Institute for Development and Research in Banking Technology ( Established by Reserve Bank of India )
Exploring and Exploiting technology for Common Good
Fast Forward Newsletter, November 2010
ISSN 0973-2527 Volume 13 No. 2
Institute for Development and Research in Banking Technology ( Established by Reserve Bank of India )
Fast Forward Newsletter, November 2010
ISSN 0973-2527 Volume 13 No. 2
Contents
1. CRM in Banking Part-2------01
2. Digital Identity Issues------05
3. IDRBT Salutes the nation ------11
4. Banking Community Projects------12
5. Achievements ------15
6. Innovation in payment systems -----16
7. Feedback on Data Warehousing Programme ----- 19 CRM in Banking – Part 2
focused manner. It is towards this end that CRM initiative leads a bank. In other words, CRM initiative achieves strategic business decision making automation. Further, in figure 2, the progression from CBS to CRM is succinctly captured, whereby one can notice that as the V.Ravi maturity level of bank – as measured by the technological Associate Professor initiatives embarked by it- increases, its ROI (return on IDRBT investment) also increases. In other words, full ROI is accomplished if one takes the arduous but eventually fruitful journey of CRM with important milestones such as data warehousing and data mining. n the first part, we discussed what CRM (Customer Having recognized that Operational CRM and Analytical IRelationship Management) is all about and its potential CRM are functionally interdependent and independent benefits to the organizations that adopt it. We also components of a CRM architecture, the former collects discussed three different types of CRM from and maintains repertoire of customer information in the form of demographic, transactional and psychographic architectural perspective. We also discussed the data through various channels such as web, phones, e- implementation aspects. From the previous article, it mails, and other such means. This module of Operational was abundantly clear to us that to derive sustainable CRM acts as an essential prerequisite for performing the competitive advantage one must embark on CRM next step, i.e. Analytical CRM. In this stage, the customer initiative in any service industry. According to Gartner data is extracted,cleansed, de-duplicated, integrated, the banking industry is way ahead of other industries in and eventually mined using the technologies of data warehousing and data mining in tandem. recognizing the value of CRM and implementing decision support systems to enhance its utility. At this juncture, one must remember that both data warehousing and data mining are essentially envisaged, In this article, which is a sequel to the earlier one initiated, funded and owned by business units of banks. published in the previous issue of Fast Forward, we will So is the case with the CRM project in a holistic explore its applicability and benefits to banking industry. perspective. Having said that, none of these milestones We will also discuss the misconceptions about CRM. We in the journey towards CRM could ever be achieved without active collaboration with IT units of the banks. shall highlight some success stories and highlight critical Thus, essentially, it is the strong synergistic relationship success factors. between business/marketing unit and the IT unit of a We begin with the architectural framework for a typical bank that make the CRM a hugely successful initiative. This eventually takes us to good IT governance practices. CRM implementation. In the Indian banking system before the advent of CRM, a In the post-CBS (Core Banking Solution) scenario, the decade ago it was not difficult for a customer to choose a next biggest technological initiative that banks could bank. Very often, the teller as well as the branch embark on would be customer relationship management manager would recognize most customers by name and (CRM). In figure 1, we present the natural headway a typically the bank and the customer's family had commercial bank should make from CBS to CRM. Here, historical bonds. Everything else being equal, customers chose a bank because it was convenient. one can notice that CBS drives the business / transaction automation to a great extent which is of importance On the other hand, banks earned customers' loyalty on the basis of personal relationships, trading on history and from the customer service delivery aspect. However, mutual loyalty, and on face-to-face interactions and there is still a pressing need to learn the purchasing long-term knowledge of the customer as a person, not habits, saving habits and investing habits of customers so just an account number. that banks can service them even better and in a more Even now in many branches customers operate in the
Fast Forward September 2010 1 cross-selling. same way. However, technology, commoditization, Enabling immediate action to retain the most deregulation and globalization have forever changed the valuable customers. equation between customer and his bank in a drastic manner. Identifying high-risk customers and enhancing service facilities accordingly. The model of the personal neighborhood bank is a almost extinct and is replaced by national and multi-national Enabling the bank to fulfill customer needs at the service providers, ATMs, Internet banking, automated right time with the right offer. call systems and a proliferation of product choices. None Increasing the rate of return on marketing of the services are restricted by traditional ties of initiatives. geography and familiarity. When rightly implemented, CRM is a sound business For consumers, this competitive scene has brought a strategy to identify the bank's most profitable customers plethora of choices, at the expense of the personalized and prospects, and devote time and attention to nature of traditional banking. Nowadays, bank customers expanding relationships with those customers through do not mind shifting loyalty as they now have the ability individualized marketing, re-pricing, discretionary to pick and choose from the latest deals-of-the-day that decision making, and customized service - all delivered appear, pre-approved, in the mailbox and without much through the various sales channels that the bank uses. hassle. For banks and financial institutions, this Further, CRM also concerns the identification of potential competition posses a challenge to show different levels voluntary defectors /churners from the extant bunch of of service as well as profit. loyal customers and reaching out to them with several A typical bank has many local, regional, national and personalized, targeted marketing schemes so as to retain global competitors. In this increasingly fragmented them. industry, most players hold a relatively small and Moreover, using customer life-time value models, one unreliable market share. Customers show loyalty until can estimate the potential revenue that would accrue enticed by an attractive short-term interest rate or from a customer in future. All this would be accomplished direct mail offer. This new order calls for a new mindset. with the use of technology paradigms like data Retail bankers have to behave more like retail warehousing and data mining. merchants, focusing on ways to gain customers, keep Campaign management in a bank is achieved using data them and maximize profitability from each — and all the mining tasks such as dependency analysis, cluster profile while streamlining product costs and customer contact analysis, concept description, deviation detection and channels. Many banks have been doing these by resorting data visualization. Crucial business decisions with a
Holistic architecture of CRM
lytical D Ana RM
Biz Automation Strategic Decision Making Automation to advertising in various channels and constantly campaign are made by extracting valid, previously monitoring and seeking to increase sales in each product unknown and ultimately comprehensible and actionable line. However, these measures fall short of maximizing knowledge from large databases. value from existing customers. Customer segmentation models tell us what the different Banks need to reconsider their traditional focus on customer segments are, who are more likely to respond product lines. It's time to adopt a comprehensive view of to a given offer, which are the customers whom the bank the customer as part of a continuum, not just a sale, and is likely to lose, who are most likely to default on credit to manage the life cycle of the relationship, not just a cards, what is the risk associated with a loan applicant. series of transactions. Finally, a cluster profile analysis is used to arrive at some Meridien Research predicted that retail banks would distinct characteristics of each cluster, and for modelling spend about $6.8 billion on CRM in 2001. Those a product propensity, which should be deployed to investments will benefit the banks by: increase the demand for the product. Restoring the personal-service connotation t h a t From a strategic perspective, CRM rallies resources was previously removed. around customer relationships rather than product lines and encourages activities that maximize the value of Fostering greater long-term loyalty through lifetime relationships. From an operational perspective, relationship building. CRM links business processes across the supply chain from Maximizing lifetime value of each customer through back-office functions through all customer contact
