Security
The following features contribute to security of the ETT system and the institution that uses it:
- Email verification of users
- Moderated password recovery process
- Multi-factor authentication
- IP throttling
- Manual and batch processing of incoming and outgoing payments
- Reconciliation of returns and recalls
- Detection of duplicate entries
- Database triggers to ensure integrity
- Audit trail of backoffice staff operations
- Reconciliation of customer funds, profit & loss and liquid assets
- Risk levels
- Compliance on customer applications, outgoing and incoming transfers
- Internal notes
Besides the support of processes for determining the identify and whereabouts of applying customers, the system verifies the email address of users to ensure that they can be contacted by the financial institution.
There is no automatic password recovery system. Users must provide the email address with which they registered to request a password reset. To prevent phishing, the system doesn’t give any information about the existence of the provided email address. To prevent brute-force attacks, the user must prove that he is a human being by passing a ‘turing’ test (aka captcha).
The ETT software supports several forms of multi-factor authentication. Besides the username/password to access the system, a financial institution can choose from time-based one-time passwords (Google Authenticator) or simply the authorization code (a second password).
The software can be extended with other, more advanced, second factor authentication providers, such as Authentify or Authy, on demand.
To prevent brute-force attacks on user passwords, the ETT software is configured to ban temporarily IP addresses after a series of failed login attempts.
The ETT system processes incoming payments by parsing statement files from external payment processors. These files can be in CSV, MT940 or other formats and depend on the correspondent bank or payment processor. Additionally, the system can process incoming payments manually where the staff enters the details found on the statement, such as amount, currency, sender, date, etc.
For outgoing payments, the ETT system can handle manual processing (in which the backoffice staff simply states that a payment was processed by an external processor and provides a reference) or batch processing. In the latter case, the system can export payment requests in any format required by the correspondent bank or payment processor.
When the ETT system recognizes a return or a recall in the statements of a correspondent bank or payment processor, the original transaction is automatically recognized and reconciled with the new mutation. Financial institutions using ETT can configure the system to apply or refund fees and notify customers.
Processing large volumes of payments requires a system that will prevent error. The ETT system will recognize duplicate transactions in batch files to prevent double processing.
After booking of each transaction, the balance of the account is recalculated based on the transaction history to make sure the amounts are always up to date.
All the main processes in the backoffice are recorded in the audit trail as staff carries them out. This helps identify the source of an operation and analyze problems when they occur. The trail can be viewed by the supervisor users.
At any time, backoffice staff can run a reconciliation overview of the assets and liabilities of the financial institution. Liquid assets are set off against customer balances in each currency and summed up in the main currency of the system.
Hikes in exchange rates will immediately highlight forex positions taken by the institution and profit and loss is highlighted in real time.
This feature enables financial institutions to classify customers into risk levels, giving each a different level of trust and vigilance in day-to-day operations. This ensures that attention is focused on the right transactions.
The compliance module ensures that documentation is in order for customer applications and, if applicable, on transactions. The system can automatically flag incoming transactions based on risk level and volume.
The system opens a dialogue in which customers and staff exchange documentation until a transfer is satisfactorily documented.
Internal notes help share information between staff about customers, accounts and transactions. It is also used to keep a history of communication with customers that otherwise gets lost.