 R. Kinney Williams & Associates |
Internet Banking News |
|
August 14, 2000 INTERNET SECURITY - The is the second of three installments covering the NCUA's "best practice" suggestions dealing with Identity Theft prevention. This guidance is based on experience from actual identity theft. Evaluate each suggestion and balance the privacy protection risk with the institution's resources and products to develop privacy protection strategies and policies that are right for your credit union, savings and loans, or bank. 9. Conduct better identity verification for instant credit, especially when an address is recently changed or is different from the credit report. Don't rely solely on social security numbers. Supplement with utility bills, tax records, etc. 10. Train your staff to recognize and address incidents in which identify thieves use persuasive social engineering skills to obtain necessary pieces of information to enable them to complete identify theft. 11. Put photographs on credit cards and staff business cards. 12. Truncate digits on account numbers printed on transactions slips at point of sale terminals. 13. Use account profiling systems to detect unusual activity. Notify members of potential fraudulent activity. 14. Avoid mass mailing pre-approved offers of credit. 15. Keep all information about employees locked in cabinets or encrypted data files. Establish data security procedures for those with legitimate access to the files. 16. Encrypt sensitive personal and confidential information. Conduct "systems penetration tests" to determine if systems are "hacker proof." INTERNET COMPLIANCE -Truth in Lending Act - Regulation Z The commentary to regulation Z clarifies that periodic statements for open-end credit accounts may be provided electronically, for example, via remote access devices. The regulations state that financial institutions may permit customers to call for their periodic statements, but may not require them to do so. If the customer wishes to pick up the statement and the plan has a grace period for payment without imposition of finance charges, the statement, including a statement provided by electronic means, must be made available in accordance with the "14-day rule," requiring mailing or delivery of the statement not later than 14 days before the end of the grace period. Provisions pertaining to advertising of credit products should be carefully applied to an on-line system to ensure compliance with the regulation. Financial institutions advertising open-end or closed-end credit products on-line have options. Financial institutions should ensure that on-line advertising complies with the regulations. For on-line advertisements that may be deemed to contain more than a single page, financial institutions should comply with regulations which describe the requirements for multiple-page advertisements. IN CLOSING - If you would like assistance in developing Internet and security policies that will meet your requirements and those of the bank examiners, we can help R. Kinney Williams & Associates develop these policies. Please give us a call when we can be of service. |
