Access to Internet Banking

Answered by:

Question:

We have a situation where an ex-spouse has been accessing the online banking portal of one of our customers. This ex-spouse has not transacted anything fraudulently as of yet. We have reset the password since being notified of this unauthorized access. We have verified, via IP addresses and times, that our customer did not log in and that it was in fact, the ex-spouse. What law(s) have been broken by the ex-spouse logging into the online banking site of the customer? Are there any areas of Reg E that would apply?

Answer:

Reg E wouldn't apply as there were no transactions to dispute. I would say it could be a criminal act of accessing a computer network without authorization. I don't have a cite, but the bank isn't really involved other than to provide evidence. Your customer needs to make a complaint with law enforcement if that is their desire. One question that will be asked, is why he/she didn't change that log on and if you should have brought this up if you were aware. I don't believe this is directly a fault of the bank, it means the customer is negligent for sharing that information in the first place. Your logs may ID a computer, but it won't ID the person using it. So it is hard to say who accessed your files. This may go into the lessons learned file and prompt a periodic reminder that your customers should be vigilant about security and not share log on information. What if a disgruntled ex-partner decided to post that on the web? You could have had losses.

First published on BankersOnline.com 1/12/09