Page 3 of 3 1 2 3
Thread Options
#1721380 - 07/18/12 09:20 PM Re: FFIEC Authentication Guidance [Re: AFaquir]
DD Regs Offline
Power Poster
DD Regs
Joined: Nov 2008
Posts: 4,132
Somewhere in the middle
We use OOB method. If a client states they can't use OOB, would we be able to have them sign a waiver stating they hold us blameless if their system is compromised?
_________________________
I'm only responsible for what I say, not for what you understand.

Return to Top
eBanking / Technology
#1722155 - 07/22/12 11:17 AM Re: FFIEC Authentication Guidance [Re: AFaquir]
rlcarey Offline
10K Club
rlcarey
Joined: Jul 2001
Posts: 73,261
Galveston, TX
Knowingly providing services in less than what is believed to be a secure environment would probably be a little hard to defend regardless of any such hold harmless agreement. That customer is either able to comply or cannot use the services is the only logical approach.
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#1724628 - 07/27/12 11:19 PM Re: FFIEC Authentication Guidance [Re: DD Regs]
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,010
On the Net
Originally Posted By: DD Regs
If a client states they can't use OOB, would we be able to have them sign a waiver stating they hold us blameless if their system is compromised?


Read the PATCO decision or tune into this webinar. http://calendar.bollearningconnect.com/main.php?view=event&eventid=1341926976105

Banks are losing these suits as there are disputes over which system was compromised, was security adequate and now, was it reasonable.

A waiver isn't reasonable.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top
Page 3 of 3 1 2 3

Moderated by:  Andy_Z