R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

June 9, 2002

FYI - FRB Commercial Bank Examination Manual - Presents examination objectives and procedures that Federal Reserve System examiners follow in evaluating the safety and soundness of state member banks.  Section 4000 "Other Examination Areas" covers Information Technology and Electronic Banking. www.federalreserve.gov/boarddocs/supmanual/default.htm#cbem

FYI  - The director of the FBI announced Wednesday that a major reorganization of the agency would include a new focus on cybercrime and technologyhttp://zdnet.com.com/2100-1105-927933.html 

FYI
- Guidance for Financial Institutions in Detecting Terrorist Financing - The Financial Action Task Force on Money Laundering issued the attached guidance on April 24, 2002, to assist financial institutions in detecting terrorist financing. The guidance will help ensure that financial institutions do not unwittingly hide or move terrorist funds. www.fdic.gov/news/news/financial/2002/fil0259.html 

FYI - U.S. Department of Treasury FinCEN Advisories 28 through 32 - This advisory letter revises the list of countries detailed in OCC Advisory Letter (AL) 2002-2, "U.S. Department of Treasury FinCEN advisories 11A and 21A," dated February 27, 2002 (see also AL 2001-7 and AL 2000-8).
www.occ.treas.gov/ftp/advisory/2002-5.txt

INTERNET COMPLIANCE
"Member FDIC" Logo - When is it required?

The FDIC believes that every bank's home page is to some extent an advertisement. Accordingly, bank web site home pages should contain the official advertising statement unless the advertisement is subject to exceptions such as advertisements for loans, securities, trust services and/or radio or television advertisements that do not exceed thirty seconds. 

Whether subsidiary web pages require the official advertising statement will depend upon the content of the particular page.  Subsidiary web pages that advertise deposits must contain the official advertising statement.  Conversely, subsidiary web pages that relate to loans do not require the official advertising statement. 

INTERNET SECURITY - We continue the series  from the FDIC "Security Risks Associated with the Internet."  While this Financial Institution Letter was published in December 1997, the issues still are relevant.

SECURITY MEASURES


Digital Signatures 


Digital signatures authenticate the identity of a sender, through the private, cryptographic key.  In addition, every digital signature is different because it is derived from the content of the message itself. T he combination of identity authentication and singularly unique signatures results in a transmission that cannot be repudiated. 


Digital signatures can be applied to any data transmission, including e-mail.  To generate a digital signature, the original, unencrypted message is run through a mathematical algorithm that generates what is known as a message digest (a unique, character representation of the data).  This process is known as the "hash."  The message digest is then encrypted with a private key, and sent along with the message.  The recipient receives both the message and the encrypted message digest.  The recipient decrypts the message digest, and then runs the message through the hash function again.  If the resulting message digest matches the one sent with the message, the message has not been altered and data integrity is verified.  Because the message digest was encrypted with a private key, the sender can be identified and bound to the specific message.  The digital signature cannot be reused, because it is unique to the message.  In the above example, data privacy and confidentiality could also be achieved by encrypting the message itself. The strength and security of a digital signature system is determined by its implementation, and the management of the cryptographic keys.


PRIVACY EXAMINATION QUESTION
- We continue our series listing the regulatory-privacy examination questions.  When you answer the question each week, you will help ensure compliance with the privacy regulations.

Content of Privacy Notice

16. If the institution provides a short-form initial privacy notice according to 6(d)(1), does the short-form initial notice:

a. conform to the definition of "clear and conspicuous"; [6(d)(2)(i)]

b. state that the institution's full privacy notice is available upon request; [6(d)(2)(ii)] and

c. explain a reasonable means by which the consumer may obtain the notice?  [6(d)(2)(iii)]

(Note: the institution is not required to deliver the full privacy notice with the shortform initial notice. [6(d)(3)])

IN CLOSING
The Gramm-Leach-Bliley Act, best practices, and examiners recommend a security test of your Internet  connection.   The Vulnerability Internet Security Test Audit (VISTA) is an independent security test of {custom4}'s network connection to the Internet that meets the regulatory requirements.  We are NOT computer technicians who sell computer equipment but trained information systems auditors that work only for financial institutions.  As auditors, we provide an independent review of the vulnerability test results and an audit letter to your Board of Directors certifying the test results.  Before your next IT examination, visit http://www.internetbankingaudits.com/ for more information.

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated