You are on page 1of 37

Bank Introduction

Soneri bank Limited is engaged in banking service, and operate more than 216+ branches
including Islamic Banking Branches in Pakistan. The bank operates in four segment corporate
finance, trading and sales, retail banking and commercial banking.
Corporate finance includes syndicated financing and services provided in connection with
mergers and acquisitions, underwriting, privatization, securitizations, debt, equity, syndication,
Initial public offers (IPO) and secondary private placement. Trading and sale segment includes
fixed income, equity, foreign exchange, commodities, credit, funding, own position securities,
brokerage debt and prime brokerage. Retail banking segment includes retail lending and deposit,
banking services, private lending and deposit, trust and estates investment advice and merchant/
commercial/ corporate cards. Commercial banking includes project finance, real estate, export
finance, trade finance, factoring and leasing. The essence of the banks business philosophy is to
cater to the banking requirements of small & medium sized entrepreneurs, providing them
qualitative & competitive services with emphasis on encouraging exports. Nearly forty percent of
our credit portfolio is related to export financing and credit decisions are taken within 48 hours.

History of Soneri Bank Limited


Directors from international financial institution to open the market and involve the private sector
in the economy of the country got the leading investors from private sector and one of them was
the Rupali Group. This group belongs to Feerasta Family. This group started its business
before 1971 partition of East Pakistan and come to West Pakistan after 1971.
SONERI BANK LTD was incorporated on 28th September 1991, the first branch in Lahore was
opened in 16th April 1992 and second branch in Karachi came into business on 9th May 1992.
The head office is in Lahore and the central office is in Karachi.
The authorized and subscription capital is Rs.300 million Out of which Rs.150 was million was
distributed by Feerasta Family and Rs.150 million worth share was offer to general public.
There was over subscription of 28 times more than the number of shares offer for subscription
and the over subscription NRPs was 3 times more. The bank currently operates 216 branches,
spread all over Pakistan including the Northern Areas of the country. The banks expansion
policy is based on the principle of maintaining a balance between the urban and rural areas. This
created its own challenges and opportunities, and forced them to evolve an outward-looking
strategy in terms of their market emphasis.

As a result, Soneri Bank developed a geographically diversified assets base instead of a


concentrated and heavy reliance on business in the major commercial centers of Karachi and
Lahore, where most other banks have their operational Head Offices. Pleasant and sophisticated
atmosphere has been provided in the branches which are fully air conditioned and computerized.
The bank after eight months of functioning published its first Balance Sheet as on 31st December,
1992 responding with great satisfaction to the confidence reposed in it by its shareholders.
Among the new banks, Soneri is a front runner and continuous to make rapid strides in respect of
deposits. The bank is now in the process of consolidation with care and caution and steady
growth on sound footings with best possible services for its customers as the guiding principles.
The Rupali Group has an investment of more than Rs.10 billion in industrial sector other than
SONERI BANK LTD.

VISION STATEMENT
To provide quality services to its customers through adoption of best practices and full
exploitation of I.T advancement, culminating at a leading position amongst its peer banks
Stronger banking relationships, increasing customer confidence

MISSION STATEMENT
To develop Soneri Bank Limited into an aggressive and dynamic financial institution having the
capabilities to provide personalized service to the customers with cutting edge technology and a
wide range of products, and during the process to ensure maximum return on assets with ultimate
goals of serving the economy and society.
We have more time for you

Values
We cannot successfully achieve our goals even if we have all the resources and instruments at our
disposal unless we change our values and attitudes.
The values which each staff member should inculcate and practice are:
Personal and professional integrity of highest standards.
Trust and sense of responsibility
Team work, collaboration and open communication.
Honest and candidate feedback.
Serving the clients with courtesy, respect and competence.

Principles for Achieving Goals


Soneri Bank has defined the following principles for achieving goals which are set by the board
of Directors for the smooth running of the affairs of the Bank.
These principles are as follows:
Fully aware of the role, responsibilities, roles, regulations and procedure of the
organization.
Courteous, Quality and efficient services to the services.
Knowledge about the product.
Ensure that the time and effects are applied in the most judicious and productive manner.
Seeking guidance in serious and complex issue.
Maintain complete secrecy of the bank and the customer.
Insure complete adherence to the bank standard code of conduct.
The board would like to record its appreciation for loyalty, devotion and hard work of the
officers and staff of the bank at all level.

Product and Services


Soneri Bank offers a diverse range of products & services to cater to the growing banking needs
of our customers. Our brand promise Roshan Har Qadam manifests our commitment to
constantly innovate our product suite for the best match of personal & business needs of our
customers, including Commercial, Retail & Corporate segments.
With our Corporate Vision, to better serve customers to help them and the society grow and our
Mission to provide innovative and efficient financial solutions to our customers, we integrate
with our valuable customers to provide them convenient and hassle-free product solutions.
Empowered by an ever-growing network of branches and ATMs, we strive to become the bank of
choice for our existing and potential customers.

Retail Banking
Current Account
Customers can open any Current Account for their day-to-day banking needs and enjoy the
convenience of Banking offered via 246 online branches and a growing ATM network of 263
machines across the country.

Our popular Rupee Current Accounts include:

Soneri Ikhtiar Business Account


Soneri Ikhtiar Current Account is our flagship current account for businesses providing efficient,
accessible and convenient banking transactions. Soneri Ikhtiar Business Account gives numerous
free facilities without maintaining any average balance requirement, including free issuance of
Bankers Cheques, free online banking, free Cheque books, free VISA Debit Classic Card, and
much more, to help your business grow without paying for the Banking Services. In addition,
Soneri Ikhtiar Account comes with free worldwide accidental insurance cover and ATM
withdrawal coverage to help protect your loved ones by keeping their future secure.

Savings Accounts
Soneri Bank offers a variety of Savings products for salaried persons or those who have a fixed
regular income to encourage savings. We also have Savings Accounts for senior citizens and
pensioners.
Some of our Savings products include:
PLS Savings Account
PLS Savings Account is a basic deposit account with no minimum balance requirement. This
account may be opened with an initial deposit of PKR 100 only. We offer Alternate Delivery
Channel Services on these accounts, including VISA Debit Card and Soneri Direct Internet
Banking.
Soneri Savings Account
Soneri Savings Account is a flexible and fast growing cumulative profit account. The rate of
profit on this account increases with your balance without any demand and negotiations with the
Bank. Soneri Savings Account has no minimum balance requirement. As with the PLS Savings
Account, this account may also be opened with an initial deposit of PKR 100 only. Alternate
Delivery Channel Services on this account includes VISA Debit Card and Soneri Direct Internet
Banking.

Term Deposit Accounts


Term Deposits
Soneri Term Deposits are for customers who intend to retain their savings for a fixed period and
earn a higher rate of profit. Term Deposits allow customers to save a fixed amount in Rupees for

a set period ranging from 1 month to 3 years at attractive profit rates. The depositor has the option
to reinvest the deposit automatically with or without profit.
Diamond Deposits (Monthly Income Scheme)
Soneri Diamond Deposits provide investment opportunities to investors looking for additional
monthly income with an attractive return. With terms from 1 year to 3 years, investors earn a
monthly profit credited to an associated Current Account for easy withdrawal and use through the
VISA Debit Card and over 263 Soneri Bank ATMs across Pakistan.

Agriculture Financing
Soneri Bank offers various Agriculture Finance Schemes for the farming and rural community
that help them advance their agricultural operations, both for Production & Development. The
following Agri product suite is available to meet the needs of our customers:
Soneri Revolving Credit Scheme
Soneri Farm Mechanizing Support Financing Scheme
Soneri Tractor Financing Scheme
Soneri Aabiari/Tube well (Water Management) Financing Scheme
Soneri Live-Stock Development Financing Scheme
Soneri Land Development (Islah-e-Arazi) Financing Scheme
Soneri Go-Down, Silos, Cold Storage, etc. Construction Financing Scheme

SME Finance
Soneri Bank Ltd. is at the forefront of commercial excellence, and has strengthened its portfolio
by introducing small and medium enterprises (SMEs) financing options to its most discerning
customers. The market segment for this business is primarily SMEs and the bank stands
committed to contribute in the process of national development, with a strong focus in providing
quality financial solutions and cash flow based financing in order to make the SME financing a
success in the country.

Basic Banking Account


Soneri Bank Limited introduced Basic Banking Account Scheme on July 01, 2006.
The salient features of the Scheme include;
Basic Banking Accounts may be opened in the Pak Rupees by individuals including
minors under guardianship
The accounts may be opened by initial deposit of any amount

No minimum balance requirement is applicable


Basic Banking Account is non-profit bearing account
4 withdrawals from a Basic Banking Account through cheques in one calendar month are
free of service charges. Additional withdrawals through cheques in a calendar of month
shall be subject to service charge @ Rs.25/- per additional cheque
Soneri Banking Cards for the use of Banks Electronic Banking Service are issued
without charges for one time issuance of the cards
Unrestricted number of withdrawals from the account through ATMs are permissible
subject to applicable per day withdrawal limit for amounts in force
Cash withdrawals from Soneri Banks ATMs are free of Service Charge. Use of another
banks ATM shall be subject to Service Charges applicable
Basic Banking Account holders may also use Soneri Banks other Electronic Banking
Services subject to completion of applicable formalities which shall be subject to
applicable Service Charges
Account having -NIL- balances for six consecutive months shall be closed without prior
intimation
Statement of Accounts are provided once a calendar year at the year end
Individuals who already maintain PLS Saving Accounts/ Current Accounts with Soneri
Banks branches may convert their accounts into Basic Banking Account. Please contact
any Soneri Bank branch for further details
Withholding Tax applies on all cash withdrawals.

Online Banking
Online Banking Services are available for all chequing account holders of Soneri Bank.

Services
Cash Payments of cheques drawn on any of our all branches
Cash Deposits into customers accounts maintained at any of our all branches

Government Taxes/Duties
Cash Cheques or Cheques Applicable Government Taxes/duties
Under Collection if payable recoverable as per rules to third parties

Cash Deposit
Deposits made by third parties into accounts of customers maintained at all branches are
subject to recovery of applicable withholding tax, as per rules from the depositors
Cheques under Collection
Proceed of Cheques drawn on our all branches are immediately credited to depositors account
subject to fulfillment of other conditions governing payment of cheques
Govt. Taxes as per rules are recoverable on outstation collection cheques

Lockers Service
Customized lockers as per the requirements of applicants are available at our designated
branches. The lockers may be operated during the banking hours of the branch.

Consumer Finance
Soneri Car Finance
Now you can become the owner of a brand new car through Soneri Car Finance Scheme. Soneri
Bank Limited offers Car Finance facility up to Rs.2,000,000/-, repayable in 5 years in equal
monthly installments. To fulfill your need, please contact your nearest branch of Soneri Bank
Limited or call 111-567-890 for application assistance.

Soneri Personal Finance


An easy solution to your cash needs now you can turn your dreams into reality via Soneri
Personal Finance Scheme. Soneri Bank Limited offers Personal Finance up to Rs.500,000/-,
repayable in 5 years in equal monthly installments. Finance is available to meet your personal
financial needs. To fulfill your needs, please contact your nearest branch of Soneri Bank Limited
or call 111-567-890 for application assistance.

Electronic Banking
ATM / Visa Debit Card
Soneri VISA Debit Card brings you a hassle-free experience of spending and making payments
countrywide. As a Soneri VISA Classic Card and VISA Gold Card holder you can avail
unmatched opportunities and benefits.

Phone Banking
You

can

Dial 111

conduct

your

banking

SONERI (111-766374)

to

from
reach

anywhere
our

and

at

Customer

any

time

Services

you

Call

want.
Center.

With Phone Banking, you can access all the information you need without having to make a trip
to the branch. At home, at work or on the go, all you need is a touch-tone telephone, your card
number and the T-PIN to access your bank account, 24 hours a day, 7 days a week.

Mobile Banking
Soneri Bank customers can avail the Soneri Mobile Banking services and access their account
anytime and anywhere via their mobile phones. As a Soneri Bank customer you can view your
account statements, perform funds transfer, get mobile top-ups and also pay your utility bills
while sitting in the comfort of your homes and offices.
Utility Bills Payments
Soneri Bank VISA Debit Card holders can pay their bills using Soneri Bank Internet Banking,
Call Centre and ATM Services.
No need to stand in a bank queue
No need to carry cash
Easy way of paying bills for you and your dear ones
Bills once paid are automatically registered in our system
24 hours a day, 7 days a week service from anywhere across Pakistan or worldwide
Available Services
Service is currently available for payment of:
KESC, LESCO, GEPCO, HESCO
SNGPL, SSGC
Warid, Ufone, Telenor, Zong (Prepaid and Postpaid), PTCL Normal Land
Line, PTCL Defaulter Corporate, EVO Postpaid, EVO Prepaid, PTCL
VFONE
Utility Bills Payments through Internet Banking;

Log on to soneribankonline.com.pk or simply click on the Soneri Direct logo


available on our website
Enter Username and Password for Soneri Direct

Click on Bill Payment option


Select Billing type: Telephone/Electricity/Gas
Select the Company, enter consumer number or mobile number
Enter four digit F-PIN (generate your F-PIN before any transaction for the
security purpose)
Confirm your transaction
Confirmation SMS and email would be sent on your registered* Mobile
Number and Email address
Easy Steps for Utility Bills Payments through Call Centre
Call 111-766-374 from the same number available in our records
Enter your Soneri Visa Debit Card number. and T-PIN for the validation
purpose
Press 0 to talk to the Phone Banking Officer
Ask Phone Banking officer to pay your desired Utility Bills
Confirmation SMS would be sent on your registered* mobile number
Easy Steps for Utility Bills Payments through ATMs
Insert your Soneri Visa Debit Card in any Soneri ATM
Enter your ATM PIN code
Select Smart Option Utility Bill Payment
Select Utility Company, and enter consumer number or mobile number
Confirm your transaction
Get a transaction receipt and Confirmation SMS on your registered* mobile
number

Internet Banking
Soneri Direct Internet Banking provides our customers a hassle-free, simple and secure platform
to operate their bank account from the internet 24/7 from anywhere in the world. Customers can
access their Soneri Banking account anytime, print account statements, pay utility bills, transfer
funds and view the history of their Soneri Internet Banking activities with a single click from
their computers.

ATM Withdrawal Coverage - Tahaffuz


Soneri Tahaffuz ATM Withdrawal Coverage is a product that covers you in the event of loss of
cash resulting from armed hold-up or forced deprivation on withdrawals from any 1-Link/Mnet
ATMs in Pakistan. The coverage is available for both conventional and Islamic account holders.

SMS Alert
Soneri Bank offers SMS Alert Service to all of its customers, in order to make them feel secure
and in control of their spending. The alerts are instant and keep customers updated about their
account transactions.

Bancassurance
Soneri Bank offers numerous coverage products to protect customers and their dear ones. Benefit
from an array of Bancassurance products to match your specific needs, ranging from your
childrens education plans to business protection plans:
Soneri Saver Plan
Roshan Takmeel Plan
Roshan Aghaz
Karobar Muhafiz Product

Soneri Sahara Account


Soneri Bank offers a Savings account for its senior account holders so they may retire with a
smile. Soneri Sahara Account calculates the profit on the monthly average balances and the profit
is credited to the account on the first working day of the following month. We provide the VISA
Debit Classic Card and the first Cheque book of 25 leaves for free to our Soneri Sahara Account
holders.

Corporate Banking
Soneri Bank provides a one-window approach to its valued corporate customers for their
Working Capital, Project Finance, Trade Structuring and Investment Banking needs through our
dedicated Relationship Managers and Branch Channels in a seamless manner.

Soneri Islamic Banking


Soneri Islamic Banking segment Soneri Mustaqeem offers a broad range of 100% ShariahCompliant financial solutions.

Financing Products;
Murabaha
Ijara
Salam
Diminishing Musharaka
Trade Finance
Deposit Products;
Soneri Aasaan Business Account
Soneri Bachat Savings Account
Soneri Munafa Savings Account
Soneri Meaadi Term Deposit
Soneri Jari Current Account (Local and Foreign Currency)

Home Remittances
Soneri Bank introduces Soneri Mehnat Wasool, the Home Remittance Service. The service
provides customers the convenience of collecting their remittances sent from abroad from any of
Soneri Banks 246 Branches in 105 cities across Pakistan. Initially launched with MoneyGram as
one of the international money transfer partners, Soneri Bank has signed-up with RIA Financial
Services (RIA Money Transfer), Wall Street Finance Canada Ltd., Al Falah Exchange & Golden
Money Transfer under PRI to facilitate its customers.

Foreign Currency Deposit Accounts


Soneri Bank also offers Foreign Currency Current, Savings & Term Deposit Accounts to cater to
the foreign currency transactional needs of our customers.

Financing Products
In addition to our conventional financing products, including Running Finance, Cash Finance,
Finance against Imported Merchandise (FIM) and Finance Against Trust Receipts (FATR), the
Bank also offers following specific financing products to help the customers grow their business
without worrying about funding requirement.

Soneri Speed Finance


In line with our brand promise of Roshan Har Qadam, we have introduced Soneri Speed
Finance which is one of the latest additions to our suite of financing products. It has been
designed to provide hassle-free and quick financing solutions to meet both the short and long

term financing needs of Consumers, Small & Medium Enterprises, Commercial and Retail
businesses. This product allows the customers to avail various financing facilities which are best
suited to meet their particular need(s) enabling them to grow and prosper.

Cash Management
SBLs Cash Management Channel Soneri Trans@act, provides our valued customers with a
comprehensive, end-to-end cash flow management, i.e Receivables and Payables Management, in
the most effective and efficient manner.
Our CM service, comprises of a full array of products & services, designed and tailored to enable
Corporate, Commercial and SME customers to securely exchange funds and financial information
in real-time with their trading partners, for the optimal management of working capital.

Departments
Cash Department
In this department has daily cash reconciliation of cash balance with their ledger system. The
transactions occur in the cash department are of two types:
Cash deposits
Cash withdrawals

Account Department
Accounts department of the bank maintains the balances of various accounts for every
transaction. A voucher is to be prepared, and accounts department ensure its authenticity. Daily
the voucher is summarized transaction wise and consolidated.
Account department deal with the followings;
Record keeping
Dealing with expenditure of bank
Preparation Different types of reports for State Bank
Deprecation calculation of assert
Accounts Opening & Closing
Maintaining statistics of all report prepared
Daily position of cash & every account

Budgeting
Matching daily summaries of all departments with ledger

Remittance Department
In which department the bank often are engaged in transferring funds from one place to another.
The main functions of this department are:
Mail Transfer (MT)
Payment Order (PO)
Telegraphic Transfer (TT)
Demand Draft (DD)

Clearing Department
A clearing department is an organization of the member banks, working under Soneri Bank and
which is for the purposes of setting inter banks claim resulting from transmission of funds from
one bank to another bank. The branch cheque/instruments are credited in to the account of the
customer.
To accept Transfer, collection cheque, Transfer delivery and clearing cheuqe from the
customers of the branch and to arrange for their collection.
To arrange the payment of cheque drawn on the branch and given for collection to any
other branch on SBL or any other member banks or sub member of the local clearing
house.
To collect amount of cheque drawn on bank members, sub-member of local clearing
house, sent for collection by SBL Branches, not represented at the local clearing house.

Establishment Department
This department mainly deals with the branch employees.
Following are the Main functions of this department are;
Employees bonuses benefit etc.
Employees salaries distribution
Keeps the record of attendance of employees
Environment of Bank

Enhance marketing strategy


Customer confidence enhancement

Credit Department
Soneri bank limited is conducting its business and helping its customers and the public in their
business is involved in loans and giving advancing. The credit department has the duties of
issuance of short and long term loans to customers. A bank is a profit seeking institution. It
attracts surplus balance from the customers at low rate and makes advances at high rate of
interest.

Account Opening Department


Following are the operations policies and processes of account opening;
An application on prescribed form is given by customer
Nadra verification is obtained
Copy of CNIC
Specimen signature card / S.S card
Signatures are verified
KYC (know your customer) profile is completed
Account is opened in system and account number is allotted to customer
Cheque book charges are recovered
If customer requires ATM Card / Visa Debit Card are issued after completing application
from customer and approval of Central Office Karachi

Trade Department
Last department which was served is Trade (Letter of Credit and Import etc.), Letter of Credit is a
document which is used in Import and export.
Two types of Letter of Credit;
Letter of Credit sight
Letter of Credit usance
For opening a Letter of Credit customer is asked for Performa Invoice or Indent, Insurance
Covering Letter, Bill of Lading & I-form.

IT Department Responsibilities
In those days IT department is consider a brain of any organization because the IT department
provides the service 24/7 to ensure that everything is running smoothly and the banking system
are not expose to outside the world.
IT department perform the following responsibilities in bank;
All communication throughout the branches and data center.
Monitoring the existing application running inside the organization.
Monitoring critical Applications.
Provides the service to operation department.
Monitored networks and other connected medium.
Security of existing and new application
Security of networks and critical in house security issues.

IT Department Structure

Networks and
communicaion

Techincal
Support

Service
Management

IT
Deprment

Security Risk

Relationship
Management

Networks and Communication


Networks and communication is sub department of IT department and the department is
responsible to managing existing data networks, managing the voice networks managing the facts
network e.g; internet, intranet, extranet and LAN, MAN, WAN, and topologies and all other
medium of communication like telephone, cellphone, fax, conference calls, instant messaging.

Service Management
The department is responsible for providing the service to the new as well as existing customer
and this department. Try to deliver best reliable services to the customer like; online banking,
online bills payments, funds transfer, e-statement, mobile bills payments and recharge etc.
This department is responsible to monitoring the critical application to avoids any financial loss
and for the betterment of employees working.

Relationship Management
This department provide the service enhance the relation of customer with the bank and provide
the service like; birthday gifts, wedding wishes, balance alerts inquiry, information about new
products and service and create the link with the customer up to the time.

Security and Risk


This department provides the service to secure all the system of the organization. This department
is also responsible inside and outside security problems and the security is manage with the help
of CC Tv cameras and firewalls for network.

Technical Support System


If bank faced any problem in software and hardware then that department provides the service. If
the problem of software solve the online. If any other problem in software and hardware then the
technical person visits the branch.

Internet and its Types


What is internet?
A global computers networks providing a variety of information and communication facilities,
consisting

of

interconnected

networks

The Internet is a global network of networks.

using

standardized

communication

protocols.

What are Intranets?


The term Intranet is derived from two words; Intra which means within and net which means
group of interconnected computers. It is a private computer network that uses Internet protocols
and network connectivity to securely share any part of organization information or with its
employees. In short, an intranet is private network. e.g Faculty portal. Only employees who are
issued passwords and access codes are able to use them. Firewalls protect intranets from
unauthorized outside access.
Advantages
Fast, easy, low-cost to implement.
Connectivity with other systems and access.
Easy to learn and use.
Access to internal and external information.
Improves communication within the organization.
Disadvantages
Inappropriate and incorrect information can be posted on an Intranet which can reduce its
credibility and effectiveness.
There is a freedom to post abusive and possibly illegal material.
Training is required to educate people of what intranet can do.
Security of Intranet becomes an issue.
Need expertise in field to administer and develop Intranet information within the
organization.

What is Extranet?
An extranet implies an extended intranet, which uses IP protocol networks (like the Internet) to
link intranets in different locations. Extranet is somewhere between Internet and Intranet. It also
uses firewalls, but it allows only selected outsiders, such as business partners, suppliers, and
customers, to access the companys Web site.

Types of Extranet
Public Network Extranet
It exists when an organization allows the public to access its intranet from any public network.
Security is an issue in this configuration, because a public network does not provide any security
protection.

Private Network Extranet


Is a private, leased-line connection bet? Two companies that physically connects their intranet to
each other. The single advantage of this is Security. The single largest drawback is Cost.
Advantages
Improved quality.
Lower travel costs.
Reduction in paperwork.
Delivery of accurate information on time.
Improved customer service.
Better communication.
Overall improvement in business effectiveness.
Disadvantages
The suppliers & customer who dont have technical knowledge feel problem.
Faceless contact.
Information can be misused by other competitors.
Fraud may be possible.
Technical Employees are required.
Differentiation among Three Networks
Intranet is shared content accessed by members within a single organization.
Extranet is shared content accessed by groups through cross-enterprise boundaries.
Internet is global communication accessed through the Web.

Firewall
A firewall is a network security system, either hardware or software based, that controls incoming
and outgoing network traffic based on a set of rules.
Firewalls can protect against some problems (viruses and attacks) that come from the
internet. They cannot protect against viruses that come from infected media (like an
infected office document on an USB flash drive).
A firewall is a software program or piece of hardware that screen out the viruses and
hackers.
At their most basic, firewalls work like a filter between your computer/network and the
Internet.

Packet Filter
Packet filter also referred to as static packet filtering. Controlling access to a network by
analyzing the incoming and outgoing packets and letting they pass or halting them based
on the IP addresses of the source and destination. Packet filtering is one technique,
among many, for implementing security firewalls.
Proxy Server
In computer networks, a proxy server is a server (a computer system or an application)
that acts as an intermediary for requests from clients seeking resources from other
servers. A client connects to the proxy server, requesting some service, such as a file,
connection, web page, or other resource available from a different server and the proxy
server evaluates the request as a way to simplify and control its complexity. Proxies were
invented to add structure and encapsulation to distributed systems. Today, most proxies
are web proxies, facilitating access to content on the World Wide Web and providing
anonymity.
A firewall is used to protect your PC against hackers and other malicious connections. It'll block
any inbound connections that look like hackers or a malicious program.

What is Network and its Types?


Network is what?
A group of interconnected (via cable and/or wireless) computers and peripherals that is
capable of sharing software and hardware resources between many users.
A group of two or more computer and other devices connected together for exchange of
information is called a computer network.

Types of Network
LAN (Local Area Network)
A group of connected computers in a small geographical area under some is controlling entity.
These networks connect the computers within a building like from one room to another, one floor
to other floor. It is being used in a city level.
Characteristics
Following are some important characteristics of LAN:
Highest speed networks due to smallest networks covered area.
Data transmission speed is measured in megabytes.
Proposed area or distance is up to 1 kilometer.
Also known as Local Net.
Different network topologies can be used like bus topology, ring or star topology but star
is the proposed topology.
Easy to installation.
Easy to maintain.
Easy to un-installation.
Fewer data transmission errors occur than MAN and WAN due to smaller distance
transmission.
Examples
Home based networks.
Connect different classrooms/labs in a college or in university.
Connect different offices or campuses etc.

WAN (Wide Area Network)


A group of connected computers in a wide geographical area (great than LANs and MANs) like
cities, countries and even continents under different controlling entities.
These networks connect the computers in different offices of a company situated in or outside the
cities, countries or even continents.
Characteristics
Following are some important characteristics of WAN:
Lowest speed network than LAN and MAN.

Data transmission speed is measured in kilobits.


Its area is not limited but can be spread in millions of kilometers.
Different MANs combines to give a WAN.
Different network topologies can be used like star topology or tree topology but tree and
hybrid topologies are the commonly used topologies.
Any transmission media can be used but optical fiber cables and satellite links are
preferable.
Highest cost network than MAN and WAN.
Very difficult to install than MAN and LAN.
Very difficult to maintain than MAN and LAN.
Very difficult to un-install than MAN and LAN.
Most data transmission errors occur than LAN and MAN due to long distance
transmission.
Examples
Banks uses such networks for their dealings.
Airlines using these networks for their business.
Universities can use them etc.

MAN (Metropolitan Area Network)


Groups of connected computers in a city or from one city to another city having geographical
area more than the LAN and under some controlling entities.
These networks connect the computers in different offices of a company situated in or to
neighboring cities. It is being used in or between cities.
Characteristics
Following are some important characteristics of WAN:
Higher speed networks than WAN but lower speed networks than MAN.
Data transmission speed is measured in kilo bytes.
Proposed area or distance is up to 10 kilometer.
Different network topologies can be used like bus topology, tree topology but tree and
hybrid topologies are the proposed topologies.
Any transmission media can be used but optical fiber cables are preferable.
Lowest cost network than WAN but higher in cost than LAN.
Easier to develop than WAN but difficult than LAN.

Easier to maintain than WAN but difficult than LAN.


More data transmission errors occur than LAN due to long distance transmission.
Examples
Bata and service shoes companies connected their franchises.
Different campuses of universities scattered in different cities of a country. E.g Virtual
University
Connection among different railways booking offices etc.
Local banks their banking operations are within the country.

Computer Network Used by Banks


Banks use metropolitan and wide area network for their dealings because now a day banks
operations are not limited within a city or country banks operations spread across the nations.

Types of Topologies
Topology
Topology refers to the layout of connected devices on a network. Here, some logical layout of
topology
Mesh
Star
Bus
Ring
Tree and Hybrid

Mesh Topology
Here every device has a point to point link to every other device.
Advantages
They use dedicated links so each link can only carry its own data load. So traffic problem
can be avoided.
It is robust. If anyone link get damaged it cannot affect others.
It gives privacy and security.(Message travels along a dedicated link)
Fault identification and fault isolation are easy.

Disadvantages
The sheer bulk of wiring is larger than the available space.
Hardware required to connect each device is highly expensive.
Applications
Telephone Regional office.
WAN. (Wide Area Network).

Star Topology
Here each device has a dedicated point-to-point link to the central controller called Hub (Act as
an Exchange). There is no direct traffic between devices. The transmission is occurred only
through the central hub. When one device wants to send data to another device; first sends the
data to hub which then relays the data to the other connected device.
Advantages
Less expensive then mesh since each device is connected only to the hub.
Installation and configuration are easy.
Less cabling is need then mesh.
Robustness.(if one link fails, only that links is affected. All other links remain active)
Easy to fault identification & to remove parts.
Disadvantages
Even it requires less cabling then mesh when compared with other topologies it still
large. (Ring or bus).
Dependency (whole n/w dependent on one single point (hub). When it goes down. The
whole system is dead.
Applications
Star topology used in Local Area Networks (LANs).
High speed LAN often used STAR.

Bus Topology
A bus topology is multipoint. Here one long cable acts as a backbone to link all the devices. A
device want to communicate with other device on the n/ws sends a broadcast message onto the
wire all other devices see. But only the intended devices accept and process the message.

Advantages
Ease of installation
Less cabling
Disadvantages
Difficult reconfiguration and fault isolation.
Difficult to add new devices.
If any fault in backbone can stops all transmission.
Applications
Most computer LAN

Ring Topology
Here each device has a dedicated connection with two devices on either side. The signal is passed
in one direction from device to device until it reaches the destination and each device have
repeater. When one device received signals instead of intended another device, its repeater then
regenerates the data and passes them along. To add or delete a device requires changing only two
connections.
Advantages
Easy to install.
Easy to reconfigure.
Fault identification is easy.
Disadvantages
Unidirectional traffic.
Break in a single ring can break entire network.
Applications
Ring topologies are found in some office buildings or school campuses. Today high
speed LANs made this topology less popular.

Tree Topology
Alternatively referrers to as a star bus topology. Tree topology is one of the most common
network setups that are similar to a bus topology and a star topology. A tree topology connects
multiple star networks to other star networks.

Hybrid Topology
A network which contains all types of physical structure and connected under a single backbone
channel.
Which topology are the most redundant and the most expensive?
Through Mesh topology, every computer connects to every other computer. No central
connecting device is needed. Since every computer connects to every other computer, it requires
the most cabling, which increases the cost.

Soneri Bank which topology is used and what its advantage and
disadvantage?
List of Hardwares which are used by bank?
Ways of Communication within Branch?
Call Center System of Soneri Bank
Main Software of used by bank cost and its functions?
ATM System
TPs (Transaction Process System)?
A transaction process system is a type of system which collect, store modified and retrieve
transactions of an organization. Transaction is an event that generates and unevenly stored in an
information system with the help of transaction processing monitor. The ascense of a transaction
program is organized with the help of IT department.

Payroll System TPs


Payroll TPs is design to get information and employees record to calculate his/her salary. It get
information about the employees from the employees department and the ledger then it sent to
payroll TPs from where it links that information with previous record and prepare a record which
forward to management.

Customer Identification
Before perform any transaction banks have to verify the CNIC no., signature of customer and its
previous record of transaction.

Employees Record System


All employees are supposed to login when they enter in bank and logout on leaving the bank.
There thumb impression on biometric device which is connected with help of Hub with the
head office.

Security System

What is Banking Information System Audit?


Information system auditing is a systematic process of collecting and evaluating evidence
or information to access whether the information security system:
Safeguards assets effectively
Maintain data integrity
Achieve goals of the organization effectively
An information systems audit is an examination of the management controls within an
Information technology (IT). The evaluation of obtained evidence determines if the
information systems are safeguarding assets, maintaining Data integrity, and operating
effectively to achieve the organization's goals or objectives. These reviews may be
performed in conjunction with a financial statement audit, internal audit, or other form of
attestation engagement.
Information system audits are also known as "automated data processing (ADP) audits"
and "computer audits". They were formerly called "electronic data processing (EDP)
audits.
Nowadays, information systems audit seems almost synonymous with information security
control testing.
Information system Audit is a process in which an auditor would collect the original paper
statements and receipts, manually perform the calculations used to create each report, and
compare the results of the manual calculation with those generated by the computer. In the
early days, accountants would often find programming errors, and these were computer audit
findings.
However, these exercises also sometimes yielded findings of fraud. Fraud activities ranged
from data entry clerks changing check payees to programmers making deliberate rounding
errors designed to accumulate cash balances in hidden bank accounts. As auditors recognized
repeating patterns of fraud, they recommended a variety of security features designed to
automatically prevent, detect, or recover from theft of assets.

Banking Information System Auditing, also referred to as automated data processing


(ADP) auditing, electronic data processing (EDP) auditing and information technology
(IT) auditing, is primarily an examination of the system controls within an Information
structure architecture -- which is the process of evaluating the suitability and validity of
an organization's IS configurations, practices and operations. Information System
Auditing has been developed to allow the Banks to achieve goals effectively and
efficiently through assessing whether computer systems safeguard assets and maintain
data integrity. To check that in banks the security tools are Available or not

the

Personnel of bank Available in bank and they record the day to day transactions and to
check that the all procedures and polices which issued by state bank is applied or not.
According to State Bank of Pakistan
Banks should get their I.T. services audited by internal / third party auditors to ensure that
adequate security and controls are in place. The internal/ third party auditors so engaged should
review the IT related internal controls and evaluate/ validate the effectiveness of control
systems. The risk-based Information system audit should also ensure that the bank systems and
information technology are adequately secured and are meeting the needs of the business. IS
Audit being a continuous process should be carried out as such? In- house audit function
should ensure that follow-up activities and performance of reviews is on regular basis.
Therefore, to ensure that best practices in the field of I.T. Security and Control are adopted and
practiced in the banking industry, the banks are encouraged to establish an independent
internal Information System Audit function for regular monitoring of I.T. organizational setup
and activities. The board and the management should ensure that the independence, authority
and accountability of the Information System Audit function are maintained and established by
appropriate organizational setup in line with the international best practices.

History of Banking Information System Audit


Information System Auditing (IS auditing) began as Electronic Data Process (EDP) Auditing and
developed largely as a result of the rise in technology in accounting systems, the need for IT
control, and the impact of computers on the ability to perform attestation services. The last few
years have been an exciting time in the world of IT auditing as a result of the accounting scandals
and increased regulation. IT auditing has had a relatively short yet rich history when compared to
auditing as a whole and remains an ever changing field.
The introduction of computer technology into accounting systems changed the way data was
stored, retrieved and controlled. It is believed that the first use of a computerized accounting

system was at General Electric in 1954. During the time period of 1954 to the mid-1960s, the
auditing profession was still auditing around the computer. At this time only mainframe
computers were used and few people had the skills and abilities to program computers. This
began to change in the mid-1960s with the introduction of new, smaller and less expensive
machines. This increased the use of computers in businesses and with it came the need for
auditors to become familiar with EDP concepts in business. Along with the increase in computer
use, came the rise of different types of accounting systems. The industry soon realized that they
needed to develop their own software and the first of the Generalized Audit Software (GAS) was
developed. In 1968, the American Institute of Certified Public Accountants (AICPA) had the Big
Eight (now the Big Four) accounting firms including Banks participate in the development of
EDP auditing. The result of this was the release of Auditing & EDP. The book included how to
document EDP audits and examples of how to process internal control reviews.
Around this time EDP auditors formed the Electronic Data Processing Auditors Association
(EDPAA). The goal of the association was to produce guidelines, procedures and standards for
EDP audits. In 1977, the first edition of Control Objectives was published. This publication is
now known as Control Objectives for Information and related Technology (COBIT). COBIT is
the set of generally accepted IT control objectives for IT auditors. In 1994, EDPAA changed its
name to Information Systems Audit and Control Association (ISACA). The period from the late
1960s through today has seen rapid changes in technology from the microcomputer and
networking to the internet and with these changes came some major events that change
information system auditing forever.
Currently, there are many Information system dependent companies that rely on the Information
Technology in order to operate their business e.g. Telecommunication or Banking Company. For
the other types of business, Information system plays the big part of company including the
applying of workflow instead of using the paper request form, using the application control
instead of manual control which is more reliable or implementing the ERP application to facilitate
the organization by using only 1 application. According to these, the importance of Information
system Audit is constantly increased. One of the most important roles of the Information Audit is
to audit over the critical system in order to support the financial audit or to support the specific
regulations announced e.g. SOX.

