R. Kinney Williams & Associates
R. Kinney Williams
& Associates

Internet Banking News

December 10, 2000

FYI - The federal bank and thrift regulatory agencies announced final consumer protection rules for the sale of insurance products by depository institutions. http://www.federalreserve.gov/boarddocs/press/BoardActs/2000/20001204/default.htm 

FYI - Charles Schwab's online customers are at risk of having their account information accessed and their accounts manipulated due to the same software vulnerability that affected ETrade's Web site in September. http://www.infoworld.com/articles/hn/xml/00/12/07/001207hnschwab.xml 

INTERNET SECURITY - We continue our review of the FDIC paper "Risk Assessment Tools and Practices or Information System Security."

RISK ASSESSMENT/MANAGEMENT

A thorough and proactive risk assessment is the first step in establishing a sound security program. This is the ongoing process of evaluating threats and vulnerabilities, and establishing an appropriate risk management program to mitigate potential monetary losses and harm to an institution's reputation. Threats have the potential to harm an institution, while vulnerabilities are weaknesses that can be exploited.

The extent of the information security program should be commensurate with the degree of risk associated with the institution's systems, networks, and information assets. For example, compared to an information-only Web site, institutions offering transactional Internet banking activities are exposed to greater risks. Further, real-time funds transfers generally pose greater risks than delayed or batch-processed transactions because the items are processed immediately. The extent to which an institution contracts with third-party vendors will also affect the nature of the risk assessment program.

INTERNET COMPLIANCE - Advertisements

Generally, Internet web sites are considered advertising by the regulatory agencies. In some cases, the regulations contain special rules for multiple-page advertisements. It is not yet clear what would constitute a single "page" in the context of the Internet or on-line text. Thus, institutions should carefully review their on-line advertisements in an effort to minimize compliance risk.

In addition, Internet or other systems in which a credit application can be made on-line may be considered "places of business" under HUD's rules prescribing lobby notices. Thus, institutions may want to consider including the "lobby notice," particularly in the case of interactive systems that accept applications.

WE HAVE A NEW FAX NUMBER: 806-784-0061. Our voice phone number 806-798-7119 remains the same, so don't hesitate to contact us.

 

PLEASE NOTE:  Some of the above links may have expired, especially those from news organizations.  We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance.  

Back Button

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated