Section 1. BUSINESS ON LINE

1.1 Benefits of Business On Line

Business On Line: The Business Banking Solution

Accessible from any PC with Internet access (only compatible with browser internet explorer), it is versatile, easy to use and cost effective.

Advantages to utilising Business On Line as part of your daily activities:

a) Reduce the time spent making telephone calls to the branch for balances, transactions and doing cheque searches. Balances & transactions are live and can be viewed throughout the day, transactions can be filtered to find specific information.

b) Reduce your time writing & posting cheques by paying your customers, clients & employees on Business On Line. Payments can be post dated for upto 60 days, allowing you to set-up payments, wages prior to going on business trips or holiday, these can be edited & / or typically cancelled up to one day prior to the payment date, subject to cut-off times.

c) Make account transfers throughout the day with instant effect Transfer money to any of your own business accounts and use those funds with immediate value.

d) Reduce paper work in the office. All Business On Line transactions are stored electronically for 90 days and can be accessed & / or printed at any time to accommodate company account reconciliation.

e) Customise Business On Line to meet your companies needs. Give your accounts nicknames to match your filing structure, allow as many users as you wish to access the system and control exactly what each person can do.

f) Business On Line uses quality internet security available, combining high end encryption and authorising passwords as well as log on User ID’s and Passwords.

1.2 Service Levels RFSI

Section 2. CUSTOMER SUPPORT

Business On Line is designed to be as user friendly as possible. In order to help the Customer find their way around BOL with ease, a number of support services have been developed.

2.1 Help Screens

There is a HELP button at the bottom right of every screen on BOL These provide a brief definition of the purpose of each screen and of the terms used.

2.2 Customer Support Unit

If an Authorised User experiences difficulties with BOL, having consulted the Help Screens and he/she should inform their BOL Administrator. If the Administrator is unable to solve the problem, the Bank's Customer Support Unit is available to answer queries. This service is free of charge to BOL Customers regardless of level of service selected.

The Customer Support Unit is open from 8:00am to 6.00pm, Monday to Friday (excluding Bank Holidays). Contact details are available on the Customer website. E-mail: business.online@boimail.com.

2.3 Additional Support

In the event that the problem cannot be solved over the phone, a further level of support is available which may involve a site visit. This support may be available on request and may involve a charge in order to cover costs, details of which are available on request from the Support Unit.

2.4 Problem Solving Procedures

If a problem exists

Help Screens

View the Help Screens to understand what each button on BOL can do.

Customer Administrator(s)

If problem persists, or if Authorised User cannot find a solution, contact Customer Administrator(s).

Customer Support Unit

If problem remains unresolved contact Customer Support Unit. Customer contact details are available on the Customer website. E-mail: business.online@boimail.com.

Additional Support

If required on-site visits may be arranged.

Section 3. TECHNICAL SPECIFICATIONS

  

Hardware:	Processor:	Pentium 4600 MHz or better
	Memory:	128 MB RAM
	Hard Disk Space:	200 MB
	Modem:	Dial-up 56k / ISDN / Broadband with static IP address
Software:	Windows Version:	XP service pack 2 / Vista / Windows 7
	Internet Explorer:	Versions 6, 7 & 8
	Java:	Sun Microsystems version 1.5 or higher
Local administration rights required on networks for requesting digital certificate
The following will stop Business Online from working correctly
Pop-up blockers e.g. IE popup blocker, Yahoo / ALOT / Ask toolbars
No java on the PC / java version 1.4 or older
Using any web browser other than Internet Explorer
Some anti-spyware programs e.g. Spybot, Stopzilla
Some network firewalls may prevent Business Online from working correctly
Phone System:		Analog, ISDN or ASDL
Access Business On Line uses Java-based programmes and as such will not be available to PC's that have protective firewalls configured to reject Java (applet) requests. Please contact us in order to overcome this problem.

Top

Section 4. SYSTEM SECURITY

4.1 The Internet

The customer is responsible for making absolutely sure that he/she has put in place reliable internet security systems, e.g. anti-virus software.

These are vital to prevent:

>Unauthorised access to a Customer’s computer system and its applications.

>Unauthorised disclosure of sensitive information.

>Any possible tampering with systems or the data on them.

>Disruption of services due to Internet access problems.

4.2 Banking Security Encryption Digital Certificates System Design

There are specific security measures which, when working together, provide an exceptional level of security.

a) Bank of Ireland protects the confidentiality of data being transferred between the bank and the Customer by using encryption.

b); This involves ‘scrambling’ information using 128 bit encryption which is one of the most sophisticated forms of data encryption data and only intended users can read the information.

c); Customers making payments by BOL have a second level of security. The digital certificate.

d); A "Digital Cert" and a "Digital Cert Password" are created by the customer on a particular PC.

e); The "Digital Cert" is retained securely by the bank.

f); The "Digital Cert Password" is retained by the customer and used to authorise each payment.

g); Even though you can access BOL from any PC any where in the world the "Digital Cert Password" will only work on the particular PC that it is set up on.

h); The "Digital Cert Password" is a key that is verified by the "Digital Cert" held within the bank each time a transaction is made.

i); Each certificate is uniquely linked to an individual user and a change to the identity requires the issuance of a new certificate.

j); The Bank through a variety of internal security controls protects BOL and any data processed through it.

4.3 Customer Security

Administrators Roles of the Administrators Responsibilities of the Administrators Password Protection Reducing the Risk of Fraud

Administrator(s)

a) BOL is designed to give Customers a high level of control over their own financial affairs, reducing reliance on the Bank for general administration of the service. This increased level of autonomy allows for greater control and provides efficiencies for the customer.

b) The role of the Administrator(s) is a fundamental feature of the system and may differ from other electronic banking systems in existence.

c) The Customer must satisfy itself as to the integrity and suitability of the person whom it has chosen as Administrator(s).

d) The person(s) appointed as Administrator(s) at the Customer site is/are responsible for setting up Authorised Users and has full responsibility for the level of access provided to Authorised Users.

e) The Bank recommends the appointment of two Administrators. Administrators should be co-located as they will share a dual logon. To facilitate this, two Administrator Passwords are issued one to be held by each Administrator.

f) Each Password should be treated with utmost secrecy and confidentiality. These Passwords are system generated; therefore if one is forgotten or lost a new one will have to be issued by the Bank.

g) This may result in delays of at least three working days for the re-issue of Personal Identification Numbers (PINs).

a) The Administrator controls who has access to the service and what their Authorised Users are permitted to do.

b) The Administrator registers and maintains all User Details on BOL

c) The Administrator issues Authorised User IDs and Passwords to the other Authorised Users and can at any stage change a Password or prevent an Authorised User from logging onto the system.

d) The Administrator controls the Authorised Users' ability to prepare and authorise payments as well as their individual authorisation limits. They must make the Authorised Users aware of their responsibility to check the status of pending payment instructions on the system.

The Audit Log shows a list of the critical actions performed by the Administrator(s)

a) To log-on to the Administrator function, it is necessary for the Administrator Passwords to be entered. Thereafter all Administrator functions can be performed by the Administrator. However, as a matter of company policy, you may wish to require that both Administrators are present for the discharge of all functions. The Administrator function should be exited immediately once the necessary duties have been performed.

b) It is the responsibility of the Administrator to ensure that a review of the customer audit log takes place on a regular basis. The customer audit log records changes made by the Administrator to the identity and access levels of users.

c) If an irregularity is identified, the Administrator should verify the authenticity of transactions with the relevant Authorised Users and verify that all Passwords remain secure and uncompromised. If there is still concern regarding irregularities, the Bank's Customer Support Unit should be contacted immediately.

d) Once training is provided by the Bank, i.e. onsite, phone, tutorial or Quick Start Guide, it is the Administrator responsibility to train all other Authorised Users, including both existing and new Authorised Users.

e) It is solely the responsibility of the Administrator to communicate company guidelines on the use of BOL to the Authorised Users and to ensure compliance with those guidelines.

Given the level of responsibility held by an Administrator, Bank of Ireland strongly recommends that:

A member of the Customer's senior management should review the activities of the Administrator on a regular basis, including reviewing these activities on the audit log.

Because Passwords are the key to BOL, it is essential that they be kept safely. It is the Customer's responsibility to ensure that Passwords are not disclosed to unauthorised personnel. For more details refer to the ‘Security Guidelines’ available on the Customer website.