Benefits of Banking Information System Audit


Improve Bank /Business efficiency.
Improve system and process controls.

Plan for contingencies and disaster recovery.


Manage information & developing systems.
Prepare for the independent audit.
Evaluating the effectiveness and efficiency related to the use of resources.
Reduce risk and enhance system security.
Prevent and detect errors as well as fraud.
Help to used up to date software and Hardware, and for achieving goals of organization.
Providing suggestions for improvement to the management of bank.
Cause to save the bank from Shutting down by detecting fraud earlier.

Computer Viruses, Worms, Trojan Horses


Computer Viruses
A computer virus is "a computer program usually hidden within another seemingly innocuous
program that produces copies of itself and inserts them into other programs or files, and that
usually performs a malicious action (such as destroying data)". Computer viruses are never
naturally occurring; they are always man-made. Once created and released, however, their spread
is not directly under human control.

Types of Computer Viruses


Macro Viruses
These viruses infect the files created using some applications or programs that contain macros
such as doc, pps, xls and mdb. They automatically infect the files with macros and also templates
and documents that are contained in the file. They hide in documents shared through e-mail and
networks.
Macro viruses include

Relax
bablas
Melissa.A
097M/Y2K

Memory Resident Viruses


They usually fix themselves inside the computer memory. They get activated every time the OS
runs and end up infecting other opened files. They hide in RAM.
Memory Resident Viruses Include

CMJ
meve
randex
mrklunky
Overwrite Viruses
These types of viruses delete any information in a file they infect, leaving them partially or
completely useless once they are infected. Once in the computer, they replaces all the file content
but the file size doesnt change.
Overwrite Viruses Include

Trj.Reboot
way
trivial.88.D
Polymorphic Virus
They encode or encrypt themselves in a different way every time they infect your computer. They
use different encryption and algorithms. This makes it difficult for the antivirus software to locate
those using signature or string searches (since they are very different in each encryption).
Polymorphic Viruses Include

Marburg
tuareg
Satan bug
elkern

Worms
A computer worm is a standalone malware computer program that replicates itself in order to
spread to other computers. Often, it uses a computer network to spread itself, relying on security
failures on the target computer to access it. Unlike a computer virus, it does not need to attach
itself to an existing program. Worms almost always cause at least some harm to the network, even
if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a
targeted computer.
Many worms that have been created are designed only to spread, and do not attempt to change the
systems they pass through. However, as the Morris worm and Mydoom showed, even these
"payload free" worms can cause major disruption by increasing network traffic and other
unintended effects. A "payload" is code in the worm designed to do more than spread the worm it
might delete files on a host system (e.g., the Explore Zip worm), encrypt files in acryptoviral
extortion attack, or send documents via e-mail.
A very common payload for worms is to install a backdoor in the infected computer to allow the
creation of a "zombie" computer under control of the worm author. Networks of such machines
are often referred to as botnets and are very commonly used by spam senders for sending junk
email or to cloak their website's address. Spammers are therefore thought to be a source of
funding for the creation of such worms, and the worm writers have been caught selling lists of IP
addresses of infected machines. Others try to blackmail companies with threatened DoS attacks.
Users can minimize the threat posed by worms by keeping their computers' operating system and
other software up-to-date, avoiding opening unrecognized or unexpected emails, and
running firewall and antivirus software.
Backdoors can be exploited by other malware, including worms. Examples include Doomjuice,
which can spread using the backdoor opened by Mydoom, and at least one instance of malware
taking advantage of the rootkit and backdoor installed by the Sony/BMG DRMsoftware utilized
by millions of music CDs prior to late 2005.

Trojan Horses
A Trojan is another type of malware named after the wooden horse the Greeks used to infiltrate
Troy. It is a harmful piece of software that looks legitimate. Users are typically tricked into
loading and executing it on their systems. After it is activated, it can achieve any number of
attacks on the host, from irritating the user (popping up windows or changing desktops) to
damaging the host (deleting files, stealing data, or activating and spreading other malware, such

as viruses). Trojans are also known to create back doors to give malicious users access to the
system.
Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they selfreplicate. Trojans must spread through user interaction such as opening an e-mail attachment or
downloading and running a file from the Internet.

Tips for Preventing Virus, Worms and Trojan Horses


Set the macro security in programs so you can enable and disable macros. Only enable
macros if the document is from a trusted source and you are expecting it.
Install an antivirus program on all of your computers. Obtain updates to the antivirus
signature files on a regular basis.
Check all downloaded programs for viruses, worms, or Trojan Horses. These maliciouslogic programs often are placed in seemingly innocent programs, so they will affect a
large number of users.
Never open an e-mail attachment unless you are expecting it and it is from a trusted
source. Scan for viruses in all e-mail attachments you intend to open. Turn off message
preview.
Write-protect your recovery disk by sliding the write-protect tab into the write-protect
position.
If the antivirus program flags an e-mail attachment is infected, delete the attachment
immediately.
Before using any floppy disk or zip disk, use the antivirus scan program to check the disk
for infection. Incorporate this procedure even for shrink-wrapped software from major
developers. Some commercial software has been infected and distributed to unsuspecting
users this way.
Back up your files regularly. Scan the backup program before backing up disks and files
to ensure the backup program is virus free.

How A Virus Can Be Spread Through An E-Mail?


Viruses can easily be transferred from one computer to another through sending mails. This is the
most common way used nowadays. They may come as an attachment along with the emails. It is
a common opinion that all the spam mails are only virus infected, but it is not so. Even if you

receive a mail in your inbox, it can contain virus in it. When you open and run the attached file,
you are indirectly allowing the virus to into your computer system. This will slowly affect your
hard drive and the entire system.
Often there will be mails like Spot offer, Lottery money, Free loan which will be very
attractive to read through. Its always better to avoid those mails. Never open any attachments
received from unknown people. You may receive many junk mails which you may have to avoid
by unsubscribing them. You may be asked to click on certain link for that. Be careful before
doing that or you may end up getting virus in your computer system.
To prevent such virus attacks, you need to;
Keep your operating system updated
Install and update the antivirus tool on a regular basis
Do not download the attachments directly
Always open the attachments in the mail only after scanning them with antivirus
software.
Keep your Firewall on all the times
Furthermore Know How about the handle of e-mails;
Today, e-mail is one of the most popular features on the Internet. Being able to identify threats
sent through e-mail can help keep your computer and your personal information safe. Below are
some of the most common threats you may encounter while using e-mail.
Attachments
Never open or run e-mail attachments. Viruses, spyware, and other malware are commonly
distributed through e-mails that have attachments. For example, an e-mail may want you to open
an attachment of claiming to be a funny video, when it's really a virus.
Phishing
Phishing or an e-mail phish is an e-mail that appears to be from an official company (such as your
bank) indicating you need to log onto the site to check your account settings. However, the emails are really sites setup to steal confidential information such as your passwords, credit card
information, social security information, etc. See the phishing definition for additional
information about this term as well as examples of these e-mails.

Safeguard against Unauthorized Access and uses


Passwords
Make sure a password has been set on computer. Default passwords such as "password," "root,"
"admin," or no password allows easy access to your computer or your Internet account.
Change passwords often. It is recommended at least once every few months.
Create a BIOS password.
When creating a password, add numbers or other characters to the password to make it
more difficult to guess; for example, 1mypassword23!.
Do not use sticky notes around your computer to write down passwords. Instead use a
password manager.
Biometric Devices
Authenticates a persons identity by translating a personal characteristic, such as fingerprints,
into a digital code stored in the computer verifying a physical or behavioral characteristic such
as;
Fingerprint readers Hand geometry systems
Face recognition system Voice verification system
Signature verification system
Retinal scanners

Safeguard Against; Software Theft, Information Theft, System Failure


Software Theft
Software theft is the unauthorized copying or distribution of copyright protected software.
Software theft occurs when someone;
Steals software media
Intentionally erases programs
Illegally copies a program
Illegally registers or activates a program
Types of Software Theft
Involves a perpetrator physically stealing a media that contain the software or the
hardware that contains the media. Example; an unscrupulous library patron might steal
the Encyclopedia Britannica optical disc.

When a programmer is terminated from, or stops working for, a company. The programs
are common property but some dishonest programmers intentionally remove or disable
the programs they have written from company computers.
Software is stolen from software manufacturers. Also called piracy most common form
of software theft Software piracy is the unauthorized and illegal duplication of
copyrighted software.
Users illegally obtaining registration numbers or activation codes. Keygen a program,
short for key generator, creates software registration numbers and sometimes activation
codes. Some create and post keygens so that users can install software without legally
purchasing it.
Safeguard Against Software Theft
To protect media from being stolen, owners should keep original software boxes in a
secure location. All computer users should backup their files regularly. If company
terminated the any employees then immediately protect their softwares and programs (in
big companies).
Software manufacturers issue users license agreement. A license agreement is the right to
use software. The most common type of license is single-user license agreement or
known as end-user license agreement (EULA).
In this agreement, users are permitted to:
Install the software on only one computer.
Make one copy of the software as a backup.
Give or sell the software to another individual, but only if the software is
removed from the users computer first.
Users are not permitted to: Install the software on a network, such as school
computer lab, export the software, rent or lease the software.
Information Theft

System Failure
Make adequate backups: Your best security policy is to do frequent backups. So many
times people have called me to say their system crashed - What should they do? I say,
restore from backups. Backups? But what if I dont have backups? Indeed. Most external

drives available today come with backup software that is economical and easy to
use. Don't get caught without your backups.
Test your backups: by doing restoration of the data to a test system. Restoring backup
data to a test system helps validate that your backups are working as expected. It should
be done once a month. If you don't have a test system, practice restoring a few files to a
temporary folder on your computer. The more comfortable you are with restoring files,
the safer you will be.
Store your data in two different locations: When your data is only on one set of
backups, there is always a chance that backup could get lost or deleted. By having
backups on two sets of disk or tape, or CD, the chances of losing your files are greatly
reduced.
Keep virus protection up to date: The price of an anti-virus protection program is cheap
compared to lost data and lost productivity time. Infected data might be impossible to
restore. And if that data is valuable to you, your company or your family, you could lose
documents or photographs that cant be replaced. Viruses and Spyware are also often
used to steal information from your computer and send it to illicit sources. Is it really
worth saving $50 a year not to be up to date?
Use a firewall: Firewalls prevent infiltration of hackers and other malicious threats. You
should keep a well maintained firewall between your computers and the Internet, and
between your computers and your in-house users. If you are a home user, you should
have firewall software implemented on your home computer and/or on your home router.
Purchase and install a UPS power supply: between your computers and the electric
power. A UPS can prevent surges from damaging your equipment and then they keep it
up and running during brief power outages. For an average home PC, a 300-500 watt
UPS will provide you with 10-20 minutes of uptime when the power goes off. And a
UPS guards against electrical surges that can damage the circuits in your computer.
Use data encryption on your wireless networks: When you first install a wireless
network router, it usually isnt set up to encrypt your data transmissions by default. A
smart computer hacker can see everything you are doing. And do you really want your
neighbors using your internet connection? Probably not. Set up your router to use WPA
encryption and set the password so that it cant be easily guessed.

Punishment does Hacker Receive


The federal cabinet approved the adoption of the prevention of Electronic Crimes Bill
2007 on 17 January 2007. The proposed law titled as Prevention of Electronic Crimes
Bill 2007 offer penalties ranging from six months imprisonment to capital punishment.
The bill deals with the 17 types of electronic crimes in which included, cyber terrorism,
criminal access, criminal data access, data damage electronic fraud, electronic forgery,
misuse of electronic system or electronic device, unauthorized access to code, misuse of
encryption, misuse of code, cyber stalking and suggest stringent punishment for offences
involving sensitive electronic crimes. It proposes seven years punishment on charges of
electronic fraud and electronic forgery and would not have the right of bail whereas those
tried for data damage; system damage and criminal data access, misuse of electronic
system or electronic device would get maximum three-year punishment with the right of
bail.
The bill suggests maximum punishment of death or life imprisonment for those booked
under cybercrimes or involved in sensitive electronic systems offences. The Minister for
Information Technology Awais Ahmad Khan Leghari stated that the e-crime law would
require the internet companies maintain their traffic data for at least six months to enable
the agencies to investigate cases involving data stored by them.

You might also like