Md Abul Kalam Azad

VP & Head of ICT Division

 Last 3 (Three) Months Progress

FSIBL Mobile Apps Internet Banking

Circular in Home Page Security Enhancement

Last 3 (Three) Months Progress

User will be able to see:

1. List of Bank Accounts
2. Balance Details
3. Profit Details
4. Cheque Book Details
5. Transaction History Details
6. Profit Details
7. Cheque Book detail
8. Search Transaction History with
Cheque number/amount.
9. Address, National ID, TIN, Date of
Birth.
Last 3 (Three) Months Progress

Fund transfer Through NPSB:

- FSIBL to Other Bank

- Other Banks to FSIBL
- Within FSIBL Account
- Utility Bill Payment (DESCO)
- Tuition Fees Payment
Last 3 (Three) Months Progress
Top-Up with all TELCO in Bangladesh.
Last 3 (Three) Months Progress

It will be more easier then before to find out

nearest FSIBL Branch with our mobile
banking Apps.

First Security Islami Bank

Azampur Branch
Last 3 (Three) Months Progress

Service Request:

1. Stop Cheque
2. Order Cheque Book.
3. Statements
4. Change Address
5. Lost Card
Last 3 (Three) Months Progress

QR Payment and Simple Buy

will save valuable times of User.
Last 3 (Three) Months Progress

Other Features:

1. Product Details.
2. EMI Calculator.
3. NEWS and Events Notification.
4. Branch Location
5. Contact Address.
 Last 3 (Three) Months Progress
Customer Profile Information
Customer Account Information
Fund Transfer within FSIBL
Fund Transfer with other Banks
QR Payment
Top up with all Telco
Utility Bill payment
FSIBL All Branches & ATM booths Location
Mobile
Application Service Requests & Much More
 Last 3 (Three) Months Progress

Insertion of Circular in
Home Page.
Last 3 (Three) Months Progress

Employees can search an specific

circular through the followings:

-Date
-Title
-Circular No.
-Division
Last 3 (Three) Months Progress
Last 3 (Three) Months Progress

Recently we have Changed our

internet Banking Log-in Page to
make it more secure and User
Friendly.

- Virtual Keyboard.
- Simple Captcha Code
- Different User and Password
Page
- Address Hide.
 Last 3 (Three) Months Progress
FUND Transfer NPSB
Receive
Other Bank A/C to FSIBL A/C
Other Bank A/C to FSIBL Card
Other Bank Card to FSIBL A/C
Other Bank Card to FSIBL Card
FSIBLA/C to Own A/C
NPSB
Payment
FSIBL A/C to Other bank
FSIBL Account to Other
bank Card
FSIBL A/C to Own
Demand Deposit Account.
 Last 3 (Three) Months Progress
FUND Transfer NPSB
Receive
Other Bank A/C to FSIBL A/C
Other Bank A/C to FSIBL Card
Other Bank Card to FSIBL A/C
Other Bank Card to FSIBL Card
FSIBLA/C to Own A/C
NPSB
Payment
FSIBL A/C to Other bank
FSIBL Account to Other
bank Card
FSIBL A/C to Own
Demand Deposit Account.
 পত্রিকার পাতা খুলললই....

 এর আগে…
 ATM Machine Scamming
 Sonali Bank… SWIFT Fraud

আর নিগেগের েীবগি Facebook account hacked

নিগের পাসওয়ার্ড নেগয় নিগে ঢুকগে পারনি িা নকন্ত বন্ধুরা আমার
একাউন্ট থেগক বাগে নিনর্ও পাগে।
Banks Challenged By Cybersecurity Threats, State
Regulators Acting
 New York State Department of Financial Services has released a
new report on cyber security.
 The report notes that, cyber attacks against banks are “becoming
more frequent, more sophisticated, and more
widespread.” Oftentimes not featured in the news are the attacks
against “community and regional banks, credit unions, money
transmitters, and third-party service providers (such as credit card
and payment processors)” who have experienced attempted
breaches in recent years. 26-05-2014
“There are two kinds of big companies in the United States. There
are those who’ve been hacked…and those who don’t know they’ve
been hacked.”
FBI Director James Comey.
• The latest Kaspersky Labs Report - Financial Cyber
threats in 2014 - highlights certain new, disturbing
trends:
– Cybercriminals are becoming less interested in “mass”
malicious attacks on users, preferring fewer, more “targeted”
attacks.
– A shift in the cybercriminals’ focus – instead of attacking end-
users, they started to pursue organizations that work with
financial information and payment tools.
 Cyber ???
A prefix used in a growing number of terms to describe new things
that are being made possible by the spread of computers.
Cyber phobia, for example, is an irrational fear of computers.
Cyberpunk is a genre of science fiction that draws heavily on
computer science ideas.
Cyberspace is the non-physical terrain created by computer
systems.
Anything related to the Internet also falls under the cyber category.
What is Cyber Crime?
• Cyber Crime refers to all activities done with criminal intent in
cyberspace.
• Use of Computer or Internet to do something that would be a crime
in any case.
• Use of Computer, Network and Internet by cyber criminals to do
something that would be a crime in any case is called cyber crime. It
is the unlawful activities performed in cyber space.
• Computer crime, cyber crime, e-crime, hi-tech crime or electronic
crime generally refers to criminal activity where a computer or
network is the source, tool, target, or place of a crime.
What is Cyber Crime?
• Cyber Crime is a term for any illegal activity through cyberspace
that would be-
• Illegal activities committed primarily through Internet Contact.
• Unlawful acts wherein the computer is either a tool or a target
or both.
• Any criminal act dealing with computers and networks.
• Cybercrime also includes traditional crimes conducted through
the Internet.
 UN and cybercrime
The United Nations has categorized five offenses as
Cyber-crime:
• Unauthorized or illegal access to computer, computer system or computer
network;
• Data Interference, i.e. damage to computer data or programs;
• System interference i.e. sabotage to hinder the functioning of a computer
system or network;
• Unauthorized or illegal interception of Data to, from and within a system
or network;
• Computer spying.
Profile of Cyber Criminal
o Disgruntled Employees.
o Teenagers.
o Political Hacktivist.
o Professional Hackers/Crackers.
o Business Rival.
o Ex-Boy Friend.
o Divorced Husband etc.
VICTIMS
 Gullible (যাগক সহগে ঠকাগিা যায়)
 Desperados and greedy people
 Unskilled & Inexperienced
 Unlucky people
Why learn about CYBER CRIME ?
Because –
Everybody is using COMPUTERS.
From white collar criminals to terrorist organizations And from Teenagers
to Adults.
Conventional crimes like Forgery, extortion, kidnapping etc. are being
committed with the help of computers.
New generation is growing up with computers and internet access.
MOST IMPORTANT - Monetary transactions are moving on to the
INTERNET.
Importance of Security Awareness
 Banks are in the business of trust. If trust gets violated bank loses
its customer and business & cost a bank its reputation.
 Banks can incur penalties for non-
compliance.
 Consumer data is sensitive.
 Consumers can lose time and money.
 Banks are cybercrime targets.
Main Objective of IT Security

Confidentiality

Information
Security

Integrity Availability
Top Information Security Attack
MALWARE VIRUS

RANSOM
WARE WORMS

MALWARE

TROJANS SPYWARE
Social Engineering
Phone Call:
In Person:
This is Ashraf, the IT
Admin. What is your What ethnicity are you?
password? Your mother’s maiden
name?
Social Engineering
Email:

ABC Bank has noticed a

problem with your account… I have come
to repair your
machine…

and have
some software
patches
Web Defacement

Web defacement occurs when the content of the website is modified by the attackers.
FSIBL Website
 People around the world getting current status of the
bank through FSIBL corporate website
www.fsiblbd.com
 Another website, FSIBL Homepage where the
Internal employees can update their knowledge and
perform their regular day to day activities.
FSIBL Internet Banking System (iBankUltimus)
 What is an Internet Banking System?
o It offers easy and instant access for making financial transactions
from any device (e.g PC, Labtop, Mobile phone) connected to
the Internet.

o It also has 24 hour availability

o FSIBL Internet Banking service will be linked to all Accounts

under one Customer ID.
Home Page/Login page
2FA Verification page
Active Directory Implementation
 It is implementing as per Bangladesh Bank Guideline

 Every user will have different user ID.

 This ID is different from BankUltimus ID.

 Every individual user can use every PC with their ID.

Active Directory Implementation
 User will get the backup of Desktop, Downloads & My documents’
data.
 Except the Outlook, Outlook can be used for one user at one PC.
 User ID & Password can’t be shared with other user.
 For providing wrong password 3 times, the ID will be locked.
BB & FSIBL ICT Security Policy Guideline Overview
 Objectives:
a) To establish a standard ICT Security Policy and ICT Security Management
approach
b) To help the Banks and NBFIs for secured setup of its ICT infrastructure
c) To establish a secured environment for the processing of data
d) To establish a procedure for Business Impact Analysis in conjunction with ICT
Risk Management
e) To aware and train the users associated with ICT activities for achieving the
business objectives
f) To minimize security risks for electronic banking infrastructure including ATM
and POS devices, payment cards, internet banking, mobile financial services, etc.
ICT Security Management
 ICT Security Management must ensure that the ICT functions and
operations are efficiently and effectively managed.
 Banks shall be aware of the capabilities of ICT and be able to appreciate
and recognize opportunities and risks of possible abuses.
 They have to ensure maintenance of appropriate systems documentations,
particularly for systems, which support financial transactions and
reporting.
 ICT Security Management deals with Roles and Responsibilities, ICT
Security Policy, Documentation, Internal and External Information
System Audit, Training and Awareness, Insurance or Risk coverage fund.
ICT Risk Management
 ICT risk is a component of the overall risk universe of an
enterprise. Other risks Bank or NBFI faces include strategic risk,
environmental risk, market risk, credit risk, operational risk,
compliance risk, etc.
 ICT risk is business risk - specifically, the business risk associated
with the use, ownership, operation, involvement, influence and
adoption of ICT within a Bank .
 It can occur with both uncertain frequency and magnitude and it
creates challenges in meeting strategic goals and objectives.
Infrastructure Security Management
 Asset Management
 Prior to procuring any new ICT assets, compatibility assessment (with
existing system) shall be performed by the Bank.
 All ICT asset procurement shall be complied with the procurement policy
of Bank.
 Each ICT asset shall be assigned to a custodian (an individual or entity)
who will be responsible for the development, maintenance, usage, security
and integrity of that asset.
 All ICT assets shall be clearly identified and labeled. Labeling shall reflect
the established classification of assets.
Infrastructure Security Management
 Asset Management
 Bank shall review and update the ICT asset inventory periodically.
 Information system assets shall be adequately protected from
unauthorized access, misuse or fraudulent modification, insertion,
deletion, substitution, suppression or disclosure.
 The Bank shall establish a Disposal Policy for information system asset
protection. All data on equipment and associated storage media must be
destroyed or overwritten before sale, disposal or re-issue.
 Bank shall provide guidelines for the use of portable devices, especially
for the usage at outside premises.
Infrastructure Security Management
 Desktop/Laptop Devices Controls
 Desktop computers shall be connected to UPS to prevent damage of data
and hardware.
 Before leaving a desktop or laptop computer unattended, users shall apply
the "Lock Workstation" feature. If not applied then the device will be
automatically locked as per policy of Bank.
 Confidential or sensitive information that stored in laptops must be
encrypted.
 Desktop computers, laptops, monitors, etc. shall be turned off at the end
of each workday.
Infrastructure Security Management
 Desktop/Laptop Devices Controls
 Laptops, computer media and any other forms of removable storage containing
sensitive information (e.g. CD ROMs, Zip disks, PDAs, Flash drives, external hard-
drives) shall be stored in a secured location or locked cabinet when not in use.
 Access to USB port for Desktop/Laptop computers shall be controlled.
 Other information storage media containing confidential data such as paper, files,
tapes, etc. shall be stored in a secured location or locked cabinet when not in use.
