|
|
Internet Banking News |
|
June 24, 2001 FYI - New rules to boost access for disabled - Curtis Chong, like thousands of blind Web surfers, uses special software that reads the text aloud. But many government Web pages give him problems. http://news.cnet.com/news/0-1005-200-6302672.html?tag=dd.ne.dht.nl-hed.0 FYI - Disgruntled insiders and accounts held by former employees are a greater computer security threat to U.S. companies than outside hackers, according to a new survey. http://news.cnet.com/news/0-1003-200-6334879.html?tag=mn_hd INTERNET COMPLIANCE - Disclosures and Notices Several consumer regulations provide for disclosures and/or notices to consumers. The compliance officer should check the specific regulations to determine whether the disclosures/notices can be delivered via electronic means. The delivery of disclosures via electronic means has raised many issues with respect to the format of the disclosures, the manner of delivery, and the ability to ensure receipt by the appropriate person(s). The following highlights some of those issues and offers guidance and examples that may be of use to institutions in developing their electronic services. Disclosures are generally required to be "clear and conspicuous." Therefore, compliance officers should review the web site to determine whether the disclosures have been designed to meet this standard. Institutions may find that the format(s) previously used for providing paper disclosures may need to be redesigned for an electronic medium. Institutions may find it helpful to use "pointers" and "hotlinks" that will automatically present the disclosures to customers when selected. A financial institution's use solely of asterisks or other symbols as pointers or hotlinks would not be as clear as descriptive references that specifically indicate the content of the linked material. INTERNET SECURITY - We continue the series from the FDIC "Security Risks Associated with the Internet." This is the final comment covering the primary interrelated technologies, standards, and controls that presently exist to manage the risks of data privacy and confidentiality, data integrity, authentication, and non-repudiation. Certificate Authorities and Digital Certificates Certificate authorities and digital certificates are emerging to further address the issues of authentication, non-repudiation, data privacy, and cryptographic key management. A certificate authority (CA) is a trusted third party that verifies the identity of a party to a transaction . To do this, the CA vouches for the identity of a party by attaching the CA's digital signature to any messages, public keys, etc., which are transmitted. Obviously, the CA must be trusted by the parties involved, and identities must have been proven to the CA beforehand. Digital certificates are messages that are signed with the CA's private key. They identify the CA, the represented party, and could even include the represented party's public key. The responsibilities of CAs and their position among emerging technologies continue to develop. They are likely to play an important role in key management by issuing, retaining, or distributing public/private key pairs. Implementation The implementation and use of encryption technologies, digital signatures, certificate authorities, and digital certificates can vary. The technologies and methods can be used individually, or in combination with one another. Some techniques may merely encrypt data in transit from one location to another. While this keeps the data confidential during transmission, it offers little in regard to authentication and non-repudiation. Other techniques may utilize digital signatures, but still require the encrypted submission of sensitive information, like credit card numbers. Although protected during transmission, additional measures would need to be taken to ensure the sensitive information remains protected once received and stored. The protection afforded by the above security measures will be governed by the capabilities of the technologies, the appropriateness of the technologies for the intended use, and the administration of the technologies utilized. Care should be taken to ensure the techniques utilized are sufficient to meet the required needs of the institution. All of the technical and implementation differences should be explored when determining the most appropriate package. IN CLOSING - For more information about our new service concerning assessing R. Kinney Williams & Associates's Internet consumer privacy, please visit http://www.yennik.com/privacy. To signup, please complete the Internet On-line Privacy Assessment Program Agreement at http://www.yennik.com/form. The user name is "internet" and the password is "privacy" both in lower case and without the quotes. |
| PLEASE NOTE: Some of the above links may have expired, especially those from news organizations. We may have a copy of the article, so please e-mail us at examiner@yennik.com if we can be of assistance. |
