R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

May 13, 2001

FYI - During an IS audit during the past year, it was discovered that all the five day rotation backup tapes of the data processing applications were not working. While the problem turned out to be a defective backup tape drive, during the daily backup procedures the system said that the backup was "successful." Testing the bank's disaster recovery program brought this problem to light. The question is even though your backup system indicates that the backup was successful, are you sure? Testing your backup is the only sure means that the backup system is working.

FYI - The FDIC issued guidance on measures to prevent identity theft and pretext calling. The guidance reminds financial institutions how to report such activities to regulators using Suspicious Activity Reports (SARs), suggests educating consumers on identity theft and pretext calling, and summarizes relevant federal laws. http://www.fdic.gov/news/news/press/2001/pr3601.html 

FYI - The Board of Governors of the Federal Reserve System (FRB) published the attached interim final rules establishing uniform standards for the electronic delivery of federally mandated disclosures under five consumer protection regulations: B (Equal Credit Opportunity), E (Electronic Fund Transfers), M (Consumer Leasing), Z (Truth in Lending), and DD (Truth in Savings). The rules took effect on March 30, 2001; however, to allow time for any necessary operational changes, the mandatory compliance date is October 1, 2001. http://www.fdic.gov/news/news/financial/2001/fil0140.html 

INTERNET COMPLIANCE - Equal Credit Opportunity Act (Regulation B)

The regulations clarifies the rules concerning the taking of credit applications by specifying that application information entered directly into and retained by a computerized system qualifies as a written application under this section. If an institution makes credit application forms available through its on-line system, it must ensure that the forms satisfy the requirements.

The regulations also clarify the regulatory requirements that apply when an institution takes loan applications through electronic media. If an applicant applies through an electronic medium (for example, the Internet or a facsimile) without video capability that allows employees of the institution to see the applicant, the institution may treat the application as if it were received by mail.

INTERNET SECURITY - We continue the series from the FDIC "Security Risks Associated with the Internet." While this Financial Institution Letter was published in December 1997, the issues still are relevant.

Non-repudiation

Non-repudiation involves creating proof of the origin or delivery of data to protect the sender against false denial by the recipient that the data has been received or to protect the recipient against false denial by the sender that the data has been sent. To ensure that a transaction is enforceable, steps must be taken to prohibit parties from disputing the validity of, or refusing to acknowledge, legitimate communications or transactions.

Access Control / System Design

Establishing a link between a bank's internal network and the Internet can create a number of additional access points into the internal operating system. Furthermore, because the Internet is global, unauthorized access attempts might be initiated from anywhere in the world. These factors present a heightened risk to systems and data, necessitating strong security measures to control access. Because the security of any network is only as strong as its weakest link, the functionality of all related systems must be protected from attack and unauthorized access. Specific risks include the destruction, altering, or theft of data or funds; compromised data confidentiality; denial of service (system failures); a damaged public image; and resulting legal implications. Perpetrators may include hackers, unscrupulous vendors, former or disgruntled employees, or even agents of espionage.

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated