Internet Banking
News
November 7, 1999
FYI - State of the Internet: US Internet Council's Report on Use &
Threats in 1999 - The Internet revolution in the commercial, social, and civic life of
America also appears to be accelerating technological innovation and the convergence of
various technologies into an entirely new communications environment. The survey can be
found at http://www.bankwebsiteaudits.com/usic_state_of_net99.htm.
INTERNET SECURITY - Systems can be vulnerable to a variety of threats, including the
misuse or theft of passwords. Hackers may use password cracking programs to figure out
poorly selected passwords. The passwords may then be used to access other parts of the
system. By monitoring network traffic, unauthorized users can easily steal unencrypted
passwords. The theft of passwords is more difficult if they are encrypted. Employees or
hackers may also attempt to compromise system administrator access (root access), tamper
with critical files, read confidential e-mail, or initiate unauthorized e-mails or
transactions.
Hackers may use "social engineering," a scheme using social techniques to obtain
technical information required to access a system. A hacker may claim to be someone
authorized to access the system such as an employee or a certain vendor or contractor. The
hacker may then attempt to get a real employee to reveal user names or passwords, or even
set up new computer accounts. Another threat involves the practice of "war
dialing," in which hackers use a program that automatically dials telephone numbers
and searches for modem lines that bypass network firewalls and other security measures.
INTERNET COMPLIANCE - Disclosures are generally required to be "clear and
conspicuous." Therefore, compliance officers should review the web site to determine
whether the disclosures have been designed to meet this standard. Institutions may find
that the format(s) previously used for providing paper disclosures may need to be
redesigned for an electronic medium. Institutions may find it helpful to use
"pointers " and "hotlinks" that will automatically present the
disclosures to customers when selected. A financial institution's use solely of asterisks
or other symbols as pointers or hotlinks would not be as clear as descriptive references
that specifically indicate the content of the linked material.
WEB PAGES - While auditing web sites for compliance with FFIEC Internet disclosures, I
also bring to your attention other matters about the web site. One of the biggest problems
I discover on bank web sites is misspelled words. Be certain to remind your web page
programmer to spell check the web pages. Now with that said, I hope my newsletter and web
pages are free of misspellings.
SEMINAR: I am privileged to be the keynote speaker for Bankers Compliance Group's 14th
Annual Bank Management and Directors Seminar. I will be speaking about web page compliance
and Internet security. The one day seminar is being held in Long Beach, California, on
December 2 and in San Jose, California, on December 3. If you are interested in attending
call Katrina Audell at 949-553-0909 for costs and registration information. Their web site
is http://www.bankerscompliancegroup.com/. |
