Whom Do We Notify?
Answer by Ryan Rasske, BOL Guru Guru BIOS
Question: We have been notified by VISA Fraud that 23 of our customers debit cards may have been compromised. We have notified each affected customers. To date we have not identified any loss. Do we need to: 1) file a SAR?, 2) notify law enforcement? or 3) notify the FDIC?
Answer: Based on your question, I am assuming you have already assessed the incident to determine what customer information may have been compromised. The findings of your assessment will determine what action steps you or your “response team” must take. Financial institutions are encouraged to implement a response program that will address situations where “sensitive” customer information may have been breached.
According to the Interagency Guidance, “sensitive” customer information is defined as a customer’s name, address, or telephone number in conjunction with the customers social security number, drivers license number, account number, credit or debit card number, personal identification number or password that would permit access to a customers account. Sensitive customer information also includes any combination of components of customer’s information that would allow someone to access the customer’s account.
If the compromised data includes “sensitive” information (regardless of the loss amount), you will need to (1) notify your primary Federal regulator as soon as possible to explaining the situation, (2) take steps to prevent additional unauthorized access to customer information, and (3) work closely with your legal counsel, senior management, and regulator to determine if a SAR is required.
BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.
Print Friendly!
Email This Article!
Discuss NOW!
