Do weblinking rules apply if a business has a link to us, and are we required to monitor this?
We currently keep both electronic copies and paper copies of every change made on our website. This is time-consuming to maintain. How critical is it to keep hard copies of our work, and what questions should we be asking ourselves to potentially reduce or eliminate unnecessary paper trails?
I just finished taking a Reg CC training through ICBA, and it mentioned that we should have a maximum of 4 characters to reference the account number on a hold notice. I can't find this verbiage on any other Reg CC training I have done recently to this. Is this the requirement?
We found an HPML in our audit. There is no escrow set up. What can we do?
What is demonstrable consent and can we do that with new account disclosures we email the new customer?
Should we complete a risk rating on a customer opening a new saving account, as an example, or how are the accounts selected that this is completed on, i.e. based on what criteria?
Why can't we hold a customer or member liable for having the PIN with the card?
Is there a way to know if any SARs submitted to FinCEN by my institution were among those leaked in the recent data breach?
We have had several EFT claims recently that involve online debit card transaction to dating sites and adult sites. Both of which may have a trial membership period where the customer signs up for very little and then in 7 days or so gets hit with a heftier fee, and then many more. The customer claims they did not authorize the transactions. Our employee contacts these merchants; gets verification the customer signed up for the trial membership, the date they signed up, the name on the account, the email, and possibly the address associated with the account.
My concern with these types of sites is that there may not be a shipping address as they are online services, so we can't say there was a shipment to their physical address. If the customer is claiming they didn't sign up for the services, yet the merchant is providing us with all the other information that coincides with our customer's information, is that enough to still deny the claim or should it be paid based on the customer's statement?
If an EFT claim is made long after the statement is sent showing the transaction, the rules of investigation don't apply. So why do we investigate any of these claims?