e-banking solution Security
NETteller E-Banking Security Module is equipped with strong user security features that will not permit any unauthorized access at a clients or bank's site.
The advanced combination of password controls and user access rights ensure that only authorized users can access NETteller. Users may only have access to the accounts and services where the access privileges have been assigned. Data security is deployed within NETteller using the latest industry standards for example: the Secure Socket Layer (SSL) protocol to encrypt and protect the data passes between the client and the server. The communication between Web Container Components and Application Server Components is done over SHA 512 encryption. Also the sensitive personal information like passwords, in the NETteller Data Base, are encrypted by the same method SHA 512.
Security Features Supported:
Java Authentication and Authorization Service (JAAS): Java security technology includes a large set of tools, and implementations of commonly used security algorithms, mechanisms, and protocols. Provides a safe and secure platform for developing and running applications. Enables single sign-on of multiple authentication mechanisms.
Configurable Login attempts: Configurable delay after a failed login attempt, IP blocking to prevent unauthorized SSH login attempts, a configurable time for which the server keeps track of failed login attempts. If the maximum number of failed login attempts occurs within this time, the account locks.
Timed logout inactive users: Auto logout idle users after being inactive for some time,
Logging, Auditing, and Profiling:
Transaction-Logging and Logging of user behavior
History of all activities
Transaction logs are a source of usage information. The information on user behaviour can be filtered through calculation of summary statistics
Multiple/One Time Password System Integration (Vasco, VeriSign, etc): This method is where the security cryptography is based on an sequence number enhancing the inherently secure transport layer with a second or multiple factor of authentication, greatly reducing the risk of fraud.
Digital Signature: A valid digital signature gives a recipient reason to believe that the message was created by a known or the claimed sender, authenticates the identity of the sender of a message or the signer of a document and ensures that it was not altered in transit.
Two-factor authentication is a security process in which the user provides two means of identification, one of which is typically a physical token, such as a card, and the other of which is typically something memorized, such as a security code. In this context, the two factors involved are sometimes spoken of as something you have and something you know. A common example of two-factor authentication is a bank card: the card itself is the physical item and the personal identification number (PIN) is the data that goes with it. NETteller provides for 2-Factor user Authentication via SMS Mobile devices. In addition, NETteller can also cater for other forms of security like TAN, one-time Token etc.