Federal Reserve Bank of New York - Banking Information - E-Banking

On-line banking can help you manage savings and checking accounts, apply for loans, or pay bills quickly and easily. To enjoy the full benefits of on-line banking, you should understand all that on-line banking can offer, consider some questions to ask before signing up, and know how to get help if you need it.

What is on-line banking?
How do I get started with on-line banking?
Can I shop for a new bank account on-line?How quickly are my transactions processed?

What is on-line banking?

On-line banking is a service provided by many banks, thrifts, and credit unions that allows you to conduct banking transactions over the Internet using a personal computer, mobile telephone, or handheld computer (such as a "personal digital assistant"). You may be able to:

access accounts round-the-clock, even on weekends;
see balances on-line and find out whether checks or deposits have cleared;
transfer funds between accounts;
download information directly into personal finance software; or
receive and pay bills on-line (without check writing, envelopes, or stamps).

If you choose an "Internet-only" bank, you may no longer have access to a local "bricks-and-mortar" branch. Some Internet-only banks, however, offer higher interest rates and fewer fees than traditional banks.

How do I get started with on-line banking?

Frequently, all you need to do is to log on to your bank's Web site and follow the instructions. Before you begin to bank on-line, however, you might take advantage of the tips in the Secure Banking on the Internet section of this Web site.

When choosing an on-line banking service, use the same good business sense you would in any transaction. Make sure that the on-line bank has a good reputation before you provide personal information or send money. Also, when purchasing banking products or services on-line, read agreements carefully before clicking your consent to them or signing the agreements electronically. The time is well spent since you may be legally bound by those agreements. It is also wise to save or print a copy of the agreement for future reference.

Can I shop for a new bank account on-line?

The Internet is a convenient place to find bargains in banking products and services. You can often view rates for savings accounts, credit cards, loans, and other financial products and services. Some Web sites also help you directly compare financial products on-line.

If you decide to shop for a bank on the Internet, check to see that the Federal Deposit Insurance Corporation ("FDIC") insures your bank's deposits. Just as "bricks-and-mortar" banks display the FDIC seal at the branch, most on-line banks include information on their deposit insurance on their Web pages. You can find a list of FDIC-insured banks on the FDIC Web site at http:/www.fdic.gov. Keep in mind that the FDIC does not insure non-deposit investment products-mutual funds, money market funds, annuities, life insurance policies, stocks, and bonds-whether they are sold on-line or through a bank's affiliate.

Also, if you use a bank that is not licensed in the United States, your deposits may not be insured by the FDIC, and you may not benefit from other important consumer protections offered in the United States. To find out more about banking with an institution licensed overseas, read the Cross-Border Banking section of this Web site.

How quickly are my on-line transactions processed?

You may discover that on-line transfers are similar to writing a check and mailing it-transactions may not be processed instantaneously. Be sure to find out from your bank exactly when on-line or telephone account transfers take place (immediately, end of day, etc.).

If you want to pay bills on-line, you should ask when electronic payments are deducted from your account, and when they are transferred to third-party billers. To find out more about on-line bill paying services, read the Electronic Payments on the Internet section of this Web site.

ELECTRONIC PAYMENTS ON THE INTERNET

Electronic payments are made without the use of paper by way of a variety of electronic devices. There are many types of electronic payments, including direct deposit, direct debit, and electronic bill presentment and payment ("EBPP"). Electronic payments can also be made by credit, debit, or stored-value cards and on-line banking transactions.

Although credit card and direct deposit payments have been available for some time, more recent methods such as EBPP, paying bills by telephone, or using an e-banking site are growing in popularity.

What is Direct Deposit?
What is Direct Payment?
How do I pay bills through my bank electronically?
Can I use another service to pay my bills on the Internet?
How do I select a bill payment company?
What should I do if I discover an error?
What should I do if my card is stolen?

What is Direct Deposit?

Direct deposit is an electronic transfer of funds directly into your checking or savings account. Many companies use direct deposit for ongoing, regularly scheduled payments, such as salary, retirement benefits, dividend and annuity payments. To enable your company to pay you by direct deposit, you must sign an authorization form to allow your company to credit your account. The authorization must include account information, such as your bank's routing number and your account number-found on the bottom of your check.

Be sure to check that the information on the authorization form is accurate before signing. Keep a copy of the authorization form for your records. The information about the transfer of funds to your account will be reflected on your monthly bank statement; check that all amounts are correct.

What is Direct Payment?

Direct payment is an electronic funds transfer out of your checking or
savings account that is initiated by the person or company being paid. You can use direct payment to pay your regular bills, such as mortgage loans, insurance premiums and utility bills. For each company that you wish to pay electronically, you will need to provide a signed authorization form. Keep a copy of the authorization form for your records. You also may be asked for a voided check from your bank for account information. The authorization will allow the company to collect the amount of the bill from your checking or savings account on a specified date. Remember that once you have signed an authorization form, the company can access your account without any further action by you, unless you ask the company to end the arrangement. Some companies may require a certain number of days of prior written notice before discontinuing direct payments.

Your monthly bank account statement will show the transfer of funds from your account; be sure to check that all amounts listed are correct.

How do I pay bills through my bank electronically?

If your bank offers this service, you can go to its Web site and authorize payments to companies that you choose. Your bank will send the payments to specified companies either electronically or by check. Unlike direct payment, paying bills through your bank over the Internet allows you, not the merchant, to initiate all the payments.

All on-line transfers of funds from your account will be reflected in your monthly bank account statement. Be sure to check the accuracy of your monthly statements. Electronic payment service may be free of charge-or there may be extra fees.

Can I use another service to pay my bills on the Internet?

An EBPP service pays bills directly from your account and e-mails a monthly statement to you. Many companies other than banks offer EBPP services. They operate in many different ways. You may receive bills and monthly statements at your bank's Web site that were sent to the bank by the EBPP company. Alternatively, you may go to an EBPP company's Web site to view and pay your bills. In some arrangements, you go to the Web site of each biller to retrieve your bill. Payment of your bills may also occur through various methods.

EBPP companies may also provide other services: sending you an e-mail reminder when a bill arrives, tracking payment status so that you know when a bill payment is sent, or filing bills electronically. EBPP companies may charge monthly or per transaction fees for their services.

How do I select a bill payment company?

When selecting an EBPP company, keep in mind that the company will have access to your personal and financial data. Therefore, make sure that your EBPP provider is reputable. Check their listing with the Better Business Bureau. Also examine the company's privacy policy and security measures. Finally, be certain that there is a way to contact the company if you experience a problem. The EBPP company's Web site should contain an e-mail address, telephone number, and mailing address.

What should I do if I discover an error?

If you discover an error with a direct deposit or direct payment, report it to the company making the direct deposit and to your bank immediately.

Check your bank account statements regularly for errors or problems. The Electronic Fund Transfer Act (15 U.S.C. 1693, 1693m) and Regulation E also establish procedures for resolving errors on your bank account statement related to electronic funds transfers. For example, you have up to 60 days from your account statement date to notify your bank of any incorrect or unauthorized payment.

Your bank must investigate the error and quickly report the results to you. If your bank confirms the error, they should resolve the problem within one day. Procedures for the timely resolution of disputes are provided under the Federal Reserve Board's Regulation E. If the financial institution determines that an error did not occur, they must send you a written explanation of the findings within three days of concluding an investigation.

You can read more about electronic funds transfers and other consumer issues at the Board of Governors' Consumer Information Web site (www.federalreserve.gov/cosumers.htm).

What should I do if my debit or credit card is stolen?

If your debit or credit card is lost or stolen, you should notify your bank immediately. Your losses depend on how fast you report the loss or theft of the card-and on the type of card.

To find out more, contact your credit or debit card provider directly or your local Federal Reserve Bank.

PROTECTING YOUR PRIVACY

Since the Internet is a public network, you will want to protect your privacy on-line. Safeguard your banking information, credit card numbers, social security number, and other personal data. Keeping your personal information private means establishing that it is kept secure; to learn more about how to do so, read the Secure Banking on the Internet section of this Web site.

Some consumers may also want to know how their personal information is used, or whether their bank shares it with affiliates or other parties. Since July 2001, banks must give their customers a copy of their privacy policy. You may receive one in the mail or you may see a copy of it posted at the bank's Web site. The privacy policy should tell you what information the bank keeps about you and what information, if any, it shares with other companies.

Under the Gramm-Leach-Bliley Act (15 U.S.C. 6801, et seq.), banks must give you an opportunity to "opt out" of any policy they may have to share your non-public personal financial information with a third party. If you chose to opt out by notifying the bank in ways that they specify, the bank must not share your information with unaffiliated parties, except in certain limited circumstances. They may, however, share your information with affiliates. You will usually find information about opting out in the same notice that the bank sends you about its privacy policy.

You may have heard that some banks track your Web-browsing habits while you are at their site by storing small files on your computer's hard drive called "cookies." Cookies record personal information such as your user ID and password and browsing habits, and may help banks personalize the appearance of their Web site for your future visits. If these practices concern you, your Web browser may have the ability to refuse cookies.

Banks also use cookies to get to know your interests so that they can market particular products and services to you. You may want to ask your bank whether it uses cookies or otherwise tracks your browsing habits.

What kinds of personal information may a bank collect or store about me?
What is non-public personal information?
What should I do if my bank is not honoring my opt-out request?

What kinds of personal information may a bank collect or store about me?

Under the Gramm-Leach-Bliley Act, banks are required to notify you of the types of information that they may collect about you. Most banks collect financial information about their customers as a routine part of their business. When you apply for a credit card or a loan, for example, you provide personal information such as your name, address, phone number, and income information. Banks can add to this information by gathering credit reports from credit-reporting agencies and from other banks. These reports will detail your credit limits, merchants that you maintain accounts with, and the timeliness of your payments. Banks can use this information to market select products to you.

What is non-public personal information?

Non-public personal information means any personally identifiable financial information provided by a consumer to a bank resulting from any transaction or otherwise obtained by the financial institution.

This includes your name, address, account numbers, social security number, types of accounts, or account balances.

What should I do if my bank is not honoring my opt-out request?

Contact the appropriate banking supervisor and notify them of the practice. To file a complaint about a bank, please read the brochure entitled "How to File a Complaint About a Bank" available at the Board of Governors' Consumer Information Web site (www.federalreserve.gov/consumers.htm). For further information about filing a consumer complaint against a bank and for access to an on-line complaint form, please see this bank's consumer complaint information and online complaint form. (http://www.newyorkfed.org/complaints/survey/Instructions.cfm).

SECURE BANKING ON THE INTERNET

Once you are connected to the Internet, all information, encrypted or not, can be viewed by anyone else on the Internet with the right tools. There are, however, steps that you can take to protect your confidential information. They include using up-to-date virus protection and encryption software to protect your files, ensuring that your computer is physically and electronically safe from intrusion, and monitoring the security of the Web sites that you frequent.

How can I protect my identity from theft on the Internet?
How should I protect my computer from intrusion?
How do I know my Internet Service Provider is secure?
How do I know if my bank is secure?

How can I protect my identity from theft on the Internet?

Keeping your personal information confidential is your best safeguard on the Internet. Most computer network break-ins rely on commonplace deceptions or theft, not advanced technology. Simple precautions are essential:

Tell no one your password or other confidential information unless you are sure of their identity. Hackers sometimes impersonate technical support workers or others over the phone to obtain private information.
Keep your password out of plain sight in your work area.
Select a password that is hard to guess; avoid social security numbers, birthdates, PINs, or other obvious choices.

Good passwords are unique. Try using capitalization, non-letter characters, and other symbols with significance only to you. Instead of "carrot," for example, use "caRrOt8." Also, be sure to change your password periodically.

Keep in mind that once someone has access to your account number and PIN, they have access to your money and personal financial information.

How should I protect my computer from intrusion?

Both at home and the office, you should be aware of all those who have access to your files. Your computer should be physically secure, where unauthorized users cannot access it without your permission.

You should also avoid keeping open connections to cable networks or phone lines-your machine could be accessed without your knowledge.

Make sure your browser supports secure transactions using up-to-date security features like encryption.
Take advantage of security and virus protection software that protects your computer from intrusion.
Use log-on passwords, screen saver passwords, or other devices to prevent someone from using your computer when you are not there.
When you walk away from your PC, turn it off, or turn on the screensaver password feature.
If your computer is accessible to others, consider using encryption software for confidential files.

Most operating system software has built-in security features, but you may wish to consider purchasing additional virus protection, encryption, and personal firewall software to better protect your computer and data.

How do I know my Internet service provider is secure?

Most people use a modem and analog telephone line to log on to an Internet service provider. The provider then accesses the Internet. Commonly you click on a desktop icon to access the provider's Internet account, then type in your user ID and password. The software may permit you to store your user ID and password so that you do not have to type it in each time. Be aware that stored passwords and IDs can be copied from your computer.

