With IPD, HSBC provides customers with a single login with a unified view of all their financial operations through electronic channels (Web, Palm, Wap, among others).
Control access of customers to all their operations, through several electronic channels (Web, Palm, Wap mobile, among others) through a single login. Information on operations and users were already present on other systems, especially on mainframes, and should not be replicated, but integrated with the required solution.
Visionnaire has developed IPD, a system that maintains information about rights granted to customers, preventing access to unauthorized services.
In addition to the single login (which facilitates the use of the system and the client's relationship with the bank), the audit allows monitoring of users' actions, in order to verify the problems reported by users and to identify attempts to breach the system. The IPD is flexible and meets the structural features of the bank with the least effort to adapt.
Java, HTML, XML, XSL, Servlets, EJB.
Detailed Problem: HSBC had a need for a secure access control solution that, in addition to providing customer security, was flexible and highly reliable. The solution should serve all electronic channels in a unified way, so that your customer could access the bank via cell, Palm and the Internet consistently. The system would have to serve at least 1,200 concurrent users and should have fault tolerance, avoiding dependency on a single server. Additionally, through a single login, users should have access to all their operations (current accounts, savings, investments, insurance, among others), but only allowed transactions (such as balance and transfer). Much information about operations and users was already present on other systems, especially on mainframes. This information should not be replicated, but integrated with the required solution.
Detailed solution: Building on its experience in developing access control applications, Visionnaire has produced a solution for financial institutions. In HSBC this solution is called the IPD (Infrastructure Profile Database). IPD maintains information about rights assigned to clients, preventing access to unauthorized services. To this end, all available services or business transactions are registered in advance, using the appropriate GUI, as well as the rights required to access them. The operations available to customers are retrieved from an existing system on the mainframe, maintaining the consistency of the information.
In addition to access control, IPD also facilitates the construction of applications, providing a facility to build menus dynamically, according to the privileges of the user. Through an appropriate graphical interface, the system allows the administrator to include and maintain information for the assembly of dynamic menus of applications. Upon receiving a user, the applications of the bank can request the menu with the items that this user has access. IPD will locate the registered menu for that channel and return to the application only the options valid for the user. From then on, the application can define the best way to display the menu and request user interaction.