Internet Banking News

October 24, 1999

FYI - October 18, 1999 (UPI Spotlight) - Y2K Trojan Horse penetrates military - The U.S. military in Europe is warning its personnel that a new Internet "trojan horse" is on the loose in electronic mail, masquerading as a Year 2000 countdown clock sponsored by software giant Microsoft. If the clock is installed, it also installs an executable file that copies usernames, passwords, login IDs and can read all data sent or received over the Internet.

FYI - Please remind your personnel to delete e-mails with attachments from unknown sources. E-mails themselves do not carry a virus such as a "trojan horse." It is the attachments to an e-mail that carry the virus. By opening an attachment from an unknown source, opens your computer to infection. Also, today may be a good time to update your virus protection programs.

INTERNET SECURITY - Not only are system attacks often undetected, in many cases identified attacks are not reported. Institutions should develop a plan to respond to unauthorized activities and involve law enforcement when appropriate. Institutions should report suspected computer crimes and computer intrusions on Suspicious Activity Reports (SARs) in accordance with the guidelines outlined in Financial Institution Letter 124-97, "Suspicious Activity Reporting."

INTERNET COMPLIANCE - Expedited Funds Availability Act (Regulation CC) - Generally, the rules pertaining to the duty of an institution to make deposited funds available for withdrawal apply in the electronic financial services environment. This includes rules on fund availability schedules, disclosure of policy, and payment of interest. Recently, the FRB published a commentary that clarifies requirements for providing certain written notices or disclosures to customers via electronic means. Specifically, the commentary to 229.13(g)-1a states that a financial institution satisfies the written exception hold notice requirement, and the commentary to 229.15(a)-1 states that a financial institution satisfies the general disclosure requirement by sending an electronic version that displays the text and is in a form that the customer may keep. However, the customer must agree to such means of delivery of notices and disclosures. Information is considered to be in a form that the customer may keep if, for example, it can be downloaded or printed by the customer. To reduce compliance risk, financial institutions should test their programs' ability to provide disclosures in a form that can be downloaded or printed.

REGULATORY CLARIFICATION - In reply to my questions, the FDIC stated "Usage of the FDIC's corporate "seal" on a bank web page is prohibited, but usage of a graphic image that is the same as the FDIC sticker used by banks to advertise FDIC membership is allowed." "Most web sites have the "Member FDIC" statement at the bottom, but as long as it is conspicuously placed within the web page, there's presently no requirement where that statement should appear; it must be viewable at some point when the reader scrolls to the page area in which the disclosure appears."

Back Button

Go to the Bank Web Site Audit home page.

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119


Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated