Skip to content
BOL Conferences
Thread Options
#753000 - 06/14/07 02:10 PM Warning Banner
DCollins Offline
Platinum Poster
DCollins
Joined: Oct 2001
Posts: 707
Our internal auditors are recommending that we put a warning banner announcing that intruders are accessing a private computer and unauthorized access or use is not permitted and constitutes a crime punishable by law. Do any of you post this notice where your customers sign on to electronic banking? The Auditors are saying that regulatory agencies strongly recommend that this warning banner be included on the web site.

Return to Top
eBanking / Technology
#753215 - 06/14/07 04:23 PM Re: Warning Banner DCollins
califgirl Offline
Diamond Poster
califgirl
Joined: Mar 2002
Posts: 2,355
The O.C., California
No, we don't have a notice like that, and we haven't been cited by any auditor or regulator.

Ask your auditor to point out where this 'recommendation' is documented.
_________________________
I can explain it to you. I can't understand it for you.

Return to Top
#753391 - 06/14/07 05:57 PM Re: Warning Banner califgirl
DCollins Offline
Platinum Poster
DCollins
Joined: Oct 2001
Posts: 707
Did that. They couldn't. The only thing they could say was they saw this comment by the regulators at some of their other banks.

Return to Top
#753505 - 06/14/07 07:02 PM Re: Warning Banner DCollins
Timex Offline
Member
Joined: Dec 2005
Posts: 60
We were told to put it on our internal core database, but the examiners didn't say anything about our electronic banking product. I'm not sure what reg. it came from.

Return to Top
#753712 - 06/14/07 08:55 PM Re: Warning Banner Timex
BurntSienna Offline
Diamond Poster
Joined: Aug 2006
Posts: 2,407
Midwest
Our internal auditors raised this issue as well, but they couched it in "best practice recommnedations" rather than an actual recommendation or citation. A banner implementation is on my list of possible changes to evaluate. I'm curious if/how other banks are handling this issue, also. Anyone have such a banner now, and if so where/when precisely is it displayed? Does it need to be acknowledged upon each login? Is this just implemented as a pop up box with an "ok" button? Anyone willing to share details, I'd be interested to discuss. Thanks.
_________________________
"Gratitude makes sense of our past, brings peace for today, and creates a vision for tomorrow." - Melody Beattie

Return to Top
#753859 - 06/15/07 12:50 PM Re: Warning Banner DCollins
MikeJ Offline
Member
MikeJ
Joined: Nov 2002
Posts: 76
MA
We post a message like right on our login page. I don't think you will find this as a "specific" requirement in any regulation but you will find it in certain whitepapers from organizations such as SANS.
_________________________
Expressions posted here are not necessarily those of my employer(s).

Return to Top
#753918 - 06/15/07 01:55 PM Re: Warning Banner MikeJ
chiefwildcat Offline
Member
chiefwildcat
Joined: Aug 2006
Posts: 53
Employment Bliss
Are we talking about access from the internal network or external (eBanking)?
Internally we have the normal warning message displayed after the CTRL ALT DEL.
Externally we have nothing

Return to Top
#754106 - 06/15/07 04:41 PM Re: Warning Banner chiefwildcat
KrisH Offline
Gold Star
KrisH
Joined: Mar 2003
Posts: 358
Massachusetts
I assume they're talking about a message similar to the one at the bottom of this page (link goes to the Federal Reserve TT&L Login page).

We do not have any sort of warning like that on our website, nor have any auditors or regulators suggested it to us. Yet.
_________________________
My opinions are my own and do not necessarily reflect the opinions of my employer.

Return to Top
#754222 - 06/15/07 06:03 PM Re: Warning Banner MikeJ
A.B. Offline
100 Club
A.B.
Joined: Nov 2005
Posts: 165
KY
The source is probably from 18 USC 1080 which in section a.1.2.a refers to financial institution records.

I have also seen it in the OCCs Comptroller Handbook for Internet Banking 1999, page 27, question 7. And this website actually has this question in their ebanking audit sample.

BurntSienna - our organization uses a Logon Disclaimer Policy that is built in as a GPO. Upon the initial login to our network, the disclaimer will appear. The user must acknowledge the disclaimer by clicking OK. Then it goes to the user login screen. It does not appear anytime thereafter (when CTRL/ALT/DEL is used).

Hope this helps.
_________________________
Opinions/comments are mine and not my employers.

Return to Top
#754270 - 06/15/07 06:26 PM Re: Warning Banner Timex
Lori01 Offline
100 Club
Joined: Jan 2007
Posts: 175
VT
We received the same recommendation.
Here’s what we have on our login screen

By accessing and using this service you agree to and are bound by the terms and conditions that govern your accounts with XYZ Savings Bank. Unauthorized use of, or access to, this service may subject you to criminal prosecutions and penalties.

We also have something on our internal system, but it reads differently.

Return to Top
#754324 - 06/15/07 07:00 PM Re: Warning Banner Lori01
Oviedo Boy Offline
Platinum Poster
Joined: May 2006
Posts: 629
Tennessee
Is this something different than the Terms and Conditions page a new user has to accept prior to accessing their accounts for the first time?
_________________________
Maybe all one can do is hope to end up with the right regrets.

Return to Top
#754553 - 06/15/07 09:06 PM Re: Warning Banner Oviedo Boy
BurntSienna Offline
Diamond Poster
Joined: Aug 2006
Posts: 2,407
Midwest
Thanks much for the input, everyone!
_________________________
"Gratitude makes sense of our past, brings peace for today, and creates a vision for tomorrow." - Melody Beattie

Return to Top
#754966 - 06/18/07 03:16 PM Re: Warning Banner BurntSienna
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,748
On the Net
I have heard of such a disclaimer on the logon, as well as on the startup screen.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top

Moderator:  Andy_Z