IT Manual for NCC Bank Limited (Advance Level) PDF

Document Details

StunnedVoice

Uploaded by StunnedVoice

Bangladesh Institute of Bank Management (BIBM)

2022

Tags

banking technology IT in finance banking financial technology

Summary

This document is a study material on IT for NCC Bank Limited (Advance Level), focusing on the role of Information Technology (IT) in the banking sector of Bangladesh. It covers topics like the impact of IT on banking, different types of banking technology, and the benefits of e-banking.

Full Transcript

STUDY MATERIAL ON IT FOR NCC BANK LIMITED (ADVANCE LEVEL) February 28, 2022 Bangladesh Institute of Bank Management [BIBM] Dhaka, Bangladesh Advance Level IT Manual for NCC Bank Limited Page | 1 Module: IT (Advance Level) Advisor : Dr. Md. Akhtaruzzaman Director General, BIBM Module Preparation Team...

STUDY MATERIAL ON IT FOR NCC BANK LIMITED (ADVANCE LEVEL) February 28, 2022 Bangladesh Institute of Bank Management [BIBM] Dhaka, Bangladesh Advance Level IT Manual for NCC Bank Limited Page | 1 Module: IT (Advance Level) Advisor : Dr. Md. Akhtaruzzaman Director General, BIBM Module Preparation Team : Md. Nehal Ahmed Professor and Director (DSBM), BIBM : Md. Mahbubur Rahman Alam Associate Professor, BIBM : Md. Foysal Hasan Lecturer, BIBM Bangladesh Institute of Bank Management (BIBM) Plot No. 4, Main Road No. 1 (South), Section No. 2 Mirpur, Dhaka-1216, Bangladesh PABX: 48032091-4, 48032097-8 FAX: 48033495 E-mail : [email protected] Web: www.bibm.org.bd Advance Level IT Manual for NCC Bank Limited Page | 2 Chapter-1 Banking Technology and Its Impact on Banking Business 1.1 Information Technology and Banking The uprising of Information Technology (IT) has ushered in a global surge in financial activity that has never been seen before. The cost of global funds transfer has been significantly reduced due to technological advancements and the development of global networks. Information technology enables banks to meet the high expectations of customers who are more demanding and technologically savvy than their previous generation. They expect to be able to bank at any time and from any location. ICT has been providing banking solutions to handle their accounting and back office needs. ICT has become the heart of the banking sector in Bangladesh now-a-days. The banking industry is the soul of every robust economy. ICT is helping the banking sector to improve its efficiency and effectiveness of services offered to customers, and boosts business processes, managerial decision making, and workgroup collaborations which strengthen their competitive positions in rapidly changing and emerging economies. Technology is and will remain fundamental to the future of banking. It provides banks with multiple and constantly emerging channels to communicate with customers and analyze their behaviors allowing smoother, more convenient and accessible channels for customers to use whilst capturing more data to continually improve on this offering. This technology also means an improvement in banks internal systems and processes, resulting in a more efficient and ultimately more profitable bank. All banks in Bangladesh have made substantial investments in ICT platforms and Information systems, and built multiple distribution channels to provide online financial services to its customers. By and large, the banks have been successful in developing state-of-the-art product features, reducing operating costs, enhancing customer service delivery and lessening inherent risks. In Bangladesh, banks have established large ATM and POST networks for providing 24/7 customer services. They offer the services to its customers like electronic payment services through virtual cash and e-cards, ATM/POS, Mobile Banking, Internet and Apps Banking etc. Advance Level IT Manual for NCC Bank Limited Page | 3 Many banks have installed POS terminals in major shops, hotels, sales centers etc. all over the country. Some of the technology-driven banks are providing internet banking channel with the inclusion of a number of customer-friendly features. The customers are now able to do banking from any place of Bangladesh at any time. The bank management are now thinking seriously to reduce administrative/operating cost for profit maximization through some initiatives/measures like optimum utilizations of IT/IS resources, reducing cash/paper-based transactions, enhancing virtual cash and digital payment, online internal communications among the employees and others stakeholders of banks through Intranet and Extranet platform. With a view to increase cashless transactions, banks are now introducing innovative digital services like Mobile Apps, QR-code payment, Digital Wallet etc. As many financial products and services directly or indirectly depend on ICT, banks have to think how to utilize IT resources efficiently and introduce innovative digital financial technology to lessen the cost; improvement of the efficiency and productivity of employees; ensuring secured, reliable and speedy internal IT operations; and how to provide better services to the modern tech-savvy customers. Otherwise, banks may face serious IT risks as well as business risks in the present competitive and digital age. 1.2 Benefits of IT in Banks Information Technology (IT) helps a bank in many ways. Now, many banks use information technology as a competitive weapon. IT is playing a key role to achieve competitive advantage. IT reduces the cost of operation and enables banks proving quality services to the customers. Today’s e-bank is different from traditional banks. Some of the benefits of e-banking are listed below: The operating cost per unit services is lower for the banks. It offers convenience to customers as they are not required to go to the bank's premises. There is very low incidence of errors. The customer can get 24×7 banking facilities. The credit cards and debit cards enable the customers to obtain discounts from retail outlets. The customer can easily transfer the funds from one place to another place electronically. Advance Level IT Manual for NCC Bank Limited Page | 4 From the discussion above, it is clear that the importance and impact of Information Technology is immense. So, it is time to embrace the benefits of IT and move forward for achieving competitive advantages. 1.3 Current status of Information technology in Banks of Bangladesh 1.3.1 IT Investment and Sector-wise IT Budget In 2016, about Tk. 1793 crore was invested for IT operations in the banking sector. Total investment up to 2019 was estimated at Tk. 42,609 crore since 1968 (considering the installation of computer at Agrani Bank in 1968, the first installation of computer in the banking sector of Bangladesh). And in 2020, around Tk. 1,666 crore was invested on IT System in the banking sector (Figure-1). It is seen that IT investment in 2020 is 39.37 percent less compared to 2019. One of the reasons for less investment in this year might be the adverse impact of the COVID-19 pandemic on local and global business, especially the banking business. Figure-1: IT Investment in Banks from 2016-2020 (In Crore BDT) 1666 2020 2478 2019 2018 2021 2017 2035 1793 2016 Source: BIBM Survey In 2020, highest portion of the IT budget was used to procure Hardware (35.6%). The amount has slightly increased compared to previous year (29.8%). Investment in Network decreased a bit (14%) in 2020 compared to 15.6% in 2019. Budget for IT Security, Training and Audit was very low in last five years, though it is slightly increased for IT Security and decreased for Training and Audit in 2020 compared to the previous year. By ignoring these three sectors, it is not possible to ensure better IT security for banks. In this year about 26% of IT expenditure was related to Software procurement and update. The rest of the budget went to power management, vehicles purchase, stationary procurement and maintenance of IT equipment (Figure-2). Advance Level IT Manual for NCC Bank Limited Page | 5 Figure-2: Distribution of IT Budget from 2016 to 2020 (% of Total Budget) 0 10 20 30 40 50 Hardware Software 2016 Network 2017 2018 Security 2019 Training 2020 Audit Others Source: BIBM Survey 1.3.2 Alternative Delivery Channels (ADCs) in Banks Bangladeshi banks have already established several ADCs to serve their customers 24 hours a day and 365 days a year. ATM service is very popular among customers as 95% banks offer this service. Internet banking, call center and agent banking are other popular ADCs. Also Banking Apps has a prominent future, as 62% banks have promoted this service for their customers (Figure-3); however, we are not habituated with some channels such as chat bot and multi-functional kiosk that are already popular in developed countries. Chat bots are being used by major banks worldwide, that allow banks to handle many customers simultaneously, and social media is a valuable tool for banks to generate brand awareness, leads, sales, and revenue. But, very few banks in our country actually used these two channels. 72 66 28 8 25 28 30 9 28 35 47 62 90 95 Figure-3: ADCs Used by Banks to Provide Online Services to Customers (% of Banks) Source: BIBM Survey Advance Level IT Manual for NCC Bank Limited Page | 6 1.3.3 Mobile Banking In Bangladesh, two types of mobile banking service are available. Unstructured Supplementary Service Data (USSD) is a menu-based service, which runs as a real-time open session between the application and end user. USSD code can be accessed on any phone, whereas the app can only be accessed on a smartphone with a running data bundle. Since the inception of MFS, the flow of money into the rural parts of Bangladesh has been increasing significantly. A high growth per year is observed in terms of number of customers, volume of transactions and number of transactions since 2015 (Table-1). Table-1: Growth of Mobile Banking from 2015 to 2020 2015 2016 2017 2018 2019 2020 No. of Approved Banks 28 19 19 19 19 19 No. of Banks Offering MFS 18 17 18 18 16 15 561,189 710,026 786,459 886,473 971,620 1,058,897 No. of Customers 31,845,658 41,078,524 58,825,414 67,519,645 79,555,079 99,336,198 No. of Active Customers 13,218,356 15,874,325 21,065,321 37,323,000 34,646,000 32,327,000 1,166.05 1,473.24 1,875.64 2,272.75 2,589.8 3,172.0 1,772.76 2,346.92 3,146.62 3,788.85 4,343.18 5,616.0 No. of Agents No. of Total Transaction (Millions) Total Transaction Amount (Billions BDT) Source: Bangladesh Bank In our country, 74% banks (providing MFS) have introduced mobile banking App. Among them, 23% banks have developed it with joint collaboration of local vendor, 44% have developed the app in-house, whereas local vendors have developed the app for remaining 33% banks. Major challenges regarding mobile banking faced by banks are summarized in Box-1. Box-1: Mobile Banking Related Problems and Challenges Customer awareness has become a very challenging task. Despite repeated alerts by banks, still a large number of customers (particularly garments female workers) share their PIN resulting fraudulent transactions afterwards. Liquidity crisis in agent points. Risk associated with carrying cash in order to ensure sufficient liquidity at different agent points (especially in rural areas). Insufficient number of mobile banking offices nationwide to provide quick customer services such as KYC processing, dispute resolution etc. Proper agent selection and monitoring mechanism. Commission of distributor and agent is very high. Limitation of Mobile Network Operators (MNOs) to provide USSD connection. Telco's charges are high. Heterogeneous fee structure for availing USSD gateway among MNO is another problem. To solve this problem App based MFS can be developed. Over the Counter (OTC) transaction is a common practice in mobile banking platform. Level playing field is not ensured for MFS providers. Advance Level IT Manual for NCC Bank Limited Page | 7 Establishing distribution channel is costly. There is no arrangement to verify two major photo IDs i.e. Passport and Driving license. Marketing and promotional cost is high. Prevention of money laundering and terrorist financing is a great challenge. Service charge for cash out is very high. Transaction limit is low. Source: BIBM Survey 1.3.4 Apps Banking The term “Apps Banking” refers to the provision of banking and financial services via means of software service, known as apps. Apps banking services are availed via instructions that are carried by server. The customer sends a customized request to the