IT MANAGEMENT IN BANKS, RISK MANAGEMENT OF IT

1
IT MANAGEMENT IN BANKS, RISK MANAGEMENT OF IT

• Ferenc Olti
• Inter Európa Bank
• 3736470, oltif_at_ieb.hu

2
(No Transcript)
3
(No Transcript)
4
Business strategy

• We cant talk about any successful business
  activity without business strategy. Need to
  answer at least the following questions
• How much money do we want to earn and what
  period?
• What we want to do with the profit?
• To reach our target, what do we want to sell and
  to whom?
• How do we want to sell it?
• We cant talk about any successful business
  strategy without IT strategy!

5
The business and IT strategy relationship

• The IT strategy is part of the business strategy
• The IT has an important role in the realisation,
  creation, but IT isnt theowner
• Nothing works without commitment of the management

6
IT roles

• Initiate ???
• Co-operate
• planning
• make
• to follow up

7
The leading role of the IT and its
responsibility

• Knowing the business
• to be a partner
• be part in the creation of the company culture
• to create a team

8
The place of the IT in the organisation chart

• IT must be on the same level as business
  departments and not subordinated to them!

9
The relationship of IT and business

• Internal relationship and their problems
• Who should initiate ?
• Who should keep eye the external world ?
• Who manage the budget ?
• External relationships
• IT realisation and contract details

10
How should IT be motivated?

• IT also have to be sales-oriented
• Development and operation have to be strictly
  separated (conservative creative)
• Permanent dealing with the security questions

11
SECURITY

• The bank security was always an important
  question, stable disciplines, but there are new
  challenges
• Physical security is important and visible but
  the real risk is in IT
• The new challenges basically IT type
• Information has never seemed to be so centralised
• new products depending on IT
• necessity of prompt decision
• fraud monitoring
• scoring

12
Security challenges caused by the centralisation
of information

• Planning of business continuity (BCP)
• save and reload strategy and practice
• duplication, same or diverse place
• hardware
• disks, servers
• files
• organisation of business process for crises
• people availability

13
A Security challenges caused by the
centralisation of information

• Human recourses, is the biggest challenge
• system administrators reliability
• financial security
• stable family background
• mental and bodily health
• authority handling
• new employee authentication
• leavers
• training

14
Security challenges caused by the centralisation
of information

• Reduce possibility of collusion
• to deal strictly with double checking
• cashier safety
• the best bank security expert is the good
  accountant
• to see, not only to watch

15
New products depending on IT

• Active electronic distribution channels
• protection against penetration
• continuously penetration test
• virus protection
• client identification, legal questions
• password, digital signature, etc.
• real-time operation risks

16
New products depending on IT

• E-commerce
• B2C card-acquire risk

17
Example card business

18
Types of fraud

• Cardholder fraud
• card cloning
• high risks
• stolen card number
• e-purchase
• risk can be reduced
• Card not present

19
Types of fraud (2)

• Merchant fraud
• collusion
• creative fraud

20
Issuers risks

• Complete responsibility after forbidding, from
  1/12/02 limited before
• Client unsatisfactory, also if he isnt right
• EU regulation

21
Cardholders risks

• Complete risk take-over until forbidding, but
  change after 01/12/02
• unknowing the contract
• unknowing rules

22
Merchant risks

• Unlimited on internet
• risk of being on black list
• inconvenience of authorisation request

23
CARDGUARD

• Active limit management
• 0 limit
• Normal limit
• No limit
• technical realisation
• disposable card number

24
Fraud monitoring

• Real-time fraud monitoring
• expensive
• it could cause inconvenience to the client
• secure
• post monitoring
• together with a good limit managing is sufficient

25
FRAUD MONITORING

• Follow up in general
• manual
• expert
• Programmed
• internal development
• ready made packages
• role of the card companies

26

• THANK YOU

27
The e-business like the football, everybody talks
about it, either they are interested in it or
they have to or its fashion.We are using
clichés day by day, but no really think about
its true or not.

28
Necessity to set up clear targets

• Give information or do active business?
• Give information
• internal information
• external information
• advertisement
• active business
• B2B, B2C ?
• Alone or with somebody?
• Trust chain
• How shall we react on the pressures?
• Are we small or big ? What do we think about it ?

29
E- business risks

• Almighty role is overestimated
• Possibilities are underestimated
• Disharmony of the offer and the shipping
  facilities
• unsolved logistic problems
• Possibility to loss prestige