The more we dig into web hosting for financial institutions, the higher our eyebrows rise. Take the following extract from a banker’s recent email to his web hosting service:

“Things haven’t been going very well with the web hosting recently. Here are our outstanding problems/concerns:

1. I discovered this morning that the email form is no longer working. This makes our bank look pretty unprofessional, to say the least. Could you please fix it, or let me know how to fix it?
    

2. It’s been a couple of months since we requested vendor due diligence documentation. We still have nothing.
    

3. I have been trying for a couple of weeks to update our website. You advised me via email that the service you contract for web hosting had changed its procedures. I tried the new procedures, but the ID and Password that I have always used no longer work. I’ve left you several phone messages and several emails, but I have not heard back.
    

4. Finally, this past Tuesday morning, we received customer complaints that the website was down.  I confirmed that the site was not available. After failing to reach you on your cell and at home, I called your web hosting service contact for assistance. The contact advised me that our account was $6.00 in arrears, so that’s why our site was pulled down. The bank’s management is deeply disturbed that you hadn’t made a timely payment to the actual hosting service, and that the hosting service brought down our site for $6.00.  I, too, was absolutely stunned.”

While some bankers might chuckle at the letter above, others very likely recall their own web hosting challenges. Inoperable functions, inadequate documentation and inept service are all too common in this business, just when customer expectations are rising.

A major cause of slack web hosting service is its structure. The vendor described above actually “retails” a web hosting service to the bank. The actual provider is a web hosting “wholesaler” that serves thousands of customers, from banks to banquet services. Regulated? I don’t think so!

Is it any wonder that functions stop working? That service calls go unanswered? That requests for regulatory documents, such as a SAS 70, are met with stuttering consternation?  

As customers and regulators turn up the heat on Internet web sites, the need for specialized web hosting services for financial institutions becomes greater as well.  They cost more. They’re not located a few doors away from the main office. But they get the job done.

Here are a few questions to help you select your next web hosting vendor:

1. Does the proposed vendor have a SAS 70 or equivalent EDP report?
    

2. Does the vendor offer intrusion detection services and reporting?
    

3. Does the vendor provide user documentation for hosting features, such as page updates?
    

4. Does the vendor secure the transfer of information collected from web forms? Often the form is secure to the site visitor, but unsecure when the information is passed from the hosting service to the financial institution.
    

5. Will the vendor agree to service level standards for web site uptime, customer service responsiveness and issue resolution?
    

6. Does the vendor maintain a history of web activity for forensic analysis in case of phishing and other attacks? Does the vendor offer any forensic services at all?
    

7. Does the vendor have a viable backup system that is tested on a regular basis?

This is hardly an exhaustive list of questions for your prospective web hosting vendor, but it should give you a start.

Eventually, as security and fraud problems continue to plague the web, hosting retailers and wholesalers will raise the bar with premium services that approach the needs of financial institutions. Unfortunately, that won’t happen in time for your institution to pass its next regulatory exam!