Some financial institutions host websites for both themselves as well as for other businesses. Financial institutions that host a business customer's website usually store, or arrange for the storage of, the electronic files that make up the website. These files are stored on one or more servers that may be located on the hosting financial institution's premises. Website hosting services require strong skills in networking, security, and programming. The technology and software change rapidly. Institutions developing websites should monitor the need to adopt new interoperability standards and protocols such as Extensible Mark-Up Language (XML) to facilitate data exchange among the diverse population of Internet users.
Risk issues examiners should consider when reviewing website hosting services include damage to reputation, loss of customers, or potential liability resulting from:
- Downtime (i.e., times when website is not available) or inability to meet service levels specified in the contract,
- Inaccurate website content (e.g., products, pricing) resulting from actions of the institution's staff or unauthorized changes by third parties (e.g., hackers),
- Unauthorized disclosure of confidential information stemming from security breaches, and
- Damage to computer systems of website visitors due to malicious code (e.g., virus, worm, active content) spread through institution-hosted sites.
Payments for E-Commerce