R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

October 27, 2002

FYI - Over the last eight months major new hacker tools have been released or revealed, ending a lull in activity among hackers that followed the September 11 terrorist attacks and the enactment of legislation that enhanced law enforcement's ability to prosecute people who break code and wreak havoc on networks by exploiting software vulnerabilities, hacking consultant Ed Skoudis said Thursday.  http://www.pcworld.com/news/article/0,aid,106352,tk,dn102502X,00.asp 

FYI - Is Microsoft Licensing Forcing Banks to Break the Privacy Laws?   http://boston.internet.com/news/article.php/1485861 

FYI - The Treasury Department is advising all financial institutions that they will not be required to comply with section 326 of the USA PATRIOT ACT or the proposed rules issued by Treasury and the federal functional regulators on July 23 until final implementing regulations are issued and become effective.  http://www.ustreas.gov/press/releases/po3530.htm 

FYI - Microsoft is investigating a security breach on a server that hosts its Windows beta community, which allows more than 20,000 Windows users a chance to test software that is still in development.  http://news.com.com/2100-1001-962333.html 
 
FYI - The heart of the Internet sustained its largest and most sophisticated attack ever, starting late Monday, according to officials at key online backbone organizations.   http://www.washingtonpost.com/wp-dyn/articles/A828-2002Oct22.html 

FYI
- In the first case of its kind, U.S. District Judge Patricia Seitz said the Americans with Disabilities Act (ADA) applies only to physical spaces such as restaurants and movie theaters and not to the Internet.  http://news.com.com/2100-1023-962761.html?tag=fd_top_1 

INTERNET COMPLIANCEThe Role Of Consumer Compliance In Developing And Implementing Electronic Services from FDIC:

When violations of the consumer protection laws regarding a financial institution's electronic services have been cited, generally the compliance officer has not been involved in the development and implementation of the electronic services.  Therefore, it is suggested that management and system designers consult with the compliance officer during the development and implementation stages in order to minimize compliance risk.  The compliance officer should ensure that the proper controls are incorporated into the system so that all relevant compliance issues are fully addressed.  This level of involvement will help decrease an institution's compliance risk and may prevent the need to delay deployment or redesign programs that do not meet regulatory requirements.

The compliance officer should develop a compliance risk profile as a component of the institution's online banking business and/or technology plan.  This profile will establish a framework from which the compliance officer and technology staff can discuss specific technical elements that should be incorporated into the system to ensure that the online system meets regulatory requirements.  For example, the compliance officer may communicate with the technology staff about whether compliance disclosures/notices on a web site should be indicated or delivered by the use of "pointers" or "hotlinks" to ensure that required disclosures are presented to the consumer.  The compliance officer can also be an ongoing resource to test the system for regulatory compliance.


INTERNET SECURITY
Over the next few weeks we will cover the FDIC's paper "Risk Assessment Tools and Practices or Information System Security" dated July 7, 1999. This is our first selection for your reading.

Whether financial institutions contract with third-party providers for computer services such as Internet banking, or maintain computer services in-house, bank management is responsible for ensuring that systems and data are protected against risks associated with emerging technologies and computer networks. If a bank is relying on a third-party provider, management must generally understand the provider's information security program to effectively evaluate the security system's ability to protect bank and customer data.

The FDIC has previously issued guidance on information security concerns such as data privacy and confidentiality, data integrity, authentication, non-repudiation, and access control/system design. This paper is designed to supplement Financial Institution Letter 131-97, "Security Risks Associated With the Internet," dated December 18, 1997, and to complement the FDIC's safety and soundness electronic banking examination procedures. Related guidance can be found in the FFIEC Information Systems Examination Handbook.

PRIVACY EXAMINATION QUESTION
- We continue our series listing the regulatory-privacy examination questions.  When you answer the question each week, you will help ensure compliance with the privacy regulations.

39.  Does the institution use an appropriate means to ensure that notices may be retained or obtained later, such as:

a. hand-delivery of a printed copy of the notice; [9(e)(2)(i)]

b. mailing a printed copy to the last known address of the customer; [9(e)(2)(ii)] or

c. making the current privacy notice available on the institution's web site (or via a link to the notice at another site) for the customer who agrees to receive the notice at the web site? [9(e)(2)(iii)]

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated