R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

June 3, 2001

FYI - June 1, 2001 - FORMER FDIC EMPLOYEE SENTENCED IN IDENTITY FRAUD SCHEME - FDIC Inspector General Gaston L. Gianni, Jr., announced today that former FDIC employee Theresa A. Hill of Seat Pleasant, MD, was sentenced on May 29, 2001, to five years of probation, including six months of home confinement, in connection with an identity fraud scheme. Ms. Hill was also ordered to pay $87,531 in restitution. http://www.fdic.gov/news/news/press/2001/pr4101.html 

FYI - May 31, 2001 - Standards for Safeguarding Customer Information - The federal banking agencies jointly issued guidelines establishing standards for safeguarding customer information (Guidelines), which will become effective July 1, 2001. www.federalreserve.gov/BoardDocs/SRLetters/2001/Sr0115.htm 

FYI - A glitch in the online version of bookkeeping software Quicken has caused some accounts to duplicate transactions and may have resulted in incorrect information being displayed, Intuit confirmed Tuesday. http://news.cnet.com/news/0-1007-200-5933941.html?tag=dd.ne.dht.nl-sty.0 

INTERNET COMPLIANCE - Advertisements

Generally, Internet web sites are considered advertising by the regulatory agencies. In some cases, the regulations contain special rules for multiple-page advertisements. It is not yet clear what would constitute a single "page" in the context of the Internet or on-line text. Thus, institutions should carefully review their on-line advertisements in an effort to minimize compliance risk.

In addition, Internet or other systems in which a credit application can be made on-line may be considered "places of business" under HUD's rules prescribing lobby notices. Thus, institutions may want to consider including the "lobby notice," particularly in the case of interactive systems that accept applications.

INTERNET SECURITY - We continue the series from the FDIC "Security Risks Associated with the Internet." While this Financial Institution Letter was published in December 1997, the issues still are relevant.

The next number of weeks we will discuss the primary interrelated technologies, standards, and controls that presently exist to manage the risks of data privacy and confidentiality, data integrity, authentication, and non-repudiation.

Encryption, Digital Signatures, and Certificate Authorities

Encryption techniques directly address the security issues surrounding data privacy, confidentiality, and data integrity. Encryption technology is also employed in digital signature processes, which address the issues of authentication and non-repudiation. Certificate authorities and digital certificates are emerging to address security concerns, particularly in the area of authentication. The function of and the need for encryption, digital signatures, certificate authorities, and digital certificates differ depending on the particular security issues presented by the bank's activities. The technologies, implementation standards, and the necessary legal infrastructure continue to evolve to address the security needs posed by the Internet and electronic commerce.

Encryption

Encryption, or cryptography, is a method of converting information to an unintelligible code. The process can then be reversed, returning the information to an understandable form. The information is encrypted (encoded) and decrypted (decoded) by what are commonly referred to as "cryptographic keys." These "keys" are actually values, used by a mathematical algorithm to transform the data. The effectiveness of encryption technology is determined by the strength of the algorithm, the length of the key, and the appropriateness of the encryption system selected.

Because encryption renders information unreadable to any party without the ability to decrypt it, the information remains private and confidential, whether being transmitted or stored on a system. Unauthorized parties will see nothing but an unorganized assembly of characters. Furthermore, encryption technology can provide assurance of data integrity as some algorithms offer protection against forgery and tampering. The ability of the technology to protect the information requires that the encryption and decryption keys be properly managed by authorized parties.

IN CLOSING - We hope everyone had a safe and enjoyable Memorial Day weekend. I apologize for not publishing the e-newsletter last week, but I took a few days off.

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated