128 bit SSL supported PAIN architecture. (Privacy, Authentication, Integrity,
Non-repudiation)
Multiple Firewalls for extensive network security
Smart Card features
PKCS #11 support
PC/SC support
Clients can access the web site using digital certificates:
X.509 v3 SSL client authentication certificates
S/MIME secure e-mail support
Clients can configure access and transactional settings for digital
certificates
Require a certificate when accessing the site
Require a certificate when completing a transaction
Require a certificate when the transaction amount is above a user specified
limit
Security policy optimized for online financial transactions
High level of privacy for all online transactions
Established encryption policies for transport and storage
Critical information is encrypted and stored on the database in a database
RSA based encryption for all critical information
Salting of clear text
All communication with back end hosts is encrypted
All trafic generated from web site to backend hosts is encrypted
User password information is stored as an MD5 hash ensuring password security.
Systems are protected from Internet and Intranet based intrusions by firewalls
Systems are protected by system integrity tools
Host based intrusion detection systems for all applications
Operating system security hardening
Definition and enforcement of a password policy (three consecutive erroneous
logins locks user's password for a predetermined interval or periodically
forces user to change passwords)
