Internet Banking News
July 18, 1999
1) The Internet is a new method for bankers to deliver their services to
the consumer. More and more bankers are looking to the Internet to maintain and develop
new business. Rightfully so, the regulators are concerned about the security of your
customers' accounts. As the custodian of your customers' accounts, you should be equally
if not more concerned than the regulators.
The Internet is by its nature an insecure means of communication. Despite the claims of
some vendors, your bank's web site can be "cracked." The policies and practices
you establish will help you recognized any potential intrusions as soon as possible, which
will allow for immediate correction. Whatever you have budgeted for the Internet, be
prepared to spend twice as much.
2) INTERNET SECURITY - To ensure the security of information systems and data, financial
institutions should have a sound information security program (policy) that identifies,
measures, monitors, and manages potential risk exposure. Fundamental to an effective
information security program is ongoing risk assessment of threats and vulnerabilities
surrounding networked and/or Internet systems. Institutions should consider the various
measures available to support and enhance information security programs. The FDIC security
paper dated July 7, 1999, describes certain vulnerability assessment tools and intrusion
detection methods that can be useful in preventing and identifying attempted external
break-ins or internal misuse of information systems. Institutions should also consider
plans for responding to an information security incident. (I will cover more on this
subject next week.)
COMMENT: If you are using a third-party provider, the provider should be able to furnish
you with security procedures that it uses. You should incorporate these procedures into
your policy. If you have your own server, then your computer personnel should be able to
write your Internet security policy. However you develop your Internet Security Policy, be
sure to have the policy reviewed by an independent party that understands Internet
security.
3) INTERNET COMPLIANCE - Reserve Requirements of Depository Institutions (Regulation D) -
Pursuant to the withdrawal and transfer restrictions imposed on savings deposits
§204.2(d)(2) electronic transfers, electronic withdrawals (paid electronically) or
payments to third parties initiated by a depositor from a personal computer are included
as a type of transfer subject to the six transaction limit imposed on passbook savings and
MMDA accounts
COMMENT: Does your software keep track of passbook and MMDA withdrawals? If not, you will
need to establish internal procedures that will allow you to monitor passbook and MMDA
withdrawals. You will find Regulation D at http://www.fdic.gov/lawsregs/rules/7500-4.html#7500.
|
