|About | Courses | Seminars | Self-study tools | Related sites | Contact us|
- June 23 - June 27, 2014
(Chicago, IL) Apply Now >>>
E-Banking/Mobile BankingS.T.R.E.A.M/Technology Lab Courses - The Federal Reserve Bank of Chicago
Type of Participant Targeted
E-Banking/Mobile Banking is a five-day course intended for examiners with IT examination responsibilities but with little or no university training in information technology. At least one year of field examination experience is preferred.
This course provides participants with a detailed understanding of the technologies and risks fundamental to electronic banking (e-banking) and mobile banking. Topics include technology and mobile financial service overview, common security threats and vulnerabilities, device authentication techniques, and web application testing. Hands-on demonstrations and exercises encompass web site authenticity evaluation, vulnerability testing, and a Structured Query Language (SQL) injection vulnerability demonstration. Mitigating controls such as web-application testing, mobile device testing, and the Federal Financial Institutions Examination Council's (FFIEC) strong authentication guidance are also covered.
After completing the course, the participant, at a minimum, will be able to
- Describe fundamental concepts behind modern e-banking/mobile banking technologies
- Perform a risk assessment of an existing e-banking/mobile banking solution
- Test controls in an e-banking/mobile banking environment
- Recommend possible solutions/procedures to enhance e-banking/mobile banking security controls
- Assess the vendor management program to identify required controls that meet financial institution policies and standards
Participants will learn the technology essentials contributing to internet and mobile banking risks, and will be able to apply that knowledge in the context of common threats. Participants will contrast the risks for serviced and turnkey e-banking platforms, as well as for established and emerging technologies. Case-based demonstrations and exercises will provide context for examination activities.
Participants should be able to identify risks associated with the three tiers (presentation, business, and database logic) commonly used to describe the technical implementation of an e-banking/mobile banking website. Participants will also be able to identify the risks associated with various web server technologies. Hands-on exercises will provide participants with an understanding of the SQL as well as the tiers that can be compromised by attackers. Participants will understand the various technical solution enablers used to support policies and procedures for risk mitigation of associated vulnerabilities and exploits. Finally, the participant will understand the importance of web-application testing methodology and tools.
By module, the following learning objectives will be accomplished:
|Introduction to E-Banking/Mobile Banking||
|Mobile Financial Services Overview||
|Identifying and Analyzing Risk||
|E-Banking/Mobile Banking Key Components||
|Implementing E-Banking/ Mobile Banking||
|Web Authentication/Mobile Device authentication||
|Evaluating the Checkers Bank||
|Common Web Vulnerabilities||
|Web Application Testing||
|Guidelines on Risks and Managing Risks||
|E-Banking/Mobile Banking Trend Watch||
The E-Banking/Mobile Banking course is developed and supported by a group of instructors with extensive examination experience and expertise in banking technologies. Instructors come from across the Federal Reserve System as well as other regulatory agencies and industry.