Download presentation
Presentation is loading. Please wait.
Published byAnnice Hunter Modified over 9 years ago
1
Jaana Porra, M.Sc., MBA, Ph.D. 280G MH, 713 743 45 83 Electronic Commerce in Practice -- Bank of America Lecture 13
2
Case 1 Segev, Porra, Roldan, 1998 Bank of America : Replacing the Corporate Network with the Internet for Critical Business Transactions -- What Happens to Security?
3
Bank of America (BofA) at the time the second largest banking company (assets more than $227 billion) in the United States and 36 other countries supported all major electronic payment options –FedWire –ACH (capable of FEDI) –SWIFT(capable of FEDI) –CHIPS
4
Financial Transactions and FEDI
5
FEDI transactions over the Internet The Pilot Project The purpose of the Pilot project was to test security, reliability and speed of exchanging FEDI transactions over the Internet under actual circumstances and with real transactions In 1994, BofA teamed up with the Lawrence Livermore National Laboratories to start the twelve month long Pilot At the BofA, the project organization included experts from the Global Payment Services, Interactive Banking unit, project management unit, telecommunications, information systems services unit, security and marketing. At the LLNL side the corresponding areas were represented in the Pilot Additionally SW/HW vendors and outside consultants were employed
6
The Technical System reviewing the available sw and hw options for the Internet security system integrating the chosen Privacy Enhanced Mail (PEM); Multi Purpose Internet Mail (MIME) and Sun workstation based solution with the existing BofA FEDI system (ECS) for encryption/decryption of the FEDI messages exchanged with LLNL over the Internet LLNL’s already had a PEM/MIME server. At their side the project was a part of improving the accounts payable system Designing and implementing the technical system consisted of:
7
Automated Data Flow with EDI EDI Translator Business Application
8
BofA Interim FEDI System (LLNL’s white paper: FEDI Pilot Project, 5/1/96)
9
Proposed Full-Scale Production System for BofA FEDI Services (Based on the LLNL white paper: FEDI Pilot Project, 5/1/96)
10
Diagram of the FEDI transaction exchange process (Based on the LLNL white paper: FEDI Pilot Project, 5/1/96)
11
The FEDI -Management System In addition to the technical security system, transactions were carefully monitored by the key participants in both organizations using –automatically generated email messages –telephones –faxes –beepers –paper reports –weekly meetings for solving recurring problems Throughout the project the security of the network was additionally monitored using standard security procedures of both organizations. The groups managing the firewalls of each organization conducted their own independent tests
12
Results of the first phase During the seven months of the Pilot project all payments were received by the vendor banks within two days of the generation of the payment instructions No messages were lost No evidence of tampering with the transactions was discovered
13
Problem Summary
14
Second Phase of the Pilot After seven months, the maximum dollar amount for a single payment was increased from $10.000 to $100.000/vendor/day LLNL expanded the use of the system to provide travel and entertainment reimbursements to its employees volume testing with files consisting up to 1,000 transactions was conducted the speed and reliability of the system remained high delays were mostly caused by the FEDI systems not by the network
15
Volume Testing Results
16
Volume Testing
18
Summary of Problems 49% of the problems encountered during the project stemmed from the systems being down or off line Other problems included –transaction delivery problems (duplicate, delayed or lost transactions) (24%) –Application, operating system incompatibilities (17%) –message delivery problems (5%) –decryption problems (5%) Error rate per month varied from 5% to 50%
19
The Future The Pilot project served as a proof of concept The production system is being designed based on the Pilot with heightened security, reliability and speed sensitivity The project prompted a network security processes reevaluation at BofA Organizational changes have taken place and are planned for Open issues include Internet based information systems security management of which one central area is encryption key management
20
Have a Great Summer! © 2000 Jaana Porra University of Houston
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.