bank with predefined commands for each offered service. The server of the banks receives the request, decodes the commands and executes the instructions, if the request is found to be authorized. Apps banking service includes: balance inquiry, cheque book request, cheque leaf status, foreign currency rate, cheque stop payment instruction, statement request by courier/post, statement request by e-mail, last few transaction statement, available limit of credit card, fund transfer request, PIN (Personal Identification Number) change, utility bill payment, cash deposit alert, help inquiry etc. The following Table-4 shows the status of apps-based banking in Bangladesh. It is seen that Private Commercial Banks (PCBs) are taking the lead proving apps-based banking services. Table 4: Percentage of Having Apps Banking Platform According to Bank Type Bank Type State Owned Commercial Banks (SOCBs) Specialized Banks (SBs) Private Commercial Banks (PCBs) Foreign Commercial Banks (FCBs) Percentage 50% 0% 95% 55% Source: Website of Banks 1.3.5 Internet Banking At the end of 2020, 90% banks provided some sort of informational and transactional Internet Banking services, which was only 52% at the end of 2015. There has been a satisfactory enhancement in terms of providing Internet Banking services in our banking sector. In 2020, the number of customers and transactions were 32,45,333 and 2,44,30,983, respectively, which were 27,42,241 and 1,98,97,516, correspondingly, in the previous year. Major challenges faced by banks regarding Internet Banking are summarized in Box-2. Advance Level IT Manual for NCC Bank Limited Page | 8 Box-2: Internet Banking related Problems and Challenges Customers share their credentials to their relatives or friends. Customization of software to introduce new features. To combat with different types of cyber-attacks like Phishing, SQL injections, DOS and DDOS etc. Dependency on CBS vendor and limitation of budget for purchasing security tools and applications. Present fund transfer ceiling is a barrier for corporate customers. After introducing hardware and software-based token for 2FA, customer became dissatisfied. In case of the use of mobile SMS as 2FA, customers are receiving SMS with little bit delay and it makes customer dissatisfied. Cyber-attack and customer awareness are the major challenges for Internet Banking transactional services. Customers have lack of awareness against phishing and IP tracing to combat online frauds. Disruption in link connectivity of Web server. Customers get locked with their User ID as they forget their security credentials often. It is sometimes very hard to reset their password due to lacking of their technical knowledge. Source: BIBM Survey 1.3.6 Point of Sales Terminal (POST) POST allows making transactions, using all types of debit and credit cards. The growth of POST in Bangladesh is shown in Table-3. Table-3: Number of POST POS 2015 2016 2017 2018 2019 2020 30336 32953 37379 45896 58527 73229 Source: Economic Trend, (Feb 2021), BB Most POSTs (91.6%) are being operated in urban areas. In Dhaka city, 86% POSTs are in operation. In Bangladesh only, PCBs provide this service. In 2020, total number of transactions of POS was recorded at 2.8 crore which was 3.1 crore in previous year (2019). 1.3.7 ATM An automated teller machine (ATM) enables banks’ customers to perform transactions, like cash withdrawal, deposit, funds transfer, or inquiries about account information, at any time and without the need for direct communication with bank employee. The growth of ATM in Bangladesh is shown in Table-4. Table-4: Number of ATM 2015 2016 2017 2018 ATM 7839 9019 9522 2019 2020 10355 10924 11923 Source: e-Banking and e-Commerce Statistics Unit, (July 2021), BB Advance Level IT Manual for NCC Bank Limited Page | 9 According to BB, in December, 2020 SOCBs have only 288 ATMs, whereas PCBs have 11,635 ATMs. In fact, PCBs own more than 96% of total ATMs in Bangladesh. It is mentionable that 46.9% ATMs is set up by the DBBL alone. Card skimming and ATM frauds have been increasingly occurring in our country. To prevent card fraud, BB advised banks to convert all magnetic cards into EMV compliant chip card and setup anti-skimming device in all ATMs. 94.5% ATMs were EMV compliant at the end of 2020. Also, at the same time about 96.5% ATMs were equipped with Anti-Skimming device, which is a positive sign. Major challenges faced by banks regarding ATM banking are summarized in Box-3. Box-3: ATM Banking Related Problems and Challenges Plastic cards of all banks are not EMV (Europay, MasterCard and Visa) protected. So, when a card holder of a protected bank uses the card in an unprotected bank’s ATM, there is a scope of fraud. Inter-bank transaction fee for ATMs is a barrier. This charge should be minimized. Need to create more awareness among customers to combat ATM and card frauds. Ensuring 24/7 power supply with the proper backup of UPS especially in rural and semi urban areas. Unavailability of suitable ATM sites and exorbitant rent for existing and prospective sites. Some banks take more time to resolve dispute. After introducing NPSB, it is slightly reduced. All POSTs are not EMV compliant. If Chip/EMV technology is introduced both in ATM and POST, fraud/forgery might be prevented to a great extent. Frequent Link down and Link up time. Unlike VISA/Master Card, proprietary debit card doesn't have NPSB logo on card and POS, which creates confusion for the customer and merchant. As a result, merchants are not accepting proprietary debit card at their POS. Banks should install anti-skimming and PIN shield in ATMs. The challenge banks face is to cope up with rapidly changing technology which the skimmers use to attack ATMs. Proper monitoring of off-site ATM, especially those located at remote location. Poor service quality of existing security companies and guards. They do not perform their duties properly. Source: BIBM Survey 1.3.8 Cash Recycler Machines (CRM) and Cash Deposit Machine (CDM) New types of ATMs are now revolutionizing the banking industry. These machines, called CRMs, are designed to recycle deposited cash for use in subsequent withdrawal transactions. The benefit of deploying a CRM is enhanced efficiency – both in terms of operations as well as costs, consistent and reliable counting of cash. Currency-recycling technology allows cash to be accepted, validated, sorted, stored and dispensed at a later time, cutting down the need for daily monitoring and replenishment, while offering greater quality control and the ability to make automatic, real-time deposits. Only 28% banks in Bangladesh installed CRMs and 780 CRMs has been installed by these banks in 2020, increasing from 254 in 2019, which shows a Advance Level IT Manual for NCC Bank Limited Page | 10 huge growth. In 2020, 6231.7 crore Tk. was transacted through CRM and number of transactions was 9649175. Using CDM (Cash Deposit Machine), customers can deposit money in real-time and get instant reflections of the transaction with an instant notification message. In 2020, only 47% banks in Bangladesh installed CDMs and there were 1648 CDMs in the market which was 1407 in 2019. One point worth mentionable that, only 30% CDMs are installed in rural areas. 1.3.9 Status of Plastic card Currently 53 banks are offering various types of cards including debit, credit and prepaid card. The following table shows the current status of card business in Bangladesh. It is clearly seen that among all categories of cards Private Commercial Banks (PCBs) have highest number of cards. Although, foreign banks dominate the credit card market of Bangladesh. Table-5: Status of Plastic Card Bank Type SCBs SBs PCBs FCBs Total Credit Cards 8752 0 1454952 136119 1599823 Debit Cards 509466 7362 18535950 325013 19377791 Prepaid Cards 24068 0 386491 121437 531996 Total 542286 7362 20377393 582569 21509610 Source: Economic Trend, (July, 2020), BB 1.3.10 Core Banking Software (CBS) Core Banking Software plays a key role for running online banking business. Bank Ultimus (16%), Temenos T24 (14%), Flexcube and Flora Bank (by 13% each) are widely used by the banks in Bangladesh. I-Stelar, MiSys and Ababil are some other popular software used by our banks (Table-6). Table-6: List of Banking Software in the Market in 2020 S. No. 1 2 3 4 5 6 7 8 9 10 11 12 13 CBS Ababil Bank Ultimus Electronic and Integrated banking System (eIBS) Electronic Basic Banking System (eBBS) Finacle Flexcube/UBS Flora Bank HSBC Universal Banking Infinity Banking System (Not CBS) Intellect Core Banking System International Comprehensive Banking System iSmart iStellar Advance Level IT Manual for NCC Bank Limited Types of CBS % of Banks Local 5.4 Local 16.1 In-House 1.8 In-House 1.8 Foreign 5.4 Foreign 12.5 Local 12.5 In-House 1.8 Local 1.8 Joint Venture 3.6 Foreign 1.8 Foreign 1.8 Joint Venture 7.1 Page | 11 14 15 16 17 18 19 20 Kastle Core Banking Solution Misys Equation Pubali Integrated Banking System (PIBS) Silverlake Temenos T24 Winfos TCS Banking Solution Foreign Foreign In-House Foreign Foreign Foreign Foreign 1.8 5.4 1.8 1.8 14.3 1.8 1.61 Source: BIBM Survey 1.4 Current Status of IT Based products and Services of NCC Bank Limited National Credit and Commerce Bank Limited (NCCBL) bears a unique history of its own. The organization started its journey in the financial sector of the country as an investment company back in 1985. The aim of the company was to mobilize resources from within and invest them in such way so as to develop country's Industrial and Trade Sector and playing a catalyst role in the formation of capital market as well. Its membership with the browse helped the company to a great extent in these regards. The company operated upto 1992 with 16 branches and thereafter with the permission of the Central Bank converted into a full-fledged private commercial Bank in 1993 with paid up capital of Tk. 39.00 crore to serve the nation from a broader platform. Since its inception NCC Bank Ltd. has acquired commendable reputation by providing sincere personalized service to its customers in a technology-based environment. The Bank has set up a new standard in financing in the Industrial, Trade and Foreign exchange business. Its various deposit & credit products have also attracted the clients-both corporate and individuals who feel comfort in doing business with the Bank. Information technology is one of the most priority areas for NCCBL. It invested more than Tk 100 crore for the development of its ICT infrastructure from its inception. In last year (2021) the bank invested approximately Tk 13 crore for the development of its ICT. However, the consistent investment in IT takes the bank in a different level. IT investment report of the bank shows that it basically invests in the area of hardware, software, network, information security and so on. The bank has a competent and strong IT team headed by a Head of IT (HoIT). Currently, 58 employees are working restlessly to ensure an uninterrupted ICT infrastructure of the bank. Most of the IT employees work in branch and zonal IT support. A good number of employees continuously monitoring and updating the security system of the bank. IT employees also work in the head office development team, IT audit, DC/DRS management, ADC system Advance Level IT Manual for NCC Bank Limited Page | 12 development and ADC operation, promotion and marketing. Till December 2021, the bank has 1950 CBS terminal, 2022 PCs and 223 servers. The bank uses number of Alternative Delivery Channels (ADCs) to facilitate customers. Among various services Internet Banking, Cards, ATMs, POS, and CRM are remarkable. The bank has more than eight thousand internet banking (IB) users. In last year (2021), approximately Tk 52 crore were transected using IB facilities by the customers. The bank has 57936 debit cards and 21987 credit cards respectively till December 2021. All together card users made a transaction volume of approximately Tk 60 crore. It is to be noted that all cards are chip based. However, to provide 24/7 banking facilities the bank has 136 ATMs, 74 POS terminal and 8 Cash Recycler Machines. All the ADCs are doing good in terms of number of transactions and volume of transactions. NCC bank uses Flora Bank, fully Web based, as its core banking software. The CBS has been provided by Flora Systems Limited. Other than CBS, the bank uses more than 40 application software for smooth operation. Among them Structural Liquidity, Remittance API, Corporate Payment Portal, LC Transmission SMS to customer, Credit Card Bill Payment Solution, Document Archiving, Transaction Monitoring, SWIFT Message Processing System, Sanction Screening etc. are remarkable. The bank has a strong database management system for managing data. It is also seen that the bank has a separate MIS division which helps report preparation and decision making. However, the bank did not introduce data mining and data analytics tools for analyzing large data set. Data mining and data analytics may help bank analyzing large volume of data and find various pattern for decision making. The Data Centre of NCC bank is located in NCCBL Head Office, Motijheel whereas the Disaster Recovery Site (DRS) is located in Gulshan-2, Dhaka. The bank has high speed multiprotocol labeling switching network, clustered servers, virtualized server environments, precision cooling systems, and central UPS backed by standby generators. Note: The above information is based on the data up to December 2021 Advance Level IT Manual for NCC Bank Limited Page | 13 Chapter-2 Fundamentals of Data Communication and Computer Network 2.1 Introduction Data Communication is defined as exchange of data between two devices via some form of transmission media such as a cable, wire or it can be air or vacuum also. For occurrence of data communication, communicating devices must be a part of communication system made up of a combination of hardware or software devices and programs. Computer networks are essential to modern organizations for many reasons. First, networked computer systems enable organizations to become more flexible so that they can adapt to rapidly changing business conditions. Second, networks allow companies to share hardware, computer applications, and data across the organization and among different organizations. Third, networks make it possible for geographically dispersed employees and workgroups to share documents, ideas, and creative insights. This sharing encourages teamwork, innovation, and more efficient and effective interactions. In addition, networks are a critical link between businesses, their business partners, and their customers. 2.2 Data Communication System Components There are mainly five components of a data communication systems which are Message, Sender, Receiver, Transmission Medium, Set of rules (Protocol). Above mentioned elements are described below: Figure – Components of Data Communication System Advance Level IT Manual for NCC Bank Limited Page | 14 Message: This is the most useful asset of a data communication system. The message simply refers to data or piece of information which is to be communicated. A message could be in any form, it may be in form of a text file, an audio file, a video file, etc. Sender: To transfer message from source to destination, someone must be there who will play role of a source. Sender plays part of a source in data communication system. It is simple a device that sends data message. The device could be in form of a computer, mobile, telephone, laptop, video camera, or a workstation, etc. Receiver: It is destination where finally message sent by source has arrived. It is a device that receives message. Same as sender, receiver can also be in form of a computer, telephone mobile, workstation, etc. Transmission Medium: In entire process of data communication, there must be something which could act as a bridge between sender and receiver, Transmission medium plays that part. It is physical path by which data or message travels from sender to receiver. Transmission medium could be guided (with wires) or unguided (without wires), for example, twisted pair cable, fiber optic cable, radio waves, microwaves, etc. Set of Rules (Protocol): To govern data communications, various sets of rules had been already designed by the designers of the communication systems, which represent a kind of agreement between communicating devices. These are defined as protocol. In simple terms, the protocol is a set of rules that govern data communication. If two different devices are connected but there is no protocol among them, there would not be any kind of communication between those two devices. Thus, the protocol is necessary for data communication to take place. A typical example of a data communication system is sending an e-mail. The user which send email act as sender, message is data which user wants to send, receiver is one whom user wants to send message, there are many protocols involved in this entire process, one of them is Simple Mail Transfer Protocol (SMTP). The Simple Mail Transfer Protocol (SMTP) is an internet standard communication protocol for electronic mail transmission. Both sender and receiver must have an internet connection which uses a set of medium to send and receive email. Advance Level IT Manual for NCC Bank Limited Page | 15 2.3 Data Communication Media and Transmission Speed The term ‘Data Communication Media’ means the medium of transmitting and receiving information. For transferring data and information, it is required for organizations to ensure the flow of information, security, and speed of transmission. 2.3.1 Bandwidth: Transmission Speed The total amount of digital information that can be transmitted through any telecommunications medium is measured in bits per second (bps). One signal change, or cycle, is required to transmit one or several bits; therefore, the transmission capacity of each type of telecommunications medium is a function of its frequency. The number of cycles per second that can be sent through that medium is measured in hertz - one hertz is equal to one cycle of the medium. The range of frequencies that can be accommodated on a particular telecommunications channel is called its bandwidth. The bandwidth is the difference between the highest and lowest frequencies that can be accommodated on a single channel. The greater the range of frequencies, the greater the bandwidth and the greater the channel’s transmission capacity. 2.3.2 Transmission Media Networks use different kinds of physical transmission media, including twisted pair wire, coaxial cable, fiber optic cable, and media for wireless transmission. Each has advantages and limitations. A wide range of speeds is possible for any given medium, depending on the software and hardware configuration. The following section covers various types of transmission media. Twisted Pair: The most prevalent form of communications wiring - twisted-pair wire - is used for almost all business telephone wiring. As the name suggests, it consists of strands of copper wire twisted in pairs. Twisted-pair wire is relatively inexpensive to purchase, widely available, and easy to work with. However, it also has some significant disadvantages. Specifically, it is relatively slow for transmitting data, it is subject to interference from other electrical sources, and it can be easily tapped by unintended receivers to gain unauthorized access to data. Advance Level IT Manual for NCC Bank Limited Page | 16 Coaxial Cables: Coaxial cable consists of insulated copper wire. Compared with twisted-pair wire, it is much less susceptible to electrical interference, and it can carry much more data. For these reasons, it is commonly used to carry high-speed data traffic as well as television signals (thus the term cable TV). However, coaxial cable is more expensive and more difficult to work with than twistedpair wire. It is also somewhat inflexible. Fiber Optic: Fiber-optic cable consists of thousands of very thin filaments of glass fibers that transmit information via light pulses generated by lasers. The fiber-optic cable is surrounded by cladding, a coating that prevents the light from leaking out of the fiber. Fiber-optic cables are significantly smaller and lighter than traditional cable media. They also can transmit far more data, and they provide greater security from interference and tapping. As of early-2015, optical fiber had reached data transmission rates of more than 50 trillion bits (terabits) per second in laboratory experiments. Fiber-optic cable is typically used as the backbone for a network, whereas twisted-pair wire and coaxial cable connect the backbone to individual devices on the network. Microwave: Microwave works by sending and receiving high-frequency radio waves, which may carry speech, video, and data. Microwave connections are commonly utilized for pointto-point communications because their short wavelength permits narrow beams to be directed directly at the receiving antenna. Unlike lower frequency radio waves, microwave devices can utilize the same frequencies without interfering. Microwave is a high-frequency (300 MHz–300 GHz) signal sent through the air. Terrestrial (Earth-bound) microwaves are transmitted by line-of-sight devices, so the line of sight between the transmitter and receiver must be unobstructed. Typically, microwave stations are placed in a series - one station receives a signal, amplifies it, and retransmits it to the next microwave transmission tower. Such stations can be located roughly 30 miles apart before the curvature of the Earth makes it impossible for the towers to “see” one another. Microwave signals can carry thousands of channels at the same time. Because they are line-of-sight transmission Advance Level IT Manual for NCC Bank Limited Page | 17 devices, microwave dishes are frequently placed in relatively high locations, such as mountains, towers, or tall buildings. Communication Satellites: A communication satellite also operates in the microwave frequency range. The satellite receives the signal from the Earth station, amplifies the relatively weak signal, and then rebroadcasts it at a different frequency. The advantage of satellite communications is that satellites can receive and broadcast over large geographic regions. Such problems as the curvature of the Earth, mountains, and other structures that block the line- ofsight microwave transmission make satellites an attractive alternative. Geostationary, lowEarth orbit, and small mobile satellite stations are the most common forms of satellite communications. A geostationary satellite orbits the Earth directly over the equator, approximately 22,300 miles above the Earth, so that it appears stationary. A very small aperture terminal (VSAT) is a satellite ground station with a dish antenna smaller than 3 meters in diameter. Figure: Satellite Communication Advance Level IT Manual for NCC Bank Limited Page | 18 2.4 Network Devices Network devices can be defined as physical devices that are necessary for the communication and interaction between computer hardware on a computer network. Physical devices, networking hardware, and network equipment are some other names of network devices. Each network device has a certain job to perform in a computer network, and those roles vary depending on the segment in which the device is located. Network devices, or network equipment, are a variety of electrical devices used in networking. Network devices are primarily used in a computer network to send and receive data swiftly and securely between computers, fax machines, printers, and other devices of the same kind. Here, we'll take a look at the basics of network devices and how they function. Some common network devices are NIC, Hub, Router, Switch, Bridge, Gateway, and NOS. They are described in a brief below: NIC or Network Interface Card: Network Interface Card is a hardware device that is installed on the computer so that it can be connected to the internet. It is also called Ethernet Card or Network Adapter. Every NIC has a 48-bit unique serial number called a MAC address which is stored in ROM carried on the card. Every computer must have at least one NIC if it wants to connect to the internet. Modem: Modem stands for modulator-demodulator. It is a device that converts analog telephone connections into digital and vice versa. Computers use digital signals and require a modem to convert these digital signals into analog signals that can be sent over (or received from) telephone lines, cable lines, or wireless media that use analog signals. Hub: A hub is a networking device used to connect multiple devices directly to the network using cables. Each connection is called a 'port.' The connections typically consist of a fiber optic Ethernet cable. When the hub receives data at one of its ports, it distributes the data to the other ports in the network. Typically, a hub sends all the data it receives to all the other ports. Switch: Switches tend to be more intelligent than hubs in most cases. Switches contain many ports to connect different network segments. They are similar to hubs, but offer greater performance. When a network contains a large number of devices, switches are needed instead of hubs to make sure the communications between devices do not slow down. Contrary to hubs, switches send the data it receives only to specific ports. Advance Level IT Manual for NCC Bank Limited Page | 19 Router: A router is a networking device that forwards data packets between computer networks. Routers perform the traffic directing functions on the Internet. Data sent through the internet, such as a web page or email, is in the form of data packets. A packet is typically forwarded from one router to another router through the networks that constitute an internetwork (e.g. the Internet) until it reaches its destination node. In telecommunications networks, a node is either a redistribution point or a communication endpoint. Bridge: Bridges are networking devices that divide up the network into different segments to manage the amount of traffic. This prevents unnecessary traffic from entering other parts of the network and reduces congestion. As a network becomes more complex, bridges make sure your network speed doesn't drop dramatically. Gateway: A computer that sits between different networks or applications. The gateway converts information, data or other communications from one protocol or format to another. A router may perform some of the functions of a gateway. An Internet gateway can transfer communications between an enterprise network and the Internet. Because enterprises often use protocols on their local-area networks (LANs) that differ from those of the Internet, a gateway will often act as a protocol converter so that users can send and receive communications over the Internet. Network Operating Systems (NOS): A network operating system (NOS) is systems software that controls the computer systems and devices on a network and allows them to communicate with each other. The NOS performs similar functions for the network as operating system software does for a computer, such as memory and task management and coordination of hardware. When network equipment (such as printers, plotters, and disk drives) is required, the NOS makes sure that these resources are used correctly. Novell NetWare, Windows 2000, Windows 2003, and Windows 2008 are common network operating systems. Advance Level IT Manual for NCC Bank Limited Page | 20 The following figure shows the use of various networking devices to establish a complete network system. 2.5 Concepts of Client-Servers System In client/server architecture, multiple computer platforms are dedicated to special functions, such as database management, printing, communications, and program execution. These platforms are called servers. Each server is accessible by all computers on the network. Servers can be computers of all sizes; they store both application programs and data files and are equipped with operating system software to manage the activities of the network. The server distributes programs and data to the other computers (clients) on the network as they request them. An application server holds the programs and data files for a particular application, such as an inventory database. A client is any computer (often a user’s personal computer) that sends messages requesting services from the servers on the network. A client can converse with many servers concurrently. For example, a user at a personal computer initiates a request to extract data that resides in a database somewhere on the network. A data request server intercepts the request and determines on which database server the data resides. The server then formats the user’s request into a message that the database server will understand. When it receives the message, the database server extracts and formats the requested data and sends the results to the client. The database server sends only the data that satisfies a specific query - not the entire file. Advance Level IT Manual for NCC Bank Limited Page | 21 Figure: Client Server Architecture 2.6 Types of Networks There are various types of Computer Networking options available. The classification of network in computers can be done according to their size as well as their purpose. The size of a network should be expressed by the geographic area and number of computers, which are a part of their networks. It includes devices housed in a single room to millions of devices spread across the world. Following are the popular types of Computer Network: Personal Area Network or PAN: A personal area network (PAN) is a wireless network that connects information technology devices close to one person. With a PAN, you can connect a laptop, digital camera, and portable printer without cables. You can download digital image data from the camera to the laptop and then print it on a high-quality printer—all wirelessly. Additionally, a PAN enables data captured by sensors placed on your body to be transmitted to your smartphone as input to applications that can serve as calorie trackers, heart monitors, glucose monitors, and pedometers. Local Area Network or LAN: If you work in a business that uses networking, you are probably connecting to other employees and groups via a local area network. A local area network (LAN) is designed to connect personal computers and other digital devices within a half-mile or 500-meter radius. LANs typically connect a few computers in a small office, all the computers in one building, or all the computers in several buildings in close proximity. LANs also are used to link to long-distance wide area networks (WANs, described later in this section) and other networks around the world, using the Internet. Advance Level IT Manual for NCC Bank Limited Page | 22 Metropolitan Area Network or MAN: A metropolitan area network (MAN) is a network that spans a metropolitan area, usually a city and its major suburbs. Its geographic scope falls between a WAN and a LAN. Wide Area Network or WAN: Wide area networks (WANs) span broad geographical distances—entire regions, states, continents, or the entire globe. The most universal and powerful WAN is the Internet. Computers connect to a WAN through public networks, such as the telephone system or private cable systems, or through leased lines or satellites. 2.7 Internet and Web Technologies The Internet (“the Net”) is a global WAN that connects approximately one million organizational computer networks in more than 200 countries on all continents, including Antarctica. As a network of networks, the Internet enables people to access data in other organizations and to communicate, collaborate, and exchange information seamlessly around the world, quickly and inexpensively. Thus, the Internet has become a necessity for modern businesses. No central agency manages the Internet. Intranet and Extranet Today, Internet technologies are being used both within and among organizations. An Intranet is a network that uses Internet protocols so that users can take advantage of familiar applications and work habits. Intranets support discovery (easy and inexpensive browsing and search), communication, and collaboration inside an organization. In contrast, an Extranet connects parts of the intranets of different organizations. In addition, it enables business partners to communicate securely over the Internet using virtual private networks (VPNs) (explained in IT Security Chapter). Extranets offer limited accessibility to the intranets of participating companies, as well as necessary interorganizational communications. They are widely used in the areas of business-to-business (B2B) electronic commerce and supply chain management (SCM). Advance Level IT Manual for NCC Bank Limited Page | 23 World Wide Web (WWW): Many people equate the Internet with the World Wide Web. However, they are not the same thing. The Internet functions as a transport mechanism, whereas the World Wide Web is an application that uses those transport functions. Other applications, such as e-mail, also run on the Internet. The World Wide Web (The Web, WWW, or W3) is a system of universally accepted standards for storing, retrieving, formatting, and displaying information via a client/server architecture. The Web handles all types of digital information, including text, hypermedia, graphics, and sound. It uses graphical user interfaces (GUIs), so it is very easy to navigate. Some common terminologies related to Internet and WWW. Internet Protocol (IP) Address: Addresses on the Internet. Each computer on the Internet has an assigned address, called the Internet Protocol (IP) address, that distinguishes it from all other computers. The IP address consists of sets of numbers, in four parts, separated by dots. For example, the IP address of one computer might be 135.62.128.91. You can access a Web site by typing this number in the address bar of your browser. IP addresses must be unique so that computers on the Internet know where to find one another. Web Browser: A web browser is a piece of software that allows you to surf the internet (World Wide Web). It acts as a conduit between the server and the client, allowing requests for web pages and services to be sent to the server. Web Server: A web server is used for locating and managing stored web pages. It locates the web pages a user requests on the computer where they are stored and delivers the web pages to the user’s computer. Server applications usually run on dedicated computers. The most common web server in use today is Apache HTTP Server, followed by Microsoft Internet Information Services (IIS). Apache is an open source product that is free of charge and can be downloaded from the web. Web Page: A web page (or webpage) is a hypertext document provided by a website and displayed to a user in a web browser. A website typically consists of many web pages linked together in a coherent fashion. The name "web page" is a metaphor of paper pages bound together into a book. A URL address may be entered into a browser's address bar to view a web page. URL stands for Uniform Resource Locator. A URL is nothing more than the address of a given unique resource on the Web. Text, pictures, and linkages to other websites and files may all be found on a web page. Advance Level IT Manual for NCC Bank Limited Page | 24 Web Site: A website, is a collection of web pages and associated material with a shared domain name and published on at least one web server. The World Wide Web is made up of all publicly accessible websites. Private websites, such as a company's internal website for its workers, may only be viewed over a private network. Web Development: The term "web development" refers to the process of constructing, producing, and managing websites. It comprises features such as website design, online publishing, web development, and database administration. Web development has two different phases and they are frontend development and backend development. Frontend refers to the component of a website with which a visitor may directly interact. Also known as "the client side," it's where users interact with the program. Some languages are required for front-end development such as CSS, HTML, JavaScript, AJAX, and so forth. The server side of a website is known as the backend. It is a section of the website that visitors are unable to view or interact with. It's the part of the program that doesn't interact with users directly. It is used to organize and store data. PHP, Node.js, Python, Ruby, C#, C++ Java, JavaScript, and so forth are some programming languages that are required for backend development. Now that you have a working knowledge of what networks are and how you can access them, The Internet enables users to access or discover information located in databases all over the world. By browsing and searching data sources on the Web, users can apply the Internet’s discovery capability to areas ranging from education to government services to entertainment to commerce. Although having access to all this information is a great benefit, it is critically important to realize that there is no quality assurance for information on the Web. The Web is truly democratic in that anyone can post information to it. Therefore, the fundamental rule about information on the Web is “User beware!” Sample Questions: 1. What is computer network? Briefly discuss different types of communication media used in a bank network. 