Home Banking System Security Overview

The diagram below illustrates an overview of how a Home Banking User’s session will be handled.The User begins the session by connecting to the Internet using a Web Browser and requesting to connect to our Home Banking system. Even before the User can attempt to access the system, their Web Browser must support an encryption protocol called Secured Sockets Layer or SSL. SSL provides for data encryption, server authentication, and message integrity for the Internet connection. Most important, it provides a security “handshake” that is used to initiate the connection into the Home Banking system. If the Browser does not support the correct level of security, connection through the Firewall to
Internet
Firewall Security
Transaction Server
WEBServer
Firewall Security
Customer Database
Home Banking User

the Web Server is not made. The Five Online System supports data encryption at the highest level available (currently 128 Bit). Check your browser manufacturer’s Website for updates if it does not currently support this level of encryption. Once it has been determined that the Browser has SSL 128Bit encryption, requests for online banking information are passed through the Firewall to the Web Server. The User is then challenged by the Web Server to provide proper access information, such as a Login and Password. Once access is authenticated, the actual session is started on a
Transaction Server. In order for the Transaction Server to properly process session requests, it needs to have the ability to interact and communicate with the User’s information at the Bank. Through a higher level of security features, which include Private Data Lines, Firewalls, and Intrusion Detection / Security systems, the Transaction Server is then connected up to the User’s account information residing on the Bank’s main computer system. The User can then perform a variety of banking functions, such as balance / transaction inquiries, transfers between accounts, and Bill Payments. Fall River Five Cents Savings has gone to great measures to insure that your online banking experience safe and secure. However, security is also something you as a User must insure from your side. Never disclose your Login and Password to anyone, not even Bank Employees. Insure that this information in not easily available to anyone who may try to gain access to your information. If you feel that your Login/Password has been compromised, contact the Bank immediately.

Security for Banking and Finance

Banking and Finance Banks and Financial institutions have always been attractive targets for crime due to the high volume, high value transactions that take place on their premises on a daily basis, both as physically at high street branches and electronically.

Protecting customer data and financial systems is a major issue for all financial institutions; although electronic breaches of security are still prevalent in the media, the issues are well documented and companies in the financial sector have moved significantly to take control of their network security.

The most comprehensive network security system, firewalls and encryption can be compromised (and frequently are) by an unauthorised visitor accessing insecure data rooms or unattended workstations. According to most experts, the majority of computer crime is perpetuated not by criminals hacking in from outside, but by disaffected or opportunistic employees.

Security breaches
Quite apart from the legal implications of such action, the cost to businesses can be very high. According to the Department of Trade and Industry in 2002, the average cost of each serious incident is £30,000 and several companies reported breaches costing more than £500,000 with more than 44% of all UK businesses have experienced at least one malicious security breach in the last year.

With opportunism accounting for
such a high proportion of computer and data security breaches, what can be done enable companies to ensure that they comply with the law and protect their own interests at the same time?

Workforce education plays an important role, forcing changes to passwords regularly, using a combination of letters and numbers and emphasising the importance of not revealing passwords to anyone are simple first steps that can be taken.

Entire premises and in particular Data rooms and server centres can be protected by biometric access control or even more effectively with a combination of biometric and smart card systems, thus ensuring that an unauthorised visitor cannot steal a card and access high security areas 'legitimately'.

For Banks that have a wide branch network, a remote surveillance system based on a WAN network or with IP Network cameras can be used to enable security management on a nationwide basis.

Integrated systems
An integrated system of cameras and access control or intrusion detectors in areas of high security allows building management or security staff to view any area as soon as an alarm is triggered or a door is opened, giving them the immediate ability to determine the person's authenticity.

Alarms linked to the access control system can be fitted to laptops and other easily portable but highly valuable computer equipment, thus ensuring that an alarm will sound if it is removed from the building without authorisation.

G4S Security Systems can provide you with a comprehensive review of your physical security arrangements and devise a strategy that compliments your existing virtual

Solutions for Banking, Finance & Insurance

Internet Security Systems (ISS) helps banking, finance and insurance institutions cost-effectively improve their information security processes to meet security best practices and achieve regulatory compliance.
Protect Customer Confidentiality
Your customers depend on you to manage their financial well-being and safeguard their confidential information. Meanwhile, Internet-based attacks against financial institutions are increasing in frequency and sophistication, and regulatory requirements are placing additional demands on your staff. Make sure your networks are up to the challenge.
ISS Can Help
At the leading edge of information security, ISS solutions protect some of the world’s largest financial institutions, including banks, insurance companies and investment firms. ISS works with financial industry customers to cost-effectively protect customer data, helping to minimize risk and comply with industry regulations.
Regulatory Compliance
Governments have passed numerous regulations on data privacy and protection in response to increased threats to consumers. Regulations such as Gramm-Leach Bliley (GLBA), Sarbanes-Oxley (SOX) and California Senate Bill 1386 require financial institutions to protect customer data and report security breaches.
To help you meet these requirements, ISS will conduct a thorough gap analysis of your current security state and compare it to requirements for security best practices. Then, ISS works with you to design and implement solutions to close those gaps and ensure you meet regulatory compliance and reporting requirements.
Payment Card Industry (PCI) Standard
Industry initiatives such as the Payment Card Industry (PCI) standard require organizations to follow specific guidelines for protecting customer data. Failure to comply with these measures may result in severe consequences.
As a Qualified Data Security Company (QDSC), ISS has met the requirements to perform PCI data security assessments. All ISS security assessments are conducted by Qualified Data Security Professionals (QDSPs) who have in-depth experience in market and compliance requirements.
ISS is also a Qualified Payment Application Security Company (QPASC), having met the requirements to perform PCI Application Security Assessments and validate payment applications. ISS Qualified Payment Application Security Professionals (QPASPs) conduct these assessments.
Online Fraud Management
Ensuring the security of your customers’ data is critical. The costs of a security incident could be substantial, both for your customers and your organization. Unfavorable publicity alone could result in lost revenue and the loss of customer trust. ISS offers a multi-layered solution to prevent information theft, including system design and implementation, policy development, information and application security assessment, and employee training.
Cost-effective Security
Faced with protecting a complex and widespread infrastructure, organizations like yours are working to reduce operational costs, and optimize IT and security investments. ISS uses a proven methodology to analyze and prioritize risks, allowing you to remediate issues cost-effectively and in order of importance.
The Internet Security Systems Protection PlatformISS delivers preemptive security solutions that protect you “ahead of the threat.” The ISS protection platform secures your IT infrastructure, ensuring business continuity and enabling cost-effective processes while supporting compliance and risk management requirements.
ProductsInstall products from the ISS protection platform to stop Internet threats before they impact your operations. ISS offers fully-integrated, end-to-end solutions that prevent attackers from compromising your desktops, laptops, servers, networks and remote locations.
Managed Security Services Outsource your information security management to ISS and realize cost-savings of up to 55%. ISS' Managed Security Services deliver the expertise you need to secure your information assets24/7, and offer the industry’s only money-back protection guarantee.*
Professional Security Services Rely on ISS’ consulting services to help reduce your exposure to information security threats and achieve regulatory compliance. ISS’ expert consultants work with you to identify security concerns, then design and deploy effective solutions. ISS’ consulting services include penetration testing, security assessments, policy development, emergency response services, forensic analysis, staff augmentation and deployment