R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

July 14, 2002

FYI  - Web Server vulnerability reaches all time high  http://www.theregister.co.uk/content/55/26049.html 

FYI - Legislation to create a Homeland Security Department, a top congressional priority, has begun to attract previously introduced cybersecurity and other technology-related bills as riders.  http://www.govexec.com/dailyfed/0702/070302td1.htm 

FYI - Power and energy companies have become targets for computer hackers who have managed to penetrate energy control networks as well as administrative systems, according to a newspaper report.  http://www.cbsnews.com/stories/2002/07/08/tech/main514426.shtml 

FYI - Specially Designated Nationals and Blocked Persons - On June 27, 2002, the Department of the Treasury's Office of Foreign Assets Control amended its list of Specially Designated Nationals and Blocked Persons by adding two names. It also redesignated one entry, with new information added, on its list of Specially Designated Global Terrorists. www.fdic.gov/news/news/financial/2002/fil0276.html

FYI - IT experts explain how a hacker could have broken into account-holders' PCs to get their user IDs to transfer funds in recent DBS case.  http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=8448 

FYI - Internet misuse leads to layoffs http://news.com.com/2110-1023-942502.html?tag=cdshrt 

FYI - The Sept. 11 hijackers were able to open 35 American bank accounts without having legitimate Social Security numbers and opened some of the accounts with fabricated Social Security numbers that were never checked or questioned by bank officials, a senior F.B.I. official said.  http://www.nytimes.com/2002/07/10/national/10TERR.html 


INTERNET COMPLIANCE
Expedited Funds Availability Act (Regulation CC)

Generally, the rules pertaining to the duty of an institution to make deposited funds available for withdrawal apply in the electronic financial services environment. This includes rules on fund availability schedules, disclosure of policy, and payment of interest. Recently, the FRB published a commentary that clarifies requirements for providing certain written notices or disclosures to customers via electronic means. Specifically, the commentary to the regulations states that a financial institution satisfies the written exception hold notice requirement, and the commentary to the regulations states that a financial institution satisfies the general disclosure requirement by sending an electronic version that displays the text and is in a form that the customer may keep. However, the customer must agree to such means of delivery of notices and disclosures. Information is considered to be in a form that the customer may keep if, for example, it can be downloaded or printed by the customer. To reduce compliance risk, financial institutions should test their programs' ability to provide disclosures in a form that can be downloaded or printed.

INTERNET SECURITY
- We continue the series  from the FDIC "Security Risks Associated with the Internet."  While this Financial Institution Letter was published in December 1997, the issues still are relevant.

Product Certification and Security Scanning Products

Several organizations exist which independently assess and certify the adequacy of firewalls and other computer system related products. Typically, certified products have been tested for their ability to permit and sustain business functions while protecting against both common and evolving attacks.

Security scanning tools should be run frequently by system administrators to identify any new vulnerabilities or changes in the system. Ideally, the scan should be run both with and without the firewall in place so the firewall's protective capabilities can be fully evaluated. Identifying the susceptibility of the system without the firewall is useful for determining contingency procedures should the firewall ever go down. Some scanning tools have different versions with varying degrees of intrusion/attack attempts.  

PRIVACY EXAMINATION QUESTION
- We continue our series listing the regulatory-privacy examination questions.  When you answer the question each week, you will help ensure compliance with the privacy regulations.

21. Does the institution provide the consumer with the following information about the right to opt out:

a. all the categories of nonpublic personal information that the institution discloses or reserves the right to disclose; [7(a)(2)(i)(A)]

b. all the categories of nonaffiliated third parties to whom the information is disclosed; [7(a)(2)(i)(A)];

c. that the consumer has the right to opt out of the disclosure of that information; [7(a)(2)(i)(A)] and

d. the financial products or services that the consumer obtains to which the opt out direction would apply? [7(a)(2)(i)(B)]

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated