IT Book PDF
IT Book PDF
IT Book PDF
Learning Outcome By the end of this chapter you should be able to:
■ Define a Computer
Introduction Computers are everywhere and are used in almost every aspect of
human lives. There are many different types of computers, ranging
from small systems integrated into toaster ovens to guidance systems
on satellites. However, perhaps the most common image associated
with computers is the PC, or Personal Computer.
■ Mass storage devices: Allows a computer to permanently retain large amounts of data.
Common mass storage devices include disk drives and tape drives.
■ Input devices: Usually a keyboard and mouse, the input device is the conduit through
which data and instructions enter a computer.
■ Output devices: A display screen, printer, or other devices that allow the user to see
what the computer has accomplished.
■ Central processing unit (CPU): The heart of the computer, this is the component that
actually executes instructions.
In addition to these components, many other supporting components make it possible for
the basic components to work together efficiently. For example, every computer requires a
bus (set of wires) that transmits data from one part of the computer to another.
Computers can be generally classified by size and power as follows, though there is
considerable overlap:
times more capable than the early machines, and occupy a fraction of the space. Simple
Interactive devices of all sorts contain their own computers. Cellular telephones, GPS units,
portable organizers, ATM machines, gas pumps, and millions of other devices all make use
of computers to streamline their operations, and to offer features which would be
impossible without a computer.
Computer Software The term "software" is a generic term, which is used to describe a group
of computer programs, procedures and documentation, which
perform some task on a computer system. Software is an ordered
sequence of instructions given for changing the state of the computer
hardware in a certain predefined sequence. Software also refers to
one or more computer programs and data held in the storage of the
computer. Software may be divided into two categories: Application
software and System software.
What is System System software is computer software that is designed to operate the
Software? computer hardware and to provide and maintain a
platform for running the application software. One of the most
important and widely used system software is the computer operating
systems by which parts of a computer are able to work together. This
system software performs tasks such as transferring data between
memory and disks or rendering the output onto the display device.
Operating Systems Operating system is the most important (system) program that runs on a
computer. Every general-purpose computer must have an operating
system to run other programs. All the computers that we use need an
operating system. It may be a large mainframe computer running
UNIX, a desktop PC running Windows XP, or a handheld computer
running Palm
OS. All these systems need an operating system to make sure all the
programs run smoothly. Operating systems perform basic tasks, such
as recognizing input from the keyboard, sending output to the display
screen, keeping track of files and directories on the disk, and
controlling peripheral devices such as disk drives and printers.
For large systems, the operating system has even greater
responsibilities and powers. It is like a traffic controller - making sure
that different programs and users running at the same time do not
collide with each other. The operating system is also responsible for
security, ensuring that unauthorized users do not access the system.
Functions of the Functions and services provided by operating systems are numerous. It is
Operating System difficult to present an exhaustive list of OS functions. However, most
operating systems perform the following important functions:
Frequently, however, data must be sent beyond the local circuitry that
constitutes a computer. In many cases, the distances involved may be
enormous. Unfortunately, as the distance between the source of a message
and its destination increases, accurate transmission becomes increasingly
difficult. This results from the electrical distortion of signals traveling
through long conductors, and from noise added to the signal as it
propagates through a transmission medium. Although some precautions
must be taken for data exchange within a computer, the biggest problems
occur when data is transferred to devices outside the computer's circuitry. In
this case, distortion and noise can become so severe that information is lost.
/ ------------
Noise
I
Transmitter: This device transmits the data generated by the source device.
Usually, the data generated by a source system are not transmitted directly
in the form in which the data were generated. Rather, a transmitter
transforms and encodes the data in such a way that data can be
transmitted across a transmission. A modem is an example
Transmission media (Channel): This is the path the data follows to reach
the destination device. This can be a single transmission line or a complex
network connecting source and destination devices. Can be wired or
wireless, depending on the situation.
Receiver: The receiver accepts the signals from the transmission system and
converts it into a form that can be handled by the destination device. For
example, a modem will accept analog signals from the transmission line
(telephone network) and will convert it into a digital bit stream so that a
device such as a computer can handle it.
Destination: This device takes the incoming signals from the receiver and
presents them to a user or consumes them in any other useful manner.
Noise: Noise is the unwanted signal in the transmission that may cause the
original message to distort and become unreadable. Therefore, it is
important to filter the noise with improved channel construction and other
techniques, including the use of filters.
Data Network The benefits networking offers to its users can be separated into two main
Benefits groups, i.e. sharing and connectivity. Networks make computers
and their users capable of being connected together. This facilitates sharing
of resources and information between the users. Modern businesses have
expanded to become worldwide, and so the uses and significance of
networking have gained momentum over the last few years. The many
benefits that networking offers are:
11
Information Technology in Financial Services | Reference Book 2
Sharing software: Users connected to a network may run application
programs on remote computers.
*
Improved security: Collection of data and software resources in a
central location enhances security. Security and data protection
policies can be implemented more effectively and at less cost and
using fewer resources.
Wired technologies Twisted pair wire is the most widely used medium for
telecommunication. Twisted-pair cabling consist of copper wires that
are twisted into pairs. Ordinary telephone wires consist of two
insulated copper wires twisted into pairs. Computer networking
cabling consist of 4 pairs of copper cabling that can be utilized for
both voice and data transmission. The use of two wires twisted
together helps to reduce crosstalk and electromagnetic induction. The
transmission speed ranges from 2 million bits per second to 100
million bits per second. Twisted pair cabling comes in two forms
which are Unshielded Twisted Pair (UTP) and Shielded Twisted Pair
(STP) which are rated in categories and which are manufactured in
different increments for various scenarios.
Data In its simplest form, data communication takes place between two
Cocnm unication devices that are directly connected by some form of point-to-point
Networks transmission medium. Often, however, it is impractical for two devices
to be directly, point-to-point connected because of the following
reasons:
13
Information Technology in Financial Services | Reference Book 2
WAN consists of a number of interconnected switching devices, which
route data from a source device to a destination device.
Stated simply, wide area networks are the set of connecting links
between different local area networks geographically spread over
many countries and continents. These links are made over telephone
lines leased from various telephone companies. Wide area networks
can also be created with satellite links, packet radio or microwave
transceivers but these options are generally far more expensive than
leased telephone lines, although they can be used in areas where
leased lines are not available.
The speed offered by wide area networks is much slower than the
slowest local area networks. This makes the sharing of resources over
a wide area network difficult. Generally, wide area networks are used
for exchange of short messages such as e-mail or html traffic.
IT Systems Overview
In this Part
Evolution of IT Systems in Banks
Desktop Systems
Communication Systems
MIS Applications
VeriSys
Fraud/Risk Monitoring
Learning Outcome By the end of this chapter you should be able to:
■ List the popular banking packages and software being used
■ Explain the concept of IBFT and list the names of banks using IBFT
■ List the names of networks available in Pakistan for inter bank
operations
■ List the networks that link local banks with International financial
networks
17
Information Technology in Financial Services | Reference Book 2
Define the concept of management information system as
applied in banks
■ Budget constraints
Provider
鼸.
1
_ー 圖瞧 TEMENOS T24
1
Temenos Group
.-' . . . . . . " ' . . .
CSB
BankFusion Universal Banking
Misys
..1
Misys Equation Misys Midas Plus i-i
Natech
Misys
叙.
Misys
Finacle Infosys
TCSBaNCS
Tata Consultancy Services (TCS)
ゾ'
Corebank
SAP Banking Services SAP AG
While there are many popular banking packages and software being
used by banks in Pakistan and around the world (some mentioned
above), here we focus on TMENOS T24, a popular banking system
and look at some of its features and capabilities. Other banking
systems have near about similar core functionalities.
M
Dc~<ing sector
T24 is based on established industry standards as promoted by
T24 Technology independent bodies and not on the particular interpretation of these
standards by specific vendors. T24 is provided in C or Java. T24 runs
on:
_ Open hardware
■ Open database
T24 also supports the full Microsoft stack and can support any size of
financial organization from the smallest to the largest. T24 achieves
its high scalability feature through an efficient and scalable
architecture based on multiple TEMENOS T24 servers. This means that
as volumes expand further, servers can easily be added improving
performance and also improving availability. T24 is claimed (by
TEMENOS) to be the world's only true 24 by 7 banking system. It
eliminates the need for traditional end of day processing, enabling
users and customers full access to the system at all times.
Retail Banking
■ CRM
■ Cash transactions
■ Payments
■ Credit
■ Deposits etc.
■ Payments
■ Cash management
■ Trade finance
■ Internet banking
Treasury Operations
■ FOREX
■ Money market
■ Futures and
■ ARC Call Centre - In the call centre ARC has an open architecture
which enables the single customer view to be combined with
third party interactive voice response (IVR) and computer
telephony integration (CTI) technologies.
麵 banking sector 22
■ ARC CRM - ARC provides fully integrated support for identifying
opportunities and managing prospects, by combining a
combination of operational and analytical CRM with marketing
campaign management capabilities.
Designed for the Islamic banking sector, 'T24 for Islamic banking' is
both Sharia-compliant and commercially flexible enabling banks to
offer a competitive range of Islamic financial products.
Banks using T24 for Islamic banking benefit from adopting one core
system to cover all aspects of conventional and Islamic banking. This
ensures that a bank can maintain a tight control over its operational
costs and can remain focused on serving its customers in the most
appropriate and effective manner.
■ Murabaha
■ Musharaka
■ Ijara
■ Bei Salam
■ Istisnaa
■ Wakala
■ Cut and paste: Allows to remove (cut) a section of text from one
place in a document and insert (paste) it somewhere else.
_ Page size and margins: Allows to define various page sizes and
margins and the word processor will automatically readjust the
text
23
Information Technology in Financial Services | Reference Book 2
so that it fits.
Word processors that support only these features (and maybe a few
others) are called text editors.
27
Information Technology in Financial Services | Reference Book 2
■ Spell checker: A utility that allows checking of the spelling. It will
highlight any words that it does not recognize.
Spread sheets The invention of electronic spreadsheets along with word processing
software and databases unquestionably was a major factor in
convincing people of the worth of microcomputers in the early years
of personal computers. Since that time, the constantly increasing
versatility and wider applications of spreadsheet software have made
it into a product that seems almost indispensable to business and
personal users. Spreadsheets are now a standard part of office suite
packages.
2. Automatic Calculations
Spreadsheet software gives the ability to enter mathematical formulas ranging from
simple arithmetic to complex statistics. This is done in a simple and intuitive
manner.
3. Dynamic Updates
In addition to the standard method of entering data in a spreadsheet
i. e typing numbers in cells, users can also create a cell with a value generated
dynamically based on other cells. Because the value displayed in the cell is based
on the values in other cells, the cell dynamically updates when user change any of
the referenced cells. This allows testing different scenarios by changing the cell
values.
4. Data Sorting
Spreadsheets come with a function that allows the user to re-group the data based
on a single column of information. For example if user wants to see all the
information sorted by annua! sales revenue (in a relevant column), then he can
initiate the sort function and the data is in the required format and ail of the
associated information stays intact as well.
5. Data Analysis
Spreadsheet software gives the ability to analyze data in ways other than simply
looking at grids and lines. Most spreadsheet software can automatically create
graphs and charts from data, giving different ways of comparing and analyzing
information. These visual representations can aiso be printed and emailed, or
exported into slide shows for presentations.
6. Warnings
Because of the complexity of how a spreadsheet works and the potential to
develop complicated and interrelated calculations, the potential for error increases
exponentially with the size of the spreadsheet. Audit controls are limited and often
what is possible in this area is under-utilized. All too often not enough planning
goes into the development of spreadsheets, particularly when designed for other
users. Because it is so easy to change values in the spreadsheet, easy mistakes
have unintended consequences.
29
Information Technology in Financial Services | Reference Book 2
Presentation Before computers were commonplace, presenters usually had an easel
software with posters or drawings to show any necessary graphics to the audience.
In some cases the speaker would have a slide projector with a
carousel of individual slides to show photographs on a screen.
■ Teachers often use presentations so that students have a concise set of notes to
copy from the board.
■ Students are also regularly asked to create presentations about a topic they have
been studying. They may be asked to show their presentations to the rest of the
class.
2. Method for inserting and manipulating graphic images, or animations with these
objects
3. Slide show system (Slide Show Engine) to display the designed slide content
_ AJIows displaying the presentation designed in a slide show system. View Slide
Feature)
_ font specifications - Allows to change and use different font "aces styles and
effects
■ Additional features for slide: footnotes, cross references, advanced navigation
system, headers, footers
二 -
Since then e-mail has established itself as one of the primary lines of
communication worldwide at personal and organizational levels. Email
access provides easy communication and responses that can be quickly
organized and filed away.
An e-mail message has always been nothing more than a simple text
message - a piece of text sent to a recipient. In the beginning and even
today, e-mail messages tend to be short pieces of text, although the
ability to add attachments now makes many messages quite long. Even
with attachments, however, e-mail messages continue to be text
messages.
To work with emails, some sort of e-mail client is needed. Many people
:se well-known, stand-alone clients like Microsoft Outlook or Outlook
Express. Some people subscribe to free e-mail services like Hotmail or
?ahoo and use an e-mail client that appears in a Web page. No matter
_ Allows to select a message header and read the body of the e-mail
message.
Sophisticated e-mail clients may have all sorts of features, but at the
core, this is all that an e-mail client does.
34
Information Technology in Financial Services | Reference Book 2
anywhere, anytime and through a multitude of devices - computers,
laptops, palmtops and even cell phones.
Email security
The best way to secure email messages is to use the PGP (Pretty Good
Privacy) technology. However, most people are unaware of it. Pretty
Good Privacy (PGP) is a popular program used to encrypt and decrypt
e*mail over the Internet. It can also be used to send an encrypted digital
signature that lets the receiver verify the sender's identity and know that
the message was not changed en route. Available both as freeware and
:n a low-cost commercial version, PGP is the most widely used privacy-
ensuring program by individuals and is also used by many cocporations.
Developed by Philip R. Zimmermann in 1991, PGP has become a de
facto standard for e-mail security. PGP can also be used to encrypt files
being stored so that they are unreadable by other users or intnjders.
il creates more
work
___ tntrast to the popular notion, according to few, email actually creates
~we work. The ease of sending and receiving email has transformed
businesses throughout the world and some claim that the stress levels
~cve increased as reaction times have decreased.
The initial idea that telephony returns to is the POTS (plain old
telephone system), technically called the PSTN (public-switched
telephone network). This system is being fiercely challenged by and to a
great extent yielding to Voice over IP (VoIP) technology.
The first step in using VoIP is converting voice into digital data. This is
done by 'sampling' the voice i.e. dividing the analog sound signal into
discrete steps that can be assigned a number value. Once the voice is
digitized, the data can be compressed.
VoIP has many advantages over a regular phone service. However, like
any emerging technology there are stil! a few issues to resolve in the
system. As standards are being developed it is becoming more reliable
and moving towards greater acceptability. It is inevitable that VoIP will
eventually replace traditional phone service - in fact, phone companies
are already taking advantage of the technology to offer cheaper long
distance rates.
Advantages
Low cost - One of the main advantages of VoIP is its low cost. If a fast
Internet connection (DSL or cable) is available, PC-to-PC phone calls can
be made anywhere in the world for free. In case of a PC-to-phone
connection, there's usually a charge but probably much cheaper than
the regular phone service.
Features - There are many other features that make VoIP attractive. Call
•wwarding, call waiting, voicemail, caller ID and three-way calling are
5ome of the many services included with Internet telephone at no extra
charge.
Disadvantages
Heeds Electric Power - During power-off durations a regular phone is
«.£pt in service by the current supplied through the phone line. This is
not :*:ssible with Internet phones, so when the power goes out, there is
no phone service. One solution to this problem is to use battery
backups power generators to provide electricity. This shortcoming is
being iOGressed in other more technical ways also.
Soand Quality And Reliability - Some VoIP services have problems with
sojrxi quality and reliability. Data sent across the Internet usually arrives
i' *-; destination in a scrambled order. This is not a problem for e-mail
or icc^ments because the data can be reassembled in the correct order
':t has all arrived.
lace data can also arrive in a scrambled order but this is more of a
.こc«en because of the rea卜time nature of VoIP. In order to make voice
anrecSons with the least amount of delay, some packets may have to be
dropped if they don't arrive in time. This can cause short periods of
silence in the audio stream.
The amount of data that is lost depends on the distance and speed
of the connection. Some networks receive a lot of traffic and are
more likely to cause dropouts in the audio stream. Creating dedicated
VoIP Security There are number of security issues associated with VoIP. Eavesdropping
is a concern with both PSTN (Public Switched Telephone Network)
and VoIP calls, but there are also other concerns that are unique to
VoIP technology.
Since VoIP data is travelling through the Internet the same as any
other kind of data, it is vulnerable to the same kind of attacks and
threats. There are many software tools available to hackers who wish
to retrieve information that is being transmitted over the Internet and
these tools are just as effective with voice data as with any other kind
of data.
While this may not be a concern with social calls, it is a big concern
for businesses that may routinely use telephone communication for
discussing sensitive business information. Due to the increasing
popularity of VoIP, security is a big concern and is receiving a lot of
attention.
There are a number of points in the transmission of a VoIP call that a lacker can
retrieve information from. As well as retrieving actual :)nversations, hackers could also
get information like user identities and
• olP phone numbers. With this information, a hacker can make phone calls with
someone else's identity.
attackers could also record phone calls to listen to conversations and :'ossibly even to
restructure voice data to create conversations that never actually existed.
iji-other security threat is the possibility of sending viruses with VoIP data. Vmses
could potentially overload VoIP networks causing delays and "eduction in sound
quality.
*: !P is not invulnerable to spam either. In fact, there is already a name for t 一 SPIT -
Spam over Internet Telephony. This refers to receiving JTAanted marketing calls from
companies trying to sell services or
products.
Tf»e first is with encryption that provides the same kind of security as •■~en sending
credit card information over a secure data connection. The is to separate VoIP data
from other Internet traffic by using a nmja.1 Local Area Network (VLAN). Both of these
methods can adversely af%ct call quality, but could be used optionally if the calls are
sensitive.
the individual consumer, VoIP security is mostly a matter of ife*enting others from
eavesdropping on conversations. Some VoIP device providers offer voice security
through the means of encryption or :e:arate data routes. Regular precautions for
transferring files always Teed to be followed. Any data or program that is downloaded
should be r*ec«:?d for viruses, and a firewall should be in place for protecting the
cnmputer from the Internet.
-erdware VoIP devices are more vulnerable to attacks. Some types of ぞ:u:Ti.ent can be
rendered unstable or don't even work if they receive types of data. Some Internet
phones are also susceptible to data Jim revealing private information under specific
conditions.
TtoF s undergoing a constant evolution. VoIP products and users are on rise. Major
computer corporations such as Yahoo, Google, Microsoft, _S\ and AOL are
consistently adding VoIP capabilities to their lists of aincrs Now, most Instant
Messaging tools utilize some form of VoIP. Kec Wuild Dial Up and Skype still lead the
path into the VoIP future.
Video conferencing allows people from all over the world to meet together for social
or business reasons without having to travel to another place. It saves time and cost.
Company employees are more productive in that they do not have to leave home or
spend time traveling; businesses and organizations are efficient and cost effective as
video conferencing saves a company money, and meetings can be almost
instantaneous in planning and prep if necessary, as the technology is easy to use once
set up.
There are three types of video conferencing, one person using a computer, small
group based or large group and boardroom based. Each demands different
equipment. The one-on-one video conference uses a personal computer and a
webcam. The small and large room dedicated systems use more equipment, a high
quality video camera, microphones, monitors and an appropriate provider that gives
proper decompression and transmission of digital signals for the audio and video. The
cost is minimum to expensive depending on the system deployed.
The VC uses are virtually unlimited. Every field and profession potentially could use
video conferencing. Lawyers, doctors, welfare agencies, utility companies, banks,
professors and teachers, TV stations, the military and government all have used video
conferencing one way or the other. Technology is rapidly advancing, and costs are
expected to come down even more, making the use even more widespread. Video
conferencing eliminates the need for personnel to travel for meetings or training
purposes. Flying to away destinations and boarding at hotels is eliminated thus saving
both expense and travel money as well as reducing the company's carbon footprint.
There are many vendors and resources available for videoconferencing. Therefore,
businesses should make their decisions carefully and should ask vendors specific
questions to ensure they can meet the needs of the people and organization. Ask
about call reliability, quality of the audio/video, ease of use and how the system will
integrate with the existing software, technology and about future expansion and
support Also ask vendors for references to learn about specific experiences as well as
the pros and cons of using such technology from the people who have experienced
the vendor and technology.
Historically, video conferencing systems used ISDN connections based on the H.320
standards. H.320 is a suite of protocols for running Multimedia '我udio/Video/Data)
over ISDN based networks specifying technical requirements for narrow-band visual
telephone systems and terminal equipment, typically for videoconferencing and
videophone services.
:
'SON have the following advantages:
■ available world-wide
For video conferencing within a company, using the corporate IP data network that
connects the computers together makes a good alternative aod this often connects
the company offices globally. Video conferencing IP networks using H.323 (designed
with focus on requirements for ~ultimedia communication over IP networks) has
some great advantages:
■ company-wide availability
■ low cost
Once the problems of getting a transmission path to the far end have
been sorted out there remains the issue of compatibility between
conferencing terminals. ISDN terminals using H.320 and IP terminals
using H.323 will usually get a connection with sound and vision,
though not always at the highest quality possible if the terminals are
from different vendors.
Groupware As the corporate workforce continues to expand beyond local and even
national boundaries, the need for more effective collaboration
becomes critical. In order to stay competitive, corporations need to
have access to talent everywhere without the restrictions
of'geographical boundaries. As global workgroups become more of a
reality, corporations need a way to stay connected. This is where the
use of groupware becomes a necessity.
'"ttnef experts divide groupware into two categories related to time and '*<■: :ner
categories related to place. When employees are using an aK'iication at the same time,
it is synchronous groupware; workers using tie same application at different times,
however, are using asynchronous TOipAare. The place-related categories are collocated,
groupware that
While the groupware categorization (above) may not be either the only or universally
accepted it still serves to organize groupware for better understanding.
Businesses use groupware for a variety of reasons. One primary reason is to bypass the
traditional problem of having employees in different places that need to work on the
same application. By logging in to a network or intranet server, employees in different
places can access the same application and benefit from the various perspectives and
opinions of others. This functionality is a primary aspect of telecommuting. If the
employee can log in to the company server from anywhere, then he doesn't need to be
in the office in order to access certain groupware.
Telecommuting can save on travel costs for both companies and employees. It can also
enable real-time communication when it would otherwise be impossible. This
communication can foster a greater understanding of the targets and goals of a
business's projects, through group discussion of each step along the way to achieving
those targets and goals.
Another use for groupware is group problem-solving. Many times, some employees see
things differently from other employees. If they are all working within the same
application framework, they can solve problems collectively, saving the company time
and money. Without groupware, such real-time cooperation would not be possible.
Instant Messaging Instant messaging (IM) is a form of communication between two or more
people based on typed text. The text is delivered via computers connected over a
network such as the Internet.
Instant messaging services owe many ideas to an older and still popular online chat
medium named Internet Relay Chat (IRC). In early instant messaging programs, each
letter appeared when it was typed, and when letters were deleted to correct typos this
was also seen in real time. This made it more like a telephone conversation than
exchanging letters. _ modern instant messaging programs, the other party in the
conversatioa generally only sees each line of text either after a new line has started or
the sender presses the send/enter key.
ae>'ond simple text-based instant messages, most IM software now allow ears to share
files and photos, broadcast their thoughts to friends rr: jgh voice and video chat and
even battle buddies with online IM
games!
• Some of the instant messaging softwares have the option of making free calls to
any contact that is present in the list. These free calls are =/ailable only when both
the parties are online. This is because the ::ner person has to receive the call when
being called.
• Parallel chats i.e. one user can chat with many people at the same •说 Privacy is thus
maintained between separate IM sessions. Also :*>ere is an option for group chats.
This enables the user to send the 三3"^e message to all the persons in the group
at the same time. With ms. the user does not have to type the message again and
again.
_ In many cases, a user can customize the appearance of their IM :.rogram through
animations, scenes, and sounds that are widely ?»= able. Some programs even
allow users to share digital :rotographs and images within the conversation
window.
advantages IM can bring to the workplace
Skeptics of IM who say that people will abuse it by talking to each other all the time
should realize that this can easily happen on the phone, via email also.
The bottom line is that IM offers business value - with unified communication, direct
contact, improved collaboration and cost savings. It is a fast way to get co-workers
attention, rapidly resolve issues/questions and save on phone costs. IM is especially
useful for remote workers where building a community is essential in helping
employees to be more effective.
Safety precautions
As with other Internet communication tools, there are some protective steps that users
should follow. Accepting downloads or opening unknown files via instant message can
be dangerous, particularly if the source off the file or download is not someone that
the users knows outside of the Internet realm. Frequently updating security software is
a must to remain completely protected against these viruses. The most updated version
of an online instant messaging program can give added protection as welL Utilizing
anti spyware may also be helpful.
Transaction Processing Systems
1
transaction processing system is a type of information system. TPSs
ニニ*led, store, modify and retrieve the transactions of an organization.
A Iraosaction is an event that generates or modifies data that is
eventually >cOced in an information system. To be considered a
transaction :rxessing system the computer must pass the ACID test.
ACID (atomicity, ::_"sistency, isolation, durability) is a set of properties
that guarantee that ransactions are processed reliably. A single logical
operation on the data s alied a transaction. For example, a transfer of
funds from one bank acaxint to another, even though that might
involve multiple changes 'sodi as debiting one account and crediting
another), is a single uansaction.
-ve
essence of a transaction program is that it manages data that
must be er m a consistent state, e.g. if an electronic payment is
made, the a~cunt must be both withdrawn from one account and
added to the icr»er.: it cannot complete only one of the two steps.
Either both must :c:jr or neither. In case of a failure preventing
transaction completion, tie partially executed transaction must be
'rolled back' by the TPS. While tns rype of integrity must be provided
also for batch transaction irxessing, it is particularly important for
online processing.
■apwd Processing
He iap*d processing of transactions is vital to the success of any
.srae-:丨「i? - now more than ever, in the face of advancing technology
and demand for immediate action. TPS systems are designed to
transactions virtually instantly to ensure that customer data is anaiacic
to the processes that require it.
Standardization
Transactions must be processed in the same way each time to
maximize efficiency. To ensure this, TPS interfaces are designed to
acquire identical data for each transaction, regardless of the
customer.
Controlled Access
Since TPS systems can be such a powerful business tool, access
must restricted to only those employees who require their use.
Restricts access to the system ensures that employees who lack the
skills, abili and authority to use them cannot influence the
transaction process.
Multi-Currency Operations
With the global nature of businesses and organizations these days it
necessary that banks offer facilities of carrying out variety of
transacti in different world currencies. The same requirement must
be fulfilled ■ the banking package used.
Other features that core banking systems must offer are onli
Core banking Core Banking is normally defined as the business conducted by a banf
• institution with its retail and small business customers. Many
banks tr the retail customers as their core banking customers and
have a sepa line of business to manage small businesses. Larger
businesses managed via the corporate banking division of the
institution, banking basically is depositing and lending of money.
Core banking solutions is relatively a new terminology frequently used in banking circles.
The advancement in technology, especially Internet and information technology has led
to new ways of doing business in banking. These technologies have cut down time,
working simultaneously on different issues and increasing efficiency. The platform where
communication technology and information technology are merged to suit core needs
of banking is known as core banking solutions. Here, computer software is developed to
perform core operations of banking like recording of transactions, passbook
maintenance, interest calculations on loans and deposits, customer records, balance of
payments and withdrawals. This software is installed at different branches of bank and
then interconnected by means of communication lines like telephones, satellite, internet
etc. It allows the user (customers) to operate accounts from any branch if it has installed
core banking solutions. This new platform has changed the way banks are working.
Gartner defines a core banking system as a back-end system that processes daily
banking transactions and posts updates to accounts and other financial records. Core
banking systems typically include deposit, loan and credit-processing capabilities, with
interfaces to general ledger systems and reporting tools. Features of a core banking
system include:
■ User Configurable Trial Balance and P & L Account with multiple formats.
■ Connectivity Interfaces for pigmy Terminals, ATM IVRS, Touch Screens is built-in.
■ Clearance of Outward Clearing Cheques based on Fate Dalay and Branch weekly off.
to
Settleme B's
Credit A/C
transfer nt
positions
SWIFT has become the industry standard for syntax in financial mess
Messages formatted to SWIFT standards can be read by, and
processed I many well known financial processing systems.
SWIFT does not facilitate funds transfer, rather, it sends payment ord
which must be settled via correspondent accounts that the institi
have with each other. Each financial institution, to exchange bar
transactions, must have a banking relationship by either being a
affiliating itself with one (or more) so as to enjoy those particular bus
features.
1LINK
The synergy of financial institutions working together for a common goal has steadily
increased the strength and services of 1LINK (Guarantee) Limited. Over the years 1LINK has
become a widely acknowledged brand with an increasing number of members, serving as
a catalyst for the development of e-Banking in the country.
The network is continuously expanding as more member banks are engaged in the
deployments of ATMs. 1LINK Shared ATM network provides round-the-clock access of
ATMs and wide range of products and services to member banks customers. The number
of banks connected to the network has grown from twelve in 2003 to twenty-two in 2006
and more than thirty in 2010.
The State Bank of Pakistan has mandated that all commercial banks in Pakistan, both
foreign and domestic become members of one or the other switch. Additionally, the two
switches have been interconnected since 2006, which means that a consumer holding an
ATM or debit card issued by any bank in Pakistan may use any ATM located throughout
the country
In June 2011 PTCL and 1 Link entered into an agreement under which PTCL will offer 1Link
with a bouquet of its services. These services offer secure, reliable and integrated end to
end connectivity solutions to cater 1 LINK'S requirements. As a result of this arrangement,
the services and service quality of 1Link is expected to enhance.
Card Processing Systems
VISA'S VisaNET
MasterCard、Worldwide Network
sn banking sector 54
customers who complain about products and services continue
utili the same services and buying products they have complained
about they believe their complaint was resolved fairly.
In the past, business computers were mostly used for relatively simple
operations such as tracking sales or payroll data, often without mudi
detail. Over time, these applications became more complex and began
to store increasing amount of information while also interlinking with
previously separate information systems. As more and more data was
stored and linked applications were created to analyze this data into
further detail, creating entire management reports from the raw,
stored data. The term "MIS" was created to describe these kinds of
applications, which were developed to provide managers with
information afKMH| finance, sales, inventories, and other data that
would help in manac the enterprise. Today, the term is used broadly in
a number of conte and includes (but is not limited to): decision
support systems, resc and people management applications, Enterprise
Resource Planr (ERP), Supply Chain Management (SCM) and Customer
Relatior Management (CRM) etc.
Banks face several risks such as the liquidity risk, interest rate risk,
credit risk and operational risk. Asset Liability management (ALM) is a
strategic management tool to manage interest rate risk and liquidity
risk faced by banks, other financial services companies and
corporations.
These days banks are effectively using ALM systems for keeping track
of the assets vs liability situation. ALM is also a type of management
information system (MIS) that takes the input from other information
systems like the transaction processing systems. The use of ALM
systems enables banks to generate relevant reports timely, accurately
and consistently. Compliance with Government regulations as well as
auditing requirements is also made convenient because the data and
records are accurate and provide a permanent historical map of
transactions that can be verified.
麵 banking sector 58
having and acting upon deeper knowledge about the customer,
such how to find the customer, get to know the customer, keep in
touch the customer, ensure that the customer gets what he wishes
from se provider and understand when they are not satisfied and
might leave service provider (the bank). Huge growth of customer
relatio management is predicted in the banking sector in coming
years.[— are aiming to increase customer profitability with effective
cust retention. It is a sound business strategy to identify the bank's
profitable customers and prospects, and devote time and attention
expanding account relationships with those customers thr
individualized marketing, pricing and discretionary decision making.
During the decade there has been a shift from bank centric a ""
customer centric activities. The private sector banks deploy i
strategies to attract new customers and to retain existing customers.
CRM in banking sector is still in evolutionary stage. The use of CRM
in banking has gained importance with the aggressive strategies for
customer acquisition and retention being employed by the bank in
today's competitive milieu. This has resulted in the adoption of
Resource ERP is one of the most widely implemented business software systems in
Planning a wide variety of industries and organizations. ERP is the acronym of
Enterprise Resource Planning. ERP is not only a software, it refers to both the ERP
software and business strategies that implement ERP systems.
1) resource planning
2) management control and
3) operational control.
麵 banking sector 60
a single enterprise-wide information system. The major benefits of ERP are
improved coordination across functional departments and increased efficiencies
of doing business. The implementations of ERP systems help to facilitate day-
to-day management as well as decision making for the achievement of long-
term objectives.
Today there are also web-based ERP systems. Companies prefer to deploy web-
based ERPs because it requires no client side installation and is cross-platform
and maintained centrally. As long as there is an Internet connection available, or
a network connection to a system installed on the LAN, web-based ERPs can be
accessed through ordinary web browsers. This also makes the ERPs availability
independent of the time and 丨 distance limitations.
ERP systems are very expensive to install. In addition to the upfront cost of the
software, extra expenses are required for purchasing the necessary equipment and
development of the supporting technical infrastructure, I consultancy, trainings
etc.
NADRA VERISYS facility is also available through SMS for the verification of
the particulars of any identity card holder. Through mobile SMS citizens
directly can authenticate the essentials of any person whom they are doing
business by simply SMSing the CNIC number (which is to be verified) on
the special number 7000, and in response, NADRA provides the details
associated to that CNIC (in Urdu fonts).
At the moment this service is available for Mobilink, Telenor and Warid
customers while Ufone and Zong are in process to get listed.
One may think that this is a privacy loop hole, however, as it does not
provide any contact details of the CNIC holder (address or phone number)
麵 banking sector 62
and only reveals the name and father's name - so it is acceptable ani helpful
in many ways.
Verisys and Banks The growing security concerns especially in the financial sector
demanding a nationwide network of foolproof authentication systems I
segregate genuine citizens' record from fakes and frauds. Keeping in the
scenario, NADRA established Verisys (and Biosys) to ensure safe : transparent
commercial activities.
Financial institution like banks, leasing companies and insurance ager etc
that have to validate their customers status have been using traditional
method of keeping the photocopy of customers NIC. But the introduction
of VERISYS, such organizations can easily establish customers' identities in
a hassle free manner.
The technology which was earlier available in the developed cc only is now
also available in Pakistan and is helping to elin ambiguity about the
borrowers, as verification system is aut updated and accessible to all banks.
This locally developed hie verification system provides a unique solution to
cater a wide users and administration to improve the current disbursement
thus eliminating chances of fraud. NADRA's newly developed identity
verification service, VERISYS would allow all the positively establish their
identities in a fast and cost efl
manner.
Subscribers will get details through cellular companies which collect data in
real time communication from NADRA Natic Warehouse. This is a secure data
transfer as service numbers are I as "Special Numbers".
63
Information Technology in Financial Services | Reference
Credit Assessment Systems
There is a wide range of strategies for measuring the credit worthiness of new
and existing customers in the banking industry, but many of them have
serious limitations. Outsourced strategies can lead to long development cycles
or high annual expenditures. Makeshift in-house scoring strategies often lack
the ability to access necessary data for accurate scoring, leaving credit
managers with no effective way to identify how much potential income or
loss rides on their decisions.
In recent times such decision making has become very complex due to the
involvement of hundreds of variables and huge volumes of data. The solution
is the use of Credit assessment systems. Credit assessment systems are
automated computer-based systems that help lending organizations make
decisions on whether to approve or disapprove credit application from credit
seekers. Credit assessment systems employ large databases and highly
powerful and statistically strong software to analyze the data to determine the
credit worthiness of potential borrowers.
Many off-the-shelf credit scoring systems are available to banks and financial
institutions. Many of these systems have reasonable customization provisions.
A good scoring system provides for risk reduction and makes the bank's offer
more attractive in an exceptionally demanding market of banking products.
Moreover, the scoring systems enable faster response to the market needs
and allow building a competitive advantage.
2. Credit application is entered into the system using defined screen forms
or imported in electronic form from available distribution channels
(email, web etc.);
Behavioral Scoring
CBS (Customer Behavioral Scoring) component provides a behavioral
scoring functionality: imports data, carries out verification, defines
aggregates based on the data from any number of accounts of a
given type and communicates with the scoring engine. The behavioral
scoring results are available for the purposes of the credit application
scoring carried out by APS component.
The revamped eClB has been operational since 2003. Existing eClB! has been
designed in line with best international credit sharing around the world. The
eClB database has now been capturing 4 million borrowers/ records of about
100 member financial ins
■ The new CIB system has been built on latest state of technology
which includes high capacity servers, security broader bandwidth,
point to point data encryption, web capturing software having ability
to capture the data from i level etc.
The improved capacity and scope of the CIB is expected to deliver the
following benefits:
The new-look CIB has made possible for banks to meet the credit needs of
the emerging sectors on sustainable basis by applying prudent and objective
analysis of borrowers/ credit profiles. This will also be a helpful to those
borrowers, who could not access bank lending because of lack of adequate
collaterals. The strengthened CIB also helps in further boosting the
supervisory capacities with greater access to more reliable and detailed
information. All in all, the reinvigorated CIB is expected to benefits all the
stakeholders' viz. financial institutions, borrowers and regulators to the
ultimate goal of sound financial system.
Fraud/Risk Monitoring
Buying an off-the-shelf system may not equip the bank with the most
effective technical paraphernalia or strategic methods to deal with
frauds. Selecting the right framework and a seamless integration of
bank systems with the fraud monitoring system is integral to
safeguard business and customer interests. Only a centralized
framework (and not a standalone module) can address fraud risks
associated with various business units and products and provide
insights to stakeholders to take preventive action at the right time.
This also eliminates uncertainty around losses due to fraud and helps
the management have a more focused strategy to address fraud-
related risks.
both offsite and real-time monitoring of frauds based on learning insights from historical fraud
instances and the current industry landscape
Centralized system for fraud monitoring and management of alerts across different systems and data
sources
Intelligent system along with designed case management to suit the needs of the bank, and thus,
prioritize on alerts and areas of greater risk alerts
Management oversight through real-time dashboard/MIS to track operational efficiency and monitor
fraud investigation findings
Make optimum use of the past and current transaction data and fraud database to make continuous
improvements in the dynamic market sphere
In Pakistan banks are required to hold current accounts with the State
Bank of Pakistan (SBP) which are primarily used to settle large value
inter-bank fund transfers between banks and to meet certain
statutory requirements. Every bank/financial institution that has an
account with SBP is issued with a paper cheque book which is used
to withdraw/transfer funds from its account. The paper cheques were
presented physically at SBP counters daily by banks' treasuries to
settle their payment obligations against other banks. These cheques
were then posted into SBP's banking system to debit the remitting
bank and credit the beneficiary bank usually by the end of day. Thus
the nature of settlements taking place at SBP in the legacy system
might be classified as end of day gross settlement system assuming
significant systemic importance due to the large value of payments
handled and the dependence of other payment systems in the
country on its smooth functioning. This system was prone to various
types of risks affecting the overall efficiency of the banking system
(like systemic risk, settlement risk, liquidity risk).
RTGS in Pakistan
■ Delivery vs. Payment (DvP), Delivery vs. Free (DvF) and Intra Day
Liquidity (ILF) transactions.
■ Investment Portfolio
■ Debt Portfolio
■ FX Transaction Portfolio
■ SOX Compliance
_ Funds Transfer
■ Accounts Reconciliation
■ Cash Forecasting
Summary
Over the years banks have extensively explore IT and has taken
advantage of its potential to the fullest. And now, banking operations
without information and technology support are unimaginable. To
remain competitive banks must continuously innovate and invest in
information technology. Banking packages consists of different
modules each related and catering to a basic function of banking. A
bank may select a suitable package out of the available solutions
while keeping following factors in mind: Ease of use by end-users,
Training requirements & cost, Alignment with business goals and
objectives, Budget constraints etc. TEMENOS T24 is the most
technically advanced banking system available today. T24 achieves its
high scalability feature through an efficient and scalable architecture
based on multiple TEMENOS T24 servers. This means that as volumes
expand, further servers can easily be added improving performance
and also improving availability. Desktop systems includes word
processors, spreadsheet software and presentation programs. Banks
also use variety of communication software and tools: electronic-
mail, VoIP communication, video conferencing, instant messages and
groupware. Banks also use Transaction processing systems. A
transaction processing system is a type of information system. TPSs
collect, store, modify, and retrieve the transactions of an organization.
In this Part
Internet
■ Define and discuss search engines and list their key features
■ Define online tools and explain and illustrate how they can Used
78
Information Technology in Financial Services i|
The Origins of the The Internet was the result of some visionary thinking by people in the
Internet early 1960s who saw great potential value in allowing
computers to connect and share information on research and
development in scientific and military fields. J.C.R. Licklider of MIT
(Massachusetts Institute of Technology, USA), first proposed a global
network of computers in 1962, and moved over to the Defense
Advanced Research Projects Agency (DARPA) in late 1962 to head the
work to develop it. Leonard Kleinrock developed the theory of packet
switching, which was to form the basis of Internet connections.
Lawrence Roberts connected a Massachusetts computer with a
California computer in 1965 over dial-up telephone lines. Roberts in
1966 developed his plan for ARPANET (Advanced Research Projects
Agency Network). These dreamers and many more are the real
founders of the Internet.
E-mail was adapted for ARPANET in 1972. The @ symbol was chosen
from the available symbols to link the username and address. The
Internet matured in the mid 1970's as a result of the TCP/IP
architecture which was developed throughout the 1970's.
While the number of sites on the Internet was small, it was fairly easy
to keep track of the resources of interest that were available, but as
more and more universities and organizations connected, the Internet
became harder and harder to track. There was more and more need
for tools to index the resources that were available.
The first effort to index the Internet was done in 1989, when Peter
Deutsch and his crew created an 'archiver' for sites, which they named
Archie. This software would periodically reach out to all known openly
available ftp sites, list their files and build a searchable index for the
user. This was naturally a great help.
to the Internet 78
As the Internet has become ubiquitous, faster, and progressively accessible to non-technical
user communities, social networking and collaborative services have grown rapidly;
enabling people to communicate and share interests in many more ways. Sites like
Facebook, Twitter, Linked-ln, YouTube, Flickr and many more allow people of all ages to
rapidly share their interests with others everywhere.
Flickr
Radi USENE 2004
Postal Service o T listserv flickr
Persia 550BC 1891 1979 Friendster NaP?ler
2002
Twitter
2006
tHrd^ice YQUQ
gjmyspace QI
Third tpbccfw Mends
i# I Email
1966
HHI
MU01 Blogger
1999 Delicious
A 1978 2003
Telephone •婪•眷
1890 Epinions
MoveOn u»m
1996 epinioons
Telegraph CompuServe 1999 Digg
France 1792 1969 2004
With the evolution of the Internet, it became harder and harder to
keep track of the websites and web pages. Anticipating that this
problem would only become worse as the network expanded,
researchers launched an effort to design a more distributed and easy
way of providing the information about the sites on the Internet. The
end result was the Domain Name System (DNS) which allowed
hundreds of thousands of "name servers" to maintain small portions
of a global database of information associating IP addresses with the
names of computers on the Internet.
Internet Uses Nowadays, the name //lnternet,/ has become so common that people
who are unaware of the Internet are considered naive and out of
touch with modern communications. Due to the speedy development
of technology and globalization, societies and communities are
becoming more and more unified and Internet users are continuously
growing.
These types of websites give rise to several matters that need to be considered, such as
certainty of the contract between the buyer and the seller, the enforceability of the
contract, security of payment, warranty and liability issues and delivery of goods or
services, etc.
Web pages can be either static or dynamic. "Static" means unchanged or constant, while
"dynamic" means changing or active. Therefore, static web pages contain the same pre-
built content each time the page is loaded, while the content of dynamic web pages can
be generated according to what is required for any particular (changing) situation.
Standard HTML pages are static web pages. They contain HTML (Hyper Text Markup
Language) code, which describes the organization and content of the web page. Each
time an HTML page is loaded, it looks the same. The only way the content of an HTML
page will change is if the web developer updates and uploads the new file.
Other types of web pages, such as PHP, ASP and JSP pages are dynamic web pages.
These pages contain a "server-side" code, which allows the server to generate unique
content each time the page is loaded. For example, the server may display the current
time and date on the web page. It may also output a unique response based on a web
form the user filled out (e.g. the user may be addressed by his/her name). Many dynamic
pages use a server-side code to access database information, which enables the page's
content to be generated from information stored in the database. Websites that generate
web pages from database information are often called database-driven websites.
It may be often obvious if a page is static or dynamic simply by looking at the page's file
extension in the URL (Uniform Resource Locator). If it is ".htm" or ".html," the page is
probably static. If the extension is ".php," ".asp," or ".jsp," the page is most likely dynamic.
While not all dynamic web pages contain dynamic content, most have at least some
content that is generated dynamically.
Internet's Impact The Internet and its myriad of applications, tools and technologies have
on Business been adopted quickly by most businesses since the mid-
1990s. The Internet has affected communication paradigms,
advertising methods, information access and dissemination
83
Information Technology in Financial Services | Reference
mechanisms, workforce mobility, business practices and operational
methods of businesses across domains and sectors.
Communication Capabilities
Use of Internet technologies and access options have expanded the
capabilities of laptops, desktops and workstations. Employees are able
to communicate with each other via e-mail, instant message
programs, office intranet, local area networks and wide area networks.
Fosters Collaboration
Internet communication technologies and networking software enable
employees to collaborate on projects across locations and
geographical boundaries.
Workforce Mobility
Wireless Internet options in notebooks, smartphones and other
mobile hand-held devices allow frequent travelers, busy business
executives and off-site employees to work anywhere, at any time,
without beiti® "chained" to a traditional office environment.
Real Estate
The increasing presence and realization of Internet possibilities
opportunities in the real estate business is creating a drive and willingness for change and
slowly adding pressure to transform the old ways of doing things. The increase in Internet
real estate advertising is influencing buying behaviors. Recent studies show that over 77
percent of real estate buyers begin their searches for properties on the Internet. Reputable
online real estate brokerage services are now available all over the world.
Stock Trading
Online stock trading began in the 1990s. Today the majority of stock trading is carried out via
the Internet. The commission for online trade is extremely low as compared to an average fee
of a full-service off-line traditional broker. With online trading there are no busy telephone
lines, and chances of errors are less as there is no human intervention resulting in confusions
and these translating into financial losses. Orders can be placed from anywhere and at any
time. All these factors have resulted in a totally changed stock trading industry.
Banking
Online banking in recent years has become a mainstream Internet activity. Online banking
includes various banking activities conducted via the Internet from home, office or on the
road rather than at a physical bank location. Consumers can use e-banking to check their
accounts, pay bills, secure loans, etc. Internet-based banking saves time and money for both
consumers and banks. This topic will be explored in more detail in a later part of the book.
Years ago, before the development of current technology, it was more customary for firms to
hide supply chains from customers and suppliers. As a result, companies moved at a much
slower pace and did business at a slower speed, probably because they had no choice.
The Internet in particular and technology as a whole have intensely impacted on the way
companies do business, the way supply chains operate and the way they interface with
customers and partners. The biggest impact technology has had on supply chains is to make
them less obscure. Because of the Internet, companies are now much more connected to the
other companies they do business with. It has become more convenient and helpful to use
technology to increase communications and interactions with other companies in ways that
can benefit an organization. For example, inventory control systems are commonly used to
track inventory levels and automatically send purchase orders, expected demand schedules
and past sales statistics to suppliers. This fact allows companies to make better and quicker
decisions and can translate to fewer risks. If a company sells less of a product than expected,
their system will identify this and automatically order less of that product so that inventory
does not accumulate and cause financial problems for the company. This also leads to
quicker, more convenient transactions, and eliminates the need to use physical cash.
As compared to the traditional and manual methods of the past, the Internet has also made
it easier for companies to manage clients,
M
resources, logistics and operations, to extend customer and partner
bases and introduce almost immediate reporting of performance
changes. This has increased the likelihood that a supply chain's
reliance on Internet technologies will not decrease in the foreseeable
future.
85
Information Technology in Financial Services | Reference
Internet Tools A tool is a device that can be used to produce an item or achieve a
ta but that is not consumed in the process. Informally the word is
also u to describe a procedure or process with a specific purpose.
The very first tool used for searching on the Internet was
"Archie"(19 as mentioned earlier. Archie did not index the contents
of websites si the amount of data at that time was so limited it
could be rea searched manually. In 1991, two new search
programs, "Veronica" a "Jughead" were introduced. One of the first
nfull text" crawler-ba search engines was WebCrawler, which came
Googi
i human s soceities « north geofgia
[Goo^e Seafch rm Fedmg Li
Search engines consist of 3 main parts. Search engine 'spiders' follow links on the web to
request pages that are either not yet indexed or have been updated since they were last
indexed. These pages are crawled and are added to the search engine index (also known
as the catalog). When the web is searched using a major search engine, a slightly
outdated index of content which roughly represents the real content of the web is
actually searched. The third part of a search engine is the search interface and relevancy
software.
When a user enters a query into a search engine (typically by using key words), the
engine examines its index and provides a listing of best-matching web pages according
to its criteria, usually with a short summary containing the document's title and
sometimes parts of the text. Unfortunately, there are currently no known public search
engines that allow documents to be searched by date. Most search engines support the
use of the Boolean operators AND, OR and NOT to further specify the search query. The
engine looks for the words or phrases exactly as entered. There is also concept-based
searching where the research involves using statistical analysis on pages containing the
words or phrases to search for. Essie is an example of a concept-based search engine.
The usefulness of a search engine depends on the relevance of the results it gives back.
While there may be millions of web pages that include a particular word or phrase, some
pages may be more relevant, popular, or authoritative than others. Most search engines
employ methods to rank the results to provide the "best" results first. How a search
engine decides which pages are the best matches, and what order the results should be
shown in, varies widely from one engine to another. The methods also change over time
as Internet usage changes and new techniques evolve.
Most electronic commerce is done over the Internet, but EC can also
be conducted on private networks, such as value-added networks
(VANs), on company's local area networks (LANs) using intranets or
on a single computerized machine. For example, buying a soft drink
from a vending machine and paying with a smart card can be
considered an EC activity.
Pure versus EC can take several forms depending on the degree of digitization of
Partial EC (1) the product or service sold/transacted (2) the process (e.g.
ordering, payment, fulfillment) and (3) the delivery method. The
framework shown below explains the possible configurations of these
dimensions. The product may be physical or digital, the process may
be physical or digital and similavlv the delivevv method mav be
physical ov digital. These alternatives create eight possibilities, each
with three dimensions. In traditional commerce, all three dimensions
are physical. In pure e-commerce, all dimensions are digital. AW other
possibiWt'ies 'mc、ude mix of digital and physical dimensions.
Partial Electronic Pure Electronic
Commerce Areas Commerce
Q_
pnpoJ
processes over electronic networks.
濯p: 丨;r; --V;:?';;" -
Digital Product
W Process
//
Traditional
,Digital Process
Physical Product Commerce
, / Physical Process
Physical Digital # Delivery Method
Agent Agent
Electronic Commerce E-commerce can be broken into four main categories: B2B, B2C, C2B,
Types and C2C. "
B2B (Business-to-Business)
B2B is considered one of the most attractive and extensively developing
e-commerce trends nowadays. Companies doing business with each
other, such as manufacturers selling to distributors and wholesalers
selling to retailers, are instances of B2B e-commerce. Pricing is based on
quantity of order and is often negotiable. The information technology
systems of partners often require compatibility and interconnection.
Hence initial investment is essential.
B2C (Business-to-Consumer)
Business to consumer is the most familiar type of e-commerce. This
mode丨 is used when the business is a supplier/seller and the consumer
is the purchaser, usually an individual end user. The most common set-
up for this type of e-commerce is for the business to sell items through
its website. Usually, these businesses offer a catalog and an online
shopping cart, and the business is able to accept payment through its
website, although through a transparent arrangement with a service
provider. The consumer then has immediate access to the service online,
or the product is shipped to them directly. Prices in this model are
generally fixed.
C2C (Consumer-to-Consumer)
There are many sites offering free classifieds, auctions and forums where
individuals can buy and sell thanks to online payment systems like PayPal
where people can send and receive money online with ease. eBay's auction
service is a great example of the e-business model where person-to-person
transactions have been taking place every day since 1995.
E-Commerce Technology nowadays continues to bring about more and more surprises
Benefits for everyone. As the improvements in Internet technology continue to radically
change the way businesses are made and done, e-commerce continues to shower its
benefits onto all its users. Some of the Internet benefits are:
90
Information Technology in Financial Services | Reference Book 2
■ A global market allows products to be sold all over the world.
Sellers have the potential to market their products or services
globally and are not limited by the physical location of a store.
E-Commerce Aside from the tremendous advantages of e-commerce, it also has its
Disadvantages faults and drawbacks. However, most of these shortcomings can be
overcome easily with the use of pertinent knowledge, relevant technology and
responsible behavior.
■ Legal issues can come into play buying things online. Since
the internet is a globe market place it's very hard to regulate
across a country's physical borders.
■ Online scams are still a very reai threat even though they have
been on the decline over the last few years. These scams can
sometimes be very hard to detect and make people scared of
buying online.
M
Introduction to the Internet
Social Media Social media are media for social interaction, using highly accessible and
scalable communication techniques. Social media is the use of web-based and mobile
technologies to turn communication into interactive dialogue.
Another definition could be that "Social media are a type of online media that expedite
conversation as opposed to traditional media, which delivers content but doesn't allow
readers/viewers/listeners to participate in the creation or development of the content'
Because "social media" is such a broad term, it covers the description of a large range of
websites. But the one common link between these websites is that users are able to
interact both with the website and with other visitors to the website.
Generally any website that invites to interact with the site and with other visitors falls
into the definition of social media. Following are some examples of social media
websites:
■ Social Bookmarking (e.g. Blinklist, Simpy) - Interact by tagging websites and searching
through websites bookmarked by other people.
■ Social News (e.g. Digg, Propeller, Reddit) - Interact by voting for | articles and
commenting on them.
■ Social Photo and Video Sharing (e.g. YouTube, Flickr) - Interact sharing photos or
videos and commenting on user submissions.
■ Wikis (e.g. Wikipedia, Wikia) - Interact by adding articles and edit existing articles.
麵麵
A NEW PERSPECTIVE
IS ALWAYS OOQD.
mmm
Information Technology in Financial Services | Referencel
Businesses are always evolving, and therefore businesses are always going to be affected
by new trends and ways of thinking. The latest trend to really hit businesses is social media.
Sites like Twitter and Facebook have taken off as business platforms that have really
enabled businesses to reach out.
Social media has been such a benefit for businesses because it is inexpensive to use. Not
only are most social platforms free to use, but they reach out to millions of people. There
are an estimated 500 million people using Facebook (according to Facebook). This means
that a business has access to a potential client base of 500 million people. Granted, there
are a lot of people out there socializing, but there are others out there who want to know
more, about businesses and opportunities.
Social media is very simple to use. A company can even assign an individual to be in
charge of social media and not have to worry too much about training. The company's
social networking strategy is as complicated as the company makes it out to be.
An easy to use and free platform reaching out to millions of people means a huge return
on investment. If a company makes even one sale because they have used social media, it
is a win for the company. Social media can be used as a cheap form of advertising instead
of having to spend large amounts of money on an advert that might be used once.
Social media is going to completely revolutionize how business is done in the near future.
Once businesses harness its full potential, and the last remaining holdouts come on board,
it will level the business playing field. The best thing about social media is that small
companies can use the same tools as large companies to compete, while making the
consumer the overall winner.
In the use of social media, organizations are seeing increased brand recognition, customer
satisfaction and sales revenues. It is now easy to obtain consumer feedback - often within
minutes of a news announcement or product launch. And monitoring what the competition
and customers are doing and saying has never been easier.
Companies in Select Countries that Successfully Use Social Networks for Customer Acquisition, 2010 & 2011
% of respondents
161%
China
65%
us ________________
■HHHHB35。,。I
I 43%
! 41%
_______________ 40% 47%
12010 _2011
Source: Regus, "A Social Recovery: A global survey of
The five primary business risks associated with the use of social
media are:
Clearly, the use of social media provides new entry points for technology
risks such as malware and viruses. But what magnifies these risks is the lack
of employee understanding of the potential threats. A social media
governance strategy should focus first on user behavior by developing
policies for personal use in the workplace, personal use involving business
information outside the workplace, and business use. These policies should
be reinforced through ongoing training and awareness programs.
Summary The Internet is here to stay and prosper. While it started as a research project
half a century ago, it has now become an integral part of personal lives and
businesses. The early Internet was used by computer experts, engineers,
scientists. There was nothing friendly about it. The Internet started to
mature beyond the mid 1970's as a result of the TCP/IP architecture. The
first effort to index the Internet was done in 1989. As the Internet became
ubiquitous, faster, and increasingly accessible to non-technical communities,
social networking and collaborative services began to grow rapidly, enabling
people to communicate and share interests in many more ways. The use of
the Internet has now become so common that people who are unaware of
it are thought of as being completely out of touch with modern globalised
communications.
The Internet has grown enormously and became more complex, with
millions of websites and users. Consequently it has become difficult to
manage and effective tools are required to derive the most benefits from
Search engines are the most popular and useful Internet tool. Search
engines comprise three parts: crawlers or spiders, an index and a search
interface.
94
Introduction to the Internet
The Internet has helped to create new revenue streams for businesses
and new business models. Electronic commerce (EC) is the process of
buying, selling, transferring or exchanging products, services and/or
information via computer networks including the Internet. EC can take
several forms depending on the degree of digitization of (1)the
product or service sold/transacted (2) the process (e.g. ordering,
payment, fulfillment) and (3) the delivery method. Popular e-
commerce types are B2B, B2C, and C2C etc.
Internet popularity has also grown in the social domain and social
media have matured during the past few years. Social media are
media for social interaction, using highly accessible and scalable
communication techniques. Social media is the use of web-based and
mobile technologies to turn communication into interactive dialogue.
Businesses have also started using social media to sell, market and
launch new products, etc. Some questions to consider regarding
social media are: What is the strategic benefit to leveraging this
technology? What are the risks, and do the benefits outweigh the
costs? What new legal issues does it raise? How will customer privacy
issues be addressed?
Networking trends
97
Information Technology in Financial Services | Reference
!3^! ________ Introduction to
Networking
Student Learning
Outcome
By the end of this chapter you should be able to:
networking media
Data networks are important to all present-day organizations because they provide
quicker, easier access to any message or data that can be represented and stored in
digital format. In many contemporary organizations, large distances separate coworkers,
and data sharing becomes a major logistical problem in the absence of a network.
A network in general behaves in such a way that the more nodes that are added to it,
the whole thing gets more valuable for everyone on it because all of a sudden there's
all this new stuff that wasn't there before. You saw it with the phone system. The
more phones that are on the network, the more valuable it is to everyone because
then you can call these people. Federal Express, in order to grow their business,
would add a node in Topeka and business in New York would spike. You see it on
the Internet all the time. Every new node, every new server, every new user expands
the possibilities br ei/e/yone else who's already there.
Hubs:
A hub, sometimes known as a concentrator or repeater hub, refers to a networking
component which acts as a merging point of a network, allowing the transfer of data
packets. In its simplest form, a hub works by repeating the data packets received via
one port and making it available to all ports, therefore allowing data sharing between
all devices connected to the hub.
T^w pack^ oic?«f« from ihm to cNf lim c&ymctmS to Ifm fmt
A network hub is a fairly unsophisticated broadcast device. Hubs do not manage any of
the traffic that comes through them and any packet entering any port is regenerated
and broadcast out on all other ports in the network. Since every packet is being sent
out through all other ports, packet collisions result which greatly hinders the smooth
flow of traffic. This feature of hubs also creates security concerns as the message is
Historically, the main motive for purchasing hubs rather than switches was their price.
This stimulus has largely been excluded by reductions in the price of switches, but hubs
can still be useful in special and explicit circumstances
Switches
A network switch is a hardware device that joins multiple computers together within
one local area network (LAN). Network switches may appear nearly identical to network
hubs, but a switch generally contains more intelligence (and a slightly higher price tag)
than a hub. Unlike hubs, network switches are capable of examining data packets as
they are received, determining the source and destination device of each packet and
forwarding them appropriately to that location only. By delivering messages only to the
connected device intended, a network switch helps ; control network traffic and
conserves network bandwidth, offerir generally superior performance than a hub. This
feature also make switches more secure than hubs.
Desktop
Comput
er
,,Switch '
Printer Database
Routers
Network routers are intelligent devices that forward and
packets along networks. A network router connects at least
twoi commonly two LANs or WANs or a LAN and its ISP
network. A i located at a gateway (where one network meets
another).Thei responsible for the delivery of packets across
diverse net destination of the IP packet might be a web
server in another* an e-mail server on the local area network.
It is the respons router to deliver those packets in a timely
manner. The effe internetwork communications depends, to a
large degree, of routers to forward packets in the most
^tworking 104
In addition to packet forwarding, a router provides further services as
well. To meet the demands on today's networks, routers are also
used:
■ Wireless transmission
Choosing the cables necessary to make a successful LAN or WAN
connection requires consideration of the different media types. Each
media type has its advantages and disadvantages. Some of the
factors to consider are: cable length, cost, bandwidth, ease of
installation, susceptibility to interferences and noise etc. It is also
possible and very common to use different types of media in setting
up of a network. For example, wire and wireless media may be used
in a certain network. Also coaxial cables and fiber optic cables may be
used in the same netw set-up.
^tworking 106
(Megabits per second) to 100 Mbps, depending on the type and category of the cable
used. The disadvantage of this cable is that it cannot be used for networks spread over
long distances, as its runs are limited to 100 meters or less as after this length the signal
strength weakens, a phenomenon called attenuation. Attenuation is a limitation in all
metallic wires, ranging from mild to severe. As UTP is not shielded, it is more sensitive to
electromagnetic interference.
o(or-
Codwl
Plastic
Coaxial Cable:
Coaxial cables consist of an insulator that separates the braided inner conductor and the
outer conductor, which is a woven copper braid. These cables are commonly used for
cable TV connections in homes. Coaxial cable is of two types, namely the Thinnet and the
Thicknet, depending on the thickness of the cable. Thinnet supports a maximum segment
length of 185 meters and Thicknet can send signals up to 500 meters. The cost of the
cable depends on which type of cable is used. Thinnet is less costly and easier to install,
whereas Thicknet is costlier and demands more efforts in installation. The transmission
speed these cables provide is between 2.5 Mbps and 10 Mbps. Coaxial cables are more
resistant to electromagnetic interferences than UTP and STP cables, as they use insulators
to Networking 107
to minimize external interference.
Wireless transmission can provide special services and conveniences, such as connection
to the Internet or other networks without connecting to a wire directly, hence giving
mobility and ease of use. It can also facilitate the creation of networks in special
situations, such as in terrain that is unfavorable to wired media.
Types of Networks There are various types of networks which are used world-wide these days, both
domestically and commercially. These networks are used on the basis of their scale and
scope, historical reasons and their design and implementation issues. LAN and WAN are
mostly known and used widely. LAN, local area network, was first invented for
communication between two computers. WAN emerged in due course of time with
changing needs and as the technology became available.
LAN operates through cables and network cards. Later WLAN, Wireless local area
network, was formed through the LAN concept.There are no wires involved in
communication between computers. As mentioned already, LAN is the original network
out of which other networks are formed according to requirements. Some popular types
are as follows:
WANs have existed for decades, but new technologies, services, applications have
developed over the years to dramatically increase efficacy for business. WANs
were originally developed for di leased-line services carrying only voice, rather
than data. Conseque they linked the private branch exchanges (PBXs) of distant
offices branches of the same company. WANs are still used for voice services,
today they are used more frequently for data and image transmi ' (such as video
conferencing). These added applications have encou significant growth in WAN
usage, primarily because of the surge in connections to the wider networks.
WANs can be used for almost any data sharing purpose for which can be used.
Slower transmission speeds, however, may make applications less practical for
WANs. Efforts are being made to over such shortcomings and there are
noticeable successes. The most uses of WANs are for electronic mail and file
transfer, but WANs can
Network Topologies Topology is the network's virtual shape or structure. This shape does not
necessarily correspond to the actual physical layout of the devices on
the network. For example, the computers on a home LAN may be
arranged in a circle in a family room, but it would be highly unlikely
to find a ring topology there.
■ Bus
■ Ring
■ Star
_ Tree
Mesh
More complex networks can be built as hybrids of two or more of the
above basic topologies.
Bus Topology
Bus networks use a common backbone to connect all computing
devices. A single cable, the backbone functions as a shared
communication medium that devices attach or tap into with an
interface connector (e.g. NIC). A device wanting to communicate with
another device on the network sends a broadcast message onto the
wire that all other devices see, but only the intended recipient actually
accepts and processes the message. The term "broadcast〃 is used
because the message goes to all devices/computers connected to the
bus. A terminator is required at each end of the bus cable to prevent
the signal from bouncing back and forth
iction to Networking
on the bus cable.
Bus topologies are relatively easy to install and don't require much cabling compared to
the alternatives so there is generally a low upfront cost. However, there is a higher cost of
managing the network. Bus networks work best with a limited number of devices. If more
than a few dozen computers are added to a network bus, performance problems will likely
result, including longer delays and greater collisions of data packets. In addition, if the
backbone cable fails, the entire network effectively becomes unusable.
Ring Topology
In a ring network, each connected device has exactly two neighbors for communication
purposes. All messages travel through a ring in the same direction (either "clockwise" or
"counter clockwise"). Each device incorporates a receiver for the incoming signal and a
transmitter to send the data on to the next device in the ring. The basic problem of ring
topology is that each workstation should participate actively in transfer of the information
a failure in any cable or device breaks the loop and can take down the entire network -
the network is dependent on the abilih of the signal to travel around the ring.
The star topology is considered the easiest topology to design and implement. An advantage
of the star topology is the simplicity of adding additional nodes. Compared to the bus
topology, a star network generally requires more cable, but a failure in any star network cable
will only take down one computer's network access and not the entire network. If the hub
fails, however, the entire network also fails.
Tree Topology
Tree Topology is a combination of the bus and the star topology. Tree topologies integrate
multiple star topologies together onto a bus. In its simplest form, only hub devices connect
directly to the tree bus, and each hub functions as the "root" of a tree of devices. This
bus/star hybrid approach supports future expandability of the network much better than a
bus (limited in the number of devices due to the broadcast traffic it generates) or a star
(limited by the number of hub connection points) alone.
A tree topology is supported by many network vendors and is the best topology for branched
out networks. However, the tree topology network is entirely dependent on the trunk which is
the main backbone of the network. If that were to fail, then the entire network would fail. A
tree topology network can become complicated and difficult to manage after a certain point.
Mesh Topology
Mesh topologies involve the concept of routes. Unlike each of the previous topologies,
messages sent on a mesh network can take any of several possible paths from source to
destination. The mesh network is based on a very practical concept and has red jced
chances of a network breakdown. There are so many possible combinations of routes and
hops (movement of data packet from one node to another) a data transfer can take that it
will reach the destination one way or the other. It is highly unlikely that all the nodes in a
single mesh network will break down at any given point of time.ln a mesh network every
node is connected to other nodes on the network through hops. Some are connected
through a single hop and some may be connected with more than one hop.
While the data is travelling on the mesh network it is automatically configured to reach
the destination by taking the shortest route which means the least number of hops. Data
travels by hopping from one node to another and then reaches the destination node in a
mesh topology network.
A mesh network in which every device connects to every other is called a full mesh. As
shown in the illustration below, partial mesh networks also exist in which some devices
connect only indirectly to others. A full mesh network may be considered more effective
(more routes available) botj can be difficult to manage.
Networks connect people to the ultimate of all networks, the Internet, where networks of all
sizes connect to form a global information system. As more users discover online resources
and new applications are developed, networking must become more efficient to support ever-
increasing numbers of users.
Innovations of all kinds are being proposed to enhance networking applications, and sharing
Internet connections through networks is quickly becoming one of the key advantages of
networking. On the computing level, Gigabit Ethernet is expected to boost network speeds up
to 1000Mbps, and Network-Attached Storage (NAS) and Storage-Area Network (SAN) media
will expand, centralize and manage data storage.
In a broader outlook, all these factors drive a strong market demand for a universal system of
communications connecting more than just PCs. New techniques for data transfer are being
developed to achieve interoperability among PCs, cellular phones, PDAs, cameras and other
multimedia devices. Bluetooth is just one of the exciting developments in wireless technology,
bridging data lines between PCs, cellular phones and other small electronic devices using
short-range radio wave transmission. As data transfer finds new paths and wireless technology
frees it from physical lines, a complete package for voice, data, and entertainment
convergence is inescapable.
In fact, the market already confirms convergence as the future of networking. Network data
can now travel over all types of cabling, including ethernet cable, fiber optic cable, phone
lines, and power lines. Hybrid devices are combining multiple technologies and hardware
functions into a single multi-tasking device, such as set-top boxes (devices that connect to a
television and an external source of signal, turning the signal into content) for merging TV
and PC data and residential gateways for handling a home network's security and high-speed
Internet connections. To take it one step ahead, these gateways are expected to evolve into a
single device, controlling home security on top of network security, as well as networking
household appliances like refrigerators and central air conditioning.
The next generation of Internet consumers have much to expect. Information will flow more
spontaneously as voice, video, and data merge to travel over the same pathways. The Internet
itself will be overhauled, increasing the number of IP addresses and implementing IPSec
(Internet Protocol security) to enhance security on the Internet and support the development
of VPNs, or Virtual Private Networks. IP telephony, or Voice Over IP (VoIP) has already allowed
two-way audio transmission, meaning free or low-cost long-distance phone conversations via
the Internet, as well as faster downloading of music and video files.
Wi-Fi The term Wi-Fi suggests Wireless Fidelity, resembling the long-
established audio-equipment classification term "high fidelity" (in use
since the 1930s).The term "WhFi" was first used commercially in
August 1999.
There are several advantages of Wi-Fi, as highlighted earlier, but all is not well in
the wireless networking scenario. There are several challenges confronting the
industry and hundreds of thousands of experts are working to solve these and
provide unhindered wireless access to users. Listed below are the noticeable
demerits of Wi-Fi networks.
■ The most significant shortcoming of Wi-Fi is the range. There are obvious
improvements in this aspect but still more work is needed. The signal needs
to be stronger to provide larger connectable spaces.
■ Radio wave conflicts. If W卜Fi is used near other radiation emitting devices
such as microwave ovens and cordless phones, the resulting conflicts
between devices and networks tend to slow down the Wi-Fi device. In older
versions of Wi-Fi the conflicts were so high that, if the device was too near a
microwave, the data transfer would immediately stop. Additionally, some of
the wireless adapters work on the frequencies that are currently used by
many other wireless devices. This can cause serious interference, so the
connection performance can be quite poor.
■ Most public areas (airports, resturants, etc) do not use security modules,
making Wi-Fi users' data transfer unsafe. A lot of attention is being given to
this aspect as this is a major limiting factor in the widespread use of this
technology.
■ Wi-Fi technologies are power hungry. This presents a clear disadvantage for
users of laptops and other battery-dependent devices. The battery industry is
still trying to develop the technology which will enable manufacturing of long
lasting, compact sized and light weight batteries. If Wi-Fi consumes so much
electricity it would be a damper on the very concept of mobility because
users will have to look for the nearest power point if they wish to use Wi-Fi
Internet or any other applications over the network.
Broadband access is faster than dial-up and different in the following ways:
Virtual PrivateAs a business grows, it might expand to multiple offices across country
Network and around the world. To keep things running efficiently, people working
in those locations need a fast, secure and reliable' share information across
computer networks. In addition, trav employees such as salespeople need an
equally protected dependable way to connect to their business's computer
network i remote locations.
Business
Partner
Remote
Office
Regionat Hcmie Mobile Office Office Worker
■ Flexibility for remote offices and employees to use the business intranet
over an existing Internet connection as if they're directly connected to
the network
A business might not require all these benefits from its VPN, but it should
demand the following essential VPN features:
■ Security -The VPN should protect data while it's traveling on the public
network. If intruders attempt to capture the data, they should be
unable to read or use it,
Bluetooth The art of connecting nodes in a network is becoming more and more
complex every day. One exciting possibility is Bluetooth, that can streamline
the networking procedure. A Bluetooth connection is wireless
and automatic, and it has a number of interesting features that can
simplify lives. Bluetooth was conceived initially by Ericsson, before
being adopted by a countlessnumber of other companies around the
world.
■Iroduction to Networking
other devices to talk to each other over short distances (up to 100
metres). Bluetooth uses radio waves and is designed to be a secure
and inexpensive way of connecting and exchanging information
between devices without wires. Because the devices use a radio
(broadcast) communications system, they do not have to be in visual
line of sight of each other.
Networking Issues With changing business settings and extreme dependence of firms on
networks it has become imperative for businesses to ensure that
there is no downtime. Downtime or outage duration refers to a
period of time that a system is unavailable and fails to provide or
perform its primary services and functions.Downtime can be caused
by failure in hardware (physical equipment), software (logic
controlling equipment), interconnect equipment (such as cables,
facilities, routers), wireless transmis*" (wireless, microwave, satellite),
and/or capacity (system limits). Spc:' attention and huge investments
are required to ensure that network services are always available.
However, regardless of size or number employees, every company
experiences networking problems at time or other. There are some
very common problems that can pr themselves in any environment
that utilizes a networked s Anticipating the most common problems
ahead of time and working avoid them is the best way to reduce
delays and ensure a smooth networking experience.
Software problems can be the cause of networking problems as well. When all
Summary Computing power and potential can be harnessed much better if computers and
computing equipment are connected to allow sharing of data. An
interconnection of computers is called a computer network or simply a
network. Networks are important to all contemporary organizations because
they provide faster, easier access to any message or data that can be
represented and stored in digital format.
Networks are used on the basis of their scale and scope, preferences for
networking industries, and their design and implementation issues. LAN
and WAN are mostly known and used widely. A local area network (LAN) is a
computer network that connects computers and devices in a limited
geographical area such as a computer laboratory or office building. A wide
area network (WAN) is a telecommunications network, usually used for
connecting computers, that spans a wide geographical area.
Mobile Banking
Internet Banking
ATM
POS
Part Five
Technology Based distribution
channels/Networks in Financial
Industry
call center
■ List the services being offered via phone banking both internationally
and locally
operations in Pakistan
■ Define the term 'down time' and explain its impact on the ove
■ List the services being offered via mobile banking both internati and
locally
banking service
_ Define the term 'down time' and explain its impact on the overall ATM
service
■ List the services being offered via ATMs both internationally and locally
■ Define POS
_ Define the term 'down time' and explain its impact on the overall
POS service
_ Define the term 'down time' and explain its impact on the overall mobile
banking service
■ List the services being offered via mobile banking both internationally and
locally
■ List the services being offered via POS terminals both internationally and
locally
Salient Features The State Bank of Pakistan has issued Branchless Banking (BB) of SBP
Branchless Regulations, which is applicable to all banks including Islamic and Banking
Regulations Microfinance banks with a view to encouraging innovation and increasing
outreach of the banking system. The SBP branchless banking
regulations were last amended in June 2011•
(http://www.sbp.org.pk/bprd/2011/C9-Enclosure-2.pdf)
Branchless banking can also be done using agents other than Telcos'
Fuel distribution companies, Pakistan Post, chain stores etc.) and
technologies not limited to mobile phone (like GPRS, POS terminals i
Today most major businesses use call centers to interact with their
customers. Examples include banks and financial firms, utility companies,
mail order catalogue retailers, manufacturers and retailers of consumer
products etc. Some businesses even service internal functions through
call centers. Example of this includes help desks for technology-related
in-house matters and support.
Interactive voice Interactive voice response (IVR) is a technology that allows a computer
response - IVR to interact with humans through the use of voice and telephone keypad
inputs. IVR allows customers to interact with a company's database via a
telephone keypad or by speech recognition, after which they can service
their own inquiries by following the IVR dialogue. IVR systems can
respond with prerecorded or dynamically generated audio to further
direct users on how to proceed.
Interactive Voice Response technology is primarily used to automate
customer centric business processes and relieve the pressure on human
agents handling incoming consumer calls.
■ It filters the inbound call traffic and smoothes the peaks and
troughs in the call center queue, thus adding a degree of
predictability to call volume modeling.
Clients who have come across the IVR at the banks' call centers have
some concerns regarding the sound quality, the content and the style
in which the queries are dealt with. As useful as this service sounds
the more important it is to keep the following points in mind while
using this technology.
■ Avoid long menus. It is suggested to have not more than four to
five items on the menu. This helps the client to remember the
commands for each option and also saves time.
■ Use a script that explains well and does not deliver more than
required information i.e. it is not unnecessary verbose.
Call Center Banks' call centers are at the front line of customer service. While
problems increasing the automation of a call center theoretically
improves efficiency, it can also increase the attrition rate of
employees. Automated technology is typically designed to allow call
center agents to handle more calls in an hour by reducing the
amount of time spent on the phone with each client and reducing the
amount of idle time between each call. This, however, can increase
the stress levels. In short many things can stand in the way of
optimum service provision. Some obvious problems faced by call
2. Staff attrition
High staff turnover can negatively impact on call centre quality because every
time a trained agent leaves, fewer are on hand to ensure an optimum level of
service. In addition to this, there are heavy costs associated with recruiting, hiring,
training and developing new staff - not to mention the costs associated with the
dip in productivity that is inevitable as new recruits climb on the learning curve.
3. Flat structures
Call centers are inherently flat structured. Few supervisors (or just one at times)
overseeing sometimes hundreds of agents of equal status. Consequently, career
prospects are often limited - a situation that has becomes more acute in periods
of the recession. Banks risk losing their best people to competitors if they fail to
provide adequate career opportunities. Talented staff might also become de
motivated when no future growth is in sight.
4. Mandatory cost-cutting
Tight budgets have been a continuing problem for call centers, primarilf j due to
the high costs associated with establishing, managing and sta them. The issue
gets severe in years of global recession. In many ca: senior executives no longer
regard call centre efficiency savings optional; instead, they are demanding them
as standard.
6. Poor integration
Today's call centers are flooded with software, ranging from pr« dialers, CRM
databases and workforce management tools through to: order processing
platforms, credit card security applications automated voice response systems.
Call centre agents can be with more than ten different software systems. Each
applicat designed to perform a specific task. Agents often find it tricky to ta maze
of different systems which has detrimental effects on their
one hand, and on the other create compatibility and interoperability
issues. Moreover, technologies are interconnected and interdependent
and failure of one in the chain may render others inoperative.
Downtime Call centers can't afford downtime, i.e. the duration during which their
services are not available. Downtime can cause substantial immediate
and direct financial losses to business in addition to lost opportunities
and unsatisfied customers. Because of the customer-facing nature of
contact centers, downtime may result in extensive lost revenue and
potentially more damaging, the loss of customers to rivals.
Virtual Queuing Call centre technology has evolved tremendously over the last decade.
Some of these technologies include speech recognition software to
allow computers to handle first level of customer support, text mining
and natural language processing to allow better customer handling
and many other technologies to improve agent productivity and
customer satisfaction. One such innovative concept is that of Virtual
queues. Virtual queues provides ca、、ers with an alternative to waiting
on hold when no agents are available to handle inbound call.
Virtual Call Centers With the advent of the Software as a service (SaaS) technology delix model, the
virtual call centers have emerged. In a virtual call ce model, the call centers operator (i.e.
the client bank/organization) < not own, operate or host the equipment that the call
centre runs Instead, they subscribe to a service for a monthly or annual fee service
provider that hosts the call centre telephony equipment in own data centers. Such a
vendor may host many call centers on equipment. Agents (on client organization's payroll)
connect to: vendor's equipment through traditional PSTN (public switched tek network)
lines, or over Voice over IP. Calls to and from prosf contacts originate from or terminate
at the vendor's data centre, than at the call centre operator's premises. The vendor's te
equipment then connects the calls to the call centre operator's The obvious advantage of
this latest technology-backed develc substantial savings achieved by banks as they do not
have to investi development and maintenance of datacenters. This trend is an of
outsourcing.
Call Centers in Call centers began to emerge in Pakistan in late 90s with reasons and
Pakistan foreign investments made in this area after ventures in net India met huge
successes. Many Pakistanis are able to understand with reasonable ease and can
speak the language in a compre accent which is a huge advantage over people of
other countries| region. Jobs were created and latest technology found its way I
country. While there were isolated success stories, the overall affairs was more hype
than concrete reality. The reasons why call as outsourcing model was not a huge
success were many rar the global recession to in-house inconsistencies in
government; lack of investors expertise and ability to sustain till critical achieved. Not
so great communications technology infrastri political instability also played their
roles.
Despite only mediocre success to call center outsourcing multinational and large
(even mid-sized) companies in Paki: successfully created their in-house self managed
call cente companies include local and foreign banks, FMCGs, mot companies and
utility services providers etc.
The advent of the Internet revolutionized the way the financial service industry conducted
their businesses. They empowered organizations with new business models and new ways
to offer non-stop accessibility to their customers. The ability to offer financial transactions
online has also created new players in the financial services industry, such as online banks,
online brokers and wealth managers who offer personalized services. Mobile devices,
especially smart phones, are the most promising way to reach the masses and to create
"stickiness" (hook customers by ensuring excellent services and periodic updates) among
current customers, due to their ability to provide services anytime, anywhere, their high
rate of penetration and potential to grow has made them a dominating force in the world
of e-banking.
Financial institutions have been on a quest to satisfy their customers' need for more and
more convenience. Internet banking in the mid-1990s enabled consumers to access their
financial accounts using a home computer with an Internet connection. Yet banking at the
living room computer still has some serious limitations. The biggest issue is mobility. Even
with a laptop, it's almost impossible to stay connected in virtually any location on the
planet.
Not so with mobile phones. They can be carried anywhere. If mobile phones only
delivered voice data, then their use as a vehicle to deliver banking services would be
limited. Most phones, however, also provide text-messaging capabilities, and a growing
number are Web-enabled. That makes the mobile phone an 丨deal medium through
which banks can deliver a wide variety of services.
Mobile Banking (also known as M-Banking, mbanking, SMS Banking) refers to provision
and availability of banking and financial services with the help of mobile
telecommunication devices even when users are miles away from their nearest branch or
home computer. The scope of offered services may include facilities to conduct bank and
stock market transactions, to administer accounts and to access customized information.
Through mobile banking, one can check account balances, complete account transactions,
make payments on time etc. via a mobile device such as a mobile phone. Most customers
use mobile banking through SMS or the mobile lntemet._Some financial institutions take
up another method to provide mobile banking to their customers. They make customers
download special software on their mobile phones which acts as client for the mobile
banking services.
For consumers, mobile banking is about convenience: the ability to check account
balances, pay bills and transfer funds from a device they take with them everywhere. For
financial institutions, it is a means to deepen customer relationships, streamline,
operations and cut costs. Mobile banking is growing at a very fast pace and may soon
become the primary channel for banks to connect with their customers and vice versa.
The amount of banking possible on cell phone varies depending on the specific banking
institution. Some banks offer only the option of text alerts, which are messages sent to
cell phones that alert the customers regarding transactions and activities such as
deposits, withdrawals, and ATM or credit card use. This is the most basic type of mobile
banking.
A more involved type of mobile banking allows the user to log into his or her account
from a cell phone, and then use the phone to make payments, check balances, transfer
money between accounts, notify the bank of a lost or stolen credit card, stop payment
on a check, receive a new PIN, or view a monthly statement, among other transactions.
This type of banking is meant to be more convenient for the consumer than having to
physically go into a bank, log on from their home computer, or make a phone call.
While all of this is true, some are concerned about the] security of mobile banking.
A push transaction, on the other hand, is one in which the bank! information based
on a set of rules. A minimum balance alert is m example of a push transaction.
Similar alerts can be sent wheneven| is a debit transaction or a bill payment. As
these examples illust transactions are generally one way, from the bank to the custc
Mobile banking can also be classified based on the nature of the : Transaction-
based services, such as a funds transfer or a bill involve movement of funds from
one source to another. Inqi services don't. They simply require a response to a user
querf < balance inquiry query.
WAP is the technology architecture that makes accessing Internet pages possible
from a mobile phone. It includes the concepts of browsers, servers, URLs and
gateways.
WAP provides a user experience that echoes Internet banking conducted on a home
computer. This is an attractive feature to many banks, who also appreciate the fact
that customers don't have to download any proprietary software to enjoy robust
access to a full line of services and transactions.
■ WAP banking requires a smart phone or a PDA, but such devices represent
less than (perhaps only)10 percent of the phones in use Even if a customer has
a WAP-enabled phone, he or she can elect not to sign up for the more costly
data plans required for Internet access.
■ Mobile phones lack the level of anti-virus and personal firewall this d nn°W
As a financial institution prepares for the mobile banking revolution. must weigh
the advantages and disadvantages of these various solu to decide which one best
meets the needs of its customers and its technology infrastructure
Bunt SMS
Service
Provider
The benefits of convenience are undeniable, but there are a number challenges &
disadvantages that mobile banking users should be a of. The technology's cost,
compatibility issues and security problems cause second thoughts. Key challenges
in developing a mobile banking application are:
Handset operability
There are a large number of different mobile phone devices and it is a challenge
for banks to offer mobile banking solution on any type device. Some of these
devices support Java ME and others support Application Toolkit, a WAP browser,
or only SMS.
Security
Security of financial transactions, being executed from some location and
transmission of financial information over the air, are
6. Encryption of the data that will be stored in device for later / off-
line analysis by the customer.
One-time passwords (OTPs) are the latest tool used by financial and
banking service providers in the fight against cyber fraud. Instead of
relying on traditional memorized passwords, OTPs are requested by
consumers each time they want to perform transactions using the
online or mobile banking interface. When the request is received the
password is sent to the consumer's phone via SMS. The password is
expired once it has been used or once its scheduled life-cyde has
expired.
Mobile banking in Mobile banking is used in many parts of the world with little or nn
the world infrastructure, especially remote and rural areas. This aspect of mobile
banking is also popular in countries where most of the population s
unbanked. In most of these places, banks can only be found in big
cittes^ and customers have to travel hundreds of miles to the nearest
bank.
In Iran, banks such as Tejarat, Mellat and Bankmelli offer the servt
Banco Industrial provides the service in Guatemala. Citizens of Mexico
access mobile banking with Omnilife, Bancomer and MPower Ven
Kenya's Safaricom has the M-Pesa Service, which is mainly used
transfer limited amounts of money, but increasingly used to pay bills
as well. In Somalia, the many telecom companies provide m banking,
the most prominent being Hormuud Telecom.
144
Information Technology in Financial Services | Reference
Automatic Teller Machines
While interbank networks provide capabilities for all ATM cards within
the same network to use other banks' ATMs that belong to the same
network, the services vary. For instance, when a person uses his ATM
card at an ATM that does not belong to his bank, the basic services,
such as balance inquiries and withdrawals, are usually available. However,
special services, such as obtaining a mini-statement, may not be
available to ATM cardholders of banks other than the ATM cardholders
of the acquirer (the bank that owns the ATM). Furthermore, banks may
charge a fee from users of cards that do not come from their own bank
(in addition to any fees imposed by the bank of the card the person is
using). Interbank networks are convenient because people can access the
ATMs of other banks who are members of the network when their own
bank's ATM is unavailable.
145
Information Technology in Financial Services | Reference Book 2
ATMs rely on authorization of a financial transaction by the card
issuer or other authorizing institution via the communications
network. This is often performed through an ISO 8583 messaging
system.
ATM Security
1
^y Based distribution channels/Networks in Financial Industry
Identification of security risks and mitigation of them through a planned
mechanism is necessary to ensure that the ATMs are always available,
meaning that there is no downtime. Non availability of ATMs for any
reason can irritate customers decreasing their satisfaction level which
may ultimately result in customer loss.
Physical Security
Early ATM security focused on making the ATMs invulnerable to physical
attack; they were effectively safes with dispenser mechanisms. A
number of attacks on ATMs resulted, with thieves attempting to steal
entire ATMs by ram-raiding. Ram-raiding is a term used for situations in
which a van, car, or other heavy vehicle is driven through the ATM kiosk
to effectively demolish or uproot an entire ATM and any housing to steal
its cash.
A common method is to simply rob the staff filling the machine with
money. To avoid this, the schedule for filling them is kept secret, varying
and random. Additionally the money is often kept in cassettes, which will
dye the money if incorrectly opened.
At the same time, the operating system on which the ATM is based is
changing. ATMs have begun migrating from the obsolescence of IBM
OS/2 to Microsoft Windows to gain business value. But with the move to
the Windows platform comes increased exposure to known and unknown
security threats.
The operating system has also changed from a relatively secure, low-
visibility, low-target profile to an operating system that has relatively
higher visibility, a relatively higher vulnerability level, and a higher target
profile.
SSL uses a cryptographic system that uses two keys to encrypt data - a
public key known to everyone and a private or secret key known only to
the recipient of the message. Any application that needs to transmit data
over an unsecured network such as the Internet or a company intranet r
a potential candidate for SSL. SSL encrypts the data being transmitted s»
that a third party cannot "eavesdrop" on the transmission and view the
data being transmitted.
ATMs in Pakistan
According to the same report, the volume and value of overall eBan"
transactions in the country during the said quarter reached 56.42 mil and
Rs 5.5 trillion respectively showing an increase of 7.30% in voi and 17.47
% in value compared to the previous quarter. ATM, being largest channel
for eBanking transactions, .showed 5.6% increase ' number of
transactions and 9.5% increase in value which resulted ' average value of
Rs.8, 804 per ATM transaction. Very significant incre was also recorded in
transactions related to Real time online bran (RTOB).The number of such
transactions grew by 10.59 % and value transactions increased by
17.97%.
(http://www.sbp.org.pk/psd/reports/2010/Status_Report_Q_2-12-l
The Internet Banking
A pure Internet bank exists entirely online. These are legitimate banks
(i.e. approved by country's laws and central banks) and all transactions
are done over the Internet. Internet banks basically give all the services
of a traditional bank except that they don't have the physical structure
of a bank.
A pure Internet bank has two main selling points: convenience and free
banking services or higher interest rates.
Another great thing about Internet banking is that clients have more
control over their money. Most Internet banks allow to customize
accounts and to maintain multiple accounts. Internet banks also provide
budgeting and money management tools. And because they're always
open and always online, they are able to provide up-to-date account
information.
Unfortunately, there are still some things that pure Internet banks cannot
"do. Cash cannot be deposited directly and cash needs to be mailed or
some other channel must be used. It can be risky and quite inconvenient
if cash deposits are a regular activity. Also, in some cases, the postage
cost is the responsibility of the customer.
Another drawback of Internet banks is the possible ATM fee. Since these
banks do have any physical facilities, this means that Internet banks ma)
not have their own ATMs. In case of cash withdrawals, ATMs of other
banks must be used on a fee which could be quite expensive.
Despite the above limitations and drawbacks, the Internet banks are
becoming more and more popular around the world mainly because it s
easy and convenient to bank with them.
Even without the software, it is still possible to check accounts and bills
online using the bank's website. Banks require more strinv security
measures and may be a monthly fee to gain access to o services,
although free service provision is now common. The m management
tools on bank websites are also quite limited compared that of personal
finance software.
There are certain criteria that can help in choosing the right Internet
Top performing online banks have certain features in common that
them stand out from the competition. These features have a lot to
do the level of service, security and quality of an Internet bank.
Here's of features that a customer should look for in a good Internet
bank.
Downtime
The impact of downtime can be devastating for banks. Customers use
Internet banking for convenience as it overcomes the limitations of time
and distance. In situations when the services are not available these
advantages are lost and so is the basic motive of Internet banking.
Customer satisfaction can plunge and bank may lose its clients to other
competitors.
Banking Iteamty Internet banking facilities take security very seriously. Whether it's the
Features website of a traditional bank or an Internet-only bank, both spend a
considerable part of their budget in making sure their system is secure
and their clients are well protected.
However, stories about identity thefts are common. These things happen
mainly due to human error. People can be careless and make mistakes
Hackers and thieves get past these strict security features because
careless customers give them the ability to do so. Some tips to improve
the security of Internet banking are:
The acronym POS stands for "Point Of Sale". Generally this means the
exact location where a purchase is made and payment is completed.
This may include face-to-face sales transactions as well as purchases
made online. Whether customer is standing at a cashier counter or
checking out an online shopping cart, the precise place where
payment is made for goods or services ordered or received is
considered the point of sale - or POS.
After many more such interesting innovations, in 1992 the first point
of sales software that could run on the Microsoft Windows platform
named IT-Retail was created. Since then a wide range of POS
applications have been developed on platforms such as Windows and
Unix. The availability of local processing power, local data storage,
networking, and graphical user interface made it possible to develop
flexible and highly functional POS systems. Cost of such systems also
declined with the passage of time making such systems possible to
use.
Post 2000, web based POS software were developed that can run on
computer with an internet connection and supported browser, wia
additional software. POS systems that are Internet based are usee
businesses with multiple locations. An owner can access the daily t
from all locations from a remote site, as well as track sales
throughout day. Franchises and businesses with satellite offices track
sales connected POS systems and build databases of consumer
demogr to guide marketing strategies.
The key requirements that must be met by modern POS systems incl
high and consistent operating speed, reliability, ease of use, remote
POS Problems
Point of sale systems often features a complex arrangement of
hardware, software and network connections. POS systems rely on
predictable operation, and problems can appear when hardware,
software or concerned humans do not perform as expected.
Hardware Issues
Point of sale systems often involve an array of devices connected with
one another using physical cables or secured wireless protocols.
Typical
Software Issues
Just as POS systems rely on computer-like hardware, they also rely on
computer operating systems and special software to perform point of sals
functionality. Central servers and checkout workstations often run
operating systems similar to those found on personal computers. POS
equipment also uses software applications to handle credit card
processing, inventory tracking, accounting and other sales-relate: functions.
When POS software encounters an error, or when too mu<r software
overloads the computer processor or memory, the system can stop
working.
Connectivity Issues
When a customer presents a credit or debit card as payment, the point
erf; sale system must transmit the account information to the credit card;
processing network. According to the Merchant Account Guide webste,|
POS systems usually rely on either dial-up modems or broadband Internet
services to connect to the processing network. If the network connectionj
becomes unavailable, the system will lose the ability to process credit and
debit transactions; some systems may also lose the ability to verify check
payments. In addition, dial-up connections must have clear audio to
communicate with the credit card network properly. If any static exists am
the line, the POS system may lose the ability to process credit, debit ami
check transactions.
Human-related Errors
Because of the complexity of point of sale systems, concerned staff receive
extensive training on how to perform transactions and opers— the system.
If incorrect information is provided or wrong applications launched, POS
systems may become unpredictable or fail to proc transactions correctly.
POS systems are becoming popular in Pakistan and are finding their
into businesses as firms and customers realize the safety and conveni
these systems offer. POS hardware vendors are also making their eff in
making POS technology popular. Many businesses are using native
software as it is cost-effective and tailored to specific needs of country.
Poor literacy rate in general and less technology awareness particular
are significant hindrances in its wide-spread use together cultural
barriers and lack of trust as perceived both by buyers and sei丨'
Summary The new IT-based banking channels of service delivery are independent
time and distance restrictions making them even more useful valuable
for organizations. The net result is the popularity of bran
banking. Branchless banking is a distribution channel strategy used for delivering
financial services without relying on bank branches. Examples of branchless banking
technologies are the Internet, automated teller machines (ATMs), POS devices and
Branchless banking
Micropayment Solutions
ATMs
Store Value Cards
NFC isn't really new or cutting edge. In fact, it's basically a variation
of short-range wireless technologies already used throughout the wc
field communication can quickly swap information between devices
they're touched together. Text, images or other data can simply be i
by holding an NFC-enabled phone up to various "smart
160
Information Technology in Financial Services | Ref
and convenience by making exchange of digital data, connection of
electronic devices, and transactions far easier. NFC technology finds
application especially in mobile phones which work by identifying NFC
tags in another device which is in dose range (4 to 10 cm) leading to
exchange of data between the two. Near field communication
technology is actually an evolution of RFID (Radio Frequency
Identification) technology for contactless payment systems.
The three main concepts that the NFC Forum, the main association of
companies promoting NFC, is pushing are "sharing, pairing, and
transaction."
Transaction is the most obvious of the three, and the most popular. A
smartphone with an NFC chip could very easily be configured to work
as a credit or debit card, just tap the phone against an NFC-enabled
payment terminal and the transaction is completed in no time. But
that's really only the start of what NFC can do in terms of transaction.
NFC could work well for public transit passes, library cards, hotel room
keycards, and office building passcards. Even government-issued IDs
The NFC standard leaves any kind of advanced protection, like enai
or password protection, up to the business that uses it, e.g. ban&J
relatively easy for most companies to embed encryption or a but
they still have to do it.
Cont
d
e’1fi
%
165
Information Technology in Financial Services | Reference Book 2
Why have the electronic versions of micropayments become so im to
banks and businesses? Because handling cash is very expensive. It to
be collected, counted, stored, handled and redistributed. Banks
merchants need to find a way to cut those costs. It has been est r that
a vast majority of credit card sales are small purchases; banks
businesses therefore need to find a way to facilitate these payments
digital world.
Credit cards are not really a viable alternative to cash for micropay.-
since the transaction charges to the merchant and the cost to the k are
too high. Paying a flat fee charge plus an interchange fee on purchase price,
for example, on a small value purchase, does not good business sense
for merchants. Neither does having all the customers wait in line while
the card is swiped, the slip printed and all for a small purchase.
For these reasons micropayment systems have not yet penetr market as
much as they should have. The critical mass of users h reached in some
industrial countries where the Internet has a penetration. There is a
need to analyze this new "player" and u
Micropayment Types Micropayment systems typically take the form of stored value cards or RFID key
fobs, credit-based systems, or account-based systems.
Stored Value Cards
Storing value on a card or other product involves embedding
and Fobs/Tags
monetary value on an access device. In the case of card-based
products, the stored value is stored in a microprocessor chip
embedded in a plastic card.
The stored value cards can be loaded with funds from the bank
account and then, as purchases are made, the funds are used up. The
cards can usually be re-loaded from the provider's web site, by phone
or at certain merchants. The most common forms of this type of
product are transit passes, debit-style pre-paid gift cards, e-purses and
cash cards. Stored value products are also referred to as electronic
money or e-money.
The chip technology used in these stored value products tracks the
value remaining on the device. There is no link from the card or key
fob to the consumer's bank account so if the card or the fob is lost,
the only exposure is the amount left in stored value. The money is
gone but the bank account is not compromised.
Credit-Based ..ザ:tsms Credit-based systems use credit cards as the payment vehicle and
or Products remain
167
Information Technology in Financial Services | Reference Book 2
the new
domain ofthat
issues the arise
majorby financial institutions
the introduction andtotypical
of MPSs credit
everyday life.
companies - who now prefer to be known as "payment" comp
In order to try to solve the problem of many fees for small tran
these credit-based products depend on a concept known as "aggr
to allow micropayments to be made. Aggregation bundles multiple
transactions into one larger one to reduce the transaction charges
ar>: For example, when someone buys 10 songs from iTunes.com,
the card does not show 10 separate charges, but the total of all tra
plus any taxes. Buyers are charged any fees only once for the ag
transaction amount and the merchant only pays one fee as
The challenge for the banking industry has been to find a way to a
the consolidated charge. Instead of the more standard direct aut of
the credit card transaction between the merchant and the car
institution, with the micropayment aggregation model, each small u
is not individually authenticated. This can create security headaches
issuing financial institutions since they cannot determine, at the
sale, whether the cardholder has authorized the pir'
Account-Based Systems The most common type of account-based product is the debit
or Products accesses funds in the bank account (of the user) directly and
tran funds to the merchant account.
The requirement for a PIN can slow down the process and le&d
product not being used for micropayments. Like the credit-based
the introduction of contactless products helps with this
Legal and Policy In most instances, micropayment products have not been arouri
Issues survived long enough for all the legal issues to be explored or r
There are, however, some interesting legal and policy issues that
explored, for example:
Stored value cards (gift cards or keypass payment cards for example)
are valuable tools for merchants because they can be tied to
marketing campaigns and loyalty programs and build a consistent
customer base. However, personal information such as the customer's
name and address, as well as buying habits and recent purchases is
collected as part of these cards. This personal information is not only
sensitive, it is extremely valuable and it must be protected and
collected only in accordance with relevant privacy laws. The potential
for abuses can be high.
Sector 169
lifestyle to use the technology.
The two concepts, "free〃 and "open source", are closely related - the;
is an attempt to codify "software freedom" into a copyright lice this
reason Open Source Software is referred to as Free Software or FOSS
or FLOSS. FOSS is Free Open Source Software, FLOSS stands for Libre
Open Source Software. Libre is included to make the distir between
being free of cost/charge and being free as in the freedoms above.
Open Source Software is usually (but not necessarily) free of at the
point of acquisition but it is not necessarily free of cost in t support.
This open approach means that anyone can study and alter the source
and therefore contribute to the development process.
Benefits of open The main benefits of open source software for most users are that there
source software are no restrictions on use and that the software is usually free to
acquire.
Programs can be installed on as many computers as required without
costing anything.
Another benefit of open source software is that it frees the user from
the 'vendor lock-in' associated with many proprietary programs. Lock-
in is where a company makes software incompatible with that of their
rivals forcing the user to stick with one company's programs. Open
source software tends to use open standards, thus improving
compatibility between software packages.
Linux (operating system), Mozilla (Netscape browser core), Apache server), PERL (Web
scripting language) and PNG (graphics file format» all examples of very popular
software that is based on open s
A common concern for businesses and end-users who wish to use _r source software is
the lack of a warranty and technical support. Beeニ-. the software's license encourages
modification and customization, ■ nearly impossible to provide support. Many firms
sell the open sot software and the main value added is the provision of warranty and
techr support. For most businesses, the assurance of technical support is gene a key
factor in the decision to buy the open source software instead simply downloading it
for free.
Open Source's proponents often claim that it offers significant be when compared to
typical commercial products. Commercial prod typically favor visible features (giving
marketing advantage) over to measure qualities such as stability, security and similar
less gla attributes. This can be described as the quality versus features phen
Open Source software developers are evidently motivated by many but favoring
features over quality is not noticeable amongst them. For developers, peer review and
acclaim is important, so it's likely that will prefer to build software that is admired by
their peers. Highly factors are clean design, reliability and maintainability, with adher
standards and shared community values preeminent.
In addition, most users of Open Source products have access to the code and
debugging tools, hence often suggest both bug fixes enhancements as actual changes
to the source code. Conseque quality of software produced by the Open Source
community so exceeds that produced by purely commercial organize
Reasons to use Focus: Open source software gets closest to what users want because users
open source can have a hand in making it so. It's not a matter of the vendor users what
it thinks they want -users and developers themselve-f what they want.
Freedom: When businesses turn to open source software, they free from the
severe vendor lock-in that can afflict users of proprietary Customers of such
vendors are at the mercy of the venders
Image-Based Paper cheques provide consumers and businesses with a critical alternative
Cheque payments mechanism. While total volume continues to decline, still billions of
Processing cheques are written and processed each year, and consumers and businesses
worldwide remain confident and satisfied with writing cheques. However, cheque
processing is experiencing a radical change as financial institutions and their customers
now have new, more efficient ways to process and clear cheques. Financial institutions
need to develop and implement a cheque image clearing strategy to remain competitive
in the future.
Since its implementation in October 2004, the Cheque Clearing for the 21st Century Act
(Check 21)has enabled greater use of imaging technology for cheque clearing. Because of
this law, financial institutions are empowered to convert original paper cheques to
electronic images for clearing and processing. This provides a faster, more efficient
method for cheque clearing. Each financial institution should consider the benefits of
image-based cheque clearing and include supporting technology investments into their
competitive strategy.
Financial institutions that continue to exclusively process paper cheques will be hindered
by geographical barriers and limited customer service improvements and will be subject
to unnecessary, anti-competitive overhead costs. Institutions that hesitate are at a
competitive disadvantage.
While the move to full cheque truncation via image exchange will require an initial
investment, the payback period is short and long-term benefits are significant. Financial
institutions that invest in cheque image exchange experience the following financial and
operational improvements:
1. Improved Clearing Times - Cheques enter the clearing process faster as electronic
images since physical transportation to a processing location is eliminated.
The Benefits of As costs to process and transport paper cheques rise, all financial
institu: Cheque Image need to understand the dynamics of paper-based cheque
processing Exchange to implement image-based clearing solutions. Image-based
clearing is at the forefront due to the passage and implementation of the Check
sss.ro,
.)
Act in the USA.
Conclusion Cheques are the largest non-cash payment option in the world today and
remain a critical part of the payments system. All financial institutions
must prepare for cheque image exchange and remember the following:
Check 21 Act
The Cheque Clearing for the 21st Century Act (or Check 21 Act) is a US
Federal law that was enacted on October 28, 2003. The Check 21 Act took
effect one year later on October 28, 2004. The law allows the recipient of
the original paper cheque to create a digital version of the original
cheque (called a "Substitute cheque"), thereby eliminating the need for
further handling of the physical document. This makes cheque processing
faster and more efficient. It is designed to replace the old process
whereby banks must physically move original paper cheques from the
bank where the cheques are deposited to the bank that pays them,
transportation that can be inefficient and costly.
The process of removing the paper cheque from its processing flow is
called truncation. In truncation, both sides of the paper cheque are
scanned to produce a digital image. If a paper document is still needed,
these images are inserted into specially formatted documents containing a
photo-reduced copy of the original cheques called a "Substitute cheque".
Iris recognition has proven its capability in implementing rel security protocols in
various high risk sectors like aviation and defense. However, lately, due to falling
prices of iris found further application in the retail industry.
The banking and financial sector has adopted this system because of its robustness
and the advantages it provides n and making processes more streamlined. The
technology novelty, but, due to exigencies in the banking sector, decreasing profits,
increasing competition and mounting a it became a necessity. The use of biometric
ATMs based on r technology has gone a long way in improving customer a safe and
paperless banking environment.
Iris recognition technology captures the intricate iris patters of an iris scanning device.
This data is then digitized and sti
178
Technology Trends in Financial Sector
for future reference along with some other parameters like name and address. Iris data
is more reliable and durable because the iris is covered by a protective sheath which
protects
you wouldit use
fromthedamage. Due to this durability, an iris recognition system requires only
original cheque."
a single enrolment. Unlike fingerprints, the iris can be imaged from about 1 m away.
This is important as it ensures contactless and clean scanning. Yet, like fingerprints, iris
patterns are unique to individuals. Even identical twins don't have identical patterns nor
does one person's right and left eye. The patterns are stable throughout life.
Iris-based biometric ATMs are more secure than conventional pin-based ATMs because
they require biometric verification which cannot be stolen, copied or faked. Pin- based
security systems can be compromised, leading to losses for the consumer as well as the
bank. Also, customers find it very tedious to remember passwords and pin numbers;
moreover, the task of requesting a new set of passwords is itself fraught with endless
communication to and from the customer and the bank, leading to poor customer
experience.
Before the iris can be imaged, it has to be located in the face. Sensar, Inc. (USA) has
developed camera technology that first identifies the head, then the eyes, and then the
irises. The IriScan algorithm precisely locates the outer and inner borders of the iris, and
detects and excludes the eyelids if they cover part of the iris. The system uses a
mathematical technique called wavelet analysis to translate the image of the iris into a
512-byte pattern. This pattern is called the iris code. Once an iris code is prepared, the
algorithm compares a specific code against a group of codes previously stored in the
computer.
ATMs also use figure prints to authenticate a user. If iris scanning has attracted the
most attention, finger imaging, based on the long-established technology of
fingerprinting, is the most widespread biometric technology and the one favored by
most government agencies, in this approach, an individual places a finger on an optical
scanner, which scans in a digitized image of the person's fingerprint.
■ Resistant to criminal tampering: because veins are hidden inside body, there is
little risk of forgery or theft.
■ The FV pattern is inside the finger and cannot be acquired easily w' consent.
■ High accuracy.
■ Unique and constant: finger vein patterns are different, even a identical twins,
and remain constant through the adult ye
■ Contactless: the use of near-infrared light allows for non-inva,; contactless
imaging that ensures both convenience and deanl' for the user experience.
_ Ease of feature extraction: finger vein patterns are relatively and clearly
captured, enabling the use of low-「esolution came take vein images for
small-size, simple data image proces*
■ Fast authentication speed: one-to-one authentication takes less one second.
■ The authentication device can be compact due to the small fingers.
Stored Value Cards A stored value card refers to monetary value on a card not in an ext recorded
account and differs from prepaid cards where money is on J with the issuer
similar to a debit card. One major difference between value cards and prepaid
debit cards is that prepaid debit cards are issued in the name of individual
account holders, while stored value are usually anonymous/bearer.
The term "stored value ca「d〃 means that the funds and /or physically stored
on the card. With prepaid cards the data is maint computers affiliated with
the card issuer. The value associated card can be accessed using a magnetic
stripe embedded in the which the card number is encoded; using radio
frequency idenf (RFID) or keying in the card number on a POS system key
boa:
Stored value cards are one of the most dynamic and fastest growing j* in the
financial industry. Specific merchant's gift cards, prepaid t cards, prepaid debit
cards, government benefit cards are all exa stored value cards. Certain types
of these cards are being heavily to low-income consumers, especially the
unbanked. Although th may provide consumers with a more effective means
of access and making financial transactions than cash, consumers need to be
that these cards come with a vast array of features, fee structi levels of
consumer protections.
{ OEVALl
' 、 CfflD
PQC6
Given the wide range and complexity of card types and features,
consumers must weigh the benefits of these features against the
additional costs incurred. Cards that have relatively high fees in one
category often tend to have relatively low fees in another category;
for example, higher monthly fees are often associated with lower or
no transaction fees.
Other potential fees to look for include: transaction limit fee, bill
payment fee, reload fee, money transfer fee, out-of-network domestic
ATM transaction fee, inactivity fee, overdraft fee, payday advance fee,
credit-reporting fee, dispute resolution fee, etc.
Stored value cards may not offer all of the consumer protections that
come with traditional checking accounts. Although a reloadable
multipurpose card may provide a level of functionality equal to or
better than a traditional checking account, not all cards offer the
consumer protections enjoyed when holding a traditional checking
account.
Summary during the recent past many technology-based functionalities have been
adopted in banks, especially regarding customer-facing operations.
This is done with the objective of providing better service, improving
asset efficiency, reducing cycle times and bringing efficiency in
general to all functions. Near field communication allow for simple
transactions, data exchange, and connections with a touch. Based on
inductive-coupling, NFC uses loosely coupled inductive circuits to
Ei>erging Technology Trends in Financial Sector 182
exchange power and/or data over a short
distance (usually about four centimeters).
Open source software can be used, modified and improved by anyone ar»c
can be redistributed freely. That is, open source software is made available
under a different type of license that allows users to use, copy, redistribute
and modify the source code.
The main benefits of open source software for most users are that there are
no restrictions on use, and that the software is usually free to acquire.
Programs can be installed on as many computers as required without cosliii
■ http://ezinearticles.com/7Near-Field-Communication-
Technology:- A-New-Evolution!&id=6232795 (NFC)
■ http://www.finextra.com/community/fullblog.aspx7ich4301
(Contact-less)
■ http://www.dww.com/7page_id=1158 (micropayments)
■ http://www.aip.org/tip/INPHFA/vol-6/iss-1 /p20.pdf (Bio-metric
ATM)
■ http://EzineArtides.com/5270066 (Stored value)
■ http://www.ny.frb.org/regional/stored_value_car.dshtml (Stored
value)
■ http://opensourceschools.org.Uk/book/export/html/142 (Open source)
_ http://www.pcworld.com/businesscenter/article/209891 /
10_reasons_open_source_is_good_for_business.html (Open source)
Learing Outcome By the end of this chapter you should be able to:
• State the importance of an organization-wide IT usage policy _ List the
key components essential to an organization-wide IT policy
■ Describe the framework of an optimal IT policy
■ Define the types of user restrictions that can be implemented through
the IT policy
■ Discuss scheduled back-ups
■ Recall Antivirus safeguards
■ State the importance of data confidentiality
Policies and practices create secure networks and safe practices for users who
operate applications. Without the technology, firms are less productive and
without value. It is important to operate within guidelines and enforce IT
compliance. It is the only way to ensure that valuable resources will be there
when needed.
Many information and infrastructure usage policies fail because they do not
consider the importance of people as a key part of policy. It is not enough to
focus on information technology itself. Procedures must be created that respect
users and to some extent their convenience.
Acceptable Use Acceptable Use Policy (AUP, also sometimes known as Acceptable
Policy Policy or Fair Use Policy) is a set of rules applied by thow
manager/administrator of a computer system that restrict the
ways which the system may be used. AUP documents are written
for corpora " businesses, banks and other financial institutions
where the depend on technology is high. The purpose of the
acceptable use policy is to ol the acceptable use of computer
equipment. The rules are made to pr the employee and the
organization. Inappropriate use exposes the co「 to v\sks
\nc\ud\ng v\vus attacks, compTom'ise of network systems
and s and legal issues.
Privileges
The use cf schooi computers a a Is an imegfal p^t df the edu<a«onat pi rogram for il or
all Mutisms, Computer services p?o«l^ me4SKXUS. are not for pentoral private
use, ASO system a物inistrai£»s det®tuine ap{>rop(iac£ use aad access. Tteir decision is final, Stoder筋 have no exp仗laser* ^pmmcf
^t^exxrom d被a. Bfmm Administrators monitor, tog, and may peview a鄉at 遂I fSes aad/or messages,
Ol^fcrJd :RtsfK3«xsil>n)ty
The 森ipiie Seh^sti Dt^Het. taioes mmmsMmy va-y Strtd mcaswes^ suchi
嫌 its jilace m »iai ir^ppp@prt« is «ca 麵铉 _ iM studeitts.
1QS% I細.faet s^ety is not qia&mmmd. a類!.織im 伽 Riacsit wKlcl? «iay ie ©fFenslve may stiH fee The «Js«nct provK^ fes sMe趣 smhtm fa Uasdle m&rn
sfftyattons,
Terms and Coti^iom tntlmks but am oot Smft»d to
Students _i
• oratiputer equlpntte ^ ws^ superv^on of lab iftstnj^or tst fecuty mcmb«r.
* inspect and follow computer dmr/ iser instr«dti©rES.
1
* _师 u讀邮a 咖 mttm, mm m
• ¥®iWm basic net-eiiquetie a«rt M » f©@d stm.f(KKk c&m.
* &sgai够 inIllegal
Sfii__w_ 喊 krfcwlR_ yse sclKKi eqwpoftefit,. ©rfacH»s®5
activities defined m a #k>鏟愁or of kuM, stat^ aed/er federal laws.
;Saga供.in 油汰丨叫 activities \n mm isr紙.ims im^ud«s 6ut 核嵙斑 so corfuj«ing,
• A^ess or distrtbuie pofnogra^i^
ctestraying, or manlpi^ati轉 sp£es« <Ma or hanging oow|»■ぬsr oon%ur破kms.
* Eiase, expire, or reset Jnerao tsteSie, twe& page or HTtF
or S^reaseniig materials.
• om% Mlemily,
n history.
嫌瘰 mrnts iSeatly Of use urnmm^s 觀n獄y fftarry form trf ejectpeoic
げ 給な助
communiciackjtt.
• _ lug ©opyi^ht or tect_J_ _Ms*
Csmfminkate with vttfgar^ er yiwsatieni啤 ia^uage^. graf^iics, or artwork*
誠 減扭
• Um M In^ani
• Htidpafia: in eieccrofttc ^ste§.
政
«集後減 ad_t 卿俯
• S_:賺 ss.』e_ls»
Nott-pislrfeS, iqt^ment A sfedeM iiftay brtn^ in pcrscRaf txm^MwQ -eotnSper^e
• TM助d挪 is sponsored a f&&Mgtmmim.
: oi^y undef _e feH髓in§ coftdHti«is.
•• Tm
Tiie equipment is regisfcefed witii 說 sft-sae computer i»chaicia«,
distri^ pftivided artti-vbiis ssft^am and personal is snsMed.
PKJter Personal equipment fails ufi^r tM same rules as disme 侧關^1 equipment.
rm Mi d縱net p^icy is found at:
In some cases, AUP documents are also named Internet and E-mail policy, Internet
AUP, or Network AUP and also Acceptable IT Use Policy. These documents, even
though named differently, largely provide policy statements as to what behavior is
acceptable from the users when utilizing the company's IT infrastructure.
The most important part of an AUP document is the code of conduct governing the
behavior of a user whilst connected to the network/Internet. The code of conduct
may include some description of what may be called netiquette (the correct or
acceptable way of communicating on the Internet) which includes such items of
conduct as using appropriate/polite language while online, avoiding illegal activities,
ensuring that activities the user may embark on should not disturb or disrupt any
other user on the system, and caution not to reveal personal information that could
be the cause of identity theft.
Most AUP statements outline consequences of violating the policy. Such violations are
met with consequences depending on the gravity of breach. Employers will at times
withdraw the service from employees, although a more common action is to
terminate employment when violations may be hurting the employer in some way, or
may compromise security.
User Privilege Policy Network administrators, IT managers and security professionals are not only
aware but concerned about the damage a typical end user can cause on the network,
accidently or deliberately. It has been proven over and over again that most attacks
come from within the bounds of the firewall performed by employees and authorized
users. That's why it has become
As already stated, the importance of the principle of least privilege grown in recent
years, that is after the increased dependence of co on IT and as companies
scrambled to protect network assets and re The idea behind this principle is that if
the users can be limited with abilities, then their scope of damage can be limited
and hopefully The objective is to give users only the access and privileges they
complete their duties and assignments. What is not desired is to give much and
unnecessary access to users, especially administrative
This means giving a user only those privileges which are essential his/her work. For
example, a backup user does not need to install so hence the backup user has
rights only to run backup and backup-r applications. Any other privileges like
installing software etc. are b Employees working at different levels and functions
are assigned and privileges based on their job responsibilities. Users may be alio
not allowed to use the Internet, the rights to use secondary remc media may be
revoked and only specific fields of a database may be v to different users. Rights
and privileges are generally determined a—! approved by the Management in
consultation with the HR departmer: finally implemented technically by the IT
function.
Based on the PLP, three main categories of users may be defined computer or
network. These categories include:
1. Restricted user - Can operate the computer and save documents can't save
system settings, (routine user)
2. Standard user (power user) - Can change many system settings install
programs that don't affect operating system
3. Administrators - Have complete access to read and write any the system
and add or remove any programs or change system
The majority of users on most common networks should be restricted on their local
computers. Only users with special training or a neec additional access should be
allowed to change system settings and
programs that are not operating system programs. This is because
many viruses and adware or spyware may be installed in a subtle
manner by tricking the user or the installation may be completely
transparent to the computer user. If the user does not have the ability
Data Backup Backup, or the process of backing up, is making and keeping copies of
data which may be used to restore the original after a data loss event.
When further analyzing the above list, it is obvious that the first point
is the main reason why data is kept. However, the second bullet point
is why a policy is needed - organizations don't necessarily want to
keep everything indefinitely if they don't have to. The objectives of a
data retention policy are straightforward: cost savings through data
storage reduction, simplified, less expensive data management, and
regulatory compliance.
Since a backup system contains at least one copy of all data worth
saving, the data storage requirements are considerable. Organizing this storage
space and managing the backup process is a complicated undertaking.
In the modern era of computing there are many different types of
data storage devices that are useful for making backups. There are
also many different ways in which these devices can be arranged to
provide geographic
■ Will notify users of any credible virus threats via e-mail and online
bulletin.
Summary While written policies are important for all organizations, in banks and
other financial institutions this need is even more vital. A bank must
have organization-wide standard policies and procedures for all its
functions including IT and data management. Typical relevant
documentation that should exist in organizations includes policies,
standards, guidelines and procedures.
Learing Outcome By the end of this chapter you should be able to:
■ Discuss the concept of outsourcing and in-sourcing
■ Define managed services and discuss how and where these
services can be used
There are many reasons that companies outsource various jobs, but the
most noticeable advantage seems to be the fact that it often saves
money. Many of the companies that provide outsourcing services are
able to do the work for considerably less money, as they have lean
structures and fewer overhead expenses to worry about. The outsourcing
firms are therefore able to operate on lower costs because of economies
of scale. Outsourcing also allows companies to focus on other more
important business issues while having the details taken care of by
outside experts. This means that a large amount of time, resources and
attention, which might fall on the shoulders of in-house professionals,
can be used for more important, broader and strategic issues within the
company. The specialized company that handles the outsourced work is
often streamlined, with first-rate capabilities and access to new
technology that a company could not afford to buy on its own. In
addition, if a company is looking to expand, outsourcing is a cost-
effective way to start building foundations in other countries.
Mine Outsourcing A relatively new concept is online outsourcing, which has become
popular with the ubiquity of the Internet. Online outsourcing is a
method by which companies can increase profit margins and sometimes
keep more workers employed at the same or even less cost.
Homeshoring, for example, is the process of hiring a third party
contractor (mostly an individual) who works from home to carry out
business processes. The employee can carry out tasks such as
processing customer service calls, invoicing customers, proofreading and
editing, marketing, or other more technical tasks such as software and
website development. In turn, the company may pay the home working
employee a lower rate than a permanent on-site employee and will
often save on costs by not providing that employee with health
tnsurance or other benefits. The employee often saves money by not
having
Outsourcing Challenges As companies evaluate their outsourcing choices, they need to keep in
mind that there are challenges of outsourcing and if these challenges
outweigh the advantages of outsourcing, then firms should avoid
availing these options.
Services 202
quality standards. In addition, the client firm will lose the ability to
rapidly respond and react to changes in the business environment.
5. Tied to the Financial Well-Being of another Company
Since the client firm will be turning over part of their business operations
to another company (although non-core activities), it will now be tied to
the financial well-being of that company. It is not uncommon for an
outsourcing company to go bankrupt and leave its clients in financial
disorder.
6. Bad Publicity and Ill-Will
The word "outsourcing" brings to mind different things to different
people. Most people have heard of job cuts resulting from outsourcing
operations. In many situations, morale may suffer in the work force of
the client company which may lead to serious performance problems.
Proactive change management must be carried out to handle human
resource issues associated with outsourcing.
m mother
m p&m Poor 饿
m m鋼卸 !^er
Vendor Services
money, and it doesn't have the negative implications associated with
many forms of outsourcing. Some companies practice this regularly
and claim to always promote from within, which can be an attractive
point for employees looking for opportunities to advance in their
careers to stay with the same firm.
Managed Service
Providers A managed service provider (MSP) provides delivery and
network-based services, applications and equipment to client
and organizations. Managed service providers can be hostir^
or access providers that offer services that can include fully
network management arrangements, including advanced fe
telephony, messaging and call center, virtual private netw
managed firewalls, and monitoring/reporting of network these
services can be performed from outside a company's int MSPs
serve as outsourcing agents for companies, especially providers
like ISPs, that don't have the resources to constantly maintain
faster and faster computer networks.
Contracts and agreements for managed services are usually shorter than
those for strategic outsourcing. The latter can often be created to run for
between three and ten years, whereas managed services contracts run
for as little as 12 months, and for up to two odd years. One reason for
this is the one-to-many delivery model enables the service provider to
achieve a shorter payback period for the service offered. Pace of IT
enhancement is much faster with MSPs for many reasons, including
competition amongst the MSPs. From the point of view of the clients,
shorter duration of contracts is suitable due to changing business
conditions. Even with a one-to-one delivery model, it is still a shorter
payback period for MSP as the one-to- one model takes the basic
service and modifies it for a particular customer. A service is usually not
always created from scratch for a new customer.
Not to forget that one of the roles of the MSP is to ensure that the
organization is making best use of the service, so it will be appropriate
client management takes into consideration points raised by the
Managed IT Services - From crashed hard drives to computers that just won't start, the part
Examples of managed IT services is basic maintenance of computers and
equipment. In an organization of any size, small or large, computers
relied on to perform almost all duties - from typing to design, ma,J and
many other functions. Programs are used for all sorts of industries, as we
get more technologically advanced, our systems get more co and prone
to problems and failures. Rather than risking making the worse by trying
to fix problems, call in the experts with IT services ensure that computer
equipment stays up and running at all tic addition to maintenance, other
managed services include the f:
■ Network Management
The network controls all computers within an organization. If the
goes down, very often that means that every computer within the
also goes down, leaving the entire office unable to continue Network
management services guarantee quick response times, network
health and outstanding technical support, allowing the ゴ to not
lose any valuable time in the event of a network problem. A r:
managed IT services firm will offer network management for a fixed
fee, regardless of the number of hours used.
■ Remote Backups
Managed IT services ensure that valuable data is kept safe and secure at
all times. Unfortunately many businesses still do not realize the
importance of having effective data or server backup. A remote backup
and data recovery service ensures that the critical data is properly
backed up to an offsite location. This means that businesses never have
to worry about losing precious data in the event of a system or server
crash. Service providers should also have the necessary technology for
full data recovery in case of data loss.
Service Level A Service Level Agreement (SLA) is a negotiated agreement between two
Agreements parties where one is the customer and the other is the service provider.
SLAs have been used since the late 1980s by fixed line telecom
operators as part of their contracts with their corporate customers. This
practice has spread such that now it is common for a customer to
engage a service provider by including a service level agreement in a
wide range of service contracts in practically all industries and markets.
Internal departments (such as IT, HR, etc.) in larger organizations have
adopted the idea of using service level agreements with their "internal"
customers also - users in other departments within the same
organization.
Service level agreements are, by their nature, "output" based - the result
of the service as received by the customer is the subject of the
"agreement", that is, the "agreement" relates to the services the
customer receives, and not how the service provider delivers that service.
However, organizations can also specify the way the service is to be
delivered, through a specification (a service level specification) and using
subordinate "objectives" other than those related to the level of service.
This type of agreement is known as an "input" SLA. This is becoming
obsolete as organizations become more
Third-party A service bureau is a company which provides business services for a fee.
Service Bureau The term has been extensively used to describe
technology-based services to financial services companies, particularly
banks. Customers of service bureau typically do not have the scale or
expertise to incorporate these services in their internal operations and
prefer to outsource them to a service bureau. Outsourced payroll
services are a commonly provisioned service from a service bureau.
Service bureau may offer a variety of software packages, batch
processing services (data entry, COLD, etc.) as well as custom
programming.
Software as a Service (SaaS) has the potential to transform the way information
technology (IT) departments relate to and even imagine their role as providers of
computing services to the rest of the enterprise. The emergence of SaaS as an
effective software delivery mechanism creates an opportunity for IT departments to
change their focus from deploying and supporting applications to managing the
services that those applications provide. A successful service-centric IT, in turn,
directly produces more value 1 for the business by providing services that draw
from both intemai and external sources and align closely with business goals.
SOA is all about making disparate systems work together seamlessl>- with its
loosely coupled nature, allows enterprises to plug in new or upgrade existing
services in a gradual fashion to address the new requirements, provides the
option to make the services consumable different channels, and exposes the
existing enterprise and legacy app' as services, thereby safeguarding existing IT
infrastructure inves'
Summary Modern businesses need to develop specific capabilities to survive
andprosper.
Technology is the enabler of these capabilities. Technology-based
capabilities are costly to acquire and maintain, and one solution is
outsourcing. Outsourcing is contracting with another company or
person to do a particular function. Almost every organization
outsources in some way.
Despite all its advantages, not all outsourcing alliances are successful.
The most common causes of outsourcing relationship failures include
poorly defined goals and requirements and a lack of outsourcing
contract management capability, the inability of parties to consider
each other's interests and lack of communication.
http://www.outsourcing-center.com/
Reference
2004-08-what-causes-outsourcing-failures-article-37826.fc
Links
http://www.butlergroup.com/
research/reportHomePages/Managed%20Services/
MS_Management_Summary.pdf
http://EzineArtides.com/4472862
http://www.ctmea.com/2011 /04/06/huawei-banks-on-managed
IT audit framework/standardization
Basic Principles Information Technology plays an important and vital role in all sectois society. As a
consequence, security has become an essential com; of IT. However, it is a complex
subject and the appropriate measures often depend, to a large extent, on the type and
location of the IT equi: nature of business, budget constraints and the willingness to
counter
The potential security threats and risks have to be carefully assesses! every situation. It
is absolutely vital that all concerned are made a the threats and risks that may affect
them, and over which they •* control. Only then will they fully understand and apply
the apprザ ノ _ security procedures.
In order to fully appreciate security, it is necessary to understand what is. Risk in terms
of security may mathematically be characterized bf. equation; Risk = (Threat x
Vulnerability) / Counter-mea
The threat represents the type of action that is likely to be of harm, vulnerability
(sometimes called flaws or breaches) represents the exposure to threats in a
particular context. Finally, the countermc all of the actions implemented to prevent
the threat.
The likelihood that a threat will use a vulnerability to cause harm a risk. When a threat
does use a vulnerability to inflict harm, it _
218
impact. In the context of information security, the impact is a loss of availability,
integrity, and confidentiality, and possibly other losses (lost income, loss of life, loss of
real property).
The countermeasures to be implemented are not only technical solutions but also
include user training and awareness as well as dearly defined rules.
The IT security guarantees the right to access a system's data and resources by setting
up authentication and control mechanisms that ensure that the users of these
resources only have the rights that were granted to them.
The need for IT security in banks and financial institutions ni^ justification. Financial
institutions must ensure security of its IT infml and data. Financial institutions spend
handsome amounts on security" The State Bank of Pakistan (SBP) has also asked
banks to adopt ' " security standards to ensure safety, security and maintenance of
transactions. Banks must design fool-proof data security processes has issued various
guidelines on critical subjects pertaining to continuity and data security and safety..
Some IT security and related standards that are available for institutions include:
ISO/TR 17944:2002 Banking - Security and other financial Framework for security in
financial systems. It provides a fra standards dealing with security that are deemed
necessary for the industry. It consists of an inventory of the key security issues in the
financial industry.
Cryptography
Information security uses cryptography to transform usable info a form that
renders it unusable by anyone other than an auth this process is called
encryption. Information that has been (rendered unusable) can be transformed
back into its original by an authorized user, who possesses the cryptographic
key,
process of decryption. Cryptography is used in information security to protect
information from unauthorized or accidental disclosure while the information is in transit
and while information is in storage.
Firewal 丨 ing
Firewall is a first line of defense and protective barrier between the company's internal
network and the outer world. It can be a software or hardware and it is configured and
Ethical issues in information systems have been given new urgency by the rise of the
Internet and electronic commerce. Internet and digital firm technologies make it easier
than ever to assemble, integrate, and distribute information, unleashing new concerns
about the appropriate use of customer information, the protection of personal privacy,
and the protection of intellectual property. Insiders with special knowledge can "fooi 〃
information systems by submitting phony records, and diverting cash, on a scale
TREND IMPACT
During the audit (IT and others), the auditors primarily look for
evidence that indicate
■ The organization has designed effective controls to address their
compliance requirements and that there are no design
deficiencies.
