Web Sites Convenient, But Create Additional Risk

ALEXANDRIA, Va.-NCUA recently issued a Letter to Credit Unions (02-CU-16) urging credit unions to guard against Internet-related risks. The letter recognized that Web sites are regularly offered as a service to their members but members could unwittingly reach another entity’s Web site, either by accident or by design. The main causes for the misdirection are inaccurate entry of the domain name; loss of domain name from lack of payment allowing another party to take the name; or redirection or “hijacking” of Internet traffic because of “inadequate security practices.” “Any product or service can expose the credit union to increased risk,” the letter signed by NCUA Chairman Dennis Dollar read. “Risk is the potential that events, expected or unanticipated, may have an adverse effect on the credit union if not properly controlled.” Associated threats credit unions can run into listed in the letter include: *Transaction Risk- members inadvertently disclose password or other information that could be used for fraudulent transactions; *Strategic Risk- electronic advertising could be negatively impacted if a credit union’ Internet address is secured by a third party; *Compliance Risk- if in non-compliance with NCUA rules due to an inadequate security program; and *Reputation Risk- if members are redirected to a site with offensive material there could be a negative impact on the credit union’s reputation.