Presentation is loading. Please wait.

Presentation is loading. Please wait.

(Secure) Digital Banking

Published byHerbert Riley Modified over 6 years ago

Similar presentations

Presentation on theme: "(Secure) Digital Banking"— Presentation transcript:

1 (Secure) Digital Banking
Ali Süha Ter Head of Special Projects and Security

2 Agenda Overview of Garanti Digital Figures
Map of general security controls – Architecture Platform Security Authentication Input methods Authorisation controls & Security settings Fraud Monitoring Transaction signing Out of channel validation

3 Garanti Digital Figures
Total Digital Customers * *thousands Digitalization Level 5 million active digital customer* 3,9 million active mobile customers 92% of all client transactions are digital 45% of loan sales are thrugh digital Digital Mobile

4 Garanti Digital Figures
Retail digital banking Market Share Market Share Details Money Transfers ( Havale ) Tax Payments Stock Transactions Credit Card Transactions

5 safeguards Control Architecture FRAUD MONITORING
DEFINED RULES, ANALYST EFFORT PLATFORM SAFEGUARDS ENCYRPTION CERTIFICATES CLIENT BASED ANTIVIRUS WEB BASED ANTIVIRUS CUSTOMER TRAINING AUTHENTICATION PASSWORDS HARD TOKENS SOFT TOKENS TOKEN APPS e-SIGNATURE e-ID SMS OTP WEB FORMS & OTHER INPUT METHODS TRANSACTION SIGNING WITH HARD TOKEN WITH SOFT TOKEN WITH e-SIGNATURE WITH SMS OTP WITH CAPTCHA AUTHORIZATION CONTROLS & SECURITY SETTINGS TRANSACTION LIMITS , ACCOUNT AUTHORIZATION, TRANSACTION TYPE AUTHORIZATION, IP/LOCATION/TIME SETTINGS

6 Platform security ; Protect the customer platform ; Know the risks and feed to Fraud Monitoring
ENCYRPTION; Always use state of the art encryption algorithms. CERTIFICATES; Use state of the art certificates that help users validate the web site owner. ANTIVIRUS SOFTWARE; Never allow android devices to access if they dont have virus protection. Add antivirus SDK to mobile APP code. It is very hard to convince PC users to download and install antivirus software. Deploy a web based protection software for PC usage because all of your customers will never download and install a client based antivirus. Garanti uses webroot SDK at all mobile apps mobile & offers free Pc antiviurs software «Webroot Secure Anywhere» to all PC users for free. CUSTOMER TRAINING Inform the customers about protection methods. Offer Antivirus software.

7 Authentication methods; Risk analysis
Make continuous risk analysis; Write down the threats associated with each login method. Find real life threats or try to imagine. Find the best safeguards from standard documents or create new ones. Find out the resulting risks. Choose the best combination of factors. Factors should be totally independent

8 Authentication methods; Risk analysis*
*Below information is intentionally distorted

9 Authentication methods; Regulatory requirement
Choose at least 2 independent factors out of the following factor sets;

10 SMS OTP Soft Token Hard token Tokenization
Authentication ; Methods We Use Identification with social security / customer number / cookies / tokens PASSWORD alphanumeric, forced to change in 180 days, strong passwords forced BIOMETRY Eye verification is used with liveness detection SMS OTP Soft Token Hard token Tokenization

11 Biometric solutions for authentication
Eye Biometricis An alternative login method for mobile apps which allows clients to log in securely to Garanti Cep and GarantiOne by recognizing the structure of their eyes. Speech Recognition A voice biometrics infrastructure for live voice calls. Validates the customers while speaking freely without the need for static questions. Vocal Password A passphrase authentication tool to be used in self service IVR and other digital channels

12 Login with eye recognition
Allows easy login with enough security, helps customers when they forget passwords Prevents from most of the risks associated with; loss of equipment social engineering theft message re-routing misuse disclosure of information

13 New Input methods; Keyboard extension
Choose the Garanti Keyboard on any messaging app(Whatsapp, messenger, etc) Click the clover icon and choose the Garanti Mobile interface. Login by either typing in your Garanti password or by further authentication options. Choose the person from your contacts list that you’ll wire the money to, enter the amount to the amount box and click approve. Approve message that will be sent to the reciever and you’re all set! Allows users to make payment and money transfers through commonly used messaging apps by adding in-build interface to these apps.

14 New Input methods; Mobile Interactive Assistant
Functionality Works through a parallel overview screen that helps users get instant respose to voice commands. Perceives natural language so that the user doesn´t have to use specific sentences or keywords. Extensive capacity for grammar and comprehension, currently with more than 120 different actions built in. Navigation assistance within the APP, getting information on the nearest ATM or branch, current loan rates, navigating to the profile page or settings page etc.. Inquiries Can respond to account inquiries\ account number details and activities Transactions Balance checking, card information, money transfers, bill payment, credit card payment. More advanced inquiries include “How much money did I spend to fuel-oil from my Platinum credit card?” “What is the maturity date of my deposit account?” “I want to send 100 USD to David immediately.”, or “How much money did I transfer last week?”

