R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

March 16, 2003

NEWS RELEASE - R. Kinney Williams has been recognized by Information Systems Audit and Control Association (ISACA) as a Certified Information Systems Manager (CISM).  Overall, the CISM designation denotes expertise in management of information security governance, risk management, program development, and incident response.  Our  information systems security experience assures you that our penetration-vulnerability study of  your Internet connection meets the highest standards and complies with the FFIEC independent penetration testing requirements outlined in the interagency  Information Security Booklet on page 80-81.  

FYI - A Sense of Insecurity - Hacking incidents and other computer-systems breaches are on the rise. But will they reach C-level?  http://www.cfo.com/printarticle/0,5317,8841,00.html 

FYI- GAO published Federal Reserve Banks: Areas for Improvement in Computer Controls.  http://www.gao.gov/new.items/d03525r.pdf 

FYI- Protecting Copyrights - Although it is no longer required, including a proper copyright notice provides several advantages for protecting a copyrighted work. For one, it prevents someone who infringes on a copyright from claiming innocence as a defense.  http://www.theiia.org/itaudit/index.cfm?fuseaction=forum&fid=5392 

FYI - When asked why he always went after banks, the famed Depression-era robber Willie Sutton once explained that he picked them because "that's where the money is."   Nowadays, with more banking transactions performed over electronic networks than teller windows, a federal agency believes the same logic might appeal to cyber terrorists.  http://www.wired.com/news/business/0,1367,57911,00.html 

FYI - Strategies & Issues: Justifying Security Spending - To get the dollars they need, security administrators have to start speaking the language of business.  http://www.networkmagazine.com/article/NMG20030305S0012 

FYI -
An online banking glitch gave a Princeton University student access to university accounts totaling $9.9 million when he tried to access a student publication's account.  http://www.cnn.com/2003/TECH/internet/03/06/offbeat.banking.error.ap/index.html 

FYI - Two men were arrested for allegedly hacking into bank accounts through the Internet and stealing $136,000, police said Thursday.  http://www.cnn.com/2003/TECH/internet/03/06/internet.theft.ap/index.html 

FYI - On February 28, 2003, the Department of the Treasury's Office of Foreign Assets Control amended its list of Specially Designated Nationals and Blocked Persons by adding three entities to its list of Specially Designated Global Terrorists  A detailed list of additional SDGTs is attached. www.fdic.gov/news/news/financial/2003/fil0319.html 

INTERNET COMPLIANCE - Reserve Requirements of Depository Institutions (Regulation D)

Pursuant to the withdrawal and transfer restrictions imposed on savings deposits, electronic transfers, electronic withdrawals (paid electronically) or payments to third parties initiated by a depositor from a personal computer are included as a type of transfer subject to the six transaction limit imposed on passbook savings and MMDA accounts.

Institutions also should note that, to the extent stored value or other electronic money represents a demand deposit or transaction account, the provisions of Regulation D would apply to such obligations. 

Consumer Leasing Act (Regulation M)


The regulation provides examples of advertisements that clarify the definition of an advertisement under Regulation M. The term advertisement includes messages inviting, offering, or otherwise generally announcing to prospective customers the availability of consumer leases, whether in visual, oral, print, or electronic media. Included in the examples are on-line messages, such as those on the Internet. Therefore, such messages are subject to the general advertising requirements.

INTERNET SECURITY
- This concludes our coverage of  the FDIC's "
Guidance on Managing Risks Associated With Wireless Networks and Wireless Customer Access."

Part III. Risks Associated with Both Internal Wireless Networks and Wireless Internet Devices

Evolution and Obsolescence

As the wireless technologies available today evolve, financial institutions and their customers face the risk of current investments becoming obsolete in a relatively short time. As demonstrated by the weaknesses in WEP and earlier versions of WAP and the changes in standards for wireless technologies, wireless networking as a technology may change significantly before it is considered mature. Financial institutions that invest heavily in components that may become obsolete quickly may feel the cost of adopting an immature technology.

Controlling the Impact of Obsolescence

Wireless internal networks are subject to the same types of evolution that encompass the computing environment in general. Key questions to ask a vendor before purchasing a wireless internal network solution include:

1)  What is the upgrade path to the next class of network?
2)  Do the devices support firmware (Flash) upgrades for security patches and upgrades?
3)  How does the vendor distribute security information and patches?

The financial institution should also consider the evolving standards of the wireless community. Before entering into an expensive implementation, the institution should research when the next major advances in wireless are likely to be released. Bank management can then make an informed decision on whether the implementation should be based on currently available technology or a future implementation based on newer technology.

The potential obsolescence of wireless customer access can be controlled in other ways. As the financial institution designs applications that are to be delivered through wireless devices, they should design the application so that the business logic is not tied to a particular wireless technology. This can be accomplished by placing the majority of the business logic on back-end or mid-tier servers that are independent of the wireless application server. The wireless application server then becomes a connection point between the customer and the transactions performed. As the institution decides to upgrade or replace the application server, the business logic can remain relatively undisturbed.

PRIVACY
- We continue our coverage of the various issues in the "Privacy of Consumer Financial Information" published by the financial regulatory agencies.

Financial Institution Duties ( Part 2 of 6)

Notice Duties to Customers:

In addition to the duties described above, there are several duties unique to customers. In particular, regardless of whether the institution discloses or intends to disclose nonpublic personal information, a financial institution must provide notice to its customers of its privacy policies and practices at various times.

1)  A financial institution must provide an initial notice of its privacy policies and practices to each customer, not later than the time a customer relationship is established. Section 4(e) of the regulations describes the exceptional cases in which delivery of the notice is allowed subsequent to the establishment of the customer relationship.

2)  A financial institution must provide an annual notice at least once in any period of 12 consecutive months during the continuation of the customer relationship.

3)  Generally, new privacy notices are not required for each new product or service. However, a financial institution must provide a new notice to an existing customer when the customer obtains a new financial product or service from the institution, if the initial or annual notice most recently provided to the customer was not accurate with respect to the new financial product or service.

4)  When a financial institution does not disclose nonpublic personal information (other than as permitted under section 14 and section 15 exceptions) and does not reserve the right to do so, the institution has the option of providing a simplified notice.

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, © Copyright Yennik, Incorporated