Non-motoring > Bank IT Systems | Computing Issues |
Thread Author: zippy | Replies: 4 |
Bank IT Systems - zippy |
As some of you will know, banking systems consist of a myriad of programs, some developed decades ago and they all need to "talk to each other". The main software system for the division that I work in was updated a couple of years ago at great expense, in terms of money and staff time testing. It was purchased from a 3rd party supplier. The software needs to communicate with various legacy bank systems and it does this by numerous different methods including the updating of databases that are read by both systems, via APIs and the quaintest way is my posting CSV files in to a system subdirectory that accumulate and are acted on by a batch process. The latter has always been a concern and measures have been taken to make the directory inaccessible to staff and un-editable - save for the batch process deleting the files once they have been acted upon. The CSV files are payment instructions. In the simplest form: PAY AMOUNT FROM ACCOUNT 1 TO ACCOUNT 2 REFERENCE XYZ (in reality it's more complex than this but you get the gist). The main system doesn't check to see that the payments have actually been processed, it assumes that they have been unless it is told otherwise by a CSV message back. The double entry book keeping is managed my the main software and an API interface between that and the banks financial accounting system. Between Christmas and the New Year, the IT team made some changes to folder permissions and some wag got access to the directory and entered their own CSV payment instructions. A sizable chunk of money was transferred before someone came back in the New Year and noticed the books didn't balance! It wasn't me honest! Someone has been suspended. |
Bank IT Systems - smokie |
In my experience it's staggering just how very weak the weakest link can be in some business-critical systems. |
Bank IT Systems - Falkirk Bairn |
A few years back RBS/Natwest sacked the bulk of their UK IT staff and offshored their IT admin to India - the hardware is in the UK. A young Indian graduate employee had access to the scheduler (organises what the order processes takes place) and played about with it. RBS then took around 2 months to get everything squared up - Ulster Bank were "unable to function" for almost 2 months. They employed a Large Computer Company and got back dozens of sacked/redundant RBS employees and managed to rescue matters. In this case RBS/Natwest were lucky - if the same type of failure were to happen in say 10 years time they could be risking going out of business - the Bank's Retirees will be dead or at least unable to function at a level of knowledge needed. What a difference age can make! even 2/3 years later Completely unrelated to Banking. A grandson was struggling with an old past paper - he hopes to do Maths at university. I tutored a granddaughter 2 years ago (she got an A* although she is not an A* Maths student) and I had no difficulty with the same past papers at that time. Last night it took a 77 year old Grandpa 20 /25 minutes to wade through a question that was more like a 8 minute for a competent 17 year old or 5/6 minutes 75 year old Grandpa. |
Bank IT Systems - zippy |
I recall the RSB debacle. The result of cost cutting and lack of controls. TSB after Lloyds sold them off to a Spanish bank converted to that bank's software and that turned out to be a disaster - did they not test it? It took IBM months to sort it all out and the CEO was fined. The software we use was tested and tested again, despite being used by half of the banks that do what we do around the world - you can't assume that because it works for them it will work for us. It was also tested at transaction level - i.e. enter a set of transactions and make sure the output is as expected - again - the exact same software is used around the world and it is all hosted by the supplier so you would expect it to work, but you can't be sure so you do the testing. You can even see what company is hosting the software as a client as it shows up in the URL and certificate even though the web page has all of our branding - it's the same for all of the other banks. |
Bank IT Systems - Zero |
The RBS issue was down to a couple of simple things. RBS was run on an IBM Z/OS mainframe. Modern, secure and amazing resilient as it was, its core was basically old established IT, with old IT skills. All the bells, whistles and flash stuff was simply tacked onto it. Because it didnt break, RBS lost sight of the core need, got rid of all the old skilled staff, shipped it out to Mumbai where they knew nothing of what made it tick. Of course they screwed up the basic system and no-one at the bank had the skills to fix it. Airlines did exactly the same thing word for word. Last edited by: Zero on Sat 6 Jan 24 at 18:17
|