Oracle FLEXCUBE Universal Banking Controls

Overview

This topic describes the various programs available within Oracle FLEXCUBE Universal Banking to help in the maintenance of security.

Access to the system is possible only if the user logs in with a valid ID and the correct password. The activities of the users can be reviewed by the Security Officer in the Event Log and the Violation Log reports.

Disable Logging

It is recommended that the debug logging facility of the application be turned off once the system is in production. This is achieved by updating the property file of the application via the Oracle FLEXCUBE Universal Banking Installer.

The above described practice does not disable logging performed by the application in the database tier. This can be disabled by running the lockdown scripts provided. The lockdown scripts will disable logging across all modules and all users in the system.

Audit Trail Report

A detailed Audit Trail is maintained by the system on all the activities performed by the user from the moment of login. This audit trail lists all the functions invoked by the user, along with the date and time. The program reports the activities, beginning with the last one. It can be displayed or printed. The records can be optionally purged once a printout is taken. This program should be allotted only to the Security Officer.

Security Violation Report

This program can be used to display or print the Violation Report. The report gives details of exceptional activities performed by a user during the day. The difference between the Violation Report and the Audit Trail is that the former gives details of all the activities performed by the users during the day, and later gives the details of exceptional activities, e.g. forced password change, unsuccessful logins, User already logged in, etc. The details given include:

Time
The name of the operator
The name of the function
The ID of the terminal
A message giving the reason for the login

The system gives the Security reports a numerical sequence. The Security Report includes the following messages:

Table 4-1 Sign-on Messages

Messages	Explanation
User Already Logged In	The user has already logged into the system and is attempting a login through a different terminal.
User Authentication Failed	An incorrect user ID or password was entered.
User Status is Locked. Please contact your System Administrator	The user profile has been disabled due to an excessive number of attempts to login, using an incorrect user ID or password. The number of attempts could have matched either the successive or a cumulative number of login failures (configured for the system).

Display/Print User Profile

This function provides an online display/print of user profiles and their access rights. The information includes:

The type (customer/staff).
The status of the profile - enabled or disabled or on-hold.
The time of the last login.
The date of the last password /status change.
The number of invalid login attempts.
The language code/home branch of the user.

Clear User Profile

A user ID can get locked into the system due to various reasons like an improper logout or a system failure. The Clear User Profile function can be run by another user to reset the status of the user who got locked in. This program should be used carefully and conditionally.

Change User Password

Users can use this function to change their passwords. A user password should contain a minimum of six characters and a maximum of twelve characters (both parameterizable). It should be different from the current and two previous passwords. The program will prompt the user to confirm the new password when the user will have to sign on again with the new password.

List of Logged-in Users

The user can run this program to see which users are in use within Oracle FLEXCUBE Universal Banking at the time the program is being run. The information includes the following:

The ID of the terminal
The ID of the user
The login time

Change Time Level

Time levels have to be set for both the system and the users. Ten time levels are available, 0 to 9. Restricted Access can be used to set the Users time level. The Change Time Level function can be used to do the same for the branch. A user will be allowed to sign on to the system only if his/her time level is equal to or higher than the system time level. This concept is useful because timings for system access for a user can be manipulated by increasing the system time level. E.g. the End of Day operators could be allotted a time level of 1, and the users could be allotted a time level of 0. If the application time-level is set at 1 during End of Day operations, only the End of Day operators will have access to the application. The other users will be denied access.

Authentication & Authorization

First, only authorized users can access the system with the help of a unique User ID and a password. Secondly, a user should have access rights to execute a function. The user profile of a user contains the User ID, the password, and the functions to which the user has access. Oracle FLEXCUBE Universal Banking operations such as new, copy, query, unlock, etc will be enabled based on function rights available for the user. The function rights will be checked for each operation performed by the user.

An administrator can define the maximum number of unsuccessful attempts after which a User ID should be disabled. When a User ID has been disabled, the Administrator should enable it. The password of a user can be made applicable only for a fixed period. This forces the user to change the password at regular intervals thus reducing security risks. Further, the Administrator can define passwords that could be commonly used by a user as Restrictive Passwords at the user, user role, and bank level. A user cannot use any password that is listed as a Restrictive Password at any of these levels.

Role Based Access Controls

Application level access has been implemented via the Security Management System (SMS) module. SMS supports ROLE BASED access of Screens and different types of operations. FLEXCUBE Universal Banking Solutions supports dual control methodology, wherein every operation performed has to be authorized by another user with the requisite rights.

Masking

Personally identifiable information in scoped function id’s are enhanced to display masked or unmask values depending on the user definition. Masking personally identifiable information is based on the policies created in the database.

Granular Access

Customer and Customer Account maintenance, transaction restricted to users based on the access group restriction attached at user level for the scoped function ids. Users will not be able to query, view, create or amend data based on access group restriction.

Right to be forgotten

Personally identifiable information of both closed Users and Customers are permanently anonymized. Once PII information is permanently anonymized corresponding Users and Customers cannot be queried from the application. Right to be forgotten will be processed based on the number of days to forget the customer and on customer request.

Access controls like branch level

Users can indicate the branches from where a user can operate in the Restricted Access screen (function-ID).

Maker – Checker

The application supports dual control methodology, wherein every operation performed has to be authorized by another user with the requisite rights.

User Management

Oracle FLEXCUBE Universal Banking enables the creation of users through SMDUSRDF UI. On authorization of the newly created user, the credentials are automatically mailed to the user’s email id. This reduces the risk of passwords known to the administrator, who creates users for the bank.

The user is forced to change the password on the first login. The password supplied is hashed iteratively after being appended with a randomly generated salt value. The hashing algorithm used is of the SHA-2 family and above.

User privileges are maintained by Roles. Roles definition is captured via another UI. These roles are mapped to a user in the SMDUSRDF UI. Based on these users- roles mapping the user will have access to different modules in Oracle FLEXCUBE Universal Banking.

Access Enforcement

Access management in Oracle FLEXCUBE Universal Banking can be done in four steps.

Branch level: In such a case, the user cannot view even the menu list of the FCUBS when he tries to login into the restricted branch. Thus, no transactions could be performed.
Roles wise: As described above basing on the user-roles mapping, the user can access different modules in FCUBS. For example, a bank clerk will have access to customer creation, account opening, term-deposits opening, and liquidation screens, but he will not have access to SMDUSRDF UI, which is for user creation.
Function-ID wise: Here, the user can be restricted to launch even the UI on clicking on the menu list.
Product/Account class wise: Here, the user can be prevented access to certain account classes or products. This will disable him from creating any accounts or transactions using those prevented account class and product respectively.

Privacy Controls

Tokenization mechanism is implemented in FCUBS, where the token is created for every request that hit the server for avoiding forgery attacks. Also, to avoid Clickjacking and frame spoofing attack FCUBS have a respective header and code configuration. Proper privacy control and content type have been placed.

Password Management

Certain user password related parameters should be defined at the bank level. These parameters will apply to all the users of the system. Examples of such parameters are the number of invalid login attempts after which a user-id should be disabled, the maximum and minimum length for a password, the number of previous passwords that should not be used, the interval at which the password should be changed by every user, etc.

Invalid Logins

In Oracle FLEXCUBE Universal Banking user should specify the allowable number of times an invalid login attempt is made by a user. Each user accesses the system through a unique User ID and password. While logging on to the system, if either the User Id or the Password is wrong, it amounts to an invalid login attempt.

By default, the allowable number of cumulative invalid attempts is six, and the allowable number of consecutive invalid attempts is three. These default values can be changed and specify the allowable number of attempts in each case. An allowable number for cumulative attempts are between 6 and 99, and for consecutive (successive) attempts are between 3 and 5.

When authentication of credentials is unsuccessful due to an incorrect user ID, then the user id will not be logged in the audit logs. In case the user id is correct and the password is wrong, the attempt is logged in the audit log and the successive and cumulative failure count is incremented. When the user id and password are correct, this is logged into the audit logs.

Specifying Parameter

Table 4-2 Specifying Parameters

Parameters	Description
Dormancy Days	Oracle FLEXCUBE Universal Banking allows to automatically disable the profile of all the users who have not logged into the system for a pre-defined period. A user ID is considered dormant if the difference between the last login date and the current date is equal to or greater than the number of Dormancy Days that has been specified. This is reckoned in calendar days i.e. inclusive of holidays. All dormant users (whose home branch is same as the current branch) are disabled during the end of day run at the current branch.

Parameters

Description

Dormancy Days

Oracle FLEXCUBE Universal Banking allows to automatically disable the profile of all the users who have not logged into the system for a pre-defined period. A user ID is considered dormant if the difference between the last login date and the current date is equal to or greater than the number of Dormancy Days that has been specified. This is reckoned in calendar days i.e. inclusive of holidays. All dormant users (whose home branch is same as the current branch) are disabled during the end of day run at the current branch.

Specify Parameters for User Passwords

Table 4-3 Specify Parameters for User Passwords

Parameters	Description
Password Length (characters)	The range of length (in terms of number of characters) of a user password can be set. The number of characters in a user password is not allowed to exceed the maximum length, or fall below the minimum length that has been specified. The minimum length defaults to 8, and the maximum length to 15. The defaults values can be changed and specify the required range. The length can specify a minimum length between 6 and 15 characters and a maximum length between 10 and 15 characters. The minimum length specified must not exceed the maximum length that has been specified.
Force Password Change after	The password of a user can be made valid for a fixed period after which a password change should be forced. After the specified number of days has elapsed for the user’s password, it is no longer valid and a password change is forced. The number of calendar days defined will be applicable for a password change of any nature - either through the ‘Change Password’ function initiated by the user or a forced change initiated by the system. The system defaults to a value of 30, which can be changed. The number of days can be between 15 and 180 days.
Password Repetitions	The number of previous passwords that cannot be set as the new current password can be configured when a password change occurs. The system defaults to a value of three (i.e., when a user changes the user password, the user’s previous three passwords cannot be set as the new password). The default value can be changed, and it can specify a number between one and five.
Minimum Days between Password Changes	The minimum number of calendar days that must elapse between two password changes can be configured. After a user has changed the user password, it cannot be changed again until the minimum numbers of days you specify here have elapsed.
Intimate Users (before password expiry)	The number of working days before password expiry can be configured, which is used to display a warning message to the user. When the user logs into the system (the stipulated number of days before the expiry date of the password), a warning message will continue to be displayed till the password expires or till the user changes it. By default, the value for this parameter is two (i.e., two days before password expiry).

Placing Restrictions on User Passwords

The application allows placing restrictions on the number of alpha and numeric characters that can be specified for a user password.

Table 4-4 Restrictions on User Passwords

Restriction	Description
Maximum Consecutive Repetitive Characters	The maximum number of allowable repetitive characters occurring consecutively in a user password can be specified. This specification is validated whenever a user changes the user password and is applicable for a password change of any nature - either through the Change Password function initiated by the user or a forced change initiated by the system.
Minimum Number of Special Characters in Password	The application allows defining a minimum number of special characters allowed in a user password. The system validates these specifications only when a user chooses to change the password. Following is the default value application used: Minimum No of Special Characters = 1
Minimum Number of Numeric Characters in Password	Likewise, the application allows defining the minimum number of numeric characters allowed in a user password. The system validates the password only when a user chooses to change his password. Following is the default value used: Minimum No of Numeric Characters = 1
Minimum Number of Lower Case Characters in Password	The minimum number of lowercase characters allowed in a user password also can be configured. The allowed lower case characters are from the US-ASCII character set only. The system validates these specifications only when a user chooses to change the password. Following is the default value used: Minimum No of Lower Case Characters = 1
Minimum Number of Upper Case Characters in Password	The minimum number of upper case characters allowed in a user password can be configured. The allowed upper case characters are from the US-ASCII character set only. The system validates these specifications only when a user chooses to change the password. Following is the default value used: Minimum No of Upper Case Characters = 1

Password Restrictions

The application allows defining a list of passwords that cannot be used by any user of the system in the bank. This list is called the Restrictive Passwords list. It can be defined at three levels:

At the bank level (applicable to all the users of the system)
At the user role level (applicable for all the users assigned the same role)
At the user level (applicable for the user)

The list of Restrictive Passwords should typically contain those passwords the users are most likely to use: the name of your bank, city, country, etc. For a user role, it could contain names, or terms, that are commonly used in the department. At the user level, it could contain the names of loved ones, etc. By disallowing users from using such common passwords, you can reduce the risk of somebody other than the user knowing the password.