To ensure maximum protection it is mandatory that:

a) Customer changes Passwords frequently (regular prompts will be given by the system)

b) The log-on Password must be 8 characters long.

c) The Payments Password (Digital Certificate Password) must be between 8-15 characters and must be made up of alpha and numeric.

d) New Passwords must be different from the last six Passwords used.

e) Blank spaces must not be used in Passwords.

f) Authorised Users must keep passwords secret at all times.

g) Unauthorised personnel should not be able to gain access to a Password.

h) Whenever an Authorised User suspects his/her Password has been compromised, it should be changed immediately.

i) Obvious Passwords, such as those using any identifiable sequences such as names or dates of birth, should never be used. They should be easy for the Authorised User to remember, but difficult for anyone else to guess, eavesdrop or discover quickly by trial and error.

j) Passwords should never be written down unless they are stored in a secure place (such as in a signed and sealed envelope in an office safe).

k) If an Authorised User forgets his/her Password he or she should ask the Administrator for a new one

l) If the Administrator's Password is lost or forgotten it may take at least three working days to receive a new one from the Bank.

There are a number of procedures that Customers can put in place to reduce the risk of exposure to fraud:

1. Seniority:
The Customer Administrator should be either a senior manager or report directly to one. The Administrator is in charge of BOL on the Customer's site and is solely responsible for granting or denying access to it by authorised personnel and the ability of Authorised Users to initiate or authorise payments. When a Customer Administrator sets up and assigns a role to an Authorised User, the Bank will accept transactions from that Authorised User in good faith and act on them accordingly. As a result, Customers are liable for transactions carried out using their Password.

To limit exposire to fraud the Customer should:

a) Split the power to initiate a transaction from the power to authorise it, so that no one can do both.

b) Set authorisation thresholds to limit exposure. Only employees who have full security clearance to all company financial information should be allowed to authorise payments.

2. Control Access:
Physical, logical and network access should be stringently controlled on all PCs used for BOL.

Physical access should be restricted to only those persons who need it (e.g. whenever the room in which the P.C. is located is unoccupied the door should be locked).

Logical access should be controlled by use of a 'power-on password'. (Consult the PC operating manual for details). It is better to use a secure operating system that incorporates strong logical access control, such as Windows NT configured for security. (It is important to note that if NT is configured with default settings it may not provide sufficient security.) This should be confirmed with your technology supplier.

Network access controls should be in place to ensure network integrity before connecting to BOL Such controls should cover, for example, network administration, audit trail review and change management procedures.

None of these controls individually will provide comprehensive security, but working together they can help to create a secure electronic banking environment.

3. Knowledge of Procedures:
Make sure that staff are made aware of the procedures which need to be followed for accessing BOL Customers should make sure that all staff using BOL understand that the procedures are issued for their own protection, as well as for the protection of the Customer. Customers should also ensure, for their own protection that the procedures in this handbook are strictly adhered to, as any deviation (e.g. sharing of passwords) could expose the Customer to internal fraud.

4. Report Deviations from the Norm:
There should be a logical explanation for everything that occurs on BOL and any deviation or unexplained event should be reported immediately to senior management.

5. Updating Procedures:
Ensure that there is a procedure for setting up and removing access to BOL From time to time people move jobs and their responsibilities change. All information should be current.

6. Daily Control Limit:
A daily control limit, limits the overall value of payments (excluding EFT or BACS payments) that can be authorised on a Business On Line profile. BOL Profiles originally set up on service level 1 will have a daily control limit automatically applied at the point of set up. There is no daily control limit in place for level 2 or 3. Daily control limits are altered as a result of a profile changing from one service level to another. A daily control limit can be added to an existing profile or amended from an existing daily control limit through a written request from the nominated administrator(s) and requires sign-off from an authorised signature in the branch.

Section 5. HINTS AND TIPS

The Do's:

a) Do remember to use the support facilities if in any doubt.

b) Do use BOL facilities as extensively as possible for maximum benefit.

c) Do call the BOL Support Team with any feedback regarding BOL. Customer contact details are available on the customer website or E-mail: business.online@boimail.com

d) Do exit BOL before visiting other sites on the Internet.

The Don'ts:

a) Don't allow unauthorised personnel access to BOL under your Password.

b) Don't use obvious Passwords.

c) Don't forget the deadlines for sending payments as outlined in the Domestic and Cross-Border Payment Deadlines section of the Handbook.

d) Don't forget to review the Audit Log regularly to monitor activity on BOL.

e) Do not leave your PC unattended if you are logged into BOL.

From time to time the Bank will need to carry out essential maintenance to BOL Other than in exceptional cases, this will be restricted to the hours of 19:00 hrs to 07:00hrs.

Section 6. DOMESTIC AND INTERNATIONAL PAYMENT DEADLINES

When Customers are making domestic or cross border payments there are certain deadlines that must be met in order to ensure that the payment is made on time. Please refer to the customer website for details of cut-off times.

These cut-off times are valid as at 01/10/2009. The Bank may change them. If a change occurs all customers will be notified.