iWeb User Information

iWeb is a web-enabled banking application used to process correspondent and Federal Reserve transactions including image cash letter processing, domestic wires, international wires, ACH returns and notice of changes, ACH origination, ACH receipt delivery, coin and currency ordering, large dollar returns, credit cardholder information file updates and payment postings, and check adjustments.  This system is accessible over the Internet with all data encrypted utilizing TLS encryption with user validation utilizing a combination of usernames, passwords, biometric, IP address, and/or token-based authentication. 

Security

  • SSL 256-bit encryption
  • Biometric fingerprint authentication
  • Multi-Factor Authentication
  • IP Address restrictions
  • 20 minute forced log-off
  • Chromium based browser (Microsoft edge or Google Chrome) and Windows 10 or higher operating system for workstations OR
  • Chromium based browser and Windows 2012 server or higher

Authentication

iWeb complies with interagency guidelines regarding authentication in an internet banking environment. iWeb authentication requires biometric login using fingerprint scanners with available YubiKey and TOPT (Google Authenticator) multifactor authentications options.  If your institution does not use the biometric device (recommended method), users are required to enter a password and answer a security question. Layered security controls include, but are not limited to, IP address restrictions by bank, authentication at login, encryption, real-time posting of transactions to your account, and email notifications of wire transfers.

Fingerprint scanner order form (external link) »

Office of Foreign Assets Control (OFAC)

iWeb scans all fields that are populated with alphabetic information on outgoing foreign and domestic wire transfers and international ACH transactions (IATs) (Numeric fields, e.g., routing and account numbers, are not scanned.) Information in the scanned fields is compared with the OFAC Specially Designated Nationals and Consolidated Sanctions lists, as well as a list of countries with broad-based OFAC sanctions, when an incoming wire or IAT is received and when an outgoing wire or IAT is processed. All information should be entered accurately to ensure scans operate efficiently and return expected results. For example, the country field should be populated when originating foreign wires. If any transaction contains a potential violation, the user will be notified and must confirm OFAC compliance and provide a reason for processing before  the transaction can be completed. A report is available summarizing the number of scans and hits. All audit information, including OFAC scan results, is retained for five (5) years for wires and six (6) years for IATs.

Disaster Recovery

iWeb is a web-based system with the database residing in The Bankers Bank (TBB) infrastructure. In the event of a disaster affecting your facility, the end user administrator would only need to ensure their DR site IP address be recorded in iWeb and have and available PC with high speed internet. All data and authentication credentials are stored at TBB. There is no proprietary software to install, maintain, and backup. iWeb provides a database download utility for respondents’ backup of transactions and activity, and TBB recommends that this download of archive data be performed at least quarterly.

More detailed iWeb emergency procedures are included in the “Emergency Procedures” document on our website. For information regarding TBB’s disaster recovery program, please refer to the “Business Continuity and Security Summaries”.

External Reviews

TBB’s systems and processes, including those related to iWeb, are subject to external reviews. Annually, The Bankers Bank engages an outside party to perform an Information Technology (IT) audit. TBB undergoes examinations from the Federal Reserve Bank and the Oklahoma State Banking Department every 18 months. In addition, we contract with an accounting/consulting firm to conduct a Service Organization Control (SOC) review annually.

User Responsibilities / Best Practices

System Access

Customer financial institutions (FIs) should implement policies and procedures at their locations that ensure access controls are appropriate and user permissions are consistent with the user’s job function(s). User institutions are responsible for managing their iWeb users.

A system administrator at the customer FI is responsible for setting up other administrator accounts and user accounts, granting specific access, including any limits, and changing and deleting users’ access. Settings that cause iWeb to send administrators email notifications of changes to user accounts should be enabled. Customers should monitor user activity and changes to access rights, and regularly review access rights for appropriateness.

Dual control for wire transfers is available with iWeb, and we strongly encourage FIs to require all wires to be verified by a second user. Another option is to enforce dual control procedures for wires over a specified amount. If this option is chosen, an amount that appropriately reflects the risk tolerance for your institution should be established by senior management and approved by the board.

Customer FIs should monitor account activity and take steps to educate employees and customers regarding social engineering and other attempts to gain access to information and systems.

iWeb Transaction Processing

Respondent FIs should notify their direct correspondent immediately of any discrepancies identified in their reconciliations. Respondents should also ensure that imported files are reconciled to their TBB statement. If applicable, activity in the cash management system should be reconciled daily to Fed statements by personnel independent of the operations department.

Data Transmissions To/From iWeb

User organizations should ensure secure protocols are used when transmitting data outside of iWeb. Users should verify file totals and item counts of data imported or entered into the system. In addition, file acknowledgements from upstream financial institutions should be reconciled to the information processed through iWeb.

iWeb Application Development Requests

User organizations are responsible for notifying TBB in a timely manner of any application bugs or required changes and for performing tests, as necessary, on upgrades and changes to the application.

Account Monitoring

TBB does not monitor accounts of respondent banks’ customers or assist with identifying suspicious activity. Customers FIs are responsible for maintaining “Know Your Customer” policies and procedures designed to detect and respond to unusual or suspicious activity involving their customers.

Print Friendly, PDF & Email

 

You are now leaving The Bankers Bank

The Bankers Bank has no control over information at any site hyperlinked to or from this site. The Bankers Bank makes no representation concerning and is not responsible for the quality, content, nature, or reliability of any hyperlinked site and is providing this hyperlink to you only as a convenience. The inclusion of any hyperlink does not imply any endorsement, investigation, verification, or monitoring by The Bankers Bank of any information in any hyperlinked site. In no event shall The Bankers Bank be responsible for your use of a hyperlinked site.

You will be redirected to

Click the link above to continue or CANCEL