We paid special attention to security when we designed the Electra system and implemented its components. Security is not limited to data confidentiality but includes all other factors which ensure smooth operation for both the customers and the bank. The following needs to be taken into account with regard to the security of the Electra system:
- protection of program and data integrity
- protection against unauthorised access
- user rights
- protection of the connection between customers and the bank
- protection against internal misuse (with respect to both customers and bank staff)
- operational reliability
From a customer's perspective it is of primary importance that he could trust the entire banking system he uses. This trust is based on the trustwothiness of every component of the electronic banking access and of all connections between them.
The protection of program and data integrity ensures that neither customers nor the bank could be misled by either unintentional (e.g. caused by a hardware error) or intentional and malvolent (e.g. caused by a virus attack) program or data modification, and no financial damage were suffered.
Protection against unauthorised access ensures that banking data could only be accessed by those who the relevant customer mandated accordingly beforehand. That means that nobody outside the system (e.g. a system administrator) can access the data even if his duties include the maintenance of Electra (e.g. data backup) as part of the larger system. The system must ensure both on the server and the client side that customers could not view each others' data and could not act on behalf of each other. There can also be special functions associated with a single customer which certain users of the customer are allowed to use while others are not. In cases like that it must be ensured that everybody could access functions and data on a 'need-to-access' basis.
Program and data access is controlled through a user rights system in Electra. The current access rights system is based on procedures used in different banks and was developed as we tried to take into account several custom needs of the banks and tailored the system to meet those requirements. The user rights system can be accessed in a number of ways:
The first configuration is when Electra is running as a stand-alone system and provides uniform user rights management through different electronic channels for both the bank and its customers. In this case the user rights system can be accessed using a special client program called Administrator. The Administrator program can only be used by the employees of the bank (usually the staff of the Electronic Banking Unit, the HelpDesk or the Call Center).
Banks may shift certain administration tasks to their customers. In that case bank customers will have a strictly regulated access to the user rights administration system. This is called 'Customer-side administration' in Electra and has much fewer functionalities and a much narrower scope than that of the Administrator program.
The third configuration is connecting to a third-party user rights management system, in which case transparency between Electra and third-party system user access rights is provided through mappings in one or both directions.
The protection of the communication channel is highly important for both the bank and its customers. All data protection measures were taken in vain if data transfer channels are not secure and otherwise confidential banking data can be accessed or, assuming the worst-case scenario, even modified by unauthorised parties. Electra allows various communication lines between the bank and its customers: switched phone lines, leased lines or even the public Internet. Since all information about the exact operation (and even the shortcomings) of communication lines can be obtained, it is very important, especially when accessing the system through the Internet, that the parties of a communication session verified it at the very beginning of the session that they are communicating with their intended partner and not with some third party. This 'assurance' is provided at the beginning of the log-in process through the authentication of the Electra server on the customer's side and the customer's authentication on the bank's side.
All data transmitted through communication channels need to be encrypted so as to prevent unauthorised access and modification and to detect any modification before the bank executed a given transaction. Apart from that, it must also be detected if a party has just recorded some earlier communication without any decryption and simply repeats that communication because multiple execution of the same transaction may cause great damage.
Transactions sent by a customer to the bank need to be authenticated so that the bank could justify later why it did or did not do something. When transactions are checked it is important that the bank could be certain that the transactions were sent by a given client and the client could not repudiate submitting his orders later on.
Logs made about the operation of different program components, alerts about events considered to be important from a security point of view and other reactions (e.g. banning a user after a number of failed attempts to enter his password) have an important function in the Electra system. All these functions serve the same purpose: to prevent that even people who have access to the system (so called insiders) could do anything without a trace, cover it up or repiduate it later on.
Last but not least, operational security is at least as important for both the bank and its customers as the various protections applied. The questions of who will use the system under what circumstances and most importantly: which parts of the Electra system they will use, are to be taken into consideration as early as the system design phase. The users' expertise, the maintainability of the programs, the methods used to fix errors and all other possibilities (habits) that may happen to the programs and the data and cause errors must also be taken into consideration.