Internet Banking News

October 17, 1999

My horseback riding trip to the mountains of New Mexico was great. I have posted some pictures at http://www.yennik.com/pictures.

INTERNET SECURITY - Some examples of system attacks include:

1) Denial of service (system failure), which is any action preventing a system from operating as intended. It may be the unauthorized destruction, modification, or delay of service. For example, in a "SYN Flood" attack, a system can be flooded with requests to establish a connection, leaving the system with more open connections than it can support. Then, legitimate users of the system being attacked are not allowed to connect until the open connections are closed or can time out.
2) Internet Protocol (IP) spoofing, which allows an intruder via the Internet to effectively impersonate a local system's IP address in an attempt to gain access to that system. If other local systems perform session authentication based on a connection's IP address, those systems may misinterpret incoming connections from the intruder as originating from a local trusted host and not require a password.
3) Trojan horses, which are programs that contain additional (hidden) functions that usually allow malicious or unintended activities. A Trojan horse program generally performs unintended functions that may include replacing programs, or collecting, falsifying, or destroying data. Trojan horses can be attached to e-mails and may create a "back door" that allows unrestricted access to a system. The programs may automatically exclude logging and other information that would allow the intruder to be traced.
4) Viruses, which are computer programs that may be embedded in other code and can self-replicate. Once active, they may take unwanted and unexpected actions that can result in either nondestructive or destructive outcomes in the host computer programs. The virus program may also move into multiple platforms, data files, or devices on a system and spread through multiple systems in a network. Virus programs may be contained in an e-mail attachment and become active when the attachment is opened.

INTERNET COMPLIANCE - Reserve Requirements of Depository Institutions (Regulation D) states that withdrawal and transfer restrictions imposed on savings deposits electronic transfers, electronic withdrawals (paid electronically) or payments to third parties initiated by a depositor from a personal computer are included as a type of transfer subject to the six transaction limit imposed on passbook savings and MMDA accounts.

CLIENTS - Regulation D section 204.2(d)(2) can be found at http://www.fdic.gov/regulations/laws/rules/7500-4.html.

INTERNET EXAMINATIONS - This week the OCC issued a new handbook outlining procedures for examining Internet banking activities in national banks. The OCC estimates that about 500 national banks have transactional web sites that would be subject to today's examination procedures, as would other national banks with non-transactional web sites. Even if you are not a national bank, this is required reading for all bank auditors and compliance officers. For a copy of the "Internet Banking - Comptroller's Handbook," call the OCC at (202) 874-5043.

FEDERAL RESERVE BOARD - Roger W. Ferguson, Jr., Member, Board of Governors of the Federal Reserve System said that the Federal Reserve supports the creation of the Financial Services Information Sharing and Analysis Center in response to the President's directive to protect our nation's banking and financial services from the threat of physical and cyber attacks. The complete press release can be found at http://www.bog.frb.fed.us/boarddocs/press/General/1999/19991001/DEFAULT.HTM.

WEB PAGES - When indicating times, state Central Time (or whatever your time zone is) instead of Central Standard Time. Central Time covers both Central Standard Time and Central Daylight Time.

Back Button

Go to the Bank Web Site Audit home page.

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated