0% found this document useful (0 votes)
245 views103 pages

ICTFI Hand Note

Information and Communication Technology in Financial Institutions (ICTFI), HAND NOTE, AIBB, QUESTION ANSWERS

Uploaded by

saidrajan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
245 views103 pages

ICTFI Hand Note

Information and Communication Technology in Financial Institutions (ICTFI), HAND NOTE, AIBB, QUESTION ANSWERS

Uploaded by

saidrajan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 103

2023

LE
SA
Information and
R
Communication
FO

Technology in
Financial
Institutions (ICTFI)
T
O
N

Prepared By
MD SAIDUL ALAM RAJAN
Executive Officer
Information and Communication Technology in
Financial Institutions (ICTFI)
Full Marks: 100
Module-A: Introduction to ICT and Computer Systems
 Information and Communication Technology, Electronic Banking and Online Banking,
Mobile Financial Services, Agent Banking, e-commerce and m-Commerce, Computer
Hardware, Computer Software, Internet.

Module-B: Different Approaches to Automation of Financial Institutions (FIs)


 Data Center (DC), Near DC, Disaster Recovery Site (DRS), Data Center Standards and
certifications, Computer Networking, IT Systems, Storage, Database and backup systems for
ICT in FIs, Computerization approaches, Various Software Systems Like Core Banking,
Switching, Credit Card, Payment Gateway, Mobile Financial System and Agent Banking
Software.

Module-C: Alternative Delivery Channels & Fund Transfer Systems

LE
 Automatic Transaction Machine (ATM), Cash Deposit Machine (CDM), Cash Recycling
Machine (CRM), POS terminals, Debit Card, Credit Card, Card technology Internet Banking,
SMS and Alert Banking, E-commerce & Internet Payment Gateway, M-Commerce, Mobile
Financial Services (MFS), Agent Banking (Biometric Banking), Call Center, Systems for
sending fund transfer instruction like Telex, Swift, CHIPS, FEDWIRE.

SA
Module-D: ICT Security, Cyber Security, ICT Risk Management, Standards, Regulations and
Legal Framework
 ICT Security, Cyber Security, ICT Risk Management, Security Standards and Regulations,
Guideline on ICT Security for Scheduled Banks and Financial Institutions published by the
Central Bank of Bangladesh, PCI-DSS, BS 7799 and ISO 27000, Legal framework in
R
Bangladesh (Cyber Law, ICT Act etc).

Module-E: Document Handling Systems, Additional Banking Applications & Other Aspects
FO

 Cheque Processing Systems such as Clearing and Settlement Systems, MICR, RTGS, BACH
(BACPS & BEFTN) and additional Banking Applications like ERP Software, CRM Software,
E-mail software, Anti-Virus and anti-malware software.

Module F: FinTech, Artificial Intelligence and future Technology Based Banking


 Fintech, RegTech and TechFin, Virtual Banking, Basic Crypto Currency, Block Chain
Technology, Cloud computing, Internet of Things (IOT), Machine Learning, Data Mining,
T

Data Warehouse, Neural Network, Data Warehouse, Current Trends, Artificial Intelligence.
O

References:
1. Abul Kashem Md Shirin and Nusrat Tamanna Prianka (2020): “Information Technology in
Financial Services” 2nd ed., The Institute of Bankers, Bangladesh (IBB)
N

2. C.S. French, 1990: Computer Studies, 3rd ed., Arnold Publishers, New Delhi, India
3. Graham Taylor, 2001: GCSE Computer Studies, 4th ed., Macmillan Press Ltd., London
4. Grau, J. J. (ed.), 1992: Criminal and Civil Investigation Handbook, 2nd ed., McGraw-Hill
Inc., New York.
5. James A. O’Brien, 1999: Management Information Systems, 4 th ed., Tata McGraw-Hill Publishing
Company Limited, New Delhi, India
6. Kenneth C. Laudon & Jane P. Laudon, 1999: Management Information Systems – Organization and
Technology, 4th ed., Prentice Hall of India, New Delhi – 110 001.
7. Pete Loshin & Paul A. Murphy, 1999: Electronic Commerce, 2 nd ed., Jaico Publishing House, Mumbai,
India.
8. Yekini Nureni, INFORMATION COMMUNICATION TECHNOLOGY (ICT).
9. Harry Bouwman,Bart van den Hooff,,Lidwien van de Wijngaert ,Jan van Dijk, Information and
Communication Technology in Organizations.
10. Carol V. Brown, Daniel W DeHayes ,Jeffrey Slater, Wainright E. , Martin Managing Information
Technology .
11. IIB, Electronic Banking and Information Technology .
MODULE-A:
INTRODUCTION TO ICT
AND COMPUTER
SYSTEMS

Information and
Communication
Technology, Electronic

LE
Banking and Online
Banking,

Mobile Financial Services,


Agent Banking, e-commerce

SA
and m-Commerce,
Computer

Hardware, Computer
Software, Internet.
R
FO
T
O
N
1. What is the difference between the terms “Information Technology” and
“Information and Communication Technology”?
Answer: Information Technology (IT): IT primarily refers to the use and management of technology
resources, hardware, software, and networks for the storage, retrieval, transmission, and processing of
data and information.

Information and Communication Technology (ICT): ICT is a broader term that includes not only
information technology but also telecommunications and various communication technologies. It
encompasses all technologies used to manipulate and communicate information.

While IT focuses on the management and use of technology for data and information processing, ICT
extends this concept to encompass a wider range of technologies and communication methods. ICT
emphasizes not only the technical aspects but also how these technologies facilitate communication

LE
and the exchange of information in a broader sense. The distinction between the two terms is somewhat
fluid and can vary depending on the context and usage.

2. Banking service is now available anywhere. How this become possible after
implementation of ICT in Banking?

SA
Answer: The availability of banking services anywhere, often referred to as "digital banking" or
"online banking," has become possible through the extensive implementation of Information and
Communication Technology (ICT) in the banking sector.

 High speed: Computer can work with very high speed. A computer can complete a 100 year’s
R
work of a man in a few minutes only.

 Available anytime: Before introduction of ICT in banking services, the customers had to
FO

complete all the transactions before a set time in working days only. Now a customer can avail
the banking services 24 hours a day, 365 days a year.

 Global Access: With ICT, banking services have become globally accessible. Customers can
access their accounts and conduct transactions from anywhere they want.
T

 Accuracy: Computer can work with 100% accuracy if the program and data supplied is
correct.
O

 Memory: Computer has a very huge memory which can store and process a large number of
data. Its storage is more than the storage of a big library.
N

 Diligence: Computer can work continuously for a long time without tiredness which is not
possible for a man.

 Enhanced Security Measures: ICT in banking has led to the development of advanced
security measures, including encryption, multi-factor authentication, and biometrics, to protect
customer data and transactions, assuring customers of the safety of digital banking.

The integration of ICT into banking has significantly expanded the reach and convenience of banking
services. It has transformed traditional banking into a more accessible, efficient, and customer-centric
industry, allowing people to bank from virtually anywhere with an internet connection or access to
banking infrastructure.
3. Name five electronic banking systems and define them.
Answer: Electronic banking systems, also known as e-banking systems or online banking systems, are
digital platforms that allow customers to conduct financial transactions and access banking services
electronically. Here are five commonly used electronic banking systems:

 ATM (Automated Teller Machine) Network: ATMs are electronic banking systems that
provide 24/7 access to basic banking services, such as cash withdrawals, balance inquiries, and
fund transfers. Customers can use their bank's ATM network or even withdraw cash from
ATMs of other banks.

 Point-of-Sale (POS) Systems: POS systems are used for electronic payments at retail stores
and businesses. Customers can use debit cards, credit cards, or mobile payment methods to
make purchases electronically. These systems facilitate secure and convenient in-store
transactions.

LE
 Mobile Banking Apps: Mobile banking apps are smartphone and tablet applications
developed by banks. These apps enable customers to access banking services, make mobile
deposits, transfer funds, and manage their accounts directly from their mobile devices.

SA
 Internet Banking: Internet Banking is a way of performing some banking activities through
internet by a customer himself sitting at his home or office. Banks that allows customers to
access their accounts, check balances, view transaction history, transfer funds between
accounts, pay bills, and perform various other banking activities through a secure internet
connection.
R
 SMS Banking: SMS banking is a way of performing some banking activities by a customer
himself by sending SMS from his mobile phone. It allow clients to Check account balance,
FO

Obtaining a mini statement of his account, Payment of utility bill, Payment of bill against
purchase of goods and services, Mobile top up, Fund transfer, Change PIN etc.

 Interactive Voice Response: IVR or Interactive Voice Response is an automated system


where a customer can call from his land phone or mobile phone and interact with the machine
pressing digits to perform some banking services. These services may include obtaining
T

information such as balance inquiry or do transactions such as fund transfer and


activate/deactivate a debit, credit or prepaid card.
O

These electronic banking systems have revolutionized the way individuals and businesses manage
their finances, providing convenience, accessibility, and efficiency in conducting financial
transactions and accessing banking services.
N

4. What is an ATM booth? How ATMs brings freedom to the customers? Mention five
functions of an ATM. Name some components of an ATM and mention their
functions.
Answer: ATMs are electronic banking systems that provide 24/7 access to basic banking services,
such as cash withdrawals, balance inquiries, and fund transfers. Customers can use their bank's ATM
network or even withdraw cash from ATMs of other banks.

ATMs give customers the freedom to access cash and perform basic banking transactions. Reduce
queues and more, at your convenience, regardless of location or time of day. They enable individuals
to manage their finances more efficiently and securely, contributing to a more flexible and independent
banking experience.
 Functions of ATM Booth:
 Cash withdrawal
 Payment of utility bills
 Fund transfer from customers own account to another account in the same bank or with
another bank
 Checking account balance
 Printing mini statement (last 5 transactions).

 Components of an ATM:
 Cash Deposit Machine (CDM): A cash deposit machine is an automated machine that
allows customers to deposit cash into their bank accounts without the need for filling out
deposit slips or standing in long queues at the bank.

 Instant account credit


 Immediate receipt

LE
 24/7 availability
 No long queues

 Cash Recycling Machine (CRM): ATM machines which can accept bundles of money,

SA
count the money supplied in different denominations and check for fake notes.

 Reduce Employee Hours


 Improved Cash Controls
 Maximize Cash Inventory
 Reduce Risk of Theft
R
 Employees are Safer
 Significant Increase of Flexibility
FO

5. Describe steps of withdrawing money from ATM.


Answer:

 Insert ATM Card


T

 Select Language

 Enter 4-Digit ATM Pin


O

 Select the type of Transaction


N

 Select the Type of Account

 Enter the withdrawal amount

 Collect the Cash

 Take a printed receipt , if needed

 Another Transaction
6. What are the differences among ATM, CDM and CRM?
Answer:

ATM CDM CRM


Automated Teller Machine Cash Deposit Machine Cash Recycling Machine
Mainly used for cash withdrawals Primarily used for cash deposits Used for receiving and
and account balance inquiries. into bank accounts. dispensing cash.
Facilitates cash withdrawals Facilitates cash deposits Facilitates cash fitness, identify
notes denomination, amount
counting and register
Use Pin number for withdrawals Use account number to deposit No Pin needed
money
No such facility Facilitates Utility Bills deposit No such facility

LE
No such facility New customer registration & No such facility
onboarding

7. What kind of dispute may arise of a CDM? How banks mitigate this?

SA
Answer: CDM (Cash Deposit Machine) disputes typically revolve around issues related to cash
deposits made using these machines. Here are some common types of disputes that may arise from
CDM transactions and how banks mitigate them:

 Wrong Amount Deposited: Customers may claim that the CDM did not accurately count or
R
credit the full amount of cash they deposited.

 Deposit Limits: Some CDMs have predefined deposit limits, which may restrict larger cash
FO

deposits.

 Limited Denominations: Certain machines may only accept specific denominations, limiting
flexibility in cash deposit amounts.

 Missing Deposit: Customers may allege that their deposit was not credited to their account,
T

even though they made a successful deposit through the CDM.

 Dispensing Incorrect Change: Sometimes, CDMs dispense incorrect denominations or


O

counts of currency when giving change to customers during a deposit transaction.

 Technical Malfunctions: CDMs may experience technical issues during a transaction, leading
N

to disputes.

 Unauthorized Access or Fraud: In some cases, fraudsters may attempt to manipulate CDMs
to their advantage, or there may be cases of unauthorized access leading to disputes.

To mitigate these disputes effectively, banks typically encourage customers to follow proper deposit
procedures, such as verifying the deposited amount on the transaction receipt, retaining receipts for
reference, and promptly reporting any discrepancies or issues. Moreover, they continuously improve
the reliability and security of their CDMs through regular maintenance, software updates, and security
protocols to minimize the occurrence of disputes.
8. What is a POS terminal? Describe various components of a POS terminal. How a
bank earns from a POS terminal installed at a merchant? Describe how payment
is made using a POS terminal.
Answer: Point of sale (POS) refers to the payment counter in a retail store where customers pay for
their purchased goods. To simplify, a POS is the point of purchase where orders are processed, bills
are generated, and customers pay for their purchases.

 Components of Point of sale (POS): Here are the key components of a POS terminal:
 Computer or Server: The central processing unit (CPU) or server is the brain of the POS
system.
 Monitor or Touchscreen Display: A monitor or touchscreen display provides a visual
interface for both the cashier and the customer.

LE
 Barcode Scanner: A barcode scanner reads product barcodes, allowing cashiers to quickly
and accurately ring up items for sale.
 Receipt Printer: A receipt printer generates customer receipts for each transaction.
 Card Reader or Magnetic Stripe Reader (MSR): Card readers accept credit and debit

SA
cards.
 Near Field Communication (NFC) Reader: An NFC reader allows contactless payment
methods.
 Cash Register Software: The POS software is the heart of the system.
 Barcode Labels and Receipt Paper: Businesses use barcode labels for products, making
R
it easy to scan items during transactions.
 Router and Network Connection: To process credit card transactions and communicate
with other systems, POS terminals often require an internet connection.
FO

 Power Supply and Backup: Reliable power sources, including surge protectors and
uninterruptible power supplies (UPS).

 Banks’ earnings through POS: Banks buy the POS terminals and supply to a merchant free
of cost but at an agreed merchant commission. The merchant commission refers to the
T

commission in percentage over the sale amount settled using the supplied POS terminal which
the merchant pays to the bank. This normally rages from 1.0% to 2.0%.
O

 Payment Method through POS:


N

9. How GPRS POS terminal is different from a dial-up POS terminal?


10.How a bank earns from a POS terminal installed at a merchant?
11.Describe how payment is made using a POS terminal.
12.How Internet Banking works?
13.What banking activities a customer can perform using Internet Banking?
14.Can a customer receive cash from Internet Banking? Why?
15.Mention a few differences between SMS and Alert Banking.
16.Mention two syntaxes for any two functions of SMS banking.
17.Describe some advantages and disadvantages of Electronic Banking.
18.What is online banking or Any Branch banking? Mention advantages and
disadvantages of online banking.
Answer: Online banking is a way of performing some banking activities through internet from
anywhere, any place and anytime. Online banking is also known as Internet banking or web banking.
Online banks operate exclusively online, with no physical branch at all. For that reason it can also be
called any branch banking.

 Advantages:

 Saves Time: No need to standing in long queues banking services are just a click away.

 No Geographical Boundaries: A customer can make payments from anywhere in the


world to anyone they wish to without the restriction of time or place.

LE
 Convenient: Pay various utility bills from the comfort of home.

 24×7 Availability: Can have banking services 24x7 without any interruption.

SA
 Record of Transactions: Transactions and fund transfers made online are organized in the
‘Transaction History’ section along with every detail.

 Security and Speed: Transactions are encrypted, secure, and efficient in online banking.
It takes only a few seconds to carry out such transactions.
R
 Non-financial Transactions: Online banking allows the users to avail non-financial
FO

services such as checking the bank balance, generating account statements, applying for a
new checkbook, changing the address, mobile number or email, etc.

 Disadvantages:

 Fund deposit: There is no provision for online, cashless deposits.


T

 User Friendly: Understanding the usage of internet banking might be difficult at the first.
O

So, a person who is new to technology might face some difficulty.

 Cyberattacks and Fraud: Despite all the security and encryption, there’s a possibility of
N

a cyberattack on banks’ servers and databases.

 Large Withdrawals: Online banking doesn't help if you need access to large amounts of
cash.

 Internet Connection: If the bank's server is down, due to the loss of net connectivity or a
slow connection, then it might be hard to know if your transaction went through.

Like every system, online banking also has its advantages and disadvantages. Online banking is a fast,
inexpensive, and convenient way to handle many of your everyday financial transactions. The above
comparison of the advantages and disadvantages of internet banking makes it clear that the benefits
outweigh the consequences.
19.What is a MFS? History of MFS? What are the Services of MFS operator provides
in Bangladesh? Name a few remarkable MFS in Bangladesh.

Answer: Mobile Financial Services (MFS) is a Digital Wallet/Money is an Electronic Prepaid Card
with M-Banking Facilities that utilizes ATM and all kinds of electronic Communication Technologies
including mobile phone. People who are not involved with the services of the bank can be facilitate
efficient banking services through mobile channels. By using a mobile financial Services, a huge
unbanked population could be brought into the banking system.

 History: Bangladesh Bank has introduced efficient off-branch Mobile Financial Services
(MFS) during 2011 in Bangladesh as the country developed a universal mobile phone network
experienced, large number of mobile phone users and improved IT infrastructure.

LE
 Services of MFS:

 Cash-in
 Cash-out
P2P Fund transfer

SA

 Receive foreign remittance
 Merchant Pay
 Utility bills Pay
 Various government allowances and Taxes
 Mobile recharge
E-ticketing
R

 Remarkable MFS: bKash, Rocket, Nagad, TAP, Upay, SureCash, OK-wallet


FO

20.In relation to e-commerce, define the following: Cart, Payment gateway, Acquiring
and Issuing Bank, PIN, CVV, CVC, Payment Association, Authorization,
Settlement, NOSTRO account, and NPSB.
Answer: According to James A. O’Brien “e-commerce is the buying and selling, and marketing and
T

servicing of products, services and information over a variety of computer network. In short, buying
and selling of goods and services over internet is called e-commerce.
O

 Cart: Cart is a software that lets customers select, store, and manage items before buying them.
 Payment gateway: A payment gateway is a technology used by merchants to accept debit or
N

credit card purchases from customers.


 Acquiring Bank: An acquiring bank is a financial institution that accepts and processes credit
and debit card transactions on behalf of merchants.
 Issuing Bank: An issuing bank is a financial institution that provides credit and debit cards to
customers on behalf of big card networks like Visa, MasterCard, Discover, and American
Express.
 PIN: Personal Identification Number
 CVV: Card Verification Value
 CVC: Card Verification Code
 Payment Association: An e-commerce payment system that facilitates the acceptance of
electronic payment for offline transfer,
 Authorization: E-commerce authorization refers to the process of granting permission for a
transaction to take place electronically.
 Settlement: Refer to the number of funds that are transferred to the merchant from the acquirer
for the specific amount of the sale for the acceptance of the card transaction.
 NOSTRO account: A NOSTRO account refers to an account that a bank holds in a foreign
currency at another bank.
 NPSB: National Payment Switch Bangladesh (NPSB) is a domestic ATM sharing network
governed by the Bangladesh Bank.
21.Describe process flow of payment in ecommerce.
Answer: Here’s a breakdown of the steps involved in ecommerce payment processing:

 Customer places order: The customer browses an online store, selects the products they wish

LE
to purchase, and proceeds to check out.
 Customer enters payment information: At checkout, the customer enters their payment
information, such as credit or debit card details, into the payment gateway provided by the
online store.

SA
 Payment authorization: The payment gateway sends the payment information to the payment
processor, which verifies the information with the customer’s bank or credit card issuer to
ensure that the payment can be authorized.
 Payment approval: If the payment information is verified and authorized, the payment
processor sends an approval message to the payment gateway, which then notifies the online
R
store that the payment has been approved.
 Order confirmation: Once the payment has been approved, the online store confirms the
FO

customer’s order and sends a confirmation message to the customer.


 Settlement: The payment processor settles the payment with the merchant’s bank account,
usually within a few business days.
 Payment reconciliation: The online store reconciles the payment with the order and ensures
that the payment matches the order amount.
T
O
N
22.Describe settlement process for ecommerce transactions.

Answer: The payment settlement process is as follows:

 The customer initiates a debit or credit card transaction for a certain amount.
 The issuing and acquiring bank communicate immediately via the merchant’s payment
gateway.
 After the details checking the issuing bank can approve the transaction and instruct the
merchant to authorize the payment
 The customer may now receive confirmation that their payment has been successful.
 The settlement period largely consists of clearing this communication is conducted through a

LE
payment network, which facilitates the exchange of transaction data.
 Funds can be transferred in a number of ways, including electronically, by wire transfer, or
through the Automated Clearing House (ACH).

SA
 Once the funds have been deducted from the customer and arrive in the merchant’s account,
the payment has been settled.
R
FO
T
O
N
23.What is a computer? Who is the father of computer? Describe different generation
of computers. Different types of computer are Analog, Digital and Hybrid. Describe
each of them.

Answer: A computer is a device that accepts information and manipulates it for some result based on
a program, software, or sequence of instructions on how the data is to be processed.

 Father of Computer: Charles Babbage (1792 – 1871), a mathematician of England,


developed Difference Engine in 1821. In 1833, he started developing another counting
machine in the name of “Analytical Engine”, but could not complete before his death. Design
of his Analytical Engine is the basis of modern Computer. This is why Charles Babbage is
terms as the “Father of Computer”.