2. Make a list of networking devices used for designing whole network system of a bank. 3. Distinguish among Internet, Intranet and Extranet. 4. Briefly discuss about various components of a telecommunication systems. 5. Write short note on: WWW, Web Development, Client server system. Advance Level IT Manual for NCC Bank Limited Page | 25 Chapter-3 Electronic Banking Infrastructure 3.1 Alternative Delivery Channels in Banking Sector Change in banking sector has not only led to increase in the needs of the people but also it has changed shape of human life. Various alternative delivery channels in banking sector have changed day to day operation of the bank. With introduction of computer and internet facility in banking industry, all banks have adopted core banking solution (CBS) platform to deliver banking service. The use of internet and smartphone changed the physical appearance of the banking industry. Alternative Delivery Channel (ADC) means that channels which act as intermediaries between bank and customer and leads to expand movement and execution of banking services. These channels may be media, tools or any application through which customer can perform their banking operations. From banks point of view these Alternative Delivery channels will help bank to reach wild range of customer across the country. Also, banks get higher points with lower operational and transaction cost. Digital banking and electronic banking are the most performing area of this Alternative Delivery Channel (ADC). With the help of these alternative delivery channels in banking sector, all the banks try to bring the banking service to every individual with object to provide 24x7 banking and providing banking system to unbanked. 3.1.1 Different Types of Alternative Delivery Channels Now a day most of the customers are moving out of branch banking to other channels. Considering the use of internet, smartphone and mobiles provides suitable options for online purchase which encourages customer to use online banking facilities. Using these channels customer can do his banking transaction from his home, office and any other place. All the channels are contributing to increase productivity of banking system. The alternative delivery channels in banking sector includes Internet Banking, Mobile Banking, E-Wallet, ATM, CRM, CDM, POST, Call Center, KIOSK, Mobile Apps/E-Wallet, Chatbot, etc. Automated Teller Machine (ATM): An automated teller machine (ATM) is an electronic banking outlet that allows customers to complete basic transactions without the aid of a branch representative or teller. Anyone with a credit card or debit card can access cash at most ATMs. ATMs are convenient, allowing consumers to perform quick self-service transactions such as deposits, cash withdrawals, bill payments, and transfers between accounts. Fees are commonly Advance Level IT Manual for NCC Bank Limited Page | 26 charged for ATM services. Some or all of these fees can be avoided by using an ATM operated directly by the bank that holds the account. Although the design of each ATM is different, they all contain the same basic parts: Card Reader: This part reads the chip on the front of the card or the magnetic stripe on the back of the card. Keypad: The keypad is used by the customer to input information, including personal identification number (PIN), the type of transaction required, and the amount of the transaction. Cash Dispenser: Bills are dispensed through a slot in the machine, which is connected to a safe at the bottom of the machine. Printer: If required, consumers can request receipts that are printed here. The receipt records the type of transaction, the amount, and the account balance. Screen: The ATM issues prompts that guide the consumer through the process of executing the transaction. Information is also transmitted on the screen, such as account information and balances. Cash Deposit Machine: The Cash Deposit Machine (CDM) is an ATM like machine that allows you to deposit cash directly into your account. You can use this machine to instantly credit your account without visiting the branch. The transaction receipt also gives you your updated account balance. Instant money credit anytime of the day throughout the week is one of the most remarkable features of Cash Deposit Machine. Benefits of Cash Deposit Machine Self-service terminal and doesn’t require any bank official. Instant money credit in your bank account. Save time by avoiding queues and skipping form filling processes. Receive deposit receipt immediately. Not necessary to segregate your denominations. Point-of-Sale Terminal: A point-of-sale (POS) terminal is a hardware system for processing card payments at retail locations. Software to read magnetic strips of credit and debit cards is embedded in the hardware. Portable devices (i.e., not terminals anchored to a counter), either proprietary or third-party, as well as contactless capabilities for emerging forms of mobile payments, represent the next generation of POS systems. Advance Level IT Manual for NCC Bank Limited Page | 27 Kiosk Banking: Kiosk are small booths with internet connections established in villages with personnel to help the customers avail basic bank services. Most mainstream banks in all the sectors, private, public and cooperative, open a kiosk for the people. The services provided are usually withdrawals, deposits, remittances, etc. The kiosks act as a touchpoint for the banks and the people. When requests are initiated in the kiosk, usually like the opening of a bank account or request for making a deposit, they are transferred to the nearest branch which processes it. Financial inclusion through kiosk banking is essential for ensuring financial security of all citizens of the country, regardless of who they are and where they reside in the country. In kiosk banking, because of the lack of bank branches, the customer cannot go to the bank. Instead, the bank comes to the area to process transactions, allow credit, and enable access of these services to low income groups. Internet Banking: Nowadays, Alternative Delivery Channels (ADCs) are gaining popularity in the banking domain. However, beyond all technologies, Internet Banking is the most powerful real time online banking with least cost. An Internet Banking account is simple to open and easy to operate. It's convenient, because customers can easily pay any kind of bills without standing in a long queue and transfer funds between accounts from nearly anywhere in the world. Also, customers do not have to keep receipts of all of their bills, as they can now easily view transactions. It is available all the time. Account holders can perform account related tasks from anywhere and at any time, even at night or on holidays when the bank is closed. The only thing needs to have is an active Internet connection. It is fast and efficient. Funds get transferred from one account to the other very fast. Users can keep an eye on their transactions and account balance all the time. Customers no longer need to get passbooks updated to know their total account balance. Internet Banking helps in maintaining genuine records and aids security to the customers. Customers can get to know about any fraudulent activity or threat to their account before it can pose any severe damage. It's a great medium for the banks to endorse their products and services. More online services include loans and investment options. While Internet Banking has many positives, there are also a few cons. Understanding the usage of Internet Banking might be difficult at the first. So, a person who is new to technology might face some difficulties. Users cannot have access if they don’t have an Internet connection; thus, without the availability of Internet access, it may not be useful. Security of transactions is a big issue. Account information might get hacked by unauthorized people over the Internet. If the Advance Level IT Manual for NCC Bank Limited Page | 28 bank’s server is down, then users cannot access their accounts. Due to the loss of net connectivity or a slow connection, then it might be hard to know if the transaction went through. A customer might get overly marketed too and become annoyed by notifications. Though, these can easily be turned off. One might become annoyed by constant emails and updates. There are three types of Internet Banking: informational, communicative and transactional. Informational Internet Banking is a fundamental level of banking. It does not allow patrons to view or maintain accounts, nor does it allow for communication between the financial institution and customers. It simply means the bank offers basic information about its products and services, much like a booklet. This is meant for marketing purposes only, and there is no connection to the bank's main computer systems. Communicative Internet Banking permits for some communication between the client and bank. However, this is typically restricted to fundamental interactions such as account inquiries, new account updates, loan or mortgage applications, contact information updates and balances. It may connect with the bank's main computer systems. Transactional Internet Banking is the most popular online banking type. It offers all of the benefits of a traditional brick-and-mortar organization. This includes full control over customers’ accounts—deposits, withdrawals, transfers, updates and online payments. Mobile Financial Services (MFS): The financial sector in Bangladesh is continuously growing in response to the evolving needs of the growing economy. Despite impressive gains in capital base, per capita income and other areas, the financial sector remains lagging in reaching out with adequate financial services for economic activities of low income rural and urban population in Bangladesh. Rapid expansion of mobile phone users, modernization of payments and financial system based on IT infrastructure, country-wide reach of mobile operators’ network have opened up the opportunities for innovating cost efficient and prompt Mobile Financial Services (MFS) especially for the underserved, un-banked/under-banked and low-income group of population. Agent Banking: Agent Banking is an alternate delivery channel of banking services through engaged agents under a valid agency agreement, rather than a teller/ cashier. It is the owner of an outlet who conducts banking transactions on behalf of a bank. Globally these retailers are being increasingly utilized as important distribution channels for financial inclusion. Bangladesh Bank has introduced agent banking in the country in 2013. The main purpose is to provide a safe, limited scale banking and financial services to the under-privileged, underAdvance Level IT Manual for NCC Bank Limited Page | 29 served population who generally live in geographically remote location that are beyond the reach of the traditional banking networks as well as existing bank customer. Banks can deliver a variety of banking services including savings, loans, remittances, and various payment services (such as utility bills, taxes, government transfer benefits) to the customers through an agent. This model is thus, gaining popularity as a cost-effective delivery channel as well as a convenient way of providing banking services going proximate to the mass people who would otherwise have remained unbanked due to distant location. Banking App/E-Wallet: A banking app is a mobile app where you can access the details of your bank account and complete transactions directly from your phone, tablet, or mobile device. Based on the bank you're accessing, you'll be able to complete a variety of actions via your banking app. In today’s age of smart phones, young generation is preferring e-wallet instead of their ATM and Debit card. E-wallet has become a great option for cashless payment. E-wallet is also known as Digital wallet and it is electronic software or online service that allows you to transfer fund electronically to other. It also facilitates storage of entire information of your bank account and reduces the need to enter account detail at the time of online payment. For this, the customer has to install the e-wallet application and link it with his own bank account, after which the customer can make any type of payment through that wallet. Call Center: Open lines of communication is basic requirement for institutions that handle someone’s money. Customers need the feeling of control and financial security. So, operators