While information technology is not usually the responsibility of the compliance manager, there are certain IT functions that the compliance manager should make sure are in place. One is information security and the customer privacy protections that go with it. Techniques for keeping information secure are vulnerable to a variety of attacks, ranging from hacking to theft.
One area that is becoming increasingly common is account hijacking. This occurs when a fraudster, posing as the financial institution, sends messages to customers requesting that they verify certain information. Once the consumer verifies it, the fraudster has what is needed to steal from that customer.
To prevent this, OCC (OCC Bulletin 2005-24) and other regulatory agencies recommend a two-pronged approach. One is enhanced steps to protect customer information, including "multifactor authentication." The other, of course, is customer education. Make sure customers know when and how the institution will send electronic messages to them. And make sure that customers know that you will never ask the customer to verify information unless the customer initiated the transaction.
Copyright © 2005 Compliance Action. Originally appeared in Compliance Action, Vol. 10, No. 8, 7/05
First published on 07/01/2005