„Future of eBanking, Strategies and Concepts“ITUG Europe 2006, 15th of May, Amsterdam

Vision

Today’s banking platforms need to cope with continuously changing business environments, and a continuous flood of new requirements, while staying sufficiently agile.

Banking platform renewal requires thorough preparation based on a business foundation, including a description of what functionality the business side can expect.

Jost Hoppermann, Forrester Research(from „Vintage Banking Platforms Need Renewal“)

XCOM AG

• The XCOM Group is a Full Service Provider for the Financial Services Industry in the area of eBanking

• XCOM AG has the four large German private banks as their customers (Deutsche Bank, Dresdner Bank, Hypovereinsbank, Commerzbank), as well as some regional private banks and special institutions.

• XCOM AG has decided for expanding its business internationally.

eBanking - Definitions

• eBanking – is about electronic banking transactions

• eBanking – is meant to at least partially replace traditional branch office functions

• eBanking - is a expanding sales channel for banks

• eBanking - Is a dynamic high tech channel, highly competitive, international and customer oriented

• eBanking – the basis for STP processing

• eBanking – bank access 24 x 7 on a worldwide scale

Current Status of eBanking

• „Room for improvement“, particularly in the area of Internet banking for retail customers

• Customer acceptance issues• Pressing security issues • Many different and costly products offered for

improving security, which one to select ?• Fraud losses• Operational cost issues• Cost savings vs. traditional banking transactions not

as high as projected

eBanking on the retreat ?

• In Germany, the number of bank branches has been declining since 1991

• Now, the number of bank branches is increasing again !

(HANDELSBLATT, Donnerstag, 06. April 2006)

• In 2005, the total number of branches increased by 2.6 %

• What are the reasons ?

The need for better eBanking

• Current eBanking is somewhat unpractical and does not provide the level of personal comfort known from branch banking

• Lack of individual consulting• Fear from online fraud and subsequent hassle• Banks need „2nd Generation eBanking“ !• A quantum leap in Security is required• Better personalization ...

Fundamentals of eBanking

Adaptability• multi protocol capability• multi language capability

Trust• Authentity, Integrity• Identity, Confidentiality

Access• Available “around the clock”• failsafe

Complexity in eBanking

• Generating new channels and products

„Many-to-many“

Disadvantages of the traditional approach

• Multiple frontends, multiple backends, each connection implemented separately – high project cost !

• Running front end solutions on standard servers causes high system management cost due to the required security patching

• Each frontend needs separate access control and workflow provisioning

• When problems come up: Difficult to trace, as frontends typically have separate logfiles …

• Changing components cause high project cost, as multiple interfaces are affected

• High maintenance cost

Reducing complexity by MiddleWare

„Hub and spoke“

MiddleWare requirements

• Very high availability• High scalability• Central logging• Central user and security administration• Provides the business logic • Easy to modify:

• Business transactions• Communication protocols• Security mechanisms

• Central security administration

Frontend integration

• Frontend systems:• Browser-banking• External systems run by the customer• Telephone banking• Hotline/Support

• Frontend integration via standard interfaces • National / international standards• Industry standards, e.g WebServices • Business transactions are XML-defined • Standardized security functions, eg. XML-En-/Decryption, XML-Signature /

dynamic passwords

Load scenarios

Load

Frontend MiddleWare Backend

with MiddleWare

without MiddleWare

The Internet is a dangerous place

Secure systems need a secure platform

• Very hard to build a secure system on a vulnerable platform

• no known vulnerabilities on HP NonStop ...

Security issues

• Staged attacks, affecting the bank and/or customers

• Examples• Phishing - deceive customers to provide personal IDs (PIN),

passwords and transaction numbers (TAN) • Trojans – capturing security-relevant information via

malicious code (in the end user’s PC or on the bank server)• Trojans – creating fake transactions

• Just using firewalls and virus scanning software is not enough !

Security functions

• Secure authentication• Use one-time passwords when logging on to the frontend• Quantum leap in security by two-channel approach

• End user creates transaction and transmits it to the bank • Elektronic signature is supplied via a separate channel, which

cannot be affected by malicious code

Example: electronic signature contained in the SIM card of the end user’s mobile phone, verification via GSM network

Further considerations

• The bank system needs to be flexible, to allow easy integration of new security technology

• All business transactions need to be centrally logged• Business Intelligence functionality to improve

security, eg. data mining, blacklist generation etc. to combat fraud

The XCOM and HP solution

eBanking - failsafe and virus-free

• XCOM – eBanking with TRISTANTM-Server• Supports wholesale and retail banking • multi-institution, multi-language support• multi channel support • Optimized for the HP Nonstop platform (based on Pathway)• High scalability, failsafe operation, no vulnerabilities• Modular application structure• No foreign software within the kernel• NonStop SQL support using SQL/MX• Flexible interfaces for backend integration (communication

using server classes without protocol switching)• Supports various security technologies, eg. Valimo mobile ID

management, two-factor authentication tokens etc.)

*betrifft C/C++ - Version

eBanking - failsafe and virus-free

• TRISTANTM-Server• Provides limit management (order limits, rolling limits incl.

currency conversions)• Distributed electronic signature schemes • Data conversions (eg. creation and decomposition of

MT/S.W.I.F.T messages)• Handling of orders with future execution (dated orders,

standing orders)

Operational characteristics

• Central security administration• central tracking facility for business transactions • Failsafe 24 x 7 operations, including business

continuity functions (eg. remote backup center)• central monitoring – operational and business

statistics available in real time• Data warehouse functionality to support flexible

analysis over extended periods

eBanking - failsafe and virus-free

• XCOM – eBanking Components (WebFiliale)• Browser based online banking system suites for private

customers as well for business use • providing a combination of professional functions and simple

use• Can be installed easily on J2EE compliant application

containers/servers• Data transfer between customer‘s web browser an the

remote application is secured by encryption• Multi language support from day one• Support electronic signatures, eg. Valimo mobile ID mgmt.

eBanking - failsafe and virus-free

Why is HP NonStop more secure ?

• Built for security from day one – worldwide leader in electronic paments

• Not a single known case of electronic fraud without possesion of the required security credentials (UserIDs, passwords, PINs etc.)

• Sophisticated protection against internal attacks, eg. separated roles/functions for system administrators and security managers

• Sophisticated protection against external attacks, the common attack schemes like Buffer Overflow just don‘t work on HP NonStop systems

eBanking - failsafe and virus-free

• No known vulnerabilities on HP Nonstop, hence no security patching

• Limited threat potential – HP NonStop is used only in business-critical areas within large enterprises. Nonstop hardware, software and in-depth system knowhow is definitely out of reach for the average hacker

• Highest level of security at lowest operational cost • No security patching means elimination of the

related efforts, costs, operational risks and downtimes

Why is HP NonStop more secure ?

eBanking - failsafe and virus-free

• XCOM Group has designed and implemented new concepts in eBanking in Germany, with considerable success in the German market

• In cooperation with HP, we are ready to bring modern eBanking with much more security to the international banking community