BINETIX NETWORK

The security in BINETIX PTM information software System can be reviewed from several different angles - as a technological realization, as an integration solution and as a set of user options for managing and controlling the actions and operations in the System. The present material is more practical and user oriented. For this purpose, the following issues are addressed:

✓How to identify System users and how they receive access rights to System resources and functions;

✓What options for management and control are available on the user operations;

✓How security, monitoring and control are applied when executing financial operations in PTM;

✓What tools for active Incident Management PTM has to offer.

Brief historical reference:

In 2015 BINETIX presented on the Bulgarian market the first fully automated and integrated platform for Management, Control and Security of information in compliance to the Bulgarian legislation and specifically to the requirements of the LMAML (Law on Measures Against Money Laundering) and the LMAFT (Law on Measures Against Financing of Terrorist).

The Technology is incorporated in the latest versions of BINETIX PTM also in relation with the entry into force in 2016 of the European Parliament's General Data Protection Regulation (EU) 2016/679 (GDPR).

Upon performing control in financial operations and performing reconciliations in BINETIX PTM, security checks on individuals are carried out in strict accordance to the lists of suspicious persons officially published by SANS (State Agency for National Security). The result of these checks generates incidents and is a feature of the client profile.

Working with BINETIX PTM begins after a successful process of user authentication in the System.

The minimum requirements for this process are entering a username or an identifier and password. Some corporate clients additionally require the introduction of a specific ID of the users' working place.

The System can be further configured to accept a working place code, resulting in an extra field being visualized on the "Logging into the System" screen, as illustrated below:

What's more, the System can be configured to check and deny access to users who have already been successfully identified and for whom a work session has already been established.

Each registered user of BINETIX PTM has the option to change the password themselves before logging in.

To change the password, you need to click on the "Change password" button (see above) and to perform the following steps as shown:

1)to enter a valid System user identification number;

2)to enter the user's current password correctly;

3)to enter a new password;

4)re-enter the new password with the purpose to self-control the entered characters;

5)to press the "Save changes" button.

When information is correctly entered, BINETIX PTM will confirm the successful change with a message on the screen. The user will now be able to enter the System with the new password.

WARNING! Password switching options can only be used if users are managed and administered through BINETIX PTM tools. These options are excluded when integration with an external authentication System is required.

After successful authentication (see above), authorization is performed, and as a result the user obtain certain rights to use resources and functions in PTM System. The access rights of users can be managed through specialized screens for administration of user roles. The roles and rights of users in relation to the configured functionality of the System, depend on which System modules are enabled.

Note! For security reasons, detailed information on specific functional constraints, depending on the installed modules, is provided on demand and only in compliance with the established procedures and regulations for the exchange of confidential information.

The successful authorization process ends with the launch of a new user session in which the identified user operates with the access rights granted to her/him.

The user session is active as long as the user is working in System but is automatically shut down after inactivity.

BINETIX PTM System is continuously monitored and controlled in all financial transactions that are performed by users when working with Records.

In the Records of financial transactions remain a detailed trace of which user, when and in what context was carrying out a financial operation. The Record stores various data on users' activity, which are appropriately grouped and accessible through the detailed payments Report by reference number. For example, on the figure below there is section of the working screen that can be used to verify the history of transactions on selected financial transaction:

Besides the passive control of the financial operations by monitoring the actions on the financial Records, BINETIX PTM also provides functionality for active control.

Prior to finalizing certain financial operations, a so-called Reconciliation is carried out. It is a process of verification of financial and non-financial requisites, personal data and additional security criteria - ends with an assessment of operational and financial risk - before proceeding with the financial operation.

Practical examples of applying Reconciliation are given in the performance of cash and non-cash operations.

The System enables the user to actively participate in the process of validation and attestation in certain situations. Particularly when dealing with customers where it is essential the security incidents to be reflected in a timely and correct manner. In the example below, the reconciliation screen allows you:

1)to receive information of the main financial and non-financial parameters of a financial transaction;

2)to obtain information on the level of operational and financial risk, including automatically receiving information about emerging system security incidents;

3)to add user incidents, supplementing the context of a listed problem and user information.

Below is shown how the System has detected a problem in a situation when financial transaction has been performed, and it was reported as an incident with an acceptable level of risk.

The System maintains three predefined levels for overall risk assessment:

✓Informative - messages that are given for information but do not cause an incident report in the System;

✓Attention - messages that do not stop the execution of the financial operation but are reported as an incident in the System;

✓Critical - messages that stop the execution of the financial operation until the problem is resolved. These are also reported as an incident in the System.

Note: BINETIX PTM incorporates many automatic checks, whose validation is carried out and the total level of the financial and operational risk is calculated. These checks are designed and based on BINETIX algorithms and are subject to business secrets and are therefore not described in this documentation.

Administrative access to specialized PTM security features can only be obtained if you have the necessary access rights.