Click to return to BOL home page
Banker Store Read A Reg Vendor Connect Career Connect Learning Connect Bankers Information Network
Home Compliance Lending Operations Security Marketing Technology/eBanking
Top Stories Bankers' Threads Background Checks BOL Conferences CrimeDex FREE Briefings Banker Tools

   

















    Site Map

    Our Sponsors

    Home





Compliance Gurus
Lending Gurus
Operations Gurus
Security Gurus
Marketing Gurus
eBanking Gurus

Print Friendly! Email This Article! Discuss NOW!


Corresponding With Customers Via Unencrypted Email
Answer by Clayton Hoskinson, Trent Fleming and Andy Zavoina, BOL Gurus

Question: An issue has come up a couple times in the recent past: Our customers are sending emails directly to our employees, especially our commercial customers.

The emails are not encrypted or password protected and they often contain non-public information - loan requests, updates on rent rolls, financial information on their company.

Our customers want us to communicate in email form. We offer email that is encrypted via our Internet banking product. However, the lenders are telling me that their customers will not go through the inconvenience of logging in to Internet banking to communicate.

Our Privacy Policy does extend beyond the minimum requirements of GLB; we opted to include commercial customers under the privacy blanket. Our E:Banking Policy does not address communication of non public information via email (incoming or outgoing).

Does anyone have a practical solution to this growing concern?

Answer by Clayton Hoskinson:
BIO AND CONTACT INFO

This may sound like a simplistic response but, the client needs to be educated on encryption and the security of their information passing over the Internet in clear text.

If the clients won't use the secure email that you have provided maybe they would consider using an encryption software package like PGP (Pretty Good Privacy).

Answer by Trent Fleming:
BIO AND CONTACT INFO

The problem here is an account management issue. Many brokerages provide e-mail accounts for their employees, and allow them to communicate with customers (non-encrypted) via this e-mail. However, they will not accept orders for purchases, redemptions, transfers, etc. via these e-mail accounts.

Your account officer has to be firm with the business that you will not act on information sent through non-encrypted e-mail delivery. It should be easy to explain to the customer the risk they are taking by not using encrypted e-mails. Be firm, and you will greatly reduce the possibility that you'll be held accountable for a security breach that was entirely caused by a customer.

Answer by Andy Zavoina:
BIO AND CONTACT INFO

I would add to the above that if the customer sends you an encrypted message, you have to be able to decrypt it.

In your educational process, be sure to point this out as they may get their free copy of PGP and send you an urgent message which you may not be able to read for lack of licensed, compatible software.

First published on BankersOnline.com 2/17/03
Home | Compliance | Lending | Operations | Security | Marketing | Technology | eBanking
BOL Archives    Privacy Policy    Important Disclaimer   Recommend This Site !   Contact Us


BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.