Several financial applications can generate batch payment files, which can be used in electronic banking applications. In the Netherlands these files are in the ClieOp3 format and contains the approved payments from the company account to other accounts. The ClieOp3 file will be saved in a folder (which can be a network share). The clieOp3 file will be uploaded to the electronic banking application. Before the bank processes the payment, the bank needs to verifications from the company. These users check the hash totals and the total amount to make sure that the payments and bank account numbers are correct. The ClieOp3 file can contain several batches and for each batch a batch trailer record is calculated and included. This batch trailer record contains the total amount, the total of the account numbers and the number of items.
So for example if we want to make 10 payments from account number 101.066.848 to the following bank account numbers: 265.491.118 343.679.906 509.446.671 243.459.238 602.496.071 569.997.518 521.735.416 543.282.252 465.826.105 345.678.699 The sum of the bank account numbers would be 5.199.539.564 (all the numbers above plus ten times the from account number).
The ClieOp3 format is complemented with an electronic order letter. This letter accompanies a batch and is send to the bank separately. The electronic order letter also contains some batch totals including the total account numbers and the number of items. These totals are used by the bank to check if the batches are received correctly. However, only the rightmost 10 digits of the total account numbers are used in the electronic order letter. In this example the total would be 5.421.761.474. So when I would like to change the last account number in the ClieOp3 file from 345.678.699 to 123.456.789, I have to make sure that the sum in the batch trailer record is updated and that the rightmost 10 digits of the sum correspond with the previous sum. This means that I will have to change the first account number from 265.491.118 to 487.713.028.
Unfortunately, there is another check in the Netherlands, which is called the elfproef (which is comparable with the ISBN-10 check. Basically multiplying each digit by its position in the number (counting from the right) and taking the sum of these products modulo 11 is 0.So the bank account needs to be changed to meet the elfproef. Changing the second to last bank account number from 345.678.699 to 123.456.789 leaves the control total in the electronic order letter unimpaired.
So the ClieOp3 file contains the following account numbers: 487.713.028 343.679.906 509.446.671 243.459.238 602.496.071 569.997.518 521.735.416 543.282.252 465.826.105 123.456.789 The sum of the bank account numbers in the ClieOp3 files is still 5.421.761.474.This means that anyone with access to the ClieOp3 file can change the account numbers in such a way that when the ClieOp3 file is checked against the hash, the file will turn out correct. So the people that verify the bank payments should check every single bank account instead of only the hash totals.
It should be noted that only the person that needs to generate the ClieOp3 file needs write access to the folder where the file is saved. The person that uploads the file to the banking application only needs read access.The person that saves the file is also the person that can change the CieOp3 file. So even if the rights on the folder are restricted, it will be necessary to verify the bank account numbers in the electronic banking application.
View the original article here
This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.
Hiç yorum yok:
Yorum Gönder