07/15/2002
What is the rule for a bank web site to list currency rates? Should there be a disclaimer added on the page or can it be contained in a privacy statement elsewhere on the site?
07/01/2002
I have been hearing from some fellow bankers that their examiners are stating that it is required as part of BSA for the bank to perform due diligence on their service providers as it relates to hacking instances. In particular they are requiring clauses in their third party contracts which require notification to the bank within a certain number of hours on all hacker attempts. This sounds like a good idea and sounds more like a Privacy issue, but I can't find in BSA where this is required.
05/06/2002
We currently offer internet banking to include the ability of transfering between accounts. We have received many requests to allow for transfers between business and personal accounts via internet banking. What potential risks are we taking to allow these interactions?
05/06/2002
The bank is uploading all of each day's new deposit statements to our ebanking vendor, including both statements for customers enrolled in Internet Banking and statements for those not enrolled in Internet Banking. For those who have enrolled in Internet Banking, we do have the permissible purpose of providing them access to their account statements; the ebanking vendor is providing this third-party service on the bank's behalf. However, for those customers who have not enrolled in Internet Banking, do we have a permissible purpose since the ebanking vendor is not providing a third-party service for these customers on the bank's behalf? [We do not offer an opt-out option.]
05/06/2002
We are considering creating a position to manage information security and possibly business recovery. I'm looking for some guidance on what the level of this position should be, and who it would report to. Should it report to IT? Should it be independent? Should it be a senior level position?
04/01/2002
Where's a good source for obtaining the basic knowledge needed for a novice to conduct an audit for the areas electronic banking and Internet banking?
02/11/2002
We are nervous about the method we are currently using to authenticate our online customers. We require the customer to put in their user name and a four letter password. Do you think this is sufficient?
02/04/2002
What are the information security needs of a bank?Which laws/guidelines deal with information security needs of the bank?What are the steps involved in designing a security policy for a bank?
02/01/2002
"Cash 'til Payday" loans, operated in 40 states, have grown from about $3 million in 1995 to $400 million in 2001. Interest on the loans runs 15% to 20% over two weeks.
01/07/2002
We all understand the positive impact to our bottom line if more of our customers conduct transactions over the Internet. What must we do to make the Internet more secure and make consumers more comfortable conducting financial transactions and services on the Internet?