For those of you that offer transactions through your websiet, have you established a dollar amt. threshold at which point you will not make the transfer/pay the bill withour confirming with your cust? If yes, I would like to know the dollar amt. you used. We are looking at dollar amts. for invids. and for businesses to be different. Also, how did you deal with the next day attempt to contact the customer? Were they upset?

I am curious ... what is the reasoning for contacting the customer? Is this a means to satisfy the "multi-factor authentication" requirement that most internet banking systems must have in place after 2006?

Our threshold is $9999 for individuals and $50,000 for businesses. Any payments above these amounts would be automatically be blocked - we do not contact the customer (they ususally contact us).

At our bank, there is no dollar threshold for bill payment...explanation given - if the customer has the funds in the account, there should be no threshold.

I understand the "don't pay immediately" philosophy. But to not pay the item at all seems a bit too conservative (and would upset the customer if the payment did not reach the payee in time). Parallel this to large-dollar checks presented for payment ... some banks have large items "kick-out" so that someone can verify the signature(s) ... and then the item is paid. That appears reasonable. However, with an internet bill-pay check ... the only "signature" is the computer's IP address. But the IP address - aka signature - changes because it may not be static or the customer may be traveling when he/she submits an internet bill-pay request. Previous threads on this message board discuss multi-factor authentication for internet banking systems ... and in my opinion ... implementation of this technology should provide enough assurance to banks to pay the internet bill-pay checks -- regardless of the amount.

However ... a dollar threshold for internet bill-pay checks would make sense to help identify potential suspicious activity from a BSA/AML perspective ... but that's a discussion for the BSA/AML forum ...

The concept of establishing some kind of threshhold was recommended by an outside IT audit firm. The suggestion comes from the point of view of an extra "layer" to control money coming from accounts that shouldn't be, i.e someone succeeded in hacking into the bank's bill pay area and is using the instruction function to get money out of the account. You may see this come up in your S & S exams very shortly...it is another "best practice" and serves both IT security and BSA purposes (they are focusing more and more on funds transfer monitoring and this is one area where someone can move money around). Thanks for giving me your thoughts on the thresholds. It always the same issue - you can design and receive a report telling you something - now what to do with it.

UK Banks such as Barclays have delays to verify requests with the account owner before large payment amounts go out. This even though they also have tighter multi factor authentications (cell phone calls/messages sent with PINs that must be used to complete transaction etc)

US Banks seems to tend to monitor payments/transfers over a certain amount in the back office but if the transaction is not reeking of fraud often let it take place rather than deal with the expense of front end verification/resolution and if there is a mess clean it up afterwards, once an affadavit is signed by the customer saying they did not make the payment/transfer.