Security is a very important part of the Applicon i-Banking application. All customer information is protected using the latest technology, making sure that user information is protected from other users as well as the banks internal users.
Authentication
The solution supports two factor authentication. Two factor authentication means that in addition to require username and password to log-in to the solution a second authentication is required. The second authentication is usually done by deploying One Time Passcode (OTP) tokens to the users which users use to generate a one time passcode when they login. By enforcing two factor authentication user‘s accounts are protected, even if users username and password are stolen.
Applicon i-Banking supports tokens from Todos Data System out of the box, as well as being able to send OTP codes via SMS if deployment of hardware tokens is not possible.
Authorization
The solution has authorization capabilities built in. The authorization module makes it possible to define very fine grained authorization rules througout the solution. Accounts permission can for example be configured so the user can only see account statement, but not transfer funds from the account and so on.
Encryption
The solution uses Microsoft‘s best practices when it comes to encrypting data. All sensitive data is stored encrypted in the database and the solution makes it also possible to encrypt individual columns in the database if that is needed due to internal security standards.
Logging
Since Applicon i-Banking is not fully integrated into back end systems, the application takes care of logging all actions that are performed in the internet banking scope and keeping track of the data that is sent to the back end system. For this purpose the Applicon i-Banking has built in extensive logging at every tier in the application, making sure that all user interaction is recorded and stored.
System to system communication
For system to system integration, such as integration to existing customer information database, all communication is encrypted and there is a support for using certificates in the communication. If needed the application has built in IPSec support.
Security audits
During the implementation Applicon recommends a security audit during certain phase of the project. The application has already proven to pass security audits for 11 countries in Europe where Bithex and several other companies did security audit for every country. Part of this security audit is SQL injection, Session hijacking, Cross-frame scripting etc. Applicon recommends that experts from these companies are involved in this procedure.
