Taipei Fubon Bank ranks first in Taipei, considering the number of private bank branches. The bank will continue to maintain its focus on customer segmentation and ensure sound operations through innovations and revamps. Its five-pronged strategy comprising lifestyle financial services, sharp wealth management, cross-strait operations, a strong technological foundation, and a refined brand image is vital to its market growth.
The bank plans to create a more proactive and service-oriented corporate culture by embracing a five-pronged strategy and customer orientation as part of its business philosophy. Taipei Fubon Bank is firmly committed to transforming itself into the most trustworthy and reliable brand for its customers. For that reason, it is making major strides toward becoming ‘the best financial institution in Asia.’
In recent years, the bank has introduced financial technology such as mobile payment, artificial intelligence, and blockchain applications into its operations. For example, it launched the mobile payment application LuckyPAY, while supporting a host of other electronic payments such as Apple Pay. Another example of an artificial intelligence technology-led initiative is the robo advisor product Nutmeg. The bank has even invested in an internet-only bank, Line Bank.
To sustain its new technology products, Taipei Fubon Bank has developed a special privilege management system that will support product deployment and handle problems effectively.
Currently, the threat of malware has become extremely serious for users. For example, the Far Eastern International Bank Swift and First Bank ATM attacks were carried out by hackers through social engineering. Hackers generate a privilege clone after cracking the highest privilege to prevent the organisation from detecting the manipulation. This way they are able to steal data and shut down systems maintenance and operations quickly.
To avoid such mishaps, Taipei Fubon Bank follows the international standard of Control Objectives for Information and related Technology (COBIT) as the framework for information governance. The practice involves two elements: information strategy and information maintenance.
For information strategy, the bank uses ISO 31000 risk management principles and guidelines to set up its risk management strategy. Also, it complies with ISO27001 information security management principles to ensure information maintenance. The assessment and monitoring on enterprise risk and information risk is carried out through two international standards to meet corporate governance requirements.
The financial business market is changing swiftly and information systems must be continuously expanded to cope with business developments. Also, the protection of information security should be strengthened to solve current information security issues.
The security issues related to privileged account management include:
Sharing of privileged accounts by multiple users
- High accessibility of accounts shared by multiple users
- Uncontrolled risk of accountability of accounts
- Easily exposed PIN
- Immediate support of business needs is time and labour
- Manual PIN delivery and highly time consuming PIN changes
- Risk of human error in operations
- Complicated administrative procedures for applications
- Unauthorised access of resources
- Use of phantom accounts by former employees
- Inability to prevent hackers from gaining access
- Absence of instant threat monitoring and warning mechanisms
Taipei Fubon Bank established the ‘privilege governance and intellectual anti-hacking’ project. Essentially, the project integrates the existing management information of the enterprise’s configuration management system using parameterisation-setting logic. It is possible to avoid the phantom accounts from causing potential risk events to the information security infrastructure through automatic system inspection processes.
The main functions of the proposed solution security issues include:
- Automatic PIN application for privileged account: Combined with the internal automatic process of the enterprise (demand form system), the applicant obtains the PIN though digitalised encryption method after it is approved by the supervisor.
- Automatic PIN change function: The applicant uses the PIN, and when the application is completed, the password is changed in the target system through the automated processes. The part A and part B methods are carried out to store the special privilege management system using patented encryption technology.
Taipei Fubon Bank is the first financial institution in Taiwan to integrate the internal automation processes of the enterprise (demand form management system, system centre configuration manager, and side recording management system). The bank is replacing the manual operation of privileged account management with digitalisation and introducing smart illegal use and anti-hacking warning systems.
Figure 1. System architecture
The range of reforms affect the server systems of the whole bank such as Unix, Linux, Windows, and database systems, 28 versions of nine major platforms, with more than 2000 servers and 6,000-plus privileged accounts. These impact over 500 information stakeholders.
Figure 2. Privileged account monitoring and warning dashboard
This System integrates the existing configuration management system of the enterprise and uses the parameterisation-setting logic to automatically compare and analyse the legality of account establishment. It uses the dashboard to monitor the system status as follows:
- Uncovered account warning: This warning is issued when unauthorised and abnormal accounts such as phantom accounts or privileged accounts added by hackers are detected in the operating area.
- Status Dashboard: This dashboard displays the total accounts, approved today accounts, and expired today accounts of the whole bank.
Anti-Hacking: Hackers usually intrude through social engineering. They generate a privilege clone after cracking the highest privilege to prevent the organisation from detecting the manipulation. This way they are able to steal data and shut down systems maintenance and operations quickly.
The new system enhances the efficiency of privileged account management and brings the following benefits:
- Profit: System layout, problem finding, and maintenance operations are all 20 times more efficient. The bank can respond quickly to overall information system needs, problem handling, and ensure improved maintenance efficiency. The sales units can efficiently respond to market changes and customer needs, that ultimately help improve performance growth.
- Cost-savings: Compared to the average handling time of 20 minutes for a demand form previously with 8,000 demand forms to be handled per year, the digital transformation resulted in the bank saving a total of $600,000 in labour costs, and the project’s return on investment is 138 percent.
- Risk control: The monitoring dashboard that this project uses provides visualised presentation, enabling administrators to instantly identify problems and quickly handle them. Intellectual illegal use and anti-hacking warning are also introduced to enhance information security.
The massive use of internet and rapid development of financial technology has brought about a rapid and huge impact on the financial industry and has changed the financial industry’s operating model. However, information convenience is a matter of information security. So the bank will continue to strengthen its information security protection measures. Taipei Fubon Bank firmly believes that only by ensuring information security can it respond to the impact of destructive innovation created by financial technology.