FIN 076: Banking Operations

Teachers’ Guide Module #11

Name: _____________________________________________________________ Class number: _______

Section: ____________ Schedule: ______________________________________ Date: ______________

Lesson title: Security and Control Mechanisms in Banking Materials:

Learning Targets: Student Activity Sheets
At the end of the module, students will be able to:
1. Determine the terminologies used in security and control References:
mechanisms in banking. www.ibm.com
2. To classify authentication methods.

“The man who does not read books has no advantage over the one who cannot read them.” — Mark Twain

A. LESSON PREVIEW/REVIEW
Introduction
Ola! How was your first assessment? Did you find it easy? We are done discussing the core
banking system and the migration to cloud-based core banking system. Today, we will be talking
about the security and control mechanisms in banking.

Please read the learning targets before you proceed to the succeeding activities. The learning
targets are your goals. Remember, you need to achieve your learning targets at the end of the lesson.

B. MAIN LESSON
Activity 1: Content Notes
Below are the notes about special topics in banking & microfinance. You may underline or
highlight words or phrases that you think is the main focus of the lesson.

Security is an important consideration for both developers and system administrators.

The commonly accepted aspects of security are as follows:

● Identification and authentication ● Confidentiality

● Authorization ● Data integrity
● Auditing

1. Identification and authentication

Identification is the ability to identify uniquely a user of a system or an application that is running
in the system. Authentication is the ability to prove that a user or application is genuinely who
that person or what that application claims to be.

This document is the property of PHINMA EDUCATION

 FIN 076: Banking Operations
Teachers’ Guide Module #11

Name: _____________________________________________________________ Class number: _______

Section: ____________ Schedule: ______________________________________ Date: ______________

Categories of Authentication Methods Used for Banking

User Knows User Possesses User Behaviors User’s Physical

Characteristics
Password Swipe card Speech Fingerprint
PIN Proximity card Signature Palm print
Identifiable picture USB token Keyboarding rhythm Hand geometry
One Time Password Iris features

2. Authorization
Authorization is the process by which a computer system or individual grants access to a user
for various reasons. It protects critical resources in a system by limiting access only to
authorized users and their applications. It prevents the unauthorized use of a resource or the
use of a resource in an unauthorized manner.

3. Auditing
Auditing is the process of recording and checking events to detect whether any unexpected or
unauthorized activity has taken place, or whether any attempt has been made to perform such
activity.

4. Confidentiality
The confidentiality service protects sensitive information from unauthorized disclosure.

5. Data integrity
The data integrity service detects whether there has been unauthorized modification of data.

Security Mechanisms are technical tools and techniques that are used to implement security services.
A mechanism might operate by itself, or with others, to provide a particular service. Examples of
common security mechanisms are as follows:

1. Cryptography - is the process of converting between readable text, called plaintext, and an
unreadable form, called ciphertext.

This occurs as follows:

a. The sender converts the plaintext message to ciphertext. This part of the process is
called encryption (sometimes encipherment).
b. The ciphertext is transmitted to the receiver.
c. The receiver converts the ciphertext message back to its plaintext form. This part of the process is
called decryption (sometimes decipherment).

This document is the property of PHINMA EDUCATION

 FIN 076: Banking Operations
Teachers’ Guide Module #11

Name: _____________________________________________________________ Class number: _______

Section: ____________ Schedule: ______________________________________ Date: ______________

2. Message digests and digital signatures - is a fixed size numeric representation of the contents of a
message, computed by a hash function. A message digest can be encrypted, forming a digital
signature.

Messages are inherently variable in size. A message digest is a fixed size numeric
representation of the contents of a message. A message digest is computed by a hash function, which
is a transformation that meets two criteria:

a) The hash function must be one way. It must not be possible to reverse the function to find the
message corresponding to a particular message digest, other than by testing all possible
messages.
b) It must be computationally infeasible to find two messages that hash to the same digest.

3. Digital certificates - provide protection against impersonation, because a digital certificate binds a
public key to its owner, whether that owner is an individual, a queue manager, or some other entity.
Digital certificates are also known as public key certificates, because they give you assurances
about the ownership of a public key when you use an asymmetric key scheme.

A digital certificate contains the public key for an entity and is a statement that the public key
belongs to that entity:

a. When the certificate is for an individual entity, the certificate is called a personal certificate or user
certificate.
b. When the certificate is for a Certificate Authority, the certificate is called a CA certificate or signer
certificate.
4. Public Key Infrastructure (PKI) - is a system of facilities, policies, and services that supports the
use of public key cryptography for authenticating the parties involved in a transaction.

There is no single standard that defines the components of a Public Key Infrastructure, but a
PKI typically comprises certificate authorities (CAs) and Registration Authorities (RAs). CAs provide the
following services:
a) Issuing digital certificates c) Revoking digital certificates
b) Validating digital certificates d) Distributing public keys

Now, let us proceed to the activities that will strengthen your knowledge of the topic.

Activity 2: Skill-building Activities

Let’s practice! Answer each activity to test your understanding of the lesson. I know you can do
this! You may start now.

This document is the property of PHINMA EDUCATION

 FIN 076: Banking Operations
Teachers’ Guide Module #11

Name: _____________________________________________________________ Class number: _______

Section: ____________ Schedule: ______________________________________ Date: ______________

Exercise No. 1: Read each statement carefully. Identify what is being referred to in each
number. Write your answer on the space provided.

________________________1. These are technical tools and techniques that are used to
implement security services.
________________________2. It is the ability to prove that a user or application is genuinely
who that person or what that application claims to be.
________________________3. This is the process of converting between readable text,
called plaintext, and an unreadable form, called ciphertext.
________________________4. It protects critical resources in a system by limiting access only to
authorized users and their applications.
________________________5. This is a system of facilities, policies, and services that supports the
use of public key cryptography for authenticating the parties involved in a transaction.
________________________6. It is the process of recording and checking events to detect
whether any unexpected or unauthorized activity has taken place, or whether any attempt has
been made to perform such activity.
________________________7. These provide protection against impersonation, because a digital
certificate binds a public key to its owner, whether that owner is an individual, a queue manager, or
some other entity.
________________________8. This protects sensitive information from unauthorized disclosure.
________________________9. It is a fixed size numeric representation of the contents of a
message, computed by a hash function.
________________________10. This detects whether there has been unauthorized modification of
data.

You may now see the correct answer on the last page. How many correct answers did you get?
Write it on the space before the instruction. I hope this activity helped you in this lesson.

Exercise No. 2: Classify the following authentication methods. Write UK for User Knows, UP for
a User Possesses, US for User Behaviors, and UPC for User’s Physical Characteristics. Write
your answer on the space provided.

_____1. Password _____6. Keyboarding rhythm

_____2. Iris features _____7. Swipe card
_____3. PIN _____8. Signature
_____4. Fingerprint _____9. One Time Password
_____5. Identifiable picture _____10. Speech

You may now see the correct answer on the last page. How many correct answers did you get?
Write it on the space before the instruction. I hope this activity helped you in this lesson.

This document is the property of PHINMA EDUCATION

 FIN 076: Banking Operations
Teachers’ Guide Module #11

Name: _____________________________________________________________ Class number: _______

Section: ____________ Schedule: ______________________________________ Date: ______________

Activity 3: Check for Understanding

On the space provided, write TRUE if the statement is correct and FALSE if it is incorrect.

__________1. Authorization is the process by which a computer system or individual grants

access to a user for various reasons.
__________2. There is a single standard that defines the components of a Public Key
Infrastructure,
__________3. Security is an important consideration for both developers and system
administrators.
__________4. The confidentiality service detects whether there has been unauthorized
modification of data.
__________5. A message digest is a fixed size numeric representation of the contents of a
message.

You may check the correct answers for this activity on the last page. How many correct answers
did you get? Write your score on the space before the instruction on this exercise.

C. LESSON WRAP-UP

Activity 4: FAQs

1. Are there other programs that can supplement authentication in banking?

Yes. One of these supplements is Layered Security Programs. It is characterized by the use of different
controls at different points in a transaction process so that a weakness in one control is generally
compensated for by the strength of a different control. This can substantially strengthen the overall
security of Internet-based services and be effective in protecting sensitive customer information,
preventing identity theft, and reducing account takeovers and the resulting financial losses.

2. What are the controls included in a layered security program?

The following effective controls can be included in a layered security program:
a. Fraud detection and monitoring systems that include consideration of customer history and
behavior and enable a timely and effective institution response;
b. The use of dual customer authorization through different access devices;
c. The use of out-of-band verification for transactions;
d. The use of positive pay, debit blocks, and other techniques to appropriately limit the transactional
use of the account.

This document is the property of PHINMA EDUCATION

 FIN 076: Banking Operations
Teachers’ Guide Module #11

Name: _____________________________________________________________ Class number: _______

Section: ____________ Schedule: ______________________________________ Date: ______________

Activity 5: Thinking about Learning

A. Work Tracker

You are done with this session! Let’s track your progress. Shade the session number you just
completed.

B. Think about your Learning

1. Please read again the learning targets for the day. Were you able to achieve those
learning targets? If yes, what helped you achieve them? If no, what is the reason for not
achieving them?
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________

2. What question(s) do you have as we end this lesson?

___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________

KEY TO CORRECTIONS

Skill-Building Exercises

Exercise No. 1
1. Security mechanisms 6. Auditing
2. Authentication 7. Digital certificates
3. Cryptography 8. Confidentiality service
4. Authorization 9. Message digests
5. Public Key Infrastructure 10. Data integrity service

This document is the property of PHINMA EDUCATION

 FIN 076: Banking Operations
Teachers’ Guide Module #11

Name: _____________________________________________________________ Class number: _______

Section: ____________ Schedule: ______________________________________ Date: ______________

Exercise No. 2
1. UK 6. UB
2. UPC 7. UP
3. UK 8. UB
4. UPC 9. UP
5. UK 10. UB

Check for Understanding

1. True
2. False
3. True
4. False
5. True

TEACHER-LED ACTIVITIES

Since this session will be face-to-face, the teacher may conduct a micro lecture about human resource
management, its functions, and its features. The teacher may also cater questions from students and
allot 5-10 minutes for this activity.

A. If this session happens to be a face-to-face, in-classroom learning session:

1) Collect completed work in the SAS.
2) Allocate your contact time with students to individual or small group mentoring, monitoring,
and student consultations.
3) You may administer summative assessments (quizzes, demonstrations, graded recitation,
presentations, performance tasks) during face-to-face sessions.
4) You may also explore supplementary activities that foster collaboration, provided that social
distancing is observed.
5) You may provide supplementary content via videos, etc.

It is important to remember that students who cannot make it to face-to-face, in-classroom

sessions for health and safety reasons, should not be given lower grades for missing in-class
activities and should be given alternative summative tests.

ADDITIONAL NOTES FOR TEACHERS:

This document is the property of PHINMA EDUCATION