This document summarizes the key issues and challenges regarding wireless banking. It discusses how banks are offering wireless account access via cell phones and PDAs. It outlines security risks like transmission encryption and access codes stored on devices. It also covers strategic risks around implementing emerging strategies, transaction risks, reputation risks if networks are unreliable, and compliance issues regarding disclosures and privacy. Industry best practices around security, testing, and information sharing are recommended.
2. Wireless Banking April 1, 2003 Clifford A. Wilke Director of Bank Technology Office of the Comptroller of the Currency Washington, DC
3.
4.
5.
6.
7.
8. Reported Data Security Incidents Source: CERT/CC -- statistics are not limited to the banking industory and include all reported incidents
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
Editor's Notes
This presentation focuses on Internet Banking as an extension of a bank’s delivery network for traditional consumer, retail and wholesale/commercial services. This is a baseline presentation designed for banker outreach activities to overview Internet banking trends, highlight key Risk Management practices banks should consider and raise awareness on OCC Internet banking supervisory activities. Due to the rapid evolution of Internet and Electronic banking, the audience may ask specific technical questions that are beyond the scope of this presentation and may require a greater degree of technical expertise to answer. Note: This presentation was last updated May 15, 2000.
This slide should be your Presentation Title Slide, the first slide of your presentation. It should also be the last slide of your presentation. To insert a Title, double click on the “Insert Title” box in the template. Highlight the words “Insert Title” by clicking at the beginning of the box and dragging your mouse across the words. With the words highlighted, type in your title. The format allows two lines for a primary title and one for a subtitle. If you only need one title line, delete the top “Insert Title (If Applicable)” box. Also, if you do not use the subtitle box, delete it. Communication Tips: Giving text the right look can have an impact on the appearance of the presentation. Using too many fonts on the same slide looks unprofessional. Choose a font that is easy to read and projects well. Use bold type for titles and medium for subtitles. Design Notes: The “Full OCC Presentation Signature” (Broken Doughnut, Comptroller…, Administrator…, and Column) appears only on the first, last and contact slides. The Column is used on all slides that contain only text. All the slides except for the first and last have the “Faded Broken Doughnut Signature” in the bottom right corner. Slides with graphs, photos and text should not have the Column, only the “Faded Broken Doughnut Signature”.
Management’s service provider or software vendor selection process should include: Risk Assessment Due Diligence Contract Requirements Oversight Program FFIEC is developing guidance to outline this process. The driving force behind the development of the Interagency guidance are concerns highlighted by bank’s implementing Internet Banking strategies. These strategies include traditional service providers/software vendors use to working with a regulated institution but also companies that are new to dealing with a regulated entity or just a new company. The newer companies may not have much of a financial history. Also, we are seeing an increasing reliance on strategic alliances. IMPORTANT TO EMPHASIZED PROCESS NATURE.