When we're setting up a merchant for remote deposit capture, one of our relationship managers come to the location to help with the installment of the scanner. During this process, s/he is on the merchant's computer performing the connection, is this something they shouldn't be doing? I would think it's a liability issue for the Bank if something was to happen to the computer (i.e. virus or an intrusion occurs) and a Bank personnel was operating it. What is best practice for this scenario? Also, I found out that our vendor for RDC remoted into a merchant's computer to troubleshoot a problem. This is along the same line as the scenario above, if the customer allows access and something was to happen, would the Bank also be liable?

It is very common for banks or their vendors to access customer systems in this type of scenario. Similarly a bank vendor may have to remotely access the bank system. The precautions to be taken (virus software, etc.), liability, and insurance should be spelled out in the contract.

Any bank going down this path would be well served to have its contracts drafted or at least reviewed by experienced legal counsel.