Internet Banking News
October 24, 1999
FYI - October 18, 1999 (UPI Spotlight) - Y2K Trojan Horse penetrates
military - The U.S. military in Europe is warning its personnel that a new Internet
"trojan horse" is on the loose in electronic mail, masquerading as a Year 2000
countdown clock sponsored by software giant Microsoft. If the clock is installed, it also
installs an executable file that copies usernames, passwords, login IDs and can read all
data sent or received over the Internet.
FYI - Please remind your personnel to delete e-mails with attachments from unknown
sources. E-mails themselves do not carry a virus such as a "trojan horse." It is
the attachments to an e-mail that carry the virus. By opening an attachment from an
unknown source, opens your computer to infection. Also, today may be a good time to update
your virus protection programs.
INTERNET SECURITY - Not only are system attacks often undetected, in many cases identified
attacks are not reported. Institutions should develop a plan to respond to unauthorized
activities and involve law enforcement when appropriate. Institutions should report
suspected computer crimes and computer intrusions on Suspicious Activity Reports (SARs) in
accordance with the guidelines outlined in Financial Institution Letter 124-97,
"Suspicious Activity Reporting."
INTERNET COMPLIANCE - Expedited Funds Availability Act (Regulation CC) - Generally, the
rules pertaining to the duty of an institution to make deposited funds available for
withdrawal apply in the electronic financial services environment. This includes rules on
fund availability schedules, disclosure of policy, and payment of interest. Recently, the
FRB published a commentary that clarifies requirements for providing certain written
notices or disclosures to customers via electronic means. Specifically, the commentary to
§229.13(g)-1a states that a financial institution satisfies the written exception hold
notice requirement, and the commentary to §229.15(a)-1 states that a financial
institution satisfies the general disclosure requirement by sending an electronic version
that displays the text and is in a form that the customer may keep. However, the customer
must agree to such means of delivery of notices and disclosures. Information is considered
to be in a form that the customer may keep if, for example, it can be downloaded or
printed by the customer. To reduce compliance risk, financial institutions should test
their programs' ability to provide disclosures in a form that can be downloaded or
printed.
REGULATORY CLARIFICATION - In reply to my questions, the FDIC stated "Usage of the
FDIC's corporate "seal" on a bank web page is prohibited, but usage of a graphic
image that is the same as the FDIC sticker used by banks to advertise FDIC membership is
allowed." "Most web sites have the "Member FDIC" statement at the
bottom, but as long as it is conspicuously placed within the web page, there's presently
no requirement where that statement should appear; it must be viewable at some point when
the reader scrolls to the page area in which the disclosure appears." |
