PNB C@shNet System Security
PNB C@shNet comes with a strong system security shell and a maintainable option to control the access to various operations of the system with fine granularity. Its security measure controls access to data, regulates decision-making powers, enforces accountability, ensures accuracy and reliability of data, and prevents unauthorized modification of data.
- User Entitlement and Authorization
Through the administration module, various access and authorization levels can be defined and assigned to specific users and account numbers. Log-in controls prevents same user code to be used in same terminal or other terminal. In case the user has not properly logged off, system will automatically log-off the user once the user’s session expires.
- Customer Administration
Customer may opt to be the Access Administrator for its company and shall designate its company administrator who shall define and manage company users and their rights and establish access authorization rules.
- Change Password
Change password is prompted based on given parameters to ensure that company users maintain passwords for increased security.
Maker-Checker ConceptThe Maker-Checker facility is an integral part of the PNB C@shNet system. This helps to reduce errors and unauthorized data entry into the system and may also be a tool in preventing frauds.
Maker – is a user who creates, modifies or deletes an existing record.
Checker – designated officer who approves/authorizes the creation, modification or deletion of a record.
Access ControlThe system uses the following methods to prevent unauthorized access and implementation in the system.
- User Authentication
User must use the assigned Login ID and password to log on the system each time. The system uses this ID and password as validation mechanism to identify the user. Once validated, menu options displayed shall be limited to functionalities which the user has been granted access rights.
- Session Time-out
The system automatically logs out the user after the specified period of inactivity. Session time-out prevents misuse of the system and unauthorized access to data in case a valid user leaves the system without logging out.
- Password Expiry
The system requires every user to change the password after a specified period. After the defined period, system shall prompt the user to make the necessary password modification and will require the use of the new assigned password on succeeding access to the system.
- Automatic Deactivation of the User Access
The system shall deactivate and lock the user’s access on the following cases:
- User fails to log out of the system properly.
- After a specified number of unsuccessful attempts to log in.
- No access for a specified number of days.