June 17, 2001
FYI - TOKYO - An Internet bank set up by electronics and entertainment giant Sony opened for business Monday, but a glitch made it hard to get in the door.
FYI - A House of Representatives subcommittee on Wednesday approved legislation to create a computer network that would link together the existing databases of U.S. state and federal banking, securities and insurance regulators in an effort to combat financial fraud.
June 12, 2001 - DONNA TANOUE ANNOUNCES HER RESIGNATION AS CHAIRMAN OF THE FDIC - Donna Tanoue today announced that she has submitted her resignation as Chairman of the Federal Deposit Insurance Corporation, effective July 11, 2001.
June 15, 2001 - Truth in Savings - NCUA is amending its regulation that implements the Truth in Savings Act (TISA). This interim final rule establishes uniform standards for the electronic delivery of disclosures required by TISA.
June 14, 2001 - A SUMMARY OF ACTIONS TAKEN BY THE NCUA BOARD - Charter modifications, National corporate FOM amended, Standards set for electronic Truth in Savings disclosures, Housekeeping amendments proposed.
INTERNET COMPLIANCE - TRUTH IN SAVINGS ACT (REG DD)
Financial institutions that advertise deposit products and services on-line must verify that proper advertising disclosures are made in accordance with all provisions of the regulations. Institutions should note that the disclosure exemption for electronic media does not specifically address commercial messages made through an institution's web site or other on-line banking system. Accordingly, adherence to all of the advertising disclosure requirements is required.
Advertisements should be monitored for recency, accuracy, and compliance. Financial institutions should also refer to OSC regulations if the institution's deposit rates appear on third party web sites or as part of a rate sheet summary. These types of messages are not considered advertisements unless the depository institution, or a deposit broker offering accounts at the institution, pays a fee for or otherwise controls the publication.
Disclosures generally are required to be in writing and in a form that the consumer can keep. Until the regulation has been reviewed and changed, if necessary, to allow electronic delivery of disclosures, an institution that wishes to deliver disclosures electronically to consumers, would supplement electronic disclosures with paper disclosures.
INTERNET SECURITY - We continue the series from the FDIC "Security Risks Associated with the Internet." We are covering the primary interrelated technologies, standards, and controls that presently exist to manage the risks of data privacy and confidentiality, data integrity, authentication, and non-repudiation.
Digital signatures authenticate the identity of a sender, through the private, cryptographic key. In addition, every digital signature is different because it is derived from the content of the message itself. The combination of identity authentication and singularly unique signatures results in a transmission that cannot be repudiated.
Digital signatures can be applied to any data transmission, including e-mail. To generate a digital signature, the original, unencrypted message is run through a mathematical algorithm that generates what is known as a message digest (a unique, character representation of the data). This process is known as the "hash." The message digest is then encrypted with a private key, and sent along with the message. The recipient receives both the message and the encrypted message digest. The recipient decrypts the message digest, and then runs the message through the hash function again. If the resulting message digest matches the one sent with the message, the message has not been altered and data integrity is verified. Because the message digest was encrypted with a private key, the sender can be identified and bound to the specific message. The digital signature cannot be reused, because it is unique to the message. In the above example, data privacy and confidentiality could also be achieved by encrypting the message itself. The strength and security of a digital signature system is determined by its implementation, and the management of the cryptographic keys.