1 / 20

Jaana Porra, M.Sc., MBA, Ph.D. 280G MH, 713 743 45 83

Jaana Porra, M.Sc., MBA, Ph.D. 280G MH, 713 743 45 83. Electronic Commerce in Practice -- Bank of America Lecture 13. Case 1 Segev, Porra, Roldan, 1998. Bank of America : Replacing the Corporate Network with the Internet for Critical Business Transactions -- What Happens to Security?.

malha
Download Presentation

Jaana Porra, M.Sc., MBA, Ph.D. 280G MH, 713 743 45 83

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Jaana Porra, M.Sc., MBA, Ph.D.280G MH, 713 743 45 83 Electronic Commerce in Practice -- Bank of America Lecture 13

  2. Case 1Segev, Porra, Roldan, 1998 Bank of America: Replacing the Corporate Network with the Internet for Critical Business Transactions -- What Happens to Security?

  3. Bank of America (BofA) • at the time the second largest banking company (assets more than $227 billion) • in the United States and 36 other countries • supported all major electronic payment options • FedWire • ACH (capable of FEDI) • SWIFT(capable of FEDI) • CHIPS

  4. Financial Transactions and FEDI

  5. FEDI transactions over the InternetThe Pilot Project • The purpose of the Pilot project was to test security, reliability and speed of exchanging FEDI transactions over the Internet under actual circumstances and with real transactions • In 1994, BofA teamed up with the Lawrence Livermore National Laboratories to start the twelve month long Pilot • At the BofA, the project organization included experts from the Global Payment Services, Interactive Banking unit, project management unit, telecommunications, information systems services unit, security and marketing. • At the LLNL side the corresponding areas were represented in the Pilot • Additionally SW/HW vendors and outside consultants were employed

  6. The Technical System Designing and implementing the technical system consisted of: • reviewing the available sw and hw options for the Internet security system • integrating the chosen Privacy Enhanced Mail (PEM); Multi Purpose Internet Mail (MIME) and Sun workstation based solution with the existing BofA FEDI system (ECS) for encryption/decryption of the FEDI messages exchanged with LLNL over the Internet • LLNL’s already had a PEM/MIME server. At their side the project was a part of improving the accounts payable system

  7. Automated Data Flow with EDI EDI Translator Business Application

  8. BofA Interim FEDI System (LLNL’s white paper: FEDI Pilot Project, 5/1/96)

  9. Proposed Full-Scale Production System for BofA FEDI Services (Based on the LLNL white paper: FEDI Pilot Project, 5/1/96)

  10. Diagram of the FEDI transaction exchange process (Based on the LLNL white paper: FEDI Pilot Project, 5/1/96)

  11. The FEDI -Management System • In addition to the technical security system, transactions were carefully monitored by the key participants in both organizations using • automatically generated email messages • telephones • faxes • beepers • paper reports • weekly meetings for solving recurring problems • Throughout the project the security of the network was additionally monitored using standard security procedures of both organizations. • The groups managing the firewalls of each organization conducted their own independent tests

  12. Results of the first phase • During the seven months of the Pilot project all payments were received by the vendor banks within two days of the generation of the payment instructions • No messages were lost • No evidence of tampering with the transactions was discovered

  13. Problem Summary

  14. Second Phase of the Pilot • After seven months, the maximum dollar amount for a single payment was increased from $10.000 to $100.000/vendor/day • LLNL expanded the use of the system to provide travel and entertainment reimbursements to its employees • volume testing with files consisting up to 1,000 transactions was conducted • the speed and reliability of the system remained high • delays were mostly caused by the FEDI systems not by the network

  15. Volume Testing Results

  16. Volume Testing

  17. Volume Testing

  18. Summary of Problems • 49% of the problems encountered during the project stemmed from the systems being down or off line • Other problems included • transaction delivery problems (duplicate, delayed or lost transactions) (24%) • Application, operating system incompatibilities (17%) • message delivery problems (5%) • decryption problems (5%) • Error rate per month varied from 5% to 50%

  19. The Future • The Pilot project served as a proof of concept • The production system is being designed based on the Pilot with heightened security, reliability and speed sensitivity • The project prompted a network security processes reevaluation at BofA • Organizational changes have taken place and are planned for • Open issues include Internet based information systems security management of which one central area is encryption key management

  20. Have a Great Summer! 2000 Jaana Porra University of Houston

More Related