R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

March 17, 2002

FYI PRIVACY - FTC Cracks Down on Digital Detectives - Three firms fined for illegally gathering private information online.  "In a matter or hours, they had the bank account balance." http://www.pcworld.com/news/article/0,aid,88344,tk,dn031102X,00.asp    

FYI PRIVACY -
Study of Information Sharing Practices Among Financial Institutions and Their Affiliates - The Secretary of the Treasury, in conjunction with the federal functional regulatory agencies and the Federal Trade Commission is conducting a study of information sharing by financial institutions.
Press Release: www.occ.treas.gov/ftp/bulletin/2002-11.txt
Attachment: www.occ.treas.gov/ftp/bulletin/2002-11a.pdf 

FYI
 - U.S. Secret Service agents and Jacksonville County Sheriff's officers arrested a 30-year-old Florida man who authorities allege was trying to sell 60,000 names and personal information of The Prudential Insurance Company of America employees.  http://www.computerworld.com/storyba/0,4125,NAV47_STO68850,00.html 

FYI  - In recent weeks, scam artists pretending to represent reputable companies such as Bank of America and eBay have been e-mailing Internet users in an attempt to steal their account information. Although not a new scam, the e-mails are part of a growing trend of identity theft online.  http://news.com.com/2100-1017-857177.html?tag=cd_mh 

FYI - Rep. Tom Davis (R-Va.) has introduced legislation to set mandatory computer security standards for federal agencies.  http://www.gcn.com/vol1_no1/daily-updates/18120-1.html 

FYI - Federal regulators have boosted PayPal's contention that it is not a bank and shouldn't be regulated as one, the online payments company said on Tuesday. 
http://news.com.com/2100-1017-858264.html?legacy=cnet&tag=pt.msn.cdf.hl.ne_9067037 

FYI - Information Sharing Pursuant to Section 314(b) of the USA Patriot Act - This SR letter describes a new, immediately effective regulation concerning the sharing of information about terrorist financing and money laundering among financial institutions that was issued by the U.S. Department of the Treasury, through its Financial Crimes Enforcement Network (FinCEN).  The FinCEN rule was issued pursuant to section 314(b) of the USA Patriot Act on March 4, 2001.
www.federalreserve.gov/boarddocs/srletters/2002/sr0206.htm

INTERNET COMPLIANCE - Advertisement Of Membership

The FDIC and NCUA consider every insured depository institution's online system top-level page, or "home page", to be an advertisement. Therefore, according to these agencies' interpretation of their rules, financial institutions subject to the regulations should display the official advertising statement on their home pages unless subject to one of the exceptions described under the regulations. Furthermore, each subsidiary page of an online system that contains an advertisement should display the official advertising statement unless subject to one of the exceptions described under the regulations. Additional information about the FDIC's interpretation can be found in the Federal Register, Volume 62, Page 6145, dated February 11, 1997.

INTERNET SECURITY
- We continue covering some of the issues discussed in the "Risk Management Principles for Electronic Banking" published by the Basel Committee on Bank Supervision in May 2001.

Sound
Authorization Practices for E-Banking Applications

1. Specific authorization and access privileges should be assigned to all individuals, agents or systems, which conduct e-banking activities.

2. All e-banking systems should be constructed to ensure that they interact with a valid authorization database.

3. No individual agent or system should have the authority to change his or her own authority or access privileges in an e-banking authorization database.

4. Any addition of an individual, agent or system or changes to access privileges in an e-banking authorization database should be duly authorized by an authenticated source empowered with the adequate authority and subject to suitable and timely oversight and audit trails.

5. Appropriate measures should be in place in order to make e-banking authorization databases reasonably resistant to tampering. Any such tampering should be detectable through ongoing monitoring processes. Sufficient audit trails should exist to document any such tampering.

6. Any e-banking authorization database that has been tampered with should not be used until replaced with a validated database.


7. Controls should be in place to prevent changes to authorization levels during e-banking transaction sessions and any attempts to alter authorization should be logged and brought to the attention of management.


PRIVACY EXAMINATION QUESTION
- We continue our series listing the regulatory-privacy examination questions.  When you answer the question each week, you will help ensure compliance with the privacy regulations.

Initial Privacy Notice

5)  When the subsequent delivery of a privacy notice is permitted, does the institution provide notice after establishing a customer relationship within a reasonable time? [4(e)]

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated