Are transaction histories available in HTML and Print/PDF for reconciliation purposes?
Since the man-in-the-browser vector can provide the attacker with the facility to alter any data displayed inside an infected Web browser, it is important that methods exist for customers to reconcile historical transactions and account changes. The use of alternative or multiple in-application reporting mechanisms is to be recommended. The ability to access monthly statements in formats such as Acrobat Reader or Microsoft Excel can facilitate the reconciliation process for customers – all the while making it more difficult for the attacker to modify the data. While not a particularly “Green” strategy, printed statements should be made available to customers – along with onscreen instructions on how to reconcile between the different mediums. Other out-of-band update systems could also be considered, and aid the reconciliation process – such as a weekly automated SMS text messages listing the number of transactions (and perhaps the transaction type and account balance). Weekly or month
Related Questions
- What is a reportable security for purposes of a personal securities transaction or holding report of an access person of a SEC registered investment adviser?
- Can we convert the HTML to PDF file without taking the confirmation from the user to print PDF file?
- Are transaction histories available in HTML and Print/PDF for reconciliation purposes?
