Thread Options Tools
#90103 - 06/20/03 01:16 PM Internet Banking-Disclosure of Security Features
Anonymous
Unregistered

We are going to a new internet banking vendor. I believe that the Bank's privacy policy is separate from what I call the disclosure of technical information. Is that correct? Who writes the secuirty features disclosure? The bank or the vendor?
How do I know what is to be detailed in such a disclosure?
Does anyone have a sample Internet Banking Agreement for customers?

Return to Top
General Discussion
#90104 - 06/20/03 03:06 PM Re: Internet Banking-Disclosure of Security Features
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,207
On the Net
I don't know what the content of some of these documents you mention is, so it is hard to answer. I may call something by a different name.

For a sample IB agreement, look at the signup page of other banks. That will give you some ideas on what you want in yours. Just be sure it matches what you actually are doing.

The technical requirements and features are given to you by your vendor, but the agreement between you and your customer is just that. So you are responsible for the agreement with the customer. The vendor is responsible to you.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#90105 - 06/20/03 03:16 PM Re: Internet Banking-Disclosure of Security Features
1111 Offline
Platinum Poster
1111
Joined: Jan 2003
Posts: 580
Andy always posts the best advice:
For a sample IB agreement, look at the signup page of other banks. That will give you some ideas on what you want in yours. Just be sure it matches what you actually are doing.

Don't try to re-invent the wheel - go to the disclosure pages of other banks, especially those that are with the same vendor. Try to look at 2-3 examples and you will probably end up with at least one that looks like they used legal assistance to come up with the words.

By the way, there is no security features disclosure. There is no requirement for such a disclosure. Those elements are incorporated within internal policy/procedures with the general public given a brochure that talks about safety, encrption, firewalls, how a PIN is established, etc but only in generate terms.

Return to Top
#90106 - 06/20/03 03:39 PM Re: Internet Banking-Disclosure of Security Features
JacF Offline

Power Poster
Joined: Nov 2001
Posts: 6,719
PA
Quote:

with the general public given a brochure that talks about safety, encrption, firewalls, how a PIN is established, etc but only in generate terms.



I'd like to emphasize this point. Keep it general, and avoid any mention of specific technologies or devices by name. The last thing you want to do is give a hacker a target that requires no preliminary research.

Return to Top
#90107 - 06/20/03 03:55 PM Re: Internet Banking-Disclosure of Security Features
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,207
On the Net
The security features may mean (I assumed, I know what that does) they meant a browser with 128 bit encryption, etc.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
#90108 - 06/23/03 03:10 PM Re: Internet Banking-Disclosure of Security Features
Ted Dreyer Offline
Diamond Poster
Ted Dreyer
Joined: Apr 2001
Posts: 2,245
The closest thing to a security features disclosure is the part of your GLB privacy notice required by section .6(a)(8) of the privacy regulations regarding your "policies and practices with respect to protecting the confidentiality and security of nonpublic personal information". You don't need a lot of detail (see sample clause A-7). The reference to "federal standards" in the sample clause is to the Information Security Guidelines.

Return to Top
#90109 - 06/23/03 05:11 PM Re: Internet Banking-Disclosure of Security Features
Anonymous
Unregistered

While there isn't an actual "regulation" that mandates this type of disclosure, we wrote a Tech Alert last year about how the FDIC, in an issue of FDIC Consumer News, advised consumers to "Make sure the bank's Web site describes its security procedures."

See the full Tech Alert article that details what FDIC is telling folks and what you need to think about doing in this regard.

Return to Top