15 Chatbots

16 Authorization controls & Security settings;
Optional controls; User defined money transfer and payment limits User defined transaction types User defined channel usage Optional security controls; User defined IP / time / location limits User defined settings can only be canceled with `out of channel` validation; Branches, video call center or call center with biometric validation

17 Fraud Monitoring ; Cyber Intelligence Banks, third parties, software based intelligence, government agencies Behavioral monitoring Detecting abnormal activities, Cross channel monitoring, Rule based monitoring based on patterns

18 Transaction Signing Transaction signing is required when;
the journey of the customer is seen as abnormal. the transactions and cross channel activities match defined patterns. Applied to a certain predefined percentage of transactions to avoid customer dissatisfaction. Is a balancing method; When percentage increases, it means more safeguards are needed to be deployed. When decreases, it means safeguarda are abow the required level. Methods used are; Simple captcha generated from transaction details ( protects from MITB ) Real signing with hard token, soft token or e-signature ( Protects from MITM ) SMS signing with OTP generated from transaction details ( Protects from interview and social engineering. Weak against SIM forwarding )

19 Thank You for your patience !
Questions?

Download ppt "(Secure) Digital Banking"

Similar presentations

Aspire Vertical Markets Retail Store. Retail Store Solution.

Aspire Vertical Markets Retail Store. Retail Store Solution.
Copyright © 2005 EFT Network, Inc. All Rights Reserved. Automated Recurring Payments Flexible Payment Solution.

Copyright © 2005 EFT Network, Inc. All Rights Reserved. Automated Recurring Payments Flexible Payment Solution.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
SAP Travel OnDemand Travel and Expense Management

SAP Travel OnDemand Travel and Expense Management
“Electronic Payment System”

“Electronic Payment System”
User training – Getting started with Mifos X

User training – Getting started with Mifos X
Online and Mobile Banking. Online banking Online Banking  Online banking is a fairly established practice in our internet-saturated world.  Many people.

Online and Mobile Banking. Online banking Online Banking  Online banking is a fairly established practice in our internet-saturated world.  Many people.
UniCredit Group at glance

UniCredit Group at glance
Mobile Identity and Mobile Authentication (mobile e-signature) Valdis Janovs Sales Director Lattelecom Technology SIA.

Mobile Identity and Mobile Authentication (mobile e-signature) Valdis Janovs Sales Director Lattelecom Technology SIA.
NetService www.GENetService.com Cardholder Tutorial GE Corporate Payment Services 4246 South Riverboat Road Salt Lake City, Utah 84123 Copyright Information.

NetService Cardholder Tutorial GE Corporate Payment Services 4246 South Riverboat Road Salt Lake City, Utah Copyright Information.
© 2005-07 NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.

© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.
E-BANKING E-banking is defined as the automated delivery of new and traditional banking products and services directly to customers through electronic,

E-BANKING E-banking is defined as the automated delivery of new and traditional banking products and services directly to customers through electronic,
NEW RMU PORTAL – RMU Panel.

NEW RMU PORTAL – RMU Panel.
Electronic Payment Systems. How do we make an electronic payment? Credit and debit cards Smart cards Electronic cash (digital cash) Electronic wallets.

Electronic Payment Systems. How do we make an electronic payment? Credit and debit cards Smart cards Electronic cash (digital cash) Electronic wallets.
Fremtidens Internet i Danske Bank Allan Vadskjær Severinsen Udviklingschef, Retail eBanking 11. Maj 2010 Fremtidens Internet.

Fremtidens Internet i Danske Bank Allan Vadskjær Severinsen Udviklingschef, Retail eBanking 11. Maj 2010 Fremtidens Internet.
Delight QuickBooks Online Banking Internal Support Training QuickBooks Windows 2009/2010 Online Banking.

Delight QuickBooks Online Banking Internal Support Training QuickBooks Windows 2009/2010 Online Banking.
E-app Download & Agent Workspace. Laptop Presentation Training When an agent signs on e-app, if there are applications that he/she has completed and saved,

E-app Download & Agent Workspace. Laptop Presentation Training When an agent signs on e-app, if there are applications that he/she has completed and saved,
Residential Realty / QR Code Manager. Overview The purpose of these sales webinars are to: Utilize Mobile to Build New Clients Outline Targeted Industries.

Residential Realty / QR Code Manager. Overview The purpose of these sales webinars are to: Utilize Mobile to Build New Clients Outline Targeted Industries.
» Jun 9, 2003 Speaker Verification Secure AND Efficient, Deployments in Finance and Banking Jonathan Moav Director of Marketing

» Jun 9, 2003 Speaker Verification Secure AND Efficient, Deployments in Finance and Banking Jonathan Moav Director of Marketing
FriendFinder Location-aware social networking on mobile phones.

FriendFinder Location-aware social networking on mobile phones.

Similar presentations

Ads by Google