Financial institutions are actively evaluating and implementing wireless technology as a means to reach customers and reduce the costs of implementing new networks. In light of this fast-developing trend, the Federal Deposit Insurance Corporation (FDIC) is providing financial institutions with the following information about the risks associated with wireless technology and suggestions on managing those risks. Please share this information with your Chief Information Officer. Wireless Technology and the Risks of Implementation Wireless networks are rapidly becoming a cost-effective alternative for providing network connectivity to financial institution information systems. Institutions that are installing new networks are finding the installation costs of wireless networks competitive compared with traditional network wiring. Performance enhancements in wireless technology have also made the adoption of wireless networks attractive to institutions. Wireless networks operate at speeds that are sufficient to meet the needs of many institutions and can be seamlessly integrated into existing networks. Wireless networks can also be used to provide connectivity between geographically close locations without having to install dedicated lines. Wireless Internet access to banking applications is also becoming attractive to financial institutions. It offers customers the ability to perform routine banking tasks while away from the bank branch, automated teller machines or their own personal computers. Wireless Internet access is a standard feature on many new cellular phones and hand-held computers. Many of the risks that financial institutions face when implementing wireless technology are risks that exist in any networked environment (see FIL-67-2000, "Security Monitoring of Computer Networks," dated October 3, 2000, and the 1996 FFIEC Information Systems Examination Handbook, Volume 1, Chapter 15). However, wireless technology carries additional risks that financial institutions should consider when designing, implementing and operating a wireless network. Common risks include the potential:
These risks could ultimately compromise the bank's computer system, potentially causing:
Risk Mitigation Security should not be compromised when offering wireless financial services to customers or deploying wireless internal networks. Financial institutions should carefully consider the risks of wireless technology and take appropriate steps to mitigate those risks before deploying either wireless networks or applications. As wireless technologies evolve, the security and control features available to financial institutions will make the process of risk mitigation easier. Steps that can be taken immediately in wireless implementation include:
Additional information about wireless networks and wireless customer access appears in the Appendix, available on the FDIC's Web site at www.fdic.gov . You may also contact Jeffrey M. Kopchik, Senior Policy Analyst, E-Banking Branch, Division of Supervision, on 202-898-3872. Michael J. Zamorski Director Distribution: FDIC-Supervised Banks (Commercial and Savings) NOTE: Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (800-276-6003 or (703) 562-2200). |
Notes