Email Twitter LinkedIn Google Plus Hamburger
Incident Response
Get in touch

Information Assurance for Online Banking | International Retail Bank

The client is the European Division of one of the world’s largest retail banks.

Client Requirement and Business Drivers

As part of their European development strategy the bank had an objective to establish a new state of the art Internet Banking System. At the earliest stages of the project, security assurance was naturally identified as a critical element.

Recognising the importance of the right specialist expertise, together with the need for objectivity and independence Commissum was engaged to meet the business and technical information security related objectives of the Internet Banking project within tight timescales set by the business.

The main business drivers were:

  • Compliance with FSA and other international regulations demanded effective and demonstrable levels of security
  • A high level of confidence had to be established within the business, to ensure that authorisation for the project to go live was achieved to meet tight business driven timescales
  • The success of investment in such on-line services required high levels of customer confidence to be established and maintained through the secure launch and ongoing operation of this service
  • Recognition of the potential high level of financial exposure to the bank and its customers from inadequate security
  • Recognition of the potentially disastrous impact on brand and reputation that would arise from any security related incident

Major issues were immediately communicated to the client as and when they were identified, and recommended corrective action was factored into the project on an ongoing basis...

Services Provided

With launch dates being identified as business critical by the bank, Commissum completed all work within planned timescales by adopting characteristic flexibility with respect to changing priorities, and difficult working hours, to accommodate the requirements of the business.

Adopting a collaborative approach, we worked closely with the client on a day-to-day basis. Major issues were immediately communicated to the client as and when they were identified, and recommended corrective action was factored into the project on an ongoing basis with Commissum support prior to a successful launch.

Of note was the fact that we highlighted vulnerabilities in a commercial off-the-shelf application at the heart of the Internet Banking System. This was already in use in numerous deployments around the world; this resulted in immediate action by the 3rd party supplier of this application.

Commissum continues to provide specialist assurance services to the bank as a trusted security partner, with other activities including application testing of internal banking management systems, advice on changes to internal processes, forensic services for incident investigation, and support to specialist security products.

The services were delivered in the following areas during the course of the project:

  • Selected, focused security design and analysis for the UK group Internet-facing infrastructure
  • Pre-launch application security testing of the integrated solution comprising bespoke and commercial off-the-shelf elements
  • Pre and post go-live network penetration testing
  • Security analysis of critical back-end systems and infrastructure and advice on lock-down

Commissum have years of experience working with organsiations in the financial sector to increase security. Get in touch to see how we could support your organisation as a trusted security partner in your next major project.

We would like to use cookies to offer you a better browsing experience and track website performance. You can read more information about how we use cookies and how we analyse your data in our cookie policy here.

Reject Accept