NETteller Security Module provides a very strong security engine. Each user can only execute secure business component methods that are assigned to his/her user group. Using an advanced combination of password controls and user access rights, the bank can ensure only authorized users can access the NETteller system. User Ids and Passwords are encrypted in the database and cannot be retrieved by anyone.
NETteller employs multiple levels of encryption with multiple encryption algorithms on and between internal systems to help ensure not classified as public information is kept secure and inaccessible to unauthorised users.
Configurable Login attempts
Configurable delay after a failed login attempt, IP blocking to prevent unauthorized SSH login attempts, a configurable time for which the server keeps track of failed login attempts. If the maximum number of failed login attempts occurs within this time, the account locks.
Timed logout inactive users
Auto logout idle users after being inactive for some time
Logging, Auditing, and Profiling:
- Transaction-Logging and Logging of user behaviour
- History of all activities
- Transaction logs are a source of usage information. The information on user behaviour can be filtered through calculation of summary statistics
- Multiple/One Time Password System Integration (Vasco, VeriSign, etc): This method is where the security cryptography is based on n sequence number enhancing the inherently secure transport layer with a second or multiple factor of authentication, greatly reducing the risk of fraud.
- Digital Signature: A valid digital signature gives a recipient reason to believe that the message was created by a known or the claimed sender, authenticates the identity of the sender of a message or the signer of a document and ensures that it was not altered in transit.
Comprehensive Security features
Our security module is deployed using the latest Security Industry standards to provide comprehensive security features for the management of User names & Passwords, Client Validation & User Credentials, Transaction logging, User Behaviour, Encryption of Data and Audit Trail functionality.
Separate Permission Levels and Access Rights
Users and groups can have different levels of permissions. Each user group has its own privileges stating which methods of a business component can be called by a group of users; in other words if the user is indeed authorized to call implicitly a specific method on a business component.
Different access rights and controls can be applied, and monetary limits can be placed on the user or on each transaction per user. Furthermore, further permissions and limits can be applied on the accounts like requested signatories, monetary limits, enabling or disabling functionality and more.