LE
 Generations of Computer:
 1st Generation (1951 – 1958): Characteristics: Use of Vacuum Tube or Vacuum Valve,
Big in size, Capability to store program and information, Use of Magnetic Drum, Punch
Card and Magnetic tape. Example: ENIAC, MARK, IBM-650.

SA
 2nd Generation (1958 – 1965): Characteristics: Use of IC (Integrated Circuit), Use of
transistor instead of Vacuum Tube, Small in size, introduction of ACCII code, development
of high-level language like COBOL, FORTRAN and ALGOL. Example: IBM-1620, CDC-
1604, NCR-300.
R
 3rd Generation (1965 – 1971): Characteristics: Introduction of Mouse as input device,
Small in size, reduction of price, Introduction of VDO unit and Printer as output device,
FO

use of secondary memory, invention of BASIC language, word processing and other
applications. Example: IBM-370, PDP-II.

 4th Generation (1971 – to date): Characteristics: Invention and use of Microprocessor,


Semi-Conductor memory, ROM, RAM, PROM, EPROM, Higher capacity of storing
information, Development of operating systems like DOS, MAC, Windows and Unix,
T

development of various application software and programming languages, development of


O

Super Computer, Laptop, Notebook, Desktop and Personal Computers. Example: PC,
Sever and Laptop of various brands such as IBM, Compaq, HP, Sun, Dell, ACER.
N

 Types of Computer:
 Analog Computer is used for special purposes such as measuring pressure and
temperature, supply of petrol in petrol pumps and determining price, and controlling
speed of a vehicle or Airplane.

 Digital Computer works in line with the principles of mathematics. It works using
binary systems, i.e., using 1 and 0. The Computers we use at home and office are all
Digital computers.

 Hybrid Computer collects data from various systems using analog process, but
processes the data in digital system.
24.Based on size & capacity, computer can be divided into Super, Mainframe, Mini
and Microcomputers. What are the differences among them?

Answer:

LE
SA
R
25.Why micro computers are also called as PC?
FO

Answer: Microcomputers are very small, cheap and widely used computer. As microprocessor is used
in this type of computers, they are termed as Microcomputer. Only one person can work at a time in a
Microcomputer. For this they are also known as Personal Computer or PC.

26. Name five input devices and 3 output devices. Describe printer, keyboard and
T

mouse.
O

Input Device Output Device


Answer:
 Keyboard,  Monitor,
N

 Mouse,  Printer,
 Joystick,  Speaker and
 Scanner,  Plotter
 Digital
 Camera,
 Microphone

 Printer: The output of a computer is printed on paper using a device called Printer. Printer is
connected to the computer’s system board using a data cable. Power is supplied to the printer
using another cable. Printer is of two types – Dot Matrix Printer and Laser Printer.
 Keyboard: A Keyboard is a device that contains 104 to 110 number of keys. These keys are
used for typing letters and digits and providing instructions to the computer. A keyboard is
connected to the motherboard of a computer using a cable.

 Mouse: A Mouse is a device used as alternative or associated equipment for providing


instruction to the computer having windows or Macintosh operating system in it. The mouse
has 2 or 3 buttons.

27.Differentiate between a dot matrix and a laser printer.

Answer:

LE
SA
R
FO
T

28.What stand for CPU? What is its use in computer?


O

Answer:

 CPU: The devices used for processing of supplied information, data and instructions in a
N

computer are called Processing Devices. CPU or Central Processing Unit is a processing device
used in computer. It performs all the processing activities of a computer. CUP is like the brain
of human being. The speed and capacity of processing of a computer depends on its CPU.

 The functionalities of a CPU are stated below:

 CPU sends controlling and time determining signals to all parts of the computer.
 Send and receive data between memory and input/output devices.
 Receive data and instructions from memory.
 Decode the instructions.
 Perform mathematical and logical activities.
 Run program from computer memory.
 Coordinate between input and output devices.
29.What is Memory? Describe the characteristics of each memory.
Answer: Memory devices are the devices where the computer temporarily or permanently stores the
data before, during and after processing. The memory devices can be categorized into 3 groups:

 Primary or Main memory


 Characteristics:
 The computer can’t run without primary memory
 It is known as the main memory.
 You can lose data in case power is switched off
 It is also known as volatile memory
 It is a working memory of the computer.
 Primary memory is faster compares to secondary memory.

LE
 Types of Primary Memory:
 RAM (Random Access Memory)
 Characteristics:
 RAM is volatile in nature

SA
 It is a read-write memory
 During processing the information stay in RAM
 If power fails, all the information removes from the RAM.

 ROM (Read Only Memory)


 Characteristics:
R
 ROM is a permanent main memory.
 The information in the ROM can only be read, can’t be modified.
FO

 Required programs for startup are permanently stored in ROM


 If power fails, the information at ROM does not vanish.

 Cache memory &


 Characteristics:
 Cache memory is faster than main memory.
T

 It consumes less access time as compared to main memory.


 It stores the program that can be executed within a short period of time.
O

 Cache memory has limited capacity.


 It stores data for temporary use.
N

 Secondary or Auxiliary memory.


 Characteristics:
 These are magnetic and optical memories
 Secondary memory is known as a backup memory
 It is a non-volatile type of memory
 Data is stored permanently
 It helps store data in a computer
 The machine can run without secondary memory
 Slower than primary memory
30.What are CISC and RISC processor? Which processor is used in a high-end IBM
server?
Answer:

 CISC: CISC or Complex Instruction Set Computer is a microprocessor which uses microcode.

 RISC: RISC or Reduced Instruction Set Computer is a microprocessor in which less number
of instructions sets are used. It is not software based, rather hardware based and as such faster
than the CISC processor.

 RISC processor is used in a high-end IBM server

31.What are differences among Floppy disk, Hard disk, CD and Pen drive?

LE
Answer:

FLOPPY DISK HARD DISK CD PEN DRIVE

SA
Flash drives have
Storage capacity is very Storage capacity is low smaller memory
Storage capacity is low.
high. but more than floppy. capacity than hard
drives.
Stores data at high Stores data at low speed Flash drives are faster as
Stores data at low speed.
speed. but faster than floppy. compared to hard drives.
R
Data access relatively
Data access relatively Retrieves data at high Retrieves data as fast as
slow but faster than
slow. speed. hard disk
FO

floppy
It is easily portable. It is not portable easily. It is easily portable. It is easily portable.
It is light weight. Weight is heavier It is light weight. It is light weight.
It is not as reliable as
It is not as reliable as
It is reliable. hard disk but much It is reliable.
hard disk.
better than floppy
Main storage device of
T

Auxiliary memory Auxiliary memory Auxiliary memory


computer.
O

32.What is a mother board?


Answer: A printed circuit board containing the principal components of a computer or other device,
N

with connectors for other circuit boards to be slotted into. A motherboard, also known as a
"mainboard" or "logic board," is the primary circuit board in a computer that connects and controls
the rest of its components. Every other piece of hardware in a computer ultimately connects to the
motherboard, which serves as a hub that provides a path for the components to communicate with each
other.

33.Why an UPS is used with a computer?


Answer: UPS stands for Uninterrupted Power Supply. UPS is an electrical apparatus that provides
emergency power to a computer when the input power source fails, thus protect Computer from sudden
shutdown.
34.What are the differences between a system software and application software?
Answer:

LE
SA
R
FO
T
O
N
35.What are the functionalities of an operating system?
Answer: An operating system (OS) is system software that manages computer hardware and software
resources, and provides common services for computer programs. The functionalities of an Operating
System are as mentioned below:
 To make the computer active and usable
 To communicate between hardware and application software
 To accept and execute the instruction of a user
 To fetch a program into the main memory and process it
 To control the activities like writing, storing and reading data to/from Disk.

36.Why a database is used along with a program?


Answer: Databases complement programs by providing a reliable and efficient means to store,

LE
retrieve, manage, and secure data. They are essential for many software applications, ranging from
small desktop applications to large-scale web services and enterprise systems. The choice of a
particular database system depends on factors like data volume, complexity, scalability requirements,
and the specific needs of the program or application.

SA
37.Describe the following: a) DBA, b) Backup c) Database Management System
Answer:

 Database Management System: A database management system (or DBMS) is essentially


R
nothing more than a computerized data-keeping system. It is a medium that allows
programmers, database administrators (DBAs), software applications and end users to store,
organize, access, query and manipulate data in a database.
FO

 Database Administrator (DBA): A database administrator, frequently known just by the


acronym DBA, is a role usually within the Information Technology department, charged with
the creation, maintenance, backups, querying, tuning, user rights assignment and security of
an organization’s databases.
 Backup: Backup refers to the process of making copies of data or data files to use in the event
the original data or data files are lost or destroyed.
T

38.Define the followings: a) Internet, b) IP, c) DNS, d) Hyperlink, e) URL, f) e-mail


O

Answer:
 Internet: A global computer network providing a variety of information and communication
N

facilities, consisting of interconnected networks using standardized communication protocols.


 IP: Internet Protocol as known as IP is a set of rules governing the format of data sent over the
internet or other network.
 DNS: DNS or the Domain Name System is a hierarchical and distributed naming system for
computers, services, and other resources in the Internet or other Internet Protocol networks.
 Hyperlink: It is a link from a hypertext document to another location, activated by clicking on
a highlighted word or image.
 URL: A Uniform Resource Locator, colloquially known as an address on the Web, is a
reference to a resource that specifies its location on a computer network and a mechanism for
retrieving it.
 E-mail: It means messages distributed by electronic means from one computer user to one or
more recipients via a network.
39. Identify differences between IPv4 and IPv6?

Answer:

LE
SA
R
FO
T
O
N
40. What is World Wide Web? What is the basic difference between www and Internet?
Answer:

WWW: The World Wide Web, commonly known as the Web, is an information system that enables
information sharing over the Internet through user-friendly ways meant to appeal to users beyond IT
specialists and hobbyists.

The Difference between Internet and WWW is that the pages you see when you’re online on a device
are known as the World Wide Web, or web for short. On the other hand, the internet is the network of
connected computers that the web runs on, as well as the conduit through which emails and data move.

LE
41. Describe the objective of ICT policy in Bangladesh.

Answer:

SA
 OBJECTIVE:
 Develop an efficient ICT infrastructure that provides open access to international and
national network
 Promote and facilitate use of ICT in all sectors of the economy for transparency, good
R
governance and efficiency improvement;
FO

 Establish legislative and regulatory framework for ICT issues like IPR, data security
and protection, digital signature, e-Commerce, ICT education etc.
 To ensure quality ICT education provided by different private organizations
 Set up national databases that are reliable and easily accessible
T

 Promote use of ICT by providing special allocations for ICT project implementation in
the public sector.
O

 Train the decision makers in ICT use and promote an ICT culture.
 Develop a large pool of world class ICT professionals to meet the needs of local and
N

global markets
 Set up a very high quality ICT institution to continuously promote and foster ICT
Industry
 Enact Laws and Regulations for uninterrupted growth of ICT, in conformity with
World Trade Organization (WTO) stipulations.
42. Define Programming Language with examples. Describe types of Programming
Language.

Answer: A programming language is a set of instructions written by a programmer to deliver


instructions to the computer to perform and accomplish a specific task. It’s used to write software
programs and applications, and to control and manipulate computer systems. Examples of popular
programming languages include Python, Java, C++, JavaScript, Visual Basic, dot (.)Net, HTML and
Ruby.

 The programming languages can be divided into three types:

 Low-Level Languages: Low-Level languages are languages where the computer


programs are written using machine code (binary or hexadecimal codes) or mnemonic

LE
code. Basically two types:

 Machine Language: Machine code, also known as machine language, is the


elemental language of computers.

SA
 Assembly Language: An assembly language is a type of low-level
programming language that is intended to communicate directly with a
computer's hardware.

 High-Level Languages: A high-level programming language is a programming


R
language with strong abstraction from the details of the computer. The following are
the example of high level languages:
FO

 COBOL (Common Business Oriented Language)


 BASIC (Beginners All-purpose Symbolic Instruction Code)
 FORTRAN (Formula Translator)
 C
T

 PASCAL
O

 Object Oriented Languages: Object-oriented language (OOL) is a high-level


computer programming language that implements objects and their associated
procedures within the programming context to create software programs. An OOP has
N

the following three characteristics:

 POLYMORPHISM: Polymorphism means different objects respond


distinctively to the same message.

 INHERITANCE: Inheritance means that the language gives us the ability to


extend or enhance existing objects.

 ENCAPSULATION: Encapsulation means that the data and instructions for


variables are wrapped up together and treated as a unit.
SHORT NOTE
SMS BANKING
SMS banking' is a form of mobile banking. It is a facility used by some banks or other financial institutions
to send messages to customers' mobile phones using SMS messaging, or a service provided by them which
enables customers to perform some financial transactions using SMS. SMS banking is a way of performing
some banking activities by a customer himself by sending SMS from his mobile phone. It allow clients to
Check account balance, Obtaining a mini statement of his account, Payment of utility bill, Payment of bill

LE
against purchase of goods and services, Mobile top up, Fund transfer, Change PIN etc.

ALERT BANKING
Alert Banking is a system which sends a SMS to the customer when a debit or credit transaction occurs in the

SA
customer’s account. For example if the monthly salary of a customer is deposited into his account, system
will generate a SMS as under and send to the customer’s mobile registered for this service. Alert Banking
useful for the customers as he can come to know about any fraudulent activity in his account instantly and
can undertake immediate measures. To setup an alert against an account, the bank needs to know the following
from a customer:
R
 Mobile number of the customer
 Account number of the customer
FO

 Debit amount.
 Credit amount.

Interactive Voice Response (IVR)


IVR or Interactive Voice Response is an automated system where a customer can call from his land phone or
T

mobile phone and interact with the machine pressing digits to perform some banking services. These services
O

may include obtaining information such as balance inquiry or do transactions such as fund transfer and
activate/deactivate a debit, credit or prepaid card.
N

M‐COMMERCE
Mobile commerce refers to business or purchases that are conducted over mobile devices like cell phones or
tablets. Mobile commerce is a large subset of electronic commerce, a model where firms or individuals
conduct business over the Internet. M-commerce specifically refers to transactions done via a smartphone or
mobile device. M-commerce users can transact anywhere provided that there's a wireless Internet provider
available in that area. M-commerce apps allow for location tracking via GPS to offer customers help finding
items in stores. Personalized shopping experiences can also connect retailers with their clients.
AGENT BANKING
An agent bank is a financial institution that acts on behalf of other banks, typically in a correspondent banking
relationship. In this role, the agent bank purpose is to provide various services to the correspondent bank, such
as facilitating wire transfers, processing payments, and providing account management services.

 Benefits:
 Access to Expertise: Typically have specialized knowledge and expertise in particular
markets or financial services.
 Increased Efficiency: Can outsource payment processing and account management,
which can increase efficiency and reduce costs.

LE
 Risk Management: It can play a critical role in risk management for their clients.
 Market Access: Such banks can provide banks with access to new markets and
geographies.

SA
 Customization: It can often provide customized solutions to meet the unique needs of
its clients.
 Disadvantages:
 Loss of Control: More difficult for the bank oversee its function directly.
R
 Additional Costs: Using an agent bank typically involves additional costs, such as
FO

service fees.
 Reputation Risk: If the agent bank does not meet the bank’s standards for rules, ethics,
or customer service then main bank could fall into reputation risk.
 Communication Challenges: Difficult working with a bank in a different country or
time zone.
T

 Lack of Flexibility: Processes and procedures may not be flexible enough for client.
O

HYPERTEXT
N

Hypertext is text displayed on a computer or other electronic device with references (hyperlinks) to other text
that the reader can immediately access, usually by a mouse click or keypress sequence. Apart from running
text, hypertext may contain tables, images and other presentational devices. Hypertext is the underlying
concept defining the structure of the World Wide Web, making it an easy-to-use and flexible format to share
information over the Internet.
Review Questions

1. Multiple Choice Questions (MCQ)

i) Which computer was made of Vacuum tube?


a) IBM b) ENIAC c) NCR d) ABC

ii) Which computer was made of Valve?


a) IBM b) ENIAC c) NCR d) ABC

iii) What was the weight of ENIAC computer?


a) 3 tons b) 30 tons c) 3 kg d) 30 kg

LE
iv) The first computer in Bangladesh

- was installed in which year of


a) 1971 b) 1961 c) 1964 d) 1984

SA
- was installed by
a) BUET b) Bangladesh Atomic Energy Commission

c) Bureau of Statistics d) Agrani Bank


R
- was a type of the computer
a) Super Computer b) Mainframe c) Micro Computer d) PC
FO

v) Which of the following is not an application software?


a) MS Word b) Excel c) Windows d) Firefox

vi) Banking software is a/an


a) Operating System b) Database
c) Application software d) Programming language.
T

vii) Which one is an Object Oriented Program Language?


O

a) Java b) Basic c) Fortran d) Cobol

viii) Internet uses a standard internet protocol suite called


N

a) www b) TCP/IP c) WAN d) Fiber Optic

ix) Which one is not an electronic banking system:


a) ATM b) Internet Banking c) POS terminal d) Cash Counter

x) Which functionality is not available in an Internet Banking System?


a) Cash withdrawal b) Balance Check c) Fund transfer d) Pay Utility Bills
xi) Which of the following is not an input device of a computer?
a) Keyboard b) Scanner c) RAM d) Microphone

xii) Which of the following is not an input device of a computer?


a) Monitor b) Speaker c) Printer d) Scanner

xiii) Which of the following is not a programming language?


a) Java b) C++ c) BASIC d) Excel

2. Fill in the gap:

i) Microcomputer was developed in 1971 using MSC-4 microprocessor.

LE
ii) Operating systems were first developed in 1960 for the Mainframe Computer.

iii) Internet started in 1960 as research work and become International Network in mid 1990.

SA
iv) ATM is used mainly for withdrawal of cash by a bank customer using his debit, credit or
Prepaid card.

v) ATM is supplied with a device for reading a card and a display monitor and a keyboard
R
for interaction with the cardholder.

vi) MFS is a banking system for unbanked populations.


FO

vii) P2P stands for person to person.

viii) MFS was started in Bangladesh in the year of 2011.

ix) Buying and selling of goods and services over Internet is called e-commerce.
T

x) Charles Babbage is called the father of computer.


O

xi) First electronic computer produced commercially was developed in the year of 1954.
N

xii) Bangladesh Atomic Energy Commission installed first computer in Bangladesh in the year
of 1964.

xiii) Three types of computer are: Analog computer, digital computer and Hybrid
computer.

ix) Based on the size and capacity, computer can be divided into four types such as Super
computer, Mainframe computer, Mini computer and micro computer.

x) WWW stands for World Wide Web.


LE
Data Center (DC), Near DC,
Disaster Recovery Site (DRS),
Data Center Standards and
Certifications, Computer

SA
Networking, IT Systems,
Storage, Database and backup
systems for ICT in FIs,
Computerization approaches,
Various Software Systems Like
R
Core Banking, Switching,
Credit Card, Payment
FO

Gateway, Mobile Financial


System and Agent Banking
Software.
T
O
N
1. What is a Data Center? What are the basic requirements of each Tier Data Center?
Answer: A data center is a facility used to house computer systems and associated components, such
as telecommunications and storage systems. It generally includes redundant or backup power supplies,
redundant data communications connections, environmental controls and security devices.

TIER 1
• Single non‐redundant distribution path serving the IT equipments
• Non‐redundant capacity components
• Basic site infrastructure guaranteeing 99.671% availability

LE
TIER 2
• Fulfils all Tier 1 requirements

SA
• Redundant site infrastructure capacity components guaranteeing 99.741%
availability
R
TIER 3
•Fulfils all Tier 1 & Tier 2 requirements
•Multiple independent distribution paths serving the IT equipments
FO

•All IT equipments must be dual‐powered and fully compatible with the topology of a
site's architecture
•Concurrently maintainable site infrastructure guaranteeing 99.982% availability

TIER 4
T

• Fulfils all Tier 1, Tier 2 and Tier 3 requirements


O

• All cooling equipment is independently dual‐powered, including chillers and


Heating, Ventilating and Air Conditioning (HVAC) systems
• Fault tolerant site infrastructure with electrical power storage and distribution
N

facilities guaranteeing 99.995% availability

2. Why near Data Center is important for FIs?


Answer: Near data center is created identical to the main data center within the city. The main data
center and the near data center are sometimes refers as DC1 and DC2. All the resources of both the
data centers are utilized simultaneously at 50-50 load. Near data center is important because if the
main data center falls down for any reason near data center or DC2 will run the operation without any
interruption.
3. Why FIs setup DRS? What points need to be considered during selection of distance
between a DC and a DRS?
Answer:

 Disaster Recovery Site (DRS): It is a failsafe for the original data center. DRS stored all the
backup data form the main data center. If any natural or human-induced disaster happens to
the main DC, Disaster Recovery Site will take the place as main DC and runs operation without
any interruption.
 DRS should have capability to become primary site automatically
 If long distance is chosen,
 Problem related to manageability

LE
 Availability of dark fiber
 Availability of required latency
 Sync replication may not be possible.
 If short distance (at least 20 km) is chosen, the disaster like earthquake, hurricane may

SA
destroy both the site.
4. Narrate advantage and disadvantages of Tier-1, Tier-2, Tier-3 and Tier-4 data
centers.
Answer:
R
PARAMETERS TIER 1 TIER 2 TIER 3 TIER 4
Uptime guarantee 99.67% 99.74% 99.98% 100.00%
FO

Downtime per <22


<28.8 hours <1.6 hours <26.3 minutes
year hours
Government
Small companies and Growing
entities and
Typical customer start-ups with simple SMBs and large
large
requirements businesses
enterprises
T

Staffing None 1 shift 1+ shift 24/7/365


O

5. What is LAN and WAN? Why it is needed in a LAN? Name 3 LAN and 3 WAN
communication media. Mention a few of the differences between LAN and WAN?
N

Answer:

 LAN: A local area network (LAN) is a collection of devices connected together in one physical
location, such as a building, office, or home. LAN connects more than one computer and is
useful for sharing resources like files, printers, games or other applications.
 LAN Communication Media:
 twisted- pair wire
 coaxial cable
 fiber optic cable
 wireless media
 WAN: A wide-area network (WAN) is a collection of local-area networks (LANs) or other
networks that communicate with one another. A WAN is essentially a network of networks,
with the Internet the world’s largest WAN.
 WAN Communication Media:
 Land Lines
 Microwave
 Satellites
 Differences between LAN and WAN:

LE
SA
R
FO
T

6. Describe advantages and disadvantages between the following data transmission


O

media for a WAN of a Bank: Land Line, Microwave and Satellites.


N

Answer:

 WAN of a Bank: Land Line:


TYPE ADVANTAGES DISADVANTAGES
Unshielded Twisted Less expensive, Attenuation leads to short-distance
Pair Easy to install, communication,
High speed Susceptible to external interference

Shielded Twisted Reduced crosstalk, Bulky and expensive,


Pair Faster than UTP Difficult to install
Optical Fiber Cable Increased bandwidth, High-cost, Fragile
Immunity to interference
 Microwave:

TYPE ADVANTAGES DISADVANTAGES


Radio Easy to generate, More interference
Can penetrate obstacles
 Satellites:

TYPE ADVANTAGES DISADVANTAGES


VSAT Can cover a long distance More interference
Very Small Aperture Terminal Can penetrate obstacles Small bandwidth

7. Why Firewall is installed in the networking system of a bank?


Answer: A firewall is a part of computer system or network that is designed to block unauthorized

LE
access while permitting authorized communications. Firewalls are frequently used to prevent
unauthorized Internet users from accessing private networks connected to the Internet. The following
points listed below are the most relevant in explaining the importance of firewalls is as follows:

 Source or destination-based blocking of incoming network traffic

SA
 Outgoing network traffic can be blocked based on the source or destination
 Block network traffic based on content
 Report on network traffic and firewall activities
 Stops Virus Attacks and spyware
 Preventing Hacks
R
 Promotes Privacy
8. Why DMZ needed to be established in the network system of a bank?
FO

Answer: DMZ's are an essential part of network protection for both individual users and large
organizations. They provides an extra layer of security to the computer network by restricting remote
access to internal servers and information, which can be very damaging if breached.

9. Narrate functions of a branch server, application server and database server.


T

Answer:
O

 BRANCH SERVER:
 Branch server facilitates access to the central application servers for executing
N

transactions online real-time basis


 Branch server can perform offline activities to reduce the bandwidth requirement.
 Branch server can temporary store offline transactions data
 Can store resource full data like signature and photograph for smooth and fast
transaction
 APPLICATION SERVER:
 Ensure efficient and secure platform for the execution of applications.
 Managing Application Lifecycle like deployment, configuration, and monitoring.
 Resource Pooling and Scalability, so that applications can efficiently utilize shared
resources.
 Security and Authentication
 Connection and Session Management
 Integration With Enterprise Systems
 DATABASE SERVER:
 Dealing with large amounts of data regularly.
 Managing the recovery and security of the DBMS.
 Providing concurrent access control.
 Storing applications and non-database files.

10. What is the 3-tier architecture of computer programming?


Answer: Three-tier architecture is a well-established software application architecture that organizes
applications into three logical and physical computing tiers: the presentation tier, or user interface; the
application tier, where data is processed; and the data tier, where the data associated with the
application is stored and managed.

11. What is RAID? Why RAID is used in banking system? What are the differences

LE
between a RAID level 0 and 1? What do you mean by RAID level 0+1?
Answer: RAID stands for Redundant Array of Independent (or inexpensive) Disks is a technique that
makes use of a combination of multiple disks instead of using a single disk for increased performance,

SA
data redundancy, or both. RAID is a technology used for hard drives of Computer Servers to provide
data reliability and increase input/output performance.

 IMPORTANCE OF RAID IN BANKING SYSTEM: RAID is used in banking systems to


provide a combination of data protection, fault tolerance, high availability, and data integrity.
R
These features are crucial for maintaining the trust of customers and regulators and for ensuring
the continuous operation of critical financial services. Different RAID levels are chosen based
FO

on the specific needs and priorities of a particular banking system.

 RAID LEVEL:
 Level 0 -- Striped Disk Array without Fault Tolerance
 Level 1 -- Mirroring and Duplexing
 Level 2 -- Error-Correcting Coding
T

 Level 3 -- Bit-Interleaved Parity


 Level 4 -- Dedicated Parity Drive
O

 Level 5 -- Block Interleaved Distributed Parity


 Level 6 -- Independent Data Disks with Double Parity
N

 Level 0+1 -- A Mirror of Stripes

 RAID LEVEL 0 AND 1 DIFFERENCES: RAID stands for Redundant Array of Independent
Disk, is the technique used for disk organization for reliability and performance. Both RAID
0 stands for Redundant Array of Independent Disk level 0 and RAID 1 stands for Redundant
Array of Independent Disk level 1 are the categories of RAID. The main difference between
the RAID 0 and RAID 1 is that, In RAID 0 technology, Disk stripping is used. On the other
hand, in RAID 1 technology, Disk mirroring is used.

 RAID LEVEL 0+1(A MIRROR OF STRIPES): It’s also known as hybrid RAID. Which
means it is a combination of two different RAID levels, level 1 mirroring and level 0 striping.
It uses logical mirroring to write the same data on two or more drives to provide redundancy.
If one disk fails, there is a mirrored image of the data stored on another disk.
12. What do you mean by computer clustering? Why clustering is used in a computer
system of a bank?
Answer: A cluster is a group of computers that are connected with each other and operate closely to
act as a single computer. Based on the purpose of making a cluster between two computers, the
clustering can be of the following types:

 HIGH-AVAILABILITY (HA) CLUSTERS: Also called active-passive cluster are groups


of computers that support server applications that can be reliably utilized with a minimum
amount of down-time.
 LOAD-BALANCING CLUSTERS: Load balancing refers to efficiently distributing
incoming network traffic across a group of backend servers, also known as a server farm or
server pool.

LE
 IMPORTANCE OF CLUSTERING:
 Increased resource availability: If one Intelligence Server in a cluster fails, the other
Intelligence Servers in the cluster can pick up the workload.

SA
 Strategic resource usage: You can distribute projects across nodes in whatever
configuration you prefer.
 Increased performance: Multiple machines provide greater processing power.
 Greater scalability: As your user base grows and report complexity increases, your
resources can grow.
R
 Simplified management: Clustering simplifies the management of large or rapidly
growing systems.
FO

Server clustering is a critical component of the IT infrastructure in banks and financial institutions. It
ensures that essential services remain available, even in the face of hardware failures or disasters, and
allows banks to maintain the trust and confidence of their customers while meeting regulatory
requirements.

13. Define replication with an example.


T

Answer: Replication is a set of technologies for copying and distributing data and database objects
O

from one database to another and then synchronizing between databases to maintain consistency.
Using replication, data can be copied to a remote location normally from Data Center to DRS using a
N

high speed link. Replication can be asynchronous (Async) or synchronous (Sync).

 ASYNC REPLICATION:
 Data is transferred from DC to DRS
 Time interval say 5 minutes
 Uses fiber optic connectivity

 SYNC REPLICATION:
 Data recorded simultaneously at DC and DRS
 A dark fiber is required
14. What is dark fiber cable and where is used in a banking system?
Answer: A dark fiber is a dedicated direct fiber optic link between two points, normally used for
replication of data between DC and DRS. Dark fibers are not shared, and routers are not connected at
two ends of the fiber cable. Their bandwidth very high and speed of transmission of data is very fast.

Banks rely heavily on data centers for secure storage and processing of financial data. Dark fiber can
provide a high-bandwidth connection between a bank's data centers and branch offices, improving
data transfer speeds and redundancy.

15. Why a banking system uses external storage instead of an internal storage for storage
of its data?

LE
Answer: The use of external storage instead of an internal storage in banking systems is driven by the
need for scalability, redundancy, performance, security, compliance, and cost efficiency. These
storage solutions are an integral part of the IT infrastructure that supports the critical functions of
banks and helps them manage and protect their vast volumes of financial data.

SA
16. Define SAN switch.
Answer: A storage area network (SAN) switch is a device that connects servers and shared pools of
storage devices and is dedicated to moving storage traffic. It connects storage devices like disk arrays
and backup devices to servers. It is mainly designed to provide efficient storage and retrieval of
R
information.
FO

17. What are the three type’s database backup? Explain each of them. Why database
backup is important in banking? Which one is suitable for your bank/FI?
Answer: A data backup is a copy of computer data taken and stored elsewhere so that it may be used
to restore the original after a data loss event. Database backup is a way to protect and restore a database.
Data backup types are as follows:
T

 FULL BACK UP: The most basic and complete type of backup operation is a full backup.
O

This type of backup makes a copy of all data to a storage device, such as a disk or tape.
 INCREMENTAL BACKUPS: An incremental backup operation will result in copying only
N

the data that has changed since the last backup operation of any type.
 DIFFERENTIAL BACKUPS: A differential backup operation is similar to an incremental
the first time it is performed, in that it will copy all data changed from the previous backup.

IMPORTANCE OF DATABASE BACKUP:


 To protect against cyber attacks
 To save money
 To reduce outages or downtime
 For maintaining a trusted relationship with customers
In my opinion data base full back up is suitable for my bank. In banking industries each and every data plays
a vital role. So for smooth and flawless transaction and all collected data will be needed and full back up will
help to do so.
18. What do you mean by Alternative Delivery Channel?
Answer: E-banking covers different electronic banking channels like ATM, POS, Internet Banking,
SMS and Alert Banking, e-commerce, m-commerce and Call Center. These electronic channels are
also collectively called as Alternative Delivery Channels.

19. Mention some disadvantages of a standalone approach of bank automation.


Answer: The big disadvantage of the standalone system is that it could not be used for the large branch
where number of transaction is huge. Another disadvantage is the absence of all banking
functionalities in the system.

20. Narrate history of online banking in Bangladesh.

LE
Answer: Online banking in Bangladesh first started in the early 2000s and ever since it is rapidly being
integrated into the banking industry. The Bangladesh Bank, the central bank of Bangladesh, introduced
Electronic Fund Transfer (EFT) between banks in 2006. The 2010s saw a significant expansion of

SA
online banking services in Bangladesh. Banks in the country began to invest in modernizing their
technology infrastructure to offer a wider range of online services. The introduction of mobile banking
services played a crucial role in making banking more accessible to people across the country,
especially in rural areas. Services like bKash, Rocket, and NAGAD became popular and allowed
customers to perform various financial transactions using their mobile phones. Online banking is a
well-established part of the financial landscape in Bangladesh, with numerous banks offering a wide
R
range of digital services. However, there is ongoing development and expansion as the country's
financial sector embraces digital transformation to meet the needs of its growing population and
FO

economy.

21. Mention 3 functions of each of the following software: a) Core Banking Software, b)
Switching Software, c) Credit Card Software, d) Payment Gateway Software.
Answer:
T
O

•Maintaining a ledger of various transactions


Core Banking •Keeping customer information
Software •Interest calculation of loans and deposits
N

•Production of Debit Cards


Switching •Pre-authorization of on-us debit card transactions
Software •Routing of on-us and remote on-us transactions to Core Banking System

•Production of Credit Cards


Credit Card •Pre-authorization of on-us credit card transactions
Software •Authorization of the on-us and remote on-us credit card transactions

Payment •Encryption of payment and personal data.


Gateway •Communication between the bank, the business and the customer.
Software •Authorization of payments.
22. Why each of the following software are used in Banks? - a) Core Banking Software,
b) Switching Software, c) Credit Card Software, d) Payment Gateway Software.
Answer:

• Bank use Core Banking Software to maintaining a ledger of various transactions, keeping
customer information, interest calculation of loans and deposits, adjustments to accounts on
withdrawal and deposits of funds etc. CBS has facilitated better operational efficiency by
ensuring improved house keeping and preventing seepage of income. Inter branch
Core Banking reconciliation has become faster and accurate. The greatest advantage of having a Core
Software Bank System is that introduction of new facilities and products wouldn't be a time-
consuming process, and branch clearings would become instantaneous.

LE
• A Switching Software is an ATM/POS transaction processing and management system
which is used for the Production of Debit Cards, Pre-authorization of on-us debit or remote
on-us debit card transactions, Routing of on-us and remote on-us transactions to Core
Switching Banking System, Fraud management, Health monitoring of all the connected ATM and POS

SA
Software terminals, Settlement and reconciliation etc.

• A Credit Card Software is a Credit Card transaction processing and management system
which is used for Production of Credit Cards, Pre-authorization of on-us credit or remote
R
on-us credit card transactions, Authorization of the on-us and remote on-us credit card
Credit Card transactions, Routing of transactions made by cardholders of another bank Fraud
Software management, Settlement and reconciliation etc.
FO

• A payment gateway software is a software that helps in authorizing payments for e-


commerce transactions. It is equivalent of a physical POS terminal located in most retail
outlets. Some of the main features of a payment gateway are Encryption of payment and
T

Payment personal data, Communication between the financial institutions involved and the business
Gateway and the customer, Authorization of payments
Software
O
N

23. What are the main features of a Payment Gateway Software?


Answer: A payment gateway software is a software that helps in authorizing payments for e-
commerce transactions. It is equivalent of a physical POS terminal located in most retail outlets. Some
of the main features of a payment gateway include:

 Software application designed especially for ecommerce, although it can be used to authorize
payments in traditional brick and mortar businesses.
 Encryption of payment and personal data.
 Communication between the financial institutions involved and the business and the customer.
 Authorization of payments.
24. What are the differences between Mobile Financial System (MFS) and Core Banking
System (CBS)?
Answer:

ITEMS CORE BANKING SYSTEM MOBILE FINANCIAL SYSTEM


Conventional bank account
Account Number Mobile number + a check digit (optional)
number (with one check digit)
Input of mobile number by agent, data entry
Customer
By bank officer at branch by bank/3rd party, and authorization
registration
by bank officer after verifying KYC.
Communication WAN (Fiber Optic, Radio Mobile network (SMS/USSD) and/or

LE
media Link, VSAT etc.) WAN/internet
Posting device Computer Mobile Phone and/or Computer
Cash-in By bank’s Teller at branch By bank’s Teller at branch and by Agent
By bank’s Teller at branch By bank’s Teller at branch, by Agent and

SA
Cash-out
and at ATM at ATM
No of transactions
A few Huge
in a period
Amount per
Large Small
transaction
R
Customer reach Around the branch Through-out the country
FO

25. What services are available in Agent Banking System?


Answer: Agent Banking Software is an application used by banks to open accounts for consumer,
agents and merchants; authorize and record cash-in, cash-out, fund transfer, bill payment, salary
disbursement, ATM, e-Com transactions. Through this software facilitate almost all the services are
provided mainly by the bank nominated agent outlets. The agent banking customers can also avail
T

specific services from the bank branch.


O

26. Name 5 (five) Agent Banking Software available in Bangladesh.


Answer:
N

Era-InfoTech Integrated Agent Banking mFino, Celloscope, Flora Systems,


Solution (IABS) India Bangladesh Bangladesh

27. What menu a customer gets to operate Agent Banking?


Answer: In Agents Biometric POS or Desktop Application, the following menu can be found:

Customer Registration Bill Payment


Cash-in Balance Check
Cash-out Statement Check
Fund Transfer
28. What are the differences between a Core Banking and Agent Banking System?
Answer:

ITEMS AGENT BANKING SYSTEM CORE BANKING


SYSTEM
Account Conventional bank account number Conventional bank account
Number (with one check digit) number (with one check digit)
Customer  Input by agents through POS By bank officer at branch
registration Device/ Desktop Application,
 KYC entry by Agent/Teller,
 Authorization by bank officer in
Agent Banking Office after
verifying KYC.

LE
Communication  For POS: Protected Mobile Data WAN (Fiber Optic, Radio
media  For Desktop App: Internet with Link, VSAT etc.)
secured VPN

SA
Posting device  Biometric POS Computer
 PC / Laptop
Cash-in  By bank’s Teller at branch By bank’s Teller at branch
 At Agent Outlet
Cash-out  By Bank’s Teller at branch  By bank’s Teller at
R
 At Agent Outlet branch
 At ATM  ATM
No of Huge A few
FO

transactions in a
period
Amount per Medium Large amount
transaction
Customer reach Through-out the country Around the branch
T

29. List special devices required for Agent Banking operation.


O

Answer:
N

DEVICE DESCRIPTION MANUFACTURED


BY
Biometric POS This is a POS device with inbuilt Fingerprint  Verifone
Scanner module., called as Biometric POS.  Ingenico
 PAX

Fingerprint Scanner Fingerprint scanner devices are used along with  Secugen
computers for capturing fingerprints.  AbeTree
 Morpho
 Dermalog
30. What are the differences between a Mobile Banking System and Agent Banking
System?
Answer:

ITEMS AGENT BANKING SYSTEM MOBILE BANKING SYSTEM


Account Number Conventional bank account number Conventional bank account number
(with one check digit) (with one check digit)
Customer  Input by agents through POS By bank officer at branch
registration Device/ Desktop Application,
 KYC entry by Agent/Teller,
 Authorization by bank officer
in Agent Banking Office after

LE
verifying KYC.

Account Number Conventional bank account number Mobile number + a check digit
(with one check digit) (optional)

SA
Customer  Input by agents through  Input of mobile number
registration POS Device/ Desktop by agent,
Application  Data entry by bank/3rd party,
 KYC entry by Agent/Teller Authorization by bank officer
 Authorization by bank officer after verifying KYC.
R
in Agent Banking Office after
verifying KYC.
Communication  For POS: Protected Mobile network (SMS/USSD) and/or
FO

media Mobile Data WAN/internet


 For Desktop App:
Internet

31. What kind of application level securities to be incorporated in Agent Banking


System?
T

Answer:
O

 BIOMETRIC POS DEVICE:


N

 Registered Devices are blinded with specific users so that no other can access that device.
 All the requests and responses are transmitted with gateway in encrypted format.

 DESKTOP APPLICATION:
 New Device Registration Requests are initiated by an agent with authentication of PIN,
OTP to the registered mobile phone.
 Bank Admin needs to approve the newly added devices for further operation by users.
 Only the registered devices can be accessed by the mapped users after approval.
 All the requests and responses are transmitted with encryption.
 RSA Authentication is required at the time of user login.
32. What are the features of a software for Agent banking services?
Answer:

 REGISTRATION PROCESS:
 Registration of Super-Agent, Agent, DSR, Sub-Agents, FT officer, ROs and Teller
 Registration of New customers
 Linking of Core Banking Customers
 Biller Registration
 Change of Fingerprint
 Replacement of Agent/Sub-Agent

LE
 Agent Hierarchy Management

 SERVICES:
 Cash-In & Cash-Out

SA
 Utility Bill Payment
 Balance & Statement Check
 Fund Transfer
 ATM Transaction
R
 POS & e-COM Transaction
 Salary Upload
FO

 Loan Disbursement
 Fund Management by Agent Hierarchy
 Remittance through agent points and branches

 OTHER OPERATIONS:
T

 All transactions need to send confirmation message to the customer by SMS


O

 End of Day processing Distribution of Commission to Agent Hierarchy


 Payment of “Commission on Float” to Agent & Sub Agent
N

 Service Charge, Interest & Limits


 VAT deduction at the month end by the system
 Fee and charge definition for different services
 Interest calculation on deposit accounts
 Revenue sharing between parties i.e Bank, Agents
Review Questions

1. Multiple Choice Questions (MCQ)

i) Recommended temperature for a Data Center is ….. degree C and humidity is ….. %
a) 10, 38 b) 20, 70 c) 25, 50 d) 20, 50

ii) Higher data transfer rate is found in ……


a) LAN b) Internet c) WAN d) VSAT

iii) A router is used in …..


a) LAN b) Internet c) WAN d) Hard Disk

LE
iv) A VSAT is used in …..
a) LAN b) Internet c) WAN d) Router

SA
v) The largest WAN is ……
a) ICT Ministry Network b) Facebook network c) Internet d) SWIFT

vi) The most popular implementation of RAID is level …..


a) Level-5 b) Level 0 c) Level 1 d) Level 0+1
R
vii) Which of the following is not a part of LAN?
FO

a) Router b) Network Switch c) LAN d) Computer

viii) Which of the following is not a transmission media of LAN?


a) Coaxial Cable b) Wi-fi c) Fiber Optic Cable d) VSAT
T

ix) Which of the following is the transmission media of WAN?


a) Microwave b) Wi-fi c) Coaxial Cable d) Twisted-Pair Cable
O

x) Firewall is used in a WAN for which of the following?


N

a) Additional Bandwidth b) Additional Security


c) Additional distance d) Additional Accuracy

xii) Where a Dark Fiber is used?


a) Between DC and DRS b) In a wi-fi
c) Between LAN and WAN d) In computer programming

xiii) Why a SAN switch is used?


a) To connect Servers with a Storage
b) To connect WAN and LAN
c) To connect two cities
d) To connect two bank branches
2. Fill in the Gap(s)

i)The run length of individual Ethernet Cables in LAN is limited to roughly 100 meters.

ii)LAN follows either peer-to-peer or client/server architecture?

iii) For setup of an ICT infrastructure of a bank having 50 branches, the approximate
budget requirement is Taka 500 - 1000 million.

iv) In the LAN-based approach of bank automation, Unix or Novel operating systems was

LE
used. The data was stored in a server as flat file or database either ----- or dBase. The
application software was written in COBOL, FoxPro or dBase.

v) Nexus Gateway was lunched for the first time in Bangladesh by Dutch-Bangla Bank in

SA
the year of 2010.

vi)Rocket was the first MFS in Bangladesh launched by Dutch-Bangla Bank on 31 March, 2011.

vii) Near Data Center is a Data Center established in the same city where main Data Center is located.
R
viii) The DRS should have capability to become primary site automatically in case the Data Center
FO

is in disaster.

ix) One of the common data center certification awarded by the “Uptime Institue” is Tier
certification.
T

x) A WAN connects two or more local area networks (LAN).


O

xi) The largest WAN in existence is the Internet.

x) Bandwidth of a VSAT is small than that of Radio Link.


N

xi) DMZ in Computer Networking stands for De-militarized Zone (DMZ).

xii) In the 3-tier architecture of computer programming technique, normally


user’s computer terminals, application server and database server are involved.

xiii) P2G stands for Person to Government.


Module-C
Alternative Delivery
Channels & Funds
Transfer Systems

LE
Data Center (DC), Near DC,
Disaster Recovery Site (DRS),
Data Center Standards and
Certifications, Computer

SA
Networking, IT Systems,
Storage, Database and backup
systems for ICT in FIs,
Computerization approaches,
Various Software Systems Like
R
Core Banking, Switching,
Credit Card, Payment
FO

Gateway, Mobile Financial


System and Agent Banking
Software.
T
O
N
1. Name 10 channels for alternative delivery of banking services and 7 fund transfer
systems.
Answer:

 ADC CHANNELS:
ATMs CRMs Deposit Machines POS terminals Internet Banking
Mobile Financial
SMS alert Banking E-commerce Call Centre Agent Banking
system (MFS)

 FUND TRANSFER SYSTEM:

LE
Telex SWIFT BACH BACPS BEFTN
NPSB RTGS CHIPS FEDWIRE BANKWIRE

2. List 5 components of an ATM.

SA
Answer:

Computer Display Card Reader Protocol


Printers Dispenser Security Key Pad

3. What is the function of a cash dispenser in ATM?


R
Answer: Dispenser is a unit which counts and dispenses money. Dispenser uses vacuum pick or
FO

Friction Pick technology for counting and dispensing money.

4. What services a customer gets from an ATM?


Answer: The cardholders can perform many banking activities using an ATM as listed below:
T

 Cash withdrawal
 Card less cash withdrawal
O

 Fund transfer from one account to another


 Interbank fund transfer
 Receiving foreign remittance
N

 Balance enquiry
 Printing Statement of account
 Cheque book request
 Utility Bill Payment
 Mobile recharge

5. Mention the function of a card reader in ATM.


Answer: The card reader is very important parts of an ATM. The card reader reads card number, date
of expiry, banks identification number etc from the Meg-stripe or Chip of the card. Customer use PIN
(Personal Identification Number) for accessing in his/ her own card.
6. How ATM works in case of ON-US debit card transaction and ON-US credit card
transaction?
Answer:

 ON-US DEBIT CARD TRANSACTION: First the Switching Software checks the validity
(card number exists in the database, date does not expire etc), status (not a stolen or hot card)
and PIN of the card. If all the checks are passed, the corresponding account number and amount
are passed into the Core Banking system of the Bank with a request to make debit in the
account. If the Core Banking System found available fund than it debits the account for the
amount, and send an authorization code to the ATM via Switch. ATM, then count the money
and presents to the customer.

LE
 ON-US CREDIT CARD TRANSACTION: For the credit card the Switch does not check
anything but pass the information to the Credit Card System. The Credit Card System checks
the validity (card number exists in the database, date does not expire etc), status (not a stolen
or hot card) and PIN of the card. If all the checks are passed, and the Card account has sufficient

SA
available credit limit, the Credit Card System debits the card account for the amount, and send
an authorization code to the ATM/CRM via Switch. ATM/CRM, then count the money and
present to the customer.

7. How ATM works in case of not-on-us transaction using an international credit card?
R
Answer: If the transaction is not on-us and the card is an international one, it forwards the transaction
to the appropriate payment association (Visa, MasterCard, JCB, Union Pay etc). The payment
FO

association forward the transaction to its member bank, the Switch of which verifies the card validity,
status, PIN etc and obtains authorization code from its Core Banking System or Credit Card System
and passes this code to the ATM/CRM via payment association and Switch of the acquiring bank.

8. Mention the differences between a lobby type and the through-the-wall type ATM.
T

Answer:
O

THROUGH-THE-WALL
LOBBY TYPE ATM
TYPE ATM
N

• Requires small space to install • Requires large space


• Cash is loaded from the front side • Requires two compartments
• Requires only one room • Cash is loaded from the rear side
• Requires one unit of AC • Front & back a separate door and Air
conditioning (AC) system

9. Why a printer is required in ATM?


Answer: Normally ATM comes with Two printers a Consumer Printer and a Journal Printer. The
consumer printer prints the slip after every transaction for the customers whereas the Journal Printer
resides inside the ATM/CRM and prints all the transactions with fail / successful status.
10. Which technology is used for counting and dispensing money from ATM?
Answer: Dispenser is a unit which counts and dispenses money. Dispenser uses vacuum pick or
Friction Pick technology for counting and dispensing money.

11. Which safe is stronger – UL291 or CEN? Why?


Answer: CEN is stronger than UL291.

12. Why number of times cash is refilled in CRM is lower than that in ATM?
Answer: Unlike an ATM that just allows cash withdrawal, a CRM accepts cash. Sometimes it may
require to remove cash from the CRM if amount of cash deposit is more than cash withdrawal.

LE
13. How bank resolve the issue of cash non-dispensed, but account is credited?
Answer: Sometimes due to error in dispenser or bad note quality, the ATM/CRM can’t count all the
notes requested by the customer. In such a case, normally the ATM/CRM sends a reversal request to

SA
the authorizer via Switch and the authorized credit the non-dispensed amount into the customer
account.

14. What is a reject bin and why it is used?


Answer: After money is presented to the customer, the ATM/CRM beeps and waits for 45 seconds. If
R
the customer does not receive money within this time period, the ATM/CRM captures the money and
keeps in a cassette called “reject bin”.
FO

15. What kind of connectivity is use in ATM?


Answer: The ATM/CRM requires a small bandwidth like 16 Kbps. for that reason easy and cheap
media for ATM/CRM transaction is mobile data network or fiber optic for data connectivity.
T

16. What is hot card?


O

Answer: If a cardholder inserts wrong PIN 3 times, the ATM/CRM captures the card and the card
become hot.
N

17. List the different expense heads of an ATM booth.


Answer: The monthly recurring expenditures are as under:

 Rent of the booth  Maintenance charge for ATM/CRM, UPS, CCTV, AC and booth
 Electricity cost  Proportionate Switching System cost
 Link charge  Proportionate Data Centre manpower and maintenance cost
 Cash sorting and feeding charge  Salary of 3 Security Guards engaged in 3 shifts

The one-time cost may vary from Taka 2.00-2.50 million and the monthly recurring cost may vary
from Taka 80,000 - 100,000 per ATM/CRM.
18. How skimming happen and how this can be stopped?
Answer: Skimming is a method used by thieves to capture
payment and personal information from a credit card holder.
Skimming device, mounted on the card entry slot, reads the
bar code of the card. The mini camera records PIN as the
cardholder enters his PIN. After having all those information
fraudster makes a new card and uses it to withdraw money
from the customer’s account.

PREVENTION: skimming can be stopped by using anti-


skimming device which crates vibration while card is
inserted. This vibration prevents reading and recording of

LE
card information by the skimmers by installing a skimming
machine.

19. ATM + CDM = CRM. Explain.

SA
Answer: A Cash Recycling Machine (CRM) is a specialized type of automated teller machine (ATM)
that not only dispenses cash but also accepts deposits and can sort, count, and authenticate deposited
banknotes for reuse in future cash dispensing transactions. In short CRM (Cash Recycling Machine)
= ATM (Automated Teller Machine) + CDM (Cash Deposit Machine).
R
20. How a POS terminal is used for settlement of merchant bill?
Answer:
FO

 SETTLEMENT OF MERCHANT BILL:


 The cardholder purchases goods or services from the merchant.
 The payment processor sends the transactions to the acquiring bank (bank that handles card
payments for merchants)
T

 The acquirer then submits the transaction to the issuing bank for payment via Central
Bank’s or Payment Association’s interchange and settlement system.
O

 The funds are deposited in the merchant’s account, and the acquiring bank sends
transaction details to the issuing bank.
N

 The card brand transfers funds from the issuing bank to the acquiring bank
 The transaction is posted on the cardholder’s credit card statement
21. How a POS terminal id connected to server in datacenter?
Answer:

 DATA CENTER SERVER CONNECTION: A POS terminal can communicate with Data
Center using PSTN line or GPRS. PSTN POS terminal requires a telephone line for
communication whereas the GPRS POS terminals uses mobile SIM card for communication.
When a card is swipe or inserted the POS terminal dial to a set number and get connected with
the modem pool of Data Center. After connection, the exchange of information happens.

22. Describe following functions of a POS terminals: Sale, Void, Refund, Pre-auth,
and Cash Advance.
Answer:

LE
 SALE: Customer pays for merchandise or service from his/her account.
 VOID: Before end of day (Settlement), merchant can cancel the sale and give the money back.
 REFUND: After end of day (Settlement), merchant can cancel the sale and give the money

SA
back.
 PRE-AUTHORIZATION: Merchant can block some amount of money from the customer's
account for a specific time.
 CASH ADVANCE: Customer can use POS to get money from the account. Merchant will
R
give the money to customer instead of goods or service.
FO

23. Describe how a not-on-us transaction occurs in a POS terminal.


Answer: If customer of another bank makes a transaction at the POS of our Bank, the transaction is
called off-us or not on-us. For example if a customer of Bank-B makes a transaction at the POS of
Bank-A, then the transaction is termed as off-us or not on-us at Bank-A. However this transaction will
be termed as remote on-us at Bank-B.
T

24. Describe the following: PIN Pad, Merchant Commission, Interchange fee.
O

Answer:
N

 PIN Pad: A PIN pad is required with the POS terminal for cardholder to insert and encrypt his
PIN. To accept Debit card at the POS terminal, the POS terminal must have separate or built-
in PIN Pad.
 MERCHANT COMMISSION: A commission in percentage on the sale value, which the
merchant pays to the bank that supplied the POS terminals.
 INTERCHANGE FEE: Interchange fee is a term used in the payment card industry to
describe a fee paid between banks for the acceptance of card-based transactions. The
interchange fee is fixed by the central bank or payment associations, such as for MasterCard,
this is, say 1.16%.
25. Narrate the different types of frauds found in POS terminal and their remedies.
Answer:

 TRUE FRAUD: One of the most well-known types of POS fraud is what’s commonly
referred to as true fraud. In these cases, a criminal may use a stolen credit card to make a
purchase in-person or online.
 CHARGEBACK FRAUD: With this method, a customer will use their credit card to make
a legitimate payment for a good or service but will later contact their bank to deny having made
the payment.
 COUNTERFEIT CARDS: In this method fraudsters can get legitimate card details from

LE
skimming. By using this card information fraudsters can purchase goods which is easily
saleable in market.

Prevent POS Fraud: there are a few key ways to help minimize the risk of point-of-sale fraud and

SA
reduce chargebacks.

 REQUIRE VALIDATION: To prevent fraud, businesses should require customer


authentication. For in-store debit card purchases, customers should be asked to use their PIN.
R
For purchases made online or by telephone, customers should be asked for their CVV code —
the three- or four-digit code located on the back of their payment card.
FO

 UPGRADE POINT-OF-SALE TECHNOLOGY: EMV chip and NFC


technologies are an added step to help prevent fraudulent transactions. Because EMV chip
terminals can read the encrypted data stored on the microchip embedded in the card, they are
able to detect and decline counterfeit cards.
T

26. What are the different type of cards? Describe any two of them.
O

Answer: There are many varieties of cards. Most popular cards are listed below:
N

CREDIT CARDS DEBIT CARDS PRE-PAID CARDS ATM CARDS

 PRE-PAID CARD: These are cards that the customer load with cash and them then use the
card as an alternative to cash. These are generally used for small purchases or to buy on the
Internet.
 ATM CARDS: These are also known as a cash card, cash dispenser card or cash machine
card. This card is used in an ATM for cash withdrawals and other banking services.
27. Define the following in relation to cards: Issuer, Acquirer, On-Us transaction, Not
on-us transaction, Remote on-us transaction, Charge back.
Answer:

 ISSUER: The Bank or an organization which issue card is called issuer.


 ACQUIRER: The Banks or payment organizations which install ATM or POS terminals at
merchant locations are called Acquirer.
 ON-US TRANSACTION: In a transaction, if the issuing and acquiring banks are same, then
the transaction is called ON-US transaction.
 OFF-US OR NOT ON-US TRANSACTION: If customer of another bank makes a
transaction at the ATM / POS of our Bank, the transaction is called off-us or not on-us.
 REMOTE ON-US TRANSACTION: If customer of our bank makes a transaction at the

LE
ATM / POS of their Bank, the transaction is called remote on-us at our bank.
 CHARGE BACK: With this method, a customer will use their credit card to make a legitimate
payment for a good or service but will later contact their bank to deny having made the
payment.

SA
28. What is EMV? How it is secured? Why banks should move to EMV? What are the
differences between an EMV card and Chip card?
Answer: EMV stands for Europay-MasterCard-Visa. Europay, MasterCard and Visa jointly devised
a security mechanism called EMV. In an EMV card the information are stored in the computer chip
R
using some computer algorithm which is very difficult to copy and retrieve. EMV has some computer
logic prescribed and certified by Europay, MasterCard and Visa.
FO

 MOVE to EMV:
 EMV is proven to reduce losses related to fraud
 EMV technology is decades more advanced than magnetic stripe
 EMV limits your business liability
T

 Upgrading opens doors to other advanced technologies


 Improve customer experience at the point of sale
O

EMV is a set of global standards that make credit card and debit card processing more secure.
Equipped with a better understanding of the importance of secure payments banks should move to
N

EMV.

 EMV CARD AND CHIP CARD:


EMV CARD CHIP CARD
EMV has two-way communication Magnetic strip only has one-way communication
Information very difficult to copy and retrieve Information Retrieve from a magnetic strip is easy.
The card nearly impossible to clone. The card easy to read and make clone.
Computer logic prescribed and certified No such facilities
Most secured card in the world Security is not that strong
Information are stored with encryption Information are stored without encryption
Has both magnetic strip and chip Has only magnetic strip
29. What is Liability Shifting?
Answer: EMV has announced a rule called Liability Shifting, which said that if a fraud is occurred,
the non-EMV party will always be responsible for the fraud, thus non-EMV party has be pay the fraud
money to the EMV party. Thus if a customer uses an EMV card anywhere in the world, and if fraud
occurs in any non-EMV ATM or POS terminals using his card number, the customer and his issuer
are always safe.

30. Name five international payment associations.


Answer: Plastic Money can be classified by payment associations / systems or card associations. The
most famous payment associations / systems are MasterCard, Visa, Amex, JBC, Dinar Club,
Discover and Union Pay of China.

LE
31. What are the source of income of a bank from credit card business?
Answer: Banks and credit unions, who are responsible for issuing cards, make money from card
holders who pay interest, annual, late fees and more. They also make money from merchants who
want to accept debit or credit cards, collecting merchant processing fees from on their card-based sales.

SA
 SOURCES OF INCOME FROM CREDIT CARD ISSUING:
 Card issuance fee
 Annual / Renewal fee
R
 Card replacement fee
 PIN re-issue fee
 Interest on Outstanding debit balance
FO

 Late payment fee


 Cash advance fee

32. What do you mean by card personalization? Define card encoding and card
embossing.
T

Answer: Card Personalization means making physical changes to a card such as printing on a cards
surface using die-sub lamination, retransfer or inkjet printing process, laser engraving and adding a
O

foil stamp hologram. Depending on the type and purpose of plastic cards, one can choose various types
of personalization:
N

 Encoding of chip-module
 Recording of information on the magnetic strip or microchip.
 Recording on magnetic strip (HiCo, LoCo)
 Imprinting of unique numbers (pin, login) covered with scratch-strip by means of thermo-
printer or bubble jet
 Embossing with tipping
 A method of mechanically pressing information comprising from letters and digits onto a
plastic card; allows significantly faster payment by imprinting a slip on it.
 Imprinting of bar code
33. What are the standard rules to follow by Internet Banking clients?
Answer: When the customer accesses i-Banking for the first time, the system will ask for changing
his password. The customer must change the password as per the password policy of the bank. For
example a bank may have adopted the following password policy:
 Length must be min. 6 - max. 12 characters
 User ID is not allowed as a part of the password
 Password should have at least 1 upper case, at least 1 lower case, 1 numeric digit and no
symbolic characters
 Number of identical characters: 2
34. List a few functions of an Internet Banking.
Answer: The customers can perform almost all types of banking activities through i-Banking except
cash transactions. The followings are some i-banking functions:

LE
 Account Summary  Early and Final Settlement
 Account Details  Third Party Transfers
 Transfer Funds  Cheque Book Request

SA
 Open new account  Change Password
 Close account  Letter of Credit – Initiate
 Loans Repayment

35. What are the common frauds in Internet Banking and how these can be
prevented?
R
Answer: Some common frauds in internet banking are:
FO

 Can get the number, outstanding balance and transaction history of all the accounts maintained
by the customer in the bank
 Can transfer the money from customer’s one account to the customer’s another account or to
an utility company’s account
 Can transfer the money from customer’s account to the fraudster’s account and withdraw
money from ATM
T

To protect the customers from above frauds, Banks may also introduce a mandatory 2-factor
authentication for a 3rd party transfer and LC transmission.
O

36. How phishing is used in collecting Internet Banking log-in ID and Password?
N

Answer: Phishing is collection of user PIN by presenting a fake web-site address to the user. Phishing
is a form of social engineering and scam where attackers deceive people into revealing sensitive
information or installing malware such as ransomware. Attackers commonly use phishing emails to
distribute malicious links or attachments that can extract login credentials, account numbers and other
personal information from victims.

37. What is a digital signature? Where and why it is used?


Answer: Digital Signature is signing or encrypting a message or transaction by sender electronically
using his private key which can only be read or decrypt by the receiver using the sender’s public key.
A digital signature is intended to solve the problem of tampering and impersonation in digital
communications. Digital signatures can provide evidence of origin, identity and status of electronic
documents, transactions or digital messages. Signers can also use them to acknowledge informed
consent.
38. What is a two-factor-authentication? How this prevent Internet Banking fraud?
Answer: Two Factor Authentication is an extra layer of protection used to ensure the security of online
accounts beyond just a username and password. In two factor authentication customer must
authenticate a transaction using two factors, one is Password and another may be a Token which is
called Cryptographic or USB or Hardware TOKEN.

Two-factor authentication means that whatever application or service you’re logging in to is double-
checking that the request is really coming from you by confirming the login with you through a
separate venue. If a password is hacked, guessed, or even phished, that’s no longer enough to give an
intruder access: without approval at the second factor, a password alone is useless.

39. How Internet Payment Gateway works?

LE
Answer:

 Customer places order: The


customer browses an online store, selects

SA
the products they wish to purchase, and
proceeds to check out.
 Customer enters payment
information: At checkout, the customer
enters their payment information, such as
credit or debit card details, into the
R
payment gateway provided by the online
store.
FO

 Payment authorization: The


payment gateway sends the payment
information to the payment processor,
which verifies the information with the
customer’s bank or credit card issuer to
T

ensure that the payment can be


authorized.
O

 Payment approval: If the


payment information is verified and
authorized, the payment processor sends
N

an approval message to the payment


gateway, which then notifies the online
store that the payment has been approved.

 Order confirmation: Once the payment has been approved, the online store confirms the
customer’s order and sends a confirmation message to the customer.
 Settlement: The payment processor settles the payment with the merchant’s bank account,
usually within a few business days.
 Payment reconciliation: The online store reconciles the payment with the order and ensures
that the payment matches the order amount.
40. How an OTP can secure an e-commerce transaction?
Answer: Because an OTP is valid for only a short period of time (usually a few minutes) and can be
used only once, it greatly reduces the chances of fraudulent transactions. Even if a malicious actor
were to gain access to a user's account credentials, they would still need the OTP to complete a
transaction, which adds an extra layer of security.

41. What are the common frauds in e-commerce transaction and what are the possible
remedies?
Answer: Common frauds in e-commerce transactions include:

 Identity Theft: Criminals may use stolen personal information to create accounts or make
purchases in someone else's name.

LE
 Remedy: Implement strong authentication measures such as two-factor authentication
(2FA) and one-time passwords (OTPs). Educate users on the importance of using strong,
unique passwords.

SA
 Phishing: Fraudsters may send emails or create websites that look like they belong to a
legitimate e-commerce business, in an attempt to trick users into providing sensitive
information.
 Remedy: Educate users about the dangers of phishing, encourage them to verify website
URLs before entering personal information, and use security technologies like SSL
certificates to secure data.
R
 Repudiation: This happens when a customer makes a purchase and then disputes the charge
with their credit card company, often claiming that they didn't make the purchase or didn't
FO

receive the goods.


 Remedy: Digital signatures are a key component in achieving non-repudiation in digital
communications. When a message is signed with a digital signature, it provides proof of
the sender's identity and ensures that the message hasn't been altered in transit.

 Credit Card Fraud: This occurs when a criminal uses stolen credit card information to make
T

unauthorized purchases online.


 Remedy: Implement secure payment processing systems, use CVV checks and Address
O

Verification System (AVS), and monitor for suspicious activity that could indicate a stolen
card is being used.
N

42. Mention five MFS activities. Describe any two of them. Why transaction limit is
imposed in MFS? Why MFS is not cheap for customers?
Answer: The MFS activities are summarized below:

 Customer registration: Registration of Agents and Merchants by the bank officers and
registration of consumers by the Agents. Customer means Consumers, Agent and Merchants.

 Cash: Cash-in/Cash-out through Cash Point (Agent), Bank Branch and ATM
 P2P (Person to Person): Fund Transfer from one customer’s mobile account to the mobile
account of another customer (domestic remittance). Fund transfer between bank account and
mobile account of the same customer is also possible.
 P2B (Person to Business): Utility Bill payment, Educational fee payment, Mobile Top Up,
Merchant payment, purchase of Bus/Railway/Airline ticket and Cinema Ticket

 B2P (Business to Person): Salary disbursement by corporate bodies / Industries / Office etc.
and sending foreign remittance to the mobile accounts by the foreign exchange houses.

 P2G (Person to Government): Payment of income tax, city corporation tax etc.
 G2P (Government to Person): Disbursement of salary of the primary teachers, elderly
allowance and freedom fighters’ allowances etc.

As the communication using the mobile platform is not 100% secure, the banks do not allow big
amount and large number of transactions using mobile channels. Transaction limits in MFS are
imposed to manage financial risk, comply with regulatory requirements, protect customers, maintain
operational efficiency, and promote financial inclusion.

LE
Mobile Financial Services (MFS) may not always be cheap for customers due to several reasons like
high Operating Costs, Managing a large group of Agents, The initial cost is very high due to high cost
of necessary software and hardware. While MFS has the potential to provide convenient and accessible
financial services, the costs associated with operating and maintaining the platform, complying with

SA
regulations, managing risks, and offering value-added services can make it more expensive for
customers.

43. What are the differences among Bank-led, Non-Bank-Led and Bank-NBFI-Govt-
Lead MFS models?
R
Answer:

BANK-LED/ BANK-NBFI NON-BANK-LED/ TELCO-LED


FO

GOVERNMENT-LED MODEL
Bank is responsible for customers KYC Mobile company is responsible for customer's KYC
Bank is custodian of each customer’s money and Mobile company is custodian of each customer’s
information money and information
Bank-NBFI-Government has at least 51% of the Mobile company has total ownership
share
T

44. Describe difference between SMS and USSD connectivity media for MFS.
O

Answer:
N

ITEMS SMS USSD


Data The default data format is The default data format is
Format simple plaintext unstructured
Encryption There is no end-to-end End-to-end encryption
encryption between client and presents between client and
bank server bank server
Data SMS is first store data and USSD does not store data
Storage forward to service anywhere
Session SMS Banking is not session- Mobile banking is session-
oriented oriented
Security SMS is not a secured media USSD is reasonably secured
45. What is an Agent Banking? What are the objectives of introduction of Agent
Banking in Bangladesh? Write a para on the history of Agent Banking. What is the
strategy behind introduction of Agent Banking in Bangladesh? Write the resent
status of Agent Banking in Bangladesh with respect to Number of Outlets, accounts,
banks in Agent banking, and amount of deposit, Credit and inward foreign
remittance. Describe Distribution-Led model of Agent Banking.
Answer: An agent bank is a financial institution that acts on behalf of other banks, typically in a
correspondent banking relationship. In this role, the agent bank purpose is to provide various services
to the correspondent bank

Objective: The objective of Agent banking is to provide banking services to people where banking
services is yet to reach or where expansion of Bank branches is not financially viable. Agent banking

LE
is a cost effective alternative to a bank.

History: Agent banking, inspired by initiatives in South American countries like Brazil, was
introduced in Bangladesh in 2013 by the Bangladesh Bank. In 2017, comprehensive Prudential

SA
Guidelines were issued to regulate agent banking operations in the country. These guidelines cover
aspects such as agent approval, permissible activities, responsibilities of banks and agents, AML/CFT
requirements, customer protection, and business continuity. Following Bangladesh's lead, other
countries like India, Malaysia, Kenya, Pakistan, and the Philippines gradually introduced agent
banking to foster financial inclusion.
R
Strategy: Agent banking in Bangladesh aims to provide a secure, alternative delivery channel for
banking services to the underprivileged and underserved rural population. Initially focusing on deposit
FO

collection, agent banking has evolved to strengthen the rural economy and facilitate digital inclusion
by offering services like lending. Despite a high number of banks, banking services' reach to the
grassroots level remains low. Bangladesh Bank has mandated private banks to open rural branches,
addressing the issue of unbanked rural areas. Agent banking has significantly increased rural
engagement with banks, transaction volumes, and low-cost deposits, and improved living standards.
T

Plans are underway to expand these services to more remote areas, solidifying agent banking as a
potential alternative financial service channel for rural populations and contributing to national
O

economic development.

Recent Status: Agent banking in Bangladesh, introduced in 2016, has swiftly gained popularity
N

among customers, prompting 30 commercial banks to adopt this alternative financial service. As of
June 2022, 16.1 million accounts were opened with deposits totaling Tk280,853.18 million. Its success
is attributed to simplicity, cost-effectiveness, and the comprehensive services it provides, especially
in remote areas. Moreover, it facilitates convenient remittance channels, with Tk970,481.82 million
inward remittances recorded till June 30, 2022. Recently, banks have expanded services to include
small loans, with Tk76,456.33 million disbursed so far.

Distribution led model: In this model money flows from bank to distributor to Outlet to Customer
and vice versa. Agent works as distributor and its main duty is to rebalance the sub-agents or outlets.
Thus outlet does not need to go to the bank branch for rebalancing. Bank’s field forces are posted for
supervision and Auditing the Agents and Sub-Agents and market development.
46. Differentiate between the models: Unit agent model and bank led model.
Answer:

 UNIT AGENT MODEL: In the unit agent model, the unit agents are outlets which does not
carry business under an Agent, but reports directly to the Business Development Office. In this
case money flows from bank to Outlet to Customer and vice versa.

 BANK LED MODEL: The Bank led model is almost similar to the Unit agent model, but
there is no Business Development Center, but one or two of the Bank’s own officials sit in the
Outlet and directly monitor and assist the agent outlet. Outlet. If the branch of a particular bank
is far away from the Agent Outlet, it become very difficult to rebalance the cash.

47. What are differences among: Agent, Sub-Agent and Unit Agent?

LE
Answer:

 AGENT: Agent refers to the entity which will be appointed by a bank to run the agent banking
activities.

SA
 SUB-AGENT: Sub-agent is the entity which will work under the agent and run the agent
banking activities in a specific outlet of bank at the customer end point.

 UNIT AGENT: The unit agents are outlets which does not carry business under an Agent, but
reports directly to the Business Development Office.
R
48. What kind of banking services are allowed in Agent Banking? Which banking
FO

services are not allowed in Agent Banking?


Answer:

 SERVICES OF AGENT BANKING:

 Account opening
T

 Cash deposit and cash withdrawal


 Inward foreign remittance disbursement
O

 Sourcing, disbursement and collection of repayment of loans


 Collections of bills/utility bills
 Collection of insurance premium
N

 Fund Transfer
 Withdrawal from ATM
 Balance enquiry
 Statements
 Any other activity as Bangladesh Bank may prescribe from time to time.

 RESTRICTION OF AGENT BANKING:

 Issuance of Loans
 Offering Investment Advice
 Handling Complex Transactions
 Foreign Exchange Transactions
 Issuing Bank Guarantees or Letters of Credit
49. Mention a few of the challenges of Agent Banking.
Answer:

 Failure of Customer’s information verification


 Lack of seamless Internet Connectivity
 Lack of awareness of financial literacy
 Competition Aggressiveness
 Take longer time to become profitable
 People in rural areas are still unaware of the banking system
 Agents often encounter fraud during carrying cash on their own

50. What is the abbreviation of SWIFT? What are the three different categories of
membership in SWIFT?

LE
Answer: SWIFT: Society for Worldwide Interbank Financial Telecommunication

 CATEGORIES:

 Member: Any organization which is involved in international financial message

SA
transmission, may become a member.

 Sub-members: A separate legal entity at least 90% directly or 100% indirectly owned by
a member, or foreign branches of a member institution.

 Participants: The participants are generally one of the following companies: Brokers and
R
Dealers in securities, exchanges for securities, Money brokers etc
FO

51. Why a bank should become a member of SWIFT? How SWIFT works? What are
the drawbacks of SWIFT?
Answer: The SWIFT provides a network that enables financial institutions worldwide to send and
receive information about financial transactions in a secure, standardized, and reliable manner. It
provides a trusted and standardized way of communicating financial information with Standardization,
T

Secure, Efficient, Reliable, which is crucial in the global financial ecosystem. Becoming a member of
SWIFT is often essential for a bank that wishes to operate internationally and engage in cross-border
O

transactions.

SWIFT payments are transactions made through an intermediary bank that allows you to send/receive
N

electronic payments internationally. The SWIFT network doesn't actually transfer funds, nor is it a
banking system, rather, it sends payment orders between banks using SWIFT codes. All banks engaged
in a SWIFT transfer will move funds from one account to another based on an underlying network of
NOSTRO and VOSTRO accounts. This refers to accounts that banks have opened up with each other
for the sole purpose of executing SWIFT transactions.

The SWIFT has some flowing drawbacks:

 Its one-time cost and annual support charge are high.


 Slow transaction processing – can take up to 5 working days.
 Higher fees due to multiple banks involved in transactions.
 Currency exchange fees added to the total cost.
52. What are the abbreviations of the followings: a) BACH, b) BACPS, c) BEFTN, d)
NPSB, e) RTGS.
Answer:

 BACH: Bangladesh Automated Clearing House


 BACPS: Bangladesh Automated Cheque Processing System
 BEFTN: Bangladesh Electronic Fund Transfer Network
 NPSB: The National Payment Switch Bangladesh
 RTGS: Real Time Gross Settlement

53. What are the demerits of manual clearing house? What was the solution to these

LE
issues?
Answer: Manual clearing has the disadvantages like:

 Physical movement of Instrument is required

SA
 There is a time delay for several days even within same clearing house
 To clear instruments of outside clearing houses, OBC process takes 1 to 3 weeks’ time
 Many manual process & duplication of work
 Weak MIS.
R
The Solution is Bangladesh Automated Clearing House which is a computer network-based clearing
and settlement system to exchange of electronic bank instruments among the participating bank.
FO

54. What are the benefits of BACPS? What transactions can be performed using
BEFTN?
Answer:

 BENEFITS OF BACPS:
T

 Since Instruments do not travel, it is fast


 Instruments of any areas are cleared in a day – it is a centralized solution
O

 High Value clearing for all areas


 Higher efficiency, lower cost
 Higher customer satisfaction
N

 Strong MIS

 BEFTN FUNCTIONS: BEFTN went live on February, 2011. BEFTN facilitates the
transaction of funds between the banks electronically. It handles transactions like:
 Payroll
 Foreign remittance
 Domestic remittance
 Company dividends
 Retirement benefits
 Corporate payments
 Government allowances
SHORT NOTE
Automatic Transaction Machine (ATM)
An ATM, or Automated Teller Machine, is an essential banking tool that provides customers with 24/7 access
to their bank accounts. It allows for cash withdrawals, balance inquiries, and transfers between accounts,
among other functions. Conveniently placed in various public locations, ATMs offer quick, secure
transactions, reducing the need for in-branch visits. While offering significant benefits, ATM users should
exercise caution and remain vigilant to protect themselves from potential security risks such as fraud or theft.

LE
Cash Deposit Machine (CDM)
A Cash Deposit Machine (CDM) is a self-service kiosk that allows customers to deposit cash directly into

SA
their bank accounts. Conveniently available 24/7, CDMs provide a quick and secure alternative to traditional
bank tellers. Customers simply insert their bank card, enter their personal identification number (PIN), and
deposit the cash, which is instantly credited to their account. While CDMs have streamlined the deposit
process, users should still take precautions to ensure their transactions are secure and accurate.
R
Cash Recycling Machine (CRM)
A Cash Recycling Machine (CRM) is an advanced financial service kiosk designed to streamline banking
FO

transactions. It not only accepts cash deposits from customers but also recycles the deposited notes for future
withdrawals. This reduces the bank's dependency on external cash replenishment services. Customers can use
the CRM to deposit cash, check their account balance, and withdraw funds, all in one machine. With its dual
functionality, CRMs enhance operational efficiency and provide a secure, convenient banking experience.
T

Point‐of‐Sale (POS)
O

Point-of-Sale (POS) terminals are electronic devices used by businesses to process card transactions. They
are commonly found in retail stores, restaurants, and other establishments that accept card payments.
N

Customers simply swipe, dip, or tap their card on the POS terminal, which then securely processes the
transaction by communicating with the customer's bank. POS terminals have become essential in modern
commerce, offering convenience for both customers and businesses by enabling seamless and secure cashless
transactions.

Debit card
A debit card is a plastic card linked to a checking or savings account, allowing users to make purchases and
withdraw cash electronically. When a purchase is made, the amount is directly deducted from the linked
account. Debit cards come with a Personal Identification Number (PIN) for secure transactions and can also
be used for contactless payments. They provide a convenient alternative to cash, offering ease of use and
safety for everyday purchases and ATM transactions.
Credit Card
A credit card is a financial instrument that allows users to borrow money up to a predetermined limit for
purchases or cash advances. It provides the convenience of deferred payment, where the user can pay the full
balance by a due date or make minimum payments over time, often with interest. Credit cards often come
with rewards, cash back, or miles, adding value to transactions. They also offer security features and fraud
protection, making them a popular choice for online and in-person purchases.

SMS Banking
SMS Banking is a convenient financial service that enables customers to access and manage their bank
accounts via text messages. By sending specific keywords or codes to their bank, users can check account

LE
balances, receive transaction alerts, and even conduct simple transactions such as fund transfers. SMS
Banking is particularly useful for those without internet access, providing a secure and efficient way to stay
informed and manage finances on the go.

SA
Alert Banking
Alert Banking is a proactive service that provides real-time notifications to customers about their bank account
activity. These alerts, which can be received via SMS, email, or push notifications, include information about
transactions, account balances, and potential security issues. By keeping customers informed about their
R
financial activities, Alert Banking enhances security and helps users manage their finances more effectively.
It is particularly useful for detecting and preventing fraudulent activities in a timely manner.
FO

E‐commerce
E-commerce, or electronic commerce, refers to the buying and selling of goods and services over the internet.
It enables businesses and customers to interact in a digital marketplace, eliminating the need for physical
stores. E-commerce platforms, such as online shops and marketplaces, provide a wide range of products and
T

services, often at competitive prices. The convenience of shopping from anywhere, secure online payment
options, and the ability to compare prices have contributed to the rapid growth of e-commerce globally.
O

M‐commerce
N

M-commerce, or mobile commerce, refers to the use of mobile devices like smartphones and tablets to conduct
commercial transactions online. It encompasses a variety of activities, including shopping, banking, and
payment processing, all optimized for mobile platforms. M-commerce leverages the convenience and
portability of mobile devices, allowing users to access services on-the-go. With features like mobile apps,
digital wallets, and one-click purchasing, m-commerce provides an enhanced and seamless user experience,
driving significant growth in digital consumer behavior.
Mobile Financial Services (MFS)
Mobile Financial Services (MFS) refer to financial services that are accessed and delivered through mobile
devices such as smartphones and tablets. This includes a range of services such as mobile banking, mobile
wallets, and mobile payments. MFS enables users to conduct financial transactions, manage their accounts,
and access financial information from virtually anywhere, providing convenience and accessibility. MFS is
particularly popular in regions with limited banking infrastructure, as it can provide financial inclusion to a
larger population.

Agent Banking
Agent Banking refers to a model where banks utilize authorized agents or third-party representatives to

LE
provide financial services in areas with limited banking infrastructure. Agents, often situated in local retail
stores or post offices, facilitate a variety of banking transactions such as deposits, withdrawals, bill payments,
and account opening. By leveraging the agent network, banks can extend their reach to remote or underserved
communities, promoting financial inclusion and offering greater accessibility to banking services for a wider

SA
population.

Call Center
A Call Center is a centralized facility used by companies to handle customer interactions and inquiries,
R
typically over the phone. Call centers are equipped with trained customer service representatives who provide
assistance, resolve issues, and answer questions. They often use computer-telephony integration systems to
FO

efficiently manage incoming calls. In addition to voice-based services, many call centers now also support
email, chat, and social media interactions. Call centers play a crucial role in maintaining customer satisfaction
and loyalty by providing timely and effective support.

Telex
T

Telex, short for "tele printer exchange," is a now largely obsolete communication system that was widely used
from the 1920s to the 1980s. Telex was once an essential communication tool used for transmitting financial
O

messages and instructions. Before the advent of modern electronic banking systems, Telex was the primary
means for banks to communicate cross-border transactions, issue letters of credit, and settle international trade
N

deals. The system allowed for real-time communication between banks, facilitating efficient and secure
financial transactions. However, with the development of more advanced and secure communication
technologies, Telex has been largely replaced by systems like SWIFT in the banking sector.

SWIFT
SWIFT (Society for Worldwide Interbank Financial Telecommunication) is a global messaging network that
enables secure and standardized communication between financial institutions. It facilitates the exchange of
financial messages, such as payment instructions and transaction notifications, across borders. SWIFT ensures
the reliability, security, and efficiency of international financial transactions, playing a crucial role in global
finance.
CHIPS
CHIPS (Clearing House Interbank Payments System) is a large-value wire transfer system used primarily for
international and domestic financial transactions. It is operated by The Clearing House, a private-sector
financial institution. CHIPS streamlines the movement of funds between banks, enabling swift, secure, and
cost-effective processing of large-dollar transactions. It plays a vital role in the global financial system,
ensuring that funds are transferred efficiently and with minimal risk, facilitating international trade and
commerce.

FEDWIRE
FEDWIRE is a real-time gross settlement funds transfer system operated by the United States Federal Reserve

LE
Banks. It is used for large-value, time-sensitive payments and enables financial institutions to transfer funds
both domestically and internationally. FEDWIRE provides immediate finality of payments, ensuring funds
are quickly and securely transferred between banks. It plays a crucial role in the smooth functioning of the
financial system, supporting liquidity management, and facilitating the settlement of large transactions.

SA
Internet Payment Gateway
An Internet Payment Gateway is a service that facilitates online transactions by securely transmitting payment
data between the customer's bank and the merchant's bank. It acts as an intermediary, verifying the customer's
R
payment information, ensuring sufficient funds are available, and completing the payment process. Payment
gateways are essential for e-commerce businesses, providing a secure and efficient method for processing
FO

credit card and other electronic payments. They enhance the online shopping experience by offering
convenience and security to both customers and merchants.

Phishing
Phishing is a cybercrime in which attackers deceive individuals into revealing sensitive information, such as
T

usernames, passwords, and financial details, by impersonating a trustworthy entity. Typically conducted
through fraudulent emails, messages, or websites, phishing schemes often appear legitimate, enticing victims
O

to interact with malicious links or attachments. Successful phishing attacks can lead to identity theft, financial
loss, and unauthorized access to personal accounts. Awareness and vigilance are essential in protecting oneself
N

against phishing threats.

Two‐factor authentication
Two-factor authentication (2FA) is a security measure that requires a user to provide two separate forms of
identification before gaining access to an account or system. In addition to a password or PIN (something the
user knows), 2FA often involves a second factor, such as a temporary code sent to a mobile device (something
the user has) or a biometric feature like a fingerprint (something the user is). 2FA enhances security by making
it more difficult for unauthorized users to gain access to sensitive information.
Review Questions

1. Multiple Choice Questions (MCQ)


i) Which one is not an Alternative Delivery Channel?
a) ATM b) Branch c) Agent Banking d) Internet Banking
ii) In which device, cash can be deposited by the customer?
a) ATM b) POS c) CRM d) UPS
iii) Which protocol is used in ATM to communicate with a Switch?
a) TCP/IP b) LAN c) NDC+ d) C++

LE
iv) Which bandwidth is required for ATM communication?
a) 64 kbps b) 1 Gbps c) 16 kbps d) 512 kbps
v) Why a card become a hot card and thus captured by ATM?

SA
a) Insufficient cash in ATM b) Insufficient balance in account
c) Wrong PIN used 3 times d) Wrong amount inserted 3 times
vi) Which of the following is a card fraud?
a) Skimming b) Clustering c) Replication d) Encryption
R
vii) Which of the following is not a POS transaction?
a) Sale b) Void c) Refund d) Buy
viii) Pre-authorization transaction in POS is usually used in which merchant?
FO

a) Electronic b) e-commerce c) Hotel d) Grocery


ix) The printer used in a POS terminal is called:
a) Dot Matrix b) Laser Jet c) Vacuum d) Thermal
x) The Bank which issue a credit card is called:
a) Issuer b) Acquirer c) Merchant d) Branch
T

xi) Off-us transactions are also called:


O

a) Not on-us b) Remote on-us c) Remote off-us d) None of the above


xii) Which one is not a debit card income?
a) Issuance fee b) Renewal fee c) Replacement fee d) Late payment fee
N

xiii) Internet Banking is also known as:


a) Online banking b) Branch banking c) Smart banking d) Home banking
xiv) Which of the following is not a P2B transaction?
a) Uility Bills Payment b) Mobile TopUp
c) Merchant Payment d) Income Tax Payment
xv) Which of the following is not a category of Swift customer?
a) Member b) Sub-member c) Participants d) Principal
member
2. Fill in the gap(s)

i)In case of cash non-dispensed from ATM, the cardholder should report to card issuing bank

ii) Bangladesh Bank is the 2nd generation member of use groups of SWIFT in
Bangladesh.

iii) BACH has two components: a) BACPS and b) BEFTN

iv) BEFTN went live on February, 2011

v) There are two types of ATMs: Lobby Type and Through-The-Wall type.

LE
vi) EMV stands for Europay-MasterCard-Visa.

vii)ATM safe is available in two standards: UL and CEN.

SA
viii) The captured cash of ATM is stored in reject bin.

ix) POS stands for Point of Sale.

x) A POS terminal can communicate with Data Center using PSTN or GPRS.
R
xi) Recording of information on the magnetic strip is called Encoding.
FO

xii) In the EMVCo, Amex, JCB, MasterCard and VISA each have 25% share.

xiii) Phishing is collection of user PIN by presenting a fake web-site address to the user.

xiv) Buying and selling of goods and services over internet is called E-commerce.
T

xv) SWIFT stands for Society for Worldwide Interbank Financial Telecommunication.
O

xvi) BEFTN stands for Bangladesh Electronic Fund Transfer Network.


N

xvii) RTGS stands for Real Time Gross Settlement.


Module-D:
ICT Security, Cyber
Security, ICT Risk
Management,
Standards, Regulations
and
Legal Framework

LE
ICT Security, Cyber Security,
ICT Risk Management,
Security Standards and
Regulations,

SA
Guideline on ICT Security for
Scheduled Banks and Financial
Institutions published by the

Central Bank of Bangladesh,


R
PCI-DSS, BS 7799 and ISO
27000, Legal framework in
FO

Bangladesh (Cyber Law, ICT


Act etc).
T
O
N
1. What is the difference between ICT Security and Cyber Security?
Answer:

LE
SA
2. Why Data Centers are very important part of ICT risks?
Answer: A key benefit of a data center is the ability to centralize data management. Businesses can
store all their data in one place, making it easier to manage and analyze, improving efficiency, reducing
R
duplication of effort, and providing better insights into business operations. From simple breakdown
to a major one in data center system can cause Hugh financial and operation loss for any institution.
Because of the critical role that data centers play in the operation of organizations and the significant
FO

risks associated with them, it is essential for organizations to implement robust risk management
strategies to protect their data centers and the valuable data they house.

3. Narrate Business Continuity Threats, Classify Business Discontinuity.


Answer:
T

 Business Continuity Threats: Business continuity risk refers to threats or risks that disrupt
the functioning of a business. This is one kind of threat occurs from server or equipment failure
O

in the Data Center for which the system remains unavailable to the users and customers.
 Classification Business Discontinuity: The business discontinuity may be classified as under:
N

 Simple Breakdown: System may remain unavailable for a few minutes to hours.
 Major Shutdown: System may remain unavailable for several hours or weeks.
 Data Center Collapsed due to Natural Calamity like Earthquake, Flood and Cyclone:
The system may remain unavailable for a week to months.

4. Describe different types of Internal Threats.


Answer:

 Unsatisfied or Corrupt Employee: Corrupt employees of a bank can steal data or information
and handover to the hackers.
 Database Breaching: a data breach exposes confidential, sensitive, or protected information
to the hackers.
5. List different threats related to MFS and their remedies.
Answer:

 MFS Threats:

 SIM Cloning and withdrawal of money from MFS customer’s account


 Extortion / Blackmailing /Deceiving / Making Fool of MFS customers
 Receiving bribe, collection of money for human trafficking & drug selling, terrorist
financing using MFS
 Digital Hundi using MFS and as a result country is deprived of foreign currency
 MFS Threats Remedy:

 MFS provider allows the account to operate only after receiving a call from the genuine

LE
SIM holder.
 NID verification before activation of MFS account
 Properly filled-up KYC
 Awareness campaign can help to educate customer not to be deceived.
 NID Verification before activation of MFS account

SA
 Arresting OTC (Over The Counter) Transactions
 Use of Sanction Screening System & Transaction Monitoring Software
 Cash-out may be made through a registered bank account with any bank.

6. Describe ATM Skimming and POS Skimming? Where you can use the anti-
skimming device?
R
Answer:
FO

 ATM Skimming: Skimmers attach a device on the card slot of an ATM and collect card
information. A camera is used to record ATM PIN. Then the fraudster creates a duplicate card
(called card cloning) using the collected information and withdraws money from ATM using
the card and PIN.
 POS Skimming: Some corrupted salesman in super shops also keep skimming device under
his table and sweep the customers card in the skimming device before he really use it in the
T

POS terminal on the table.


 Remedy: Anti-Skimming device in the ATM can prevent copying card data to a Skimming
O

device. Skimming device can’t copy data from chip of a debit or credit card.

7. What is ATM Jackpotting?


N

Answer: If hackers can gain control of the ATM controller (called Switch), he can send signals to the
ATM machine which indicates that ATM has to dispense money. In this way, the ATM start dispensing
money without any card and an associate of the hacker collects the cash and go away. This is called
ATM Jackpotting.

8. How fraud occurs in e-commerce?


Answer: A fraudster can simply enter the stolen credit card information (name, billing address, card
number, expiry date, and CVV number) to an e-commerce to purchase an item and the e-commerce
store treats it as a valid transaction because the card does not need to be present for the transaction to
go through. Unfortunately in such cases, the e-commerce business ends up absorbing the cost of the
fraud, which affects revenue.
9. Describe following cyber treats: DDos, Ransomware and Malware.
Answer:

 Distributed Denial of Service (DDoS): A DDoS attack is done by fraudster to shut down a
website, machine or network of a bank, making it inaccessible to its clients.
 Ransomware: Ransomware is a type of malicious software that blocks access to the users in
to their system or computer unless a ransom is paid.
 Malware: Malware is a software that is specifically designed to disrupt, damage, or gain
unauthorized access to a computer system.

10. What is hacking? How money is unauthorized transferred from the client’s
account by the Hackers?
Answer: Hacking is the unauthorized access to or control over computer network security systems for
some illegal purpose. Hacking involves a variety of specialized skills, most of which are very

LE
technical. Others are more psychological.

 Unauthorized transferred: The hacker constantly tries to gain access to the banking system
for years together. If he can find a loophole in the security system, using that loophole the

SA
hacker gets access in to the banking network. Then he transfers fund from a customer’s account
to another bank account or withdraw money directly from the hacked account.
11. Why Swift and Credit Card is in the risk of cyber treat in Bangladesh?
Answer: SWIFT system and Credit Card System maintain customer’s balance in USD which is
convertible from anywhere in the world. In Bangladesh, virtual world is not that much secure as it
R
should be. A talented hacker can easily manipulate our cyber security and find its weakness and loop
holes. With that in hand hacker can transfer clients fund to any foreign account and withdraw money
directly or indirectly. This is why Swift and Credit Card is in the risk of cyber treat in Bangladesh.
FO

12. Do you think that Crypto-currency is threat? Why?


Answer: Yes I think Crypto-currency is threat, because it is used for payment of various illegal
activities such as for buying drugs and other illegal goods, payment of ransom, transfer of money
against human trafficking and payment to organized terrorist groups. The main threat of Crypto-
currencies is the Money Laundering and Terrorist Financing (MLTF) not only that the owner of a
T

Crypto-currency remains anonymous because no KYC is done for the user. By knowing this I can
summarized that this currency is a threat.
O

13. Put your suggestions to minimize ICT risk and Cyber Treats.
Answer: To minimize the threats arises from Banking Automation, it is required by the banks to setup
N

an independent IT Security Department. Also the Banks need to ensure the followings:

 Setting up Data Center, DRS and Near Data  Not to use pirated software,
Center  Updating drivers regularly,
 Setting up well-structured IT infrastructure,  Reviewing patches regularly,
 Obtaining PCI-DSS and ISO27K certification,  Taking measures to stop zero-day
 Placing and configuring the following network attracts, and
equipment properly  Regularly investigating with Cyber
 Firewall Security experts
 IPS  Conducting employee awareness
 WAF (web application firewall) program,
 Email security gateways
 Web Security gateways,
14. Differentiate between Security Standards and Regulations.
Answer:

 Security Standards: IT security standards or cyber security standards are techniques generally
outlined in published materials that attempt to protect the cyber environment of a user or
organization. It’s a set of rules which an enterprises may follow to improve their IT security.
 Regulations: In simple terms, a regulation is a set of rules outlined by the government that
must be followed as a minimum standard. Rules which an enterprise must follow to avoid
penalties.

15. Name three popular Regulations.


Answer:

LE
 Sarbanes-Oxley Act of 2002 (SOX): Internal controls and financial disclosures
 Gramm-Leach- Bliley Act of 1999: Security of customer records
 Health Insurance Portability and Accountability Act (HIPAA): Personal health
information in electronic form

SA
 BS7799 / ISO 17799: Information Security Management System (ISMS) of any enterprise
 Guideline on ICT Security for schedule Banks and Financial Institutions: Security of IT
assets and customer data
 PCI-DSS: Securing flow and storage of card related data and information
 ISO 27000: ICT systems of any enterprise
R
16. Why Banks should acquire “Certification” on popular “Security Standards”?
Answer: Banks should acquire Certification on Security Standards for the following reason:
FO

 Serves as a guarantee that the organization secure at all levels


 Demonstrates the due diligence of its administrators
 Demonstrates to competent authorities
 Observes all applicable laws and regulations
T

 Leads to a better knowledge of information systems


 Ensures a more dependable availability of both hardware and data.
O

 Certification can help set a company apart from its competitors

17. Write ten important points covered in the guideline on “ICT Security for
N

scheduled Banks and Financial Institutes” published by the Bangladesh Bank.


Answer:

 ICT Governance  Cloud Security Management


 ICT Risk Management  Identity and Access Management
 ICT Service Delivery Management  Acquisition and Development of
Information Systems

 Infrastructure Security Management  Digital Payment Security


 Cyber Security Management  Service Provider Management
18. As per ICT guidelines of Bangladesh Bank,
I. Narrate the roles and responsibilities of Board of Directors.
Answer:

 Approving ICT strategy and policies;


 Ensuring that the management has placed an effective planning process;
 Endorsing that the ICT strategy is indeed aligned with the business strategy;
 Ensuring that the ICT structure complements the business model and its direction;
 Ensuring ICT investments represent a balance of risks and benefits with acceptable budgets;
 Ensure Accountability;
 Ensure compliance status of ICT Security Policy.

II. Narrate the roles and responsibilities of ICT Steering Committee.

LE
Answer:

 Monitor the progress of achieving IT related strategic goals;


 Aware of exposure towards ICT risks and controls;

SA
 Provide guidance related to risk, funding, or sourcing;
 Ensure project priorities and assess feasibility for ICT proposals;
 Consult and advise on the selection of technology maintaining standards;
 Ensure compliance with regulatory and statutory requirements;
 Ensure ICT architecture reflects the need for legislative and regulatory compliance.
R
III. Narrate the roles and responsibilities of ICT Security Committee.
Answer:
FO

 Ensure development and implementation of ICT security objectives, ICT security and risk
related policies and procedures;
 Provide ongoing management support to the Information Security processes;
 Ensure continued compliance with the business objectives, regulatory and legal requirements
T

related to ICT security;


O

 Support to formulate an ICT risk management framework/process and establish acceptable


ICT risk thresholds/ICT risk appetite and assurance requirements;
N

 Periodic review and provide approval for modification in ICT Security processes.

IV. What is ICT Risk Governance? e) What do you know about Change
Management?
Answer:

 ICT Risk Governance: ICT Risk Governance refers to the set of practices and processes used
to identify, assess, manage, and monitor risks associated with the use of information and
communication technologies within an organization. The goal of ICT risk governance is to
ensure that the organization's ICT assets are secure, reliable, and available when needed, while
also complying with relevant laws, regulations, and policies.
 Change Management:

 Changes to information processing facilities and systems shall be controlled.


 The organization must keep up with all required change management documents
 Any business application modifications must follow a formal, documented process
that includes all relevant change information.
 Audit trails shall be maintained for business applications.
 The Organization shall prepare rollback plan for unexpected situation.
 User Acceptance Test (UAT) for changes and upgrades in application shall be
carried out before deployment.
 User Verification Test (UVT) for post deployment may be carried out.

V. What is Incident Management? What is BYOD?


Answer:

LE
 Incident Management: An incident is an event that could lead to loss of, or disruption to, an
organization's operations, services or functions. Incident management (IcM) is a term
describing the activities of an organization to identify, analyze, and correct hazards to prevent
a future re-occurrence.

SA
 BYOD: Bring your own device also called bring your own technology (BYOT), bring your
own phone (BYOP), and bring your own personal computer (BYOPC) it refers to being
allowed to use one's personally owned device, rather than being required to use an officially
provided device.
R
VI. What do you mean by Physical Security of Data Center?
Answer: Physical security of a data center refers to the protective measures taken to prevent
FO

unauthorized access, damage, or theft of equipment and data housed within the facility. This includes
access control systems like biometric scanners and card readers, surveillance cameras, alarm systems,
secure doors and windows, and environmental controls to protect against fires, floods, and other
disasters. Ensuring the physical security of a data center is crucial to safeguard the data and IT
infrastructure critical to an organization's operations.

VII. Why email management is important? What is User Access Management?


T

What is Business Continuity Plan?


Answer:
O

 Importance of E-mail management: Email management is important because it ensures


efficient communication, reduces clutter, and enhances productivity. It helps in organizing,
N

prioritizing, and categorizing emails, making it easier to find and respond to critical messages
promptly. It also reduces the risk of data breaches by securing sensitive information and
preventing spam and phishing attacks. Proper email management can also aid in legal
compliance by maintaining records of important correspondence. Overall, it streamlines
workflows and keeps the inbox manageable, leading to a more organized and focused work
environment.

 User Access Management: User Access Management (UAM) is the process of identifying,
tracking, controlling and managing a specified users' access to a system or application.

 Business Continuity Plan: It is a system of prevention and recovery from potential threats to
a company. It is a document, which contains information about managing business assets, such
as HRM and supplies and equipment, data backups, business partners, key personnel, etc.
VIII. What is Disaster Recovery Plan? What points to be considered during In-
house Software Development?
Answer:

 Disaster Recovery Plan: Disaster Recovery Plan is an essential strategy that defines the steps
to be taken in the event of an unexpected disaster that disrupts normal business operations. It
helps organizations minimize the impact of a disaster on their operations, assets, and
employees and to resume normal business functions.

 Rules for In-house Software Development:

 Software and systems shall be established and applied to developments within the
organization.
 Ensure secure software development processes based on industry standards like

LE
OWASP Development Guide or SANS coding guide etc.
 Developed functionality according with design specification and documentation.
 Software Development Life Cycle (SDLC) shall be followed and conducted in the
development and implementation stage.

SA
 Source code must be available with the concerned department and kept secured.
 Source code shall contain title area with author name, date of creation, last date of
modification and other relevant information.
 Changes to systems within the development lifecycle shall be controlled using
formal change control procedures.
R
 The whole system development lifecycle must be established and properly
protected by organizations.
FO

 Necessary Regulatory Compliance requirements must be taken into account by the


organization.
IX. What security mechanism should be undertaken by banks to secure its
Internet Banking System?
Answer:
T

 Ensure that online access and transactions made over the internet are sufficiently safeguarded
O

and authenticated
 The Organization shall implement a strong password policy
 Evaluate security requirements associated with its internet banking system
N

 Formulate Security policy by considering technology security aspects and operational issues
 Ensure that information processed, stored or transmitted between the bank and its customers
is accurate, reliable and complete.
 Implement appropriate processing and transmission controls to protect data integrity
 Implement Multi-Factor Authentication (MFA) for all types of online financial transactions.
 Online session needs to be automatically terminated after a fixed period unless the customer is
re-authenticated
 Implement monitoring or surveillance systems to follow-up abnormal system activities
transmission errors or unusual online transactions.
 Take appropriate measures to minimize exposure to any kind of attacks such as man-in-the-
middle attack (MITMA).
X. What security mechanism should be undertaken by banks to secure its
Credit Cards?
Answer:

 Sensitive card data should be encrypted both in storage and transmission to maintain
confidentiality and integrity.
 Sensitive or confidential information should be processed in a secure environment.
 The organization should perform the authentication of customers' sensitive static information,
such as PINs or passwords, not a third-party payment processing service provider.
 Regular security reviews should be performed on the infrastructure and processes being used
by service providers.
 Equipment used to generate payment card PINs and keys should be managed securely.
 Payment cards and related PINs should be sent to the customer securely.
 Card personalization, PIN generation, Card distribution, PIN distribution, Card activation

LE
groups should be segregated from each other.
 The organization must comply with industry security standards like PCI DSS.
 New payment cards should only be activated upon obtaining both the customer's
acknowledgment and call confirmation/OTP verification.

SA
 Cards should be captured if the wrong password is attempted more than three times.
 Undelivered and inactivated cards should be destroyed within a stipulated period.
 Promptly notify cardholders via transaction alerts including source and amount for any
transactions made on their payment cards.
 Set out risk management parameters based on the risks posed by cardholders, the nature of
transactions, or other risk factors to enhance fraud detection capabilities.
R
 Implement solutions to follow up on transactions exhibiting behavior that deviates significantly
from a cardholder's usual card usage patterns, and investigate and obtain cardholder
authorization before completing such transactions.
FO

19. What is PCI-DSS? Why Banks should undertake PCI-DSS certification?


Answer: The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of
policies and procedures intended to optimize the security of credit, debit and cash card transactions
and protect cardholders against misuse of their personal information.

 PCI-DSS certification: Banks should undertake PCI-DSS certification to ensure the security
T

of cardholder data, protect against data breaches, and build customer trust. The certification
demonstrates compliance with industry security standards, which is essential for safeguarding
O

sensitive financial information. It also helps in avoiding financial penalties, legal


consequences, and reputational damage associated with non-compliance. Moreover, PCI-DSS
certification is often a requirement for processing payment card transactions, making it crucial
N

for banks to operate efficiently and securely in the financial industry.

20. What is BS 7799? Write history of BS 7799.


Answer: BS7799 is a British Standard that defines “code of best practices” for an Information Security
Management System (ISMS). BS7799 is an open framework that would be applicable to any enterprise
interested in improving security.

 History: BSI's BS 7799, developed in the 1990s, was officially adopted in 1995 as a standard
for information security. ISO adopted its first part as ISO 17799 in 2000. A revised version in
1999 and 2002 ensured alignment with other management standards. Ongoing international
consultations aim to keep BS 7799/ISO 17799 current with the latest developments in
information security.
21. What is ISO 27001? Write Why banks should acquire certification on ISO 27001
standard? What are the 14 domains of ISO 27001?
Answer: ISO 27001 is the international standard that provides the specification for an information
security management system (ISMS). ISO 27001 is technology and vendor neutral and is applicable
to all organizations irrespective of their size, type or nature. The Standard is designed to help
organizations manage their information security processes in line with international best practice while
optimizing costs.

 Benefits of ISO 27001:

 Secures your information in all its forms


 Increases resilience to cyber attacks
 Provides a centrally managed framework

LE
 Offers organization-wide protection
 Helps respond to evolving security threats
 Reduces costs associated with information security
 Protects confidentiality, availability and integrity of data

SA
 Improves company culture

 14 domains of ISO 27001:

Operations security Information security policies


Supplier relationships Communications security
R
Human resource security System acquisition, development and maintenance
Asset management Organization of information security
FO

Access control Information security incident management


Cryptography Information security aspects of business continuity management
Compliance Physical and environmental security

22. What is a Cyber Law? Narrate any five of the Cyber Crime activities.
Answer: Cyber law is the area of law that deals with the Internet's relationship to technological and
T

electronic elements, including computers, software, and hardware and information systems (IS). Cyber
law is also known as Cyber Law or Internet Law.
O

 Cyber Crimes:
N

 Unauthorized access & Hacking: Means any kind of access without the permission
of either the rightful owner or the person in charge of a computer, computer system or
computer network.
 Trojan Attack: A Trojan comes attached to what looks like a legitimate program,
however, it is actually a fake version of the app, loaded up with malware.
 Virus and Worm attack: A program that has capability to infect other programs and
make copies of itself and spread into other programs is called virus.
 E-mail related crimes:

Email proofing Sending malicious Sending threatening emails

Email Spamming Defamatory emails Email frauds


 Denial of Service (DoS) attacks: Flooding a computer resource with more requests
than it can handle.
 Banking/Credit card Related crimes: Use of stolen card information or fake
credit/debit cards is common.
 E-commerce/ Investment Frauds: E-commerce fraud refers to any type of fraudulent
activity that takes place online through an e-commerce platform or website. This can
include activities such as unauthorized use of credit card information, chargebacks,
fake transactions, and more.
 Identity Theft: Identity theft occurs when someone appropriates another's personal
information without their knowledge to commit theft or fraud.
 Breach of Privacy and Confidentiality: Breach of privacy means unauthorized use
or distribution or disclosure of personal information like medical records, sexual

LE
preferences, financial status etc.

23. Describe ICT Act and mention applicable fields of ICT Act-2006.
Answer: The main objectives of the Information and Communication Technology Act-2006 are to:

SA
 Eliminates barriers to e-commerce,
 Promotes legal and business infrastructures to secure e-transactions,
 Facilitates electronic filing in government agencies,
 Ensures efficient delivery of electronic records from government offices,
 Help maintain the latest technology by freeing it from nuisance as punitive provisions
publishing obscene or defamatory information in electronic form,
R
 Ensures ten years imprisonment and a fine of up to Taka 10 million (Tk.1.00 Crore) or both,
for the cyber offenders
 Powers of Police Officers and Other Officers,
FO

 Establishment of Cyber Appellate Tribunal.


Applicable fields of ICT Act-2006

A Negotiable Instrument
The creation, performance or enforcement of a power of attorney
T

A Trust
A Will
Any Contract for the Sale or Conveyance of Immovable property or any interest in such
O

property
 Documents of title
 Any such class of documents or transactions as may be notified by the Government in the
N

Official Gazette.

24. Write Clause-56: Hacking with Computer System.


Answer:

I. Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage
to the public or any person, destroys or deletes or alters any information residing in a computer
resource or diminishes its value or utility or affects it injuriously by any means, commits
hacking.

II. Whoever commits hacking shall be punished with imprisonment up to ten years, or with fine
not exceeding Taka one crore, or with both.
Review Questions

1. Multiple Choice Questions (MCQ)

i) Near Data Center (NDC) is built in -------- for quick start of operation in case of major or minor
breakdown in Data Center (DC).
a) Same City b) Different City c) Same Seismic Zone d) Different Seismic Zone

ii) Which of the following is a major IT shutdown?


a) Database Corrupted b) Server non-functioning c) UPS is not working d) Cooling system
is out of order

LE
iii) Which of the following is a remedy for Application Server non-functioning?
a) Active-active clustering b) Network Load Balancing c) Redundant UPS d) Active-
Standby System

SA
iv) To prevent unauthorized use of cards in an e-commerce site, Card issuing bank deliver a -----
token to the cardholder for use during e-commerce transaction.
a) OTP b) 2FA c) POS d) ATM

v) Ransomware is a type of malicious software that block access to users in to their IT system
R
unless a -------- is paid.
a) Dollar b) Bitcoin c) Ransom d) Taka
FO

vi) A ------- is first sent to many employees of a bank as attachment of a email narrating
attractive offeres.
a) Hacker b) Database c) Router d) Malware

vii) Phishing is presenting a -------.


T

a) fake email b) fake website c) fake credit card d) fake password


O

viii) Which of the following is not a crypto currency?


a) Bitcoin b) Ether c) Router d) Petro
N
2. Fill in the gap(s)

i) For the first time, IT professionals started protecting their database and network placing
firewall on the network.

ii)To keep the data safe and available in case of any disaster, IT professionals built Disaster
Recovery Site (DRS) and Near Data Center (NDC).

Unsatisfied employee or corrupt employees may steal data and handover to the hackers.

LE
iii)

iv) Duplicating a credit card by fraudster is called card cloning.

SA
v)A chip card can prevent skimming of cards in ATM.

vi) Corrupted salesman are engaged in POS skimming.

vii) DDoS attack is done by attackers to shut down a website.


R
viii) SWIFT system and Credit Card system maintain balance in USD and are most vulnerable to
FO

hacking.
T
O
N
Module-E: Document
Handling Systems,
Additional Banking
Applications & Other
Aspects

LE
Cheque Processing Systems
such as Clearing and
Settlement Systems, MICR,
RTGS, BACH (BACPS & BEFTN)

SA
and additional Banking
Applications like ERP
Software, CRM Software, E-
mail software, Anti-Virus and
anti-malware software.
R
FO
T
O
N
1. What is a Cheque Processing System? Name four clearing systems that are in
operation in Bangladesh.
Answer: Cheque Processing System is the process of moving a check and its accompanying funds
from an account with one bank to an account with a different bank. In short is a means by which funds
are transferred among financial institutions, businesses, and persons.

I. At present, four clearing systems are operating in Bangladesh. They are:


II. Bangladesh Bank's Clearing Houses in Dhaka and its branches in seven other cities;
III. Sonali Bank's clearing Houses in 31 cities where there are no BB branches;
IV. The BB large value cheque settlement system; and
V. The Bangladesh Bank Foreign Currency Clearing System in Dhaka which clears and settles
foreign currency cheques and pay orders by the Forex Reserve and Treasury Management
Department (FRTMD).

LE
2. Narrate the conventional cheque clearing process.
Answer: The manual cheque clearing process in Bangladesh involves several steps:

SA
 Deposit of Cheque: The first step in the manual cheque clearing process is the deposit of the
cheque by the payee at their bank.
 Verification of Cheque Details: The bank staff will verify the details on the cheque, such as
the date, the payee's name, the amount in words and figures, the signature of the drawer, and
the cheque number. The bank staff will also check if there are any alterations on the cheque.
 Endorsement and Stamp: If the cheque is for an account payee only, the bank staff will
R
endorse the cheque at the back with the account number of the payee and put the bank's stamp
on it.
 Clearing House: The cheque is then sent to the clearing house, which is an entity where banks
FO

come together to exchange cheques and settle accounts.


 Verification by Drawee Bank: The drawee bank will then verify the cheque, checking the
balance in the drawer's account, the status of the account, and the signature on the cheque.
 Debiting the Drawer's Account: If the cheque is valid and there are sufficient funds in the
drawer's account, the drawee bank will debit the drawer's account with the amount of the
cheque.
T

 Settlement: The amounts are then settled among the banks through the clearing house.
 Credit to Payee's Account: If the cheque is valid and has been cleared, the payee's bank will
O

credit the amount of the cheque to the payee's account.


The manual cheque clearing process in Bangladesh can take several days, depending on the location
N

of the banks involved and the clearing cycle followed by the Bangladesh Bank.

3. Define MICR, Cheque Truncation and RTGS.

Answer:

 MICR: MICR means Magnetic Ink Character Recognition which is a recognition technology
based on characters printed with magnetic ink/toner and processed by being magnetized and
sensed magnetically.
 Security characteristics of MICR cheque:
Watermark Magnetic Ink Erasable Ink Microprint
Chemical sensitivity Invisible UV (Ultra-violet) Fluorescent
 Cheque Truncation: Cheque Truncation is the process of stopping the flow of the physical
cheque issued by a drawer to the drawee branch. The Cheque Truncation System, CTS
visualizes a safe, secured, faster and effective system for clearing of the cheques. The banks
will send the captured images and data to the central clearing house for onward transmission
to the payee/ drawee banks.
 RTGS: Real Time Gross Settlement (RTGS) systems are funds transfer systems where transfer
of money or securities takes place from one bank to another on a "real time" and on "gross"
basis. Real time means no waiting period and Gross settlement means the transaction is settled
on one to one basis without bunching or netting with any other transaction.

4. What is BACH? What are the two parts of BACH? Narrate them.

Answer: Bangladesh Automated Clearing House also known as BACH is the first ever electronic
clearing house of Bangladesh. In BACH transactions received from the banks during the day are

LE
processed at a pre-fixed time and settled through a single multilateral netting figure on each individual
bank's respective books maintained with the Bangladesh Bank.

The project BACH has two components:

SA
 BACPS (Bangladesh Automated Cheque Processing Systems): BACPS (Bangladesh
Automated Cheque Processing System) means a facility that electronically clears cheques and
approves payment items for Bank companies.

 BEFTN (Bangladesh Electronic Funds Transfer Network): Bangladesh Electronic Funds


Transfer Network (BEFTN) is a system of transferring money from one bank account directly
R
to another bank without money changing hands.
FO

5. What is a large value cheque settlement? How this is different than the normal cheque
settlement? What are the current timing in force for different clearing systems?
Answer: Large value cheque or High value cheque means settlement cheque for amounting taka 5.00
(Five) lacs and above. Checks of minimum 500,000 taka can be caught in High Value, this value is
usually settled before 2:30, so the customer's account is credited before the end of the loan, if the
T

customer wishes, he can withdraw from the account before the end of the transaction time.

Large value or High value cheque should be more than 5 lacs where regular value cheque is less than
O

5 lacs. High value cheque get more priority for settlement than regular value cheque.

 HV presentment cutoff time is at 12:00 and the return cutoff is at 15:00


N

 RV clearing presentment cut off time is at 12:30 and return cut off is at 17:00

6. How MICR differs from a bar code? How cheque truncation helps to stop physical
movement of cheque?
Answer: MICR is a character scanning technology but it utilizes magnetic ink and special characters.
MICR is a character recognition technology used primarily by the banking industry to facilitate the
processing of cheques. Bar code is a machine-readable code in the form of numbers and a pattern of
parallel lines of varying widths, printed on a commodity and used especially for stock control.

Cheque truncation is a system where the physical movement of a cheque is replaced by its electronic
image and related information. Cheque truncation drastically reduces the time required for the
payment of cheques and lowers the cost associated with the physical transportation of cheques.
7. What is PBM or participating Bank module in clearing system?
Answer: Participating Bank Module means the software and associated hardware that manages the
transmission and receipt of BACPS Cheque Envelopes, acknowledges receipt and interfaces with
participating Bank’s host systems. The inward processing deals with accepting inward presentment
data and images from the Clearing House and providing data in the form of files for use within the
bank's in-clearing system. The PBM checks the outgoing check envelopes sent by the capture system
against the validation. The PBM provides response files that include details about the acceptance or
rejection along with the contents in each file together with the applicable reason codes.

8. What are the benefits of a cheque truncation system over a traditional cheque clearing
system?
Answer: Some of the benefits of such system are:

LE
 Faster clearing cycle
 Better reconciliation/ verification process
 Better Customer Service, Enhanced Customer Window
 T+0 or T+1 day clearing

SA
 Elimination of Float. Incentive to shift to Credit Push payments
 The jurisdiction of Clearing House can be extended to the entire country
 Operational Efficiency will benefit the bottom lines of banks
 Minimizes Transaction Costs
 Reduces operational risk by securing the transmission route
R
9. What is the basic difference between RTGS and BEFTN?
Answer: The main difference between RTGS & BEFTN are:
FO
T
O
N
10. What is routing number? What are the significance of digits of a routing number?
Answer: Routing numbers are nine-digit numbers that identify the bank or financial institution in a
transaction. Account and routing numbers work together to identify your account and ensure that your
money ends up in the right place. The routing number comprises of 9 digits. The first 3 digits are Bank
codes, next 2 digits are district codes, following 3 digits are branch code and the last digit is the check
digit.

11. Why ERP software is used in banks? Name a few components or modules of an ERP
system. Name two renowned commercial ERP software. Who are manufacturer of
them?
Answer: ERP (Enterprise Resource Planning) is an integrated computer-based system used to manage
internal and external resources, including tangible assets, financial resources, materials, and human

LE
resources.

Module:

 Transactional Backbone  Advanced Applications

SA
 Financials  Customer Relationship Management
 Distribution (CRM)
 Human Resources  Supply chain management software
 Product lifecycle  Purchasing
management  Manufacturing
 Distribution
R
 Management
 Warehouse Management System
Portal/Dashboard
 Decision Support
FO

System
In a Bank, the following modules may be useful:

 Human Resources Management (HRM)


 Customer Relationship Management (CRM)
 Supply chain management
T

 Purchasing
 Distribution
O

 Warehouse Management (Asset Management)

Components of an ERP System:


N

Manufacturing Financials Human resources Data services

Supply chain Project Customer Access control


management management relationship
management

Renowned ERP Software:

 SAP Enterprise Resource Planning (SAP ERP) software form SAP (Systems Analysis and
Program development)
 PeopleSoft ERP from Oracle
12. What are the advantages and disadvantages of ERP system?
Answer:

Advantages:
 Allows easier global integration
 Updates only need to be done once to implemented company-wide
 Provides real-time information, reducing the possibility of redundancy errors
 May create a more efficient work environment for employees
 Vendors have past knowledge and expertise on how to best build and implement a system
Disadvantages:
 Locked into relationship by contract and manageability with vendor –
 Inflexibility

LE
 Return on Investment may take too long to be profitable
 Implementations have a risk of project failure

13. Why a CRP software is used in a bank? Brief in short the fields of application of a

SA
CRM software.
Answer: CRM (Customer relationship management) is a widely-implemented strategy for managing
a company’s interactions with customers, clients and sales prospects. It involves using technology to
organize, automate, and synchronize business processes not only principally sales activities, but also
those for marketing, customer service, and technical support. Bank and other financial institutions has
R
service oriented business where it has to maintain certain relationship clients. CRM helps to run those
business smoothly and resolve any kind of issues arise from it.
FO

The three phases in which CRM support the relationship between a business and its customers are to:

 Acquire: CRM can help a business acquire new customers through contact management,
selling, and fulfillment.
 Enhance: web-enabled CRM combined with customer service tools offers customers service
from a team of sales and service specialists, which offers customers the convenience of one-
T

stop shopping.
 Retain: CRM software and databases enable a business to identify and reward its loyal
O

customers and further develop its targeted marketing and relationship marketing initiatives.
Fields of application:
N

 Sales force automation: Sales force automation (SFA) involves using software to streamline
all phases of the sales process, minimizing the time that sales representatives need to spend on
each phase.
 Marketing: CRM systems for marketing help the enterprise identify and target potential
clients and generate leads for the sales team.
 Customer service and support: CRM helps them improve their clients’ experience while
aiming to increase efficiency and minimize costs.
 Analytics: Applications for sales, marketing, and service generally included useful analytics
capabilities.
 Integrated/Collaborative: CRM enabled more fluidity and cooperation across sales, service,
and marketing.
14. Narrate the importance of an email software. Narrate in brief the four commercially
used email systems?
Answer: Electronic mail, commonly called email or e-mail, is a method of exchanging digital
messages across the Internet or other computer networks. Email is important for communication
because it allows users to send information in letter format, and email replaced traditional mail options.
Emails can be more beneficial for communication because they can often include text, documents and
multimedia, like photos and videos. Email is important because many people may use it daily to
communicate with others and learn more about businesses. Because email is free and available across
different platforms, almost anyone can have an email address. This can be an effective and safe way
for team members to communicate, especially when some members of the team are remote or not in
the office.

Popular E-mail System:

LE
 Send mail: The Simple Mail Transfer Protocol (SMTP), which is used for email transit over
the Internet, is supported by the general-purpose internetwork email routing service known as
Send mail.
 Q-mail: Q-mail is a mail transfer agent (MTA) that runs on UNIX. It a more secure

SA
replacement for the popular Send mail program.
 Microsoft Exchange Server: Microsoft Exchange Server is the server side of a client–server
consist of electronic mail, calendaring, contacts and tasks which supports for mobile and web-
based access to information; and support for data storage.
 Lotus Domino: IBM Lotus Domino software is a world class platform for critical business,
R
collaboration, and messaging applications.

15. What is the difference between Virus and Malware? Name a few available Virus and
FO

Malware.

Answer:

 Virus:
T

 Crypto Locker
 I Love You
O

 My Doom
 Storm Worm
 Anna
N

Kournikova

 Malware:
 Ransomware
 File Less
 Spyware
 Adware
 Trojan
16. How an anti-virus software and an anti-malware software differs from each other?
Name five of each of the anti-virus software and an anti-malware software.
Answer:

LE
SA
R
FO

Anti-virus software: Mcafee, Kaspersky, NOD32, Avsat, AVG etc.


Anti-Malware: McAfee, Norton, Kaspersky, Webroot, Avast, Trend Micro
T

FRTMD: Forex Reserve and Treasury Management ERP: Enterprise Resource Planning
O

Department IDS: Intrusion Detection System


MICR: Magnetic Ink Character Recognition SAP: Systems Analysis and Program development
N

CTS: Cheque Truncation System CRM: customer relationship management


PKI: Public Key Infrastructure PRM: Prospect Relationship Management
PBM: Participating Bank Module SMTP: Simple Mail Transfer Protocol
RTGS: Real Time Gross Settlement CTI: computer telephone integration
DNS: Domain Name System SFA: Sales force automation
BACH: Bangladesh Automated Clearing House MUA: mail user agent
BACPS: Bangladesh Automated Cheque ISP: internet service provider
Processing Systems
BEFTN: Bangladesh Electronic Funds Transfer POP3: Post Office Protocol
Network CAL: Client Access License
SHORT NOTE
MICR (Magnetic Ink Character Recognition)
MICR is a character scanning technology but it utilizes magnetic ink and special characters. MICR is a
character recognition technology used primarily by the banking industry to facilitate the processing of
cheques.
MICR Feature/Characteristics: Security characteristics of MICR Cheque:
 Payer institution area  Watermark

LE
 Payee & legal amount area  Magnetic Ink
 Account title  Erasable Ink
 Cheque number & Date area  Microprint
 Convenience amount  Invisible UV (Ultra-violet) Fluorescent

SA
 Chemical sensitivity

Area Digit
Cheque serial number 07
Routing number 09 Bank code - 03
R
District code - 02
Branch code - 03
FO

Cheque Type - 01
Account number 13
Transaction code 02
Total 31
T

Cheque truncation
O

Cheque truncation is a process that eliminates the need for physical movement of cheques between banks. It
involves capturing and transmitting electronic images and relevant information related to the cheque, such as
the MICR fields, date, and payee name. This digital exchange of cheque data accelerates the clearance process,
N

reduces handling costs, and minimizes the chances of fraud. Cheque truncation enhances operational
efficiency, improves customer experience, and contributes to the overall modernization of the banking sector.

Real Time Gross Settlement (RTGS)


Real Time Gross Settlement (RTGS) is an electronic funds transfer system that enables the instant settlement
of interbank transactions. Unlike batch processing systems, RTGS processes and settles transactions
individually, in real-time, throughout the business day. This ensures immediate liquidity, reduces credit risk,
and enhances the speed and efficiency of financial transactions. RTGS is crucial for high-value, time-sensitive
payments, facilitating smooth financial operations, and contributing to the stability of the banking
infrastructure.
BACH (Bangladesh Automated Clearing House)
Bangladesh Automated Clearing House is an electronic system used for the clearing and settlement of
financial transactions in Bangladesh. It allows for the automated processing of various types of payments,
such as cheques, direct debits, and electronic funds transfers, which helps to reduce the time and cost
associated with manual processing. BACH plays a crucial role in enhancing the efficiency and reliability of
the financial infrastructure in Bangladesh.

Bangladesh Automated Cheque Processing Systems (BACPS)


The Bangladesh Automated Cheque Processing Systems (BACPS) is a part of the Bangladesh Automated
Clearing House (BACH) system. It is designed to handle the clearing and settlement of cheque payments in
Bangladesh efficiently and securely. Under BACPS, the traditional physical exchange of cheques between

LE
banks is replaced by electronic exchange of cheque images and data. This digital information is then
transmitted electronically to the paying bank through BACPS. The system will support both intra-regional
and inter-regional clearings. It forms a vital component of the country's financial infrastructure, enhancing the
overall efficiency of the banking sector.

SA
Bangladesh Electronic Funds Transfer Network (BEFTN)
The Bangladesh Electronic Funds Transfer Network (BEFTN) is a key component of the financial
infrastructure in Bangladesh, designed to facilitate the electronic transfer of funds between banks and other
R
financial institutions. Operated by the Bangladesh Bank, BEFTN allows for fast, secure, and cost-effective
processing of electronic payments, such as credit transfers and direct debits. One of the major benefits of
BEFTN is its ability to facilitate real-time fund transfers, enabling instant transfer of money between
FO

participating banks. This improves liquidity management for businesses and individuals, enhances payment
efficiency, and reduces the settlement risk associated with delayed payments. BEFTN plays a crucial role in
modernizing the payment landscape in Bangladesh, fostering financial inclusion, and driving the country
towards a cashless economy.
T

Enterprise Resource Planning (ERP)


Enterprise Resource Planning (ERP) is a type of software that organizations use to manage and automate their
O

day-to-day activities. It helps streamline processes by collecting, storing, managing, and interpreting data
from various business activities. One of the primary benefits of an ERP system is that it integrates the various
N

functions of an organization into a single, unified system. This integration enables better information flow
and data consistency across the organization, reducing data silos and improving decision-making. Overall, an
ERP system helps organizations increase their efficiency, streamline their processes, and improve their overall
performance, making them more competitive and successful in the long run.

CRM (Customer relationship management)


CRM (Customer relationship management) is a widely-implemented strategy for managing a company’s
interactions with customers, clients and sales prospects. It involves using technology to organize, automate,
and synchronize business processes—principally sales activities, but also those for marketing, customer
service, and technical support. Customer relationship management describes a company-wide business
strategy including customer-interface departments as well as other departments.
E‐MAIL
Email, short for electronic mail, is a digital communication tool enabling users to send and receive messages
over the internet. It has revolutionized the way individuals and businesses communicate, allowing for instant
transmission of text, files, and multimedia. Emails can be formal or informal and serve a wide range of
purposes, from professional correspondence to personal communication. With its ease of use, affordability,
and global reach, email has become an indispensable part of modern communication and collaboration.

Anti‐Virus software
Antivirus software is a critical tool designed to detect, prevent, and remove malicious software from
computers and networks. It scans files, emails, and web traffic for potential threats, such as viruses, worms,
Trojans, and spyware. By employing heuristic analysis, signature-based detection, and behavior monitoring,

LE
antivirus programs help safeguard systems against data breaches and cyber-attacks. Regular updates ensure
that the software remains effective against new and evolving threats, making antivirus essential for
maintaining digital security and protecting sensitive information. There are number of popular antiviruses
available in the market such as MacAfee, Kaspersky, NOD32, Avast, AVG etc. Some antivirus companies

SA
provide web security, email security, desktop management, PC solution, IDS (Intrusion Detection System),
firewall as part of antivirus software package. For example, Kaspersky antivirus comes up with firewall and
email security. Sometimes extra subscription fee is charged for each new module added to the antivirus
software.
R
Anti‐Malware Software
Anti-malware is a comprehensive term that encompasses various software programs designed to detect,
FO

prevent, and eliminate malicious software from computer systems and networks. Unlike traditional antivirus
tools, anti-malware solutions often focus on a wider range of threats, including viruses, worms, Trojans,
spyware, adware, ransomware, and potentially unwanted programs. These applications use various
techniques, such as signature-based detection, heuristic analysis, behavior monitoring, and sandboxing, to
identify and neutralize harmful software. By providing real-time protection and conducting regular system
T

scans, anti-malware tools play a crucial role in maintaining a computer's security and integrity, safeguarding
data, and ensuring optimal performance.
O

Bit‐Coin
N

Bitcoin, the pioneering cryptocurrency, revolutionized digital transactions by introducing a decentralized


system independent of banks or governments. It operates on a block chain, a secure and transparent public
ledger. Bitcoin facilitates peer-to-peer transfers, ensuring privacy and lower transaction costs. Notable for its
price volatility, Bitcoin has become a popular investment and speculative asset. It has also sparked the creation
of numerous other cryptocurrencies and stirred discussions around financial innovation, regulation, and the
potential for a new era of digital currency.
Review Questions

1. Multiple Choice Questions (MCQ)

i) Which of the following is not an instrument cleared through a clearing house?


a) Cheque b)Pay Order c) Dividend d) Gift Voucher

ii) Which of the following is not a part of clearing system?


a) RTGS b) BACH c) BACPS d) ERP

iii) Which of the following is not a component of an ERP system?

LE
a) Manufacturing b) Supply Chain Management c) Human Resources d) Credit Card

iv) Which of the following is not an e-mail system?


a) Sendmail b) Lotus Domino c) Active-Passive Server d) Microsoft Exchange Server

2. Fill in the gap(s)

SA
i) BACPS stands for Bangladesh Automated Cheque Processing Systems and BEFTN stands for
R
Bangladesh Electronic Funds Transfer Network.

BACPS was launched by the Bangladesh Bank in 2010.


FO

ii)

iii) At present, 4(Four) number of clearing systems are operating in Bangladesh

iv) The first clearing starts at 10:30am and the returns of the same occur at 05:30pm.
T

v) MICR stands for Magnetic Ink Character Recognition.


O

vi) The major MICR fonts used around the world are E-13B and CMC-7.
N

vii) For clearing purpose, Bangladesh Bank provided all Banks a software called Participating
Bank Module.
Module-E: Document
Handling Systems,
Additional Banking
Applications & Other
Aspects

LE
Fintech, RegTech and TechFin,
Virtual Banking, Basic Crypto
Currency, Block Chain

SA
Technology, Cloud computing,
Internet of Things (IOT),
Machine Learning, Data
Mining,

Data Warehouse, Neural


R
Network, Data Warehouse,
Current Trends, Artificial
FO

Intelligence.
T
O
N
1. What is the differences between FinTech and TechFin? Name a few of the FinTech
solutions in use in Bangladesh.
Answer:

FinTech: Fintech refers to the financial companies that used technology and innovation to compete
with traditional financial methods in the delivery of financial services. Online banking, internet
banking, debit card, credit card, ATM, MFS, agent banking, mobile apps are the example of FinTech
for banks.
TechFin: TechFin refers to a technology company that has launched a new way to provide financial
services, one that is integrated into the company’s own management system. Take in companies are
social media company like Facebook Google e-Commerce companies like Amazon
telecommunication companies like GrameenPhone, Robi, Banglalink etc.

LE
The most well-known solutions using FinTech in Bangladesh are NexusPay, ROCKET, bKash,
Nagad, UPay, SSLCommerz, iFarmer, PayWell, D-money etc.

2. Define the following: RegTech, Virtual Banking, Cloud Computing, Internet of

SA
Things, Machine learning, Data mining, and Data Warehouse.
Answer:

RegTech: RegTech is a subset of FinTech that focuses on technology's that may facilitate the delivery
of regulatory requirements more efficiently and effectively then existing capabilities. Perfect RegTech
R
example is electronic know your customer or e- KYC by which bang can identify the people who want
to open new accounts digitally.
FO

Virtual Banking: Virtual/Digital Banking refers to the act of accessing banking institutions and their
functions online without having to make a physical appearance at the bank branches. This is possible
by extensive use of technology in the banking.
Cloud Computing: Cloud computing is a service model that allows information technology (IT)
customers to obtain computing resources over the internet. Cloud computing is the delivery of
T

computing services including servers, storage, databases, networking, software, analytics, and
intelligence over the Internet.
O

Internet of Things: The Internet of Things (IoT) is a computing concept that describes the idea of
everyday physical objects being connected to the internet and being able to identify themselves to
N

other devices and send and receive data. IoT describes the network of physical objects things like
mobile phone, electrical appliances, barcode sensors, traffic lights etc.
Machine Learning: When a computer is configured to learn on its own using historical data and
information with the help of thousands of extensive statistical and mathematical models, this is
referred to as machine learning.
Data mining: Data mining is the practice of using techniques from the fields of statistics, database
systems, and machine learning to extract and find patterns in massive datasets.
Data Warehouse: A data warehouse is an enterprise system used for the analysis and reporting of
structured and semi-structured data from multiple sources, such as point-of-sale transactions,
marketing automation, customer relationship management, and more.
3. Is Grameen Phone a TechFin company? Why?
Answer: Grameenphone is a mobile telecommunications company based in Bangladesh, and it is not
primarily considered a TechFin company. It was founded in 1996 as a joint venture between Telenor
and Grameen Telecom. Grameenphone primarily operates as a mobile network operator, providing
voice, data, and other telecommunications services to its customers.

However, like many other telecommunications companies, Grameenphone has diversified its business
and ventured into digital services and financial technology (FinTech) through various initiatives. For
example, it has introduced mobile financial services and digital wallets through its subsidiary,
Grameenphone IT Ltd. These efforts could position Grameenphone as a player in the FinTech space,
but its core business remains telecommunications.

In conclusion, while Grameenphone has engaged in FinTech activities, it is primarily a

LE
telecommunications company rather than a TechFin company.

4. In which areas of banking, the block chain technology can be used?


Answer: A block chain is a distributed database or ledger where data is stored electronically in digital

SA
format and shared among the nodes of a computer network. It is one of the most secured technology
for storing data.

This technology can be used at nationwide level to manage the nationwide financial networks of Banks
& NBFIs with decentralized nodes distributed among all of the Banks and NBFIs as a means of real-
time transaction processing system, real-time BACH processing etc. It can also be used to manage
R
stock market with real-time data processing & settlement with decentralized nodes distributed among
the various stakeholders of stock exchange including banks and the listed companies to update the
stock holders in real-time. It can also be used to manage the nationwide MFSs to prevent customers’
FO

money from unauthorized use by others and to make a single network of MFS. Similarly, nationwide
healthcare, public procurement, property records management and so on can also use the block chain
technology to leverage the benefits of block chain.

5. What is Crypto-currency? What is the status of Crypto-currency in Bangladesh?


What is the present state of Crypto-currency in the world? How Crypto-currency
T

works? Narrate in details. How many parties are involved in Crypto-currency? What
O

is the role of a miner in Crypto-currency production? Who are the Crypto-currency


end users?
N

Answer: A digital currency in which transactions are verified and records maintained by a
decentralized system using cryptography, rather than by a centralized authority. It is a digital payment
system that doesn't rely on banks to verify transactions. There are thousands of cryptocurrencies. Some
of the best known include: Bitcoin, Ethereum, Litecoin, Ripple etc.

Crypto in Bangladesh: No Crypto-currency is in production or mining in Bangladesh, However there


are some activities was found relating to its buying and selling. As per Bangladesh bank dealing with
Crypto currency is illegal and all kinds of dealings are prohibitive. These crypto-currencies are not
legal tender, so no financial claim can be established against them. Transacting online with unknown
persons in crypto-currency has risk which can be associated with Money Laundering or Terrorist
Financing. All the citizen of this country are requested to avoid transaction with crypto-currencies.
Crypto-Currency in its present state in the world:
 Many Crypto-currencies are in place such as Bitcoin, Ether, Litecoin, Monero, Dash,
PonziCoin, Zcash, Carbon, Tether, Petro.
 They are Electronic version of Cash, not controlled by a Central Bank
 Has no geographical boundary
 Users don’t require any KYC
 No specific authority, thus no consumer protection and no AML/CFT reporting
 Value is not backed by any assets
Thus Crypto-currency has failed to become a currency. It is frequently used for:

 Buying drugs and other illegal goods


 Payment of Ransom, human trafficking money

LE
 Payment to organized terrorist groups
Functioning of Crypto: In simple words, block chain in the context of cryptocurrency is a digital
ledger whose access is distributed among authorized users. This ledger records transactions related to

SA
a range of assets, like money, house, or even intellectual property.
The access is shared between its users and any information shared is transparent, immediate, and
“immutable”. Immutable means anything that block chain records is there for good and cannot be
modified or tampered with – even by an administrator.
R
Parties of Crypto-currency: Parties Involved in Crypto-currency are:
 Miners: Mining is the process of production of Crypto-currency. Miners generate bitcoin,
record and ensure integrity.
FO

 Users: Cryptocurrency transactions typically involve at least two parties: the sender and the
receiver. These parties can be individuals, businesses, or other entities. In addition to the sender
and receiver, there are also other parties involved in the broader cryptocurrency ecosystem
 Online wallet providers: Online Wallet provider is a tech firm which store credentials and
transaction history of their respective clients, thus clients don’t need to download a full copy
T

of block chain software and store by themselves (like a member of stock exchange).
 Exchange companies: Exchange companies are agents where bitcoins are traded in exchange
O

of traditional currency.
Main roles of a miner in cryptocurrency production:
N

 Miners collect and verify transactions from the network's memory pool. They check the
transaction validity and ensuring that they comply with the network's rules.
 Miners gather transactions into a block after validation and formed a chain of blocks.
 After that miners ensure that that blocks are added to the block chain at a constant rate, the
complexity of this problem changes with time.
 Miners are typically rewarded with a combination of newly created cryptocurrency coins after
they broadcast the new block to the network.

Legal Tender: An amount of currency to be issued by a Central Bank is backed mainly by Gold;
and/or Government Securities (such as long term bonds, Treasury Bills) which in turn is backed by
Government earnings like Tax, Duty and other Revenue.
6. What are the functions of an Online Wallet Providers?
Answer:

 Online Wallet provider is a tech firm which store credentials and transaction history of their
respective clients, thus clients don’t need to download a full copy of block chain software and
store by themselves (like a member of stock exchange).
 Users credentials to access fund are stored with the Providers, as such users must have full
trust on the providers
 A malicious Provider or a beach in server security of the Provider may cause entrusted bitcoins
to be stolen.

7. What it is the difficulty to control Crypto-currency?

LE
Answer:

 To detect, investigate, prosecute and prevent the use of crypto-currencies

SA
 Freezing / seizing crypto assets
 Tracking movement of fund
 Making someone compelled to file STRs
 Because all the persons / parties involved are anonymous and not traceable
R
8. State the idea of introducing National Digital Currency? How it is different than
Crypto-currency?
FO

Answer: A national digital currency is a digital currency that is issued and overseen by a country’s
central bank. Some places NDC is already available include the Central Bank of The Bahamas (Sand
Dollar), the Eastern Caribbean Central Bank (D-Cash), the Central Bank of Nigeria (e-Naira) and the
Bank of Jamaica (JamDex) etc.
T

BITCOIN NATIONAL DIGITAL CURRENCY


Miner is anonymous Central bank will be the sole miner
O

Clients are anonymous Clients registered through e-KYC verification


N

The Online Wallet Providers are anonymous Banks act as Online Wallet Providers

Exchange Companies are hidden Exchange Companies are not required

Decentralized Centralized

Requires Verifications Partial Anonymity

Transparent Not transparent

No regulatory Regulated by Central Bank


9. What is Artificial Intelligence? How Artificial Intelligence impact the banking?
Answer: Artificial intelligence (AI) is the intelligence of machines or software, as opposed to the
intelligence of humans or animals. Artificial Intelligence (AI) is intelligence demonstrated by
machines with learning and problem-solving technique in terms of rationality and acting rationally.

Artificial Intelligence (AI) has significantly impacted the banking industry, transforming various
aspects of how banks operate and serve their customers. AI has the potential to transform the banking
industry by improving operational efficiency, enhancing customer experience, and strengthening
security measures. It is enabling banks to make data-driven decisions, provide personalized services,
and stay competitive in an increasingly digital financial landscape.

We can divide the AI impact in banking from two perspectives:

LE
From the Customers’ perspective:
 AI assisted Account Opening via a virtual assistant.
 Biometrics for account identification, money transaction.

SA
 Giving a personalized experience to each of the customers.
 Providing AI enabled secured banking facilities.

From the Bank’s perspective:


 Customer identification uniquely from multiple resources
R
 Deciding on the eligibility of loans for customers using machine learning algorithms based on
the relevant data and giving a financial limit.
FO

 Forgery detection and identifying suspicious behavior.


 Finding out the services which are used most and offering them accordingly to the customers.
 Monitoring tools for the management and bank employees service standards.
 Generating summarized insight from a vast amount of raw banking data, which can help shape
the banking strategy in the future.
T

 Generating offer/packages/services for the customers based on the customers’ usage data.
 Geographical, socio-economic data for the customers.
O

 Competitor analysis and taking strategic decisions to stand up among them in the market.
 Finding out promising investment sectors to make profit.
N

 Deep learning models can be quite useful for forecasting bank crises including inflation and
currency crises.

Virtual/Digital Banking: Virtual/Digital Banking refers to the act of accessing banking institutions
and their functions online without having to make a physical appearance at the bank branches. This is
possible by extensive use of technology in the banking.
Many of the banks in Bangladesh already have adopted part of virtual/digital banking services and
most popular services are Internet banking, e-commerce solution, and mobile apps. Other services like
ATM/CRM, MFS and agent banking requires the customers to physically go to an establishment like
booth, agent etc.
10. What are the advantages of cloud banking? What are the challenges?
Answer:

Advantages:
 Back-up and restore data: Once the data is stored in the cloud, it is easier to get back-up and
restore that data using the cloud.
 Improved collaboration: Cloud applications improve collaboration by allowing groups of
people to quickly and easily share information in the cloud via shared storage.
 Excellent accessibility: Cloud allows us too quickly and easily access store information
anywhere, anytime in the whole world, using an internet connection.
 Low maintenance cost: Cloud computing reduces both hardware and software maintenance
costs for organizations.

LE
 Mobility: Cloud computing allows us to easily access all cloud data via mobile.
 Unlimited storage capacity: Cloud offers us a huge amount of storing capacity for storing our
important data such as documents, images, audio, video, etc. in one place.
 Data security: Cloud offers many advanced features related to security and ensures that data

SA
is securely stored and handled.

Disadvantages:
 Regulations conflict between local regulatory guidelines and compliance rules of cloud
banking
R
 Security & privacy threat, i.e., data compromise
 Hazard of Data migration from existing system to cloud, i.e. large volume of data, incompetent
FO

technicians, legacy software etc.


 Risk of endangering user data, due to outsourcing of the migration to cloud
 Human error and incompetence, especially in coding, migration, maintenance etc.

11. Describe current trend in banking in respect to technology use.


T

Answer: Some of the major technologies which are being used currently by Banking Sector can be
stated below:
O

 Customer Self on-boarding (E-KYC).


 Digital money (crypto currency) is being used which will reduce to use of physical currency.
N

 Financial Apps for doing any kind of transactions, fund transfer, enquiry balance/statements,
E-payment, E-loan etc.
 Card less ATM withdrawal, Deposit & Withdrawal using CRM
 QR and NFC payment.
 IVR (Interactive Voice Response) & Video Banking.
 E-commerce
 Finger-print, face detection, voice banking
Upcoming AI based Technologies in Banking Sector:
 Virtualization and cloud based banking with the help of block chain technology.
 Use of virtual and augmented reality.
 Personalization and Intelligence service using Machine learning, Data Science
 BaaS (Banking as a service), PAAS (platform as a service) is going to be introduced.
SHORT NOTE
Block Chain Technology
A block chain is a distributed database or ledger where data is stored electronically in digital format and shared
among the nodes of a computer network. It is one of the most secured technology for storing data. There are
two types of block chain network i.e. public network and private network of block chain. Though this
technology was first outlined in a research paper in 1991 but its’ first real-world application was launched in
January 2009, with the launch of Bitcoin. For its nature of record keeping, transactions and records in the
block chain technology in public network is irreversible this technology is also known as distributed ledger

LE
technology (DLT). This technology has the potential to revolutionize various industries, including finance,
supply chain management, and healthcare, by providing a secure and transparent way to record and verify
transactions.

SA
Online Wallet providers
Online Wallet provider is a tech firm which store credentials and transaction history of their respective clients,
thus clients don’t need to download a full copy of block chain software and store by themselves. Online Wallet
provider are financial applications that allow you to store funds, make transactions, and track payment
histories on devices like phones and tablets. Online Wallet provider allow people in financially underserved
R
parts of the world to access financial services they may not have been able to before. Online Wallet provider
allow businesses and consumers worldwide to accept payments, receive funds, or send and receive remittances
from friends and family in other nations. One of the biggest advantages of Online Wallet provider is that they
FO

let you pay for things without credit or debit cards, once you enter and store your card and banking information
in the mobile payment platform.

Cloud computing
Cloud computing is the delivery of computing services—including servers, storage, databases, networking,
T

software, analytics, and intelligence—over the Internet (“the cloud”). Instead of buying, owning, and
maintaining physical data centers and servers, we can access technology services, on an as-needed and pay-
O

as-you-go basis. Cloud computing is one of the most attractive and promising technologies for the banking
sector. But as per the existing rule, the customer’s data can’t be located outside the country, the cloud couldn’t
be adopted by the banks especially for core banking solutions. However banks have widely adopting cloud
N

computing for miscellaneous services like HR, Inventory, and email.

Internet of Things (IOT)


IoT describes the network of physical objects like mobile phone, electrical appliances, barcode sensors, traffic
lights etc. these are embedded with sensors, software, and other technological microprocessors for the purpose
of connecting and exchanging data with other devices and systems through internet. Customers can access
these data, if permission is granted, and perform some activities like apply remote command on the IoT
enabled devices, get online MIS reports and perform customized analysis. IoT can also be used to enhance
the banking experiences of the customers and bankers.
National Digital Currency
A central bank digital currency (CBDC) also known as national digital currency is a form of universally
accessible digital money in a nation and holds the same value as the country's paper currency. Like a
cryptocurrency, a CBCD is held in the form of tokens. In short a central bank digital currency (CBDC) is the
digital form of a country's fiat currency. A nation's monetary authority, or central bank, issues a CBDC, which
promotes financial inclusion and simplifies implementing monetary and fiscal policy. Many countries are
exploring how CBDCs may affect their economies, financial networks, and stability.

Machine Learning
Machine learning is a branch of artificial intelligence (AI) and computer science which focuses on the use of
data and algorithms to imitate the way that humans learn, gradually improving its accuracy. It is the study of
making machines more human-like in their behavior and decisions by giving them the ability to learn and

LE
develop their own programs. Machine learning is an important component of the growing field of data science.
Good quality data is fed to the machines, and different algorithms are used to build ML models to train the
machines on this data. The choice of algorithm depends on the type of data at hand and the type of activity
that needs to be automated. It is also likely that machine learning will continue to advance and improve, with

SA
researchers developing new algorithms and techniques to make machine learning more powerful and
effective.

Data Mining
One of the recent advancement in line with data management technologies is data mining and knowledge
R
discovery. Data mining is the process of extracting and discovering patterns in large datasets involving
methods at the intersection of machine learning, statistics, and database systems. Data has increased in size
and dimensionality. Despite this, it is more frequently utilized in the sector as a tool to research clients and
FO

make best options.

Data Warehouse
In computing, a data warehouse, also known as an enterprise data warehouse, is a system used for reporting
and data analysis and is considered a core component of business intelligence. Data warehouses are central
T

repositories of integrated data from one or more disparate sources. They store current and historical data in
one single place that are used for creating analytical reports for workers throughout the enterprise. This is
O

beneficial for companies as it enables them to interrogate and draw insights from their data and make
decisions.
N

Artificial Intelligence
Artificial Intelligence (AI) is intelligence demonstrated by machines with learning and problem-solving
technique in terms of rationality and acting rationally. AI research has been defined as the field of study of
intelligent agents, which refers to any system that perceives its environment and takes actions that maximize
its chance of achieving its goals. This includes advanced web search engines, understanding human speech,
self-driving cars, automated decision-making and competing at the highest level in strategic game systems.
AI researchers are divided as to whether to pursue the goals of artificial general intelligence and
superintelligence directly or to solve as many specific problems as possible (narrow AI) in hopes these
solutions will lead indirectly to the field's long-term goals.
Review Questions

1. Multiple Choice Questions (MCQ)

i) Which of the following is not a FinTech for Banks?


a) Credit Card b) ATM c) Q-Management d) Mobile Apps

ii) Which of the following is not a TechFins?


a) Facebook b) Amazon c) Dutch-Bangla Bank d) Grameen Phone

iii) Which of the following is not a party in Crypto-Currency production and processing?

LE
a) Miners b) Central Bank c) Online Wallet Providers d) Exchange Companies

iv) Digital Banking has -----


a) a few branches b) no branches c) a few agents d) huge number of employees

2. Fill in the gap(s)

SA
i) The FinTechs are financial companies like Banks, Leasing companies and Insurance
R
companies which embad FinTech to make their own products more attractive.
FO

ii) Most well known solutions using FinTech in Bangladesh are NexusPay, ROCKET and
bKash, Nagad, UPay, SSLCommerz, iFarmer, PayWell, Dmoney etc.

iii) RegTech refers to any technology that ensures companies comply with their regulatory
requirements.
T

iv) Satoshi Nakamoto invented Bitcoin in 2009.


O

v) Amount of currency to be issued by a central bank is backed mainly by Gold; and/or


Government Securities (such as long term bonds, Treasury Bills).
N

vi) Mining is the process of production of Crypto-currency.


N
O
T
FO
R
SA
LE
N
O
T
FO
R
SA
LE
N
O
T
FO
R
SA
LE

You might also like