R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

April 21, 2002

FYI - A large commercial bank in Florida said Wednesday that "an Internet hacker" penetrated the security of its systems earlier this month and made off with a file containing 3,600 online-banking customer names and addresses.  http://www.newsbytes.com/news/02/175977.html 

FYI
- Most people are still putting pen to paper these days, despite a law signed by former President Clinton nearly two years ago that made electronic signatures the legal equivalent of traditional signatures.  http://news.com.com/2100-1017-884544.html 

INTERNET COMPLIANCEFlood Disaster Protection Act

The regulation implementing the National Flood Insurance Program requires a financial institution to notify a prospective borrower and the servicer that the structure securing the loan is located or to be located in a special flood hazard area. The regulation also requires a notice of the servicer's identity be delivered to the insurance provider. While the regulation addresses electronic delivery to the servicer and to the insurance provider, it does not address electronic delivery of the notice to the borrower.


INTERNET SECURITY
- We continue the series  from the FDIC "Security Risks Associated with the Internet."  While this Financial Institution Letter was published in December 1997, the issues still are relevant.


Data Integrity 


Potentially, the open architecture of the Internet can allow those with specific knowledge and tools to alter or modify data during a transmission. Data integrity could also be compromised within the data storage system itself, both intentionally and unintentionally, if proper access controls are not maintained. Steps must be taken to ensure that all data is maintained in its original or intended form.  


Authentication 


Essential in electronic commerce is the need to verify that a particular communication, transaction, or access request is legitimate. To illustrate, computer systems on the Internet are identified by an Internet protocol (IP) address, much like a telephone is identified by a phone number. Through a variety of techniques, generally known as "IP spoofing" (i.e., impersonating), one computer can actually claim to be another. Likewise, user identity can be misrepresented as well. In fact, it is relatively simple to send email which appears to have come from someone else, or even send it anonymously. Therefore, authentication controls are necessary to establish the identities of all parties to a communication.


PRIVACY EXAMINATION QUESTION
- We continue our series listing the regulatory-privacy examination questions.  When you answer the question each week, you will help ensure compliance with the privacy regulations.

Content of Privacy Notice

9)  Does the institution list the following categories of nonpublic personal information that it collects, as applicable:

a)  information from the consumer; [6(c)(1)(i)]

b)  information about the consumer's transactions with the institution or its affiliates; [6(c)(1)(ii)]

c)  information about the consumer's transactions with nonaffiliated third parties; [6(c)(1)(iii)] and

d)  information from a consumer reporting agency? [6(c)(1)(iv)]

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated