Internet Banking News

July 18, 1999

1) The Internet is a new method for bankers to deliver their services to the consumer. More and more bankers are looking to the Internet to maintain and develop new business. Rightfully so, the regulators are concerned about the security of your customers' accounts. As the custodian of your customers' accounts, you should be equally if not more concerned than the regulators.

The Internet is by its nature an insecure means of communication. Despite the claims of some vendors, your bank's web site can be "cracked." The policies and practices you establish will help you recognized any potential intrusions as soon as possible, which will allow for immediate correction. Whatever you have budgeted for the Internet, be prepared to spend twice as much.

2) INTERNET SECURITY - To ensure the security of information systems and data, financial institutions should have a sound information security program (policy) that identifies, measures, monitors, and manages potential risk exposure. Fundamental to an effective information security program is ongoing risk assessment of threats and vulnerabilities surrounding networked and/or Internet systems. Institutions should consider the various measures available to support and enhance information security programs. The FDIC security paper dated July 7, 1999, describes certain vulnerability assessment tools and intrusion detection methods that can be useful in preventing and identifying attempted external break-ins or internal misuse of information systems. Institutions should also consider plans for responding to an information security incident. (I will cover more on this subject next week.)

COMMENT: If you are using a third-party provider, the provider should be able to furnish you with security procedures that it uses. You should incorporate these procedures into your policy. If you have your own server, then your computer personnel should be able to write your Internet security policy. However you develop your Internet Security Policy, be sure to have the policy reviewed by an independent party that understands Internet security.

3) INTERNET COMPLIANCE - Reserve Requirements of Depository Institutions (Regulation D) - Pursuant to the withdrawal and transfer restrictions imposed on savings deposits 204.2(d)(2) electronic transfers, electronic withdrawals (paid electronically) or payments to third parties initiated by a depositor from a personal computer are included as a type of transfer subject to the six transaction limit imposed on passbook savings and MMDA accounts

COMMENT: Does your software keep track of passbook and MMDA withdrawals? If not, you will need to establish internal procedures that will allow you to monitor passbook and MMDA withdrawals. You will find Regulation D at http://www.fdic.gov/lawsregs/rules/7500-4.html#7500.

Back Button

Go to the Bank Web Site Audit home page.

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, Copyright Yennik, Incorporated