Internet Banking News

June 27, 1999

1) The FFIEC Internet guidelines cover the Electronic Fund Transfer Act and Regulation E as it applies to Internet sites where debits or credits of a consumer's account are permitted. Some points of interest:

1) Regulation E disclosures apply at the time a consumer contracts for an electronic fund transfer service or before the first electronic fund transfer is made involving the consumer's account.
2) The disclosures must be clear and readily understandable, in writing, and in a form the consumer may keep.
3) An interim rule was written that allows depository institutions to satisfy the requirement to deliver by electronic communication any of these disclosures and other information required by the act and regulations, as long as the consumer agrees to such method of delivery.

RECOMMENDATION:

When your customer applies for banking services on-line and before the request is electronically sent to the bank's server, a web page should appear that gives the customer the option of 1) viewing the disclosure or 2) printing the disclosure, but in either case, this web page should state that the disclosures will be mailed to the applicant when received by the bank.

2) Does your Internet policy cover how e-mail received is to be handled? This is no different than letters received by the bank. E-mail should be reviewed every day, even when someone is on vacation. For example, an employee receives an unsolicited e-mail with an application for a real estate loan. The employee that received the e-mail application delivers the e-mail to the appropriate department. Improper handling of a real estate loan application, whether or not solicited, will create compliance problems.

3) FDIC is encouraging banks to put a Year 2000 link on their home page to "What Bankers Should Know." The URL is http://www.fdic.gov/about/y2k/bank/.

I HAVE STARTED A NEW SERVICE - The examiners are requiring the bank's Board of Directors to perform due diligence when selecting an Internet Service Provider (ISP) to handle the bank's Internet transactional banking and annually to ensure security of customer information.  At issue is the ISP's financial condition, contract, management, firewalls, overall security, and penetration testing.

The above information should be on file at your bank.  I will review this information and issue a written report to the Board of Directors regarding my findings.  The Electronic Banking Report will not be written in technical terminology, but will be in layman terms so that it is understandable.

Please contact me if I can perform your due diligence regarding Internet security.

Back Button

Go to the Bank Web Site Audit home page.

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated