Skip to content
BOL Conferences
Page 2 of 3 1 2 3
Thread Options
#1619414 - 10/25/11 01:36 AM Re: FFIEC Authentication Guidance Double U
Renee L. Offline
New Poster
Renee L.
Joined: Aug 2009
Posts: 19
Double U, I would love to have a copy, if you'd care to share. Just don't know exactly where to start. (And by the way, Go CATS! Love your avatar.)
Last edited by Renee L.; 10/25/11 01:40 AM.
Return to Top
eBanking / Technology
#1624767 - 11/04/11 07:34 PM Re: FFIEC Authentication Guidance Renee L.
New Manager Offline
100 Club
Joined: Jan 2004
Posts: 136
Does anyone have a risk assessment template they would be willing to share? I am having a difficult time finding something. I'd rather not go the route of a narrative, but will if necessary. Thanks.

Return to Top
#1625016 - 11/07/11 03:35 PM Re: FFIEC Authentication Guidance New Manager
mattm Offline
New Poster
Joined: Nov 2011
Posts: 5
Does anyone have a risk assessment and customer education letter template you would be willing to share?

THanks!!

Return to Top
#1625180 - 11/07/11 06:51 PM Re: FFIEC Authentication Guidance mattm
Beachbum, CRCM Offline
Gold Star
Joined: Dec 2006
Posts: 499
Knee Deep in Regs
echoing mfbmatt's request for a customer education letter template to use as a starting point. smile
_________________________
What we think, we become.
Buddha

Return to Top
#1626271 - 11/09/11 02:52 PM Re: FFIEC Authentication Guidance Beachbum, CRCM
Cornfed Turtle Offline
Diamond Poster
Joined: Mar 2006
Posts: 1,323
"...Somewhere in Middle Americ...
What are your plans for the customer education piece? A competitor of ours says they are contracting with a vendor to deliver a newsletter periodically. I don't have any more details. Are you mailing? Posting on website? Taking the newsletter approach?

Return to Top
#1629889 - 11/17/11 07:51 PM Re: FFIEC Authentication Guidance Cornfed Turtle
EmilyAnn Offline
Gold Star
Joined: Jul 2007
Posts: 273
The San Francisco FRB webinar "Responding to the Cyber Threat: Interagency Supplement to Authentication in an Internet Banking Environment" conducted today (11/17/11) is worth listening to.

http://www.frbsf.org/banking/events/

Return to Top
#1630002 - 11/17/11 10:10 PM Re: FFIEC Authentication Guidance EmilyAnn
AnnR Offline
New Poster
Joined: Jun 2011
Posts: 7
Winfield, KS
I also am looking for a risk assessment template from anyone willing to share. Thank you!

Return to Top
#1631677 - 11/22/11 09:35 PM Re: FFIEC Authentication Guidance AnnR
complylady Offline
Platinum Poster
complylady
Joined: Jul 2002
Posts: 614
Michigan
Bumping this back to the top. Has anyone created an Internet Banking Authentification notification form/letter for customers yet? And what are you putting on your bank website for customer information? Thanks.

Return to Top
#1631708 - 11/22/11 10:02 PM Re: FFIEC Authentication Guidance complylady
Matt_B Offline
Diamond Poster
Matt_B
Joined: Sep 2011
Posts: 1,648
A CU, Where Regs Don't Apply
I'm having trouble finding anything specific on this one way or another. Does it state anywhere when it is required to send out the customer education piece?
We have a basic idea of what we want to say, and can put it on the back of one of our monthly newsletters, but January's is already occupied with privacy info and we'd rather not have a second sheet, so they'd like to wait until February to send this out if possible. Any ideas?
_________________________
Someone's about to get horned!

Return to Top
#1634126 - 12/01/11 03:47 PM Re: FFIEC Authentication Guidance Matt_B
WHAT ?!?! Offline
Member
WHAT ?!?!
Joined: Dec 2006
Posts: 67
I was curious to know how many banks have completed this or is everyone still figuring out what additional controls they are going to use and how to communicate all of this information to their customers.

Return to Top
#1634219 - 12/01/11 05:16 PM Re: FFIEC Authentication Guidance WHAT ?!?!
califgirl Offline
Diamond Poster
califgirl
Joined: Mar 2002
Posts: 2,355
The O.C., California
In relation to customer education, this site was recommended on another banking board. I'm thinking of linking it from our bank website.
http://onguardonline.gov/
_________________________
I can explain it to you. I can't understand it for you.

Return to Top
#1634340 - 12/01/11 07:16 PM Re: FFIEC Authentication Guidance califgirl
'Lil Freak! Offline
10K Club
'Lil Freak!
Joined: Sep 2005
Posts: 10,596
The psych ward
We're doing the same as califgirl.
_________________________
No, I didn't lose my mind. It got scared and ran away.

Return to Top
#1634880 - 12/02/11 07:07 PM Re: FFIEC Authentication Guidance 'Lil Freak!
banker1975 Offline
New Poster
Joined: Nov 2011
Posts: 5
Will FDIC approve this as "customer education" if the link is the only thing that is provided?

Return to Top
#1635635 - 12/06/11 12:34 AM Re: FFIEC Authentication Guidance banker1975
mmumm Offline
100 Club
Joined: Jul 2008
Posts: 163
Santa Cruz, California
We are looking into brochures by Bankstuffers, ABA and the FDIC also has a short video which they encourage to post on our website.

However, I think we'll need to supplement with a notice of our own, as the brochures dont contain bank-specific info about the Reg E protections provided, under what circumstances we would contact our customers to request their e-banking credentials, or a list of the bank's contacts for reporting info-security related events...

Return to Top
#1639363 - 12/15/11 03:17 PM Re: FFIEC Authentication Guidance EmilyAnn
QCL Offline
Power Poster
QCL
Joined: May 2002
Posts: 6,259
NW IL
Originally Posted By: EmilyAnn
The San Francisco FRB webinar "Responding to the Cyber Threat: Interagency Supplement to Authentication in an Internet Banking Environment" conducted today (11/17/11) is worth listening to.

http://www.frbsf.org/banking/events/


Did anyone else listen to this?

If you have not listened to it - a word of warning - there are 2 clowns from the Fed in the background that are whispering the entire hour.

Return to Top
#1641099 - 12/20/11 05:44 PM Re: FFIEC Authentication Guidance AFaquir
Tigg Offline
Power Poster
Tigg
Joined: Jan 2008
Posts: 6,389
Looking for My Happy Place....
The consumer education piece seems to be fairly easy to fulfill with free brochures, educational materials available at the FTC and the onlineonguard.gov websites.

Can anyone share how they are planning to educate their commercial customers and where you are finding any resources? Everything I've seen is geared toward consumers and kids.

Thanks.
_________________________
What would you do if you knew you could not fail? ~ Dr. R Schuller

My opinion only.

Return to Top
#1641932 - 12/21/11 07:15 PM Re: FFIEC Authentication Guidance AFaquir
LA LA Offline
Junior Member
Joined: Nov 2008
Posts: 38
I agree Tigg. I am having a hard time coming up with something for business customers.

I found where there's been a referral to this site where businesses can find cyber security resources at http://www.us-cert.gov/. However, I can't seem to find any literature for distribution.

If someone has something, please let me know. Thanks.

Return to Top
#1642328 - 12/22/11 04:07 PM Re: FFIEC Authentication Guidance AFaquir
BSARocksagain Offline
Member
BSARocksagain
Joined: May 2010
Posts: 67
Maryland
Did anyone write a low-tech controls memo to bridge over until automated controls are in place or did you incorporate this into your Information Security Policy?

Return to Top
#1643526 - 12/27/11 09:41 PM Re: FFIEC Authentication Guidance BSARocksagain
sammylou Offline
100 Club
Joined: May 2001
Posts: 186
the tundra
We found a pretty good article that we intend to start with from a business education perspective. We will provide it to all existing business online banking customers and then new ones at the point of registration.

http://www.fsisac.com/files/public/db/p265.pdf

Seems very comprehensive and written in language most can understand.
_________________________
The views expressed are not necessarily those of my employer.

Return to Top
#1645094 - 12/30/11 10:23 PM Re: FFIEC Authentication Guidance AFaquir
Compl101TX Offline
Gold Star
Compl101TX
Joined: Aug 2010
Posts: 378
W. TX
How can we comply with this part of the guidance on customer education?

-An explanation of protections provided, and not provided, to account holders relative to electronic funds transfers under Regulation E, and a related explanation of the applicability of Regulation E to the types of accounts with Internet access.

Any suggestion will be greatly appreciated!
_________________________
My opinion only.
AVP-Compliance

Return to Top
#1646488 - 01/05/12 04:28 PM Re: FFIEC Authentication Guidance Double U
JamesH Offline
Member
Joined: Jun 2008
Posts: 52
Would you be willing to share the risk assessment with me too. I'm having trouble developing ours too.

James

Return to Top
#1646538 - 01/05/12 05:18 PM Re: FFIEC Authentication Guidance Compl101TX
VMack Offline
Platinum Poster
Joined: Jun 2001
Posts: 846
Texas
Originally Posted By: E F B
How can we comply with this part of the guidance on customer education?

-An explanation of protections provided, and not provided, to account holders relative to electronic funds transfers under Regulation E, and a related explanation of the applicability of Regulation E to the types of accounts with Internet access.

Any suggestion will be greatly appreciated!


I am at a loss as to how to incorporate language to meet this requirement into our customer education material. I know that the intent is to let our commercial customers know that "hey, Reg. E protections will not apply!" Has anyone had any thoughts about what this will look like in print? Thanks.
_________________________
VMACK
CRCM

“The wise know their limitations; the foolish do not.”
Benjamin Hoff, The Tao of Pooh

Return to Top
#1656256 - 01/26/12 02:47 PM Re: FFIEC Authentication Guidance califgirl
Midnight Offline
Member
Midnight
Joined: Jun 2008
Posts: 69
Upper Mid West
Looks like onguardonline.gov has been hacked... See news link below.

http://www.pcadvisor.co.uk/news/security/3332466/us-government-online-security-website-hacked/

Return to Top
#1658437 - 01/31/12 05:48 PM Re: FFIEC Authentication Guidance ndbanker
VMdude Offline
New Poster
Joined: Mar 2009
Posts: 7
I have just been told by an assoicate that Gladiator Technologies offers a 15 minute training video that can be customized with the bank's logo that addresses all the areas of constomer awareness. Some banks are using making the video mandatory for all new buisness banking clients that have ACH and wire TRF capability. Apparently there is a dashboard that provides execellent reporting for examiners. It might be worth a look.
_________________________
"Only a dead fish goes with the flow."

Return to Top
#1664521 - 02/13/12 11:58 PM Re: FFIEC Authentication Guidance AFaquir
dg Offline
Platinum Poster
Joined: Jan 2005
Posts: 811
Pacific NW
Has anyone added any of this guidance or referred to it, into their BSA Policy or Program?

Return to Top
Page 2 of 3 1 2 3

Moderator:  Andy_Z