Maintain SMS Banks Parameters

1.1 Maintain SMS Banks Parameters

This topic explains systematic instructions to maintain SMS bank parameters.

Certain parameters related to security management should be defined at the bank level. These parameters will apply to all the users of the system. Examples of such parameters are the number of invalid login attempts after which a user ID should be disabled, the maximum and minimum length for a password, the number of previous passwords that should not be used, the interval at which the password should be changed by every user, and so on.

Note:

The fields which are marked in asterisk are mandatory.

On Homescreen, type SMDBANKP in the text box, and click Next.
The SMS Banks Parameters screen displays.

Figure 1-2 SMS Banks Parameters

Description of "Figure 1-2 SMS Banks Parameters"

Note:
The bank parameters can be modified only when the Head Office branch is in the transaction input stage.

On the SMS Banks Parameters screen, specify the fields.

Note:

The fields, which are marked with an asterisk, are mandatory.

For more information on fields, refer to the field description table.

Bank Level Parameters

Table 1-3 Bank Level Parameters - Field Description

Field	Description
Site Code	Specify the Site Code.
Activation Key	The system displays the activation key.

Password Length (Characters) - Indicate the range of length (in terms of the number of characters) of a user password. The number of characters in a user password is not allowed to exceed the maximum length or fall below the minimum length that is specified here.

Table 1-4 Password Length - Field Description

Field	Description
Maximum and Minimum	The minimum length defaults to 8, and the maximum length to 15. If required, change the default values and specify the required range. In this case, the user can specify a minimum length between 8 to 11 characters, and a maximum length between 12 to 30 characters. The minimum specified length must not exceed the maximum length.

Invalid Logins - Specify the allowable number of times an invalid login attempt is made by a user. Each user accesses the system through a unique User ID and Password. While logging on to the system, if either the User ID or the Password is wrong, it amounts to an invalid login attempt.

Table 1-5 Invalid Logins - Field Description

Field	Description
Cumulative and Successive	The user can stipulate the allowable number of cumulative invalid attempts made during a day as well as the allowable number of consecutive or successive invalid attempts made at a time. In either case, if the number of invalid attempts exceeds the stipulated number, the user ID is disabled. By default, the allowable number of cumulative invalid attempts is six, and the allowable number of consecutive invalid attempts is three. If required, change the default value and specify the allowable number of attempts in each case. Specify an allowable number for cumulative attempts between 6 to 99, and for consecutive (successive) attempts, between 3 to 5. Once specified, the allowable number of cumulative or consecutive login attempts can be changed only at a time when no users are logged in to the system. When authentication of credentials is unsuccessful due to an incorrect user ID, then the user ID will not be logged in the audit logs. In case the user id is correct and the password is wrong, the attempt is logged in the audit log and the successive and cumulative failure count is incremented. When the user id and password are correct, this is logged into the audit logs.

Field

Description

Cumulative and Successive

The user can stipulate the allowable number of cumulative invalid attempts made during a day as well as the allowable number of consecutive or successive invalid attempts made at a time. In either case, if the number of invalid attempts exceeds the stipulated number, the user ID is disabled.

By default, the allowable number of cumulative invalid attempts is six, and the allowable number of consecutive invalid attempts is three. If required, change the default value and specify the allowable number of attempts in each case. Specify an allowable number for cumulative attempts between 6 to 99, and for consecutive (successive) attempts, between 3 to 5.

Once specified, the allowable number of cumulative or consecutive login attempts can be changed only at a time when no users are logged in to the system.

When authentication of credentials is unsuccessful due to an incorrect user ID, then the user ID will not be logged in the audit logs. In case the user id is correct and the password is wrong, the attempt is logged in the audit log and the successive and cumulative failure count is incremented. When the user id and password are correct, this is logged into the audit logs.

Parameters

Table 1-6 Parameters - Field Description

Field	Description
Password Repetitions	Stipulate the number of previous passwords that cannot be set as the new current password, when a password change occurs. The system defaults to a value of three (that is when a user changes the user password, the user’s previous three passwords cannot be set as the new password). The default value can be changed to a number between one and five, inclusive. For example, while setting up the Bank Level Parameters, a value of 2 is in the Password Repetitions field. Suppose that a user of the system has the user ID and password for login. If the user wants to change the password for the first time, process the Change Password screen. The user cannot select the current password again but has to enter a new password. The user wants to change the password for the second time. As the last two passwords cannot be used (Password Repetitions = 2 in the Bank Level Parameters table), the user cannot enter either of the old passwords. The user must enter a password that is different from the previous two passwords. The number specified here should be greater than or equal to 1 and less than or equal to 5.
Force Password Change After	The password of a user can be made valid for a fixed period after which a password change should be forced. In the Force Password Change After field, specify the number of calendar days for which the password should be valid. After the specified number of days has elapsed for the user’s password, it is no longer valid and a password change is forced. The number of calendar days defined here will be applicable for a password change of any nature either through the Change Password function initiated by the user or a forced change initiated by the system. The system defaults to a value of 30, which can be changed. If it is changed, the number of days specified here should be between 15 to 180 days, inclusive.
Intimate User (Before Password Expiry)	The number of days for which a password is to be valid is defined in the Force Password Change After field. Indicate the number of working days before password expiry that a warning is to be issued to the user. When the user logs into the system (the stipulated number of days before the expiry date of the password), a warning message will continue to be displayed till the password expires or till the user changes it. By default, the value for this parameter is two (that is two days before password expiry). If required, change a field value to a number greater than zero and less than or equal to five. For example, if the value specified in the Intimate User (Before Password Expiry) field is 2 and a user’s password is due to expire on January 31. The warning message is displayed on January 29 and January 30 whenever the user logs in.
Archival Period (In Days)	Specify the period (in calendar days) for which the audit trail details of system security related activities (such as usage of the system by a user, activities by the system administrator, and so on.) should be maintained. The system defaults to a value of 30 which can be changed. Specify an archival period that is greater than or equal to 7 calendar days.
Minimum Days Between Password Changes	Specify the minimum number of calendar days that must elapse between two password changes. After a user has changed the user password, it cannot be changed again until the minimum number of days specified here has elapsed. By default, the minimum number of days between password changes is set to One. However, this can be modified. Note: The Minimum Days Between Password Changes field value should not be more than the days defined in the field Force Password Change After. It is recommended to not set the Minimum Days Between Password Changes field value to 0.
Dormancy Days	Oracle FLEXCUBE Universal Banking allows automatically disabling the profile of all the users who have not logged into the system for a pre-defined period. A user ID is considered dormant if the difference between the last login date and the current date is equal to or greater than the number of Dormancy Days that is specified in this screen. This is reckoned in calendar days that are inclusive of holidays. All dormant users are disabled when attempting to log in to the post Dormancy Days.
Display Legal Notice	Check this box to display a legal notice.
Password External	The password external is enabled if the PASSWORD_EXTERNAL is maintained as Y in the property file. However, this check box cannot be edited. If the Password External box is checked, then the user and the password cannot be modified.
Number of Days to Forget User	Specify the number of days to forget the user by the system.
Maximum Consecutive Repetitive Characters	It is allowed to place restrictions on the number of alpha and numeric characters that can be specified for a user password. Specify the maximum number of allowable repetitive characters occurring consecutively in a user password. This specification is validated whenever a user changes the user password and is applicable for a password change of any nature either through the Change Password function initiated by the user or a forced change initiated by the system. For example, the value specified in the Maximum Consecutive Repetitive Characters field is 3 and a user decides to change his password to STUDDDD123. The system will not allow this password change as the Maximum Consecutive Repetitive Characters value has exceeded the recurrence of D in the password.
Minimum Number of Special Characters in Password	Specify the minimum number of special characters allowed in a user password. The system validates these specifications only when a user chooses to change the password. If the limits are not specified, the following default value will be used: Minimum Number of Special Characters = 1
Minimum Number of Numeric Characters in Password	Specify the minimum number of numeric characters allowed in a user password. The system validates the password only when a user chooses to change his password. If the limits are not specified, the following default value will be used: Minimum Number of Numeric Characters = 1 Note: Specify any number between 0 to 11 in each of these fields. However, ensure that the sum total of the minimum number of special characters and the minimum number of numeric characters is less than or equal to the Maximum Password Length.
Minimum Number of Lowercase Characters in Password	Specify the minimum number of lowercase characters allowed in a user password. The allowed lower case characters are from the US-ASCII character set only. The system validates these specifications only when a user chooses to change the password. If the limits are not specified, the following default values will be used: Minimum Number of Lower Case Characters = 1 Maximum Number of Numeric Characters = Maximum Password Length
Minimum Number of UpperCase Characters in Password	Specify the minimum number of upper case characters allowed in a user password. The allowed uppercase characters are from the US-ASCII character set only. The system validates these specifications only when a user chooses to change the password. If the limits are not specified, the following default values will be used: Minimum Number of Upper Case Characters = 1 Maximum Number of Numeric Characters = Maximum Password Length
Mask Character	Enter a character that is used to mask personal information.

Note:

The fields, which are marked with an asterisk, are mandatory.

For more information on fields, refer to the field description table.

Table 1-7 Warning Screen Text - Field Description

Field	Description
Warning Screen Text	At bank level, a warning message containing legal requirements and security policy is to be displayed to all users before allowing them to log in to Oracle FLEXCUBE Universal banking. Specify the text (content) of such a message in the Warning Screen Text field. This message will be displayed soon after a user launches the Oracle FLEXCUBE Universal Banking login screen. The user will be allowed to continue with the login process only after clicking Ok on the message window. The contents of the message can be modified only during the transaction input stage. The changes will come into effect during the next login by a user. The maximum size of the warning message is 1000 characters. Note: It is allowed to specify the contents of the warning message only if the Display Legal Notice option is enabled.

Field

Description

Warning Screen Text

At bank level, a warning message containing legal requirements and security policy is to be displayed to all users before allowing them to log in to Oracle FLEXCUBE Universal banking. Specify the text (content) of such a message in the Warning Screen Text field. This message will be displayed soon after a user launches the Oracle FLEXCUBE Universal Banking login screen.

The user will be allowed to continue with the login process only after clicking Ok on the message window. The contents of the message can be modified only during the transaction input stage. The changes will come into effect during the next login by a user. The maximum size of the warning message is 1000 characters.

Note:

It is allowed to specify the contents of the warning message only if the Display Legal Notice option is enabled.

Screen Saver Details - The Oracle FLEXCUBE Universal Banking application screen will be locked if there is no activity for some time, and can be logged in back only after specify the password of the user ID. For more information on fields, refer to the field description table.

Note:

The fields, which are marked with an asterisk, are mandatory.

For more information on fields, refer to the field description table.

Table 1-8 Screen Saver Details - Field Description

Field	Description
Screensaver Required	Check this box if a screensaver is required.
Screensaver Interval Modifiable at User level	Check this box to modify the screensaver interval at the user level.
Screensaver Interval (in seconds)	Specify the time in seconds, after which the screen should be locked. If both the Screensaver Required and Screensaver Interval Modifiable at User level boxes are checked at the bank level, then it will be visible at the user level. Otherwise, it will be hidden. The system defaults the screensaver time out from the bank parameter's screen. The administrator who creates a user will be allowed to change the same during user creation time. The screensaver interval maintained at the user level should always be less than or equal to that maintained at the bank level. If the screensaver interval is not specified in the user level, the system takes the interval from SMS Banks Parameters screen. The screensaver interval can be specified by the user only if the Screensaver Interval Modifiable at User level is checked in the SMS Banks Parameters screen.

Click Exit to end the transaction.

Parent topic: Security Management