R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

November 17, 2002

FYI  - The Bank of Butterfield is assuring its customers that their accounts are safe after the bank’s corporate website was hacked over the weekend.  http://www.bermudasun.bm/cgi-local/edpull.pl?cat=01News&ord=03&ed=2002-11-06 

FYI  - Computer Break-Ins: Your Right to Know - California law now demands that the public be informed when government or corporate databases are breached.  http://www.businessweek.com/technology/content/nov2002/tc20021111_2402.htm 

FYI - Last week we covered the "Electronic Delivery of Federally Mandated Disclosures" from the FFIEC Internet guidelines.  A reader reminded us that the Federal Reserve rescinded the mandatory compliance with the interim final rules for electronic disclosure on 8/3/01. http://www.federalreserve.gov/boarddocs/press/boardacts/2001/20010803/default.htm 

FYI - A last-minute addition to a proposal for a Department of Homeland Security would punish malicious computer hackers with life in prison.  http://news.com.com/2100-1001-965750.html?tag=cd_mh 

FYI - Canadian Imperial Bank of Commerce confirmed on Thursday it was closing its no-frills U.S. electronic banking operations that were dragging down profits.  http://biz.yahoo.com/rc/021114/financial_cibc_1.html 

Fair Housing Act

A financial institution that advertises on-line credit products that are subject to the Fair Housing Act must display the Equal Housing Lender logotype and legend or other permissible disclosure of its nondiscrimination policy if required by rules of the institution's regulator.

Home Mortgage Disclosure Act (Regulation C)

The regulations clarify that applications accepted through electronic media with a video component (the financial institution has the ability to see the applicant) must be treated as "in person" applications. Accordingly, information about these applicants' race or national origin and sex must be collected. An institution that accepts applications through electronic media without a video component, for example, the Internet or facsimile, may treat the applications as received by mail.

- We continue our review of the FDIC paper "Risk Assessment Tools and Practices or Information System Security."


A thorough and proactive risk assessment is the first step in establishing a sound security program. This is the ongoing process of evaluating threats and vulnerabilities, and establishing an appropriate risk management program to mitigate potential monetary losses and harm to an institution's reputation. Threats have the potential to harm an institution, while vulnerabilities are weaknesses that can be exploited.

The extent of the information security program should be commensurate with the degree of risk associated with the institution's systems, networks, and information assets. For example, compared to an information-only Web site, institutions offering transactional Internet banking activities are exposed to greater risks. Further, real-time funds transfers generally pose greater risks than delayed or batch-processed transactions because the items are processed immediately. The extent to which an institution contracts with third-party vendors will also affect the nature of the risk assessment program.

- We continue our series listing the regulatory-privacy examination questions.  When you answer the question each week, you will help ensure compliance with the privacy regulations.

42.  Does the institution provide the consumer with a reasonable opportunity to opt out such as by:

a.  mailing the notices required by §10 and allowing the consumer to respond by toll-free telephone number, return mail, or other reasonable means (see question 22) within 30 days from the date mailed; [§10(a)(3)(i)]

b.  where the consumer opens an on-line account with the institution and agrees to receive the notices required by §10 electronically, allowing the consumer to opt out by any reasonable means (see question 22) within 30 days from consumer acknowledgement of receipt of the notice in conjunction with opening the account; [§10(a)(3)(ii)] or

c.  for isolated transactions, providing the notices required by §10 at the time of the transaction and requesting that the consumer decide, as a necessary part of the transaction, whether to opt out before the completion of the transaction? [§10(a)(3)(iii)]

IN CLOSING - The Gramm-Leach-Bliley Act, best practices, and examiners recommend a penetration study of your Internet  connection.   The Vulnerability Internet Security Test Audit (VISTA) is an independent penetration study of {custom4}'s network connection to the Internet that meets the regulatory requirements.  As professional IT auditors, we provide an independent review of the vulnerability test results and an audit letter to your Board of Directors certifying the test results.  For answer to your questions about vulnerability testing go to https://internetbankingaudits.com/frequently_asked_questions.htm


PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119


Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, © Copyright Yennik, Incorporated