* ■ The organization consistently applies the controls they have designed
The primary functions of an IT audit are to evaluate the systems that in place to guard
an organization's information. Specifically, infor technology audits are used to evaluate
the organization's ability to its information assets and to properly dispense information
to aut parties. The IT audit aims to evaluate the following:
■ Will the organization's computer systems be available for the b at all times when
required? (known as availability)
■ Will the information in the systems be disclosed only to au users? (known as
security and confidentiality)
■ Will the information provided by the system always be acc reliable, and timely?
(measures the integrity)
In this way, the audit hopes to assess the risk to the company's va asset (its information)
and establish methods of minimizing those
Use of computer facilities has brought about radically different ways processing,
recording and controlling information and has combined r : previously separated
functions. The potential for material systems error ** thereby been greatly increased
causing great costs to the organiza" e.g., the highly repetitive and real-time nature of
many computer applica " means that small errors may lead to large losses. An error in
the calcu「 一 of Income Tax to be paid by employees in a manual system will not in
each case but once an error is introduced in a real-time computer system, it will affect
each case. A bank may suffer huge losses on acc* of an error of rounding off to next
rupee instead of nearest rupee, makes it imperative for the auditor to test the invisible
processes, and identify the vulnerabilities in a computer information system as the c
involved, because of errors and irregularities, can be extremely ■'
The following (non-universal) process describes the general activities auditors conduct
during an audit:
■ Working with the auditor early in the process to understand the key areas on which they
plan to focus during the audit. In some cases, organizations can reprioritize projects to
ensure to address what the auditors see as key risks in the environment, thus avoiding
deficiencies in the audit.
■ Organize IT controls to work with the framework that the auditors use. This will help
ensure that the organization being audited and auditors communicate clearly about the
regulatory objectives.
■ Take advantage of an IT controls framework. This will help to more effectively address a
variety of regulations with a single set of controls.
Audits must be methodically performed by examining and reviewing the requirements and
the actions being performed against them. Audits are essential not only for the individual or
company, they are essential to protect those who have a vested interest in the operations.
Accuracy is another important quality of a good audit. All records and information must be
accurate. Records may be accurate for their content but if they do not contain all applicable
information then they are incomplete and unreliable.
In relation to the characteristic of accuracy data that is accurate can be considered reliable.
Reliability is a factor upon which companies must base decisions. Reliable sources of
information or documentation means the data or source can be trusted.
Another good audit principle involves the qualifications of individuals conducting an audit.
Management has to decide what to reasonably invest for security and control in IT and
how to balance risk and control investment in an often unpredictable IT environment. While
information systems security and control help manage risks, they do not eliminate them. In
addition, the exact level of risk can never be known since there is always some degree of
uncertainty. Ultimately, management must decide on the level of risk it is willing to accept.
Judging what level can be tolerated, particularly when weighted against the cost, can be a
difficult management decision. Therefore, management clearly needs a framework of
generally accepted IT securit| and control practices to benchmark the existing and planned
IT environmenc The Committee of Sponsoring Organization's (COSO) Integrated Framewort
has been often the framework that dictated all internal control assessment and testing.
However, with the introduction of the Information System; Audit and Control Association's
(ISACA) Control Objectives for Information Technology (COBIT), the adaptation by auditors
both internal and external has been gaining ground.
Business orientation is the main theme of COBIT. It is designed to employed not only by
users and auditors, but also, and more impo as comprehensive guidance for
management and business process o Increasingly, business practice involves the full
empowerment of be:: process owners so they have total responsibility for all aspects of
business
The Framework consists of a set of 34 high-level Control Objectives, for each of the IT
processes, grouped into four domains: planning organization, acquisition and
implementation, delivery and suppor monitoring. This structure covers all aspects of
information and the tedsr that supports it. By addressing these 34 high-level control
objectives, business process owner can ensure that an adequate control s provided for
the IT environment.
IT governance guidance is also provided in the COBIT Framework. IT
governance provides the structure that links IT processes, IT resources
and information to enterprise strategies and objectives. IT governance
integrates optimal ways of planning and organizing, acquiring and
implementing, delivering and supporting, and monitoring IT
performance. IT governance enables the enterprise to take full
advantage of its information, thereby maximizing benefits, capitalizing
on opportunities and gaining competitive advantage.
ITIL was published between 1989 and 1995. Its early use was
principally confined to the UK and Netherlands. A second version of
ITIL was published as a set of revised books (hence library) between
2000 and 2004.
Disaster might occur anytime, so all and especially IT-dependent businesses must be
prepared. Depending on the size and nature of the business, a plan is designed to
minimize the disruption of disaster and help keep the business to remain competitive.
Due to the advancement of Information Technology (IT), business nowaday depends heavily
on IT. With the emergence of e-business, many business^ can't even survive without
operating 24 hours per day and 7 days a week. A single downtime might mean disaster to
their busines Therefore the traditional Disaster Recovery Plan (DRP), which focuses restoring
the centralized data center, might not be sufficient. A comprehensive and rigorous Business.
Continuity Plan (BCP) is needed to achieve a state of business conti \wheve cvitical systems
and networks are continuously availab
Business Continuity Plan is needed when there is a disruption to the whether from a n
equipment failure or a natural disaster. The Be:' Continuity Plan should cover the
occurrence of following ev
With the shift of IT structure from centralized processing to disT computing and client/
server technology to world-wide, thanks to WANs and the Inte;■一 company's data are
now located across the enterprise and arot world. Therefore it is no longer sufficient to
rely on IT departmen: in Business Continuity Planning, all executives, managers and 0
must participate.
Business continuity planning - where a plan is developed that» implemented, will help
to prevent operational interruptions, cr disasters happening and will help the
organization quickly return :a of 'business as usual' should any of these events occur.
Once it
preparedthebusinesscontinuity p)anmust betestedandext
ensure that it will perform as anticipated.
Proactive measures
Proactive measures are designed for the prevention of interruptions to organizational activities.
The essence of good business continuity management is the identification and
implementation of measures which can be put in place to proactively prevent operational
interruptions taking place, and to prevent crises and disasters occurring. Business continuity
management, at its highest level, is about keeping organizations operating at their maximum
capability.
Reactive measures
Reactive measures are designed for recovery from interruptions to organizational activities.
Business continuity management programs includes plans for the reactive measures that will
be taken should the proactive measures that are in place fail, become overwhelmed, or are
bypassed by some unforeseen and unexpected crisis. Reactive measures enable the
organization to return to an acceptable level of operations within a desired timescale
following an interruption, disaster or crisis.
Culture change
Business continuity management programs involve an exploration of organizational culture.
Effective programs will utilize change management techniques to ensure that the
organization encourages a culture where all employees are sufficiently aware of everyday
risks and their individual responsibility to report, manage and mitigate risks.
A BCP contains a governance structure often in the form of a committee that will ensure
senior management commitments and define senior management roles and responsibilities.
The BCP senior management committee is responsible for the oversight, initiation, planning,
approval, testing and audit of the BCP. It also implements the BCP, coordinates activities,
approves the BIA survey, oversees the creation of continuity plans and reviews the results
of quality assurance activities.
■ Security Officer works with the coordinator to ensure that all a the BCP meet the
security requirements of the organiz
_ Chief Information Officer (CIO) cooperates closely with the BCP coor
and IT specialists to plan for effective and harmonized con"
The BCP committee is commonly co-chaired by the executive sponsar the coordinator.
The purpose of the BIA is to identify the organization's mandate and services or
products; rank the order of priority of services or pr continuous delivery or rapid
recovery; and identify internal and impacts of disruptions.
Ranking
Once all relevant information has been collected and assembled, rankings for the critical
business services or products can be produced. Ranking is based on
IT Security and Risk Mitigation 230
the potential loss of
revenue, time of recovery and severity of impact a disruption would cause. Minimum service
levels and maximum allowable downtimes are then determined.
Identify dependencies
It is important to identify the intemai and external dependencies of critical services or
products, since service delivery relies on those dependencies.
External dependencies include suppliers, any external corporate assets sua as equipment,
facilities, computer applications, data, tools, vehicles, and any external support services
such as facility management, utilities, communications, transportation, finance institutions,
insurance providefs. government services, legal services, and health and safety service..
The degree of redundancy determines the systems availability. So anotiiar way to look at
this concept is in terms of availability. In IT, 99.999 (oftai called "five 9s") refers to a
desired percentage of availability of a gj.vai| system or a system's component; a server
or a router.
Availability can be high or low as required based on criticality of data sensitivity of
operations. 99.9999% (six-nines) availability does only
for 32 seconds or less of downtime per year 99.999% (five-nines) availability allows for 5
minutes and 15 seconds or less of downtime per year 99.99% (four-nines) availability allows
for 52 minutes, 36 seconds or less of downtime per year 99.9% (three-nines) availability
allows for 8 hours, 46 minutes or less of downtime per year 99% (two-nines) availability
allows for 3 days 15 hours and 40 minutes per year. Companies may select a suitable level of
redundancy based on the nature of their work and budget.
Another example would be a company that uses paper forms to keep track of inventory until
computers or servers are repaired, or electrical service is restored. For other institutions, such
as large financial firms, any computer disruptions may be unacceptable, and an alternate site
and data replication technology must be used.
The risks and benefits of each possible option for the plan should be considered, keeping
cost, flexibility and probable disruption scenarios in mind. For each critical service or product,
choose the most realistic and effective options when creating the overall plan.
Response preparation
Proper response to a crisis for the organization requires teams to lead and support recovery
and response operations. Team members should be selected from trained and experienced
personnel who are knowledgeable about their responsibilities.
The number and scope of teams will vary depending on organization's size, function and
structure, and can include:
■ Command and Control Teams that include a Crisis Management Team, and a Response,
Continuation or Recovery Management Team.
■ Task Oriented Teams that include an Alternate Site Coordination Team, Contracting and
Procurement Team, Damage Assessment and Salvage Team, Finance and Accounting
Team, Hazardous Materials Team, Insurance Team, Legal Issues Team,
Telecommunications/ Alternate Communications Team, Mechanical Equipment Team,
Mainframe/
' Midrange Team, Notification Team, Personal Computer/ Local area Network Team, Public
and Media Relations Team, Transport Coordination Team and Vital Records Management
Team
The duties and responsibilities for each team must be defined, and include identifying the
team members and authority structure, identifying the specific team tasks, member's roles
and responsibilities, creation of contact lists and identifying possible alternate members.
For the teams to function in spite of personnel loss or availability, it may be necessary to
multitask teams and provide cross-team training.
Alternate facilities
If an organization's main facility or Information Technology assets, ne and applications
are lost, an alternate facility should be available, are three types of alternate facility:
1. Cold site is an alternate facility that is not furnished and equipped operation.
Proper equipment and furnishings must be installed be: operations can begin, and a
substantial time and effort is require: make a cold site fully operational. Cold sites
are the least ex option and may take a week or more to become operational
computing and data processing point of view.
When considering the type of alternate facility, consider all factors, i threats and risks,
maximum allowable downtime and cost.
In this context the business managers and IT managers must calculate acceptable
Response Time Objective (RTO). The RTO is a goal or an time in which it is necessary to
make a specific function or service available following an interruption, in essence, the
RTO represents maximum amount of time before an organization is negatively imp - by
the interruption of one of its core business processes or functions, this reason, the task of
establishing the recovery time objective mus: at the business level and not the systems
(technology) I
Recovery time objective (RTO) is therefore, the key metric to determine the disaster recovery
(DR) level required to recover business processes and applications. RTO is reciprocally
proportional to the cost of disaster recovery: The closer RTO is to zero, the more expensive
BCP/DR provisioning will be.
For security reasons, some organizations employ hardened alternate sites. Hardened sites
contain security features that minimize disruptions. Hardened sites may have alternate power
supplies; back-up generation capability; high levels of physical security; and protection
from electronic surveillance or intrusion.
■ Having all employees and staff briefed on the contents of the BCP and aware of their
individual responsibilities
■ Having employees with direct responsibilities trained for tasks they will be required to
perform, and be aware of other teams' functions
Exercises
After training, exercises should be developed and scheduled in order to achieve and
maintain high levels of competence and readiness. While exercises are time and resource
consuming, they are the best method for validating a plan.
Exercise complexity level can also be enhanced by focusing the exercise on one part of the
BCP instead of involving the entire organization.
Internal review
It is recommended that organizations review their BCP:
■ On a scheduled basis (annually or bi-annually)
■ When changes to the threat environment occur;
■ When substantive changes to the organization take place; and
■ After an exercise to incorporate findings.
External audit
When auditing the BCP, consultants nominally verify:
■ Procedures used to determine critical services and processes
■ Methodology, accuracy, and comprehensiveness of continuity plans
2. Deficiencies in the tests. Organizations that spend the time, effort expense to
construct BCPs but do not test them are not map^ their investments wisely. Most
likely, these firms will not be abiie^ successfully enact their BCPs when a crisis begins.
Merely docu a plan does not guarantee success. To ensure usability, a BCP diligently,
comprehensively and consistently tested. Live testinf trains the staff. When a crisis
ensues, staff members who have through the tests are prepared to act with
confidence.
These changes must be addressed within the BCP process, alternative business
operation and backup sites should be evaluated to assess functionality and
compatibility with the BCP plan.
4. Lack of senior management involvement. A BCP project will off the ground
without backing from the company leaders, from the top can eliminate
resistance to the tedious tasks of testing and maintaining BCPs. Senior
management must enterprise wide compliance. BCP coordinators need to know
empowered to work with line managers to protect the
The PCI DSS (Payment Card Industry Data Security Standard), a set comprehensive
requirements for enhancing payment account data was developed by the founding
payment brands of the PCI Security St Council, including American Express,
Discover Financial Services International, MasterCard Worldwide and Visa Inc. Inc.
International, to facilitate the broad adoption of consistent data security measures
global basis.
The PCI DSS is a multifaceted security standard that includes requir for security
management, policies, procedures, network architecture,c design and other
critical protective measures. This comprehensive s
is intended to help organizations proactively protect customer account data.
The PCI Security Standards Council is responsible to enhance the PCI DSS as needed
to ensure that the standard includes any new or modified requirements necessary to
mitigate emerging payment security risks, while continuing to foster wide-scale
adoption.
To be PCI complaint, companies must fulfill 12 requirements for best security practices
including the use of a firewall between wireless network and their cardholder data
environment, use of latest security and authentication such as WPA/WPA2, and to use
a network intrusion detection system.
Managing IT risk is part of running any business these days. Regardless of the
business, understanding IT risk helps increase network security, reduce management
costs and achieve greater compliance posture.
Failure to identify, assess and mitigate IT risk sets the business up for serious security
breaches and financial losses down the road. And those that think managing IT risk is
the job solely of the IT staff are in for a big shock.
Today's IT risk environment is more threatened than ever thanks to the growth in
sophisticated malware attacks and security vulnerabilities, with Web 2.0 (the new
generation of Internet with more powers to users) adoption adding new layers of IT
risk. Regulations continue to increase, placing additional costs on organizations to
meet these new requirements. Organizations need an intelligent approach when it
comes to assessing IT risk and managing compliance. IT risk can be defined as any
threat to the information technology, data, critical systems and business processes.
It's critical to the IT risk management process that executives are inf of threats and
assist in assessing the business impact these risks pose, sign off on the risk position.
Only when the IT and executives are al in the identification, assessment and
remediation of IT risk can a co achieve higher levels of security and compliance.
The results of qualitative risk assessments are inherently more difficult to concisely
communicate to management. Qualitative risk assessments typically give risk results of
"High", "Moderate" and "Low". However, by providing the impact and likelihood
definition tables and the description of the impact, it is possible to adequately
communicate the assessment to the organization's management.
OCTAVE®
The Software Engineering Institute (SEI) at Carnegie Mellon University developed the
Operationally Critical, Threat, Asset and Vulnerability Evaluation (OCTAVE) process. The
main goal in developing OCTAVE is to help organizations improve their ability to
manage and protect themselves from information security risks. OCTAVE is workshop-
based rather than tool based. This means that rather than including extensive security
expertise in a tool, the participants in the risk assessment need to understand the risk
and its components. The workshop-based approach espouses the principle that the
organization will understand the risk better than a tool and that the decisions will be
made by the organization rather than by a tool.
FRAP
FRAP is The Facilitated Risk Assessment Process. It is based upon implementing risk
management techniques in a highly cost-effective way. FRAP uses formal qualitative
risk analysis methodologies using Vulnerability Analysis, Hazard Impact Analysis, Threat
Analysis and Questionnaires. Moreover, FRAP stresses pre-screening systems and only
performing formal risk assessments on systems when warranted. Lastly, FRAP ties risk
to impact using the Business Impact Analysis as a basis for determining impact.
COBRA
The Consultative, Objective and Bi-functional Risk Analysis (COBRA takes the approach
that risk assessment is a business issue rather than a technical issue. It consists of
tools that can be purchased and then utilized to perform self-assessments of risk,
while drawing on the expert knowledge embedded in the tools.
Transference
Transference is the process of allowing another party to accept the risk or the
company's behalf. This is common in personal lives also. Car, health and life insurance
are all ways to transfer risk. In these cases, risk is transferred from the individual to the
insurance company. Note that this does not decrease the risk likelihood or fix any
flaws, but it does reduce the overall impact (primarily financial) on the organization.
Acceptance
Acceptance is the practice of simply allowing the system to operate wiii a known risk.
Many low risks are simply accepted. Risks that have an extremely high cost to mitigate
are also often accepted. IT managers n»s3 ensure that this strategy is in writing and
accepted / signed by the manager(s) making the decision. Often risks are accepted
that should have been accepted, and then when the penetration occurs, the IT s
personnel are held responsible. Typically, business managers, not IT s personnel, are
the ones authorized to accept risk on behalf of an organi
Avoidance
Avoidance is the practice of removing the vulnerable aspect of the s or even the
system itself at times. The idea is to avoid the risk by elimi the risk cause and/or
consequence e.g., forgo certain functions of system or shut down the system
when risks are identified. Another ex can be of a project where the team
changes the project plan to elir the risk or to protect the project objectives from
its impact. The team achieve this by changing scope, adding time, or adding
resources.
Ethical dilemmas usually arise from a clash between competing goals, responsibilities,
and loyalties. Since information technology is ever evolving and can be devious in
unanticipated ways, the definition of ethics in regard to IT continues to develop. New
technology creates a new condition leading to revised ethics policy.
Businesses collect data for a variety of reasons-for marketing forecasts and user
preferences, for measuring user satisfaction, for measuring employee performance, and
so on. In most instances, individual consent is required before collecting the data,
while providing the reasons for doing so. The data collected should be relevant to
these reasons and should not violate anyone's privacy. How data are collected needs
closer attention, individual consent is a prerequisite. People should know if and how
they are being observed to obtain information.
Transforming data into information is the next critical process since it directly affects
the accuracy of information. Compromising accuracy in processing data is unethical.
How and where data are stored requires special attention since data need protection
from unauthorized access. Finally, how data are used and presented is extremely
important. As with collection, data should be used only for the intended purpose. For
example, a lender using data to determine a credit rating should interpret the
information accurately and assess it carefully. Carelessness may hurt either the
borrower or the lender.
business-continuity-planning_559
http://www.publicsafety.gc.ca/prg/em/gds/bcp-eng.aspx
http://www.altalsec.com/lnternational_Security_Standards.php
compliance
Cyber Crime Cyber crime generally refers to criminal activity where a computer or
network is the source, tool, target, or place of a crime. These
categories are not exclusive and many activities can be characterized as
falling within one or more. Additionally, although the terms "computer
crime" and "cyber c「ime〃 are more properly restricted to describing
criminal activity in which the computer or network is a necessary part
of the crime, these terms are also sometimes used to include
traditional crimes, such as fraud, theft, blackmail, forgery, and
embezzlement, in which computers or networks are used. As the use of
computers has grown, computer crime has become a more important
and discussed issue in terms of its consequences and solutions:
The Ordinance covers provision for illegal and criminal acts such as
data access, data damage, system damage, electronic fraud, electronic
forgery, spamming, spoofing, cyber terrorism, etc.
Punishments under this Ordinance range from two years to the death
penalty. Selected offences and punishments according to this
Ordinance are mentioned below:
Criminal access:
Whoever intentionally gains unauthorized access to the whole or any
part of an electronic system or electronic device with or without
infringing security measures, shall be punished with imprisonment of
either descriptkai for a term which may extend to two years, or with a
fine not exceeding three hundred thousand rupees, or with both.
Data damage:
Whoever with intent to iWegaWv gain or cause harm to the public <nj
person, damages any data shall be punished with imprisonment d
description tor a term which may extend to three years, or with a with
both.
Electronic fraud:
Whoever for wrongful gain interferes with or uses any
data^ svs\em ov e\ec\Ton\c dev'\ce ot \nduces auv
petson to entet into a: or with intent to deceive any person,
which act or omi ' cause damage or harm to that person or
any other person, with imprisonment of either description
for a term which
Electronic forgery:
Whoever for wrongful gain interferes with data, electronic system or
electronic device, with intent to cause damage or injury to the public
or to any person, or to make any illegal claim or title or to cause any
person to part with property or to enter into any express or implied
contract, or with intent to commit fraud by any input, alteration,
deletion, or suppression of data, resulting in unauthentic data with
the intent that it be considered or acted upon for legal purposes as if
it were authentic, regardless of the fact that the data is directly
readable and intelligible or not, shall be punished with imprisonment
for a term which may extend to seven years, or with a fine, or with
both.
Malicious code:
Whoever willfully writes, offers, makes available, distributes or
transmits malicious code through an electronic system or electronic
device, with intent to cause harm to any electronic system or resulting
in the incorporation, distribution, alteration, suppression, theft or loss
of data commits the offence of malicious code. Provided that the
provision of this section shall not apply to the authorized testing,
research and development or protection of an electronic system for
any lawful purpose. Whoever commits the offence shall be punished
with imprisonment of either description for a term which may extend
to five years, or with a fine, or with both.
Spamming:
Whoever transmits harmful, fraudulent, misleading, illegal or
unsolicited electronic messages in bulk to any person without the
express permission of the recipient, or causes any electronic system to
show any such message or is involved in falsified online user account
registration or falsified domain name registration for commercial
purpose commits the offence of spamming.
Spoofing:
Whoever establishes a website, or sends an electronic message with a
counterfeit source intended to be believed by the recipient or visitor
or its electronic system to be an authentic source with intent to gain unauthorized
access or obtain valuable information which later can be used for any
lawful purposes commits the offence of spoofing.
