It's one thing to respond to a phone call from a merchant seeking to verify funds are available to cover a check written to the merchant where you can take precautions to ensure the identity of the caller and the validity of the information request. It's quite another thing to operate a merchant verification line that allows an anonymous caller to dial an automated response system number listed in the phone book (or choose that option on the voice response system menu of choices) and key in an account number and an amount and receive information about whether or not a check in that amount on that account would clear.
How do you protect against fraud in such a situation? What would prevent someone from obtaining an account number, either legitimately, or through some pretext, and calling the merchant verification line and entering in any amount they make up, thus learning the parameters of the customer's balance?
You always have to take into account not only the privacy rules, but also the Interagency Guidelines for Safeguarding Customer Information. I do not believe most automated merchant verification lines offer sufficient protection against pretext calling.