Internet Banking News

August 22, 1999

1) This has been an interesting week for Internet Banking. The Fed approved banks delivering statements to customers over the Internet as long as the customer agrees. The Industry Standard reported in a new study, that approximately one-third of U.S. online-bank customers discontinued their accounts during the past 12 months. First Union Corp., Chase Manhattan Corp. and Wells Fargo & Co. said they will begin offering a test version of an online bill delivery and payment service to customers next month but that the service will not be ready for their 60 million customers until early next year.

2) INTERNET SECURITY - Host- Versus Network-Based Vulnerability Assessment Tools - As in intrusion detection systems, which I will discuss in a future newsletter, there are generally two types of vulnerability assessment tools: host-based and network-based. Another category is sometimes used for products that assess vulnerabilities of specific applications (application-based) on a host. A host is generally a single computer or workstation that can be connected to a computer network. Host-based tools assess the vulnerabilities of specific hosts. They usually reside on servers, but can be placed on specific desktop computers, routers, or even firewalls.

FYI - As an auditor, I do not recommend products but I know of a couple of web sites that provide an overview of several different products, services, and vendors available in the marketplace. These sites provide good educational material about various facets of information system technology. One point that should be emphasized when researching these areas is that none of the respective products or services on the market today (or in the future) provide a "silver bullet" to cure all system vulnerabilities. Rather, it is the combination of a variety of tools and techniques that operate under the direction of an information security program designed for the individual bank (and based on the bank's risk assessment). Automated tools are only one option. Other options include manual reviews, which may be performed by internal bank personnel or external specialists.

The two web sites that I would recommend for more detailed information on intrusion detection systems, scanning tools and penetration tests include:

http://www.sans.org (the SANS Institute)
http://www.gocsi.com (the Computer Security Institute)

3) INTERNET COMPLIANCE - Fair Housing Act - A financial institution that advertises on-line credit products that are subject to the Fair Housing Act must display the Equal Housing Lender logotype and legend or other permissible disclosure of its nondiscrimination policy if required by rules of the institution's regulator (OTS §528.4, FDIC §338.3, NCUA §701.31, FRB Fair Housing Advertising and Poster Requirements, 54 Fed. Reg. 11,567 (1989)).

I may not have brought this to your attention during my last web site audit, so please review your real estate lending pages. It would be strongly recommended that "The bank makes loans without regard to race, color, religion, national origin, sex, handicap, or familial status" appear on all lending web pages.

IN CONCLUSION - Within the past couple of weeks, the FDIC has changed some of their web site URLs. It appears that the Year 2000 URLs stayed the same. I would recommend that you review any links to FDIC that may be on your web site to be certain that the links function properly.

Back Button

Go to the Bank Web Site Audit home page.

Company Information
Yennik, Inc.

4409 101st Street
Lubbock, Texas 79424
Office 806-798-7119
Examiner@yennik.com

 

Please visit our other web sites:
VISTA penetration-vulnerability testing
The Community Banker - Bank FFIEC & ADA Web Site Audits
Credit Union FFIEC & ADA Web Site Audits - Bank Auditing Services
US Banks on the Internet  
US Credit Unions on the Internet

All rights reserved; Our logo is registered with the United States Patent and Trademark Office.
Terms and Conditions, Privacy Statement, © Copyright Yennik, Incorporated