ICTFI Hand Note
ICTFI Hand Note
LE
SA
Information and
R
Communication
FO
Technology in
Financial
Institutions (ICTFI)
T
O
N
Prepared By
MD SAIDUL ALAM RAJAN
Executive Officer
Information and Communication Technology in
Financial Institutions (ICTFI)
Full Marks: 100
Module-A: Introduction to ICT and Computer Systems
Information and Communication Technology, Electronic Banking and Online Banking,
Mobile Financial Services, Agent Banking, e-commerce and m-Commerce, Computer
Hardware, Computer Software, Internet.
LE
Automatic Transaction Machine (ATM), Cash Deposit Machine (CDM), Cash Recycling
Machine (CRM), POS terminals, Debit Card, Credit Card, Card technology Internet Banking,
SMS and Alert Banking, E-commerce & Internet Payment Gateway, M-Commerce, Mobile
Financial Services (MFS), Agent Banking (Biometric Banking), Call Center, Systems for
sending fund transfer instruction like Telex, Swift, CHIPS, FEDWIRE.
SA
Module-D: ICT Security, Cyber Security, ICT Risk Management, Standards, Regulations and
Legal Framework
ICT Security, Cyber Security, ICT Risk Management, Security Standards and Regulations,
Guideline on ICT Security for Scheduled Banks and Financial Institutions published by the
Central Bank of Bangladesh, PCI-DSS, BS 7799 and ISO 27000, Legal framework in
R
Bangladesh (Cyber Law, ICT Act etc).
Module-E: Document Handling Systems, Additional Banking Applications & Other Aspects
FO
Cheque Processing Systems such as Clearing and Settlement Systems, MICR, RTGS, BACH
(BACPS & BEFTN) and additional Banking Applications like ERP Software, CRM Software,
E-mail software, Anti-Virus and anti-malware software.
Data Warehouse, Neural Network, Data Warehouse, Current Trends, Artificial Intelligence.
O
References:
1. Abul Kashem Md Shirin and Nusrat Tamanna Prianka (2020): “Information Technology in
Financial Services” 2nd ed., The Institute of Bankers, Bangladesh (IBB)
N
2. C.S. French, 1990: Computer Studies, 3rd ed., Arnold Publishers, New Delhi, India
3. Graham Taylor, 2001: GCSE Computer Studies, 4th ed., Macmillan Press Ltd., London
4. Grau, J. J. (ed.), 1992: Criminal and Civil Investigation Handbook, 2nd ed., McGraw-Hill
Inc., New York.
5. James A. O’Brien, 1999: Management Information Systems, 4 th ed., Tata McGraw-Hill Publishing
Company Limited, New Delhi, India
6. Kenneth C. Laudon & Jane P. Laudon, 1999: Management Information Systems – Organization and
Technology, 4th ed., Prentice Hall of India, New Delhi – 110 001.
7. Pete Loshin & Paul A. Murphy, 1999: Electronic Commerce, 2 nd ed., Jaico Publishing House, Mumbai,
India.
8. Yekini Nureni, INFORMATION COMMUNICATION TECHNOLOGY (ICT).
9. Harry Bouwman,Bart van den Hooff,,Lidwien van de Wijngaert ,Jan van Dijk, Information and
Communication Technology in Organizations.
10. Carol V. Brown, Daniel W DeHayes ,Jeffrey Slater, Wainright E. , Martin Managing Information
Technology .
11. IIB, Electronic Banking and Information Technology .
MODULE-A:
INTRODUCTION TO ICT
AND COMPUTER
SYSTEMS
Information and
Communication
Technology, Electronic
LE
Banking and Online
Banking,
SA
and m-Commerce,
Computer
Hardware, Computer
Software, Internet.
R
FO
T
O
N
1. What is the difference between the terms “Information Technology” and
“Information and Communication Technology”?
Answer: Information Technology (IT): IT primarily refers to the use and management of technology
resources, hardware, software, and networks for the storage, retrieval, transmission, and processing of
data and information.
Information and Communication Technology (ICT): ICT is a broader term that includes not only
information technology but also telecommunications and various communication technologies. It
encompasses all technologies used to manipulate and communicate information.
While IT focuses on the management and use of technology for data and information processing, ICT
extends this concept to encompass a wider range of technologies and communication methods. ICT
emphasizes not only the technical aspects but also how these technologies facilitate communication
LE
and the exchange of information in a broader sense. The distinction between the two terms is somewhat
fluid and can vary depending on the context and usage.
2. Banking service is now available anywhere. How this become possible after
implementation of ICT in Banking?
SA
Answer: The availability of banking services anywhere, often referred to as "digital banking" or
"online banking," has become possible through the extensive implementation of Information and
Communication Technology (ICT) in the banking sector.
High speed: Computer can work with very high speed. A computer can complete a 100 year’s
R
work of a man in a few minutes only.
Available anytime: Before introduction of ICT in banking services, the customers had to
FO
complete all the transactions before a set time in working days only. Now a customer can avail
the banking services 24 hours a day, 365 days a year.
Global Access: With ICT, banking services have become globally accessible. Customers can
access their accounts and conduct transactions from anywhere they want.
T
Accuracy: Computer can work with 100% accuracy if the program and data supplied is
correct.
O
Memory: Computer has a very huge memory which can store and process a large number of
data. Its storage is more than the storage of a big library.
N
Diligence: Computer can work continuously for a long time without tiredness which is not
possible for a man.
Enhanced Security Measures: ICT in banking has led to the development of advanced
security measures, including encryption, multi-factor authentication, and biometrics, to protect
customer data and transactions, assuring customers of the safety of digital banking.
The integration of ICT into banking has significantly expanded the reach and convenience of banking
services. It has transformed traditional banking into a more accessible, efficient, and customer-centric
industry, allowing people to bank from virtually anywhere with an internet connection or access to
banking infrastructure.
3. Name five electronic banking systems and define them.
Answer: Electronic banking systems, also known as e-banking systems or online banking systems, are
digital platforms that allow customers to conduct financial transactions and access banking services
electronically. Here are five commonly used electronic banking systems:
ATM (Automated Teller Machine) Network: ATMs are electronic banking systems that
provide 24/7 access to basic banking services, such as cash withdrawals, balance inquiries, and
fund transfers. Customers can use their bank's ATM network or even withdraw cash from
ATMs of other banks.
Point-of-Sale (POS) Systems: POS systems are used for electronic payments at retail stores
and businesses. Customers can use debit cards, credit cards, or mobile payment methods to
make purchases electronically. These systems facilitate secure and convenient in-store
transactions.
LE
Mobile Banking Apps: Mobile banking apps are smartphone and tablet applications
developed by banks. These apps enable customers to access banking services, make mobile
deposits, transfer funds, and manage their accounts directly from their mobile devices.
SA
Internet Banking: Internet Banking is a way of performing some banking activities through
internet by a customer himself sitting at his home or office. Banks that allows customers to
access their accounts, check balances, view transaction history, transfer funds between
accounts, pay bills, and perform various other banking activities through a secure internet
connection.
R
SMS Banking: SMS banking is a way of performing some banking activities by a customer
himself by sending SMS from his mobile phone. It allow clients to Check account balance,
FO
Obtaining a mini statement of his account, Payment of utility bill, Payment of bill against
purchase of goods and services, Mobile top up, Fund transfer, Change PIN etc.
These electronic banking systems have revolutionized the way individuals and businesses manage
their finances, providing convenience, accessibility, and efficiency in conducting financial
transactions and accessing banking services.
N
4. What is an ATM booth? How ATMs brings freedom to the customers? Mention five
functions of an ATM. Name some components of an ATM and mention their
functions.
Answer: ATMs are electronic banking systems that provide 24/7 access to basic banking services,
such as cash withdrawals, balance inquiries, and fund transfers. Customers can use their bank's ATM
network or even withdraw cash from ATMs of other banks.
ATMs give customers the freedom to access cash and perform basic banking transactions. Reduce
queues and more, at your convenience, regardless of location or time of day. They enable individuals
to manage their finances more efficiently and securely, contributing to a more flexible and independent
banking experience.
Functions of ATM Booth:
Cash withdrawal
Payment of utility bills
Fund transfer from customers own account to another account in the same bank or with
another bank
Checking account balance
Printing mini statement (last 5 transactions).
Components of an ATM:
Cash Deposit Machine (CDM): A cash deposit machine is an automated machine that
allows customers to deposit cash into their bank accounts without the need for filling out
deposit slips or standing in long queues at the bank.
LE
24/7 availability
No long queues
Cash Recycling Machine (CRM): ATM machines which can accept bundles of money,
SA
count the money supplied in different denominations and check for fake notes.
Select Language
Another Transaction
6. What are the differences among ATM, CDM and CRM?
Answer:
LE
No such facility New customer registration & No such facility
onboarding
7. What kind of dispute may arise of a CDM? How banks mitigate this?
SA
Answer: CDM (Cash Deposit Machine) disputes typically revolve around issues related to cash
deposits made using these machines. Here are some common types of disputes that may arise from
CDM transactions and how banks mitigate them:
Wrong Amount Deposited: Customers may claim that the CDM did not accurately count or
R
credit the full amount of cash they deposited.
Deposit Limits: Some CDMs have predefined deposit limits, which may restrict larger cash
FO
deposits.
Limited Denominations: Certain machines may only accept specific denominations, limiting
flexibility in cash deposit amounts.
Missing Deposit: Customers may allege that their deposit was not credited to their account,
T
Technical Malfunctions: CDMs may experience technical issues during a transaction, leading
N
to disputes.
Unauthorized Access or Fraud: In some cases, fraudsters may attempt to manipulate CDMs
to their advantage, or there may be cases of unauthorized access leading to disputes.
To mitigate these disputes effectively, banks typically encourage customers to follow proper deposit
procedures, such as verifying the deposited amount on the transaction receipt, retaining receipts for
reference, and promptly reporting any discrepancies or issues. Moreover, they continuously improve
the reliability and security of their CDMs through regular maintenance, software updates, and security
protocols to minimize the occurrence of disputes.
8. What is a POS terminal? Describe various components of a POS terminal. How a
bank earns from a POS terminal installed at a merchant? Describe how payment
is made using a POS terminal.
Answer: Point of sale (POS) refers to the payment counter in a retail store where customers pay for
their purchased goods. To simplify, a POS is the point of purchase where orders are processed, bills
are generated, and customers pay for their purchases.
Components of Point of sale (POS): Here are the key components of a POS terminal:
Computer or Server: The central processing unit (CPU) or server is the brain of the POS
system.
Monitor or Touchscreen Display: A monitor or touchscreen display provides a visual
interface for both the cashier and the customer.
LE
Barcode Scanner: A barcode scanner reads product barcodes, allowing cashiers to quickly
and accurately ring up items for sale.
Receipt Printer: A receipt printer generates customer receipts for each transaction.
Card Reader or Magnetic Stripe Reader (MSR): Card readers accept credit and debit
SA
cards.
Near Field Communication (NFC) Reader: An NFC reader allows contactless payment
methods.
Cash Register Software: The POS software is the heart of the system.
Barcode Labels and Receipt Paper: Businesses use barcode labels for products, making
R
it easy to scan items during transactions.
Router and Network Connection: To process credit card transactions and communicate
with other systems, POS terminals often require an internet connection.
FO
Power Supply and Backup: Reliable power sources, including surge protectors and
uninterruptible power supplies (UPS).
Banks’ earnings through POS: Banks buy the POS terminals and supply to a merchant free
of cost but at an agreed merchant commission. The merchant commission refers to the
T
commission in percentage over the sale amount settled using the supplied POS terminal which
the merchant pays to the bank. This normally rages from 1.0% to 2.0%.
O
Advantages:
Saves Time: No need to standing in long queues banking services are just a click away.
LE
Convenient: Pay various utility bills from the comfort of home.
24×7 Availability: Can have banking services 24x7 without any interruption.
SA
Record of Transactions: Transactions and fund transfers made online are organized in the
‘Transaction History’ section along with every detail.
Security and Speed: Transactions are encrypted, secure, and efficient in online banking.
It takes only a few seconds to carry out such transactions.
R
Non-financial Transactions: Online banking allows the users to avail non-financial
FO
services such as checking the bank balance, generating account statements, applying for a
new checkbook, changing the address, mobile number or email, etc.
Disadvantages:
User Friendly: Understanding the usage of internet banking might be difficult at the first.
O
Cyberattacks and Fraud: Despite all the security and encryption, there’s a possibility of
N
Large Withdrawals: Online banking doesn't help if you need access to large amounts of
cash.
Internet Connection: If the bank's server is down, due to the loss of net connectivity or a
slow connection, then it might be hard to know if your transaction went through.
Like every system, online banking also has its advantages and disadvantages. Online banking is a fast,
inexpensive, and convenient way to handle many of your everyday financial transactions. The above
comparison of the advantages and disadvantages of internet banking makes it clear that the benefits
outweigh the consequences.
19.What is a MFS? History of MFS? What are the Services of MFS operator provides
in Bangladesh? Name a few remarkable MFS in Bangladesh.
Answer: Mobile Financial Services (MFS) is a Digital Wallet/Money is an Electronic Prepaid Card
with M-Banking Facilities that utilizes ATM and all kinds of electronic Communication Technologies
including mobile phone. People who are not involved with the services of the bank can be facilitate
efficient banking services through mobile channels. By using a mobile financial Services, a huge
unbanked population could be brought into the banking system.
History: Bangladesh Bank has introduced efficient off-branch Mobile Financial Services
(MFS) during 2011 in Bangladesh as the country developed a universal mobile phone network
experienced, large number of mobile phone users and improved IT infrastructure.
LE
Services of MFS:
Cash-in
Cash-out
P2P Fund transfer
SA
Receive foreign remittance
Merchant Pay
Utility bills Pay
Various government allowances and Taxes
Mobile recharge
E-ticketing
R
20.In relation to e-commerce, define the following: Cart, Payment gateway, Acquiring
and Issuing Bank, PIN, CVV, CVC, Payment Association, Authorization,
Settlement, NOSTRO account, and NPSB.
Answer: According to James A. O’Brien “e-commerce is the buying and selling, and marketing and
T
servicing of products, services and information over a variety of computer network. In short, buying
and selling of goods and services over internet is called e-commerce.
O
Cart: Cart is a software that lets customers select, store, and manage items before buying them.
Payment gateway: A payment gateway is a technology used by merchants to accept debit or
N
Customer places order: The customer browses an online store, selects the products they wish
LE
to purchase, and proceeds to check out.
Customer enters payment information: At checkout, the customer enters their payment
information, such as credit or debit card details, into the payment gateway provided by the
online store.
SA
Payment authorization: The payment gateway sends the payment information to the payment
processor, which verifies the information with the customer’s bank or credit card issuer to
ensure that the payment can be authorized.
Payment approval: If the payment information is verified and authorized, the payment
processor sends an approval message to the payment gateway, which then notifies the online
R
store that the payment has been approved.
Order confirmation: Once the payment has been approved, the online store confirms the
FO
The customer initiates a debit or credit card transaction for a certain amount.
The issuing and acquiring bank communicate immediately via the merchant’s payment
gateway.
After the details checking the issuing bank can approve the transaction and instruct the
merchant to authorize the payment
The customer may now receive confirmation that their payment has been successful.
The settlement period largely consists of clearing this communication is conducted through a
LE
payment network, which facilitates the exchange of transaction data.
Funds can be transferred in a number of ways, including electronically, by wire transfer, or
through the Automated Clearing House (ACH).
SA
Once the funds have been deducted from the customer and arrive in the merchant’s account,
the payment has been settled.
R
FO
T
O
N
23.What is a computer? Who is the father of computer? Describe different generation
of computers. Different types of computer are Analog, Digital and Hybrid. Describe
each of them.
Answer: A computer is a device that accepts information and manipulates it for some result based on
a program, software, or sequence of instructions on how the data is to be processed.
LE
Generations of Computer:
1st Generation (1951 – 1958): Characteristics: Use of Vacuum Tube or Vacuum Valve,
Big in size, Capability to store program and information, Use of Magnetic Drum, Punch
Card and Magnetic tape. Example: ENIAC, MARK, IBM-650.
SA
2nd Generation (1958 – 1965): Characteristics: Use of IC (Integrated Circuit), Use of
transistor instead of Vacuum Tube, Small in size, introduction of ACCII code, development
of high-level language like COBOL, FORTRAN and ALGOL. Example: IBM-1620, CDC-
1604, NCR-300.
R
3rd Generation (1965 – 1971): Characteristics: Introduction of Mouse as input device,
Small in size, reduction of price, Introduction of VDO unit and Printer as output device,
FO
use of secondary memory, invention of BASIC language, word processing and other
applications. Example: IBM-370, PDP-II.
Super Computer, Laptop, Notebook, Desktop and Personal Computers. Example: PC,
Sever and Laptop of various brands such as IBM, Compaq, HP, Sun, Dell, ACER.
N
Types of Computer:
Analog Computer is used for special purposes such as measuring pressure and
temperature, supply of petrol in petrol pumps and determining price, and controlling
speed of a vehicle or Airplane.
Digital Computer works in line with the principles of mathematics. It works using
binary systems, i.e., using 1 and 0. The Computers we use at home and office are all
Digital computers.
Hybrid Computer collects data from various systems using analog process, but
processes the data in digital system.
24.Based on size & capacity, computer can be divided into Super, Mainframe, Mini
and Microcomputers. What are the differences among them?
Answer:
LE
SA
R
25.Why micro computers are also called as PC?
FO
Answer: Microcomputers are very small, cheap and widely used computer. As microprocessor is used
in this type of computers, they are termed as Microcomputer. Only one person can work at a time in a
Microcomputer. For this they are also known as Personal Computer or PC.
26. Name five input devices and 3 output devices. Describe printer, keyboard and
T
mouse.
O
Mouse, Printer,
Joystick, Speaker and
Scanner, Plotter
Digital
Camera,
Microphone
Printer: The output of a computer is printed on paper using a device called Printer. Printer is
connected to the computer’s system board using a data cable. Power is supplied to the printer
using another cable. Printer is of two types – Dot Matrix Printer and Laser Printer.
Keyboard: A Keyboard is a device that contains 104 to 110 number of keys. These keys are
used for typing letters and digits and providing instructions to the computer. A keyboard is
connected to the motherboard of a computer using a cable.
Answer:
LE
SA
R
FO
T
Answer:
CPU: The devices used for processing of supplied information, data and instructions in a
N
computer are called Processing Devices. CPU or Central Processing Unit is a processing device
used in computer. It performs all the processing activities of a computer. CUP is like the brain
of human being. The speed and capacity of processing of a computer depends on its CPU.
CPU sends controlling and time determining signals to all parts of the computer.
Send and receive data between memory and input/output devices.
Receive data and instructions from memory.
Decode the instructions.
Perform mathematical and logical activities.
Run program from computer memory.
Coordinate between input and output devices.
29.What is Memory? Describe the characteristics of each memory.
Answer: Memory devices are the devices where the computer temporarily or permanently stores the
data before, during and after processing. The memory devices can be categorized into 3 groups:
LE
Types of Primary Memory:
RAM (Random Access Memory)
Characteristics:
RAM is volatile in nature
SA
It is a read-write memory
During processing the information stay in RAM
If power fails, all the information removes from the RAM.
CISC: CISC or Complex Instruction Set Computer is a microprocessor which uses microcode.
RISC: RISC or Reduced Instruction Set Computer is a microprocessor in which less number
of instructions sets are used. It is not software based, rather hardware based and as such faster
than the CISC processor.
31.What are differences among Floppy disk, Hard disk, CD and Pen drive?
LE
Answer:
SA
Flash drives have
Storage capacity is very Storage capacity is low smaller memory
Storage capacity is low.
high. but more than floppy. capacity than hard
drives.
Stores data at high Stores data at low speed Flash drives are faster as
Stores data at low speed.
speed. but faster than floppy. compared to hard drives.
R
Data access relatively
Data access relatively Retrieves data at high Retrieves data as fast as
slow but faster than
slow. speed. hard disk
FO
floppy
It is easily portable. It is not portable easily. It is easily portable. It is easily portable.
It is light weight. Weight is heavier It is light weight. It is light weight.
It is not as reliable as
It is not as reliable as
It is reliable. hard disk but much It is reliable.
hard disk.
better than floppy
Main storage device of
T
with connectors for other circuit boards to be slotted into. A motherboard, also known as a
"mainboard" or "logic board," is the primary circuit board in a computer that connects and controls
the rest of its components. Every other piece of hardware in a computer ultimately connects to the
motherboard, which serves as a hub that provides a path for the components to communicate with each
other.
LE
SA
R
FO
T
O
N
35.What are the functionalities of an operating system?
Answer: An operating system (OS) is system software that manages computer hardware and software
resources, and provides common services for computer programs. The functionalities of an Operating
System are as mentioned below:
To make the computer active and usable
To communicate between hardware and application software
To accept and execute the instruction of a user
To fetch a program into the main memory and process it
To control the activities like writing, storing and reading data to/from Disk.
LE
retrieve, manage, and secure data. They are essential for many software applications, ranging from
small desktop applications to large-scale web services and enterprise systems. The choice of a
particular database system depends on factors like data volume, complexity, scalability requirements,
and the specific needs of the program or application.
SA
37.Describe the following: a) DBA, b) Backup c) Database Management System
Answer:
Answer:
Internet: A global computer network providing a variety of information and communication
N
Answer:
LE
SA
R
FO
T
O
N
40. What is World Wide Web? What is the basic difference between www and Internet?
Answer:
WWW: The World Wide Web, commonly known as the Web, is an information system that enables
information sharing over the Internet through user-friendly ways meant to appeal to users beyond IT
specialists and hobbyists.
The Difference between Internet and WWW is that the pages you see when you’re online on a device
are known as the World Wide Web, or web for short. On the other hand, the internet is the network of
connected computers that the web runs on, as well as the conduit through which emails and data move.
LE
41. Describe the objective of ICT policy in Bangladesh.
Answer:
SA
OBJECTIVE:
Develop an efficient ICT infrastructure that provides open access to international and
national network
Promote and facilitate use of ICT in all sectors of the economy for transparency, good
R
governance and efficiency improvement;
FO
Establish legislative and regulatory framework for ICT issues like IPR, data security
and protection, digital signature, e-Commerce, ICT education etc.
To ensure quality ICT education provided by different private organizations
Set up national databases that are reliable and easily accessible
T
Promote use of ICT by providing special allocations for ICT project implementation in
the public sector.
O
Train the decision makers in ICT use and promote an ICT culture.
Develop a large pool of world class ICT professionals to meet the needs of local and
N
global markets
Set up a very high quality ICT institution to continuously promote and foster ICT
Industry
Enact Laws and Regulations for uninterrupted growth of ICT, in conformity with
World Trade Organization (WTO) stipulations.
42. Define Programming Language with examples. Describe types of Programming
Language.
LE
code. Basically two types:
SA
Assembly Language: An assembly language is a type of low-level
programming language that is intended to communicate directly with a
computer's hardware.
PASCAL
O
LE
against purchase of goods and services, Mobile top up, Fund transfer, Change PIN etc.
ALERT BANKING
Alert Banking is a system which sends a SMS to the customer when a debit or credit transaction occurs in the
SA
customer’s account. For example if the monthly salary of a customer is deposited into his account, system
will generate a SMS as under and send to the customer’s mobile registered for this service. Alert Banking
useful for the customers as he can come to know about any fraudulent activity in his account instantly and
can undertake immediate measures. To setup an alert against an account, the bank needs to know the following
from a customer:
R
Mobile number of the customer
Account number of the customer
FO
Debit amount.
Credit amount.
mobile phone and interact with the machine pressing digits to perform some banking services. These services
O
may include obtaining information such as balance inquiry or do transactions such as fund transfer and
activate/deactivate a debit, credit or prepaid card.
N
M‐COMMERCE
Mobile commerce refers to business or purchases that are conducted over mobile devices like cell phones or
tablets. Mobile commerce is a large subset of electronic commerce, a model where firms or individuals
conduct business over the Internet. M-commerce specifically refers to transactions done via a smartphone or
mobile device. M-commerce users can transact anywhere provided that there's a wireless Internet provider
available in that area. M-commerce apps allow for location tracking via GPS to offer customers help finding
items in stores. Personalized shopping experiences can also connect retailers with their clients.
AGENT BANKING
An agent bank is a financial institution that acts on behalf of other banks, typically in a correspondent banking
relationship. In this role, the agent bank purpose is to provide various services to the correspondent bank, such
as facilitating wire transfers, processing payments, and providing account management services.
Benefits:
Access to Expertise: Typically have specialized knowledge and expertise in particular
markets or financial services.
Increased Efficiency: Can outsource payment processing and account management,
which can increase efficiency and reduce costs.
LE
Risk Management: It can play a critical role in risk management for their clients.
Market Access: Such banks can provide banks with access to new markets and
geographies.
SA
Customization: It can often provide customized solutions to meet the unique needs of
its clients.
Disadvantages:
Loss of Control: More difficult for the bank oversee its function directly.
R
Additional Costs: Using an agent bank typically involves additional costs, such as
FO
service fees.
Reputation Risk: If the agent bank does not meet the bank’s standards for rules, ethics,
or customer service then main bank could fall into reputation risk.
Communication Challenges: Difficult working with a bank in a different country or
time zone.
T
Lack of Flexibility: Processes and procedures may not be flexible enough for client.
O
HYPERTEXT
N
Hypertext is text displayed on a computer or other electronic device with references (hyperlinks) to other text
that the reader can immediately access, usually by a mouse click or keypress sequence. Apart from running
text, hypertext may contain tables, images and other presentational devices. Hypertext is the underlying
concept defining the structure of the World Wide Web, making it an easy-to-use and flexible format to share
information over the Internet.
Review Questions
LE
iv) The first computer in Bangladesh
SA
- was installed by
a) BUET b) Bangladesh Atomic Energy Commission
LE
ii) Operating systems were first developed in 1960 for the Mainframe Computer.
iii) Internet started in 1960 as research work and become International Network in mid 1990.
SA
iv) ATM is used mainly for withdrawal of cash by a bank customer using his debit, credit or
Prepaid card.
v) ATM is supplied with a device for reading a card and a display monitor and a keyboard
R
for interaction with the cardholder.
ix) Buying and selling of goods and services over Internet is called e-commerce.
T
xi) First electronic computer produced commercially was developed in the year of 1954.
N
xii) Bangladesh Atomic Energy Commission installed first computer in Bangladesh in the year
of 1964.
xiii) Three types of computer are: Analog computer, digital computer and Hybrid
computer.
ix) Based on the size and capacity, computer can be divided into four types such as Super
computer, Mainframe computer, Mini computer and micro computer.
SA
Networking, IT Systems,
Storage, Database and backup
systems for ICT in FIs,
Computerization approaches,
Various Software Systems Like
R
Core Banking, Switching,
Credit Card, Payment
FO
TIER 1
• Single non‐redundant distribution path serving the IT equipments
• Non‐redundant capacity components
• Basic site infrastructure guaranteeing 99.671% availability
LE
TIER 2
• Fulfils all Tier 1 requirements
SA
• Redundant site infrastructure capacity components guaranteeing 99.741%
availability
R
TIER 3
•Fulfils all Tier 1 & Tier 2 requirements
•Multiple independent distribution paths serving the IT equipments
FO
•All IT equipments must be dual‐powered and fully compatible with the topology of a
site's architecture
•Concurrently maintainable site infrastructure guaranteeing 99.982% availability
TIER 4
T
Disaster Recovery Site (DRS): It is a failsafe for the original data center. DRS stored all the
backup data form the main data center. If any natural or human-induced disaster happens to
the main DC, Disaster Recovery Site will take the place as main DC and runs operation without
any interruption.
DRS should have capability to become primary site automatically
If long distance is chosen,
Problem related to manageability
LE
Availability of dark fiber
Availability of required latency
Sync replication may not be possible.
If short distance (at least 20 km) is chosen, the disaster like earthquake, hurricane may
SA
destroy both the site.
4. Narrate advantage and disadvantages of Tier-1, Tier-2, Tier-3 and Tier-4 data
centers.
Answer:
R
PARAMETERS TIER 1 TIER 2 TIER 3 TIER 4
Uptime guarantee 99.67% 99.74% 99.98% 100.00%
FO
5. What is LAN and WAN? Why it is needed in a LAN? Name 3 LAN and 3 WAN
communication media. Mention a few of the differences between LAN and WAN?
N
Answer:
LAN: A local area network (LAN) is a collection of devices connected together in one physical
location, such as a building, office, or home. LAN connects more than one computer and is
useful for sharing resources like files, printers, games or other applications.
LAN Communication Media:
twisted- pair wire
coaxial cable
fiber optic cable
wireless media
WAN: A wide-area network (WAN) is a collection of local-area networks (LANs) or other
networks that communicate with one another. A WAN is essentially a network of networks,
with the Internet the world’s largest WAN.
WAN Communication Media:
Land Lines
Microwave
Satellites
Differences between LAN and WAN:
LE
SA
R
FO
T
Answer:
LE
access while permitting authorized communications. Firewalls are frequently used to prevent
unauthorized Internet users from accessing private networks connected to the Internet. The following
points listed below are the most relevant in explaining the importance of firewalls is as follows:
SA
Outgoing network traffic can be blocked based on the source or destination
Block network traffic based on content
Report on network traffic and firewall activities
Stops Virus Attacks and spyware
Preventing Hacks
R
Promotes Privacy
8. Why DMZ needed to be established in the network system of a bank?
FO
Answer: DMZ's are an essential part of network protection for both individual users and large
organizations. They provides an extra layer of security to the computer network by restricting remote
access to internal servers and information, which can be very damaging if breached.
Answer:
O
BRANCH SERVER:
Branch server facilitates access to the central application servers for executing
N
11. What is RAID? Why RAID is used in banking system? What are the differences
LE
between a RAID level 0 and 1? What do you mean by RAID level 0+1?
Answer: RAID stands for Redundant Array of Independent (or inexpensive) Disks is a technique that
makes use of a combination of multiple disks instead of using a single disk for increased performance,
SA
data redundancy, or both. RAID is a technology used for hard drives of Computer Servers to provide
data reliability and increase input/output performance.
RAID LEVEL:
Level 0 -- Striped Disk Array without Fault Tolerance
Level 1 -- Mirroring and Duplexing
Level 2 -- Error-Correcting Coding
T
RAID LEVEL 0 AND 1 DIFFERENCES: RAID stands for Redundant Array of Independent
Disk, is the technique used for disk organization for reliability and performance. Both RAID
0 stands for Redundant Array of Independent Disk level 0 and RAID 1 stands for Redundant
Array of Independent Disk level 1 are the categories of RAID. The main difference between
the RAID 0 and RAID 1 is that, In RAID 0 technology, Disk stripping is used. On the other
hand, in RAID 1 technology, Disk mirroring is used.
RAID LEVEL 0+1(A MIRROR OF STRIPES): It’s also known as hybrid RAID. Which
means it is a combination of two different RAID levels, level 1 mirroring and level 0 striping.
It uses logical mirroring to write the same data on two or more drives to provide redundancy.
If one disk fails, there is a mirrored image of the data stored on another disk.
12. What do you mean by computer clustering? Why clustering is used in a computer
system of a bank?
Answer: A cluster is a group of computers that are connected with each other and operate closely to
act as a single computer. Based on the purpose of making a cluster between two computers, the
clustering can be of the following types:
LE
IMPORTANCE OF CLUSTERING:
Increased resource availability: If one Intelligence Server in a cluster fails, the other
Intelligence Servers in the cluster can pick up the workload.
SA
Strategic resource usage: You can distribute projects across nodes in whatever
configuration you prefer.
Increased performance: Multiple machines provide greater processing power.
Greater scalability: As your user base grows and report complexity increases, your
resources can grow.
R
Simplified management: Clustering simplifies the management of large or rapidly
growing systems.
FO
Server clustering is a critical component of the IT infrastructure in banks and financial institutions. It
ensures that essential services remain available, even in the face of hardware failures or disasters, and
allows banks to maintain the trust and confidence of their customers while meeting regulatory
requirements.
Answer: Replication is a set of technologies for copying and distributing data and database objects
O
from one database to another and then synchronizing between databases to maintain consistency.
Using replication, data can be copied to a remote location normally from Data Center to DRS using a
N
ASYNC REPLICATION:
Data is transferred from DC to DRS
Time interval say 5 minutes
Uses fiber optic connectivity
SYNC REPLICATION:
Data recorded simultaneously at DC and DRS
A dark fiber is required
14. What is dark fiber cable and where is used in a banking system?
Answer: A dark fiber is a dedicated direct fiber optic link between two points, normally used for
replication of data between DC and DRS. Dark fibers are not shared, and routers are not connected at
two ends of the fiber cable. Their bandwidth very high and speed of transmission of data is very fast.
Banks rely heavily on data centers for secure storage and processing of financial data. Dark fiber can
provide a high-bandwidth connection between a bank's data centers and branch offices, improving
data transfer speeds and redundancy.
15. Why a banking system uses external storage instead of an internal storage for storage
of its data?
LE
Answer: The use of external storage instead of an internal storage in banking systems is driven by the
need for scalability, redundancy, performance, security, compliance, and cost efficiency. These
storage solutions are an integral part of the IT infrastructure that supports the critical functions of
banks and helps them manage and protect their vast volumes of financial data.
SA
16. Define SAN switch.
Answer: A storage area network (SAN) switch is a device that connects servers and shared pools of
storage devices and is dedicated to moving storage traffic. It connects storage devices like disk arrays
and backup devices to servers. It is mainly designed to provide efficient storage and retrieval of
R
information.
FO
17. What are the three type’s database backup? Explain each of them. Why database
backup is important in banking? Which one is suitable for your bank/FI?
Answer: A data backup is a copy of computer data taken and stored elsewhere so that it may be used
to restore the original after a data loss event. Database backup is a way to protect and restore a database.
Data backup types are as follows:
T
FULL BACK UP: The most basic and complete type of backup operation is a full backup.
O
This type of backup makes a copy of all data to a storage device, such as a disk or tape.
INCREMENTAL BACKUPS: An incremental backup operation will result in copying only
N
the data that has changed since the last backup operation of any type.
DIFFERENTIAL BACKUPS: A differential backup operation is similar to an incremental
the first time it is performed, in that it will copy all data changed from the previous backup.
LE
Answer: Online banking in Bangladesh first started in the early 2000s and ever since it is rapidly being
integrated into the banking industry. The Bangladesh Bank, the central bank of Bangladesh, introduced
Electronic Fund Transfer (EFT) between banks in 2006. The 2010s saw a significant expansion of
SA
online banking services in Bangladesh. Banks in the country began to invest in modernizing their
technology infrastructure to offer a wider range of online services. The introduction of mobile banking
services played a crucial role in making banking more accessible to people across the country,
especially in rural areas. Services like bKash, Rocket, and NAGAD became popular and allowed
customers to perform various financial transactions using their mobile phones. Online banking is a
well-established part of the financial landscape in Bangladesh, with numerous banks offering a wide
R
range of digital services. However, there is ongoing development and expansion as the country's
financial sector embraces digital transformation to meet the needs of its growing population and
FO
economy.
21. Mention 3 functions of each of the following software: a) Core Banking Software, b)
Switching Software, c) Credit Card Software, d) Payment Gateway Software.
Answer:
T
O
• Bank use Core Banking Software to maintaining a ledger of various transactions, keeping
customer information, interest calculation of loans and deposits, adjustments to accounts on
withdrawal and deposits of funds etc. CBS has facilitated better operational efficiency by
ensuring improved house keeping and preventing seepage of income. Inter branch
Core Banking reconciliation has become faster and accurate. The greatest advantage of having a Core
Software Bank System is that introduction of new facilities and products wouldn't be a time-
consuming process, and branch clearings would become instantaneous.
LE
• A Switching Software is an ATM/POS transaction processing and management system
which is used for the Production of Debit Cards, Pre-authorization of on-us debit or remote
on-us debit card transactions, Routing of on-us and remote on-us transactions to Core
Switching Banking System, Fraud management, Health monitoring of all the connected ATM and POS
SA
Software terminals, Settlement and reconciliation etc.
• A Credit Card Software is a Credit Card transaction processing and management system
which is used for Production of Credit Cards, Pre-authorization of on-us credit or remote
R
on-us credit card transactions, Authorization of the on-us and remote on-us credit card
Credit Card transactions, Routing of transactions made by cardholders of another bank Fraud
Software management, Settlement and reconciliation etc.
FO
Payment personal data, Communication between the financial institutions involved and the business
Gateway and the customer, Authorization of payments
Software
O
N
Software application designed especially for ecommerce, although it can be used to authorize
payments in traditional brick and mortar businesses.
Encryption of payment and personal data.
Communication between the financial institutions involved and the business and the customer.
Authorization of payments.
24. What are the differences between Mobile Financial System (MFS) and Core Banking
System (CBS)?
Answer:
LE
media Link, VSAT etc.) WAN/internet
Posting device Computer Mobile Phone and/or Computer
Cash-in By bank’s Teller at branch By bank’s Teller at branch and by Agent
By bank’s Teller at branch By bank’s Teller at branch, by Agent and
SA
Cash-out
and at ATM at ATM
No of transactions
A few Huge
in a period
Amount per
Large Small
transaction
R
Customer reach Around the branch Through-out the country
FO
LE
Communication For POS: Protected Mobile Data WAN (Fiber Optic, Radio
media For Desktop App: Internet with Link, VSAT etc.)
secured VPN
SA
Posting device Biometric POS Computer
PC / Laptop
Cash-in By bank’s Teller at branch By bank’s Teller at branch
At Agent Outlet
Cash-out By Bank’s Teller at branch By bank’s Teller at
R
At Agent Outlet branch
At ATM ATM
No of Huge A few
FO
transactions in a
period
Amount per Medium Large amount
transaction
Customer reach Through-out the country Around the branch
T
Answer:
N
Fingerprint Scanner Fingerprint scanner devices are used along with Secugen
computers for capturing fingerprints. AbeTree
Morpho
Dermalog
30. What are the differences between a Mobile Banking System and Agent Banking
System?
Answer:
LE
verifying KYC.
Account Number Conventional bank account number Mobile number + a check digit
(with one check digit) (optional)
SA
Customer Input by agents through Input of mobile number
registration POS Device/ Desktop by agent,
Application Data entry by bank/3rd party,
KYC entry by Agent/Teller Authorization by bank officer
Authorization by bank officer after verifying KYC.
R
in Agent Banking Office after
verifying KYC.
Communication For POS: Protected Mobile network (SMS/USSD) and/or
FO
Answer:
O
Registered Devices are blinded with specific users so that no other can access that device.
All the requests and responses are transmitted with gateway in encrypted format.
DESKTOP APPLICATION:
New Device Registration Requests are initiated by an agent with authentication of PIN,
OTP to the registered mobile phone.
Bank Admin needs to approve the newly added devices for further operation by users.
Only the registered devices can be accessed by the mapped users after approval.
All the requests and responses are transmitted with encryption.
RSA Authentication is required at the time of user login.
32. What are the features of a software for Agent banking services?
Answer:
REGISTRATION PROCESS:
Registration of Super-Agent, Agent, DSR, Sub-Agents, FT officer, ROs and Teller
Registration of New customers
Linking of Core Banking Customers
Biller Registration
Change of Fingerprint
Replacement of Agent/Sub-Agent
LE
Agent Hierarchy Management
SERVICES:
Cash-In & Cash-Out
SA
Utility Bill Payment
Balance & Statement Check
Fund Transfer
ATM Transaction
R
POS & e-COM Transaction
Salary Upload
FO
Loan Disbursement
Fund Management by Agent Hierarchy
Remittance through agent points and branches
OTHER OPERATIONS:
T
i) Recommended temperature for a Data Center is ….. degree C and humidity is ….. %
a) 10, 38 b) 20, 70 c) 25, 50 d) 20, 50
LE
iv) A VSAT is used in …..
a) LAN b) Internet c) WAN d) Router
SA
v) The largest WAN is ……
a) ICT Ministry Network b) Facebook network c) Internet d) SWIFT
i)The run length of individual Ethernet Cables in LAN is limited to roughly 100 meters.
iii) For setup of an ICT infrastructure of a bank having 50 branches, the approximate
budget requirement is Taka 500 - 1000 million.
iv) In the LAN-based approach of bank automation, Unix or Novel operating systems was
LE
used. The data was stored in a server as flat file or database either ----- or dBase. The
application software was written in COBOL, FoxPro or dBase.
v) Nexus Gateway was lunched for the first time in Bangladesh by Dutch-Bangla Bank in
SA
the year of 2010.
vi)Rocket was the first MFS in Bangladesh launched by Dutch-Bangla Bank on 31 March, 2011.
vii) Near Data Center is a Data Center established in the same city where main Data Center is located.
R
viii) The DRS should have capability to become primary site automatically in case the Data Center
FO
is in disaster.
ix) One of the common data center certification awarded by the “Uptime Institue” is Tier
certification.
T
LE
Data Center (DC), Near DC,
Disaster Recovery Site (DRS),
Data Center Standards and
Certifications, Computer
SA
Networking, IT Systems,
Storage, Database and backup
systems for ICT in FIs,
Computerization approaches,
Various Software Systems Like
R
Core Banking, Switching,
Credit Card, Payment
FO
ADC CHANNELS:
ATMs CRMs Deposit Machines POS terminals Internet Banking
Mobile Financial
SMS alert Banking E-commerce Call Centre Agent Banking
system (MFS)
LE
Telex SWIFT BACH BACPS BEFTN
NPSB RTGS CHIPS FEDWIRE BANKWIRE
SA
Answer:
Cash withdrawal
Card less cash withdrawal
O
Balance enquiry
Printing Statement of account
Cheque book request
Utility Bill Payment
Mobile recharge
ON-US DEBIT CARD TRANSACTION: First the Switching Software checks the validity
(card number exists in the database, date does not expire etc), status (not a stolen or hot card)
and PIN of the card. If all the checks are passed, the corresponding account number and amount
are passed into the Core Banking system of the Bank with a request to make debit in the
account. If the Core Banking System found available fund than it debits the account for the
amount, and send an authorization code to the ATM via Switch. ATM, then count the money
and presents to the customer.
LE
ON-US CREDIT CARD TRANSACTION: For the credit card the Switch does not check
anything but pass the information to the Credit Card System. The Credit Card System checks
the validity (card number exists in the database, date does not expire etc), status (not a stolen
or hot card) and PIN of the card. If all the checks are passed, and the Card account has sufficient
SA
available credit limit, the Credit Card System debits the card account for the amount, and send
an authorization code to the ATM/CRM via Switch. ATM/CRM, then count the money and
present to the customer.
7. How ATM works in case of not-on-us transaction using an international credit card?
R
Answer: If the transaction is not on-us and the card is an international one, it forwards the transaction
to the appropriate payment association (Visa, MasterCard, JCB, Union Pay etc). The payment
FO
association forward the transaction to its member bank, the Switch of which verifies the card validity,
status, PIN etc and obtains authorization code from its Core Banking System or Credit Card System
and passes this code to the ATM/CRM via payment association and Switch of the acquiring bank.
8. Mention the differences between a lobby type and the through-the-wall type ATM.
T
Answer:
O
THROUGH-THE-WALL
LOBBY TYPE ATM
TYPE ATM
N
12. Why number of times cash is refilled in CRM is lower than that in ATM?
Answer: Unlike an ATM that just allows cash withdrawal, a CRM accepts cash. Sometimes it may
require to remove cash from the CRM if amount of cash deposit is more than cash withdrawal.
LE
13. How bank resolve the issue of cash non-dispensed, but account is credited?
Answer: Sometimes due to error in dispenser or bad note quality, the ATM/CRM can’t count all the
notes requested by the customer. In such a case, normally the ATM/CRM sends a reversal request to
SA
the authorizer via Switch and the authorized credit the non-dispensed amount into the customer
account.
Answer: If a cardholder inserts wrong PIN 3 times, the ATM/CRM captures the card and the card
become hot.
N
Rent of the booth Maintenance charge for ATM/CRM, UPS, CCTV, AC and booth
Electricity cost Proportionate Switching System cost
Link charge Proportionate Data Centre manpower and maintenance cost
Cash sorting and feeding charge Salary of 3 Security Guards engaged in 3 shifts
The one-time cost may vary from Taka 2.00-2.50 million and the monthly recurring cost may vary
from Taka 80,000 - 100,000 per ATM/CRM.
18. How skimming happen and how this can be stopped?
Answer: Skimming is a method used by thieves to capture
payment and personal information from a credit card holder.
Skimming device, mounted on the card entry slot, reads the
bar code of the card. The mini camera records PIN as the
cardholder enters his PIN. After having all those information
fraudster makes a new card and uses it to withdraw money
from the customer’s account.
LE
card information by the skimmers by installing a skimming
machine.
SA
Answer: A Cash Recycling Machine (CRM) is a specialized type of automated teller machine (ATM)
that not only dispenses cash but also accepts deposits and can sort, count, and authenticate deposited
banknotes for reuse in future cash dispensing transactions. In short CRM (Cash Recycling Machine)
= ATM (Automated Teller Machine) + CDM (Cash Deposit Machine).
R
20. How a POS terminal is used for settlement of merchant bill?
Answer:
FO
The acquirer then submits the transaction to the issuing bank for payment via Central
Bank’s or Payment Association’s interchange and settlement system.
O
The funds are deposited in the merchant’s account, and the acquiring bank sends
transaction details to the issuing bank.
N
The card brand transfers funds from the issuing bank to the acquiring bank
The transaction is posted on the cardholder’s credit card statement
21. How a POS terminal id connected to server in datacenter?
Answer:
DATA CENTER SERVER CONNECTION: A POS terminal can communicate with Data
Center using PSTN line or GPRS. PSTN POS terminal requires a telephone line for
communication whereas the GPRS POS terminals uses mobile SIM card for communication.
When a card is swipe or inserted the POS terminal dial to a set number and get connected with
the modem pool of Data Center. After connection, the exchange of information happens.
22. Describe following functions of a POS terminals: Sale, Void, Refund, Pre-auth,
and Cash Advance.
Answer:
LE
SALE: Customer pays for merchandise or service from his/her account.
VOID: Before end of day (Settlement), merchant can cancel the sale and give the money back.
REFUND: After end of day (Settlement), merchant can cancel the sale and give the money
SA
back.
PRE-AUTHORIZATION: Merchant can block some amount of money from the customer's
account for a specific time.
CASH ADVANCE: Customer can use POS to get money from the account. Merchant will
R
give the money to customer instead of goods or service.
FO
24. Describe the following: PIN Pad, Merchant Commission, Interchange fee.
O
Answer:
N
PIN Pad: A PIN pad is required with the POS terminal for cardholder to insert and encrypt his
PIN. To accept Debit card at the POS terminal, the POS terminal must have separate or built-
in PIN Pad.
MERCHANT COMMISSION: A commission in percentage on the sale value, which the
merchant pays to the bank that supplied the POS terminals.
INTERCHANGE FEE: Interchange fee is a term used in the payment card industry to
describe a fee paid between banks for the acceptance of card-based transactions. The
interchange fee is fixed by the central bank or payment associations, such as for MasterCard,
this is, say 1.16%.
25. Narrate the different types of frauds found in POS terminal and their remedies.
Answer:
TRUE FRAUD: One of the most well-known types of POS fraud is what’s commonly
referred to as true fraud. In these cases, a criminal may use a stolen credit card to make a
purchase in-person or online.
CHARGEBACK FRAUD: With this method, a customer will use their credit card to make
a legitimate payment for a good or service but will later contact their bank to deny having made
the payment.
COUNTERFEIT CARDS: In this method fraudsters can get legitimate card details from
LE
skimming. By using this card information fraudsters can purchase goods which is easily
saleable in market.
Prevent POS Fraud: there are a few key ways to help minimize the risk of point-of-sale fraud and
SA
reduce chargebacks.
26. What are the different type of cards? Describe any two of them.
O
Answer: There are many varieties of cards. Most popular cards are listed below:
N
PRE-PAID CARD: These are cards that the customer load with cash and them then use the
card as an alternative to cash. These are generally used for small purchases or to buy on the
Internet.
ATM CARDS: These are also known as a cash card, cash dispenser card or cash machine
card. This card is used in an ATM for cash withdrawals and other banking services.
27. Define the following in relation to cards: Issuer, Acquirer, On-Us transaction, Not
on-us transaction, Remote on-us transaction, Charge back.
Answer:
LE
ATM / POS of their Bank, the transaction is called remote on-us at our bank.
CHARGE BACK: With this method, a customer will use their credit card to make a legitimate
payment for a good or service but will later contact their bank to deny having made the
payment.
SA
28. What is EMV? How it is secured? Why banks should move to EMV? What are the
differences between an EMV card and Chip card?
Answer: EMV stands for Europay-MasterCard-Visa. Europay, MasterCard and Visa jointly devised
a security mechanism called EMV. In an EMV card the information are stored in the computer chip
R
using some computer algorithm which is very difficult to copy and retrieve. EMV has some computer
logic prescribed and certified by Europay, MasterCard and Visa.
FO
MOVE to EMV:
EMV is proven to reduce losses related to fraud
EMV technology is decades more advanced than magnetic stripe
EMV limits your business liability
T
EMV is a set of global standards that make credit card and debit card processing more secure.
Equipped with a better understanding of the importance of secure payments banks should move to
N
EMV.
LE
31. What are the source of income of a bank from credit card business?
Answer: Banks and credit unions, who are responsible for issuing cards, make money from card
holders who pay interest, annual, late fees and more. They also make money from merchants who
want to accept debit or credit cards, collecting merchant processing fees from on their card-based sales.
SA
SOURCES OF INCOME FROM CREDIT CARD ISSUING:
Card issuance fee
Annual / Renewal fee
R
Card replacement fee
PIN re-issue fee
Interest on Outstanding debit balance
FO
32. What do you mean by card personalization? Define card encoding and card
embossing.
T
Answer: Card Personalization means making physical changes to a card such as printing on a cards
surface using die-sub lamination, retransfer or inkjet printing process, laser engraving and adding a
O
foil stamp hologram. Depending on the type and purpose of plastic cards, one can choose various types
of personalization:
N
Encoding of chip-module
Recording of information on the magnetic strip or microchip.
Recording on magnetic strip (HiCo, LoCo)
Imprinting of unique numbers (pin, login) covered with scratch-strip by means of thermo-
printer or bubble jet
Embossing with tipping
A method of mechanically pressing information comprising from letters and digits onto a
plastic card; allows significantly faster payment by imprinting a slip on it.
Imprinting of bar code
33. What are the standard rules to follow by Internet Banking clients?
Answer: When the customer accesses i-Banking for the first time, the system will ask for changing
his password. The customer must change the password as per the password policy of the bank. For
example a bank may have adopted the following password policy:
Length must be min. 6 - max. 12 characters
User ID is not allowed as a part of the password
Password should have at least 1 upper case, at least 1 lower case, 1 numeric digit and no
symbolic characters
Number of identical characters: 2
34. List a few functions of an Internet Banking.
Answer: The customers can perform almost all types of banking activities through i-Banking except
cash transactions. The followings are some i-banking functions:
LE
Account Summary Early and Final Settlement
Account Details Third Party Transfers
Transfer Funds Cheque Book Request
SA
Open new account Change Password
Close account Letter of Credit – Initiate
Loans Repayment
35. What are the common frauds in Internet Banking and how these can be
prevented?
R
Answer: Some common frauds in internet banking are:
FO
Can get the number, outstanding balance and transaction history of all the accounts maintained
by the customer in the bank
Can transfer the money from customer’s one account to the customer’s another account or to
an utility company’s account
Can transfer the money from customer’s account to the fraudster’s account and withdraw
money from ATM
T
To protect the customers from above frauds, Banks may also introduce a mandatory 2-factor
authentication for a 3rd party transfer and LC transmission.
O
36. How phishing is used in collecting Internet Banking log-in ID and Password?
N
Answer: Phishing is collection of user PIN by presenting a fake web-site address to the user. Phishing
is a form of social engineering and scam where attackers deceive people into revealing sensitive
information or installing malware such as ransomware. Attackers commonly use phishing emails to
distribute malicious links or attachments that can extract login credentials, account numbers and other
personal information from victims.
Two-factor authentication means that whatever application or service you’re logging in to is double-
checking that the request is really coming from you by confirming the login with you through a
separate venue. If a password is hacked, guessed, or even phished, that’s no longer enough to give an
intruder access: without approval at the second factor, a password alone is useless.
LE
Answer:
SA
the products they wish to purchase, and
proceeds to check out.
Customer enters payment
information: At checkout, the customer
enters their payment information, such as
credit or debit card details, into the
R
payment gateway provided by the online
store.
FO
Order confirmation: Once the payment has been approved, the online store confirms the
customer’s order and sends a confirmation message to the customer.
Settlement: The payment processor settles the payment with the merchant’s bank account,
usually within a few business days.
Payment reconciliation: The online store reconciles the payment with the order and ensures
that the payment matches the order amount.
40. How an OTP can secure an e-commerce transaction?
Answer: Because an OTP is valid for only a short period of time (usually a few minutes) and can be
used only once, it greatly reduces the chances of fraudulent transactions. Even if a malicious actor
were to gain access to a user's account credentials, they would still need the OTP to complete a
transaction, which adds an extra layer of security.
41. What are the common frauds in e-commerce transaction and what are the possible
remedies?
Answer: Common frauds in e-commerce transactions include:
Identity Theft: Criminals may use stolen personal information to create accounts or make
purchases in someone else's name.
LE
Remedy: Implement strong authentication measures such as two-factor authentication
(2FA) and one-time passwords (OTPs). Educate users on the importance of using strong,
unique passwords.
SA
Phishing: Fraudsters may send emails or create websites that look like they belong to a
legitimate e-commerce business, in an attempt to trick users into providing sensitive
information.
Remedy: Educate users about the dangers of phishing, encourage them to verify website
URLs before entering personal information, and use security technologies like SSL
certificates to secure data.
R
Repudiation: This happens when a customer makes a purchase and then disputes the charge
with their credit card company, often claiming that they didn't make the purchase or didn't
FO
Credit Card Fraud: This occurs when a criminal uses stolen credit card information to make
T
Verification System (AVS), and monitor for suspicious activity that could indicate a stolen
card is being used.
N
42. Mention five MFS activities. Describe any two of them. Why transaction limit is
imposed in MFS? Why MFS is not cheap for customers?
Answer: The MFS activities are summarized below:
Customer registration: Registration of Agents and Merchants by the bank officers and
registration of consumers by the Agents. Customer means Consumers, Agent and Merchants.
Cash: Cash-in/Cash-out through Cash Point (Agent), Bank Branch and ATM
P2P (Person to Person): Fund Transfer from one customer’s mobile account to the mobile
account of another customer (domestic remittance). Fund transfer between bank account and
mobile account of the same customer is also possible.
P2B (Person to Business): Utility Bill payment, Educational fee payment, Mobile Top Up,
Merchant payment, purchase of Bus/Railway/Airline ticket and Cinema Ticket
B2P (Business to Person): Salary disbursement by corporate bodies / Industries / Office etc.
and sending foreign remittance to the mobile accounts by the foreign exchange houses.
P2G (Person to Government): Payment of income tax, city corporation tax etc.
G2P (Government to Person): Disbursement of salary of the primary teachers, elderly
allowance and freedom fighters’ allowances etc.
As the communication using the mobile platform is not 100% secure, the banks do not allow big
amount and large number of transactions using mobile channels. Transaction limits in MFS are
imposed to manage financial risk, comply with regulatory requirements, protect customers, maintain
operational efficiency, and promote financial inclusion.
LE
Mobile Financial Services (MFS) may not always be cheap for customers due to several reasons like
high Operating Costs, Managing a large group of Agents, The initial cost is very high due to high cost
of necessary software and hardware. While MFS has the potential to provide convenient and accessible
financial services, the costs associated with operating and maintaining the platform, complying with
SA
regulations, managing risks, and offering value-added services can make it more expensive for
customers.
43. What are the differences among Bank-led, Non-Bank-Led and Bank-NBFI-Govt-
Lead MFS models?
R
Answer:
GOVERNMENT-LED MODEL
Bank is responsible for customers KYC Mobile company is responsible for customer's KYC
Bank is custodian of each customer’s money and Mobile company is custodian of each customer’s
information money and information
Bank-NBFI-Government has at least 51% of the Mobile company has total ownership
share
T
44. Describe difference between SMS and USSD connectivity media for MFS.
O
Answer:
N
Objective: The objective of Agent banking is to provide banking services to people where banking
services is yet to reach or where expansion of Bank branches is not financially viable. Agent banking
LE
is a cost effective alternative to a bank.
History: Agent banking, inspired by initiatives in South American countries like Brazil, was
introduced in Bangladesh in 2013 by the Bangladesh Bank. In 2017, comprehensive Prudential
SA
Guidelines were issued to regulate agent banking operations in the country. These guidelines cover
aspects such as agent approval, permissible activities, responsibilities of banks and agents, AML/CFT
requirements, customer protection, and business continuity. Following Bangladesh's lead, other
countries like India, Malaysia, Kenya, Pakistan, and the Philippines gradually introduced agent
banking to foster financial inclusion.
R
Strategy: Agent banking in Bangladesh aims to provide a secure, alternative delivery channel for
banking services to the underprivileged and underserved rural population. Initially focusing on deposit
FO
collection, agent banking has evolved to strengthen the rural economy and facilitate digital inclusion
by offering services like lending. Despite a high number of banks, banking services' reach to the
grassroots level remains low. Bangladesh Bank has mandated private banks to open rural branches,
addressing the issue of unbanked rural areas. Agent banking has significantly increased rural
engagement with banks, transaction volumes, and low-cost deposits, and improved living standards.
T
Plans are underway to expand these services to more remote areas, solidifying agent banking as a
potential alternative financial service channel for rural populations and contributing to national
O
economic development.
Recent Status: Agent banking in Bangladesh, introduced in 2016, has swiftly gained popularity
N
among customers, prompting 30 commercial banks to adopt this alternative financial service. As of
June 2022, 16.1 million accounts were opened with deposits totaling Tk280,853.18 million. Its success
is attributed to simplicity, cost-effectiveness, and the comprehensive services it provides, especially
in remote areas. Moreover, it facilitates convenient remittance channels, with Tk970,481.82 million
inward remittances recorded till June 30, 2022. Recently, banks have expanded services to include
small loans, with Tk76,456.33 million disbursed so far.
Distribution led model: In this model money flows from bank to distributor to Outlet to Customer
and vice versa. Agent works as distributor and its main duty is to rebalance the sub-agents or outlets.
Thus outlet does not need to go to the bank branch for rebalancing. Bank’s field forces are posted for
supervision and Auditing the Agents and Sub-Agents and market development.
46. Differentiate between the models: Unit agent model and bank led model.
Answer:
UNIT AGENT MODEL: In the unit agent model, the unit agents are outlets which does not
carry business under an Agent, but reports directly to the Business Development Office. In this
case money flows from bank to Outlet to Customer and vice versa.
BANK LED MODEL: The Bank led model is almost similar to the Unit agent model, but
there is no Business Development Center, but one or two of the Bank’s own officials sit in the
Outlet and directly monitor and assist the agent outlet. Outlet. If the branch of a particular bank
is far away from the Agent Outlet, it become very difficult to rebalance the cash.
47. What are differences among: Agent, Sub-Agent and Unit Agent?
LE
Answer:
AGENT: Agent refers to the entity which will be appointed by a bank to run the agent banking
activities.
SA
SUB-AGENT: Sub-agent is the entity which will work under the agent and run the agent
banking activities in a specific outlet of bank at the customer end point.
UNIT AGENT: The unit agents are outlets which does not carry business under an Agent, but
reports directly to the Business Development Office.
R
48. What kind of banking services are allowed in Agent Banking? Which banking
FO
Account opening
T
Fund Transfer
Withdrawal from ATM
Balance enquiry
Statements
Any other activity as Bangladesh Bank may prescribe from time to time.
Issuance of Loans
Offering Investment Advice
Handling Complex Transactions
Foreign Exchange Transactions
Issuing Bank Guarantees or Letters of Credit
49. Mention a few of the challenges of Agent Banking.
Answer:
50. What is the abbreviation of SWIFT? What are the three different categories of
membership in SWIFT?
LE
Answer: SWIFT: Society for Worldwide Interbank Financial Telecommunication
CATEGORIES:
SA
transmission, may become a member.
Sub-members: A separate legal entity at least 90% directly or 100% indirectly owned by
a member, or foreign branches of a member institution.
Participants: The participants are generally one of the following companies: Brokers and
R
Dealers in securities, exchanges for securities, Money brokers etc
FO
51. Why a bank should become a member of SWIFT? How SWIFT works? What are
the drawbacks of SWIFT?
Answer: The SWIFT provides a network that enables financial institutions worldwide to send and
receive information about financial transactions in a secure, standardized, and reliable manner. It
provides a trusted and standardized way of communicating financial information with Standardization,
T
Secure, Efficient, Reliable, which is crucial in the global financial ecosystem. Becoming a member of
SWIFT is often essential for a bank that wishes to operate internationally and engage in cross-border
O
transactions.
SWIFT payments are transactions made through an intermediary bank that allows you to send/receive
N
electronic payments internationally. The SWIFT network doesn't actually transfer funds, nor is it a
banking system, rather, it sends payment orders between banks using SWIFT codes. All banks engaged
in a SWIFT transfer will move funds from one account to another based on an underlying network of
NOSTRO and VOSTRO accounts. This refers to accounts that banks have opened up with each other
for the sole purpose of executing SWIFT transactions.
53. What are the demerits of manual clearing house? What was the solution to these
LE
issues?
Answer: Manual clearing has the disadvantages like:
SA
There is a time delay for several days even within same clearing house
To clear instruments of outside clearing houses, OBC process takes 1 to 3 weeks’ time
Many manual process & duplication of work
Weak MIS.
R
The Solution is Bangladesh Automated Clearing House which is a computer network-based clearing
and settlement system to exchange of electronic bank instruments among the participating bank.
FO
54. What are the benefits of BACPS? What transactions can be performed using
BEFTN?
Answer:
BENEFITS OF BACPS:
T
Strong MIS
BEFTN FUNCTIONS: BEFTN went live on February, 2011. BEFTN facilitates the
transaction of funds between the banks electronically. It handles transactions like:
Payroll
Foreign remittance
Domestic remittance
Company dividends
Retirement benefits
Corporate payments
Government allowances
SHORT NOTE
Automatic Transaction Machine (ATM)
An ATM, or Automated Teller Machine, is an essential banking tool that provides customers with 24/7 access
to their bank accounts. It allows for cash withdrawals, balance inquiries, and transfers between accounts,
among other functions. Conveniently placed in various public locations, ATMs offer quick, secure
transactions, reducing the need for in-branch visits. While offering significant benefits, ATM users should
exercise caution and remain vigilant to protect themselves from potential security risks such as fraud or theft.
LE
Cash Deposit Machine (CDM)
A Cash Deposit Machine (CDM) is a self-service kiosk that allows customers to deposit cash directly into
SA
their bank accounts. Conveniently available 24/7, CDMs provide a quick and secure alternative to traditional
bank tellers. Customers simply insert their bank card, enter their personal identification number (PIN), and
deposit the cash, which is instantly credited to their account. While CDMs have streamlined the deposit
process, users should still take precautions to ensure their transactions are secure and accurate.
R
Cash Recycling Machine (CRM)
A Cash Recycling Machine (CRM) is an advanced financial service kiosk designed to streamline banking
FO
transactions. It not only accepts cash deposits from customers but also recycles the deposited notes for future
withdrawals. This reduces the bank's dependency on external cash replenishment services. Customers can use
the CRM to deposit cash, check their account balance, and withdraw funds, all in one machine. With its dual
functionality, CRMs enhance operational efficiency and provide a secure, convenient banking experience.
T
Point‐of‐Sale (POS)
O
Point-of-Sale (POS) terminals are electronic devices used by businesses to process card transactions. They
are commonly found in retail stores, restaurants, and other establishments that accept card payments.
N
Customers simply swipe, dip, or tap their card on the POS terminal, which then securely processes the
transaction by communicating with the customer's bank. POS terminals have become essential in modern
commerce, offering convenience for both customers and businesses by enabling seamless and secure cashless
transactions.
Debit card
A debit card is a plastic card linked to a checking or savings account, allowing users to make purchases and
withdraw cash electronically. When a purchase is made, the amount is directly deducted from the linked
account. Debit cards come with a Personal Identification Number (PIN) for secure transactions and can also
be used for contactless payments. They provide a convenient alternative to cash, offering ease of use and
safety for everyday purchases and ATM transactions.
Credit Card
A credit card is a financial instrument that allows users to borrow money up to a predetermined limit for
purchases or cash advances. It provides the convenience of deferred payment, where the user can pay the full
balance by a due date or make minimum payments over time, often with interest. Credit cards often come
with rewards, cash back, or miles, adding value to transactions. They also offer security features and fraud
protection, making them a popular choice for online and in-person purchases.
SMS Banking
SMS Banking is a convenient financial service that enables customers to access and manage their bank
accounts via text messages. By sending specific keywords or codes to their bank, users can check account
LE
balances, receive transaction alerts, and even conduct simple transactions such as fund transfers. SMS
Banking is particularly useful for those without internet access, providing a secure and efficient way to stay
informed and manage finances on the go.
SA
Alert Banking
Alert Banking is a proactive service that provides real-time notifications to customers about their bank account
activity. These alerts, which can be received via SMS, email, or push notifications, include information about
transactions, account balances, and potential security issues. By keeping customers informed about their
R
financial activities, Alert Banking enhances security and helps users manage their finances more effectively.
It is particularly useful for detecting and preventing fraudulent activities in a timely manner.
FO
E‐commerce
E-commerce, or electronic commerce, refers to the buying and selling of goods and services over the internet.
It enables businesses and customers to interact in a digital marketplace, eliminating the need for physical
stores. E-commerce platforms, such as online shops and marketplaces, provide a wide range of products and
T
services, often at competitive prices. The convenience of shopping from anywhere, secure online payment
options, and the ability to compare prices have contributed to the rapid growth of e-commerce globally.
O
M‐commerce
N
M-commerce, or mobile commerce, refers to the use of mobile devices like smartphones and tablets to conduct
commercial transactions online. It encompasses a variety of activities, including shopping, banking, and
payment processing, all optimized for mobile platforms. M-commerce leverages the convenience and
portability of mobile devices, allowing users to access services on-the-go. With features like mobile apps,
digital wallets, and one-click purchasing, m-commerce provides an enhanced and seamless user experience,
driving significant growth in digital consumer behavior.
Mobile Financial Services (MFS)
Mobile Financial Services (MFS) refer to financial services that are accessed and delivered through mobile
devices such as smartphones and tablets. This includes a range of services such as mobile banking, mobile
wallets, and mobile payments. MFS enables users to conduct financial transactions, manage their accounts,
and access financial information from virtually anywhere, providing convenience and accessibility. MFS is
particularly popular in regions with limited banking infrastructure, as it can provide financial inclusion to a
larger population.
Agent Banking
Agent Banking refers to a model where banks utilize authorized agents or third-party representatives to
LE
provide financial services in areas with limited banking infrastructure. Agents, often situated in local retail
stores or post offices, facilitate a variety of banking transactions such as deposits, withdrawals, bill payments,
and account opening. By leveraging the agent network, banks can extend their reach to remote or underserved
communities, promoting financial inclusion and offering greater accessibility to banking services for a wider
SA
population.
Call Center
A Call Center is a centralized facility used by companies to handle customer interactions and inquiries,
R
typically over the phone. Call centers are equipped with trained customer service representatives who provide
assistance, resolve issues, and answer questions. They often use computer-telephony integration systems to
FO
efficiently manage incoming calls. In addition to voice-based services, many call centers now also support
email, chat, and social media interactions. Call centers play a crucial role in maintaining customer satisfaction
and loyalty by providing timely and effective support.
Telex
T
Telex, short for "tele printer exchange," is a now largely obsolete communication system that was widely used
from the 1920s to the 1980s. Telex was once an essential communication tool used for transmitting financial
O
messages and instructions. Before the advent of modern electronic banking systems, Telex was the primary
means for banks to communicate cross-border transactions, issue letters of credit, and settle international trade
N
deals. The system allowed for real-time communication between banks, facilitating efficient and secure
financial transactions. However, with the development of more advanced and secure communication
technologies, Telex has been largely replaced by systems like SWIFT in the banking sector.
SWIFT
SWIFT (Society for Worldwide Interbank Financial Telecommunication) is a global messaging network that
enables secure and standardized communication between financial institutions. It facilitates the exchange of
financial messages, such as payment instructions and transaction notifications, across borders. SWIFT ensures
the reliability, security, and efficiency of international financial transactions, playing a crucial role in global
finance.
CHIPS
CHIPS (Clearing House Interbank Payments System) is a large-value wire transfer system used primarily for
international and domestic financial transactions. It is operated by The Clearing House, a private-sector
financial institution. CHIPS streamlines the movement of funds between banks, enabling swift, secure, and
cost-effective processing of large-dollar transactions. It plays a vital role in the global financial system,
ensuring that funds are transferred efficiently and with minimal risk, facilitating international trade and
commerce.
FEDWIRE
FEDWIRE is a real-time gross settlement funds transfer system operated by the United States Federal Reserve
LE
Banks. It is used for large-value, time-sensitive payments and enables financial institutions to transfer funds
both domestically and internationally. FEDWIRE provides immediate finality of payments, ensuring funds
are quickly and securely transferred between banks. It plays a crucial role in the smooth functioning of the
financial system, supporting liquidity management, and facilitating the settlement of large transactions.
SA
Internet Payment Gateway
An Internet Payment Gateway is a service that facilitates online transactions by securely transmitting payment
data between the customer's bank and the merchant's bank. It acts as an intermediary, verifying the customer's
R
payment information, ensuring sufficient funds are available, and completing the payment process. Payment
gateways are essential for e-commerce businesses, providing a secure and efficient method for processing
FO
credit card and other electronic payments. They enhance the online shopping experience by offering
convenience and security to both customers and merchants.
Phishing
Phishing is a cybercrime in which attackers deceive individuals into revealing sensitive information, such as
T
usernames, passwords, and financial details, by impersonating a trustworthy entity. Typically conducted
through fraudulent emails, messages, or websites, phishing schemes often appear legitimate, enticing victims
O
to interact with malicious links or attachments. Successful phishing attacks can lead to identity theft, financial
loss, and unauthorized access to personal accounts. Awareness and vigilance are essential in protecting oneself
N
Two‐factor authentication
Two-factor authentication (2FA) is a security measure that requires a user to provide two separate forms of
identification before gaining access to an account or system. In addition to a password or PIN (something the
user knows), 2FA often involves a second factor, such as a temporary code sent to a mobile device (something
the user has) or a biometric feature like a fingerprint (something the user is). 2FA enhances security by making
it more difficult for unauthorized users to gain access to sensitive information.
Review Questions
LE
iv) Which bandwidth is required for ATM communication?
a) 64 kbps b) 1 Gbps c) 16 kbps d) 512 kbps
v) Why a card become a hot card and thus captured by ATM?
SA
a) Insufficient cash in ATM b) Insufficient balance in account
c) Wrong PIN used 3 times d) Wrong amount inserted 3 times
vi) Which of the following is a card fraud?
a) Skimming b) Clustering c) Replication d) Encryption
R
vii) Which of the following is not a POS transaction?
a) Sale b) Void c) Refund d) Buy
viii) Pre-authorization transaction in POS is usually used in which merchant?
FO
i)In case of cash non-dispensed from ATM, the cardholder should report to card issuing bank
ii) Bangladesh Bank is the 2nd generation member of use groups of SWIFT in
Bangladesh.
v) There are two types of ATMs: Lobby Type and Through-The-Wall type.
LE
vi) EMV stands for Europay-MasterCard-Visa.
SA
viii) The captured cash of ATM is stored in reject bin.
x) A POS terminal can communicate with Data Center using PSTN or GPRS.
R
xi) Recording of information on the magnetic strip is called Encoding.
FO
xii) In the EMVCo, Amex, JCB, MasterCard and VISA each have 25% share.
xiii) Phishing is collection of user PIN by presenting a fake web-site address to the user.
xiv) Buying and selling of goods and services over internet is called E-commerce.
T
xv) SWIFT stands for Society for Worldwide Interbank Financial Telecommunication.
O
LE
ICT Security, Cyber Security,
ICT Risk Management,
Security Standards and
Regulations,
SA
Guideline on ICT Security for
Scheduled Banks and Financial
Institutions published by the
LE
SA
2. Why Data Centers are very important part of ICT risks?
Answer: A key benefit of a data center is the ability to centralize data management. Businesses can
store all their data in one place, making it easier to manage and analyze, improving efficiency, reducing
R
duplication of effort, and providing better insights into business operations. From simple breakdown
to a major one in data center system can cause Hugh financial and operation loss for any institution.
Because of the critical role that data centers play in the operation of organizations and the significant
FO
risks associated with them, it is essential for organizations to implement robust risk management
strategies to protect their data centers and the valuable data they house.
Business Continuity Threats: Business continuity risk refers to threats or risks that disrupt
the functioning of a business. This is one kind of threat occurs from server or equipment failure
O
in the Data Center for which the system remains unavailable to the users and customers.
Classification Business Discontinuity: The business discontinuity may be classified as under:
N
Simple Breakdown: System may remain unavailable for a few minutes to hours.
Major Shutdown: System may remain unavailable for several hours or weeks.
Data Center Collapsed due to Natural Calamity like Earthquake, Flood and Cyclone:
The system may remain unavailable for a week to months.
Unsatisfied or Corrupt Employee: Corrupt employees of a bank can steal data or information
and handover to the hackers.
Database Breaching: a data breach exposes confidential, sensitive, or protected information
to the hackers.
5. List different threats related to MFS and their remedies.
Answer:
MFS Threats:
MFS provider allows the account to operate only after receiving a call from the genuine
LE
SIM holder.
NID verification before activation of MFS account
Properly filled-up KYC
Awareness campaign can help to educate customer not to be deceived.
NID Verification before activation of MFS account
SA
Arresting OTC (Over The Counter) Transactions
Use of Sanction Screening System & Transaction Monitoring Software
Cash-out may be made through a registered bank account with any bank.
6. Describe ATM Skimming and POS Skimming? Where you can use the anti-
skimming device?
R
Answer:
FO
ATM Skimming: Skimmers attach a device on the card slot of an ATM and collect card
information. A camera is used to record ATM PIN. Then the fraudster creates a duplicate card
(called card cloning) using the collected information and withdraws money from ATM using
the card and PIN.
POS Skimming: Some corrupted salesman in super shops also keep skimming device under
his table and sweep the customers card in the skimming device before he really use it in the
T
device. Skimming device can’t copy data from chip of a debit or credit card.
Answer: If hackers can gain control of the ATM controller (called Switch), he can send signals to the
ATM machine which indicates that ATM has to dispense money. In this way, the ATM start dispensing
money without any card and an associate of the hacker collects the cash and go away. This is called
ATM Jackpotting.
Distributed Denial of Service (DDoS): A DDoS attack is done by fraudster to shut down a
website, machine or network of a bank, making it inaccessible to its clients.
Ransomware: Ransomware is a type of malicious software that blocks access to the users in
to their system or computer unless a ransom is paid.
Malware: Malware is a software that is specifically designed to disrupt, damage, or gain
unauthorized access to a computer system.
10. What is hacking? How money is unauthorized transferred from the client’s
account by the Hackers?
Answer: Hacking is the unauthorized access to or control over computer network security systems for
some illegal purpose. Hacking involves a variety of specialized skills, most of which are very
LE
technical. Others are more psychological.
Unauthorized transferred: The hacker constantly tries to gain access to the banking system
for years together. If he can find a loophole in the security system, using that loophole the
SA
hacker gets access in to the banking network. Then he transfers fund from a customer’s account
to another bank account or withdraw money directly from the hacked account.
11. Why Swift and Credit Card is in the risk of cyber treat in Bangladesh?
Answer: SWIFT system and Credit Card System maintain customer’s balance in USD which is
convertible from anywhere in the world. In Bangladesh, virtual world is not that much secure as it
R
should be. A talented hacker can easily manipulate our cyber security and find its weakness and loop
holes. With that in hand hacker can transfer clients fund to any foreign account and withdraw money
directly or indirectly. This is why Swift and Credit Card is in the risk of cyber treat in Bangladesh.
FO
Crypto-currency remains anonymous because no KYC is done for the user. By knowing this I can
summarized that this currency is a threat.
O
13. Put your suggestions to minimize ICT risk and Cyber Treats.
Answer: To minimize the threats arises from Banking Automation, it is required by the banks to setup
N
an independent IT Security Department. Also the Banks need to ensure the followings:
Setting up Data Center, DRS and Near Data Not to use pirated software,
Center Updating drivers regularly,
Setting up well-structured IT infrastructure, Reviewing patches regularly,
Obtaining PCI-DSS and ISO27K certification, Taking measures to stop zero-day
Placing and configuring the following network attracts, and
equipment properly Regularly investigating with Cyber
Firewall Security experts
IPS Conducting employee awareness
WAF (web application firewall) program,
Email security gateways
Web Security gateways,
14. Differentiate between Security Standards and Regulations.
Answer:
Security Standards: IT security standards or cyber security standards are techniques generally
outlined in published materials that attempt to protect the cyber environment of a user or
organization. It’s a set of rules which an enterprises may follow to improve their IT security.
Regulations: In simple terms, a regulation is a set of rules outlined by the government that
must be followed as a minimum standard. Rules which an enterprise must follow to avoid
penalties.
LE
Sarbanes-Oxley Act of 2002 (SOX): Internal controls and financial disclosures
Gramm-Leach- Bliley Act of 1999: Security of customer records
Health Insurance Portability and Accountability Act (HIPAA): Personal health
information in electronic form
SA
BS7799 / ISO 17799: Information Security Management System (ISMS) of any enterprise
Guideline on ICT Security for schedule Banks and Financial Institutions: Security of IT
assets and customer data
PCI-DSS: Securing flow and storage of card related data and information
ISO 27000: ICT systems of any enterprise
R
16. Why Banks should acquire “Certification” on popular “Security Standards”?
Answer: Banks should acquire Certification on Security Standards for the following reason:
FO
17. Write ten important points covered in the guideline on “ICT Security for
N
LE
Answer:
SA
Provide guidance related to risk, funding, or sourcing;
Ensure project priorities and assess feasibility for ICT proposals;
Consult and advise on the selection of technology maintaining standards;
Ensure compliance with regulatory and statutory requirements;
Ensure ICT architecture reflects the need for legislative and regulatory compliance.
R
III. Narrate the roles and responsibilities of ICT Security Committee.
Answer:
FO
Ensure development and implementation of ICT security objectives, ICT security and risk
related policies and procedures;
Provide ongoing management support to the Information Security processes;
Ensure continued compliance with the business objectives, regulatory and legal requirements
T
Periodic review and provide approval for modification in ICT Security processes.
IV. What is ICT Risk Governance? e) What do you know about Change
Management?
Answer:
ICT Risk Governance: ICT Risk Governance refers to the set of practices and processes used
to identify, assess, manage, and monitor risks associated with the use of information and
communication technologies within an organization. The goal of ICT risk governance is to
ensure that the organization's ICT assets are secure, reliable, and available when needed, while
also complying with relevant laws, regulations, and policies.
Change Management:
LE
Incident Management: An incident is an event that could lead to loss of, or disruption to, an
organization's operations, services or functions. Incident management (IcM) is a term
describing the activities of an organization to identify, analyze, and correct hazards to prevent
a future re-occurrence.
SA
BYOD: Bring your own device also called bring your own technology (BYOT), bring your
own phone (BYOP), and bring your own personal computer (BYOPC) it refers to being
allowed to use one's personally owned device, rather than being required to use an officially
provided device.
R
VI. What do you mean by Physical Security of Data Center?
Answer: Physical security of a data center refers to the protective measures taken to prevent
FO
unauthorized access, damage, or theft of equipment and data housed within the facility. This includes
access control systems like biometric scanners and card readers, surveillance cameras, alarm systems,
secure doors and windows, and environmental controls to protect against fires, floods, and other
disasters. Ensuring the physical security of a data center is crucial to safeguard the data and IT
infrastructure critical to an organization's operations.
prioritizing, and categorizing emails, making it easier to find and respond to critical messages
promptly. It also reduces the risk of data breaches by securing sensitive information and
preventing spam and phishing attacks. Proper email management can also aid in legal
compliance by maintaining records of important correspondence. Overall, it streamlines
workflows and keeps the inbox manageable, leading to a more organized and focused work
environment.
User Access Management: User Access Management (UAM) is the process of identifying,
tracking, controlling and managing a specified users' access to a system or application.
Business Continuity Plan: It is a system of prevention and recovery from potential threats to
a company. It is a document, which contains information about managing business assets, such
as HRM and supplies and equipment, data backups, business partners, key personnel, etc.
VIII. What is Disaster Recovery Plan? What points to be considered during In-
house Software Development?
Answer:
Disaster Recovery Plan: Disaster Recovery Plan is an essential strategy that defines the steps
to be taken in the event of an unexpected disaster that disrupts normal business operations. It
helps organizations minimize the impact of a disaster on their operations, assets, and
employees and to resume normal business functions.
Software and systems shall be established and applied to developments within the
organization.
Ensure secure software development processes based on industry standards like
LE
OWASP Development Guide or SANS coding guide etc.
Developed functionality according with design specification and documentation.
Software Development Life Cycle (SDLC) shall be followed and conducted in the
development and implementation stage.
SA
Source code must be available with the concerned department and kept secured.
Source code shall contain title area with author name, date of creation, last date of
modification and other relevant information.
Changes to systems within the development lifecycle shall be controlled using
formal change control procedures.
R
The whole system development lifecycle must be established and properly
protected by organizations.
FO
Ensure that online access and transactions made over the internet are sufficiently safeguarded
O
and authenticated
The Organization shall implement a strong password policy
Evaluate security requirements associated with its internet banking system
N
Formulate Security policy by considering technology security aspects and operational issues
Ensure that information processed, stored or transmitted between the bank and its customers
is accurate, reliable and complete.
Implement appropriate processing and transmission controls to protect data integrity
Implement Multi-Factor Authentication (MFA) for all types of online financial transactions.
Online session needs to be automatically terminated after a fixed period unless the customer is
re-authenticated
Implement monitoring or surveillance systems to follow-up abnormal system activities
transmission errors or unusual online transactions.
Take appropriate measures to minimize exposure to any kind of attacks such as man-in-the-
middle attack (MITMA).
X. What security mechanism should be undertaken by banks to secure its
Credit Cards?
Answer:
Sensitive card data should be encrypted both in storage and transmission to maintain
confidentiality and integrity.
Sensitive or confidential information should be processed in a secure environment.
The organization should perform the authentication of customers' sensitive static information,
such as PINs or passwords, not a third-party payment processing service provider.
Regular security reviews should be performed on the infrastructure and processes being used
by service providers.
Equipment used to generate payment card PINs and keys should be managed securely.
Payment cards and related PINs should be sent to the customer securely.
Card personalization, PIN generation, Card distribution, PIN distribution, Card activation
LE
groups should be segregated from each other.
The organization must comply with industry security standards like PCI DSS.
New payment cards should only be activated upon obtaining both the customer's
acknowledgment and call confirmation/OTP verification.
SA
Cards should be captured if the wrong password is attempted more than three times.
Undelivered and inactivated cards should be destroyed within a stipulated period.
Promptly notify cardholders via transaction alerts including source and amount for any
transactions made on their payment cards.
Set out risk management parameters based on the risks posed by cardholders, the nature of
transactions, or other risk factors to enhance fraud detection capabilities.
R
Implement solutions to follow up on transactions exhibiting behavior that deviates significantly
from a cardholder's usual card usage patterns, and investigate and obtain cardholder
authorization before completing such transactions.
FO
PCI-DSS certification: Banks should undertake PCI-DSS certification to ensure the security
T
of cardholder data, protect against data breaches, and build customer trust. The certification
demonstrates compliance with industry security standards, which is essential for safeguarding
O
History: BSI's BS 7799, developed in the 1990s, was officially adopted in 1995 as a standard
for information security. ISO adopted its first part as ISO 17799 in 2000. A revised version in
1999 and 2002 ensured alignment with other management standards. Ongoing international
consultations aim to keep BS 7799/ISO 17799 current with the latest developments in
information security.
21. What is ISO 27001? Write Why banks should acquire certification on ISO 27001
standard? What are the 14 domains of ISO 27001?
Answer: ISO 27001 is the international standard that provides the specification for an information
security management system (ISMS). ISO 27001 is technology and vendor neutral and is applicable
to all organizations irrespective of their size, type or nature. The Standard is designed to help
organizations manage their information security processes in line with international best practice while
optimizing costs.
LE
Offers organization-wide protection
Helps respond to evolving security threats
Reduces costs associated with information security
Protects confidentiality, availability and integrity of data
SA
Improves company culture
22. What is a Cyber Law? Narrate any five of the Cyber Crime activities.
Answer: Cyber law is the area of law that deals with the Internet's relationship to technological and
T
electronic elements, including computers, software, and hardware and information systems (IS). Cyber
law is also known as Cyber Law or Internet Law.
O
Cyber Crimes:
N
Unauthorized access & Hacking: Means any kind of access without the permission
of either the rightful owner or the person in charge of a computer, computer system or
computer network.
Trojan Attack: A Trojan comes attached to what looks like a legitimate program,
however, it is actually a fake version of the app, loaded up with malware.
Virus and Worm attack: A program that has capability to infect other programs and
make copies of itself and spread into other programs is called virus.
E-mail related crimes:
LE
preferences, financial status etc.
23. Describe ICT Act and mention applicable fields of ICT Act-2006.
Answer: The main objectives of the Information and Communication Technology Act-2006 are to:
SA
Eliminates barriers to e-commerce,
Promotes legal and business infrastructures to secure e-transactions,
Facilitates electronic filing in government agencies,
Ensures efficient delivery of electronic records from government offices,
Help maintain the latest technology by freeing it from nuisance as punitive provisions
publishing obscene or defamatory information in electronic form,
R
Ensures ten years imprisonment and a fine of up to Taka 10 million (Tk.1.00 Crore) or both,
for the cyber offenders
Powers of Police Officers and Other Officers,
FO
A Negotiable Instrument
The creation, performance or enforcement of a power of attorney
T
A Trust
A Will
Any Contract for the Sale or Conveyance of Immovable property or any interest in such
O
property
Documents of title
Any such class of documents or transactions as may be notified by the Government in the
N
Official Gazette.
I. Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage
to the public or any person, destroys or deletes or alters any information residing in a computer
resource or diminishes its value or utility or affects it injuriously by any means, commits
hacking.
II. Whoever commits hacking shall be punished with imprisonment up to ten years, or with fine
not exceeding Taka one crore, or with both.
Review Questions
i) Near Data Center (NDC) is built in -------- for quick start of operation in case of major or minor
breakdown in Data Center (DC).
a) Same City b) Different City c) Same Seismic Zone d) Different Seismic Zone
LE
iii) Which of the following is a remedy for Application Server non-functioning?
a) Active-active clustering b) Network Load Balancing c) Redundant UPS d) Active-
Standby System
SA
iv) To prevent unauthorized use of cards in an e-commerce site, Card issuing bank deliver a -----
token to the cardholder for use during e-commerce transaction.
a) OTP b) 2FA c) POS d) ATM
v) Ransomware is a type of malicious software that block access to users in to their IT system
R
unless a -------- is paid.
a) Dollar b) Bitcoin c) Ransom d) Taka
FO
vi) A ------- is first sent to many employees of a bank as attachment of a email narrating
attractive offeres.
a) Hacker b) Database c) Router d) Malware
i) For the first time, IT professionals started protecting their database and network placing
firewall on the network.
ii)To keep the data safe and available in case of any disaster, IT professionals built Disaster
Recovery Site (DRS) and Near Data Center (NDC).
Unsatisfied employee or corrupt employees may steal data and handover to the hackers.
LE
iii)
SA
v)A chip card can prevent skimming of cards in ATM.
hacking.
T
O
N
Module-E: Document
Handling Systems,
Additional Banking
Applications & Other
Aspects
LE
Cheque Processing Systems
such as Clearing and
Settlement Systems, MICR,
RTGS, BACH (BACPS & BEFTN)
SA
and additional Banking
Applications like ERP
Software, CRM Software, E-
mail software, Anti-Virus and
anti-malware software.
R
FO
T
O
N
1. What is a Cheque Processing System? Name four clearing systems that are in
operation in Bangladesh.
Answer: Cheque Processing System is the process of moving a check and its accompanying funds
from an account with one bank to an account with a different bank. In short is a means by which funds
are transferred among financial institutions, businesses, and persons.
LE
2. Narrate the conventional cheque clearing process.
Answer: The manual cheque clearing process in Bangladesh involves several steps:
SA
Deposit of Cheque: The first step in the manual cheque clearing process is the deposit of the
cheque by the payee at their bank.
Verification of Cheque Details: The bank staff will verify the details on the cheque, such as
the date, the payee's name, the amount in words and figures, the signature of the drawer, and
the cheque number. The bank staff will also check if there are any alterations on the cheque.
Endorsement and Stamp: If the cheque is for an account payee only, the bank staff will
R
endorse the cheque at the back with the account number of the payee and put the bank's stamp
on it.
Clearing House: The cheque is then sent to the clearing house, which is an entity where banks
FO
Settlement: The amounts are then settled among the banks through the clearing house.
Credit to Payee's Account: If the cheque is valid and has been cleared, the payee's bank will
O
of the banks involved and the clearing cycle followed by the Bangladesh Bank.
Answer:
MICR: MICR means Magnetic Ink Character Recognition which is a recognition technology
based on characters printed with magnetic ink/toner and processed by being magnetized and
sensed magnetically.
Security characteristics of MICR cheque:
Watermark Magnetic Ink Erasable Ink Microprint
Chemical sensitivity Invisible UV (Ultra-violet) Fluorescent
Cheque Truncation: Cheque Truncation is the process of stopping the flow of the physical
cheque issued by a drawer to the drawee branch. The Cheque Truncation System, CTS
visualizes a safe, secured, faster and effective system for clearing of the cheques. The banks
will send the captured images and data to the central clearing house for onward transmission
to the payee/ drawee banks.
RTGS: Real Time Gross Settlement (RTGS) systems are funds transfer systems where transfer
of money or securities takes place from one bank to another on a "real time" and on "gross"
basis. Real time means no waiting period and Gross settlement means the transaction is settled
on one to one basis without bunching or netting with any other transaction.
4. What is BACH? What are the two parts of BACH? Narrate them.
Answer: Bangladesh Automated Clearing House also known as BACH is the first ever electronic
clearing house of Bangladesh. In BACH transactions received from the banks during the day are
LE
processed at a pre-fixed time and settled through a single multilateral netting figure on each individual
bank's respective books maintained with the Bangladesh Bank.
SA
BACPS (Bangladesh Automated Cheque Processing Systems): BACPS (Bangladesh
Automated Cheque Processing System) means a facility that electronically clears cheques and
approves payment items for Bank companies.
5. What is a large value cheque settlement? How this is different than the normal cheque
settlement? What are the current timing in force for different clearing systems?
Answer: Large value cheque or High value cheque means settlement cheque for amounting taka 5.00
(Five) lacs and above. Checks of minimum 500,000 taka can be caught in High Value, this value is
usually settled before 2:30, so the customer's account is credited before the end of the loan, if the
T
customer wishes, he can withdraw from the account before the end of the transaction time.
Large value or High value cheque should be more than 5 lacs where regular value cheque is less than
O
5 lacs. High value cheque get more priority for settlement than regular value cheque.
RV clearing presentment cut off time is at 12:30 and return cut off is at 17:00
6. How MICR differs from a bar code? How cheque truncation helps to stop physical
movement of cheque?
Answer: MICR is a character scanning technology but it utilizes magnetic ink and special characters.
MICR is a character recognition technology used primarily by the banking industry to facilitate the
processing of cheques. Bar code is a machine-readable code in the form of numbers and a pattern of
parallel lines of varying widths, printed on a commodity and used especially for stock control.
Cheque truncation is a system where the physical movement of a cheque is replaced by its electronic
image and related information. Cheque truncation drastically reduces the time required for the
payment of cheques and lowers the cost associated with the physical transportation of cheques.
7. What is PBM or participating Bank module in clearing system?
Answer: Participating Bank Module means the software and associated hardware that manages the
transmission and receipt of BACPS Cheque Envelopes, acknowledges receipt and interfaces with
participating Bank’s host systems. The inward processing deals with accepting inward presentment
data and images from the Clearing House and providing data in the form of files for use within the
bank's in-clearing system. The PBM checks the outgoing check envelopes sent by the capture system
against the validation. The PBM provides response files that include details about the acceptance or
rejection along with the contents in each file together with the applicable reason codes.
8. What are the benefits of a cheque truncation system over a traditional cheque clearing
system?
Answer: Some of the benefits of such system are:
LE
Faster clearing cycle
Better reconciliation/ verification process
Better Customer Service, Enhanced Customer Window
T+0 or T+1 day clearing
SA
Elimination of Float. Incentive to shift to Credit Push payments
The jurisdiction of Clearing House can be extended to the entire country
Operational Efficiency will benefit the bottom lines of banks
Minimizes Transaction Costs
Reduces operational risk by securing the transmission route
R
9. What is the basic difference between RTGS and BEFTN?
Answer: The main difference between RTGS & BEFTN are:
FO
T
O
N
10. What is routing number? What are the significance of digits of a routing number?
Answer: Routing numbers are nine-digit numbers that identify the bank or financial institution in a
transaction. Account and routing numbers work together to identify your account and ensure that your
money ends up in the right place. The routing number comprises of 9 digits. The first 3 digits are Bank
codes, next 2 digits are district codes, following 3 digits are branch code and the last digit is the check
digit.
11. Why ERP software is used in banks? Name a few components or modules of an ERP
system. Name two renowned commercial ERP software. Who are manufacturer of
them?
Answer: ERP (Enterprise Resource Planning) is an integrated computer-based system used to manage
internal and external resources, including tangible assets, financial resources, materials, and human
LE
resources.
Module:
SA
Financials Customer Relationship Management
Distribution (CRM)
Human Resources Supply chain management software
Product lifecycle Purchasing
management Manufacturing
Distribution
R
Management
Warehouse Management System
Portal/Dashboard
Decision Support
FO
System
In a Bank, the following modules may be useful:
Purchasing
Distribution
O
SAP Enterprise Resource Planning (SAP ERP) software form SAP (Systems Analysis and
Program development)
PeopleSoft ERP from Oracle
12. What are the advantages and disadvantages of ERP system?
Answer:
Advantages:
Allows easier global integration
Updates only need to be done once to implemented company-wide
Provides real-time information, reducing the possibility of redundancy errors
May create a more efficient work environment for employees
Vendors have past knowledge and expertise on how to best build and implement a system
Disadvantages:
Locked into relationship by contract and manageability with vendor –
Inflexibility
LE
Return on Investment may take too long to be profitable
Implementations have a risk of project failure
13. Why a CRP software is used in a bank? Brief in short the fields of application of a
SA
CRM software.
Answer: CRM (Customer relationship management) is a widely-implemented strategy for managing
a company’s interactions with customers, clients and sales prospects. It involves using technology to
organize, automate, and synchronize business processes not only principally sales activities, but also
those for marketing, customer service, and technical support. Bank and other financial institutions has
R
service oriented business where it has to maintain certain relationship clients. CRM helps to run those
business smoothly and resolve any kind of issues arise from it.
FO
The three phases in which CRM support the relationship between a business and its customers are to:
Acquire: CRM can help a business acquire new customers through contact management,
selling, and fulfillment.
Enhance: web-enabled CRM combined with customer service tools offers customers service
from a team of sales and service specialists, which offers customers the convenience of one-
T
stop shopping.
Retain: CRM software and databases enable a business to identify and reward its loyal
O
customers and further develop its targeted marketing and relationship marketing initiatives.
Fields of application:
N
Sales force automation: Sales force automation (SFA) involves using software to streamline
all phases of the sales process, minimizing the time that sales representatives need to spend on
each phase.
Marketing: CRM systems for marketing help the enterprise identify and target potential
clients and generate leads for the sales team.
Customer service and support: CRM helps them improve their clients’ experience while
aiming to increase efficiency and minimize costs.
Analytics: Applications for sales, marketing, and service generally included useful analytics
capabilities.
Integrated/Collaborative: CRM enabled more fluidity and cooperation across sales, service,
and marketing.
14. Narrate the importance of an email software. Narrate in brief the four commercially
used email systems?
Answer: Electronic mail, commonly called email or e-mail, is a method of exchanging digital
messages across the Internet or other computer networks. Email is important for communication
because it allows users to send information in letter format, and email replaced traditional mail options.
Emails can be more beneficial for communication because they can often include text, documents and
multimedia, like photos and videos. Email is important because many people may use it daily to
communicate with others and learn more about businesses. Because email is free and available across
different platforms, almost anyone can have an email address. This can be an effective and safe way
for team members to communicate, especially when some members of the team are remote or not in
the office.
LE
Send mail: The Simple Mail Transfer Protocol (SMTP), which is used for email transit over
the Internet, is supported by the general-purpose internetwork email routing service known as
Send mail.
Q-mail: Q-mail is a mail transfer agent (MTA) that runs on UNIX. It a more secure
SA
replacement for the popular Send mail program.
Microsoft Exchange Server: Microsoft Exchange Server is the server side of a client–server
consist of electronic mail, calendaring, contacts and tasks which supports for mobile and web-
based access to information; and support for data storage.
Lotus Domino: IBM Lotus Domino software is a world class platform for critical business,
R
collaboration, and messaging applications.
15. What is the difference between Virus and Malware? Name a few available Virus and
FO
Malware.
Answer:
Virus:
T
Crypto Locker
I Love You
O
My Doom
Storm Worm
Anna
N
Kournikova
Malware:
Ransomware
File Less
Spyware
Adware
Trojan
16. How an anti-virus software and an anti-malware software differs from each other?
Name five of each of the anti-virus software and an anti-malware software.
Answer:
LE
SA
R
FO
FRTMD: Forex Reserve and Treasury Management ERP: Enterprise Resource Planning
O
LE
Payee & legal amount area Magnetic Ink
Account title Erasable Ink
Cheque number & Date area Microprint
Convenience amount Invisible UV (Ultra-violet) Fluorescent
SA
Chemical sensitivity
Area Digit
Cheque serial number 07
Routing number 09 Bank code - 03
R
District code - 02
Branch code - 03
FO
Cheque Type - 01
Account number 13
Transaction code 02
Total 31
T
Cheque truncation
O
Cheque truncation is a process that eliminates the need for physical movement of cheques between banks. It
involves capturing and transmitting electronic images and relevant information related to the cheque, such as
the MICR fields, date, and payee name. This digital exchange of cheque data accelerates the clearance process,
N
reduces handling costs, and minimizes the chances of fraud. Cheque truncation enhances operational
efficiency, improves customer experience, and contributes to the overall modernization of the banking sector.
LE
banks is replaced by electronic exchange of cheque images and data. This digital information is then
transmitted electronically to the paying bank through BACPS. The system will support both intra-regional
and inter-regional clearings. It forms a vital component of the country's financial infrastructure, enhancing the
overall efficiency of the banking sector.
SA
Bangladesh Electronic Funds Transfer Network (BEFTN)
The Bangladesh Electronic Funds Transfer Network (BEFTN) is a key component of the financial
infrastructure in Bangladesh, designed to facilitate the electronic transfer of funds between banks and other
R
financial institutions. Operated by the Bangladesh Bank, BEFTN allows for fast, secure, and cost-effective
processing of electronic payments, such as credit transfers and direct debits. One of the major benefits of
BEFTN is its ability to facilitate real-time fund transfers, enabling instant transfer of money between
FO
participating banks. This improves liquidity management for businesses and individuals, enhances payment
efficiency, and reduces the settlement risk associated with delayed payments. BEFTN plays a crucial role in
modernizing the payment landscape in Bangladesh, fostering financial inclusion, and driving the country
towards a cashless economy.
T
day-to-day activities. It helps streamline processes by collecting, storing, managing, and interpreting data
from various business activities. One of the primary benefits of an ERP system is that it integrates the various
N
functions of an organization into a single, unified system. This integration enables better information flow
and data consistency across the organization, reducing data silos and improving decision-making. Overall, an
ERP system helps organizations increase their efficiency, streamline their processes, and improve their overall
performance, making them more competitive and successful in the long run.
Anti‐Virus software
Antivirus software is a critical tool designed to detect, prevent, and remove malicious software from
computers and networks. It scans files, emails, and web traffic for potential threats, such as viruses, worms,
Trojans, and spyware. By employing heuristic analysis, signature-based detection, and behavior monitoring,
LE
antivirus programs help safeguard systems against data breaches and cyber-attacks. Regular updates ensure
that the software remains effective against new and evolving threats, making antivirus essential for
maintaining digital security and protecting sensitive information. There are number of popular antiviruses
available in the market such as MacAfee, Kaspersky, NOD32, Avast, AVG etc. Some antivirus companies
SA
provide web security, email security, desktop management, PC solution, IDS (Intrusion Detection System),
firewall as part of antivirus software package. For example, Kaspersky antivirus comes up with firewall and
email security. Sometimes extra subscription fee is charged for each new module added to the antivirus
software.
R
Anti‐Malware Software
Anti-malware is a comprehensive term that encompasses various software programs designed to detect,
FO
prevent, and eliminate malicious software from computer systems and networks. Unlike traditional antivirus
tools, anti-malware solutions often focus on a wider range of threats, including viruses, worms, Trojans,
spyware, adware, ransomware, and potentially unwanted programs. These applications use various
techniques, such as signature-based detection, heuristic analysis, behavior monitoring, and sandboxing, to
identify and neutralize harmful software. By providing real-time protection and conducting regular system
T
scans, anti-malware tools play a crucial role in maintaining a computer's security and integrity, safeguarding
data, and ensuring optimal performance.
O
Bit‐Coin
N
LE
a) Manufacturing b) Supply Chain Management c) Human Resources d) Credit Card
SA
i) BACPS stands for Bangladesh Automated Cheque Processing Systems and BEFTN stands for
R
Bangladesh Electronic Funds Transfer Network.
ii)
iv) The first clearing starts at 10:30am and the returns of the same occur at 05:30pm.
T
vi) The major MICR fonts used around the world are E-13B and CMC-7.
N
vii) For clearing purpose, Bangladesh Bank provided all Banks a software called Participating
Bank Module.
Module-E: Document
Handling Systems,
Additional Banking
Applications & Other
Aspects
LE
Fintech, RegTech and TechFin,
Virtual Banking, Basic Crypto
Currency, Block Chain
SA
Technology, Cloud computing,
Internet of Things (IOT),
Machine Learning, Data
Mining,
Intelligence.
T
O
N
1. What is the differences between FinTech and TechFin? Name a few of the FinTech
solutions in use in Bangladesh.
Answer:
FinTech: Fintech refers to the financial companies that used technology and innovation to compete
with traditional financial methods in the delivery of financial services. Online banking, internet
banking, debit card, credit card, ATM, MFS, agent banking, mobile apps are the example of FinTech
for banks.
TechFin: TechFin refers to a technology company that has launched a new way to provide financial
services, one that is integrated into the company’s own management system. Take in companies are
social media company like Facebook Google e-Commerce companies like Amazon
telecommunication companies like GrameenPhone, Robi, Banglalink etc.
LE
The most well-known solutions using FinTech in Bangladesh are NexusPay, ROCKET, bKash,
Nagad, UPay, SSLCommerz, iFarmer, PayWell, D-money etc.
SA
Things, Machine learning, Data mining, and Data Warehouse.
Answer:
RegTech: RegTech is a subset of FinTech that focuses on technology's that may facilitate the delivery
of regulatory requirements more efficiently and effectively then existing capabilities. Perfect RegTech
R
example is electronic know your customer or e- KYC by which bang can identify the people who want
to open new accounts digitally.
FO
Virtual Banking: Virtual/Digital Banking refers to the act of accessing banking institutions and their
functions online without having to make a physical appearance at the bank branches. This is possible
by extensive use of technology in the banking.
Cloud Computing: Cloud computing is a service model that allows information technology (IT)
customers to obtain computing resources over the internet. Cloud computing is the delivery of
T
computing services including servers, storage, databases, networking, software, analytics, and
intelligence over the Internet.
O
Internet of Things: The Internet of Things (IoT) is a computing concept that describes the idea of
everyday physical objects being connected to the internet and being able to identify themselves to
N
other devices and send and receive data. IoT describes the network of physical objects things like
mobile phone, electrical appliances, barcode sensors, traffic lights etc.
Machine Learning: When a computer is configured to learn on its own using historical data and
information with the help of thousands of extensive statistical and mathematical models, this is
referred to as machine learning.
Data mining: Data mining is the practice of using techniques from the fields of statistics, database
systems, and machine learning to extract and find patterns in massive datasets.
Data Warehouse: A data warehouse is an enterprise system used for the analysis and reporting of
structured and semi-structured data from multiple sources, such as point-of-sale transactions,
marketing automation, customer relationship management, and more.
3. Is Grameen Phone a TechFin company? Why?
Answer: Grameenphone is a mobile telecommunications company based in Bangladesh, and it is not
primarily considered a TechFin company. It was founded in 1996 as a joint venture between Telenor
and Grameen Telecom. Grameenphone primarily operates as a mobile network operator, providing
voice, data, and other telecommunications services to its customers.
However, like many other telecommunications companies, Grameenphone has diversified its business
and ventured into digital services and financial technology (FinTech) through various initiatives. For
example, it has introduced mobile financial services and digital wallets through its subsidiary,
Grameenphone IT Ltd. These efforts could position Grameenphone as a player in the FinTech space,
but its core business remains telecommunications.
LE
telecommunications company rather than a TechFin company.
SA
format and shared among the nodes of a computer network. It is one of the most secured technology
for storing data.
This technology can be used at nationwide level to manage the nationwide financial networks of Banks
& NBFIs with decentralized nodes distributed among all of the Banks and NBFIs as a means of real-
time transaction processing system, real-time BACH processing etc. It can also be used to manage
R
stock market with real-time data processing & settlement with decentralized nodes distributed among
the various stakeholders of stock exchange including banks and the listed companies to update the
stock holders in real-time. It can also be used to manage the nationwide MFSs to prevent customers’
FO
money from unauthorized use by others and to make a single network of MFS. Similarly, nationwide
healthcare, public procurement, property records management and so on can also use the block chain
technology to leverage the benefits of block chain.
works? Narrate in details. How many parties are involved in Crypto-currency? What
O
Answer: A digital currency in which transactions are verified and records maintained by a
decentralized system using cryptography, rather than by a centralized authority. It is a digital payment
system that doesn't rely on banks to verify transactions. There are thousands of cryptocurrencies. Some
of the best known include: Bitcoin, Ethereum, Litecoin, Ripple etc.
LE
Payment to organized terrorist groups
Functioning of Crypto: In simple words, block chain in the context of cryptocurrency is a digital
ledger whose access is distributed among authorized users. This ledger records transactions related to
SA
a range of assets, like money, house, or even intellectual property.
The access is shared between its users and any information shared is transparent, immediate, and
“immutable”. Immutable means anything that block chain records is there for good and cannot be
modified or tampered with – even by an administrator.
R
Parties of Crypto-currency: Parties Involved in Crypto-currency are:
Miners: Mining is the process of production of Crypto-currency. Miners generate bitcoin,
record and ensure integrity.
FO
Users: Cryptocurrency transactions typically involve at least two parties: the sender and the
receiver. These parties can be individuals, businesses, or other entities. In addition to the sender
and receiver, there are also other parties involved in the broader cryptocurrency ecosystem
Online wallet providers: Online Wallet provider is a tech firm which store credentials and
transaction history of their respective clients, thus clients don’t need to download a full copy
T
of block chain software and store by themselves (like a member of stock exchange).
Exchange companies: Exchange companies are agents where bitcoins are traded in exchange
O
of traditional currency.
Main roles of a miner in cryptocurrency production:
N
Miners collect and verify transactions from the network's memory pool. They check the
transaction validity and ensuring that they comply with the network's rules.
Miners gather transactions into a block after validation and formed a chain of blocks.
After that miners ensure that that blocks are added to the block chain at a constant rate, the
complexity of this problem changes with time.
Miners are typically rewarded with a combination of newly created cryptocurrency coins after
they broadcast the new block to the network.
Legal Tender: An amount of currency to be issued by a Central Bank is backed mainly by Gold;
and/or Government Securities (such as long term bonds, Treasury Bills) which in turn is backed by
Government earnings like Tax, Duty and other Revenue.
6. What are the functions of an Online Wallet Providers?
Answer:
Online Wallet provider is a tech firm which store credentials and transaction history of their
respective clients, thus clients don’t need to download a full copy of block chain software and
store by themselves (like a member of stock exchange).
Users credentials to access fund are stored with the Providers, as such users must have full
trust on the providers
A malicious Provider or a beach in server security of the Provider may cause entrusted bitcoins
to be stolen.
LE
Answer:
SA
Freezing / seizing crypto assets
Tracking movement of fund
Making someone compelled to file STRs
Because all the persons / parties involved are anonymous and not traceable
R
8. State the idea of introducing National Digital Currency? How it is different than
Crypto-currency?
FO
Answer: A national digital currency is a digital currency that is issued and overseen by a country’s
central bank. Some places NDC is already available include the Central Bank of The Bahamas (Sand
Dollar), the Eastern Caribbean Central Bank (D-Cash), the Central Bank of Nigeria (e-Naira) and the
Bank of Jamaica (JamDex) etc.
T
The Online Wallet Providers are anonymous Banks act as Online Wallet Providers
Decentralized Centralized
Artificial Intelligence (AI) has significantly impacted the banking industry, transforming various
aspects of how banks operate and serve their customers. AI has the potential to transform the banking
industry by improving operational efficiency, enhancing customer experience, and strengthening
security measures. It is enabling banks to make data-driven decisions, provide personalized services,
and stay competitive in an increasingly digital financial landscape.
LE
From the Customers’ perspective:
AI assisted Account Opening via a virtual assistant.
Biometrics for account identification, money transaction.
SA
Giving a personalized experience to each of the customers.
Providing AI enabled secured banking facilities.
Generating offer/packages/services for the customers based on the customers’ usage data.
Geographical, socio-economic data for the customers.
O
Competitor analysis and taking strategic decisions to stand up among them in the market.
Finding out promising investment sectors to make profit.
N
Deep learning models can be quite useful for forecasting bank crises including inflation and
currency crises.
Virtual/Digital Banking: Virtual/Digital Banking refers to the act of accessing banking institutions
and their functions online without having to make a physical appearance at the bank branches. This is
possible by extensive use of technology in the banking.
Many of the banks in Bangladesh already have adopted part of virtual/digital banking services and
most popular services are Internet banking, e-commerce solution, and mobile apps. Other services like
ATM/CRM, MFS and agent banking requires the customers to physically go to an establishment like
booth, agent etc.
10. What are the advantages of cloud banking? What are the challenges?
Answer:
Advantages:
Back-up and restore data: Once the data is stored in the cloud, it is easier to get back-up and
restore that data using the cloud.
Improved collaboration: Cloud applications improve collaboration by allowing groups of
people to quickly and easily share information in the cloud via shared storage.
Excellent accessibility: Cloud allows us too quickly and easily access store information
anywhere, anytime in the whole world, using an internet connection.
Low maintenance cost: Cloud computing reduces both hardware and software maintenance
costs for organizations.
LE
Mobility: Cloud computing allows us to easily access all cloud data via mobile.
Unlimited storage capacity: Cloud offers us a huge amount of storing capacity for storing our
important data such as documents, images, audio, video, etc. in one place.
Data security: Cloud offers many advanced features related to security and ensures that data
SA
is securely stored and handled.
Disadvantages:
Regulations conflict between local regulatory guidelines and compliance rules of cloud
banking
R
Security & privacy threat, i.e., data compromise
Hazard of Data migration from existing system to cloud, i.e. large volume of data, incompetent
FO
Answer: Some of the major technologies which are being used currently by Banking Sector can be
stated below:
O
Financial Apps for doing any kind of transactions, fund transfer, enquiry balance/statements,
E-payment, E-loan etc.
Card less ATM withdrawal, Deposit & Withdrawal using CRM
QR and NFC payment.
IVR (Interactive Voice Response) & Video Banking.
E-commerce
Finger-print, face detection, voice banking
Upcoming AI based Technologies in Banking Sector:
Virtualization and cloud based banking with the help of block chain technology.
Use of virtual and augmented reality.
Personalization and Intelligence service using Machine learning, Data Science
BaaS (Banking as a service), PAAS (platform as a service) is going to be introduced.
SHORT NOTE
Block Chain Technology
A block chain is a distributed database or ledger where data is stored electronically in digital format and shared
among the nodes of a computer network. It is one of the most secured technology for storing data. There are
two types of block chain network i.e. public network and private network of block chain. Though this
technology was first outlined in a research paper in 1991 but its’ first real-world application was launched in
January 2009, with the launch of Bitcoin. For its nature of record keeping, transactions and records in the
block chain technology in public network is irreversible this technology is also known as distributed ledger
LE
technology (DLT). This technology has the potential to revolutionize various industries, including finance,
supply chain management, and healthcare, by providing a secure and transparent way to record and verify
transactions.
SA
Online Wallet providers
Online Wallet provider is a tech firm which store credentials and transaction history of their respective clients,
thus clients don’t need to download a full copy of block chain software and store by themselves. Online Wallet
provider are financial applications that allow you to store funds, make transactions, and track payment
histories on devices like phones and tablets. Online Wallet provider allow people in financially underserved
R
parts of the world to access financial services they may not have been able to before. Online Wallet provider
allow businesses and consumers worldwide to accept payments, receive funds, or send and receive remittances
from friends and family in other nations. One of the biggest advantages of Online Wallet provider is that they
FO
let you pay for things without credit or debit cards, once you enter and store your card and banking information
in the mobile payment platform.
Cloud computing
Cloud computing is the delivery of computing services—including servers, storage, databases, networking,
T
software, analytics, and intelligence—over the Internet (“the cloud”). Instead of buying, owning, and
maintaining physical data centers and servers, we can access technology services, on an as-needed and pay-
O
as-you-go basis. Cloud computing is one of the most attractive and promising technologies for the banking
sector. But as per the existing rule, the customer’s data can’t be located outside the country, the cloud couldn’t
be adopted by the banks especially for core banking solutions. However banks have widely adopting cloud
N
Machine Learning
Machine learning is a branch of artificial intelligence (AI) and computer science which focuses on the use of
data and algorithms to imitate the way that humans learn, gradually improving its accuracy. It is the study of
making machines more human-like in their behavior and decisions by giving them the ability to learn and
LE
develop their own programs. Machine learning is an important component of the growing field of data science.
Good quality data is fed to the machines, and different algorithms are used to build ML models to train the
machines on this data. The choice of algorithm depends on the type of data at hand and the type of activity
that needs to be automated. It is also likely that machine learning will continue to advance and improve, with
SA
researchers developing new algorithms and techniques to make machine learning more powerful and
effective.
Data Mining
One of the recent advancement in line with data management technologies is data mining and knowledge
R
discovery. Data mining is the process of extracting and discovering patterns in large datasets involving
methods at the intersection of machine learning, statistics, and database systems. Data has increased in size
and dimensionality. Despite this, it is more frequently utilized in the sector as a tool to research clients and
FO
Data Warehouse
In computing, a data warehouse, also known as an enterprise data warehouse, is a system used for reporting
and data analysis and is considered a core component of business intelligence. Data warehouses are central
T
repositories of integrated data from one or more disparate sources. They store current and historical data in
one single place that are used for creating analytical reports for workers throughout the enterprise. This is
O
beneficial for companies as it enables them to interrogate and draw insights from their data and make
decisions.
N
Artificial Intelligence
Artificial Intelligence (AI) is intelligence demonstrated by machines with learning and problem-solving
technique in terms of rationality and acting rationally. AI research has been defined as the field of study of
intelligent agents, which refers to any system that perceives its environment and takes actions that maximize
its chance of achieving its goals. This includes advanced web search engines, understanding human speech,
self-driving cars, automated decision-making and competing at the highest level in strategic game systems.
AI researchers are divided as to whether to pursue the goals of artificial general intelligence and
superintelligence directly or to solve as many specific problems as possible (narrow AI) in hopes these
solutions will lead indirectly to the field's long-term goals.
Review Questions
iii) Which of the following is not a party in Crypto-Currency production and processing?
LE
a) Miners b) Central Bank c) Online Wallet Providers d) Exchange Companies
SA
i) The FinTechs are financial companies like Banks, Leasing companies and Insurance
R
companies which embad FinTech to make their own products more attractive.
FO
ii) Most well known solutions using FinTech in Bangladesh are NexusPay, ROCKET and
bKash, Nagad, UPay, SSLCommerz, iFarmer, PayWell, Dmoney etc.
iii) RegTech refers to any technology that ensures companies comply with their regulatory
requirements.
T