The SouthWest Bank application is a secure online banking system (SBS) that facilitates the working of any common bank. The need of automating everything and making it available over the internet for 24 hours has led to constructing systems like this one. It has all features of a normal bank. It is demonstrated for 5 types of users, Internal Employees, Managers, Customers, Banking Administrator and Merchants.
The application allows external user to login and perform tasks as he would do in normal world banking application. Users can access their statements, transaction history, transfer funds to another user and debit or credit funds in their account and between their accounts. Opening a secondary bank account online and managing it is made easy using this application. The system has made it easy even for the bank employees to manage accounts of user. The government employee is also involved in the system as it’s required to access and release person’s personal information. Banking administrator is responsible for creating and managing all important accounts like regular employee, bank manager and external user and to manage the system logs.
The system is made highly secure by implementing different security features. As, the system deals with people’s personal information as well as their funds, security is the basic necessity in this case. A complete and comprehensive all round security has been implemented in the system. This paper will talk in detail about which security features are used and how they are implemented. Some of the implemented security features are PKI, password hashing, captcha and OTP. All the required user communication is done through E-mail. All keys required to implement PKI are also enclosed in an email and sent to the user. The system is successfully implemented over the network and is functional.
- Secure Socket Layer (SSL)
- Public Key Infrastructure
- One Time Password
- Virtual Keyboard
- Role Based Authentication
- Single Logging in One Session
- Account Locking after 3 Unsuccessful Attempts
- Right Click Disabled
- Back Functionality Disabled
- Refresh Disabled
- SQL injection Prevention using HQL
- Salted Hashed Password Storage
- Front-end and Back-end Validation
- Handling DOS Attacks in the form of TCP Syn Floods