R. Kinney Williams - Yennik, Inc.
R. Kinney Williams
Yennik, Inc.

Internet Banking News
Brought to you by Yennik, Inc. the acknowledged leader in Internet auditing for financial institutions.

November 28, 2010

CONTENT Internet Compliance Information Systems Security
IT Security Question
Internet Privacy
Website for Penetration Testing
Does Your Financial Institution need an affordable Internet security audit?  Yennik, Inc. has clients in 42 states that rely on our penetration testing audits to ensure proper Internet security settings and to meet the independent diagnostic test requirements of FDIC, OCC, FRB, and NCUA, which provides compliance with Gramm-Leach Bliley Act 501(b) The penetration audit and Internet security testing is an affordable-sophisticated process than goes far beyond the simple scanning of ports.  The audit focuses on a hacker's perspective, which will help you identify real-world weaknesses.  For more information, give R. Kinney Williams a call today at 806-798-7119 or visit http://www.internetbankingaudits.com/.

Spending less than 5 minutes a week along with a cup of coffee, you can monitor your IT security as required by the FDIC, OCC, FRB FFIEC, NCUA, NIST, GLBA, HIPAA, and best practices.  For more information visit http://www.yennik.com/it-review/.

FYI - European banks see new ATM skimming attacks - Banks in Europe are seeing innovative skimming attacks against ATMs, where fraudsters rig special devices to the cash machines to record payment card details. http://www.computerworld.com/s/article/9197138/European_banks_see_new_ATM_skimming_attacks?taxonomyId=17

FYI - Report sounds alarm on China's rerouting of U.S. Internet traffic - Substantial portion of traffic was routed through China earlier this year, says U.S.-China commission - A report submitted to Congress on Wednesday by the U.S.-China Economic and Security Review Commission expressed concerns over what the commission claims is China's growing ability to control and manipulate Internet traffic. http://www.computerworld.com/s/article/9197019/Update_Report_sounds_alarm_on_China_s_rerouting_of_U.S._Internet_traffic?taxonomyId=17

FYI - Air Force Warns Against Location Based Sites - Military says careless use could disclose service members' position to enemy, compromising safety and operations. The U.S. Air Force is warning servicemen and women that popular geolocation services such as Facebook Places, Foursquare, Gowalla, and Loopt could inadvertently reveal their position to the enemy. http://www.informationweek.com/news/government/mobile/showArticle.jhtml?articleID=228300144&cid=RSSfeed_IWK_All

FYI - FBI brass ask Google, Facebook to expand wiretaps - Top officials from the FBI traveled to Silicon Valley on Tuesday to persuade Facebook and Google executives to support a proposal that would make it easier for law enforcement to wiretap the companies' users. http://www.theregister.co.uk/2010/11/17/google_facebook_wiretapping/

FYI - Cybersecurity bill gives DHS power to punish tech firms - Democratic politicians are proposing a novel approach to cybersecurity: fine technology companies $100,000 a day unless they comply with directives imposed by the U.S. Department of Homeland Security. http://news.cnet.com/8301-13578_3-20023464-38.html

FYI - Top judge says internet 'could kill jury system' - The jury system may not survive if it is undermined by social networking sites, England's top judge has said. http://www.bbc.co.uk/news/uk-11796648

FYI - After FTC settlement, LifeLock refund checks going out - The check is in the mail for nearly a million LifeLock customers, after the provider of identity-theft protection services settled accusations of deceptive advertising. http://www.computerworld.com/s/article/9197482/After_FTC_settlement_LifeLock_refund_checks_going_out?taxonomyId=17


FYI - Malaysian Charged With Hacking Federal Reserve, Others - A Malaysian man has been charged with hacking into major U.S. corporations, including the U.S. Federal Reserve Bank of Cleveland and FedComp, a company that processes financial transactions for credit unions. http://www.pcworld.com/businesscenter/article/211104/malaysian_charged_with_hacking_federal_reserve_others.html

FYI - Man charged with stealing secrets from wireless company Sirf - A San Ramon, California, man is facing charges he stole valuable technology from his former employer in hopes of building competitive location-aware products. http://www.computerworld.com/s/article/9196878/Man_charged_with_stealing_secrets_from_wireless_company_Sirf?taxonomyId=144

FYI - Computer hacker controlled victims' webcams from mother's front room - A computer hacker accessed highly personal data and controlled victims' webcams as part of a sophisticated email scam carried out from his mother's front room. http://news.stv.tv/scotland/highlands-islands/211018-computer-hacker-controlled-victims-webcams-from-mothers-front-room/

Return to the top of the newsletter

Electronic Fund Transfer Act, Regulation E (Part 1 of 2)

Generally, when online banking systems include electronic fund transfers that debit or credit a consumer's account, the requirements of the Electronic Fund Transfer Act and Regulation E apply.  A transaction involving stored value products is covered by Regulation E when the transaction accesses a consumer's account (such as when value is "loaded" onto the card from the consumer's deposit account at an electronic terminal or personal computer).

Financial institutions must provide disclosures that are clear and readily understandable, in writing, and in a form the consumer may keep.  An Interim rule was issued on March 20, 1998 that allows depository institutions to satisfy the requirement to deliver by electronic communication any of these disclosures and other information required by the act and regulations, as long as the consumer agrees to such method of delivery.

Financial institutions must ensure that consumers who sign up for a new banking service are provided with disclosures for the new service if the service is subject to terms and conditions different from those described in the initial disclosures.  Although not specifically mentioned in the commentary, this applies to all new banking services including electronic financial services.

The Federal Reserve Board Official Staff Commentary (OSC) also clarifies that terminal receipts are unnecessary for transfers initiated online. Specifically, OSC regulations provides that, because the term "electronic terminal" excludes a telephone operated by a consumer, financial institutions need not provide a terminal receipt when a consumer initiates a transfer by a means analogous in function to a telephone, such as by a personal computer or a facsimile machine.

Return to the top of the newsletter
We continue our series on the FFIEC interagency Information Security Booklet.  


Action Summary
-Financial institutions must maintain an ongoing information security risk assessment program that effectively

1)  Gathers data regarding the information and technology assets of the organization, threats to those assets, vulnerabilities, existing security controls and processes, and the current security standards and requirements;

2)  Analyzes the probability and impact associated with the known threats and vulnerabilities to its assets; and

3) Prioritizes the risks present due to threats and vulnerabilities to determine the appropriate level of training, controls, and testing necessary for effective mitigation.

Return to the top of the newsletter

- We continue our series listing the regulatory-privacy examination questions.  When you answer the question each week, you will help ensure compliance with the privacy regulations.

Content of Privacy Notice

12. Does the institution make the following disclosures regarding service providers and joint marketers to whom it discloses nonpublic personal information under 13:

a. as applicable, the same categories and examples of nonpublic personal information disclosed as described in paragraphs (a)(2) and (c)(2) of section six (6) (see questions 8b and 10); and [6(c)(4)(i)]

b. that the third party is a service provider that performs marketing on the institution's behalf or on behalf of the institution and another financial institution; [6(c)(4)(ii)(A)] or

c. that the third party is a financial institution with which the institution has a joint marketing agreement? [6(c)(4)(ii)(B)]


PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

IT Security Checklist
Spending less than 5 minutes a week along with a cup of coffee, you can monitor your IT security as required by the FDIC, OCC, FRB FFIEC, NCUA, NIST, GLBA, HIPAA, and best practices.  For more information visit http://www.yennik.com/it-review/.

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119


Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated