As more and more business customers rely on e-mail, should the bank wire departments accept wire requests (scanned from the banks wire form) via e-mail?
We have added the Multi-factor Authentication process to our website. We have decided to add a link to inform and educate our customers for the up-and-coming feature. Is adding the link enough or do we need to send out statement stuffers?
Do you have anything that would address the issues outlined in the OCC 2005-35 Bulletin concerning Authentication in an Internet Banking Environment such as any type of policies and/or checklists?
With the FFIEC guidelines related to multi-factor authentication, can you offer any information on the VRU/Telephone Banking platform? If banking clients access data via the telephone is the typical SSN/PIN/Account Number input enough to comply with the FFIEC?
Would we meet the multifactor authentication requirements by adding a second password requirement to the logon page of internet banking?
What is the regulatory requirement regarding the minimum number of characters required on passwords used for online banking?
Just completed listening to a CD that we purchased from you titled Multi-Factor Authentication. Unfortunately, I don't get a chance to ask questions, so I'm sending this one off to you in hopes that either Mary Beth Guard or someone familiar with the topic can answer. It was never mentioned whether adding another ID/password challenge is an acceptable form of additional authentication and where appropriate would satisfy the FFIEC directive for end of this year?
We are converting to a new internet banking program and would like to offer customers a function that would allow them to place a stop payment online. We will have "real time" capabilities so the stop would go on to the Core system. My question is this, an oral stop payment is only good for 14 days and requires a customer's signature on a stop payment request to maintain the stop for 6 months. How are stop payments which are entered by customers themselves on the internet to be treated? Does the fact that the customer signed on to the secure site and performed this function themselves suffice, or do we need to send out and obtain a customer's signature on a "paper" stop payment order?
We are considering making loans via the internet. I know CIP and internet security need to be arduous. What other considerations and compliance issues are there?
I oversee the bank website and have been told that new compliance guidelines will soon be in effect, making it mandatory for us to have customers use two different types of verification procedures. This would involve more than just a login and password; a second type of verification procedure would be necessary. Can you clarify exactly what we need to do to be compliant?