Welcome » IT Booklets » E-Banking » Introduction » E-Banking Components
E-banking systems can vary significantly in their configuration depending on a number of factors. Financial institutions should choose their e-banking system configuration, including outsourcing relationships, based on four factors:
Financial institutions may choose to support their e-banking services internally. Alternatively, financial institutions can outsource any aspect of their e-banking systems to third parties. The following entities could provide or host (i.e., allow applications to reside on their servers) e-banking-related services for financial institutions:
E-banking systems rely on a number of common components or processes. The following list includes many of the potential components and processes seen in a typical institution:
These components work together to deliver e-banking services. Each component represents a control point to consider.
Through a combination of internal and outsourced solutions, management has many alternatives when determining the overall system configuration for the various components of an e-banking system. However, for the sake of simplicity, this booklet presents only two basic variations. First, one or more technology service providers can host the e-banking application and numerous network components as illustrated in the following diagram. In this configuration, the institution's service provider hosts the institution's website, Internet banking server, firewall, and intrusion detection system. While the institution does not have to manage the daily administration of these component systems, its management and board remain responsible for the content, performance, and security of the e-banking system.
Figure 1: Third-Party Provider Hosted E-Banking Diagram
Text Description of Figure 1
This diagram illustrates the transaction flow for one possible configuration where the bank relies on a technology service provider to host its Internet banking application.
- Internet banking customer sends an e-banking transaction through their Internet Service Provider (ISP) via a phone, wireless, or broadband connection.
- The customer's ISP routes the transaction through the Internet and sends it to the e-banking service provider's ISP, which routes it to the provider.
- The transaction enters the provider's network through a router, which directs the e-banking transaction through a firewall to the application running on the Internet banking server.
- The website server and Internet banking server may have host-based intrusion detection system (IDS) software monitoring the server and its files to provide alerts of potential unauthorized modifications.
- Network IDS software may reside at different points within the network to analyze the message for potential attack characteristics that suggest an intrusion attempt.
- The Internet banking application processes the transaction against account balance data through a real time connection to the core banking system or a database of account balance data, which is updated periodically from the core banking system.
- The Internet banking server has a firewall filtering Internet traffic from its internal network.
Second, the institution can host all or a large portion of its e-banking systems internally. A typical configuration for in-house hosted, e-banking services is illustrated below. In this case, a provider is not between the Internet access and the financial institution's core processing system. Thus, the institution has day-to-day responsibility for system administration.
Figure 2: In-House E-Banking Diagram
Text Description of Figure 2 This diagram illustrates the transaction flow for one possible configuration in which the bank hosts the Internet banking application. - Internet banking customer sends an e-banking transaction through their Internet Service Provider (ISP) via a phone, wireless, or broadband connection. - The customer's ISP routes the transaction through the Internet and sends it to the e-banking service bank's ISP, which routes it the provider. - The transaction enters the bank's network through a router, which directs the Internet-banking transaction through a firewall to the application running on the Internet banking server. - The bank typically has several Internet application servers that could include a website server, e-mail server, proxy server, and domain name server (DNS) in addition to the Internet banking application server. - The router will typically send the transaction around the other application servers directly to the Internet banking server unless it is a non-banking transaction. - The website server and Internet banking server may have host-based intrusion detection system (IDS) software monitoring the server and its files to provide alerts of potential unauthorized modifications. - Network IDS software may reside at different points within the network to analyze the message for potential attack characteristics that suggest an unauthorized intrusion attempt. - The Internet banking application processes the transaction against account balance data through a real time connection to the core banking system or a database of account balance data, which is updated periodically from the core banking system. - The Internet banking server has a firewall filtering Internet traffic from the bank's internal network.