Community Banking Advisor: Dot-Bank Domain Name Offers Improved Security

Most banks use the dot-com extension at the end of their website addresses, also known as the top-level domain (TLD). But the dot-bank TLD offers several advantages, including enhanced security which is of critical importance to banking customers today.

Eligibility for the dot-bank TLD, available since 2015, is limited to qualified applicants — including banks and savings associations chartered and supervised by state or national regulators, trade groups and other banking industry associations, service providers principally owned or supported by regulated entities, and certain government banking regulators and their associations. In addition, successful applicants must pass a screening process and implement various technologies and processes that help guard banking customers against fraud.

For more information, see register.bank/faq.

HMDA Guidance Helps Avoid Penalties

Since January 1, 2018, banks are required to submit Home Mortgage Disclosure Act (HMDA) data using the Consumer Financial Protection Bureau’s (CFPB’s) new online platform. Late last year, the CFPB announced that it wouldn’t impose penalties for errors in HMDA data collected in 2018 and reported in 2019. And it wouldn’t require banks to resubmit such data unless the errors are material.

On August 23, 2017, the Federal Financial Institutions Examination Council issued guidelines for examiners to use in assessing the accuracy of HMDA data that institutions record and report. The guidelines, which describe procedures for sampling and validating HMDA data, provide banks with insight into how examiners will assess HMDA data. To read the HMDA Examiner Transaction Testing Guidelines, click here.

Awareness of Email Wire Transfer Schemes Prevents Fraud

A Financial Crimes Enforcement Network (FinCEN) advisory warns banks about the dangers of email compromise fraud schemes involving wire transfers. According to the advisory, from 2013 to late 2016 there were approximately 22,000 reported cases of such fraud, involving $3.1 billion. In a typical scheme, a cybercriminal uses compromised email accounts to impersonate customers and mislead financial institutions into conducting seemingly legitimate, but unauthorized, wire transfers.

The advisory lists several red flags banks should look for when reviewing emailed wire transfer instructions. They should follow up with additional review and verification if, among other things:

  • The instructions contain different language, timing and amounts than previously verified instructions,
  • The customer’s email address is slightly different from a known customer’s address (for example, john_doe@abc.com instead of john-doe@abc.com),
  • The instructions direct payment to a known beneficiary, but the beneficiary’s account information is different from what was previously used,
  • The instructions describe the transaction as “urgent,” “secret,” or “confidential,” or
  • The instructions originate from a customer’s employee who is newly authorized on the account or who has never sent wire transfer instructions before.

To read the full FIN-2016-A003 advisory, click here.