Internet Banking News
October 17, 1999
My horseback riding trip to the mountains of New Mexico was great. I have
posted some pictures at http://www.yennik.com/pictures.
INTERNET SECURITY - Some examples of system attacks include:
1) Denial of service (system failure), which is any action preventing a system from
operating as intended. It may be the unauthorized destruction, modification, or delay of
service. For example, in a "SYN Flood" attack, a system can be flooded with
requests to establish a connection, leaving the system with more open connections than it
can support. Then, legitimate users of the system being attacked are not allowed to
connect until the open connections are closed or can time out.
2) Internet Protocol (IP) spoofing, which allows an intruder via the Internet to
effectively impersonate a local system's IP address in an attempt to gain access to that
system. If other local systems perform session authentication based on a connection's IP
address, those systems may misinterpret incoming connections from the intruder as
originating from a local trusted host and not require a password.
3) Trojan horses, which are programs that contain additional (hidden) functions that
usually allow malicious or unintended activities. A Trojan horse program generally
performs unintended functions that may include replacing programs, or collecting,
falsifying, or destroying data. Trojan horses can be attached to e-mails and may create a
"back door" that allows unrestricted access to a system. The programs may
automatically exclude logging and other information that would allow the intruder to be
4) Viruses, which are computer programs that may be embedded in other code and can
self-replicate. Once active, they may take unwanted and unexpected actions that can result
in either nondestructive or destructive outcomes in the host computer programs. The virus
program may also move into multiple platforms, data files, or devices on a system and
spread through multiple systems in a network. Virus programs may be contained in an e-mail
attachment and become active when the attachment is opened.
INTERNET COMPLIANCE - Reserve Requirements of Depository Institutions (Regulation D)
states that withdrawal and transfer restrictions imposed on savings deposits electronic
transfers, electronic withdrawals (paid electronically) or payments to third parties
initiated by a depositor from a personal computer are included as a type of transfer
subject to the six transaction limit imposed on passbook savings and MMDA accounts.
CLIENTS - Regulation D section §204.2(d)(2) can be found at http://www.fdic.gov/regulations/laws/rules/7500-4.html.
INTERNET EXAMINATIONS - This week the OCC issued a new handbook outlining procedures for
examining Internet banking activities in national banks. The OCC estimates that about 500
national banks have transactional web sites that would be subject to today's examination
procedures, as would other national banks with non-transactional web sites. Even if you
are not a national bank, this is required reading for all bank auditors and compliance
officers. For a copy of the "Internet Banking - Comptroller's Handbook," call
the OCC at (202) 874-5043.
FEDERAL RESERVE BOARD - Roger W. Ferguson, Jr., Member, Board of Governors of the Federal
Reserve System said that the Federal Reserve supports the creation of the Financial
Services Information Sharing and Analysis Center in response to the President's directive
to protect our nation's banking and financial services from the threat of physical and
cyber attacks. The complete press release can be found at http://www.bog.frb.fed.us/boarddocs/press/General/1999/19991001/DEFAULT.HTM.
WEB PAGES - When indicating times, state Central Time (or whatever your time zone is)
instead of Central Standard Time. Central Time covers both Central Standard Time and
Central Daylight Time.