Financial institutions such as banks hugely depend on Information Technology (IT) system for implementing various tasks in relation to fulfillment of the needs of the banks as-well-as the customers of the banks. The tasks may include processing service requests such as a business transaction, money transfer, ATM transaction, credit card transaction, and the like. In order to process the service requests, the banks may access customer's confidential information. However, since the confidential information is considered to be private, the confidential information should not be misused by any person other than the intended customer in the bank. Therefore, only authorized personnel providing assisted services to the bank customers may be enabled to view, amend or handle the confidential information in order to process the service requests at the time when the customer is being attended to and the customer has provided active consent and authorization to the bank personnel who is providing the assisted service Thus, security systems employed in the IT system prevents misuse of the confidential information and facilitates the safe transactions. Further, the multi-party and multi-level security systems prevent any unwarranted activity that could cause loss to the banks and the customers thereof.
In order to facilitate secure transactions, most of the security systems generally enable authorized personnel of the banks to access the customer's confidential information including personal information, customer's bank account details, customer profile and the like while processing the service requests. However, in such scenarios, it is observed that while the service requests of the customer is being processed by the authorized personnel, the customer, standing on other side of the service counter in the bank, is unable to view, access, monitor or control the activities performed by the authorized personnel. Further, it should be noted that the personal information being made fully disclosed to the authorized personnel may turn disastrous to the customer, in the event of misuse. Compromising the personal information such as bank account number, PIN, password, access to the customer profile and the like may cause loss to the customer as well as the bank itself. Further, the customer has no information on the activities of the authorized personnel on a customer account after rendering services to the customer. This may lead to situations wherein the authorized personnel may take advantage of the confidential information and perform unauthorized transactions on a customer's account utilizing the window of opportunity within the session expiry of the authenticated session after the customer's assisted service has been performed. This could go undetected even while audit actions are performed. Further, the customer is unaware about whether or not the session initiated has been destroyed after resolution of the service request. There is a need to provide strong controls to the system wherein customer has complete control over what services an authorized bank personnel has access to. The system could be implemented with security controls that prevent and detect employee embezzlement, while allowing active control by the customer while requesting for assisted services. Having multiple parties and multiple levels of authorizations to complete a transaction involving confidential information minimizes security breaches.