Design And Implementation Of A Secure Online Banking System

The Internet is changing the way business is conducted in every industry. These changes are allowing business to be conducted more efficiently with more focus on consumer needs and preferences. This allows business to be conducted in a "direct" way providing information and services tailored for the consumer. Online Financial Services offer convenient and efficient access to financial transactions while eliminating expensive brick & mortar, the paper trail, and normal banking hours.My motivation for the project is to build an online banking system that will reduce the cost of the overhead of a traditional banking system by providing innovative solution with Internet banking. This project will document how Online Banking and Electronic Bill Presentment and Payment (EBPP) are much more cost effective than traditional banking alternatives. The project will also conduct a comparison of "the online solution" versus "the traditional solution" for transactions with financial institutions and for bill payment. This comparison will be conducted for consumers, financial institutions, and businesses. I will use the Internet to provide benefits and convenience for users to access their accounts.The project tries to incorporate a multi-tier three level architecture that successfully avails itself to the needs of banks and their customers. Client/Server architecture is implemented for daily transaction and administrative activities of banking accounts. The web architecture enhances services and brings them closer to customers, whenever and wherever they are. A number of services have been integrated in the web-based application to compliment what can be done using the brick-and-mortar banking concept. Of mention is the online report generating tool, an overdraft protection utility and wired cash transfer facility.The design also goes further and try as much as possible to effect the requirements for a secured Internet banking system, and how such a system may be realized practically in a real world situation.Because of the open nature of the Internet, security issues are a concern for the Online Financial Services community. In order to allay consumer fears and make the Internet a vibrant marketplace, several security protocols have been developed and more are being proposed.There are four levels of security that protect consumer information in this project: Client (Web Browser), Transport, Web Server, and Server Operating System. Client security risks include the Web browser software itself and active content from web pages (Java applets, ActiveX Controls etc). Transport Security risks include unintended eaves dropping ('snooping' packets) as they pass through the Internet. Encryption by secure HTTP (S-HTTP) and the Secure Socket Layer (SSL) have greatly diminished the risks involved with transporting sensitive materials across the Internet. Web Server Security and Server Operating System Security have not generated a great deal of interest in securing transactions over the Internet, most of the emphasis has been placed on securing E-Commerce transactions (Transport Security). However, as the Transport Security has improved, potential thieves will concentrate on other areas in the entire process. The security of the system is only as strong as its weakest link. The server is not secured from all known and unknown security vulnerabilities, which have not been exploited or uncovered yet. Digital Signatures also play an important role in securing E-Commerce transactions. Certificate Authorities use Digital Signatures to endorse a server's Web site certificate and they can be used to endorse a consumer certificate as well. Microsoft SQL Server 2000 is the database management system which is used to store the database though other database engines such as Microsoft Access, Oracle can easily be integrated with the system. Java Database Connectivity (JDBC) driver is required to connect to a particular Database Management System (DBMS). The choice of this has been prompted by the distributed nature of the transaction. In ad...