(a) A credit union must file a written notice with
the commissioner at least 30 days before it establishes a transactional
web site. The notice must:
(1) Include an address for and a description of the
transactional features of the web site;
(2) Indicate the date the transactional web site will
become operational; and
(3) List a contact person familiar with the deployment,
operation, and security of the transactional web site.
(b) For the purposes of this chapter a transactional
web site is an Internet site that enables users to access an account
and conduct financial transactions such as transferring funds, processing
bill payments, opening an account, applying for or obtaining a loan,
or purchasing other authorized products or services.
(c) Credit unions that have a transactional web site
must provide for a review of the adequacy of the web site's security
measures annually. The scope of the review should cover the adequacy
of physical and logical protection against denial of service attacks
and other attack vectors designed to gain unauthorized access to the
system. If the credit union outsources this technology platform, it
can rely on testing or audits performed for the service provider to
the extent it satisfies the scope requirements of this subsection.
|
Source Note: The provisions of this §91.4002 adopted to be effective May 13, 1999, 24 TexReg 3475; amended to be effective December 8, 2002, 27 TexReg 11075; amended to be effective March 13, 2006, 31 TexReg 1648; amended to be effective March 29, 2018, 43 TexReg 1837 |