Wire Transfer Callbacks

Our bank wants to use software that would let a business request a wire transfer through a software package without a callback. It requires an ID and a password. Since wires are a high risk item and passwords can be breached, we would like them to do a callback or at least have preapproved wire intructions on hand that would include the bank and account number. Do others allow wire transfers through software applications without any callbacks? It seems like there should be another layer of security involved in the process. Thoughts?

This is pretty common and the obligation and responsibility for password security is passed to the customer in the on-line wire transfer agreements.

We require the callbacks to confirm. Also, be sure to take a look at your insurance policy for the bank. Ours actually stipulated the level of controls they would be expecting to see-esp. if they had to pay out on a wire-related/unauthorized transfer transaction. Crappy controls, the bank would not be able to draw on the policy.

Do you use tokens? That would mitigate a lot of the risk.

I've seen several processes that utilize the ID/password controls. Some of these have strengthened controls to include callbacks over a certain amount. I have also seen some that permit "repetitive wires" with no callbacks(special coding exists to ID wire); all other wires would require callback.

As Randy referenced, the contract and customer agreement are critical in establishing responsibilities when relying on online wire transfer programs.