Contact your Internet service provider to find out if they use encryption to store and transmit confirmation of your user ID and password-and if the ID and password are stored on your computer. High-bandwidth access providers like DSL and cable can place your computer in an "always on" state that is accessible to hackers.

Consider using personal firewall and anti-virus software, and turning your computer off when it is not in use.

How do I know if my bank is secure?

Most bank Web sites offer a "frequently asked questions" section that describes their security practices. Also, ask your bank if it requires special software to use its site, like Internet browsers that support encryption. Learn how to take advantage of your bank's particular security options.

AGGREGATION

Account aggregation lets you view your account information from multiple sources on one Internet Web site instead of having to visit several sites. Financial, credit card, securities, frequent flyer, and even weather forecast information can be included on an aggregation site. You may also be able to conduct transactions or obtain investment advice on an aggregator's site. Banks and other companies supplying such services must use your IDs and passwords to assemble this information.

How does aggregation work?
What questions should I ask before I use an aggregator?

How does aggregation work?

You provide the aggregator with account numbers, associated security codes, or other passwords issued by the companies holding your accounts.
The aggregator can then collect your financial information-even without the consent of the institution holding the consumer's account. If the account-holding institution also consents, however, that institution may relay your account information directly to the aggregator.

What questions should I ask before I use an aggregator?

Will providing my password to the aggregator violate my agreement with my bank? Some on-line bank agreements require that your do not reveal your password to anyone.
What security precautions does the aggregator take? These are often described on the aggregator's Web site or in the service agreement. The precautions may include encryption.
What is the aggregator's privacy policy? Read the privacy policy on the aggregator's Web site carefully; it may include tracking your Web-browsing habits and sharing your financial information with others.
Find out how to reach the right person with service questions; often that information is posted on the aggregator's Web site.
Be sure to read the aggregation service contract carefully; it should specify the aggregator's liability, or yours, for unauthorized transactions. This is especially important if your aggregation service includes funds transfers. If the aggregator is a bank, your liability for unauthorized on-line funds transfers from your accounts would be limited if you informed the bank of the problem in a timely manner.
Consider that you may have limited support from government regulators.

Consumer complaints against banks may be submitted to federal bank regulatory agencies or state banking departments. An aggregator that is not a bank is subject to the jurisdiction of the Federal Trade Commission.

Find out all the costs of the aggregation service.

An aggregator's services are typically bundled with other products and may be free initially. Some aggregators may present you with advertisements rather than charge for basic services. You should read the aggregation agreement carefully before you sign it for costs and all other "terms and conditions." In particular, you should find out how and when you will be notified of any changes in the terms of the agreement.

CROSS-BORDER BANKING

Customers who bank with U.S. depository institutions enjoy some of the best and strongest consumer protection laws and deposit insurance available in the world. These safeguards include laws and regulation designed to ensure that:

interest rates charged for loans or paid on deposits are explained truthfully and clearly.
bank deposits are insured.
personal and confidential information is used and handled appropriately.
depository institutions are managed in a safe and sound manner and in full compliance with applicable federal and state laws and regulations.

If U.S. banks and depository institutions fail to adhere to laws and regulations to protect depositors, you can file complaints with federal or state regulators.

The open nature of the Internet makes it easier for you to get information on financial products and services offered by banks and financial institutions from around the country and the world. Thus it is important to remember that if you do business with institutions outside the United States:

Your transactions may not be protected by United States or state laws or regulations, and your deposits may not be insured.
Instead, the laws and regulations of the foreign bank's home country may apply.

Consequently, it is wise to know a foreign bank's reputation before you decide to open an account or purchase financial products or services. This includes learning where the institution is located or chartered and what kinds of consumer protection, if any, the bank's home country offers.

Most banks provide information on their Web site about where they are located and how to contact them by telephone, in person, or by postal mail. Do not hesitate to contact them if you still have questions about consumer protections after reading on-line materials.

E-SIGN

Recent technologies make it possible to sign contracts over the Internet that formerly required handwritten signatures. E-Sign is a nickname for the federal Electronic Signatures in Global and National Commerce Act (15 U.S.C. 7001, et seq.), which establishes a general rule that in interstate transactions, electronic signatures have the same legal effect as handwritten signatures on paper. E-Sign is a voluntary statute that does not require anyone to use or accept electronic records or electronic signatures.

