BankMIllTM - Security Features

Mindmill
24A Film City, Noida, UP 201 301, India
+91 120 414 2000

Overview

The following concerns are important from the perspective of security in an

application:

Login, Transmission Security & Encryption

Authentication of the user
MAC ID based Access
Integrity and Confidentiality (Snoop safe transmissions)
Physical Safety of Servers & Systems Based Security
Server Access
Users Access Control
Transaction Tracking
Prevention of Human Mistakes & Fraud
Audit Trails

The system has been designed and architected in a manner which ensures that
the Bank has complete (100%) control on Database and no 3rd party has access
to Banks Database

Login, Transmission
Security & Encryption

Authentication of the User

The users passwords are kept MD5 encrypted at the server databases. It
is not possible for the System administrator who has the access of
Database server to see the password also. No one can copy his own
password to other user and login into the server because password is
kept with username in an encrypted format.

MAC ID based Access

Only those Machines which are authenticated for access will be able to
run the application on client machine. Inbuilt Firewall exists in the
application. Even if someone is able to get into Banks LAN he will not be
able to access the application.

Integrity and Confidentiality (Snoop safe transmissions)

All data transmitted between the browser application and the server
application is encrypted using 3DES encryption (this is a symmetric
encryption on both the server and the client side and uses a key to
ensure that the server and the client can communicate with each other).
This ensures that even if someone is snooping the channel they cannot
read the contents of the channel. If they try to change the contents the
server will not be able to recognize the contents and discard the whole
transaction.

MINDMILL

Physical Safety of
Servers & Systems
Based Security

Server Access
Data center should be carefully planned to have Tier III security.All access to data
center must be based on card based ingress and egress. Cards must only be
given to people whose credentials have been verified by the local police. A
camera should be placed which records all motion inside the data center.
All servers must have dual SMPS to ensure electricity supply even if one SMPS
fails.
The data center must be provided at least 2 separate electricity sources to ensure
the system works even if there is any single point of failure in the electrical route .

Data Backup
Several levels of data backup are necessary to ensure glitch free service. These
are:
Complete mirroring of active database at each transaction into a passive
database system maintained in the LAN so that the system can be
immediately and automatically switched to the passive database server
should the active server not be available for any reason.
Replication of the database at a fixed interval of about 30 minutes to
another building to ensure a transition to a system should the building
housing the primary datacenter goes down for any reason. This
switchover will require manual intervention and will require re entry of
vouchers for the last 30 minutes.
Replication of the database to a server placed in a difference seismic
zone to take care of a major natural calamity such as an earthquake or
war. Replication is done at the end of day and re entry of the entire days
work will be required.
Finally weekly database backup must be taken on a secondary device
such as external hard drive or tape and kept in a secure and safe place.
in a location away from the datacenter to ensure that a copy is available
incase the online systems suffer a fault for any reason.

Users Access Control

Data Security: Data is kept secure using database login and password
Access Security: Maintained by Role and Rights which is explained more
in Administration Features.

Transaction Tracking

Service Outlet Concept: Each branch or delivery channel is designated as

a service outlet and each transaction can be tracked at a service outlet
level.

Prevention of Human Mistakes & Fraud

Maker Checker Concept: Allows the Bank to have double or triple checks
in place by having one person make an entry, another to verify it and
sometimes if necessary a third to re-verify or enable it.
Roles and Rights: A Bank can create various roles (designations) based
on its Organization Chart and associate view, create, modify and delete
rights on each screen as well as access to the screen itself. This ensures
no information is available to a user who does not have right to do so.

Audit Trails

Audit Trails: Audit trail of each transaction in the system is kept with date,
time and user-id stamp. All old backups are with Bank only to restore and

MINDMILL

check.

Next Steps

The next few steps are:

1. Call Mindmill to do a demo of its unique Security Features to convince
you that this is actually possible. Mindmill can also show the existing
working servers which are hosting this solution for existing clients. Further
Mindmill can give references of existing clients who are using this system
effectively. If you desire Mindmill can arrange a site visit for you to see
this in a live environment.
2. Once you have satisfied yourself that this concept is actually possible,
Mindmill will conduct a study of your existing system to identify all the
functionality required by you.
3. BankMill will then be configured using parameters to suit your
requirements. Any custom requirement can be added.
4. Finally data will be migrated to BankMill,
5. Your users will be trained using online training material available on the
cloud
TM
6. Your organization will at this stage become live in BankMill .
Make your organization start saving large amount of money and get real
customer and employee delight today besides feeling the bliss of working in a
well-organized structured single software and single server environment.

Contact

Business Development
Mindmill
Mindmill Corporate Tower
24A Film City, Noida, UP 201 401, India
Tel: +91 120 414 2000
URL: www.mindmill.in

MINDMILL