006)

ΠIn 2005, the total number of branches increased

by 2.6 %
Πhat are the reasons ?




ΠCurrent eBanking is somewhat unpractical and does

not provide the level of personal comfort known from
branch banking
ΠLack of individual consulting
ΠFear from online fraud and subsequent hassle
Œ Banks need 2nd Generation eBanking³ !
ΠA quantum leap in Security is required
ΠBetter personalization ...
    

"" 
Œ Available ³around the clock´
Πfailsafe


ΠAuthentity, Integrity
ΠIdentity, Confidentiality
! 
Πmulti protocol capability
Πmulti language capability




ΠGenerating new channels and products

Many
to
many³
£ 
  

 
ΠMultiple frontends, multiple backends, each connection
implemented separately high project cost !
Πunning front end solutions on standard servers causes high
system management cost due to the required security patching
ΠEach frontend needs separate access control and workflow
provisioning
Πhen problems come up: Difficult to trace, as frontends typically
have separate logfiles «
ΠChanging components cause high project cost, as multiple
interfaces are affected
ΠHigh maintenance cost
ë

 

Hub and spoke³

 



Πery high availability

ΠHigh scalability
ΠCentral logging
ΠCentral user and security administration
ΠProvides the business logic
ΠEasy to modify:
ΠBusiness transactions
ΠCommunication protocols
ΠSecurity mechanisms
ΠCentral security administration
 


  

ΠFrontend systems:
ΠBrowser
banking
ΠExternal systems run by the customer
ΠTelephone banking
ΠHotline/Support

ΠFrontend integration via standard interfaces

Πational / international standards
ΠIndustry standards, e.g ebServices
ΠBusiness transactions are XML
defined
ΠStandardized security functions, eg. XML
En
/Decryption, XML
Signature /
dynamic passwords
 ‰ 


Load

Frontend Middleare Backend

!

 

 


 
 
Πery hard to build a secure system on a vulnerable
platform
Πno known vulnerabilities on HP onStop ...




ΠStaged attacks, affecting the bank and/or customers

ΠExamples
ΠPhishing
deceive customers to provide personal IDs (PI),
passwords and transaction numbers (TA)
ΠTrojans capturing security
relevant information via
malicious code (in the end user¶s PC or on the bank server)
ΠTrojans creating fake transactions

Πust using firewalls and virus scanning software is not

enough !






ΠSecure authentication
Πse one
time passwords when logging on to the frontend
Πuantum leap in security by two
channel approach
ΠEnd user creates transaction and transmits it to the bank
ΠElektronic signature is supplied via a separate channel, which
cannot be affected by malicious code

# $ " "  "    %Ô" 

 &!  '   " ' % (


 


ΠThe bank system needs to be flexible, to allow easy

integration of new security technology
ΠAll business transactions need to be centrally logged
ΠBusiness Intelligence functionality to improve
security, eg. data mining, blacklist generation etc. to
combat fraud
"#
$%




&   

&
ΠXCOM eBanking with TISTATM
Server
ΠSupports wholesale and retail banking
Πmulti
institution, multi
language support
Πmulti channel support
Œ Optimized for the Ô ) platform (based on Pathway)
ΠHigh scalability, failsafe operation, no vulnerabilities
ΠModular application structure
Πo foreign software within the kernel
ΠonStop S L support using S L/MX
ΠFlexible interfaces for backend integration (communication
using server classes without protocol switching)
ΠSupports various security technologies, eg. alimo mobile ID
management, two
factor authentication tokens etc.)
*betrifft C/C++
ersion


&   

&

ΠTISTATM
Server
ΠProvides limit management (order limits, rolling limits incl.
currency conversions)
ΠDistributed electronic signature schemes
ΠData conversions (eg. creation and decomposition of
MT/S..I.F.T messages)
ΠHandling of orders with future execution (dated orders,
standing orders)
# 
  

ΠCentral security administration

Πcentral tracking facility for business transactions
ΠFailsafe 24 x 7 operations, including business
continuity functions (eg. remote backup center)
Πcentral monitoring operational and business
statistics available in real time
ΠData warehouse functionality to support flexible
analysis over extended periods


&   

&

ΠXCOM eBanking Components (ebFiliale)

ΠBrowser based online banking system suites for private
customers as well for business use
Πproviding a combination of professional functions and simple
use
ΠCan be installed easily on 2EE compliant application
containers/servers
Œ Data transfer between customerµs web browser an the
remote application is secured by encryption
ΠMulti language support from day one
ΠSupport electronic signatures, eg. alimo mobile ID mgmt.


&   

&

hy is HP onStop more secure ?

ΠBuilt for security from day one worldwide leader in

electronic paments
Πot a single known case of electronic fraud without
possesion of the required security credentials
(serIDs, passwords, PIs etc.)
ΠSophisticated protection against internal attacks, eg.
separated roles/functions for system administrators
and security managers
ΠSophisticated protection against external attacks,
the common attack schemes like Buffer Overflow
just donµt work on HP onStop systems


&   

&
hy is HP onStop more secure ?
Πo known vulnerabilities on HP onstop, hence no
security patching
ΠLimited threat potential HP onStop is used only
in business
critical areas within large enterprises.
onstop hardware, software and in
depth system
knowhow is definitely out of reach for the average
hacker
ΠHighest level of security at lowest operational cost
Πo security patching means elimination of the
related efforts, costs, operational risks and
downtimes


&   

&

ΠXCOM Group has designed and implemented

new concepts in eBanking in Germany, with
considerable success in the German market
ΠIn cooperation with HP, we are ready to bring
modern eBanking with much more security to
the international banking community