 "How IT Deals With Security Issues In Online Trading")
Until the mid-90s, almost all stock exchanges functioned as open outcry systems. Typically, orders were either received by the brokers directly or through their back office systems. The common practice was for brokers to use distinctive hand gestures and finger movements and call out the names of the stocks to indicate whether they wanted to sell it or buy it. Once the buying and selling brokers met, they would decide whether they could make a deal at the price offered. If the deal was accepted, it was entered into the exchange’s system.
Since then, exchanges have truly come a long way - from the open outcry system to today’s latest electronic trading systems that have ushered in new levels of transparency in price discovery and fair trading.
Though the trading systems can be called the heart of the exchange, delivery of the application was equally important. Brokers and members would require the same experience while accessing the trading systems, irrespective of their geographical location. VSATs (Very small aperture terminals) have played a key role in this dimension. Almost all exchanges in India, i.e. OTCEI, NSE and BSE have deployed this technology.
Whilst the stock exchanges were all digitized by the mid 90s, it was only in 2003, that the government of India mandated four entities to setup nation-wide commodities exchanges. MCX, one of the four entities was the first to start its operations in November 2003. Its technology partner, Financial Technologies (India) Ltd. (FTIL) delivered a Exchange Technology Framework to support the Exchange operations, in a time of nine months.
The delivery of this application was once again critical to the success of the exchange. Though VSATs, terrestrial circuits were offered as options to our members, the senior management realised that the Internet provided a cost-efficient medium of providing members timely access to the trading system.
The Internet however, comes with its own set of security issues. At MCX, a defense-in-depth approach was adopted. Controls were built in at the application to ensure proper identification, authentication, accounting and logging. At the network level, links were taken through various service providers and were terminated at different locations of the ISP. Firewalls were deployed at appropriate points and the networks were segregated to provide additional security to secure zones.
Technology however, cannot stop a brick from shattering glass. Social engineering attacks targeted at the common employee can leave many a secure system vulnerable. All employees are therefore continually briefed and reminded about security and the importance of their co-operation in keeping the exchanges systems secure.
Paras Ajmera is director, Exchange Technology