R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

September 29, 2002

FYI  - NCUA Letter to Credit Unions - Detection of Terrorist Financing - Credit unions must remain vigilant to ensure they do not unwittingly hide or move terrorist funds. The Financial Action Task Force on Money Laundering issued the enclosed guidance on April 24, 2002, to assist financial institutions in detecting terrorist financing.   www.ncua.gov/ref/letters/02-CU-14.html

FYI  - NCUA - Proposed Rule - Accuracy of Advertising and Notice of Insured Status includes proposed use of the NCUA insurance logo on the Internet.   www.ncua.gov/news/proposed_regs/12CFRPart740advertising-proposed.html

FYI - Wells Fargo has resolved its second network outage in four days, but one affected client is staying with another provider for now.  System problems at the banking giant prevented many consumers from logging into their online banking accounts on Monday. The problem forced bill payment service PayPal to switch from Wells Fargo to its backup payments provider.  http://news.com.com/2100-1017-959277.html?tag=cd_mh 

FYI -
Ann Marie Poet's new business partner called himself Dr. Mbuso Nelson, and said he was an official with the Ministry of Mining in South Africa.  Nelson popped into Poet's life out of nowhere one day, offering to pay $4.5 million to the 59-year-old secretary for her assistance in transferring $18 million from a bank in South Africa to the United States.  A manager at Bank One apparently approved all of the wire transfers even though Poet was not authorized to conduct such transfers.  http://www.wired.com/news/business/0%2C1367%2C55329%2C00.html 

FYI -
PayPal Gets Checked by Scams - Users of online payment service hit twice in as many weeks with e-mails requesting personal information.  http://www.pcworld.com/news/article/0,aid,105470,tk,dn092702X,00.asp 

FYI -
When computer engineer Stephen Carey bodged a firm's system upgrade, its bosses felt justified in refusing to pay his bill.  They did not realize, however, how much damage he could do with his inside knowledge of their operation.  http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=9061 

INTERNET COMPLIANCEElectronic Fund Transfer Act, Regulation E (Part 1 of 2)

Generally, when online banking systems include electronic fund transfers that debit or credit a consumer's account, the requirements of the Electronic Fund Transfer Act and Regulation E apply.  A transaction involving stored value products is covered by Regulation E when the transaction accesses a consumer's account (such as when value is "loaded" onto the card from the consumer's deposit account at an electronic terminal or personal computer).

Financial institutions must provide disclosures that are clear and readily understandable, in writing, and in a form the consumer may keep.  An Interim rule was issued on March 20, 1998 that allows depository institutions to satisfy the requirement to deliver by electronic communication any of these disclosures and other information required by the act and regulations, as long as the consumer agrees to such method of delivery.

Financial institutions must ensure that consumers who sign up for a new banking service are provided with disclosures for the new service if the service is subject to terms and conditions different from those described in the initial disclosures.  Although not specifically mentioned in the commentary, this applies to all new banking services including electronic financial services.

The Federal Reserve Board Official Staff Commentary (OSC) also clarifies that terminal receipts are unnecessary for transfers initiated online. Specifically, OSC regulations provides that, because the term "electronic terminal" excludes a telephone operated by a consumer, financial institutions need not provide a terminal receipt when a consumer initiates a transfer by a means analogous in function to a telephone, such as by a personal computer or a facsimile machine.


INTERNET SECURITY
We continue our review of the OCC Bulletin about Infrastructure Threats and Intrusion Risks. This week we review Suspicious Activity Reporting.

National banks are required to report intrusions and other computer crimes to the OCC and law enforcement by filing a Suspicious Activity Report (SAR) form and submitting it to the Financial Crimes Enforcement Network (FinCEN), in accordance with 12 USC 21.11. This reporting obligation exists regardless of whether the institution has reported the intrusion to the information-sharing organizations discussed below. For purposes of the regulation and the SAR form instructions, an "intrusion" is defined as gaining access to the computer system of a financial institution to remove, steal, procure or otherwise affect information or funds of the institution or customers. It also includes actions that damage, disable, or otherwise affect critical systems of the institution. For example, distributed denial of service attaches (DDoS) attacks should be reported on a SAR because they may temporarily disable critical systems of financial institutions. 

PRIVACY EXAMINATION QUESTION
- We continue our series listing the regulatory-privacy examination questions.  When you answer the question each week, you will help ensure compliance with the privacy regulations.

36. Does the institution use a reasonable means for delivering the notices, such as:

a. hand-delivery of a printed copy; [§9(b)(1)(i)]

b. mailing a printed copy to the last known address of the consumer; [§9(b)(1)(ii)]

c. for the consumer who conducts transactions electronically, clearly and conspicuously posting the notice on the institution’s electronic site and requiring the consumer to acknowledge receipt as a necessary step to obtaining a financial product or service; [§9(b)(1)(iii)] or 

d. for isolated transactions, such as ATM transactions, posting the notice on the screen and requiring the consumer to acknowledge receipt as a necessary step to obtaining the financial product or service? [§9(b)(1)(iv)]

(Note: insufficient or unreasonable means of delivery include: exclusively oral notice, in person or by telephone; branch or office signs or generally published advertisements; and electronic mail to a customer who does not obtain products or services electronically. [§9 (b)(2)(i) and (ii), and (d)])


IN CLOSING - The Internet Banking News will not be published next weekend October 6.  I am going on my annual horseback ride to the Carson National Forest in northern New Mexico for a few days of camping out at 10,000 feet.  The Internet Banking News will return the weekend of October 13.  You will find pictures of previous trips and Gray Ghost, my appaloosa, at http://www.yennik.com/pictures/index.htm.  I will post new pictures when I return.

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, © Copyright Yennik, Incorporated