SBI Core Banking Some Rights Reserved Author: Sarthak Ganguly Project on SBI Core Banking September 8 2010 Name : Sarthak Ganguly Dept: Computer Science and Engineering Roll: 071200101084 Dr.B.C.Roy Engineering College Project on Network and System Administration A study on the networking and security aspects of a massive corporate network
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
SBI Core Banking
Some Rights Reserved Author: Sarthak Ganguly
Project on SBI Core Banking
September 8
2010 Name : Sarthak Ganguly
Dept: Computer Science and Engineering
Roll: 071200101084
Dr.B.C.Roy Engineering College
Project on Network and
System Administration A study on the networking and security aspects of
a massive corporate network
1 SBI Core Banking
Introduction
Meeting New Market Demands
Banks and financial services organizations have long recognized the advantages of deploying technology
to improve the value, speed and flexibility of their product offering to customers. Particularly in today’s
highly competitive banking industry, core banking technology is a vital element that helps a bank
differentiates itself. This is especially true on the retail front, and allows banks to offer many new
technology driven channels to customers such as ATMs and Internet banking, thus pioneering the
concept of Anywhere Banking, and eliminating the concept of branch banking. With features like real-
time transaction processing coming into effect, customers can experience the benefits of “real-time
banking” and no longer need to wait days or weeks for their transactions to be completed. Another key
advantage of technology is the significant decrease of product development and testing lead time,
leading to faster launch of new products for the bank – enhancing the organization’s innovativeness and
agility.
The Business Challenge
While most banking organizations in India clearly recognized the advantages of deploying technology,
they continued to hesitate before embarking on the process due to a number of “pain areas” related to
the adoption and roll-out of technological platforms:
Long implementation periods
Standard banking technology software solutions were largely inapplicable to individual organizations. As
a result, the tailoring of the solution and its roll-out for the organization was a long and often drawn-out
period.
Return on investment (ROI)
Making the very significant capital investment required for a technological package was a challenge in
the environment of keen competition and slim margins. Senior management and shareholders
demanded a clear quantification of the ROI involved, which was difficult to accurately evaluate and
compute.
Technology absorption rate at India’s rural branches
Particularly in branches located in India’s rural areas, absorbing technology was a challenge on its own.
Ease of training and ease of use was a critical component that determined the success or failure of any
solution.
Connectivity
Given the sheer size of the Indian market in geographic terms, it was inevitable that connectivity at
broadband levels could not be expected at every branch. The solution needed to be able to work even in
areas with poor or intermittent Internet access.
High costs
High upfront investment was in many cases an inhibiting factor for investment.
2 SBI Core Banking
Legacy systems
A large number of banks were operating on homegrown and inefficient, mutually incompatible legacy
systems. Migrating the data and investment in some of the legacy equipment needed to play an
important role in the plan for any new solution.
3 SBI Core Banking
Contents
Topic Page
Core Banking, What it is
Core Banking Solutions 4
SBI Core Banking, The Beginning
State Bank of India Core Systems Modernization
Drivers for the Bank
Challenges for the Bank
Vendor Consortium Selection
Tata Consultancy Services and TCS BaNCs
Initial SBI Core Systems Modernization Project
State Bank of India Full Branch Conversion
Critical Success Factors
6
Network Architecture 13
Physical Architecture
Distributed System Components
Core Banking System Components
15
Security Architecture
Organizing Structure of IT
Enabler
Enforcer
Auditor
18
Financial Network Services(FNS)
Built and Deployed Using Micro Focus Technology 22
Benefits
Increased delivery channels
Open Technology Platform
Lowest Price Performance Ratio
23
TCS BaNCs
An Overview 25
Further Improvement 43
Conclusion 44
References 45
Bibliography 46
4 SBI Core Banking
Core Banking, what it is
Core Banking is normally defined as the business conducted by a banking institution with its retail and small business customers. Many banks treat the retail customers as their core banking customers, and have a separate line of business to manage small businesses. Larger businesses are managed via the Corporate Banking division of the institution. Core banking basically is depositing and lending of money.
Nowadays, most banks use core banking applications to support their operations where CORE stands for "Centralized Online Real-time Exchange". This basically means that the entire bank's branches access applications from centralized datacenters. This means that the deposits made are reflected immediately on the bank's servers and the customer can withdraw the deposited money from any of the bank's branches throughout the world. These applications now also have the capability to address the needs of corporate customers, providing a comprehensive banking solution. A few decades ago it used to take at least a day for a transaction to reflect in the account because each branch had their local servers, and the data from the server in each branch was sent in a batch to the servers in the datacenter only at the end of the day (EoD).
Normal core banking functions will include deposit accounts, loans, mortgages and payments. Banks make these services available across multiple channels like ATM, internet banking, and branches.
Core Banking Solutions
Core Banking solutions are banking applications on a platform enabling a phased, strategic approach that lets people improve operations, reduce costs, and prepare for growth. Implementing a modular, component-based enterprise solution ensures strong integration with your existing technologies. An overall service-oriented-architecture (SOA) helps banks reduce the risk that can result from multiple data entries and out-of-date information, increase management approval, and avoid the potential disruption to business caused by replacing entire systems.
Core Banking Solutions is new jargon frequently used in banking circles. The advancement in technology, especially internet and information technology has led to new ways of doing business in banking. These technologies have cut down time, working simultaneously on different issues and increasing efficiency. The platform where communication technology and information technology are merged to suit core needs of banking is known as Core Banking Solutions. Here, computer software is developed to perform core operations of banking like recording of transactions, passbook maintenance, and interest calculations on loans and deposits, customer records, balance of payments and withdrawal. This software is installed at different branches of bank and then interconnected by means of communication lines like telephones, satellite, internet etc. It allows the user (customers) to operate accounts from any branch if it has installed core banking solutions. This new platform has changed the way banks are working.
Gartner defines a core banking system as a back-end system that processes daily banking transactions, and posts updates to accounts and other financial records. Core banking systems typically include deposit, loan and credit-processing capabilities, with interfaces to general ledger systems and reporting tools. Strategic spending on these systems is based on a combination of service-oriented architecture and supporting technologies that create extensible, agile architectures.
5 SBI Core Banking
SBI Core Banking, the beginning The State Bank of India is the oldest and largest bank in India, with more than $250 billion (USD) in
assets. It is the second-largest bank in the world in number of branches; it opened its 10,000th branch in
2008. The bank has 84 international branches located in 32 countries and approximately 8,500 ATMs.
Additionally, SBI has controlling or complete interest in a number of affiliate banks, resulting in the
availability of banking services at more than 14,600 branches and nearly 10,000 ATMs.
Unlike private-sector banks, SBI has a dual role of earning a profit and expanding banking services to the
population throughout India. Therefore, the bank built an extensive branch network in India that
included many branches in low-income rural areas that were unprofitable to the bank. Nonetheless, the
branches in these rural areas bought banking services to tens of millions of Indians who otherwise would
have lacked access to financial services. This tradition of "banking inclusion" recently led India's Finance
Minister P. Chidambaram to comment, "The State Bank of India is owned by the people of India."
A lack of reliable communications and power (particularly in rural areas) hindered the implementation
of computerization at Indian banks throughout the 1970s and 1980s. During this period, account
information was typically maintained at the local branches with either semi- automated or manual
ledger card processing. During the 1990s, the Indian economy began a period of rapid growth as the
Auditing compliance against policies across applications and locations
Vulnerability testing
Penetration testing
Application security testing
Feedback to ISD on effectiveness of policies
GM – General Manager
AGM – Assistant General Manager
Monitoring
Features
Online banking solutions have many features and capabilities in common, but traditionally also
have some that are application specific.
The common features fall broadly into several categories
Transactional (e.g., performing a financial transaction such as an account to account transfer, paying a bill, wire transfer... and applications... apply for a loan, new account, etc.)
o Electronic bill presentment and payment - EBPP
19 SBI Core Banking
o Funds transfer between a customer's own checking and savings accounts, or to another customer's account
o Investment purchase or sale o Loan applications and transactions, such as repayments of enrollments
Non-transactional (e.g., online statements, check links, co browsing, chat) o Bank statements
Financial Institution Administration - Support of multiple users having varying levels of authority Transaction approval process Wire transfer
Features commonly unique to Internet banking include
Personal financial management support, such as importing data into personal accounting software. Some online banking platforms support account aggregation to allow the customers to monitor all of their accounts in one place whether they are with their main bank or with other institutions.
Signature based online banking where all transactions are signed and encrypted digitally. The Keys for the signature generation and encryption can be stored on smartcards or any memory medium, depending on the concrete implementation.
Attacks
Most of the attacks on online banking used today are based on deceiving the user to steal login data and valid TANs. Two well known examples for those attacks are phishing and harming. Cross-site scripting and key logger/Trojan horses can also be used to steal login information.
A method to attack signature based online banking methods is to manipulate the used software in a way, that correct transactions are shown on the screen and faked transactions are signed in the background.
A recent FDIC Technology Incident Report, compiled from suspicious activity reports banks file quarterly, lists 536 cases of computer intrusion, with an average loss per incident of $30,000. That adds up to a nearly $16-million loss in the second quarter of 2007. Computer intrusions increased by 150 percent between the first quarter of 2007 and the second. In 80 percent of the cases, the source of the intrusion is unknown but it occurred during online banking, the report states.[5]
The most recent kind of attack is the so-called Man in the Browser attack, where a Trojan horse permits a remote attacker to modify the destination account number and also the amount.
Countermeasures
There exist several countermeasures which try to avoid attacks. Digital certificates are used against phishing and harming, the use of class-3 card readers is a measure to avoid manipulation of transactions by the software in signature based online banking variants. To protect their systems against Trojan horses, users should use virus scanners and be careful with downloaded software or e-mail attachments.
20 SBI Core Banking
The easiest method is still prevention of any infection. The clients are only disk less nodes without any CD/DVD or Flash drive. Only the server is equipped with a hard disk. So a chance infection spreading from the client to the server is not possible.
The Intranet is completely separated from the Internet by the DMZ or Demilitarized Zone, hence keeping the network safe from any outside interference.
21 SBI Core Banking
Financial Network Services (FNS) FNS provides end-to-end, integrated solutions for the banking and finance industry around the world.
Headquartered in Sydney, Australia, the company addresses business opportunities across Europe, Asia
Pacific, Africa, Latin America and the Middle East through established regional offices in London, Seoul,
Manila, Jakarta, Kuala Lumpur, Hong Kong, Dubai, Santiago and Johannesburg.
From 27 January to 21 February 2003, a multi-disciplinary team worked to demonstrate the scalability
and performance of the FNS solution, BANCS®, within a Windows server environment. Traditionally,
COBOL- based critical banking software such as BANCS, runs on a mainframe or in a UNIX environment,
rather than a Windows environment, and a benchmark study of this type had not been attempted
previously. “We already have eight live banking sites operating smoothly using a Windows back-end, so
we knew first- hand that BANCS running on Windows was saleable and robust,” said Dean Matheson,
product development manager, Delivery Channels and Windows at FNS. “However we wanted to
quantify and validate that performance using rigorous and controlled conditions where the application
and architecture could be pushed to their limits.”
The BANCS solution automates core banking functions such as deposit processing, loans processing, loan