Fast Forward September 2010 2 channels (“touch points”), enabling continuity and consistency across a customer relationship. From an need and make it work? A tharough business requirements analytical perspective, CRM provides a host of resources document is essential to the success of a project. This that enable banks to fully understand customer document has to describe, in detail, what your CRM segments, assess and maximize lifetime value of each system needs to be able to do, from a business angle. customer, model “what-if” scenarios, predict customer In many cases,the service provider/integrator behaviours, customer churn and design and track defines this for a bank. However, if the business unit of effective marketing campaigns (www.sas.com). the bank is involved and drives the definition of this Q & As on misconceptions about CRM (Source: document, then the subsequent journey of the CRM www.thecrmcoach.com) would be much smoother enabling successful Is it an IT project? Not at all. IT is only part of your implementation of the project. The time spent in the CRM project which would help you achieve your business initial stages in being meticulous would lessen the goals. glitches during implementation and processing. All CRM software are pretty much the same but only Can we train our staff ourselves? Again, this approach differ in some functionality and are dedicated to only a may trigger disinterest and lack of commitment on the part of the holistic CRM initiative. Thus, CRM software part of the project team. Lack of seriousness about the can connote any of the following three: software to implementation of the project could jeopardize the maintain call centres, run data warehouses or run entire project. analytics (data mining) depending on the vendor usage Can not the staff work on the system if instructions and the stage of implementation of the CRM project. The are given to them? This could be misdirection from the primary consideration at the time of choosing the management. Ensure that the whole team is involved software should be based on how effectively it meets the right from the design phase so that they feel included in user's business requirements. the entire project and feel more responsible. This could Do we just need a vanilla, “out of the box” system? also call for a change in management skills of those in No, this approach would not be appropriate. The bottom charge of the project. line then is the acquired CRM Software has to be
Maturity level vs. ROI
Maturity level
Some case studies: customized to achieve business objectives. Wells Fargo Is the software going to work as per requirements? Wells Fargo has become the prime user in leveraging Don't expect the software to work like a magic wand. internet services and one of the largest internet banking Unless the user sees it for himself and is convinced, he (iBanking) entity in the world. It leads in the area of needs to be sceptical of the claims made by the vendor. service and convenience to its 16.4 million customers and Can one just install the software and use it right has been able to reduce transaction costs and customer away? CRM software is not like installing a routine word defection by 50 per cent for online customers. One of its processor or even an accounting system. These systems main area of focus is that of servicing its high net worth are intricate and complex when it comes to installation customers by better integration of customer information and configuration. and service applications and to assist representatives of If we change our processes to fit into the system? customer in sales and services to easily provide a one- Don't look to software to fix broken business processes. stop-shop for any kind of banking service or transaction. Get your business processes under control before looking Wachovia at software. This is especially true in Indian banking Wachovia, known for its CRM strategy with PRO (profit, industry, where business units, IT department, CRM relationship and optimization), focuses on cross-analysis department (in some banks) work in silos without and segmentation in the evaluation of existing and adequate co-ordination and collaboration. potential profit of customer rather than the profit of the Is it not the CRM partner's job to figure out what we organization. In general, a combination of PRO-customer
Fast Forward September 2010 3 profiling, customer targeting, marketing engine and the largest credit card issuers in Taiwan, introducing sales contact planning is geared to develop specific several products and services. The bank was one of the channels and product offerings to all user groups. This first banks to extend the banking hours to 7.00 pm, roll has increased customer retention rate by one-third with out mini-branches, and operate banking on weekends and the use of technological applications. on public holidays. It also pioneered branches with no Bank One staff - self service by customers. Bank One - now part of JPMorgan Chase - prides itself on SinoPac the 'Service Quality' it provides for its customers. It has Taiwan-based bank SinoPac, is a private bank renowned built its organization by going ZAYNAB MUAZU THESIS for its oustanding performance and vision of the best full- Nigeria 50 into tactical alliances and mutual service commercial bank in the Asia-Pacific region. The relationships with Intel, Metro Group, Merchants Group, bank provides a platform for Money Management Account etc., to help in finding out and satisfying the (MMA) and also the Cross Pacific Account (CPA). The bank requirements of their customers promptly and has benefited by data mining, and the availability of one- effectively. to-one marketing has increased its customer base. A major Greek bank The bank derived lots of benefits by implementing CRM. One important benefit was the reduction of costs. Another benefit was reduced complexity since there was only one platform and one contact point. The integration of all the systems on one platform offered easier architecture and decreased the time needed for support of various systems. Furthermore, operations improved by increasing employees' capabilities. Thus, effectiveness and performance improved the level of service increased and response time improved. Although the number of customer calls increased their waiting time for resolution decreased. CRM enabled the bank to come closer to its customers as it emphasized customer service rather than focusing merely on sales targets. The bank could provide 24x7 services with a success rate of 92 per cent. Implementing Governor inaugurating the CRM lab on 18th June, 2010 CRM resulted in significant increase in the bank's revenues. People involved in CRM project- stated, effective project management, realistic time Royal Bank of Canada (RBC) scheduling, perfect programming and not exceeding the With the Royal Bank of Canada (RBC), which has budget are critical success factors for CRM implemented segmentation of customers through data implementation. warehousing is able to distinguish profitable and other Another factor was good coordination between the less profitable micro segments. Customer data collection project team and external consultants who were from an and segmentation allows for assessment of current and experienced consultancy firm. In addition, their having potential customer value as it assists in understanding access to the 'best business practices' was crucial. The lifestyle changes and needs. The objective of the RBC has bank fully recognizes the value of CRM system for its changed from one-to-one marketing to what works and development and success in the market and has what does not for the organization and customers. It runs established a Strategic Analysis and CRM department. refinement tests to keep up with standards on a regular basis. In summary, we quote: "If your customer Merita-Nordbanken Bank satisfaction is decreasing, you're in a death Merita-Nordbanken Bank emerged as one of Northern spiral. Customer satisfaction equals Europe's largest bank in 1997 resulting from a merger customer loyalty." — Douglas Allred, between Merita Bank in Finland and Nordbanken of Sweden. The bank is possibly the most developed Senior Vice President, Customer Advocacy, electronic bank in the world, providing customers with a Cisco Systems selection of e-banking solutions and contact channels How are you treating your customers? Does anybody in ranging from wireless application protocol (WAP) to the bank have a purview across business lines, channels automated teller machines (ATMs), telephone, mobile and touch points? Gartner's research shows that less than and internet banking. It has also been able to create a 10 percent of enterprises (banks) have a single, single password which a customer can use to access an integrated view of their customers and, those that do are array of the services the bank has to offer. just beginning to leverage their investments to improve Chinatrust Bank customer loyalty and profitability. Chinatrust Bank is known as an organization which ********* operates as a family and as such, treats customers as its members. The bank has maintained its position as one of For any clarifications please contact on email: [email protected]
Fast Forward September 2010 4 Digital Identity - Issues
such frauds constitute 88.3% of all identity theft cases and 73.8% of amounts lost. V.Radha Assistant Professor, 2.2 Payment Card Fraud: Holders of payment IDRBT cards are made victims of fraud by stealing their cards or the card information. The loss to the cardholder varies depending on the limits and With the proliferation of personal other terms of the card-issuing bank. The Fair and computers at homes and work places Accurate Credit Transactions Act of 2003, a United offering Internet Banking services States Federal Law, was passed in November 2003 have almost become a necessity. Along with banking to combat such frauds. Guidelines issued by regulatory through ATMs (Automated Teller Machines), card authorities in India on “Protection of Customer's based banking and mobile banking, Internet Banking is Rights” and “Customer's Confidentiality” have now a set of products which can be clubbed as remote brought focus to this sensitive area.Such laws made banking channels. As more and more banks and protecting customers the responsibility of card customers use these facilities susceptibility to frauds industry and this made them deploy enhanced fraud also increases. Fraudsters using different techniques detection tools, which helped in harnessing the such as phishing, scam mails, hacking, etc, get to growing trend of such frauds. Additional know the login details, access numbers, PINs, etc., of authentication by way of a separate password where customers leading to 'identity theft'. the card is not physically used for a transaction was introduced in India recently as an additional security This paper discusses vulnerabilities in the widely for online transactions. deployed Internet Banking user authentication mechanisms which are prone to attacks and suggests 2.3 Malafide access to accounts: A fraudster can probable preventive measures. siphon off the entire amount in an account by gaining access to that account. Here the loss could be much 2. Frauds based on Identity thefts higher than frauds through payment cards which may be of a few transactions. Access to the account details Identity theft is stealing credentials of an individual can be through fictitious address change request, and using them to take away his wealth or use his application for new card, phishing, malware, trojans, reputation. Some of the frauds committed by using etc. Banks have taken steps to limit the damage identity theft are given below. caused through such frauds by limiting number and amount of withdrawals and money transfers. 2.1 Fictitious Identity Fraud (Synthetic Identity): A fictitious identity created by using parts of genuine 2.4 True Name Fraud: True Name fraud is opening of information is furnished to obtain a card. Dues of new credit accounts in the name of a customer small amounts are paid regularly to build confidence without his or her knowledge. The customer gets to and get a good credit rating and then a larger amount know of this only after he or she is denied credit or is is siphoned off through a transaction. This process informed by collection/recovery agents. While in U.S. does not directly affect a genuine customer's the FACT Act enhances consumer rights by supplying a credentials the bank or the card issuing company copy of annual credit report of the customer from would lose and the system as a whole would be each of the credit-reporting agencies. In India too such suspicion prone. Card issuers would insist on more a legal provision might soon be required since there checks before issuing new cards. As per ID Analytics are now 3 new credit agencies namely, EquifaX, High
Fast Forward September 2010 5 Mark Credit Information Services and Experian apart followed. from CIBIL are authorised.
3. Evolution of User Authentication Processes: Biometric authentication is more Authentication has become the very basic input for suitable for localized applications when identifying a genuine user and to stall frauds compared to its application for remote perpetrated by impersonators. The process of authentication is to confirm the identity of the person operations as in Internet Banking. doing a banking transaction. This is to be achieved by Limitations in application of each of these methods verifying facts given by the person with the ones have made the industry combine the better features stored with the bank. of each of these to evolve a two-stage authentication Well known authentication techniques/processes are process which is generally considered as a “stronger based on: protection”. Combining the best features of knowledge based and possession based systems is the What one knows (Knowledge Factor): most used process in the market today. ATM machines Password, PIN, Social Security no. are a good example of this application (ATM card is the possession factor and its associated PIN as a What one has (Possession Factor): Card knowledge factor are combined to give better What one is (Biometric Factor): finger print, protection). iris scanning, voice recognition, etc. When Internet banking started it was based only on the Ford and Baum, in their book, [11], Secure Electronic first factor, i.e., “what one knows”. The protection Commerce, define major threats to password or was on 3 assumptions. knowledge based systems as: It was the responsibility of the customer to External disclosure: Disclosing credentials to keep the username and password secure. others voluntarily without realizing Banks felt that the customer's credentials can consequences. never be stolen because a secure Guessing: Brute force attacks by guessing all channel with SSL (Secured Socket Layer) permutations and combinations of a technology was deployed. password. This is where limited trials of It was felt that the only way a third person will entering one's password was introduced. get to know the customer's credentials was Communications eavesdropping: Stealing b y t h e c u s t o m e r i n a d v e r t e n t l y one's password, while it is passing through a revealing it himself. communication channel. This is where All these assumptions were proved wrong over time as encrypting the data on the channel through more and more phishing instances using software SSL (Secured Socket Layer) was introduced. techniques came to light. It became obligatory for Host compromise: Stealing passwords by banks to adopt a two factor process using: planting a virus or Trojan on victim's machines. What customer's already know and that are This is where the virus scanners were constant: card no, grids printed on the back of introduced. the cards. Safety of a possession based authentication would What customer's know only for that depend on the care taken by the holder in t r a n s a c t i o n : o n e t i m e p a s s w o r d safeguarding the possession against theft. communicated through tokens. According to Ryan and Ryan [12] “Biometric products What customer's know through other means are often said to give the highest levels of security”. and only for that transaction : However, biometric authentication is still in its secret access number received on mobile infancy and its acceptability and application are still telephone. being tested. It is also said that “(Biometrics) have These identity protection measures helped banks to been applied for investigations by law enforcement some extent but were still not fool-proof. Attackers authorities and DOD (US, Department of Defense) exploited the vulnerabilities of the operating agencies”. In these applications, the relatively high environment of the PC (personal computer) and cost of implementation may be a consideration in customer's ignorance. With this, two more ingenious decision-making in the private sector where attacks came about, Trojans and Man-in-the- accountability for expenditure is more stringently middle. These are discussed in later sections.
Fast Forward September 2010 6 4. Evolution of attacks on Identity security controls to mitigate attempts at infiltrations into their domains to dovetail the efforts of banks to These can be in two modes- Passive and Active minimize frauds. Organizations like CERT(Computer 4.1 Passive Attacks: In a passive attack mode the Emergency Response Team)/NTRO(National Technical attacker is not connected to the network during a Research Organisation) are coordinating with these customer's online session with his bank's website. Also, entities in India. the bank's website is not accessed by the attacker Public Awareness - Do's and Don'ts for public (): Many while stealing the credentials of the customer. The banks have started campaigning through their attacker sets up a fake website, sends emails to websites, monthly statements, advertisements in customers as if they are from the customer's banks and newspapers, messages through emails, etc., on the lures them to the fake website. Customers who potential loss which could fall on them through 'transact' with the fake website taking it as genuine get Identity Theft and the precautions to be taken by their credentials unintentionally recorded on the fake them. website. Using the stolen credentials, the attacker keeps siphoning off money from the real customer's Reporting of attacks or ID thefts to a central authority account till the fraud is realized and the password is by people and Financial Institutions: With rapid changed. It may also happen that the attacker changes changes and improvements in systems it becomes the password denying access to the genuine customer difficult for investigators to figure out the modus to his own account. Such passive attacks are made by operandi adopted by the attackers. Unless, techniques such as: customers, network players as well as banks come forward and report the events to a central authority, it Mail Spoofing – Forged Emails: Sending forged would be difficult to take remedial steps and also to information to bank customers feigning authentic coordinate with entities like ISPs, etc. Reporting of bank sources, prompting the customer to click on a frauds also helps higher authorities to frame policies, link, which takes him to a forged site. regulations, etc. for all the entities involved and Web Spoofing – Website Forgery: Diverting customers making them accountable for ensuring smooth of a bank to an exactly duplicated forged website and operations. impersonating those customers on the customer's 4.2 Active Attacks bank's real website. In active attacks the attacker is connected online DNS Spoofing – Diverting users/customers to forged simultaneously when the targeted customer is in websites by manipulating the critical Internet session with his bank. Infrastructure like DNS (domain name server). Active attacks can be of two types. Media Tapping – recording all transactions or messages of a bank or a customer, etc. and re-using the same to Active on customer's PC take undue advantage of the information. Active on customer's channel How can banks avoid such attacks? 4.2.1 Active on customer's PC Stronger Authentication: Banks can no longer rely on the information presented by the customers to the In this a fraudster gains access to a customer's bank to prove their identity; rather banks could use computer and installs a virus or Trojan Horse virus in some intelligent techniques such as profiling the the victim's machine, and using these programs he customer's banking behavior to identify the customer. keeps a tab on all transactions, steals vital data like The location of access (IP-Internet Protocol address), username & password. By using these he impersonates normal transaction value, transaction frequency, etc., the victim even when the user is not connected to his could all be part of the customer profile. bank's site and commits frauds. The virus, Trojan Horse is implanted in the victim's machine through emails, Strengthening the infrastructure at ISPs, DNS, etc.: IRC – Internet Relay Chat, fake websites, etc. If a bank Banks' preoccupation at shielding their own introduces one more authentication stage like a one- infrastructure does not suffice in protecting the time password, etc, the Trojan Horse virus is cunningly customer's interests because for a transaction to be devised to bypass the entire authentication process put through the relevant queries have to cross many till the genuine user goes through it and then modify domains controlled by different service providers, only the transaction information to the fraudster's such as, ISPs (Internet Service Providers), DNS (Domain advantage. Name Servers), mobile telephone operators, etc. All 4.2.2 Active on customer's channel these players have to necessarily put in place proper In this active attack the attacker gets connected
Fast Forward September 2010 7 online while the customer is also connected for a loosely termed as second-factor authentication in session with his bank's site. The attacker has reality these get used as knowledge based inputs and continuous access to the communication between the thus can be stolen or shared. customer and the bank and also gets to modify the communication as he choses. 5.3 Multifactor Authentication: The FFIEC – Federal Financial Institutions Examination Council, issued 5. Evolution of Solutions supplemental guidance on authentication in August 2006, in which they clarified, "By definition true Authentication techniques evolved and got multifactor authentication requires the use of strengthened by continuous refinements so as to solutions from two or more of the three categories of lessen attacks on private domains. The evolution of factors”. Using multiple solutions of the same some of the techniques is shown below. category, would not qualify as a multifactor 5.1 Single Factor Authentication: A well-known and authentication. While true multifactor authentication trusted solution in the initial days of computerisation is not yet implemented in India, knowledge factor has was validation by a single attribute. It was effective in spread to multiple devices and channels. the days of localized processing and single user 5.4 Multi Channel Authentication: One time environments. But as networking and Internet based transaction password sent by a bank to its customer on applications spread everywhere, and users were mobile telephone before the transaction is put through required to maintain passwords for many sites and has become very popular. On the assumption that different applications, they tended to use a single security over the Internet channel could be breached password for all applications on different websites. and mobile telephone channel is safer this additional There are several reported cases where attackers stage was introduced. However, with convergence of broke into low security websites and retrieved different communication channels (Internet on thousands of username/password pairs and directly mobile) and device convergence (iPod) implemented try to use them by trial and error methods to enter these solutions need to be continuously reviewed and high security e-commerce sites such as eBay with the more layers built in? intention of committing frauds. 6. Discussion 5.1.1 Web Password hashing: PwdHash [14] is a browser extension that transparently converts a user's Review of these solutions has to focus on password into a domain-specific password. PwdHash enhancements and improvements on how to make automatically replaces the contents of these password them foolproof. One line of concern would be to make fields with a one-way hash of the pair (password, the authentication process transaction-based rather domain-name). This makes the program on the than login-based. The present process of a single website process only the domain-specific hash of the authenticated login and multiple transactions gives password, and not the password itself. A break-in at a scope for attacks through the carrier channels. low security website exposes password hashes rather than an actual password. Though this was a very Better security could be provided if every transaction effective technique, it required extensions to be can be embedded with the authentication process. added to the browsers. This feature if embedded into Some of the e-payment protocols, proposed in the every browser will avoid the need to install any past, like Paywords, Hash Chains, etc, which suggested extensions. embedding authentication of all transactions within a session are worth emulating. Every subsequent 5.2 Two Stage Authentication: All users cannot be transaction is authenticated based on the expected to load extensions to their passwords as it authentication of the previous transaction. It would requires some knowledge of processing and also as be difficult for a hacker to guess or compute the next password-stealing attacks have become so common authentication based on the current transaction. that the software industry observed that the two- stage authentication may control the ID theft only to 6.1 Trusted Computing some extent. Businesses chose different methods for All security protocols are designed to be secure by second stage authentication apart from passwords. nature but the environment where these are The second input for authentication should preferably implemented have to be matching in safety. The Trojan be dynamic and possessed by the authorized user. Horse attack is exploitation of a PCs vulnerability. The One- time passwords given through tokens, attacker's virus software captures information of the transaction numbers over mobile telephones, grids user while signing, encrypting, etc. Though the printed on the back of cards, dynamic digits from ATM cryptographic protocols are secure by nature, they card numbers, etc., all are entered as a second input become vulnerable to attacks if the environment is not for authentication and come in the increasing order of protected. Trusted Computing which makes a device in complexity and cost. Though these methods are the computing environment work in a user-defined
Fast Forward September 2010 8 sequence could be an option. Many solutions required Will payment systems recognize identity theft use of a separate device which can be attached to the early enough to limit risk successfully? normal PC. This USB based device carries all the write- protected software required to do Internet Banking. To what extent the role of merchants in combating identity theft has to be Some of the interesting proposals which could be enhanced? considered are: What further active role can law enforcement FINREAD (FINancial Transactional IC Card agencies play in deterring identity theft? READer) project. How can the burden of proof be shifted from AXSionics AG. victims of identity theft? The Internet Passport, Internet Smart Card Areadditional regulatory or legislative Technologies initiatives required to better align the market incentives necessary to resolve these MIDentity Mobile Banking challenges? ZTIC – The Zurich Trusted Information Channel 6.2.2 Reporting:
6.2 Other Fraud Prevention Measures The paper referred to in [3], discusses the advantages 6.2.1 Tools and Techniques and disadvantages of reporting Identity Theft more elaborately. It suggests that financial institutions are Apart from using Internet capable and wide spread better placed in reporting Identity Theft. But industry endorsed authentication technologies financial institutions are reluctant to make public merchants have been testing and deploying tools in an security breaches in their systems to avoid effort to limit the losses due to unauthenticated embarrassment and unwanted regulatory attention. online transactions. Some of these are Address Three disclosure requirements are sugested 1) No. of Verification Service (AVS), manual review, internally identity thefts incidents suffered or avoided. 2) Types built business rules/decision rules, card verification of identity thefts attempted and financial products value, commercial fraud screen/risk scoring service, targeted; and 3) The amount of loss suffered or Verified by Visa and MasterCard Secure Code, etc. avoided. This kind of reporting could result in four According to Gartner Research, the tools recognizing benefits. 1) Business practices most vulnerable to cross-industry fraud patterns could be the most fraud can be identified. 2) Help identify consumer effective solution as it can predict attempt of identity protection processes that work and those that do not, theft in advance. For example a fraud committed and thus assist regulators and law enforcement through cell phone service going through bank agencies in allocating resources to combat the crime. accounts to credit card accounts and to short-term 3) Improved reporting would help focus public loans and so on. The research suggested that taking a attention on the root cause of the crime. 4) Providing cross-industry perspective would enable better study more accurate, institution-level statistics on Identity of behavioral patterns to the credit markets so that Theft would make the security of personal information they can identify fraudulent usage of services. Such a new product differentiator, similar to low interest frauds can be traced through a macro approach rather rate and fee-free accounts, etc. than in secluded domains. Banks could apply a In India, CERT-IN (Centre for Emergency Response combination of tools on their internal databases, Team – India) is playing the role of central authority to external databases and introduce manual checks which banks and customers can report identity theft which would be a better option for banks because they frauds and attempts to commit frauds. can detect potential frauds. 7. Conclusions Though protection against ID theft has made rapid strides many questions remain unanswered. Identity Theft is a major threat to the growth of online e-commerce/Internet Banking. Operating Systems Will growing fears about identity theft reduce mostly used today have become highly vulnerable and consumer confidence in making electronic Internet Infrastructure has spread into environments payments? of varied degrees of protection leading to too many Will lack of authentication affect confidence gaps requiring different patches to plug them. Cyber of users in Internet? law is in its infancy and enforcement system is still to understand the whole gamut of such crimes evolving Will lack of secure authentication technology out of virtual environment. lead to alternative online payment products? In a scenario where technology is changing fast one
Fast Forward September 2010 9 cannot decide on replacing the entire existing Fried,Frank, Harris, Shriver & Jacobson infrastructure with a system which does not guarantee (8) A Taxonomy of Authentication Methods, Ant A l l a n , total security. It would be appropriate to consider February2008,Gratner Publication suggestions given in section 6. (9) The Zurich Trusted Information Channel – An (1) Identity Theft: Do definitions Still Matter? Julia Efficient Defense Against Man-in-the-Middle S.Cheney Aug 2005, Federal Reserve Bank of and Malicious Software Attacks,Thomas Philadelphia Weigold, Thorsten Kramp, Reto Hermann, Frank Höring, Peter Buhler, and Michael Baentsch, TRUST (2) Identity Theft: A Pernicious and Costly Fraud. 2008 Julia S.Cheny December 2003, Federal Reserve Bank of Philadelphia (10)Why Phishing Works, Rachna Dhamija, J. D. Tygar, Marti Hearst, Proceedings of the SIGCHI (3) Identity Theft: Making the Known Unknowns conference on Human Factors in computing Known, Chris Jay Hoofnagle, Harvard Journal systems, 2006 of Law & Technology, Vol 21, no.1, Fall 2007 (11)Secure Electronic Commerce: Building the (4)Secure Internet Banking Authentication, Infrastructure for Digital Signatures and A.Hiltgen, T.Kramp and T.Weigold, IEEE Encryption, W.Ford and M.S.Baum Security & Privacy, March/April 2006 (12)Defending Your Digital Assets Against Hackers, (5) Two-Factor Authentication: Too Little, Too L a t e , Crackers, Spies, and Thieves, Nichols, Ryan & Ryan Bruce Schneier, Communications of the ACM, April 2005, Vol 48, no.4 (13)The Laws of Identity, Kim Cameron, 5/12/2005,http://www.identityblog.com/ (6) Remote Client Authentication,T.Weigold, stories/2005/05/13/TheLawsOfIdentity.pdf T.Kramp and M.Baentsch, IEEE Security and Privacy, 2008 (14)Web Passwordhashing,http://crypto.stanford. edu/PwdHash/ (7) Role and Security of Payment Systems in an Electronic Age,June1,2004, byMark Fajfar,
*********
For details on Digital Identities Issues Contact: [email protected]
Fast Forward September 2010 10 IDRBT Salutes the Nation on its 64th Independence Day
IDRBT celebrated the nation's 64 t h Independence Day on August 15, 2010. After inspecting the guard of honur by the Security Guards, Shri B. Sambamurthy, Director, IDRBT hoisted the National Flag. Following the rendition of the National Anthem, Shri Sambamurhty addressed the large number of participants consisting of employees and their families. He reiterated the importance of everyone contributing to the nation's progress. Referring to the specific role of IDRBT of developing new ideas for better banking, he stressed that our goal should be not just to impart knowledge, i.e., “know how” but also to guide on the ways of implementing that knowledge, i.e., “do how?”. This, he said will lead the process of reaching out to the remote places of the country and move towards financial inclusion.
Fast Forward September 2010 11 Banking Community Projects
Banking Community Projects General Manager, IDRBT as mentors and consists of members, viz, Mr. Patrick Kishore, General The focus of the R&D initiatives of IDRBT has been Manager and CISO, State Bank of India, Mr. O.P. to ensure that the fruits of these are available to Srivastava, Director, ICICI Ventures Ltd. Mr. Ajay banks and their customers. Thus, applied research Misra, General Manager – IT, Punjab National is the mantra and in order to achieve this, Bank, Mr. Subhash Mallya, Head, IT Governance, objective, the IDRBT has recently embarked upon HDFC Bank Ltd., Mr. K. M. Asawa, General a series of 'Banking Community oriented projects'. Manager – IT, Bank of Baroda, Dr. Santanu Paul, These projects ensure a two-way benefit for the Distinguished Fellow, IDRBT and Chief Executive banks as well as the IDRBT. While the end result of Officer, Talentsprint Pvt. Ltd., Mr. R. Athmaram, the project is a value added service, product or a General Manager – IT, Andhra Bank and Mr. M. V. set of guidelines for the banks, the IDRBT gets Sivakumaran, Faculty , IDRBT as its Convener inputs on the challenges faced by banks which while Shri . L. Giridhar, AGM, IDRBT assists the would enable them in addressing them with the Working Group. use of IT based systems. A gist of a set of projects which are already under way is given below. B. Beyond Core Banking - Customer Relationship Management (CRM) programmes. A. IDRBT Working Group on IT Governance. Core Banking Systems, which have changed the The Working Group on IT Governance was very approach towards banking and the way a constituted in November 2009 with the objective customer is treated, have now stabilized well. As of framing an IT Governance Framework which can a measure aimed at the way forward, IDRBT has be easily adopted by banks in India. This initiated a progressive step towards better Framework would be based on inputs drawn from customer service by introducing programmes on various standards and best practices across the Customer Relationship Management (CRM) world juxtaposed with the current practices as dovetailing data warehouse management and well as requirements of banks, and would be in the Business Intelligence. Programmes on data f o r m o f a n e a s y - t o - u n d e r s t a n d a n d warehousing and data mining commenced in mid implementable guidelines suitable for the Indian 2008 progressively moving towards programmes conditions. The effort is aimed at reducing the on CRM. In 2010 two programmes on CRM were cost of compliance to banks and to bring about the held by customizing them to the requirements of much needed clarity, and focus on functional and banks i.e., Bank of Maharashtra and Indian bank. workable best practices in the domain of IT This programme is specially conducted for the Governance. As a first step in this direction, the benefit of a specific bank and has data sets which Working Group has outlined its recommendations relate to that bank so as to enable the on a Model Organizational Structure for IT participants to relate to their own working Governance in the Indian Banking Sector. Based on environment. these, the IDRBT has brought out a booklet on the Organisational Structure for IT in the Indian C. Technical Working Group on Core Banking. Banking Sector which was released by This working group discusses various issues Dr. D. Subbarao, Governor, RBI on June 18, 2010 at involved in core banking solutions, with a view to a colourful function at IDRBT, Hyderabad. provide for standardization and inter-change of The Working Group has Shri B. Sambamurthy, information across different banks which use Director, IDRBT and Shri. S. Ganesh Kumar, Chief varied Core Banking systems. As a first step, the
Fast Forward September 2010 12 Group is arriving at common taxonomies with mechanisms in place, and as emphasized by RBI, reference to various products and components of IDRBT launched the IDRBT Outreach Programme the services covered under the gamut of core (IOP) aimed at covering the executive banking systems. Banks represented at the community across the banking industry in India, September 20, 2010 meeting are Indian Bank, in the form of the Executive Round Tables (ERT) ICICI Bank Ltd., State Bank of India, Federal programmes organized in major cities so as to Bank, Union Bank of India, Syndicate Bank and provide for larger coverage across multiple Bank of India. Other participants who have made functionaries of banks in a localized area. contributions to this sphere of activity include - Ms. Prabhuta Vyas, Senior Vice President, Indian The first such ERT held in Kolkata on July 2, 2010 Banks Association, Shri K.I. Vareed, Vice was received very well, with more than 107 President, Indian Banks' Association, Dr. S.K. Executives from 11 Banks, participating in this Sinha, Senior Technical Director, National meet. A similar Round Table was held at
Dr. Subir Gokarn, Deputy Governor, RBI visited IDRBT on 4th February, 2010 and interacted with the faculty and staff.
Informatics Centre, Dr. Phalguni Gupta, Professor, Indian Institute of Technology Kanpur, Bengaluru, which was followed by one in Shri S. Mukhopadhyay, General Manager, State Chennai. A mix of officers – ranging from Chief Bank of India, Shri R.Subramania Kumar, Mangers up to the level of General Managers Assistant General Manager, Punjab National participated in these round tables; they Bank, Shri S. Ramachandran, Assistant General appreciated the new initiative of IDRBT. Manager, Corporation Bank, Shri N. P. Mahopatra, E. Banking Security Forum. Assistant General Manager, NABARD, Dr. K. Ravindranath, Chief Manager, Union Bank of Recognising that security in banking – especially India, Shri U. Ramesh Kumar, General Manager, Information Secutiy – is at the heart of today's South Malabar Grameen Bank, Shri S. C. Dhole, banking, a Banking Security Forum was Assistant constituted to address issues relating to security Professors from IDRBT Dr. M.V.N.K. General Manager, UCO Bank, and Associate Prasad, Dr. Professors from IDRBT Dr.Mahil Carr, Dr. V.N. of banking transactions using technology. The Mahil Carr and Associate Professor Dr. forum consists of members form State Bank of V.N. Sastry Sastry and Assistant Professor Dr. M.V.N.K. change it as] Prasad. India, Canara Bank, Andhra Bank, HDFC Bank, ...... Federal Bank, Allahabad Bank, Kotak Mahindra D. Executive Round Tables. Bank, Punjab National Bank, Bank of India, In order to facilitate banks plan the way forward Union Bank of India, Central Bank of India and with the optimal use of IT based systems, and to Corporation Bank. have effective controls and management The forum discussed issues such as sensitivity of
Fast Forward September 2010 13 data, reliability of intermediaries, carrying alternative authentication mechanisms has out penetration tests at regular intervals, assumed significance. Accordingly, a Working two factor testing at Point of Contact Group was constituted to address issues in this (PoC), health awareness of IT systems, area. This group identifies Alternative etc., with a view to arrive at common Authentication Mechanisms for various delivery minimum provisions to be made so that the channels, especially for retail banking customer and the bank are not exposed to operations, with a view to provide safe, secure risks of unauthorized access or malafide and reliable transaction processing especially attempts aimed at nefarious activities. for payment systems and transactions relating Since Information security in a highly to funds movement. The members of this Group challenging environment such as IT is are Shri. S Ganesh Kumar, CGM, IDRBT, Dr. M V N complex and subject to large scale change, K Prasad, Assistant Professor, IDRBT, Shri. S S the group would endeavour to have regular Maiti, AGM, RBI, DPSS, Central Office, Shri i n t e r a c t i o n s a n d u p d a t e t h e i r Sachin Y Shende, DGM, RBI, Nagpur and Shri. recommendations for the use of banks. Amitabh Kumar, GM, Alternate Channels & Payment Systems Group, SBI, CBD Belapur, F. Sub-Group on Information Security Mumbai. Governance. H. Mobile Payments in India: Innovation and With the objective of coming out with a Reality. framework on information security and related best practices for various Mobile Payment Forum of India (MPFI) which is components, IDRBT constituted a Sub- a non-profit Society established by IDRBT and G r o u p o n I n f o r m a t i o n S e c u r i t y IIT-Madras with its registered office at IDRBT, Governance. The First Meeting of this Sub- Hyderabad has about 70 Institutional members Group was held at IDRBT on September 15, comprising of Banks, Telecom Operators, 2010. The Composition of this Sub-Group is Software and Hardware Providers, Regulators Shri. Vishal Salvi CISO, HDFC Bank, Shri. (RBI, TRAI), Govt. Bodies (DIT, DOT), R&D Pradeep Kumar M, CISO, Corporation Bank, Institutions ( IIT-Madras, IIT-Hyderabad, Shri. Pravin Sharma, AGM, IT Security, IDRBT) and other Institutions ( NABARD, NPCI, Union Bank of India, Shri. K S S NSE), etc. The Regulatory Committee of MPFI Muralikrishna, Senior Manager, Information has prepared the document which was released Security, Andhra Bank, Shri. Vivek Gupta by RBI on Oct. 8, 2008 as “Mobile Banking AGM, Information Security, Allahabad Transactions in India – Operative Guidelines for Bank, Shri. Alevoor V Acharr, IS Auditor and Banks”. The technical Committee has prepared Consultant, Shri. Niraj Kapasi, IS Auditor & the “Interoperability Standards for Mobile Member, ISACA India Taskforce and Shri. M Payments” which has been published by MPFI V Sivakumaran Faculty and Convener, on September 22, 2009. The pilot run of IDRBT, Mr. L. Giridhar, AGM, IDRBT will be Interbank Mobile Payments was done with the providing assistance to this Group help of Central Switching of NPCI and Interbank settlement with CCIL. The reported success of G. Technical Working Group on pilot for mobile payments by the customers of Alternative Authentication Mechanisms Banks for interbank payments by 6 Banks and for various delivery channels. their associated Mobile Payment Providers has With the rapid deployment of new forms of opened up a new chapter for convenient delivery channels, most of which use IT to a banking by the citizens of India. large extent, the need for providing
*********
Fast Forward September 2010 14 Achievements
· Dr. A. R. Joshi, Member of Faculty and General Manager, IDRBT was awarded the Ph. D., degree for his thesis titled “Some Aspects of Globlisation and Inflation in India – Issues and Evidences”. The thesis examined the growing influence of external factors on domestic inflation in India. While growing globalization has made the macroeconomic conditions favorable to lower inflation, the economy is also exposed to risks from across the border. Therefore a model to explicitly capture the external factors was developed Sri. A.R. Joshi and compared with alternative models.
· Smt. G. Geeta Kumari was awarded Ph.D. degree in Computer Science from the Central University of Hyderabad for her research work titled “Grid Computing Security through Access Control Modeling” done under the guidance of Dr. V. N. Sastry, Associate Professor, IDRBT and Dr.Atul Negi, DCIS,UH. The work focuses on modeling aspects of direct authorization, indirect authorization (delegation), dynamic access and fine-grained access control in grid computing systems. The research contributions were Smt. G. Geeta Kumari published in 2 International Journals and 7 International Conferences. It can be applied in development of Secure Banking and Financial Grid.
· The biography of Dr. V. Ravi, Associate Professor, IDRBT was included in the “Who's Who in Science and Engineering 2011-2012” (11th Edition). Since 1899, “Marquis Who's Who” has remained the standard for reliable and comprehensive biographical data. Containing the biographies of approximately 40,000 men and women leading today's scientific and technological revolution and featuring personal and career histories, education, achievements and memberships. Sri. V. Ravi
Fast Forward September 2010 15 Innovation of Payment Systems Need or Necessity?
The world has evolved only though Innovation. In payment systems to electronic modes and the latest simple terms, Innovation is the process of creation of initiatives are all based on customer convenience, value by doing things differently. The impact of reduced costs and ease of use, while at the same time Innovation has been felt significantly in the payment being safe and secure. systems arena. All of us are aware of the evolution of cash from the early systems of barter, which took In the European continent, one of the drivers of place a few centuries ago. The current millennium is innovation was the regulatory initiative of the United characterized by the introduction of new forms of Kingdom Payment Council, which has set the target payment systems. The major forces behind the date of end 2018 to close the cheque clearing so as to development of such systems are resilience, process motivate the stake holders and to enable the efficiency requirements, fairness and transparency as development of innovative alternatives to cheques so demanded by all the stake holders in the payments that payments from 'Person to Person', 'Business to chain; however, it is technology which has been at the Consumer', 'and Consumer to Business' would migrate base of recent innovations in payment systems, apart by choice. New avenues through contactless cards, e- from the role played by people and processes. purses andmobile wallets, to name a few, would be made available, provided banks become more Innovation in payment systems has had the beneficial innovative. The major advantages enjoyed by the impetus of the regulatory forces in any economy. The countries in the European region were their relative central bank thus has been playing a pivotal role in small sizes, the maturity of the banking system and the heralding an era characterized by new forms of advances in technology which all rallied behind their payment systems – all of which attain finality by using innovative payment system strategies. safe and secure settlement systems. In India, the Reserve Bank has spearheaded the metamorphosis of In India, the winds of change in payment systems right from the mid eighties of the the payment system area have twentieth century by ushering in the Magnetic Ink been of recent origin, with the Charcter Recognition (MICR) based cheque clearing, Reserve Bank of India heralding which in a sense also paved the way for large scale technology induction in the Indian banks. Then R. Mani followed the process of migration of paper based Deputy General Manager, IDRBT
Fast Forward September 2010 16 new systems and the banks along with their services have to essentially become innovative not only constituents readily adopting these. In addition, the to deliver but also to stay in the competition. willingness of the government to change with The Indian Banking System has not undergone much innovative business models and focus on retail change in the past decades. There have, however, been, payment schemes, coupled with the Indian economy tremendous improvements in services. Core Banking closely linked to the global economy, has speeded up systems have resulted in 'Anytime, Anywhere banking innovation in this sphere of activity. The introduction serviecs' apart from treating a customer not as attached of technology based Financial Inclusion payment to a branch but to the bank. Although there is innovation cards, innovative funds transfer facilities with some in the industry, the focus has mainly been on of them not requiring the customer to even move out improvement of features and services. Similarly, the of the comfort of his chair are all now passé. These improvement in payment systems in India has been have resulted in the payment systems to migrate evolutionary. A recent example would be the migration towards near real time applications and settlement from EFT to SEFT to NEFT piloted by the Reserve Bank of taking place in either real time or near-real time. The India in which more features have been added to the
Share of paper based versus electronic transactions
Volume Value 100 100 27.1 32.8 35.3 80 80 t
n 60 60 80.4 83.9 88.3 e c r
e 40 40 P 72.9 67.2 64.7 20 20 19.6 16.1 11.7 0 0 2007-08 2008-09 2009-10 2007-08 2008-09 2009-10 Paper Electronic Paper Electronic
Source: RBI annual report 2009-10
efficiency of payment systems will no longer be product in terms of security, settlement cycle, measured in terms of size but also its capability to availability and delivery. The system is robust and can deliver products matching market expectations. provide for multiple settlements during the day that it may not be far off when there may be settlements, say The digital ride and web invasion have opened up once every fifteen minutes all through a 24 day cycle. capabilities at the customer end, apart from raising This would result in funds transfer facilities being expectations terms of banking services as well. The available almost on line and round the clock for the payment system is bound to witness more demanding discerning or the needy customer. The absorption of customers in the days to come. Banking and payment technology in areas like financial inclusion providing for
Fast Forward September 2010 17 Smt. Usha Thorat, Deputy Governor, Reserve Bank Of India, Interacting with Faculty & Staff of IDRBT at Hyderabad on October 5th 2010
biometric enabled smart cards, local language The easier to implement, less complex, more enabled POS, talking ATMs, inter-connected ATMs in tangible and innovative approach of the Reserve Bank the form of the National Financial Switch, and mobile of India in its continuous improvements of payments phones as a channel of payment have proved that systems have found acceptability as they provide innovation is an essential business requirement. reliable service and add value to the key participants in a transaction. These innovative processes have brought in value to customer services as well as to the products bringing It is essential, therefore, that a bank must define in positive change in the Banking sector of the 'innovation' not only in its vision and objectives and country. Over the past ten years, the payment align it with its customers' expectations, but also systems in India have seen alternative types of e- provide for it as a way of life in its-day-to-day payments. There is growing credit/debit card users, operations. Equally important is to identify and co-branded retailers, multiple card programs, etc. prioritize the end benefits – cost saving, creation of The volume and value of transaction made through more avenues for revenues, service improvement, electronic payments have increased manifold as can customer satisfaction and retention, demonstrate be seen from the chard below: leadership and product differentiation. The key drivers of innovation can be from a variety of sources – from the initiator to the beneficiary of the It is expected that banking business would be payment, the payment system provider to the revolutionized by the digital wave and social regulator of the payment system. Similarly, the networking by adding mobility. The foray of technical advancement, competition amongst the telephone service operating companies into the market players, the level of security, industry domain of banking and payment systems should drive framework and regularity requirements have played the banks to innovate further, and ensure that a catalyst's role in payment systems innovations. customer retention is their first right if they were to Other factors which spur innovative initiatives continue in their way to prosperity. So, is it not a include financial incentives, appetite for risk, market 'business must' to innovate? size and cooperation between industry players.
*********
“for further information on Innovation of Payment Systems please contact: [email protected]
Fast Forward September 2010 18 Feedback on Data Warehousing Programme Programme Co-ordinator: Dr. V. Ravi, Assistant Professor, IDRBT
"Data Mining for Bankers"
The programme covered the minute issues of Data Mining. Guest Faculties deliberations will help in implementing the Data Mining by the participants at a low scale at Bank level, besides the talks by the regular faculty touched upon both theoretical and practical aspects. Case studies on Data Mining helped in addressing the issues with more clarity. The proposed Data Mining Lab will help banks to experience and solve the problem. Shri P.K. Roy Deputy General Manager Bank of Baroda
"Data Warehousing for Bankers"
I participated in the Data Warehousing for Bankers, a programme conducted by IDRBT in August 2009. This programme had been extremely beneficial to me in particular and for the bank, I represent in general. Being a member in the Data Warehouse project of our bank I could put in to practice the various inputs/insights imbibed from the programme in preparation of RFP and evaluation of the responses in respect of the project in our bank. Shri Sreekumar Chengath Chief Manager (IT) The South Indian Bank Ltd.
"Data Warehousing for Bankers"
The concepts learnt during the Data Warehouse training has been implemented by me in some other IT projects of RBI. The particular about data quality, data cleaning, multi-dimensional view of a single entity were implemented. Similarly concepts of data mining may also be implemented.
Shri. C. Maheswaran Assistant General Manager Reserve Bank of India "Data Warehousing for Bankers"
Data technology training has given me an insight view of the warehousing (technology) concepts and it helps me to differentiate how the MIS reporting differs from it and what is the need to have data warehousing(DW). With training I got from IDRBT I was able to create a sample data mart and could show how we can run OLAP effectively on a DW. The training I got on data mining gave me more confidence and I believe Shri. Ajaya Kumar K.R I can map it to a real life scenario. Senior Manager (IT) Vijaya Bank
Fast Forward September 2010 19 Forthcoming Programmes December 2010 – June 2011
Sl. Programme Date Days Coordinator No. December 2010 1. Mobile Banking December 13 - 14, 2010 2 Dr.M.V.N.K. Prasad 2. Network Security December 20 - 24, 2010 5 Dr. V. Radha 3. Information Systems Audit December 20 - 24, 2010 5 Shri. M.V.Sivakumaran January 2011 4. National Electronic Funds Transfer January 10 - 11, 2011 2 Shri. G. Raghuraj 5. Vendor Management January 19 - 20, 2010 2 Dr. Mahil Carr 6. Web Services Jan 31 - Feb 02, 2010 3 Dr. V. Radha February 7. Developing IT Leadership in Banks February 07 - 09, 2010 3 Shri. M.V. Sivakumaran 8. National Electronic Funds Transfer February 14 - 15, 2010 2 Shri. G. Raghuraj 9. Wireless Technologies & Mobile Payments February 14 - 18, 2010 5 Dr. V.N. Sastry 10. Network Security February 21 - 25, 2010 5 Dr. V. Radha 11. Technologies for Financial Inclusion Feb 28 - Mar 01, 2010 3 Dr. M.V.N.K. Prasad March 12. Vendor Management March 09 - 10, 2010 2 Dr. Mahil Carr 13. National Electronic Funds Transfer March 14 - 15, 2010 2 Shri. G. Raghuraj 14. Information Systems Audit March 21 - 25, 2010 5 Shri. M.V. Sivakumaran 15. Web Services March 28 - 30, 2010 3 Dr. V. Radha April 16. National Electronic Funds Transfer April 18 - 19, 2010 2 Shri. G. Raghuraj 17. Cyber Crimes, Forensics & Legal Issues April 25 - 29, 2010 5 Shri. M.V.Sivakumaran May 18. Developing IT Leadership in Banks May 09 - 11, 2010 3 Shri. M.V. Sivakumaran 19. Network Security May 16 - 20, 2010 5 Dr. V. Radha 20. National Electronic Funds Transfer May 23 - 24, 2010 2 Shri. G. Raghuraj 21. Technologies for Financial Inclusion May 31 - June 02, 2010 3 Dr. M.V.N.K. Prasad June 22. Web Services June 13 - 15, 2010 3 Dr. V. Radha 23. Information Systems Audit June 20 - 24, 2010 5 Shri. M.V. Sivakumaran 24. Mobile Banking June 27 - 28, 2010 2 Dr. M.V.N.K. Prasad 25. National Electronic Funds Transfer June 30 - July 01, 2010 2 Shri. G. Raghuraj Institute for Development and Research in Banking Technology Castle Hills, Road No. 1, Masab Tank, Hyderabad - 57, A.P, INDIA
Ph.No : +91-040-23534981, Fax : +91-040-23535157 e-mail : [email protected], http://www.idrbt.ac.in