E-banking presents new administrative control requirements and potentially increases the importance of existing controls. Management must evaluate its administrative controls to maximize the availability and integrity of e-banking systems. E-banking information can support identity theft for either fraud at the subject institution or for creating fraudulent accounts at other institutions. Institutions should consider the adequacy of the following controls:
- Segregation of e-banking duties to minimize the opportunity for employee fraud;
- Dual-control procedures especially for sensitive functions like encryption key retrieval or large on-line transfers;
- Reconcilement of e-banking transactions;
- Suspicious activity reviews and fraud detection with targeted review of unusually large transaction amounts or volumes;
- Periodic monitoring to detect websites with similar names, possibly established for fraudulent purposes;
- Error checks and customer guidance to prevent unintentional errors;
- Alternate channel confirmations to ensure account activity or maintenance changes are properly authorized; and
- Business disruption avoidance strategies and recovery plans.
E-banking activities are subject to the same risks as other banking processes. However, the processes used to monitor and control these risks may vary because of e-banking's heavy reliance on automated systems and the customer's direct access to the institution's computer network. Some of the controls that help assure the integrity and availability of e-banking systems are discussed below.
Authenticating E-Banking Customers