Skip to content
 

Internet Safeguards

While information technology is not usually the responsibility of the compliance manager, there are certain IT functions that the compliance manager should make sure are in place. One is information security and the customer privacy protections that go with it. Techniques for keeping information secure are vulnerable to a variety of attacks, ranging from hacking to theft.

One area that is becoming increasingly common is account hijacking. This occurs when a fraudster, posing as the financial institution, sends messages to customers requesting that they verify certain information. Once the consumer verifies it, the fraudster has what is needed to steal from that customer.

To prevent this, OCC (OCC Bulletin 2005-24) and other regulatory agencies recommend a two-pronged approach. One is enhanced steps to protect customer information, including "multifactor authentication." The other, of course, is customer education. Make sure customers know when and how the institution will send electronic messages to them. And make sure that customers know that you will never ask the customer to verify information unless the customer initiated the transaction.

Copyright © 2005 Compliance Action. Originally appeared in Compliance Action, Vol. 10, No. 8, 7/05

First published on 07/01/2005

Filed under: 
Compliance
Security
Technology
Filed under compliance as: 
Customer Information
IT
OCC
Privacy
Security
Technology
Filed under security as: 
Customer Information
Information Technology
IT
Privacy
Security
Technology
Filed under technology as: 
Customer Information
IT
OCC
Privacy
Security
Technology

Report a problem with this page

Search Topics