|
April 21, 2002
FYI
- A large commercial bank in Florida said Wednesday that "an
Internet hacker" penetrated the security of its systems earlier
this month and made off with a file containing 3,600 online-banking
customer names and addresses. http://www.newsbytes.com/news/02/175977.html
FYI - Most people are still putting pen to paper these
days, despite a law signed by former President Clinton nearly two
years ago that made electronic signatures the legal equivalent of
traditional signatures. http://news.com.com/2100-1017-884544.html
INTERNET COMPLIANCE - Flood
Disaster Protection Act
The regulation implementing the National Flood Insurance Program
requires a financial institution to notify a prospective borrower
and the servicer that the structure securing the loan is located or
to be located in a special flood hazard area. The regulation also
requires a notice of the servicer's identity be delivered to the
insurance provider. While the regulation addresses electronic
delivery to the servicer and to the insurance provider, it does not
address electronic delivery of the notice to the borrower.
INTERNET SECURITY - We
continue the series from
the FDIC "Security Risks Associated with the Internet."
While this Financial Institution Letter was published in
December 1997, the issues still are relevant.
Data Integrity
Potentially, the open architecture of the Internet can allow those
with specific knowledge and tools to alter or modify data during a
transmission. Data integrity could also be compromised within the
data storage system itself, both intentionally and unintentionally,
if proper access controls are not maintained. Steps must be taken to
ensure that all data is maintained in its original or intended form.
Authentication
Essential in electronic commerce is the need to verify that a
particular communication, transaction, or access request is
legitimate. To illustrate, computer systems on the Internet are
identified by an Internet protocol (IP) address, much like a
telephone is identified by a phone number. Through a variety of
techniques, generally known as "IP spoofing" (i.e.,
impersonating), one computer can actually claim to be another.
Likewise, user identity can be misrepresented as well. In fact, it
is relatively simple to send email which appears to have come from
someone else, or even send it anonymously. Therefore, authentication
controls are necessary to establish the identities of all parties to
a communication.
PRIVACY EXAMINATION QUESTION - We continue our series
listing the regulatory-privacy examination questions. When you
answer the question each week, you will help ensure compliance with
the privacy regulations.
Content of Privacy Notice
9) Does the institution list the following categories of
nonpublic personal information that it collects, as applicable:
a) information from the consumer; [§6(c)(1)(i)]
b) information about the consumer's transactions with the
institution or its affiliates; [§6(c)(1)(ii)]
c) information about the consumer's transactions with
nonaffiliated third parties; [§6(c)(1)(iii)] and
d) information from a consumer reporting agency? [§6(c)(1)(iv)] |
