Thread Options
|
#53841 - 01/13/03 04:36 PM
Lobby PCs
|
Diamond Poster
Joined: Mar 2002
Posts: 2,280
Far from Calif
|
For those of you that have a PC in your lobby for customers to use...
1. Do you only allow access to your bank website?
2. If you allow access to the internet on it, do you limit what sites the customer can access? (i.e. because of COPPA)
3. What are you using (software or otherwise) to limit that access?
_________________________
The opinions expressed are mine and do not necessarily reflect those of my employer _._._._._._. A.S.A.P. Always Say A Prayer <><
|
Return to Top
|
|
|
|
#53842 - 01/13/03 07:29 PM
Re: Lobby PCs
|
10K Club
Joined: Oct 2000
Posts: 10,203
Toano, VA
|
COPPA? What's the connection?
_________________________
...gone fishing.
|
Return to Top
|
|
|
|
#53843 - 01/13/03 08:03 PM
Re: Lobby PCs
|
10K Club
Joined: Oct 2000
Posts: 27,763
On the Net
|
COPPA would apply to sites a user would visit, not the use of the PC.
If you do this, I'd certainly recommend strong filtering software to prevent the user from going to undesirable sites and from being able to send e-mail.
_________________________
AndyZ CRCM My opinions are not necessarily my employers. R+R-R=R+R Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell
|
Return to Top
|
|
|
|
#53844 - 01/13/03 08:18 PM
Re: Lobby PCs
|
10K Club
Joined: Sep 2002
Posts: 13,965
TN
|
As a funny side note, my former employer had a lobby pc in a supermarket branch. The supermarket was open 24 hours. When I was in there one day performing a branch audit I asked the question about customers being able to view those 'undesirable' websites. I was told that the firewall prevented this. When I looked where customer's had been it showed some of those websites. I went in and tried to delete them and it kept bringing the websites up. The tellers were teasing me and my face was red, but needless to say the computer was removed the next day and never replaced. Security tapes revealed supermarket staff gathered around the computer at 3:00 a.m.!
_________________________
My Opinions Only
|
Return to Top
|
|
|
|
#53846 - 01/14/03 12:35 AM
Re: Lobby PCs
|
Diamond Poster
Joined: Mar 2002
Posts: 2,280
Far from Calif
|
Given that I was not providing the full picture, I should not have even put COPPA reference there...bad mistake on my part. When Internal Audit is doing their regular COPPA reviews of OUR web site, one of the items they have decided to include is to check this lobby PC (since we only have one in one branch - or we did until I took it out) to make sure you cannot access sites that we would not want people to access.
_________________________
The opinions expressed are mine and do not necessarily reflect those of my employer _._._._._._. A.S.A.P. Always Say A Prayer <><
|
Return to Top
|
|
|
|
#53847 - 01/14/03 12:29 PM
Re: Lobby PCs
|
10K Club
Joined: Sep 2002
Posts: 13,965
TN
|
Take heart because it can work. Where I currently work we have to PC's at our Wal-Mart branches for customer use. Sometimes when I'm in there just as a consumer I try to get places I'm not supposed to. I'm stuck strictly to the Bank's website.
_________________________
My Opinions Only
|
Return to Top
|
|
|
|
#53848 - 01/14/03 04:35 PM
Re: Lobby PCs
|
Diamond Poster
Joined: Mar 2002
Posts: 2,280
Far from Calif
|
Thanks Autumn! So, the customers can only access the bank's website? What about the links you make available on your bank website? Can they get to those or are they blocked?
_________________________
The opinions expressed are mine and do not necessarily reflect those of my employer _._._._._._. A.S.A.P. Always Say A Prayer <><
|
Return to Top
|
|
|
|
#53849 - 01/14/03 04:39 PM
Re: Lobby PCs
|
10K Club
Joined: Oct 2000
Posts: 10,203
Toano, VA
|
This is easy to control: don't put any external links on your website, load a local copy of the website on the PC, and don't connect the PC to the 'Net!
_________________________
...gone fishing.
|
Return to Top
|
|
|
|
#53850 - 01/14/03 05:51 PM
Re: Lobby PCs
|
10K Club
Joined: Sep 2002
Posts: 13,965
TN
|
On the Wal-Mart PC's they can't hook up to the links attached. Only the bank website. Sorry but I don't know how it works from the technical standpoint.
_________________________
My Opinions Only
|
Return to Top
|
|
|
|
#53851 - 01/14/03 06:47 PM
Re: Lobby PCs
|
10K Club
Joined: Oct 2000
Posts: 10,203
Toano, VA
|
Sounds like you're saying this PC is a stand-alone with no connection to the Internet.
_________________________
...gone fishing.
|
Return to Top
|
|
|
|
#53852 - 01/14/03 06:59 PM
Re: Lobby PCs
|
10K Club
Joined: Sep 2002
Posts: 13,965
TN
|
It's only connected to our website somehow. We're in an area that I'm not familiar with since I'm not technology minded.
_________________________
My Opinions Only
|
Return to Top
|
|
|
|
#53853 - 01/14/03 07:49 PM
Re: Lobby PCs
|
10K Club
Joined: Oct 2000
Posts: 27,763
On the Net
|
It could be that it is not connected to the Net and your site is loaded on the PC itself, or that it is connected but software is installed preventing it from going to any other site.
In any case, allowing access obviously has its drawbacks. I wouldn't recommend this myself, unless it was part of the cost justification for me to replace my PC and to put this ol' thing out to pasture in the lobby while I get a souped up Don Narup special.
_________________________
AndyZ CRCM My opinions are not necessarily my employers. R+R-R=R+R Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell
|
Return to Top
|
|
|
|
#53855 - 01/14/03 08:10 PM
Re: Lobby PCs
|
10K Club
Joined: Oct 2000
Posts: 27,763
On the Net
|
There can be a whole host of risks associated with this. When the iPODs were first released by Apple, they were for listening to MP3 music. But it didn't take long for owners to figure out this was a hard drive. They could go into any store, plug their little iPOD into a Firewire port on the computer and copy all the programs and documents available.
My point is, you have to know what you have and what it is capable of. If a user could connect to your mainframe somehow with this, or to the Net, a LOT could be done that you wouldn't allow, had you known about it. And some talented 16 year old kid is going to try everything he can while he's waiting for mom to get out of that line.
Putting it there, completely scrubbed of all other files, it would be fine to have your Web site and Internet Banking demo available. Connectivity requires caution. Your IT folks should set this up under strict rules. If someone wants different, they need to be aware of the risks so they can make the proper decision.
_________________________
AndyZ CRCM My opinions are not necessarily my employers. R+R-R=R+R Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell
|
Return to Top
|
|
|
|
#53856 - 01/15/03 06:02 PM
Re: Lobby PCs
|
Anonymous
Unregistered
|
What kind of rules should we have, Andy? I just went down to our lobby and looked at our PC's we have there. What should I warn our management and IT people about? Management wants live internet access on these PC's so customers can sit down and access online banking, which many do to check balances, do their own transfers, etc. But I see that websites like hotmail and yahoo have been accessed recently on these machines!
|
Return to Top
|
|
|
|
#53857 - 01/15/03 08:13 PM
Re: Lobby PCs
|
10K Club
Joined: Oct 2000
Posts: 27,763
On the Net
|
They should be able to restrict access to only the sites you allow. I can't tell what software is best for this. Your IT folks should be able to decide this, or at least present you with options.
Do you want someone going to Playboy.com and leaving the screen up for Grandma to see next? Do you want someone to be able to log in and send e-mail from your PC threatening the life of the President? Do you want someone to download some child pornography to that PC? These are extreme scenarios, but unrestricted they could happen. And in some cases, you'd have law enforcement requesting your security tapes and taking your PC out the door for forensics to examine it. I'd also bet the local news crew would have footage on the nightly news.
_________________________
AndyZ CRCM My opinions are not necessarily my employers. R+R-R=R+R Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell
|
Return to Top
|
|
|
|
#53858 - 01/15/03 09:53 PM
Re: Lobby PCs
|
Power Poster
Joined: Mar 2001
Posts: 5,063
Pennsylvania
|
I would also be concerned about customers accessing their online banking from a public PC, I know I would not do it. I would be concerned with them not logging off and someone coming after them before the session timed out and accessing their information. Also, someone could be "shoulder surfing" in the lobby and easily nab their username and password. Those scenarios as well as those nightmare situations that Andy talked about are enough for me to not want a public PC connected to the net in our lobby!
_________________________
Knowledge is knowing what to say. Wisdom is knowing when to say it.
|
Return to Top
|
|
|
|
#53859 - 01/16/03 02:40 AM
Re: Lobby PCs
|
10K Club
Joined: Oct 2000
Posts: 27,763
On the Net
|
Excellent point. I think the PC could be positioned such that shoulder surfing could be mitigated, but I could see someone not logging off of their account. Heck, lots of people leave their ATM cards in the slots.
And if a transaction happens they claim was fraudulent, who do you think they'd blame??? You betcha.
_________________________
AndyZ CRCM My opinions are not necessarily my employers. R+R-R=R+R Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell
|
Return to Top
|
|
|
|
#53860 - 01/16/03 02:55 AM
Re: Lobby PCs
|
Power Poster
Joined: Mar 2001
Posts: 5,063
Pennsylvania
|
The ATM card left in the machine is exactly what I was thinking when I responded to this thread. We just installed some new ATM machines that you can not leave your card in, they are like a swipe and go type thing, and the only customer comments are complaints because they have to swipe for each transaction!
_________________________
Knowledge is knowing what to say. Wisdom is knowing when to say it.
|
Return to Top
|
|
|
|
#53861 - 01/16/03 01:14 PM
Re: Lobby PCs
|
10K Club
Joined: Oct 2000
Posts: 40,086
Cape Cod
|
Whatever you do, don't succumb to customer pressure to change the one transaction per swipe procedure. If you do, you'll get hit with the customer who finished the transaction and walked away without answering "No" to the "Do You Wanna Play Some More?" question. And the next guy in line will have a field day.
_________________________
John S. Burnett BankersOnline.com Fighting for Compliance since 1976 Bankers' Threads User #8
|
Return to Top
|
|
|
|
|
|