(a) A credit union must file a written notice with the commissioner at least 30 days before it establishes a transactional web site. The notice must:
- (1) Include an address for and a description of the transactional features of the web site;
- (2) Indicate the date the transactional web site will become operational; and
- (3) List a contact person familiar with the deployment, operation, and security of the transactional web site.
- (b) For the purposes of this chapter a transactional web site is an Internet site that enables users to conduct financial transactions such as accessing an account, obtaining an account balance, transferring funds, processing bill payments, opening an account, applying for or obtaining a loan, or purchasing other authorized products or services.
- (c) If a credit union has established a transactional web site before the effective date of this rule, it must file a notice describing its activity by June 1, 1999.
- (d) Credit unions, which have a transactional web site, must provide for a review of the adequacy of the web site's security measures at least once every two years. The scope of the review should cover the adequacy of physical and logical protection against unauthorized access including denial of service and other forms of electronic access. If the credit union outsources this technology platform, it can rely on testing performed for the service provider to the extent it satisfies the scope requirements of this subsection.
Source Note:The provisions of this §91.4002 adopted to be effective May 13, 1999, 24 TexReg 3475; amended to be effective December 8, 2002, 27 TexReg 11075.