What is an electronic record?
What is an electronic signature?
What is a digital signature?
What does E-Sign mean for me?
How else may E-Sign affect me?
Which transactions are not affected by E-Sign?

What is an electronic record?

An electronic record is any record created, generated, sent, received, or stored by electronic means. Among electronic records are e-mail messages that you send, attachments to e-mail that you receive, articles from a Web site that you save on your computer, perhaps even voice mail on your answering machine.

What is an electronic signature?

An electronic signature includes any electronic sound, symbol, or process attached to an electronic record and performed with the intent to sign the record. Common examples are digital signatures, initials typed at the end of an e-mail message, or Web page agreements that require you to click a button to acknowledge your agreement.

Electronic signatures do not necessarily require the use of a special pen or touch screen permitting the user to place a signature on a computer file.

What is a digital signature?

Digital signatures are a subset of electronic signatures in which encryption and certification authorities are used to verify the electronic signature.

What does E-Sign mean for me?

E-Sign legally recognizes contracts made electronically. If, for example, you buy on-line at a merchant's Web site, you are often led through several computer screens before you complete your purchase. Each screen contains specific terms of the transaction (item ID, quantity, purchase price, total amount, your credit card number, etc.) and an "I agree" button. Unless you click on this button, you cannot proceed. If you complete the click-through process and the transaction, your actions may have the same legal effect as if you had signed a paper document containing all the terms you accepted electronically.

Some tips for agreeing to contract terms over the Internet:

Print your order, confirmation screen, and any electronic notices you receive from the merchant and keep the hard copies for later reference.
As with any contract, read the fine print. Do not agree to contract terms that you do not understand.
If the merchant's site has a link to general terms and conditions, review these terms before submitting your credit card information. If you decide to buy from this merchant, print a copy of the terms, date it and keep it.
Remember that if you do not want to enter into an on-line contract, you often have the option of calling a toll free number or using some other method for your purchase.

How else may E-Sign affect me?

Many companies, banks, utility companies, or other businesses that provide you with goods or services are required by law to send you various disclosure notices concerning your legal rights.

Companies now may send you this information electronically if you wish. Before you agree to receive notices electronically, the company must inform you:

that you can withdraw your consent to receive notices electronically, and how to do so;
whether your consent is limited to a specific transaction or covers your other dealings with the company;
whether you can request a paper copy of electronic notices sent to you, how to do so, and fees involved; and
what hardware and software you will need to access and retain the company's electronic notices.

Some tips for receiving electronic disclosure notices:

To send disclosures to you electronically, the company must obtain your consent, which must be given (or confirmed) electronically.
If you do not want to receive electronic disclosures, watch for the screen that allows you to check "yes" or "no" to accepting electronic notices in the future. Note that even though E-Sign requires an "affirmative" consent, the screen might be automatically checked "yes" unless you change it.
Do not give your e-mail address to any company unless you are willing to check your e-mail regularly.
Use only one e-mail address for all your personal business, and close all other e-mail addresses you may have.
Keep a list of the companies with whom you have agreed to receive information electronically, and notify them if your e-mail address changes.
If you cannot open an e-mail you received from a company, notify them. Do not dismiss the e-mail as junk mail-it could contain important information about your legal rights.
Once you have agreed to receive information electronically, the company may send you disclosures electronically by various means.
Your bank may send disclosures by e-mail or post them on its Web site and send you an alert notice that the information has been posted. Such a notice may be sent by e-mail or by regular mail, at the bank's option.
An electronic disclosure must be displayed on your screen as visual text (that is, cannot be oral). It may appear on the screen automatically, or the company may provide a link to it that cannot be bypassed.

What transactions or documents are not affected by E-Sign?

E-Sign does not apply to the following transactions or documents:

wills; family law matters;
transactions governed by the Uniform Commercial Code (except parts that govern sales and leases, to which E-Sign does apply);
court orders and other official court documents; and
notices regarding:
- default, acceleration, repossession, foreclosure, or eviction under a lease or a mortgage on a principal residence;
- termination or shut-off of utility services;
- termination or cancellation of health insurance or life insurance benefits (except annuities); and
- product recalls or material failure of a product, endangering health and safety.

WIRELESS BANKING

Wireless Internet banking, commonly called wireless banking, allows customers to access account information and perform transactions over the Internet using a mobile phone or a personal digital assistant (PDA) instead of a personal computer. Wireless banking is relatively new and rapidly evolving; customers may wish to know the basics:

How does wireless banking work?
What additional services may wireless banking provide?
Where can I find information if I am considering wireless banking?
What if I lose my wireless telephone signal while in the middle of a banking transaction?

How does wireless banking work?

Before you sign up for wireless banking, you should find out exactly how your mobile phone connects to your bank and verify that your information is secure at all times.

Mobile phone service can connect to your bank in a variety of ways. In some cases, your mobile phone uses your Internet service provider to dial up and connect to a Web server located at your bank. Alternatively, you may be given a special access telephone number to dial, and your bank may act as the Internet service provider. In either case, once you are connected, you enter your request using the keypad of your mobile phone or PDA.

What additional services may wireless banking provide?

Wireless banking provides most of the services on-line banking provides, and may also include:

information notification and alerts prompting you to view balances, see whether checks have cleared, and receive e-mail messages about deposits and other changes to accounts;
on-demand transactions allowing you to transfer money from one account to another, make electronic payments, and perform transactions just as in on-line banking, but by using a mobile phone or PDA.

Wireless banking involves the same security and privacy issues as on-line banking with a PC. Unlike PCs, however, mobile phones and PDAs are small and easily lost or stolen, making it even more important that a password be required to access account information or perform transactions. In addition, check to ensure that the information being sent to you is encrypted.

Where can I find information if I am considering wireless banking?

Your bank's Web page is a good place to start. The Web page should provide the terms and conditions of wireless services as well as privacy, security, and other basic information. Many banks also include a "frequently asked questions" section that explains how the service works and any fees involved. You will need a Web-enabled or Web-ready mobile phone or PDA; since there are many different kinds, most banks specify the devices needed for their particular wireless services.

What if I lose my wireless telephone signal while in the middle of a banking transaction?

Contact your particular bank and wireless service provider to determine what happens if a transaction is interrupted, and check your monthly statements to ensure that all transaction amounts are correct.

Since mobile devices sometimes lose their signal, it is important to find out how transactions are completed and verified. You should receive a confirmation number for each completed transaction.

GLOSSARY

Affiliates
Any company that owns, is owned by, or is related through common ownership to another company.

Analog
The traditional method of modulating radio and telephone signals so that they can carry information.

Browser
Software that permits a user to view graphical pages over the World Wide Web. The two most popular browsers are Netscape Navigator and Microsoft Internet Explorer.

Bandwidth
Generally, the information-carrying capacity of telephone or network wiring. High bandwidth allows fast or high-volume transmission.

Certificate authority
An organization responsible for certifying the identity of a particular person or merchant. Certificate authorities permit users to issue digital signatures to conduct transactions electronically.

Cookie
Cookies are small data files written to your hard drive by some Web sites when you view those sites through your browser. These data files contain information the site can use to track such things as passwords, lists of pages you have visited, and the date when you last looked at a certain page.

Encryption
Encryption is the process of mathematically changing characters into a form that can be read only by the intended receiver. To decipher the message, the receiver of the encrypted data must have the proper decryption key. In traditional encryption schemes, the sender and the receiver use the same key to encrypt and decrypt data.

Internet
The worldwide "information highway" composed of thousands of interconnected computer networks. It reaches millions of people in many different countries. The Internet was originally developed for the United States military, and then became used for government, academic, and commercial research and communications. The World Wide Web facility on the Internet makes possible almost instantaneous exchange of information by linking documents around the world.

Internet service provider (ISP)
A company that provides Internet access or Internet accounts to individuals, businesses, and other groups.

Non-deposit investment products
A non-deposit investment product is a financial asset that is not FDIC-insured and may contain investment risk. NDIPs include mutual funds, annuities, securities, and self-directed individual retirement accounts that invest in securities.

Non-public personal financial information
Section 509(4) of the Gramm-Leach-Bliley Act defines non-public personal information as "personally identifiable financial information" that 1) is provided by a consumer to a financial institution, 2) results from any transaction with a consumer or any service performed for a consumer, or 3) is otherwise obtained by the financial institution. "Non-public personal information" also includes any list, description, or other grouping of consumers as well as publicly available information pertaining to them.

Operating system
The main control program of a computer that schedules tasks, manages storage, and handles communication among the different parts of a computer.

PIN
Abbreviation for personal identification number. A code or password, unique to or associated with a specific user and entered into a data-processing device for the purpose of verifying the identity of a person requesting access or a transaction.

www.newyorkfed.org