Unit - 4 Lesson - 2 Automated Clearing House Notes
E-Commerce
Unit - 4 Lesson - 2
Automated Clearing House
Automated Clearing House
1. This platform is used for clearing money transfer from sender to receiver with authorization. Transfer of money in digital mode.
2. Approximately 170 member banks and 1203 sub-members banks are part of this National Automated Clearing House, ACH.
3. There are 11 million transactions done per day during the year 2019-2020
4. It has a capacity of handling 175 million transactions per day.
Automated Ledger Posting
Features :
1. Maintain ledgers online
2. Posting can be done automated manner
3. Trail Balance and Balance Sheet prepared with software.
4. Adjustments of pending transactions can settle with banks online.
Emerging modes and systems of E-payment (Mpaisa, Paypal and other digital currency)
E-payment Risks
Internet Banking Risks : Internet banking creates new risk control challenges for national banks. Risk is the potential that events, expected or unexpected, may have an adverse impact on the banks earnings or capital. The risks are credit, interest rate, liquidity, price, foreign exchange, transaction, compliance, strategic, and reputation.
Credit Risk : Credit risk is the risk to earnings or capital arising from an obligor's failure to meet the terms of any contract with the bank. It arises any time bank funds are extended, committed or exposed through actual or implied contractual agreements, whether on or off the bank's balance sheet.
Interest rate Risk : Interest rate risk is the risk to earnings or capital arising from movements in interest rates. Internet banking can attract deposits and loans from a larger pool than other forms of marketing. Greater access to customers who primarily seek the best rate or term reinforces the need for managers to maintain appropriate asset/liability management systems.
Liquidity Risk : Internet banking can increase deposit volatility from customers who maintain accounts solely on the basis of rate or terms. Increased monitoring of liquidity and changes in deposits and loans may be warranted. Asset/liability and loan portfolio management systems should be appropriate for products offered through Internet banking
Price Risk : Banks may be exposed to price risk if they create or expand deposit brokering, loan sales, or securitization programs as a result of Internet banking activities. Price risk is the risk to earnings or capital arising from changes in the value of traded portfolios of financial instruments.
Foreign Exchange Risk : Banks may be exposed to foreign exchange risk if they accept deposits from non-U.S. residents or create accounts denominated in currencies other than US dollars. Risk can be intensified by political, social or economic developments. Appropriate systems should be developed if banks engage in these activities.
Transaction Risk : Banks that offer financial products and services through the Internet must be able to meet their customers' expectations. Customers will expect continuous availability of the product and Web pages that are easy to navigate. Banks must also ensure they have the right product mix and capacity to deliver accurate, timely, and reliable services. Banks should have sound preventive and detective controls to protect their Internet banking systems. High levels of system availability will be a key expectation of customers. Banks that offer bill presentment and payment will need a process to settle transactions between the bank, its customers and external panics.
Compliance Risk : Compliance risk is the risk to earnings or capital arising from violations of, or non-conformance with, laws, rules, regulations, prescribed practices, or ethical standards. Compliance risk can lead to diminished reputation, reduced franchise value, limited business opportunities, reduced expansion potential, and lack of contract enforceability.
Strategic Risk : Strategic risk is the impact on earnings or capital arising from adverse business decisions, improper implementation of decisions, or lack of responsiveness to industry changes. Some banks may offer new and product and services via the Internet. It is important that management understand the risks and ramifications of these decisions.
Reputation Risk : Reputation risk is the impact on earnings and capital arising from negative public opinion. Bank's reputation can suffer if it fails to deliver on marketing claims or to provide accurate, timely services. National banks need to be sure that their business continuity plans include the Internet banking business.
Risk Management : Financial institutions should have a technology risk management process to enable them to identify, measure, monitor, and control their technology risk exposure. The OCC's objective is to determine whether, bank is operating its Internet banking business in a safe and sound manner. Examiners will determine whether the level of risk is consistent with the hank's overall risk tolerance.
Internal Controls : Management has ultimate responsibility for developing and implementing a sound system of internal controls over the bank's Internet banking technology. Internal controls over Internet banking systems should be commensurate with all institution's level of risk. Regular audits of the control systems will help ensure that they are appropriate and functioning properly. ISACA separates internal controls into three general categories. Operational controls - Used to ensure that business objectives are being met.
Preventive and detective controls - Identify an action that has occurred. Log-on violations - Look for patterns of suspect activity including unusual requests, timing, or formats.
SECURITY REQUIREMENT OF ELECTRONIC PAYMENT SYSTEM
1. Authentication : Transactions on the Internet or any other telecommunication network must be secure to achieve a high level of public confidence. Customers and banks need assurances that they will receive the service as ordered or the merchandise as requested. Internet banking systems should employ a level of encryption that is appropriate to the level or risk present in the systems. A national hank should conduct a risk assessment in deciding upon an appropriate level of encryption. Use of biometrics is not yet considered mainstream, but may be used by some banks for authentication. Biometric devices may take the form of a retina scan, finger or thumb print scan, facial scan, or voice print scan.
2. Trust : Digital certificates may play an important role in authenticating parties and thus establishing trust in Internet banking systems. Ensuring that information will not be accidentally or maliciously altered or destroyed, usually during transmission. A proper mix of preventive, detective, and corrective controls can help protect national banks from these pitfalls.
3. Privacy : Privacy is a consumer issue of increasing importance and concerns over the proper versus improper accumulation and use of personal information are likely to increase with the continued growth of electronic commerce and the internet. Providers who are sensitive to these concerns have an advantage over those who do not.
4. Non- Repudiation : Non-repudiation is the undeniable proof of participation by both the sender and receiver in a transaction. It is the reason public key encryption was developed, i.e., to authenticate electronic messages. State laws are not uniform in the treatment of electronic authentication and digital signatures.
5. Availability : National banks and their vendors who provide Internet banking products and services need to make certain they have the capacity in terms of hardware and software to consistently deliver a high level of service. Monitoring capacity, downtime, and performance on a regular basis will help management assure a high levels of availability for their Internet banking system.
Security Socket Layer (SSL)
Secure Socket Layer (SSL) is a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data a public key known to everyone and a private or secret key known only to the recipient of the message. The SSL provides end-to-end secure data transmission between the web server and the web client. It is sandwiched between the Transmission Control Processing/Internet Protocol (TCP/IP) and the application layer. Unlike TCP/IP that offers only reliable racket transfer, SSL ensures secure packet transfer.
Biometrics
Biometric technologies identify or authenticate the identity of a living person on the basis of a physiological or physical characteristic (something a person is). Physiological characteristics include fingerprints, iris configuration, and facial structure. The process of introducing people into a biometrics based system is called "enrollment". The first block (sensor) is the interface between the real world and the system. The second block performs all the necessary pre- processing: it has to remove artifacts from the sensor. In the third block features needed are extracted.
A biometric system consists of
• Input interface for biometric image capture
Digital signal processor for biometric image processing
• Output interface to communicate the results and control access to the secured asset
How Biometrics Security Works
Eyes - Examining the lines of the iris or the blood vessels in the retina; Hands-Taking a 3D image and measuring the height and width of bones and joints.
Skin- Analyzing surface texture and thickness of skin layers.
Voice - Detects vocal pitch and rhythm;
Keystroke Dynamics- Analyzes the typing speed and rhythm when the user ID and password are entered; .
Signature - Matches the signature to one on record, as well as and pressure used while writing, and analyzing the speed
Gait - Measures length of stride and its rhythm.
Power management components for efficient power supply regulation and supervision. Today's biometrics don't have to store or analyze a complete picture of the body' put or the physical feature being used. Instead, each method reduces the body part or activity to a few essential parameters and then codes the data. None of these biometric systems are infallible, of course.
Elements of a biometric system
1. A sensor unit that represents the interlace between the user and the machine. This is the point where the biometric trait is acquired;
2. A database unit where all the enrolled biometric 'templates are being stored and where the templates are being retrieved from in the authentication process;
3. A matching unit that compares the newly acquired biometric template with the templates stored in the database and based on decision rules determines either if the presented biometric is a genuine/impostor or if the user is identified or not.
Kinds of Biometrics
Facial Recognition : A facial recognition system uses a computer algorithm to identify or verify a person. Facial recognition emphasizes features that are less susceptible to alteration. It can be defeated by pointing the camera at a high-resolution video monitor playing a video of an authorized user, and can also he defeated by the use of a severed head.
Voice Recognition : Voice recognition analyzes how you say something, versus what you say in speech recognition. Voice and speech recognition can in fact function simultaneously using the same utterance. Voice recognition has good user acceptance and requires little training to use. It's less accurate than other biometric systems and can entail length enrollments requiring multiple voices.
Protection of mobile phone using voice recognition : Voice data is stored in the Flash ROM (8M) which is available inside the mobile phone. If the user is authorized, he is allowed to continue his talk. If not the transmission is cut abruptly by making the MP in idle state.
Iris Recognition : Iris recognition is proving to be highly reliable technology with a very 100v false match rate. An iris scan in-volves a small moving target located behind a curved, wet, reflecting surface. Advanced devices may vary the light shone into the eye and watch for pupil dilation.
Fingerprints : The use of fingerprints to identify people has been around for over a century. Traditional means of fingerprint recognition employ Optical, Captive Resistance/Pressure, and Thermal scanning technologies. Testing has shown that the elderly, manual laborers and some Asian populations are more likely to be unable enroll in some of the traditional fingerprint systems. Fingerprints have proven highly reliable and accurate over the years, but they can be affected over time by such things as years of manual labor or physical injury. Fingerprint capture technology is easily accommodated on a cell phone, with sensor sizes ranging from 12 mm 5 mm to about 15 cm x 15 cm.
Protection of mobile phone using fingerprint recognition : When user wants to purchase mobile, the mobile manufacture has to take the finger print of the owner and it must be stored permanently in the database of the mobile. The database here can be either ROM or Smart cards, This image will be used in future for the verification of the authorized user.
Fingerprint Security : Authentic has manufactured 95% of the fingerprint biometric scanners that are currently used in mobile phones. It's scanners can be small and unobtrusive to look at and they have been designed-in to many mobile phones, particularly in Asia. Pantech was the first manufacturer to use fingerprint scanners to secure its mobile phones before Authentic.
Biometric Systems Benefits
1. It doesn’t require cooperation. Some biometric systems as face recognition, gait recognition, odor recognition or face thermograph don’t require that the user cooperates so that the biometric is collected. Biometric systems prove useful in train stations, airports, stadiums etc., to identify wanted felons.
2. It guarantees physical location of the user. It can be determined with certainty that the user was that the point where the biometric was collected at the time when the biometric was collected.
3. It has high-throughput. When there is a need to identify a person from a large population, automatic biometric identification may be the only efficient solution.
4. The biometric trait is unforgettable. Unlike the classic passwords that need to be remembered, biometric traits cannot be forgotten because they represent something that the user is: physically, behaviorally or chemically.
5. The biometric trait cannot be lost. Unlike authentication tokens. Id cards or pass- words written on a piece of paper, biometric traits cannot be lost. It cannot be shared. Due to their nature biometric traits cannot he shared between users. This ensures that the user that logs in the system is the actual user and not a colleague that is trying to help.
Non-Hardware-Based One- Time-Password Scratch Card : Scratch cards are less-expensive, "low-tech" version of the OTP generating tokens. The card similar to a bingo card or map location look-up. Usually contains numbers and letters arranged in a row-and-column for. The size of the card determines the number or cells in the grid.
Out-of-band Authentication : Out-of-band authentication allows the identity of the individual originating transaction to be verified through a channel different from the one the customer is using. This type of layered authentication has been used in the commercial banking/brokerage business for many years. Layering approach precludes unauthorized transactions and Identifies dollar amount errors.
IP Address (Internet Protocol Address) Location and Geo-Location : IPA verification or gee-location may prove beneficial as one factor in multifactor authentication strategy. Some software products identify several data elements, including location. It may not be suitable for some wireless net- works that can also access the Internet such as cellular/digital telephones.
Mutual Authentication : Most financial institutions do not authenticate their Web sites to the customer before collecting sensitive information. Mutual authentication provides a defense against phishing and similar attacks. Financial institutions can aid customers in differentiating legitimate sites from spoofed sites. Digital certificate authentication is generally considered one of the stronger authentication technologies.
Customer Verification Techniques : A financial institution can verify a potential customer's identity by comparing the applicant's answers to a series of detailed questions against information in a trusted database (e.g. a credit report). Financial institutions still must rely on traditional forms of personal Identification and document validation combined with electronic verification tools.
Few Tips for Safe Internet Banking
Secure Your System
1. Always download and install authorized operating system updates,
2. Run and maintain an anti-virus product Oil your home computer and update regularly.
3. Use a personal firewall.
4. Do not run or install programmes of unknown origin.
5. If using a local area network (IAN) contact your administrator and seek the availability of email gateway filtering for specific tile attachments.
Secure Your Passwords
1. Do not give your PIN or password to anyone else, including bank staff or Police
2. If you suspect your Internet banking password has been compromised, change it As soon as possible.
3. Avoid using your birth date or name as your PIN or password. Passwords should Be alpha numeric i.e. pencil37.
4. Avoid storing passwords on your computer.
5. Do not set up your computer so it ‘auto completes’ or saves your password ie.. do not tick the “remember this password” box.
Suspicious? Report It
If you think you may have been taken in by or received a phishing scam, or that you may have received a virus that enables someone to access your account details, report immediately to your financial institution.
COMPARISON OF DIFFERENT PAYMENT GATEWAYS : An internet e-commerce payment gateway is a critical infrastructural component ensure that such transactions occur without an hitches and in total security over electronic networks. Gateways act as a bridge between the user's website and the financial institutions the process the transaction.
The summary of Unit - 4 Lesson - 2
Automated Clearing House summarise from the content of Book of School of Open Learning. © School of Open Learning