The law states the "Legal recognition of electronic form" saying that m
document, record, information communication or transaction will be
deniei legal recognition, admissibility, validity, proof or enforceability
on tic grounds that it is in electronic form and has not been attested b\
am| witness.
Also any person who does or attempts to do any act with intent to
impair the operation of, or prevent or hinder access to, any
丨nformation contained in any information system, knowingly that he
is not authorized to do any of the foregoing, shall be guilty of an
offence under this Ordinance.
The first standard for payment cards was the Carte Bancaire standard
deployed in France in 1989. Geldkarte in Germany also predates EMV.
EMV was designed to allow cards and terminals to be backwardly
compatible with these standards.
■ EMV standards can save you money. Since these standards improve the security of
transactions, transactions that follow EMV standards can be subject to lower payment
processing fees.
■ EMV standards reduce businesses' liability for fraudulent activity from lost or stolen
payment cards. Notably, as of 2010, merchants without EN\V-compliant devices are
fully liable for the cost of credit card fraud directed at their business.
• EMV standards allow merchants to process international payment cards securely and
efficiently.
_ EMV standards define the physical and electronic requirements for cfafl cards. Its focus is
limited to the physical card, and not the cardholdei data associated with it.
■ PCI DSS focuses on the security of the cardholder data once a transacti_| has been
initiated. This includes the data that is stored, processed or transmitted, and can include
multiple parties such as merchants,! providers or data storage entities.
Information
Third, systems should Technology
be protected in Financial
against the Services
activities of malicious
hackers by using frequently updated anti-virus software, anti-spyware
programs, and other anti-malware solutions. All applications should
be free of bugs and vulnerabilities that might open the door to
exploits in which cardholder data could be stolen or altered. Patches
offered by software and operating system (OS) vendors should be
regularly installed to ensure the highest possible level of vulnerability
management.
Acceptance (of risk) A risk response planning technique that indicates that the management
has decided not to change the project management plan to deal with a
risk, or is unable to identify any other suitable response strategy. A
managerial decision to accept a certain degree of risk, usually for
technical or cost reasons.
ACID test Anti-virus A test a transaction processing system must pass. ACID (atomicity,
consistency, isolation, durability) is a set of properties that guarantee that
transactions are processed reliably.
policy Policy that describes the measures taken by the organization to protect
its systems against viruses, Trojans and other malware. It also describes
the responsibilities of individuals, user departments and IT function to
ensure that the ICT infrastructure is protected by effective anti-virus
systems.
Anti-virus software
Computer software designed to detect, protect and proactively safeguard
computer programs and data against malicious attacks of malware
including viruses, worms etc.
Authentication
The act of confirming the truth of an attribute of a datum or entity. A
process to verify that someone is who they claim they are. This usually
involves a username and a password, but can include any other method
of demonstrating identity, such as a smart card, retina scan, voice
Authorization
recognition, or fingerprints.
Refers to the ability of the user community to access the system, whether
to submit new work, update or alter existing work, or collect the results
of previous work. If a user cannot access the system, it is said to be
unavailable. Generally, the term downtime is used to refer to periods
when a system is unavailable.
Avoidance (of risk) The most effective way of managing risk. It means making a decision not
to enter into a new way of working or new project because of the
inherent risks this would introduce. While this may be a valid decision, it
can be hard to justify.
Barcode
Collection of parallel vertical lines of variable thickness and distances
between individual lines representing a unique number identifying a
spedic product. Barcodes are read using barcode readers employing low
power laser.
Biometric ATM
An ATM in which some biometric characteristic of human being like figue
print, is used as a means of authentication. Use of biometric charact is to
reduce the chances of fraud and identity theft.
Bluetooth
A wireless technology that allows computers, phones and other devices
talk to each other over short distances (up to 100 metres). Bluetootn
radio waves and is designed to be a secure and inexpensive waf
connecting and exchanging information between devices without
Branchless banking
A broad concept in which banking services are offered to clients ti variety
of channels including ATMs, Internet, phone, mobile phone through
partnership with other businesses like fuel pumps, chain and telecom
companies.
Broadband
Refers to telecommunication in which a wide band of frequencies
ts to transmit information. Because a wide band of frequencies is
information can be multiplexed and sent on many different freq
channels within the band concurrently, allowing more informatiaai
transmitted in a given amount of time.
Brochureware site A website is a business website that has very infrequently update*:
Often the site has been developed as a direct conversion of exisrrf
promotional materials. The goal of these sites is to build an enwi
that encourages repeat visits through constantly updated c
maintains visitors" interest.
Bus topology The simplest and cheapest network topology that uses a
common to connect all computing devices. A single cable, the
backbone as a shared communication medium that devices
attach or tap an interface cormector.
Planning which identifies the organization's exposure to internal and
Business Continuity
external threats and synthesizes hard and soft assets to provide effective
Planning (BCP) prevention and recovery for the organization, whilst maintaining
competitive advantage and value system integrity. It is also called
Business continuity & Resiliency planning (BCRP).
Business-to- consumer
e-commerce model in which the buying, selling, transferring or
exchanging activity is being performed between a business and a
(B2C)
consumer.
Call center
A company maintained or third party facility to provide information and
support to callers calling to report complaints or seeking information.
Generally equipped with state-of-the-art technology to ensure single view
of each customer regardless of location and channel.
Card global
standards Developed and managed by the PCI Security Standards Council (SSC).
Standards are developed to ensure interoperability of IC cards around the
world. Some standards include Carte Bancaire standard deployed in
France and Geldkarte is a Stored-value card or electronic cash system
used in Germany.
Card Verification Value
Code (CVVC) A code that is used for credit or debit card transactions, providing
increased protection against credit card frauds.
Central processing unit
The heart of the computer, this is the component that actually executes
Check 21 instructions that process data.
The Cheque Clearing for the 21st Century Act is a US Federal law that
allows the recipient of the original paper cheque to create a digital
version of the original cheque (called a "Substitute cheque"), thereby
Coaxial wire eliminating the need for further handling of the physical document.
Widely used cable for local area networks. Consist of copper or aluminum
wire wrapped with insulating layer typically of a flexible material with a
COBIT high dielectric constant, all of which are surrounded by a conductive
layer.
Complaint management The most inexpensive type of backup site for an organization to
system operate. It does not include backed up copies of data and information
from the original location of the organization, nor does it include
hardware already set up. The lack of hardware contributes to the
minimal startup costs of the cold site, but requires additional time
following the disaster to have the operation running at a capacity
close to that prior to the disaster.
Computer Telephony
integration (CTI) The set of processes of how organizations handle, manage, respond to
and report customer complaints. Also known as a conflict management
system, it is a set of procedures used in companies to address
complaints and resolve disputes. Can also refer to a computerized
Consumer-to- consumer system handling complaints.
(C2C)
A set of technologies for integrating and managing computers and
telephone systems. It enables the telephone system to display
information via the computer. A user with a CTI-enabled computer will
be able to dial the telephone, answer the telephone, and hang-up the
Consumer-to- consumer
telephone, all from their computers.
(C2C)
e-commerce model in which the buying, selling, transferring or
exchanging activity is being performed between two consumers. For
Contact center
example auction sites.
Core banking solutions The business conducted by a banking institution with its retail and
business customers. Many banks treat the retail customers as their
banking customers.
Core banking systems
Banking applications on a platform enabling a phased, strategic
app* that is intended to allow banks to improve operations,
reduce costs,, be prepared for growth.
and bill paying habits. This helps lenders assess credit worthiness, the
ability to pay back a loan, and can affect the interest rate and other terms
of a loan.
Credit bureau check Systems that link banks with credit bureaus for the assessment of a loan
system applicant's credit history and his borrowing and payments profile.
Cryptography The practice and study of techniques for secure communication in the
presence of third parties (called adversaries). More generally, it is about
constructing and analyzing protocols that overcome the influence of
adversaries and which are related to various aspects in information
security such as data confidentiality, data integrity, and authentication.
Data warehouse A huge collection of data (internal & environmental, current & historic)
designed to support management decision making. Data warehouses
contain a wide variety of read-only data that present a coherent picture
of business conditions at a single point in time. Smaller and focused data
warehouses are called data marts.
Digital Subscriber Line It is a medium for transferring data over regular phone lines and can be
(DSL) used to connect to the Internet. A DSL circuit is much faster than a
regular phone connection, even though the wires it uses are copper like
in a typical phone line.
Disaster Recovery The process an organization uses to recover access to their software,
Plan (DRP) and/or hardware that are needed to resume the performance of n:
critical business functions after the event of either a natural disaster
disaster caused by humans.
Domain Name system A hierarchical distributed naming system for computers, services, or
(DNS) resource connected to the Internet. Most importantly, it translates __
names meaningful to humans into the numerical identifiers
associates networking equipment for the purpose of locating and
addressir j devices worldwide.
Downtime The duration of time during which a system and its services are
not for designated function. Downtimes are undesirable and can
be (for maintenance) or unplanned (result of some accident).
Dynamic webpage These pages contain "server-side" code, which allows the server
to unique content each time the page is loaded.
Edge router
Router which connects end-users to the Internet or a router that
one network to another separate and independent network, are
found at the network boundaries.
Electronic commerce The process of buying, selling, transferring or exchanging products,
(EC) services and/or information via computer networks including and
especially the Internet.
Electronic CreditA software for monitoring credit reports. The State Bank of Pakistan
Information Bureau monitors the Software and all Financial Institutions in Pakistan are
(eClB)
required to have this software installed. The purpose of Electronic Credit
Information Bureau (eClB) is to capture credit data and to provide online
information of individual and corporate borrowers to the financial
industry.
Electronic forgery
The misuse of computer networks, the internet, and various avenues
within the online community in order to defraud potential victims of
identity theft is classified as electronic or online forgery. It is quite
common within the digital age, which can include the illegal and unlawful
reproduction of endorsements in the form of electronic signatures in order
to illicitly assume the identity of the victim of identity theft.
Enterprise resource Integrates internal and external management information across an entire
planning (ERP) organization, embracing finance/accounting, manufacturing, sales and
service, customer relationship management, etc. ERP systems automate
this activity with an integrated software application. Its purpose is to
facilitate the flow of information between all business functions inside the
boundaries of the organization and manage the connections to outside
stakeholders.
Europay MasterCard A global standard for inter-ope「ation of integrated circuit cards and IC
Visa (EMV) card capable point of sale (POS) terminals and automated teller machines
(ATMs), for authenticating credit and debit card transactions. It is a joint
effort between Europay, MasterCard and Visa to ensure security and
global interoperability.
VII
Free, Libre Open Stands for Free, Libre Open Source Software. Signifies a software to be not Source Software
only free Freeware
of cost but also free to be modified, copy, improve and run for (FLOSS) any purpose.
A computer software that is made available free of charge, but which
is copyrighted by its developer, who retains the rights to control its
distribution, modify it and sell it in the future. It is typically distributed
without its source code, thus preventing modification by its users.
Freeware is usually distributed with a license that permits its
redistribution to some extent.
Firewall A device or set of devices or a combination of hardware and software
designed to permit or deny network transmissions based upon a set
of rules and is frequently used to protect networks from unauthorized
access while permitting legitimate communications to pass. It adds a
level of protection between a company's computer and the internet
and prevents viruses and worms from entering into the system.
FRAP The Facilitated Risk Assessment Process is based upon implementing
risk management techniques in a highly cost-effective way. FRAP uses
formal qualitative risk analysis methodologies using Vulnerability
Analysis, Hazard Impact Analysis, Threat Analysis and Questionnaires.
Hyper text markup The predominant markup language for web pages and web sites,
language (HTML) defines the structure and layout of a Web document by using a
va* tags and attributes. A web browser reads HTML code and dis
accordingly on computer screen.
Imaged based The processing and clearing of bank cheques converted into electronic cheque processing
images by scanning the paper-based traditional cheques.
Inbound call center A call center that exclusively or predominantly handles inbound calls (calls
initiated by the customers).
Information reach The geographfcal area or the number of people who can receive a
message determine the information reach. Inversely related to richness.
Information website Websites that provide valuable information as its main commodity and
attraction rather than selling a physical product.
Input device Computer system peripheral devices used to input data into computers
for processing and/or storage. Most popular input devices are mouse,
keyboards, microphone etc.
A pure Internet bank exists entirely online and all transactions are done
over the Internet. . Internet banks basically give all the services of a
traditional bank except that they don't have the physical structure of a
bank. Additionally it may also include the situation when services of a
traditional bank are also offered through Internet.
Internet tool Tools (software, services and utilities) that are required to manage and
effectively and efficiently use or explore and harness the potential of the
Internet.
The term describes any code in any part of a software system or script
that is intended to cause undesired effects, security breaches or damage
to a system. Malicious code describes a broad category of system security
terrs that includes attack scripts, viruses, worms, Trojan horses, backdoors,
malicious active content.
Many-to-Many
In this mode! many banks and many telcos join hands to offer
branchless banking virtually all bankable customers.
model
Mass storage device Nonvolatile storage devices that allows a
computer to permanently retain
large amounts of data.
Mesh topology
A network topology characterized by the intertwining of nodes
through links connecting them together directly, rather than through
one or more intermediate points of interconnection. There are two
types of mesh topologies: full mesh and partial mesh. In the partial
mesh topology, some nodes are connected to all the others, but
some of the nodes are connected only to those other nodes with
Metcalfe's law which they exchange the most data.
Near Field An operating system that allows two or more users to run programs
Communication at the same time.
The network's virtual shape or structure or the manner in which computers and other devices
are connected to from network. This shape does not necessarily correspond to the actual
physical layout of the devices on the network.
A hard disk storage that is set up with its own network address rather
than being attached to the computer that is serving applications to a
network's workstation users. By removing storage access and its
Network-Attached
management from the regular server, both application programming
storage (NAS) and files can be served faster because they are not competing for the
same processor resources.
The unwanted signal in the transmission that may cause the original
message to distort and become unreadable.
Noise
One-to-One branchless In this model one bank offers mobile phone banking services in
banking model collaboratioa with a specific Telco.
Online outsourcing
The business process of contracting third-party providers (often
overseas) to supply products or services (e.g. software development)
which arc delivered and paid for via the internet. Online outsourcing
emerged in the early 2000s, along with advances in internet
technology, as a viable optoi for SMEs and entrepreneurs who lacked
the necessary financial resources to meet the costs associated with
traditional forms of outsourcin>§.
Open Source
software Software which can be used, modified and improved by anyone and
cm be redistributed freely. Source code is also available to users who
can changes to suit their needs.
Operating system
The most important systems program that runs on a computer.
Creates interface between hardware and the application software
and provides environment in which programs are executed.
Optical fiber The cable that consists of one or more filaments of glass fiber
wrapped protective layers. It transmits light which can travel over
extended di and not affected by electromagnetic radiation.
Outbound call center A call center in which call centre agents make outbound calls to
customers
or sales leads. Can also be used for debt recovery functions.
Output device Computer system peripheral devices used to output data after
processing or upon data retrieval requests. Most popular input devices
include monitors, printers, speakers etc.
Outsourcing
The strategic activity involving the contracting out of a business
function - commonly one previously performed in-house - to an
external provider for achieving cost effectiveness and better quality of
work in addition to being able to give attention to core competency.
Privacy
The right to be left alone when one wants to be, to have control on
one's own possessions and not to be observed without consent.
Procedure
Very specific and step-by-step method to the extent practical and
reasonable. Where policies and standards may apply on an enterprise-
wide basis, there will always be a large portion of the procedures that
must be specific to each individual location or facility.
Pull transaction Pure e- A transaction in which a mobile phone user actively requests a service
or information from the bank. For example, inquiring about an account
balance is a pull transaction.
A term used for situations in which a van, car, or other heavy vehicle is
driven through the ATM kiosk to effectively demolish or uproot an
Real time gross entire ATM and any housing to steal its cash.
settlement systems
Funds transfer systems where transfer of money or securities takes
(RTGS) place from one bank to another on a "real time" and on "gross" basis.
Settlement in "real time" means payment transaction is not subjected
to any waiting period. "Gross settlement" means the transaction is
settled on one to one basis without bunching or netting with any
Real time OS Receiver other transaction. Once processed, payments are final and irrevocable.
xv
the data being transmitted.
A negotiated agreement between two parties, where one is the
customer and the other is the service provider. It is a part of a service
Service Level contract where the level of services that the provider promises to offer
agreement are formally defined. The SLA records a common understanding about
services, priorities, responsibilities, guarantees, and warranties.
A type of metallic wire that contains one or more pairs of twisted wires
Shielded Twisted Pair that are insulated with a metal foil to minimize electromagnetic
(STP) interference.
Star topology A network topology in which each network host (for example a PC) Is
connected to a central hub with a point-to-point connection. All traffic
oi the network passes through the central hub.
Static webpage Web pages that contain the same pre-built content each time the page s loaded. Standard
HTML pages are static web pages.
xv
A high-speed special-purpose network that interconnects different
Storage Area
kinds of data storage devices with associated data servers on behalf of
Network (SAN)
a larger network of users. Typically, a storage area network is part of
the overall network of computing resources for an enterprise and is
usually clustered in close proximity to other computing resources.
Super computers An extremely fast and costly computer that can perform hundreds of
millions of instructions per second. Used for highly calculation-intensive
tasks of large organizations.
System software Computer software that is designed to operate the computer hardware
and to provide and maintain a platform for running the application
software. One of the most important and widely used system software
are the computer operating systems.
TCP/IP TCP is one of the core protocols of the Internet Protocol Suite. TCP is
one of the two original components of the suite, complementing the
Internet Protocol (IP), and therefore the entire suite is commonly
referred to as TCP/IP. TCP is the protocol that major Internet
applications such as the World Wide Web, email.
XVII
A time sharing operating system uses different algorithms to share the
Time sharing OS CPU time with more than one process. This allows a computer with
only one CPU to give the illusion that it is running more than one
programs at the same time.
Refers to the shifting of the burden of loss for a risk to another party
Transference (of risk) through legislation, contract, insurance or other means.
This is the path the data follows to reach the destination device. This
Transmission media can be wired or wireless, depending on the situation.
Tree topology A network topology that is a combination of the Bus and the Star
Topology. Tree topologies integrate multiple star topologies together
onto a bus. Supports future expandability of the network much better
than a bus or a star.
Twisted pair wire The most widely used medium for telecommunication. Twisted-pair
cabling consist of copper wires that are twisted into pairs. Can be
Unshielded Twisted Pair (UTP) and Shielded twisted-pair (STP).
Universal Resource Or Uniform Resource Locator (created in 1994) is a character string that
Locator (URL) specifies where a known resource is available on the Internet and the
mechanism for retrieving it.
Unshielded twisted pair A type of metallic cable. The most popular cable type used in today's
(UTP) networks. It consists of two or more pairs of unshielded twisted copper
wires. It is extensively used in telephone systems around the world and
in computer networking due to its low cost, easy installation and
maintenance.
A policy that defines users' rights and privileges on a network in terms
User privilege policy
of what programs they are able to run, what data items they may view
and/or edit etc. Management formulates the policy that is later
implemented by the IT, network or another relevant department.
User rights
User rights govern the methods by which a user can log on to a
system and use software and data resources. User rights are applied at
the local computer level and allow users to perform tasks on a
computer or a domain. User rights include logon rights and privileges.
User rights can be defined at the system or network level as well.
Video conferencing Real-time exchange of audio & video between two or more remote
facilities/people/groups using hardware based technologies and
telecommunication technologies. It represents a broad range of
opportunities for training and communicating in organizations large
and small. This technology allows companies to connect with
employees in many locations for business reasons and offer
information and education that can be presented live.
A compromise between hot and cold sites. These sites will have
hardware and connectivity already established though on a smaller scale than the
original production site or even a hot site. Warm sites will have
backups on hand, but they may not be complete and may be
Wide area network Wi-
between several days and a week old.
Wireless application The de facto worldwide standard and set of rules governing the
protocol (WAP) transmission and reception of data by computer applications on, or
via, wireless devices like mobile phones, pagers, personal digital
assistants etc. It allows wireless devices to view specifically designed
pages from the Internet, using only plain text and very simple black-
and-white pictures.
Wireless
transmission Transmission that takes place without physical wires using wireless
technologies including Bluetooth, RFID, microwave and satellite
communications.
Word processor
One of the earliest and most popular application for the personal
computer in office productivity. A word processor enables users to
create a document, store it electronically on a disk, display it on a
screen, modify it by entering commands and characters from the
keyboard and/or mouse, and print it on a printer.
Workstations A high-end microcomputer designed for technical or scientific
applications.
Intended primarily to be used by one person at a time and may be
connected to a local area network.
World Wide Web A system of interlinked hypertext documents accessed via the
(WWW) Internet. With a web browser, web pages can be viewed that may
contain text, images, videos, and other multimedia and navigate
between them via hyperlinks. The term is often mistakenly used as a
synonym for the Internet itself, but the Web is a service that operates
over the Internet, as e-mail does.
Worldwide Network
The second most important and popular card processing
network/system owned and maintained by MasterCard.
Worm Malicious software that is more dangerous than viruses as they can
travel over networks infecting connected computers automatically i.e.
without any human assistance.
2. Ensure agreement about the agreement
The two parties involved in an agreement often have different the role of the SLA
and what it can realistically achieve. Both se: 三 may be genuine, yet sufficiently
different as to cause a colla:se negotiations. Before any SLA development work is
done, it is a the two parties to hold an open discussion to ensure that they level of
agreement about the agreement. If they don't - and ur:i.
-any further SLA effort may prove futile.
3. Establish ground rules for working together
In this critical, but often ignored, step the SLA developers (those to negotiate the
SLA) focus not on the agreement (i.e. on its t on the process by which they will
work together to create the
More organizations depend on computer
systems for critical operations.
Organizations can easily maintain detailed
databases on individuals.
ion individuals to devt
Networking advances and the Internet Copying data from one location to
another and accessing personal data from
remote locations are much easier.
1 j:f-_ニー,*5
; •、•■■.ぐ.:热货挪进‘-‘-為