Internet Banking News

November 7, 1999

FYI - State of the Internet: US Internet Council's Report on Use & Threats in 1999 - The Internet revolution in the commercial, social, and civic life of America also appears to be accelerating technological innovation and the convergence of various technologies into an entirely new communications environment. The survey can be found at http://www.bankwebsiteaudits.com/usic_state_of_net99.htm.

INTERNET SECURITY - Systems can be vulnerable to a variety of threats, including the misuse or theft of passwords. Hackers may use password cracking programs to figure out poorly selected passwords. The passwords may then be used to access other parts of the system. By monitoring network traffic, unauthorized users can easily steal unencrypted passwords. The theft of passwords is more difficult if they are encrypted. Employees or hackers may also attempt to compromise system administrator access (root access), tamper with critical files, read confidential e-mail, or initiate unauthorized e-mails or transactions.

Hackers may use "social engineering," a scheme using social techniques to obtain technical information required to access a system. A hacker may claim to be someone authorized to access the system such as an employee or a certain vendor or contractor. The hacker may then attempt to get a real employee to reveal user names or passwords, or even set up new computer accounts. Another threat involves the practice of "war dialing," in which hackers use a program that automatically dials telephone numbers and searches for modem lines that bypass network firewalls and other security measures.

INTERNET COMPLIANCE - Disclosures are generally required to be "clear and conspicuous." Therefore, compliance officers should review the web site to determine whether the disclosures have been designed to meet this standard. Institutions may find that the format(s) previously used for providing paper disclosures may need to be redesigned for an electronic medium. Institutions may find it helpful to use "pointers " and "hotlinks" that will automatically present the disclosures to customers when selected. A financial institution's use solely of asterisks or other symbols as pointers or hotlinks would not be as clear as descriptive references that specifically indicate the content of the linked material.

WEB PAGES - While auditing web sites for compliance with FFIEC Internet disclosures, I also bring to your attention other matters about the web site. One of the biggest problems I discover on bank web sites is misspelled words. Be certain to remind your web page programmer to spell check the web pages. Now with that said, I hope my newsletter and web pages are free of misspellings.

SEMINAR: I am privileged to be the keynote speaker for Bankers Compliance Group's 14th Annual Bank Management and Directors Seminar. I will be speaking about web page compliance and Internet security. The one day seminar is being held in Long Beach, California, on December 2 and in San Jose, California, on December 3. If you are interested in attending call Katrina Audell at 949-553-0909 for costs and registration information. Their web site is http://www.bankerscompliancegroup.com/.

Back Button

Go to the Bank Web Site Audit home page.

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated