Click to return to BOL home page
Banker Store eCard Exchange Vendor Connect Career Connect Learning Connect Bankers Information Network
Home Compliance Lending Operations Security Marketing Technology/eBanking
Top Stories Bankers' Threads BOL Conferences CrimeDex Em@il Education FREE Briefings Record Retention

   

















    Site Map

    Our Sponsors

    Home





Compliance Gurus
Lending Gurus
Operations Gurus
Security Gurus
Marketing Gurus
eBanking Gurus

Print Friendly! Email This Article! Discuss NOW!


When Hacking Triggers an SAR
Answer by Mary Beth Guard, BOL Guru
BIO AND CONTACT INFO

QUESTION: Does the Bank have a responsibility to file a SAR on those individuals who attempt to "hack" into our computer system? If so, what if we do not have much information on them to complete the SAR with?

ANSWER: A recent issue of the SAR Activity Review covered this subject in some detail. We wrote about it in our article, "Tips on Suspicious Activity".

The bottom line is that you are required to file a SAR on a "computer intrusion". Computer intrusion is defined as gaining access to a computer system of a financial institution to:
a. remove, steal, procure or otherwise affect funds of the financial institution or the institution's customers;
b. remove, steal, procure or otherwise affect critical information of the financial institution including customer account information; or
c. damage, disable, disrupt, impair or otherwise affect critical systems of the financial institution.

If your situation doesn't fit this criteria, don't report it on a SAR.

These examples, given by FinCEN, help illustrate scenarios that would trigger the reporting requirement:

The perpetrator may be an insider (e.g., an employee of the financial institution) who has misused or overridden his/her authority to access and manipulate computer-based customer information.

The perpetrator may be an outsider who has somehow hacked his/her way into the financial institution's critical computer system that contains customer data.

The report indicated that apparently institutions are either not reading the instructions closely, when it comes to reporting computer intrusions, or are simply misinterpreting those instructions. Close to half (64 out of 147) of the SARs dealing with computer intrusions should not have been filed! Only 83 of the reports that dealt with computer intrusions actually described activities that were considered "computer intrusions" as the term is defined in the SAR instructions.

Your intrusion detection software should at least provide an IP address for the hacker. You may then be able to use one of the reverse IP lookup sites on the Web to find the owner of that IP address. It may end up being a commercial ISP, with one of its users engaging in the objectionable conduct. Having the IP address can be a valuable tool for investigators.



First published on BankersOnline.com 6/3/02


Home | Compliance | Lending | Operations | Security | Marketing | Technology | eBanking
BOL Archives    Privacy Policy    Important Disclaimer   Recommend This Site !   Contact Us


BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.