Quality is one of the fundamental standards in terms of customer service; the current systems used by İktisatbank in terms of security go beyond the standard requirements. Despite the fact that there are no such standards applied in this sector, in Northern Cyprus, İktisatbank has received full marks from the Banking Regulation and Supervision Agency in Turkey for its technology and security standards. Security penetration tests were carried out by regulators on the infrastructure, internet safety as well as İktisatbank’s ability to protect against information theft. The results showed that penetration was not possible.
İktisatbank Information Technology Department Manager Mr Yasin Çiftçi said that most of the cyber attacks today are carried out within the banking, finance and insurance sectors, people tend not take advantage of the facilities available on the internet, despite the convenience, as they are afraid of security issues. Mr Çiftci went on to say İktisatbank have always been pioneers in technology within the banking sector, this type of testing is vital for the sector and despite not being implemented in the TRNC, İktisatbank having achieved the highest accolade for maximum security against the theft of client and asset information as well as protection against cyber attacks, means that our clients can be confident that their information and assets are safe.
The testing was carried out by an internationally recognised company with the main purpose of ensuring the security of our customers using the interactive technology offered by İktisatbank, be it the website or internet banking facility. Mr Çiftci explained that the penetration testing is carried out using the internationally recognised and approved methods. In the near future, within the local banking sector İktisatbank will be introducing a number of advances and new facilities in the technology field.
The Penetration testing includes the following:
• Trying to obtain unauthorised access to information systems or sensitive information, testing the system vulnerabilities before detection and correction.
• Designated access points defined by the user profile for basic and extensive penetration testing.
Internet basic penetration testing includes the following:
• Access the banking internet site from a remote location, to test the screening and detection process of the IP address being used.
Internal and branch network penetration testing includes the following:
• Authority to identify the local network map
• Identification through open ports, content filtering, firewall bypass testing
• Interruption techniques to attempt to obtain sensitive information
• Hijacking attempts on user computers, server systems and active devices
• The user computers and server systems seized when hijacking attempts made