eStatements – Does anyone have pertinent subjects for a risk assessment relating to eStatements?

When I conduct information security reviews for E-Statements I look for… -Delivery: push or pull? the use of email (which we don’ recommend), downloads available from the online banking product and if authentication is required to access the statement -Agreements: The overall internet banking agreement should include eStatements or customers should accept services through a seperate agreement. -Compliance: I’m not sure I’d be much help here, but I do know it is best practice to put an FDIC logo on the statement somewhere.

We are launching eStatements in a few days. Here is what we settled on: - Pull. at first business day the PDF will be available. You download it. - you can only get the estatement through the sign on with the internet banking product. - Agreements to agree to once you start downloading. 3 consecutive months of download automatically stops the paper product. - if the log shows you haven’t downloaded a statement for 6 consecutive months we are given the right to attempt contact by the means you have given us. The risk you have to manage has to be a know attribute like your online banking platform. That is the key. Also the logs you create can give you value information about when a statement is downloaded. Much better than guessing if the envelope has been opened. Click through URLs give even a greater dimension to manage risk and compliance.