Skip to content
BOL Conferences
Thread Options
#53841 - 01/13/03 04:36 PM Lobby PCs
CalifDreamin Offline
Diamond Poster
CalifDreamin
Joined: Mar 2002
Posts: 2,262
Far from Calif
For those of you that have a PC in your lobby for customers to use...

1. Do you only allow access to your bank website?

2. If you allow access to the internet on it, do you limit what sites the customer can access? (i.e. because of COPPA)

3. What are you using (software or otherwise) to limit that access?
_________________________
The opinions expressed are mine and do not necessarily reflect those of my employer
_._._._._._.
A.S.A.P.
Always
Say
A
Prayer
<><

Return to Top
eBanking / Technology
#53842 - 01/13/03 07:29 PM Re: Lobby PCs
Richard Insley Offline
10K Club
Richard Insley
Joined: Oct 2000
Posts: 10,179
Toano, VA
COPPA? What's the connection?
_________________________
...gone fishing.

Return to Top
#53843 - 01/13/03 08:03 PM Re: Lobby PCs
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,748
On the Net
COPPA would apply to sites a user would visit, not the use of the PC.

If you do this, I'd certainly recommend strong filtering software to prevent the user from going to undesirable sites and from being able to send e-mail.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#53844 - 01/13/03 08:18 PM Re: Lobby PCs
Skittles Online
10K Club
Skittles
Joined: Sep 2002
Posts: 13,965
TN
As a funny side note, my former employer had a lobby pc in a supermarket branch. The supermarket was open 24 hours. When I was in there one day performing a branch audit I asked the question about customers being able to view those 'undesirable' websites. I was told that the firewall prevented this. When I looked where customer's had been it showed some of those websites. I went in and tried to delete them and it kept bringing the websites up. The tellers were teasing me and my face was red, but needless to say the computer was removed the next day and never replaced. Security tapes revealed supermarket staff gathered around the computer at 3:00 a.m.!
_________________________
My Opinions Only

Return to Top
#53845 - 01/13/03 11:24 PM Re: Lobby PCs
CalifDreamin Offline
Diamond Poster
CalifDreamin
Joined: Mar 2002
Posts: 2,262
Far from Calif
Yes, I got pretty red myself when I had this come up and, I, too had to remove the PC from one of our branches. A few weeks ago, IT assured me the issue had been fixed and had me come down to test while they all stood behind me excited at the firewalls they had set up...we were all amazed when within about 2 minutes I was in places I really didn't want to be especially in front of a group of men!
_________________________
The opinions expressed are mine and do not necessarily reflect those of my employer
_._._._._._.
A.S.A.P.
Always
Say
A
Prayer
<><

Return to Top
#53846 - 01/14/03 12:35 AM Re: Lobby PCs
CalifDreamin Offline
Diamond Poster
CalifDreamin
Joined: Mar 2002
Posts: 2,262
Far from Calif
Given that I was not providing the full picture, I should not have even put COPPA reference there...bad mistake on my part. When Internal Audit is doing their regular COPPA reviews of OUR web site, one of the items they have decided to include is to check this lobby PC (since we only have one in one branch - or we did until I took it out) to make sure you cannot access sites that we would not want people to access.
_________________________
The opinions expressed are mine and do not necessarily reflect those of my employer
_._._._._._.
A.S.A.P.
Always
Say
A
Prayer
<><

Return to Top
#53847 - 01/14/03 12:29 PM Re: Lobby PCs
Skittles Online
10K Club
Skittles
Joined: Sep 2002
Posts: 13,965
TN
Take heart because it can work. Where I currently work we have to PC's at our Wal-Mart branches for customer use. Sometimes when I'm in there just as a consumer I try to get places I'm not supposed to. I'm stuck strictly to the Bank's website.
_________________________
My Opinions Only

Return to Top
#53848 - 01/14/03 04:35 PM Re: Lobby PCs
CalifDreamin Offline
Diamond Poster
CalifDreamin
Joined: Mar 2002
Posts: 2,262
Far from Calif
Thanks Autumn! So, the customers can only access the bank's website? What about the links you make available on your bank website? Can they get to those or are they blocked?
_________________________
The opinions expressed are mine and do not necessarily reflect those of my employer
_._._._._._.
A.S.A.P.
Always
Say
A
Prayer
<><

Return to Top
#53849 - 01/14/03 04:39 PM Re: Lobby PCs
Richard Insley Offline
10K Club
Richard Insley
Joined: Oct 2000
Posts: 10,179
Toano, VA
This is easy to control: don't put any external links on your website, load a local copy of the website on the PC, and don't connect the PC to the 'Net!
_________________________
...gone fishing.

Return to Top
#53850 - 01/14/03 05:51 PM Re: Lobby PCs
Skittles Online
10K Club
Skittles
Joined: Sep 2002
Posts: 13,965
TN
On the Wal-Mart PC's they can't hook up to the links attached. Only the bank website. Sorry but I don't know how it works from the technical standpoint.
_________________________
My Opinions Only

Return to Top
#53851 - 01/14/03 06:47 PM Re: Lobby PCs
Richard Insley Offline
10K Club
Richard Insley
Joined: Oct 2000
Posts: 10,179
Toano, VA
Sounds like you're saying this PC is a stand-alone with no connection to the Internet.
_________________________
...gone fishing.

Return to Top
#53852 - 01/14/03 06:59 PM Re: Lobby PCs
Skittles Online
10K Club
Skittles
Joined: Sep 2002
Posts: 13,965
TN
It's only connected to our website somehow. We're in an area that I'm not familiar with since I'm not technology minded.
_________________________
My Opinions Only

Return to Top
#53853 - 01/14/03 07:49 PM Re: Lobby PCs
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,748
On the Net
It could be that it is not connected to the Net and your site is loaded on the PC itself, or that it is connected but software is installed preventing it from going to any other site.

In any case, allowing access obviously has its drawbacks. I wouldn't recommend this myself, unless it was part of the cost justification for me to replace my PC and to put this ol' thing out to pasture in the lobby while I get a souped up Don Narup special.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#53854 - 01/14/03 07:53 PM Re: Lobby PCs
CalifDreamin Offline
Diamond Poster
CalifDreamin
Joined: Mar 2002
Posts: 2,262
Far from Calif
I think the whole purpose for putting it there was because they thought it was a neat idea at the time - "Wouldn't it be cool if our customers had internet access in our lobby?" I wasn't here at the time, so I can't say for sure. But, I know the branch was not thrilled when I pulled the plug nor were they happy when I said they should only have access to our bank website and nothing else - no links or anything. I am tyring to find a way to be a "nice" compliance officer and meet them halfway but not have it be risky for the bank.
_________________________
The opinions expressed are mine and do not necessarily reflect those of my employer
_._._._._._.
A.S.A.P.
Always
Say
A
Prayer
<><

Return to Top
#53855 - 01/14/03 08:10 PM Re: Lobby PCs
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,748
On the Net
There can be a whole host of risks associated with this. When the iPODs were first released by Apple, they were for listening to MP3 music. But it didn't take long for owners to figure out this was a hard drive. They could go into any store, plug their little iPOD into a Firewire port on the computer and copy all the programs and documents available.

My point is, you have to know what you have and what it is capable of. If a user could connect to your mainframe somehow with this, or to the Net, a LOT could be done that you wouldn't allow, had you known about it. And some talented 16 year old kid is going to try everything he can while he's waiting for mom to get out of that line.

Putting it there, completely scrubbed of all other files, it would be fine to have your Web site and Internet Banking demo available. Connectivity requires caution. Your IT folks should set this up under strict rules. If someone wants different, they need to be aware of the risks so they can make the proper decision.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#53856 - 01/15/03 06:02 PM Re: Lobby PCs
Anonymous
Unregistered

What kind of rules should we have, Andy? I just went down to our lobby and looked at our PC's we have there. What should I warn our management and IT people about? Management wants live internet access on these PC's so customers can sit down and access online banking, which many do to check balances, do their own transfers, etc. But I see that websites like hotmail and yahoo have been accessed recently on these machines!

Return to Top
#53857 - 01/15/03 08:13 PM Re: Lobby PCs
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,748
On the Net
They should be able to restrict access to only the sites you allow. I can't tell what software is best for this. Your IT folks should be able to decide this, or at least present you with options.

Do you want someone going to Playboy.com and leaving the screen up for Grandma to see next? Do you want someone to be able to log in and send e-mail from your PC threatening the life of the President? Do you want someone to download some child pornography to that PC? These are extreme scenarios, but unrestricted they could happen. And in some cases, you'd have law enforcement requesting your security tapes and taking your PC out the door for forensics to examine it. I'd also bet the local news crew would have footage on the nightly news.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#53858 - 01/15/03 09:53 PM Re: Lobby PCs
thomasj Offline
Power Poster
Joined: Mar 2001
Posts: 5,063
Pennsylvania
I would also be concerned about customers accessing their online banking from a public PC, I know I would not do it. I would be concerned with them not logging off and someone coming after them before the session timed out and accessing their information. Also, someone could be "shoulder surfing" in the lobby and easily nab their username and password. Those scenarios as well as those nightmare situations that Andy talked about are enough for me to not want a public PC connected to the net in our lobby!
_________________________
Knowledge is knowing what to say. Wisdom is knowing when to say it.

Return to Top
#53859 - 01/16/03 02:40 AM Re: Lobby PCs
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,748
On the Net
Excellent point. I think the PC could be positioned such that shoulder surfing could be mitigated, but I could see someone not logging off of their account. Heck, lots of people leave their ATM cards in the slots.

And if a transaction happens they claim was fraudulent, who do you think they'd blame??? You betcha.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#53860 - 01/16/03 02:55 AM Re: Lobby PCs
thomasj Offline
Power Poster
Joined: Mar 2001
Posts: 5,063
Pennsylvania
The ATM card left in the machine is exactly what I was thinking when I responded to this thread. We just installed some new ATM machines that you can not leave your card in, they are like a swipe and go type thing, and the only customer comments are complaints because they have to swipe for each transaction!
_________________________
Knowledge is knowing what to say. Wisdom is knowing when to say it.

Return to Top
#53861 - 01/16/03 01:14 PM Re: Lobby PCs
John Burnett Offline
10K Club
John Burnett
Joined: Oct 2000
Posts: 40,086
Cape Cod
Whatever you do, don't succumb to customer pressure to change the one transaction per swipe procedure. If you do, you'll get hit with the customer who finished the transaction and walked away without answering "No" to the "Do You Wanna Play Some More?" question. And the next guy in line will have a field day.
_________________________
John S. Burnett
BankersOnline.com
Fighting for Compliance since 1976
Bankers' Threads User #8

Return to Top

Moderator:  Andy_Z