|
|
Internet Banking News |
|
April 15, 2001 FYI - Our Contact Numbers Please check to make sure you have our current information for your records: Yennik, Inc. INTERNET COMPLIANCE - Fair Housing Act A financial institution that advertises on-line credit products that are subject to the Fair Housing Act must display the Equal Housing Lender logotype and legend or other permissible disclosure of its nondiscrimination policy if required by rules of the institution's regulator. Home Mortgage Disclosure Act (Regulation C) The regulations clarify that applications accepted through electronic media with a video component (the financial institution has the ability to see the applicant) must be treated as "in person" applications. Accordingly, information about these applicants' race or national origin and sex must be collected. An institution that accepts applications through electronic media without a video component, for example, the Internet or facsimile, may treat the applications as received by mail. ACH - Automated Clearing House risks As with other electronic payment mechanisms, there are inherent risks in using the Automated Clearing House, most notably strategic, reputation, transaction, credit, and compliance risk. Federal banking agencies have encouraged sound ACH risk management practices for a number of years. The risks are particularly acute concerning ACH entries initiated through the Internet in light of the anonymity of that medium and the volume and velocity of transactions that can be originated. The recently approved amendment to NACHA's operating rules with respect to Internet-initiated payments presents management and boards of directors with new challenges, such as to ensure that originators are in compliance with the requirements on a continuing basis. One of the most important changes introduced by the amendment is the need to conduct an annual audit to ensure that the financial information obtained from receivers is protected by security practices and procedures that include, at a minimum, adequate levels of (1) physical security to protect against theft, tampering, or damage; (2) personnel and access controls to protect against unauthorized access and use; and (3) network security to ensure capture, storage, and distribution of financial information. The first audit must be completed by December 31, 2001. http://www.occ.treas.gov/ftp/advisory/2001-3.txt INTERNET SECURITY - The regulatory agencies are concerned about financial institutions protecting their Internet domain names. The following is the first of a two-part Financial Institution Letter from the FDIC: As the number of banks with Web sites continues to grow steadily, the number of incidents involving disputes, confusion and fraud related to their Internet domain names also has increased. To protect their online identities, banks can employ internal controls that ensure timely registration and renewal of relevant domain names, periodically review the status of similar domain names, and be familiar with the formal and informal dispute resolution processes. This bulletin alerts senior bank management to potential domain name-related problems, and highlights actions that may help to avoid or resolve such problems. Nature of the Problem Internet domain names have been used to perpetrate fraud and have led to both public confusion and legal disputes. For example, fraudulent operators have created Web sites that attempt to mislead customers into disclosing their passwords or other sensitive information. They do this by acquiring domain names that may be similar in spelling to those of legitimate Web sites. Some Web sites also have been created to publish harmful information about an organization, using a domain name that is similar to the "target." Another problem involves "cybersquatters" who have attempted to sell desirable domain names to companies at exorbitant prices. These situations could result in considerable reputational harm and financial cost. Risk Management Techniques To prevent customer confusion, reputational harm, fraud and legal disputes, bank management can employ a number of practices and techniques. Timely registration and renewal of a bank's domain name(s) are important to assure that the bank acquires and retains ownership of the Internet addresses that it desires. Any lapses in registration could result in the loss of a domain name to another party. Bank management may choose to consider acquiring more than one domain name to retain control over the use of all similar names. However, this strategy may entail financial and administrative costs. Either way, institutions may benefit from conducting periodic Internet searches to determine whether there are names being used that are similar to their domain name, legal name or other trade/product names. In addition to similar domain names that have different suffixes (e.g., bankname.com and bankname.net), management also may want to look for variations in spelling and punctuation (e.g., bankname.com and bank-name.com). |
| PLEASE NOTE: Some of the above links may have expired, especially those from news organizations. We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance. |
