KAS-BANK (previously known as Kas-Associatie) was the first Internet-based bank in the Netherlands that made it possible to manage a bank account via a secured channel over the Internet.
| Market: | Finance |
|---|---|
| Technology: | Java, SSL, PGP |
| Brochure: |  |
In 1995, KAS BANK decided to realise a new product/market combination by offering fully electronic banking to individuals via the Internet.
The use of modern telecommunication techniques was already widespread within KAS BANK and the Internet fitted in well with the strategy to remain ahead of the competition in terms of the application of these techniques. Such a service would also reduce problems relating to the version control of a telebank application.
KAS BANK is an independent bank that operates internationally, is listed on the stock market and specialises in the custody of securities and the settlement and administration of transactions pertaining to securities and derivative products. KAS BANK has a preserved capital of 220 billion guilders.
West has been a partner in this project since the beginning and has executed the preliminary investigation, provided consultancy with respect to security and the Internet, installed hardware and software, built applications and provided first and second-line support.
Due to the new area and the new techniques, the project was executed in phases so that the feedback from the results could be taken into account for the subsequent architectural decisions. The added advantage of this was that the project produced fast and useful results, without the delays that a long analysis phase would have caused.
The following phases were applied:
By using the knowledge and expertise of KAS BANK, the back end (the actual bank application on the mainframe) could be developed quickly.
Phases 3 and 4 are based on state-of-the-art web technology. The business logic runs on the mainframe of KAS BANK, which could be accessed from the Internet server via SNA. Brixton gateway software runs on this and converts the information (via intelligent screen scraping of the 3270 application) into HTML pages or makes it available as Java objects within the Java-applet.
As the telebank service has to have a high level of availability, a double executed system was chosen. This consists of two Sun Enterprise-150 servers, both of which are accessible via their own Internet connection by means of two different providers. The webserver for KAS BANK and access to the telebank application are configured on both servers. The correct configuration of DNS enables clients to enter via the most accessible server. This means that a sever that is not accessible due to problems on the Internet or activities on the server will not be accessible by clients.
Both servers are connected by means of a private network in order to synchronise data and enable monitoring and administration by operators.
Specific services for KAS BANK also run on the servers and on a mail server that is used to send bank statements.
Security is obviously one of KAS BANK's highest priorities. A lot of attention is thus paid to security and external parties, such as KPMG and ITSX, perform regular audits in this respect.
Security is important in many areas of the architecture. Physical access to the systems is organised by installing the systems locally at KAS BANK, while network access is organised by means of a firewall. Access to the telebank application occurs from the secure server, which is secured with a certificate. The encryption between the Java-applet and the server also occurs by means of SSL, for which KAS BANK has set up its own Certificate Authority. The bank statements can by sent with PGP encryption, if the client so desires.