NPCI ACH Solution Bank on-boarding Technical 1
Agenda Features of the Automated Clearing House Solution Requirements & Readiness from Banks 2
Features Application Architecture Application Security Network Architecture Failover DR-BCP 3
Application Architecture 4
Security Architecture Contd Https based Secured Socket Layer (SSL) communication for data exchange Class 2 certificate with SHA 256 2048 bit encryption Sterling File Gateway (SFG) for message transformation, internally all would be ISO 20022 format User request will be processed at Web Server only 5
Application Security Dual Factor authentication 4 Eye Principle (Maker Checker Concept) for all activities SSL based communication Digital signing of files Non-Repudiation Audit log of user activity 6
Network Architecture Member Banks MPLS NPCINET ACH Application Tier PR & HA Internal Firewall ACH Application Tier DR INTERNET DSA Corporates External Firewall 7
Network Connectivity Internet can be used by DSA/Corporates with limited functions while accessing ACH Existing NPCINET for CTS will be used for ACH by banks in CUG Banks will need to upgrade/procure the necessary bandwidth based on the volume Network capacity (Mbps) = The assumptions in place for the network capacity are: that the busiest hour of the day moved 40% of the total item volume that a network can only be used up to 60% of it s theoretical maximum that 10-bits represents the data plus network overhead there are 1024 KB in a MB and 3600 seconds per hour Size per Transaction No of Transaction Module Banwidth Requirement (in Mbps) 250 Bytes 200,000 ECS 0.09 100 KB 2,000 MMS 0.36 5 KB 200,000 ACH 1.81 8
Failover DR-BCP DC in Chennai DR in Mumbai Primary A/P Cluster HA A/P Cluster DR A/P Cluster ACH DB ACH DB ACH DB ACH DB ACH DB ACH DB SFG DB SFG DB SFG DB SFG DB SFG DB SFG DB HADR synchronous over LAN DB2 Q- Replication asynchronous over WAN 9
Failover Mechanism High Availability (HA) present on the same primary site for recovery PR & HA database synchronous Q replication over LAN RPO Zero and RTO 10 minutes Disaster Recovery (DR) present on the off-site for recovery PR/HA & DR database asynchronous Q replication over WAN RPO Near Zero and RTO 30 minutes 10
Requirements & Readiness Hardware & Software Digital Certificate Network Connectivity File Formats Scanning of Mandate 11
Hardware & Software PC s with minimum one dual-core processor Minimum 2GRAM USB port Present & Enabled Operating system Windows XP/7 Browser Internet Explorer 8+, Firefox latest version Drivers for accessing e-token based digital certificates JRE Java 6 runtime environment 12
Digital Certificate Class II certificates will be used for user authentication and file signing Certificates can be procured from NPCI authorized CA Certificate will be required for every participant user of ACH incl. DSA/Corporates Standard crypto tokens should be used for storing certificates Certificates management can use the same RA service of bank No bank level certificate will be required to start with NETWORK Connectivity In Pilot phase banks we plan to use internet and access the performance 13
File Formats File Presentation Input file by sponsor Bank ECS & ACH File Format Format ECS Format - Flat file / ACH Format - ISO 20022 - pacs008(cr)/pacs003 format(dr) - Xml file Acknowledgement File to Sponsor Bank ISO 20022 - pacs002 format - Xml file ECS Format - Flat file / Inward File to Destination Bank ACH Format - ISO 20022 - pacs008(cr)/pacs003 format(dr) - Xml file ECS Format - Flat file / Return File from Destination Bank ACH Format - ISO 20022 - pacs008(cr)/pacs003 format(dr) - Xml file Acknowledgement File to Destination Bank ISO 20022 - pacs002 format - Xml file ECS Format - Flat file / Output File to Sponsor Bank ACH Format - ISO 20022 - pacs008(cr)/pacs003 format(dr) - Xml file Recall transactions ISO 20022 - camt056 Format - Xml file ECS Format - Flat file / UID Mapper File ACH Format - ISO 20022 - pacs008 format - Xml file File Mandate Initiation Request Mandate Amendment Request Mandate Cancellation Request Mandate Acceptance Report Mandate XML Format Format ISO 20022 - pain009 format - Xml file ISO 20022 - pain009 format - Xml file ISO 20022 - pain009 format - Xml file ISO 20022 - pain009 format - Xml file 14
Scanning of Mandate Existing CTS Cheque scanners can be used to scan mandates since format is same 3 Images need to be scanned for mandate processing same as Cheques 2 Images in Black & White of Front and Back side in TIFF format @ 200 DPI 1 Image in Grey scale of Front side in JPEG format @ 100 DPI Combined image size of all the 3 images should not exceed 80 KB 15
Bank Specification Document Hardware & System Software ACH process along with the file naming and format specification MMS processing along with Image specification MMS processing with GUI File & Message formats 16