To Stem Computer Piracy, New York Fed Begins Major Review of Banks'

The Federal Reserve Bank of New York has launched a comprehensive review of how banks in its region guard their computer systems from on-line pirates and joy-seeking hackers.

Three senior New York Fed officials will interview the top technology officers at large money-center banks, foreign bank branches, and state- member banks during the next several months to determine which safeguards work best.

These officials will then issue instructions this summer to all financial institutions in the region, detailing what safeguards should be in place. They also will help rewrite the guidelines used during information systems exams.

"We want to know where they see the trends and the problems," said Christine M. Cummings, New York Fed senior vice president. "That will let us know where we stand." Industry officials welcomed the review. "People deal with banks because they trust the bank," said Stephen Katz, chief information security officer at Citibank. "Anything that can be done that increases the trust in banks can only help the industry."

"There have been some fairly high-profile breaches of bank computer systems, which have involved potential losses of substantial dollars," said Robert Ballen, a partner at the Washington law firm of Schwartz & Ballen. "The more people are thinking about how to secure these critical bank networks, the better."

For example, a Russian hacker stole $400,000 from Citicorp before being caught last year.

New York Fed officials said they are responding to a technological boom in banking that has left institutions more exposed than ever to illegal computer break-ins.

The Internet, including home banking and electronic commerce, poses one of the biggest threats, according to Herbert W. Whiteman Jr., a New York Fed vice president and a member of the computer security team. Sophisticated criminals can use this link to access supposedly secure parts of the bank's computer system, essentially allowing them to steal by transferring money out of the institution.

Also, most Internet messages must pass through several computer systems on their way between the customer and the bank. Hackers could intercept the message and change the instructions, Mr. Whiteman said.

"Without some safeguards in place, you run into new risks," he said.

Other problems include:

*Laptop computers, which require executives to dial into their banks' main computers to send and retrieve documents. A hacker may use these same dial-in numbers to break into the system. Also, computer dial-ups make it possible for criminals to insert a virus into the bank's computer system. This could wipe out customer records or key bank documents.

*Outsourcing of data processing, which gives criminals the chance to tap into the lines that connect the bank with its data processing vendor. Thieves also may break into the vendor's computer system and alter the computer records.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER