- General security framework built over industry standards for identifying and applying practices for authorization, authentication, cryptography, session management, sensitive data management, infrastructure security, auditing and logging.
- Authentication: Unique user codes and passwords for Core Banking Access; Password expiration and user disablement; User passwords stored one-way encrypted
- Authorization: User credentials and privileges validation on every resource and application block; Personal permissions on banking services
- Session management: Unique session identifiers and secured session details storage; Session lifetime control on every discrete user action
- Sensitive data management: Sensitive data stored, sent over network and logged in encrypted form Infrastructure security: Secured network infrastructure provided by the Bank; Encrypted traffic between application tiers; SSL where applicable; Securing banking servers
- Auditing and logging: Full log of user activity; Audit of application activity through all application tiers