Our wire transfer contract with business customers states that they are responsible for any fraud losses. Will this protect our bank?
Does the new mobile financial service (MFS) guidance included in Appendix E to the FFIEC IT Examination Handbook for Retail Payment Systems provide any direction we’re supposed to take to meet expectations?
Our institution is reviewing procedures for our wire room and call center to respond to inquiries or actual wire transfer requests. Do you have any suggestions?
We operate a small bank yet we experienced losses to criminals from Eastern Europe attacking our account holders. How did they know the information on our account holders and that they banked with our institution?
Our computer penetration company compromised our financial institution by dressing like our local fire inspectors and taking an inspection tour of our branch. How do we detect those types of sneaky tactics by social engineers?
We have out of band authentication procedures already for payments. Won’t those work during a cyber-attack?
On What do Red Flag Examiners Focus ?
Our organization uses a vendor to service our mortgage loans. The vendor emails trial balance data, (loan numbers, names, balances, etc.) to us. The emails are password protected. Is this sufficient under GLBA or must the emails be encrypted?
This sample confidentiality agreement was provided by Dana Turner, Security Education Systems. BIO AND CONTACT INFO