China Merchants Bank28/09/2015
Established in 1987 in Shenzhen, the forefront of China’s reform and opening-up drive, China Merchants Bank ("CMB") is China’s first joint-stock commercial bank and also the first bank to attend the national experiment for the promotion of China’s banking industry reform driven by endeavors from outside the government.
Since its inception 24 years ago, CMB has grown with China’s economic progress from a small bank with a capital of 100 million yuan, one branch and over thirty employees into a nationwide joint-stock commercial bank that has a total net capital of 140 billion yuan, a total asset of 2.6 trillion yuan, over 800 branches and over 50,000 employees, ranking it among the world’s top 100 banks.
CMB (China Merchants Bank) priority is to provide quality and secure services to its customers. CMB considers its customers personal and business information as the company's core secrets for reliable & successful electronic financial services. CMB has not only been engaged in building security systems to protect customers sensitive information, but also invested in the sustainable development of enterprises through information protection measures, winning more and more trust & recognition in the industry.
CMB with E-Bank provides financial services to customers through internet, including traditional banking services and emerging services brought by new IT applications. The back end database of the business system is storing a large amount of sensitive information, including but not limited to: user's identity, credit card number, account password, phone number, etc. If those data were leaked, it would surely cause great economic losses with legal issues related to customer information theft and even cause serious loss of trust and confidence from its customers.
CMB’s main objective regarding the sensitive information of E-Bank is to prevent and avoid internet users from obtaining confidential information in the CUP (China Union Pay) servers. In addition to its focus on traditional strong authentication process, CMB also focus on secure process of plaintext transmission, network protocol security and application system security. Sensitive information is also subject to specific security policies which are reflected on two aspects:
1) The servers of CMB E-Bank have a large number of customer and core information data, such as ID number, bank card number, phone number and so on. There is a certain risk of information leakage during the use of internet banking services.
2) The standard external services of E-Bank servers include “http” and encrypted “https” applications, which requires monitoring and alarms on leaks caused by other services that could be opened in the E-Bank servers. The security administrator should be informed to perform an audit to ensure that the information leakage is detected & can be processed timely.
Through the deployment of Sangfor NGFW on the core switch of E-Bank database servers in bypass mode, its information leakage prevention module solved the problem of sensitive information leakage for internet banking.
1. Define accurate identification of bank account, phone number and ID number, develop security policies against information leakage. During a transaction, if one connection exports a plurality of information of the same user or one kind of information of different users, it will instantly send an alarm by SMS.
2. Set strict security policies of content analysis to prevent the export of sensitive information through the method of standard http access or download of database file.
3. Records the access log of each request involving sensitive information to facilitate future queries.
Sangfor NGFW’s sensitive information leakage prevention solution for business systems can audit both the standard access of http protocol and the query information of sensitive information in database file. With Sangfor NGFW, CMB is now able to improve the support capability of emergency response for internet banking and effectively guarantee the security of sensitive information.