Western Independent Banker - January/February 2008 - (Page 14)

Managing Internet Banking Risks Institutions that outsource Web site hosting and/or transactional services must be diligent in monitoring their service providers. Institutions should require their service providers to perform annual SAS70 Level II audits and/or comparable security audits. Institutions should also ensure that their service providers perform independent vulnerability testing at least quarterly. To further ensure that your service providers’ controls are effectively protecting your Institution’s Web site and/or customer information, your Institution may also perform periodic vulnerability scans of your Web site. Internet Risks Internet scams, trojans, key stroke loggers and fake Web sites that attempt to glean sensitive information from your customers are serious threats for all consumers, not just those using online banking services. It’s very important that Institutions familiarize themselves with these issues so that they can develop effective controls to help mitigate the impact of these on-going threats. Such controls may include: • Enhanced or strong authentication methodologies • Masking online account numbers • Web site verification • Incident response plans • Educational programs designed to inform customers about Internet security Even with these potential Internet security risks, online banking can help protect your customers by allowing them to more closely monitor their accounts and assist in the early identification of unusual or unauthorized transactions. Compliance Risks Internet banking is still an area where the laws and regulations are evolving. Regulators have issued and proposed several new consumer regulations and interpretations that include guidance for compliance on the Internet. However, several issues remain unclear. The general rule of thumb is that www.wib.org Western Independent Banker FINANCIAL INSTITUTIONS OFFERING a Web site or Internet-based services need to be aware of the various risks and regulations that may apply to these services. The risks and particular regulations that apply may vary depending on the types of services offered. If your institution’s Web site is designed for informational purposes only and you do not offer any transactional capabilities, you will still need to be aware of the consumer compliance and advertising regulations that may apply to the products and services advertised on your Web site. Security of your Web site is also a very important consideration. Security measures should protect the Web site from defacement and malicious code. Institutions offering “transactional” Web sites will need to consider additional security measures to help ensure the authenticity and integrity of transactions initiated over the Internet. Security controls are necessary to protect confidential customer information from unauthorized access. Strong multi-level authentication 14 processes will be necessary to help verify the identity of end-users. For transactional Web sites, additional security measures, including access controls, encryption, firewalls, intrusion prevention systems and other application and network perimeter controls, will be necessary to protect sensitive customer information while in transit and while in storage. Financial institutions also need to be familiar with consumer regulations, such as Reg E, Reg DD, the various privacy, anti-money laundering, and anti-terrorism regulations that may also apply to the services offered. The availability of online services and business continuity planning are also important considerations for transactional Web sites. As customer adoption grows so will their expectations for availability and reliability of online services. The growing threats posed by hackers, viruses, and spammers are significant challenges for system administrators and network security personnel, thus for many community banks outsourcing is a viable option for managing these risks. http://www.wib.org

Table of Contents for the Digital Edition of Western Independent Banker - January/February 2008

Western Independent Banker - January/February 2008
Contents
A Message from the President
Compliance Administration
Four Realities of Data Security Policy, Enforcement
Managing Internet Banking Risks
Understanding Data Breach Notification Laws
The Effect of Business Continuity Management on Compliance Programs
Bridging the GAAP
Top 10 Compliance Fitness Steps for De Novo Banks
Common OFAC Errors and How to Avoid Them
The Intersection of Equal Credit Opportunity and Sub-Prime Loans
Location-Based Tax Credits for Banks
Protect Your Bank and Your Customers
WIB Calendar
Welcome New Members
Index to Advertisers
Advertisers

Western Independent Banker - January/February 2008

http://www.nxtbook.com/naylor/WIBS/WIBS0413
http://www.nxtbook.com/naylor/WIBS/WIBS0313
http://www.nxtbook.com/nxtbooks/naylor/WIBS0213
http://www.nxtbook.com/nxtbooks/naylor/WIBS0113
http://www.nxtbook.com/nxtbooks/naylor/WIBS0612
http://www.nxtbook.com/nxtbooks/naylor/WIBS0512
http://www.nxtbook.com/nxtbooks/naylor/WIBS0412
http://www.nxtbook.com/nxtbooks/naylor/WIBS0312
http://www.nxtbook.com/nxtbooks/naylor/WIBS0212
http://www.nxtbook.com/nxtbooks/naylor/WIBS0112
http://www.nxtbook.com/nxtbooks/naylor/WIBS0611
http://www.nxtbook.com/nxtbooks/naylor/WIBS0511
http://www.nxtbook.com/nxtbooks/naylor/WIBS0411
http://www.nxtbook.com/nxtbooks/naylor/WIBS0311
http://www.nxtbook.com/nxtbooks/naylor/WIBS0211
http://www.nxtbook.com/nxtbooks/naylor/WIBS0111
http://www.nxtbook.com/nxtbooks/naylor/WIBS2011MediaKit
http://www.nxtbook.com/nxtbooks/naylor/WIBS0610
http://www.nxtbook.com/nxtbooks/naylor/WIBS0510
http://www.nxtbook.com/nxtbooks/naylor/WIBS0410
http://www.nxtbook.com/nxtbooks/naylor/WIBS0310
http://www.nxtbook.com/nxtbooks/naylor/WIBS0210
http://www.nxtbook.com/nxtbooks/naylor/WIBS0110
http://www.nxtbook.com/nxtbooks/naylor/WIBS0609
http://www.nxtbook.com/nxtbooks/naylor/WIBS0509
http://www.nxtbook.com/nxtbooks/naylor/WIBS0409
http://www.nxtbook.com/nxtbooks/naylor/WIBS0309
http://www.nxtbook.com/nxtbooks/naylor/WIBS0209
http://www.nxtbook.com/nxtbooks/naylor/WIBS0109
http://www.nxtbook.com/nxtbooks/naylor/WIBS0608
http://www.nxtbook.com/nxtbooks/naylor/WIBS0508
http://www.nxtbook.com/nxtbooks/naylor/WIBS0408
http://www.nxtbook.com/nxtbooks/naylor/WIBS0308
http://www.nxtbook.com/nxtbooks/naylor/WIBS0208
http://www.nxtbook.com/nxtbooks/naylor/WIBS0108
http://www.nxtbookMEDIA.com