I am new to the compliance oversight of ebanking and I have two questions:

1. What are other banks doing to verify customer identity during a live chat on their internet banking website?
2. What information do you allow your live chat personnel to give out during a live chat?

Are there any regulatory cites I can reference to monitor compliance? Thanks so much!

This is going back a few years to when customer service, online banking, and other servicing groups reported to me, but as far as I know they still have these practices in place:

If you are referring to in-online-banking chat (i.e. they have logged in and been authenticated by the OLB system), they can have any information they ask for since they have been authenticated. It's possible that your system doesn't pass authentication on to your chat system - if so, you could use the outside-of-online banking steps below.

If they have come in through a non-authenticated environment (www.xyzbank.com), we ask standard SSN/DOB/account number questions plus some sort of out-of-wallet question (can you tell me the approx amount of the car payment that you pay from your account, what was your last debit card transaction, etc.). Once authenticated, they can get as much info as needed.