 Individual users must not install or download software applications and/or
executable files to any desktop or laptop computer without prior authorization.
Infrastructure Security Management
 Desktop/Laptop Devices Controls
 Any kind of viruses shall be reported immediately.
 Viruses shall not be cleaned/ deleted without expert assistance unless otherwise
instructed.
 User identification (ID) and authentication (password) shall be required to access all
desktops and laptops whenever turned on or restarted.
 Standard virus detection software must be installed on all desktop and laptop
computers and shall be configured to check files when read and routinely scan the
system for viruses.
 All computers shall be placed above the floor level and away from windows.
User Security Awareness-SYSTEM
 No devices can be brought or repaired from unauthorized
vendor without the permission of ICT personal.
 Repairing request (Hard copy/ Soft Copy) must be
attached along with the product send for repairing.
 After receiving New /Repaired product from ICT Division
immediately send an acknowledgement letter.
User Security Awareness-SYSTEM
 Stop getting Pen drive Access without proper reason.
 Always Backup your important data of C Drive
(including Desktop, Downloads & My Documents) on
D or E Drive.
 In some cases backup it on D or E drive of Other
PC’s.
User Security Awareness-CBS
 Properly fill up the Bankultimus User ID locked form.
 Properly closing Scheme/ Time deposit A/C during
premature encashment, through the Fast path 2036/2031
instead of 7032/7033.
 Payment of Gift Cheque correctly through Fast Path 7131
(With Profit)/1636 (W/O Profit).
User Security Awareness-CBS
 Properly monitoring Investment A/C, Time deposit A/C,
Scheme A/C whether Profit/ Source Tax/ SMS Charge/
A/C maintenance charge is applied or not.
 Providing the list of Active / Inactive BankUltimus User
ID list within the 4th day of the month.
 Always convince the customer to activate the SMS service
during A/C opening.
User Security Awareness-ATM
 Always Confirm the ATM Card is active before providing
it to the customer.
 Making sure the transaction is allowed while providing the
ATM Card.
User Security Awareness
 In order to recover/prevent virus attacks:
 Avoid potentially unreliable websites/emails.
 Using updated operating system.
 Regularly installing windows security update patch.
 Re-install operating system if computer is affected.
 Using Anti-virus (i.e. McAfee).
User Security Awareness
 Precaution during emailing:
 Sending mail only to the intendant recipient. Don’t sent mail to
all@fsiblbd.com unless the mail is important for all.
 Use Outlook instead of FSIBL webmail.
 Don’t share Pictures, Appreciations, Congratulation Letters
etc. to ‘all’ mail domain. It consumes huge space at mail server.
 Do not click on any links listed in an e-mail message. Copy
and paste the URL into your browser.
User Security Awareness
 Protect Data on the Computer
 Lock down the computer every time we leave our desk.
 Set up automatic lock in the computer after a pre-set
amount of time which require a password to log back in.
 If computer is used by more than one person, individual
accounts should be created, with unique login and
passwords for each user.
 Choose a strong password.
User Security Awareness
 PASSWORD AND PIN GUIDANCE
Follow the “8 4 Rule”- Stick with passwords that are at least
eight characters in length. The more character in the passwords
the better.

At least one character in your passwords should be each of the

following.
 Lower case letters (A through Z)
 Upper case letters (a through z)
 Numbers (0 through 9)
 Special characters (!, @, #, $, % etc.)
User Security Awareness
 Some etiquette that should be followed:
 USB permission should be restricted.
 Co-operation on using antivirus software.
 Back up important information periodically. At least
once a week.
 Co-operate ICT officials during ICT support.
 Try to give exact information during ICT support
 Conclusion
 Security is means of People , Process & Technology. So
cooperation of every body is highly required.
 We should give high priority to safeguard the banking data and
information. High risk involved in it because bank deal with a lot of
money.
 No security measure is 100% perfect! However, Self awareness and
good practices can make the corporate data harder to breach and
thus increase its safety and security.
Thanks Everyone