of a bank should give the customer care. Call centers serve various purposes for a bank: provide information, conduct transactions, or submit enquiries 365 days a year, 24 hours a day, 7 days a week. The other major reason is operating costs reduction. Bank call center should call potential customers, conduct surveys, review products, and launch advertising campaigns. The call center managers initiate these services, their job is to decide the way agents call to customers. These calls are used to promote a new product or service. One more outbound calls purpose is the customer's education. The agents need to tell the customers the importance of accounts security, and what to do in case of fraudulent activities etc. It is not the secret that modern banks use not only human interface, but also Interactive Voice Response (IVR). Calls can be taken by the IVR in several languages. It provides certain banking services without requiring them to speak to an agent. IVR helps financial sphere to automate the handling up to 85% of all inquiries. Advance Level IT Manual for NCC Bank Limited Page | 30 Call Center Services Provided by Banks Inquires (financing programs, account balance, banking services, transactions, general product information) Transfers (send and receive, issue in local or foreign currencies) Payments (credit card bills, other bills) Reporting (complaint, about lost card, cheque book request, receipt note) Processing (mortgage, loan applications, PIN Authentication, PIN Change) Informing (branch locations, currency exchange rates) Activation (credit and debit card, account) Other (sales, SMS-banking) etc. Chatbot: At the most basic level, a chatbot is an AI (Artificial Intelligence) based computer program that simulates and processes human conversation (either written or spoken), allowing humans to interact with digital devices as if they were communicating with a real person. They are also known as digital assistants that understand human capabilities. Bots interpret the user intent, process their requests, and give prompt relevant answers. Bots can communicate through voice as well as text and can be deployed across websites, applications, and messaging channels such as Facebook Messenger, Twitter, or Whatsapp. Chatbots work by analyzing and identifying the intent of the user’s request to extract relevant entities, which is the most important task of a chatbot. Once the analysis is done appropriate response is delivered to the user. Advance Level IT Manual for NCC Bank Limited Page | 31 3.2 Data Center A data center is a building, a dedicated space within a building, or a group of buildings used to house computer systems and associated components, such as telecommunications and storage systems. A data center is a facility that centralizes an organization's shared IT operations and equipment for the purposes of storing, processing, and disseminating data and applications. Because they house an organization's most critical and proprietary assets, data centers are vital to the continuity of daily operations. Data center design includes routers, switches, firewalls, storage systems, servers, and application delivery controllers. Because these components store and manage business-critical data and applications, data center security is critical in data center design. A data center has to offer a secure environment that minimizes the chances of a security breach. A data center must, therefore, keep high standards for assuring the integrity and functionality of its hosted computer environment. Since IT operations are crucial for business continuity, it generally includes redundant or backup components and infrastructure for power supply, data communication connections, environmental controls (e.g., air conditioning, fire suppression), and various security devices. 3.2.1 Primary Elements of a Data Center The primary elements of a data center are as follows: Facility – the usable space available for IT equipment. Providing round-the-clock access to information makes data centers some of the world’s most energy-consuming facilities. Design to optimize space and environmental control to keep equipment within specific temperature/humidity ranges are both emphasized. Advance Level IT Manual for NCC Bank Limited Page | 32 Core components – equipment and software for IT operations and storage of data and applications. These may include storage systems; servers; network infrastructure, such as switches and routers; and various information security elements, such as firewalls. Support infrastructure – equipment contributing to securely sustaining the highest availability possible. Some components for supporting infrastructure include: Uninterruptible Power Sources (UPS) – battery banks, generators and redundant power sources. Environmental control – computer room air conditioners (CRAC); heating, ventilation and air conditioning (HVAC) systems; and exhaust systems. Physical security systems – biometrics and video surveillance systems. Operations staff – personnel available to monitor operations and maintain IT and infrastructure equipment around the clock. Data centers have evolved significantly in recent years. As enterprise IT needs continue to move toward on-demand services, data center infrastructure has shifted from on-premises servers to virtualized infrastructure that supports workloads across pools of physical infrastructure and multi-cloud environments. 3.2.2 Classification of DC Data center tiers are a standardized ranking system that indicates the reliability of data center infrastructure. This classification ranks facilities from 1 to 4, with 1 being the worst and 4 the best-performing level. A data center receives this international ranking from the Uptime Institute, an independent organization that determines the facility level primarily based on: Uptime guarantees. Fault tolerance (the ability to handle both planned and unplanned disruptions). Service cost. Tier 1 Data Center: A Tier 1 data center is a type of data center that has only one source of servers, network links and other components. It is one of the simplest forms of data center tiers and lacks any redundant or backup supply of data center infrastructure components and operational services. A Tier 1 data center is also known as a Level 1 data center. A Tier 1 data center is the basic-intermediate level of data center tiers. Introduced by the Uptime Institute, it is used to provide neutral classification of data centers, in terms of availability. A Tier 1 data center only has essential components or data center infrastructure and is not suited for enterprise or mission critical data center services, as it lacks any redundant source of servers, Advance Level IT Manual for NCC Bank Limited Page | 33 network/Internet links, storage, power and cooling resources. Typically, a Tier 1 data center guarantees 99.671 percent availability and has an average of 28.8 hours of downtime per year. Tier 2 Data Center: A Tier 2 data center is a location that has multiple sources of servers, network links and other data center components. It is a center that has redundant components but only one path/source or partial redundancy in data center power and cooling resources. A Tier 2 data center is also known as a Level 2 data center. A Tier 2 data center has the same or enhanced components and features of a Tier 1 data center, but with redundant capacity or infrastructure components. It is the second tier of data centers introduced by the Uptime Institute. In a Tier 2 data center, a power component or equipment can be replaced or removed without interrupting power supply to the core computing components. It guarantees 99.741% availability with approximately 22 hours of downtime per year. It is generally used by mediumsized businesses. Tier 3 Data Center: A Tier 3 data center is a location with redundant and dual-powered servers, storage, network links and other IT components. It is one of the most commonly used data center tiers, where IT components are powered with multiple, active and independent sources of power and cooling resources. A Tier 3 data center is also known as a Level 3 data center. A Tier 3 data center combines and exceeds features and capabilities of Tier 1 and Tier 2 data centers but with redundant capacity and data center infrastructure components. It is the third level/tier of data centers introduced by the Uptime Institute. Like a Tier 2 data center, IT components can be replaced or removed without interrupting routine data center operations. With the redundant and always active power supply, there is minimal planned and unplanned downtime. It guarantees 99.982 percent availability with a fractionally of less than two hours of downtime per year. Tier 4 Data Center: A Tier 4 data center is an enterprise class data center tier with redundant and dual-powered instances of servers, storage, network links and power cooling equipment. It is the most advanced type of data center tier, where redundancy is applied across the entire data center computing and non-computing infrastructure. A Tier 4 data center is also known as a Level 4 data center. A Tier 4 data center combines and exceeds features and capabilities of all preceding data center layers. It provides end-to-end fault resistance by deploying and maintaining entire data center infrastructure duplicates. It is the last level/tier of data centers introduced by the Uptime Institute. Being an enterprise class data center, Tier 4 data center guarantees 99.995 percent availability with just 26.3 minutes of downtime per year. Advance Level IT Manual for NCC Bank Limited Page | 34 3.3 Alternative Data Center (ADC) and Disaster Recovery (DR) Site Data centers are critical to the organization. Because mission-critical systems are used to run the business, assist in the decision-making process, and form the basis of growth and revenue generation, a failure in the data center could be disastrous. Therefore, most organizations have two data centers — a primary data center (PDC) and a secondary data center (SDC), which in some cases is also referred to as the alternative data center (ADC) or the alternative site or disaster recovery (DR) site. One of the key elements in any Disaster Recovery plan is the selection of a secondary site for data storage to help prevent data loss in the event of cyber-attacks or a natural disaster. There are three major types of disaster recovery sites that can be used: cold sites, warm sites, and hot sites. A disaster recovery (DR) site is a facility an organization can use to recover and restore its technology infrastructure and operations when its primary data center becomes unavailable. The decision about what kind of DR site an organization needs and its location requires careful planning and a balance of costs against any risks. Banks with large information requirements and aggressive recovery time objectives are more likely to use a DR site. The DR site is typically a second data center and allows a company to recover and resume operations following a disaster at the primary center. The DR site options are hot, warm and cold sites: Hot Computing Sites: At a hot site, an organization has access to a fully functional data center with hardware and software, personnel and customer data. It is typically staffed around the clock and is ready for organizations to operate their IT in the event of a disaster. This is the ideal disaster recovery site but can be challenging to attain. Advance Level IT Manual for NCC Bank Limited Page | 35 Warm Computing Sites: A warm site is an equipped data center but does not have customer data. It contains some or all of the equipment found in a working data center, such as hardware and software, network services and personnel. An organization can install additional equipment when a disaster occurs. Warm sites are "ready to go" in one sense, but they still need to have data transported to them for use in recovery should a disaster occur. Cold Computing Sites: A cold disaster recovery site is the most simplistic type of disaster recovery site. A cold site is only an option for business systems that can be down for an extended period. An organization can use a cold site to supplement hot and warm sites in the event of a disaster that lasts a long time. A cold site consists of elements to provide power and networking capability as well as cooling. It does not include other hardware elements such as servers and storage until an organization activates DR plans and installs equipment. The use of a cold site is very limiting to a business since before it can be used, backup data along with some additional hardware must be sent to the site and installed. This will impede workflow. 3.4 Distance between DC and DR Distance is a prime consideration for an organization's DR site. A closer site allows for tighter synchronization and easier staff management. But it should be on a different power grid than the organization's primary data center and far enough away that a major disaster does not impact both places. Sites too far away, though, can create replication issues, require different staff and end up costing a lot. An organization needs to make location decisions based on the importance of data, type of possible disasters (earthquake, cyclone, tornado, etc.) and cost. 3.5 Core Banking Software (CBS) Simply put, digital core banking is banking technology that provides access to all of the traditional core banking activities and services via digital platforms. Core banking platforms ensure that customers have access to all of the banking services at any point, irrespective of the time, location, and other variables that otherwise limit such a convenience. The primary difference between traditional core banking and digital core banking is the medium through which banking services are provided. In the traditional scenario, a customer had to visit a physical branch of a bank for even simple banking tasks such as ordering checkbooks or check deposits. The digitization of banks enabled by core banking transformation allows customers to complete such tasks with just a few clicks. Customers can carry out every day financial transactions from the comfort of their home or the office without having to visit the bank. Advance Level IT Manual for NCC Bank Limited Page | 36 Core banking systems are the computer-enabled back end activities of a bank that processes daily banking transactions and updates the accounts accordingly. Core banking systems typically include deposits, withdrawals, check processing, cash transfers, business loan and credit processing, business credit card and debit card management along with a host of other important activities. Core banking system architecture offers an easy interface that integrates ledger systems with technologically advanced reporting tools that makes the management of everyday banking activities extremely fast and efficient. Core banking software increases the productivity of a bank by a huge margin and contributes to the overall revenue of the bank. 3.5.1 Features of Core Banking Software Core banking platforms offer a myriad of features and applications. These key features of core banking software make the whole process of digital transformation absolutely worth it. Customer onboarding: In a traditional banking scenario, customer onboarding is one of the most cumbersome tasks. Core banking applications make this process extremely easy. There is no hassle of endless paperwork and multiple verifications; the entire process is digitized and completed within a few clicks. Daily Transactions: Day-to-day cash transactions such as deposits, withdrawals, and transfers can be processed digitally without any in-person contact. This makes the mundane banking activities safe and efficient. This also includes other banking activities such as bill payments, credit card payments, and online retail transactions. Loan Interest and Payments: Once a loan is approved and distributed, much of the maintenance is a matter of calculations. Your banking software will handle the task of calculating interest, penalties, and determining the proper monthly payments. Secure data management: Data migration and data management are two of the most critical aspects of the banking sector. Core banking platforms make data management both manageable and seamless. Consolidated information that showcases customer data, business data, and transactional data can help the bank make important decisions. Accurate data management can help a bank recommend the right financial products to its customers. Business and transactional data can help banks evaluate growth strategies and launch new products that benefit their customers. Virtual Banking: A mobile app has become an essential extension of a bank’s digital presence. Mobile applications and Net Banking facilities allow customers to access their account from anywhere. This ensures customers that they can carry out their Advance Level IT Manual for NCC Bank Limited Page | 37 banking activities without any interruptions. This also improves customer engagement in banking. Advanced Security Integration: As banking activities continue to migrate online, money mismanagement and fraudulent transactions may occur occasionally. One of the key advantages of the core banking software is the top-notch security integration across all the verticals of a bank. Features such as dual authentication processes and digital identity management ensure tight security to both the banks and their customers. Customer Communication: If there is ever an issue with a customer's account, he or she will want to know right away. Your banking solution should be able to reach customers through SMS messaging or automatic emails. This communication will make it just as easy to send a message to every customer as it is to send a single message to an individual. 3.5.2 Common Modules in CBS The CBS includes full support to various functions, some of which includes Customers Information System, Corporate & Retail Banking, Investment Banking, Financing Origination System, Agent Banking, Offshore Banking, Profit Distribution, Accounting & MIS, Payroll, Islamic banking product, Bills and Remittance, Treasury Management, Trade finance, General Ledger, KYC for anti-money laundering, Credit monitoring system (centralized limit), Clearing, Drilled Down Reporting, etc. 3.6 ICT Department The Bank’s Technology initiatives are clearly focused on the customer. Technology is being implemented by the banks with a view to provide its customer convenience banking on 24 X 7 basis in home and abroad through deployment of a single Core Banking Solution platform across globe with integrated delivery channels like ATM, Internet, Phone, Mobile, Kiosk, Call Centre etc. Banking technology deployment is not restricted to only core banking solution. It also covers other applications like Enterprise wide General Ledger, Risk Management, Anti-Money Laundering, Cheque Truncation, Credit Cards, Mutual Funds, On-line Trading, Data Warehousing, Customer Relationship Management, SWIFT, RTGS, EFT, NPSB, Internet Payment gateway, Global Treasury, Human Resources Management System, Employee Pay Roll, Cash Management, Mobile Banking, SMS delivery, Retail Depository, Phone Banking, Advance Level IT Manual for NCC Bank Limited Page | 38 Risk Management, Knowledge Management etc. which are well integrated and provide a seamless experience to customers of all segments and lines of business. These applications also provide critical MIS through Data warehouse for timely business decision. Internet Payment gateway offering E-commerce services is also an added issue. With the help of CBS and various initiatives, bank has enabled its customer with the state-of-the-art technology; duly complemented with the human interface. 3.6.1 The Objective of the IT Department The objective of the IT Department is to take care of the IT infrastructure and provide IT services to the employees of the bank, supervise and support the information systems used by the bank and implement IT development projects. The Department also maintains constant IT system security, analyses IT security incidents, carries out IT system security checks, as well as keeps in contact and coordinates actions with the Central Bank and the supervised financial market participants in relation to these issues. It develops the IT infrastructure used at the bank, looks for and procures new hardware and software, necessary IT services. 3.6.2 Divisions under IT Department The complex nature of the services that IT provides for both the bank and its branch services led by a Chief Information Technology Officer. Often, IT divisions can be better aligned to facilitate separation of duties and a better focus on the most critical areas identified. Common divisions under IT department are: IT Management Division Information Systems Development Division Infrastructure Management Division Information Systems Maintenance and Support Division 3.6.3 Functions of IT Department Business systems Shared services IT operations Enterprise architecture Project management Information security Advance Level IT Manual for NCC Bank Limited Page | 39 3.7 Outsourcing of IT Jobs Outsourcing is the process by which an organization delegates some of its in-house operations or processes to a third party. IT outsourcing (ITO) involves an external service provider being given responsibility for managing specific applications for a financial institution. Server management, infrastructure solutions, network administration and software development are the most common functions to be outsourced, and ITO is typically implemented to save banks time and money while introducing flexibility in terms of data storage, product offerings and speed of service. Generally speaking, outsourcing enables organizations to improve operational performance, vastly improve speed, reduce operational risk and increase efficiency through better consolidating and centralizing functions. Banks that strive to keep everything in-house typically end up developing a series of vertically integrated silos that result in extensive duplication and redundancy across businesses and markets. Financial Institutions face many challenges including operational risks, cyberthreats, strategic planning, compliance and audit. Outsourcing IT capability to a third-party expert has many diverse benefits that positively impact the bottom line. Control and reduce IT costs – outsourcing services are typically offered via a monthly fee and banks benefit from economies of scale and overall lower cost infrastructure; Focus on the business of running the bank – banks can refocus on investing time and energy into growth strategies rather than worrying about the latest IT development; Stay current with the latest technology – relinquish IT technology decisions, investment and training to the experts in the field an expertise; Mitigate risk and automate – outsource infrastructure risk and automation to offer 24/7 processing and monitoring of secure bank IT environments; Experience increases in productivity – refocus on core competences at a lower cost, reassured by quick response to service issues and interruptions. More and more financial institutions are turning to IT outsourcing because they do not have the expertise nor the economies of scale that a modern outsourcer can offer. Maintaining a state-of-the-art IT ecosystem is a daunting task. It requires multiple layers of tools and expertise that many banks simply cannot recruit and afford. Managed IT services provide the flexibility and scalability that financial institutions need to grow and evolve, and ensures a bank’s assets, systems and applications stay current and continuous. Advance Level IT Manual for NCC Bank Limited Page | 40 3.7.1 The Services that a Bank Can Outsource Here are the most common IT services that a bank can outsource: Front line IT support – Service/Support Desk, Activities such as Debit/Credit Card printing and dispatch, verifications, etc., Technology Operations, Banking Operations, Cash Management and Collections, Technology Infrastructure Management, Maintenance and Support, Application Development, Maintenance and Testing, Transaction Processing including payments, loans, deposits, Customer Service helpdesk / Call Centre services, Marketing and Research. Data Analysis IT Audit Sample Questions: 1. What are Alternative Delivery Channels (ADC)? What are the advantages and disadvantages of ADCs compared to branch? 2. What are the roles of Data Center (DC), Alternative Data Center (ADC) and Disaster Recovery Site (DRS) in banks? Which type of DC is the best and why? 3. Classify different types of Disaster Recovery Sites (DRSs) with example. 4. What is a CBS? Why do we need it in banking business? 5. What are the major roles of ICT department in a bank? 6. What is outsourcing? Why do we need to outsource some IT jobs in banks? Advance Level IT Manual for NCC Bank Limited Page | 41 Chapter-4 Data Management in Online Banks 4.1 Data and Information Data are vital organizational resource that need to be managed like other important business assets. Today’s banking industry cannot survive or succeed without quality data about their internal operations and external environment. That’s why banks and their managers need to practice data resource management, a managerial activity that applies information systems technologies like database management, data warehousing, and other data management tools to the task of managing an organization’s data resources to meet the information needs of their business stakeholders. Managing data in banks is difficult for many reasons. Following are the reasons that imply why data management is a difficult task. Amount of data increases exponentially with time Data are scattered throughout organizations, and they are collected by many individuals using various methods and devices. Data are generated from multiple sources Data security, quality, and integrity are critical, yet they are easily jeopardized Companies are drowning in data, much of which is unstructured. The following section covers the conceptual issues related to data, information, database, DBMS, Data Warehouse, Data Mining and Data Analytics. This section also focuses on various issues related to access control and authentication mechanisms. Data: Data are the raw facts. Data can be number, text, image, audio, and video. However, data are meaningless until we process them. Banks generate huge volume of data from various transaction points. So, banks must be careful while dealing with data. It is said that those who rule data will rule the entire world. Hence, we realize the significance of data in an organization. Information: Information is data that have been processed, organized, and structured. It puts data in context and helps people make decisions. We use data as input and we get information as output. Advance Level IT Manual for NCC Bank Limited Page | 42 4.2 Database Often abbreviated DB, a database is basically a collection of information organized in such a way that a computer program can quickly select desired pieces of data. You can think of a database as an electronic filing system. A computer system organizes data in a hierarchy that starts with the bit, which represents either a 0 or a 1. Bits can be grouped to form a byte to represent one character, number, or symbol. Bytes can be grouped to form a field, and related fields can be grouped to form a record. Related records can be collected to form a file, and related files can be organized into a database. Figure: The Data Hierarchy To access information from a database, you need a database management system (DBMS). This is a collection of programs that enables you to enter, organize, and select data in a database. There are many different types of DBMSs, ranging from small systems that run on personal computers to huge systems that run on mainframes. Some examples of popular database software or DBMSs include MySQL, Microsoft Access, Microsoft SQL Server, Oracle, DB2, PostgreSQL, etc. In generally a bank uses database for improving business processes, keeping track of their customers, storing user’s data and maintaining and accessing data. Advance Level IT Manual for NCC Bank Limited Page | 43 4.2.1 Classification of Database For storing several varieties of data, different types of databases can be used by organizations. However, the following section discusses only centralized and distributed database systems. Centralized Database: Centralized database system is the database where the data is stored centrally. Due to its centralized location the client users are able to access the stored data from different locations through several applications. The authentication process is maintained in the application to let users securely access their data. Figure: Architecture of Centralized Database System Advantages of Centralized Database Risk of data management is minimized. Since the data is maintained centrally therefore the data remains consistent. Data standards are maintained because it provides better quality data. Cost is minimized because of lower number of vendors required to maintain. Disadvantages of Centralized Database When database is too large, the response times increase making response slow. Updating a large centralized database takes extensive knowledge. Since all data centralized, server failure would mean losing all data on the server. Advance Level IT Manual for NCC Bank Limited Page | 44 Distributed Database: A distributed database represents multiple interconnected databases spread out across several sites (places) connected by a network. Since the databases are all connected, they appear as a single database to the users. Distributed databases utilize multiple nodes. More nodes in the system provide more computing power, offer greater availability, and resolve the single point of failure issue. Different parts of the distributed database are stored in several physical locations, and the processing requirements are distributed among processors on multiple database nodes. Figure: Architecture of Distributed Database System Advantages of Distributed Database Reliability Lower communication cost Better Response Disadvantages of Distributed Database Costly software Data integrity Improper data distribution Advance Level IT Manual for NCC Bank Limited Page | 45 4.2.2 Database Administration A database administrator (DBA) is an information technician who is in charge of directing or conducting all tasks connected to keeping a database system running smoothly. A database administrator ensures that an organization's database and related applications are functioning and efficient. The job of database administration is to manage and maintain database management systems (DBMS) software. The fundamental function of database administration is to guarantee that the database is always accessible when it is required. This will usually need proactive monitoring and troubleshooting regularly. This, in turn, necessitates considerable technical expertise on the DBA's part. The DBA or database administrator will require expertise and maybe training in the platform (database engine and operating system) on which the database operates, in addition to an indepth understanding of the database in the issue. Responsibilities of a Database Administrator (DBA) Each database requires at least one database administrator (DBA). A database administrator’s responsibilities can include the following tasks: Installing and upgrading the database server and application tools. Allocating systems storage and planning future storage requirements for database system. Enrolling users and maintaining system security. Monitoring and optimizing the performance of database. Controlling and monitoring user access to the database. Planning for backup and recovery of database information. Maintaining archived data on tape. Backup and restoring the database. 4.3 Data Access Control Data access typically refers to software and activities related to storing, retrieving, or acting on data housed in a database or other repository. Data Access is simply the authorization a user has to access different data files. Data access can help distinguish the abilities of Administrators and users. E.g. Admins may be able to remove, edit and add data, while a general user may not be able as they don’t have the access to that particular file. Data access control is a basic security feature that allows you to limit access based on a set of restrictions. You can help Advance Level IT Manual for NCC Bank Limited Page | 46 protect personally identifiable information (PII), intellectual property, and other private information out of the wrong hands by setting strong data access controls, whether internally or externally. Restricting Access Steps to restrict database access within an organization: Implement Separation of Duties (SOD) a preventive control. Establish test and production environments which are preventive control. Restrict user account and Database administrator access which is a preventive control. Turn on audit trails, monitoring software, or exception reports which are detective controls. Password Policy Passwords are an important aspect of computer security. They are the front line of protection for user accounts. A poorly chosen password may result in a compromise of bank’s entire systems. So, banks need to deploy a password policy for protecting the system from unexpected incidents. A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. A password policy is often part of an organization's official regulations and may be taught as part of security awareness training. Typical components of a password policy include: Password Length and Formation Many policies require a minimum password length (eight characters is typical but may not be appropriate). A more appropriate length is 15 characters. Some policies suggest or impose requirements on what type of password a user can choose, such as: the use of both upper- and lower-case letters (case sensitivity), e.g. A, p, D inclusion of one or more numerical digits, 4, 9, 1 inclusion of special characters, e.g. @, #, $ etc. prohibition of words found in a dictionary or the user's personal information, e.g. happy, love, bank prohibition of passwords that match the format of calendar dates, license plate numbers, telephone numbers, or other common numbers, e.g- your date of birth, cell number prohibition of use of company name or an abbreviation, e.g- nccbl Advance Level IT Manual for NCC Bank Limited Page | 47 Password Duration Some policies require users to change passwords periodically, e.g. every 90 or 180 days. The benefit of password expiration, however, is debatable. Systems that implement such policies sometimes prevent users from picking a password too close to a previous selection. Common Password Practice Do not use your User ID as your password. Do not share passwords with anyone, including administrative assistants or secretaries. All passwords are to be treated as sensitive, Confidential information. Password policies often include advice on proper password management such as: never share a computer account never use the same password for more than one account never tell your password to anyone, including people who claim to be from customer service or security never communicate a password by telephone, e-mail or instant messaging being careful to log off before leaving a computer unattended changing passwords whenever there is suspicion they may have been compromised operating system password and application passwords are different password should be alpha-numeric never use online password generation tools never share password with family members reveal share your password to your boss never write passwords down and store them anywhere in your office. never talk about your password in front of others Password strength is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. A simple brute force attack uses automation and scripts to guess passwords. Typical brute force attacks make a few hundred guesses every second. Simple passwords, such as those lacking a mix of upper- and lowercase letters and those using common expressions like '123456' or 'password,' can be cracked in minutes. The strength of a password is a function of length, complexity, and unpredictability. Advance Level IT Manual for NCC Bank Limited Page | 48 AAA (Authentication, Authorization, Accounting) Data access control ensures that users are who they say they are and that they have the authority to access the data by validating their identification. The following are the three primary components of data access control: Authentication: Authentication means checking the identity of the entity that is trying to access the database. A multifactor authentication system might be used to verify the user's identity. Authorization: Authorization determines not just the level of access each user has to the database, but also the activities the person may perform, depending on regulations set by the organization. Accounting: The resources used by a user during access are measured through accounting. This may include the amount of system time or data delivered and/or received by a user during a session. Accounting involves recording session statistics and use data, which is used for authorization control, charging, trend analysis, resource consumption, and capacity planning. Authentication, au

Use Quizgecko on...
Browser
Browser