credit bureau association of serbian banks(asb) association of serbian banks (asb) credit bureau...

CREDIT BUREAU

ASSOCIATION OF SERBIAN ASSOCIATION OF SERBIAN BANKSBANKS (ASB)(ASB)

CREDIT BUREAU (CB)CREDIT BUREAU (CB)

Rade Bačković, Rade Bačković, CB HeadCB HeadPredrag Rajačić, BelitPredrag Rajačić, BelitSrećko AtanaSrećko Atanassković, E-smartković, E-smart systems systems

AGENDA

FOUNDATION DEVELOPMENT CHARACTERISTICS OF THE

SOLUTIONS EFFECTS OPINIONS TECHNOLOGY ASPECTS IS CHARACTERISTICS

FOUNDATION

1. FOUNDED ON 18.02. 2004 WITHIN ASB PURSUANT TO THE AGREEMENT CONCLUDED BETWEEN ASB AND BANKS

2. BECAME OPERATIONAL ON NOVEMBER 15TH 2004

3. DATA SOURCES AND USERS OF THE REPORTS ARE:

ALL BANKS (43) ALL LEASING COMPANIES (13) ALL GOVERNMENT AGENCIES AND FUNDS

(GUARANTEE FUND, DEVELOPMENT FUND, EXPORT FINANCING AGENCY, ETC.)

A NUMBER OF TRADERS

FOUNDATION

4. CURRENT ACTIVITIES ARE THE INCORPORATING OF:

THE TAX ADMINISTRATION LARGE TRADE ORGANIZATIONS

IN THE NEXT PHASE OTHER SOURCES WIL GET CONNECTED: TELCOS, PUBLIC SERVICE ORGANIZATIONS, ELECTRIC POWER SUPPLY COMPANY, AND OTHERS)

5. ADMINISTRATION AND MANAGEMENT BODIES:1. ASB MANAGING BOARD2. BUSINESS COUNCIL – OPERATIVE BODY3. MANAGER FROM THE ASB

DEVELOPMENT

1. DATA SOURCES WERE INCORPORATED INTO THE SYSTEM ACCORDING TO THE SIZE OF CITIZENS’ AND LEGAL ENTITIES’ OBLIGATIONS:

BANKS LEASING COMPANIES DEVELOPMENT FUND STATE (TAXES) RETAIL OTHER INSTITUTIONS (TELCOS, PUBLIC SERVICE

ORGANIZATIONS, AND OTHERS)

2. THE FIRST TO BE SUPPORTED WERE CITIZENS’ OBLIGATIONS, FOLLOWED BY OBLIGATIONS OF LEGAL ENTITIES TO INSTITUTIONS STATED ABOVE

CHARACTERISTICS OF THE SOLUTIONS1. COMPLETELY SELF-DEVELOPED SOLUTION (THE FIRST

CB WAS FOUNDED IN SERBIA IN 1928 AND LASTED UNTIL 1941, EXPERIENCE OF THE 26 CBs WORLDWIDE WAS EXAMINED)

2. COMPLETE DATA ON CITIZENS’ AND LEGAL ENTITIES’ OBLIGATIONS, BECAUSE CB IS RECEIVING DATA FROM ALL CREDITORS AND ABOUT ALL THEIR CUSTOMERS

3. DATA ARE UPDATED DAILY

4. FOR CITIZENS, DATA ARE MAINTAINED ABOUT THEIR: REAL OBLIGATIONS (LOANS, LEASING, CREDIT

CARDS, OVERALL CREDITS UNDER CURRENT ACCOUNTS AND ACTIVATED WARRANTIES)

CHARACTERISTICS OF THE SOLUTIONS CONTINGENT LIABILITIES (CITIZENS’ WARRANTIES), AND REGULARITY IN MEETING THE OBLIGATIONS

5. FOR LEGAL ENTITIES DATA ARE MAINTAINED ABOUT THEIR: REAL OBLIGATIONS, LOANS, LEASING, ACTIVATED

GUARANTEES,ACREDITIVES) CONTINGENT LIABILITIES (WARRANTIES, GUARANTEES, NON-

COVERED ACREDITIVES, AVALS)

6. DATA SOURCES SOLVE THE CLAIMS ON DATA INTEGRITY ON THEIR OWN, AND MAKE CHANGES IN THE DATA, AS THE DATA FALL UNDER THEIR COMPETENCE

7. BANK COUNTERS (1700) ARE THE CB COUNTERS

8. FOR DIFFERENT SERVICES DIFFERENT REPORTS EXIST, AS WELL AS A REPORT WITH A SCORING

CHARACTERISTICSOF THE SOLUTIONS

9. REPORT FOR A CITIZEN FROM CB MAY BE OBTAINED ONLY WITH THE PERSONAL SIGNED CONSENT OF THE CITIZEN, AND THE REPORT FOR A LEGAL ENTITY WITH THE CONSENT OF THE AUTHORIZED PERSON

10. THE TIME BETWEEN APPLYING FOR AND RECEIVING THE REPORT TAKES ABOUT 7 SECONDS ON AVERAGE

EFFECTS

1. ENFORCING ORDER TO BANK DATABASES2. SETTLED OBLIGATIONS FROM THE PAST3. THE TIME OF REQUEST PROCESSING

SIGNIFICANTLY REDUCED AND, CONSEQUENTLY, THE REQUEST PROCESSING COSTS

4. BANKS ENABLED TO INTRODUCE NEW PRODUCTS

5. LOWER INTEREST RATES DUE TO LOWER RISK6. CITIZENS’ OVER-INDEBTEDNESS PREVENTED

OPINIONS

1. INTERNATIONAL MONETARY FUND – THE CREDIT BUREAU IN SERBIA IS A SUCCESS STORY

2. THE WORLD BANK – A UNIQUE PROJECT IN THE WORLD

3. NATIONAL BANK OF SERBIA – INTRODUCED OBLIGATORY OBTAINING OF REPORTS FOR ALL LOAN AND LEASING USERS

Data Submission

Daily submission of data (submission of new data, and changes in the status and values of the existing data)

Defined standards for data exchange between Data Source and the Credit Bureau

Client applications for data import and transmission

Syntax and semantic validation in the data source

Digitally signed data

Data Acceptance

Data submission into private data source space

Data source responsible for accurate and updated data

Only Data source is authorized to add, change or remove data

Access to data only on the basis of the consent given by client

Reporting

Client application for report issuance A possibility of the B2B option (client

application integrated in report user’s information system)

Digitally signed approvals Report generation in electronic form

approval-based search of private spaces filling the reporting database generation of encrypted pdf report document report submission to the user

Technology, services, products

MS Windows 2003 Server platform: MS Windows 2003 Server (Standars or Enterprise) OS MS Network services (DNS, DHCP, IPSEC) MS Active Directory (W2k3) MS Message Queue services (Http Support) MS Certificate Services Schlumberger CSP, MS Smart Card services, Cryptoflex 8k v2

smart cards MS IIS 6.0 (ASP.NET) .NET Framework 1.1 ADO.NET MS SQL 2005 MS Exchange 2003 MS ISA Server 2004 Development platform VS .NET 2003

IS ArchitectureBanka korisnik

Server Izvora podataka

Baza podataka trenutnih

stanja

KreditReportApl

PAKETIXML dokumenti,

digitalnono potpisani

Https, autentikacija putem sertifikata, razmena digitalno potpisanih poruka, provera digitalnog potpisa

Kredit biro

Privatni prostor

Infrastruktura, Directory

Data Serveri

WEB Serveri

Aplikativni Serveri

websKomunikator

websPP

winsPP

MSMQ

File serveri

Zakupljena

Upravljanje

WEB Serveri

Aplikativni Serveri DB Upravljanje

webAextCli

webAintCli

websExtCli

websIntCli

MSMQ

winsUpravljanje

Upravljanje

Produkcija

Aplikativni Serveri DB Produkcija

webAintCli

winsProdukcija websProdukcija

MSMQ

Produkcija

Izveštavanje

Reporting Serveri File serveri DB IzvestavanjeAplikativni serveri

MSMQwebsIzvestajiMSSQL

Reporting Services

winsIzvestaji

Izvestaji

Infrastruktura

Infrastruktura, Directory

Kolaboracija

Firewall

File Services

Auditimg & Monitoring

IS Banke

DB serveri Baze podataka IS banke

Eksport podataka

Podaci za import

Pravila Importa i validacije podataka

KB klijent (šalter)

Razmena paketa

Web interfejsi eksternog klijenta

Https, autentikacija putem sertifikata, razmena digitalno potpisanih poruka, provera digitalnog potpisa

KB Interni Klijent

Produkcioni klijenti

Server resources...

Over 30 servers grouped by functions: Domain controlers, Ifrastructure servers (DNS, DHCP), CA servers Colaboration servers, File and FTP servers, Data servers Application servers Web servers

Phisical resource allocation

Communications and connecrions

Security aproach...

• Clear security commitmentClear security commitment• Full member of the security communityFull member of the security community• Microsoft Security Response Center Microsoft Security Response Center

SDSD33 + Communications + Communications

Secure by DesignSecure by Design

Secure by DefaultSecure by Default

Secure in Secure in DeploymentDeployment

CommunicationsCommunications

• Secure architectureSecure architecture• Security aware featuresSecurity aware features• Reduce vulnerabilities in the codeReduce vulnerabilities in the code

• Reduce attack surface areaReduce attack surface area• Unused features off by defaultUnused features off by default• Only require minimum privilegeOnly require minimum privilege

• Protect, Detect, Defend, Recover, ManageProtect, Detect, Defend, Recover, Manage• Process: How To’s, Architecture GuidesProcess: How To’s, Architecture Guides• People: TrainingPeople: Training

Security Perimeters

Internet

InternetFWBU1GB NetInterface

100MB NetInterface

Kredit biro

Internet

InternetFW

Privatni prostor

Web Serveri KB

PPFW

SEGMENT PP

Web Serveri KB

1GB NetInterface

100MB NetInterface

1GB NetInterface

100MB NetInterface

Interni klijenti Kredit biroa

KBFW

SEGMENT KB

100MB NetInterface

Interni klijent

SEGMENT IK

1GB NetInterface

B2B Architecture - resources

IS Banke

KBRazmena

IS KB

KBWS

KB Web Serveri

KBSrv

Direktni korisnici

Klijenti za rapidan unosRealizacija rapidnog unosaOn-line korisnici

Off-line korisnici

(HTTPS - Tunel)

(HTTPS - Tunel)

(HTTPS - Tunel)

HTTP (SOAP)

HTTP (SOAP)

HTTP (SOAP)

Credit Bureau facts ...

Web and Windows services oriented system with fully integrated Identity management based on digital certificate on Smart Card

50+ Data sources with daily updates 80 GB Data Base 3,000,000 citizens 380,000 enterprises more than 1700 external clients Availability period 8-20 2-4 seconds response time 8000 reports daily Highly automated (5 business people and 4 support man) Scalabe Ready for interconnection…

Contacts

[email protected] [email protected]

credit bureau association of serbian banks(asb) association of serbian banks (asb) credit bureau...

Documents

citizens obligations

examinedcomplete data

data fall

data integrity

legal entities obligations

obligations of legal

avals data sources

databasessettled obligations