What is the difference between Facsimile Signature vs. Digitized Signature
What are the components of a secure cashier's check issuance process?
Does the Durbin Amendment (Dodd-Frank Act) require all banks to adopt PIN-debit (versus signature) transaction technology?
Regarding automated telephone banking systems, customers can currently inquire (get account balance and info) by phone with their account number and last four digits of their SSN. If they want to transfer funds between their accounts, they must complete an application. My bank wants to give automatic access to transfers too. I'm concerned about Reg E issuing access device rules. Is calling the number and following the steps, "requesting" the access? We have new operations personnel who say all banks do this automatically. Other banks don't have customers fill out a form or call and talk to someone, it is all done through the automated phone system. Does this comply?
Management is searching for a way to use the internet sign-in process by customers (two factor authentication) as "demonstrable consent" for purposes of E-Sign. I am seeking support for why multi-factor alone cannot be used as demonstrable consent, verifying that the customer was able to receive and read materials sent to them.
Is there anything stating that we must force our credit union member to opt into answering a security question for password resets online?
When a ordering debit cards for customers, are there any guidelines that state a bank is required to obtain a signature to order the card?
What are the rules for customer notification with regards to multi-factor authentication? Do we have to notify the customer 30 days from implementation date?
We have had several customers express ardent displeasure with multi-factor authentication and the desire to be "opted out." Our system allows for opt-out but an FDIC examiner has told us that opt-out should never be allowed. I understand that it should be extremely limited, but if a very good customer says "turn it off," why should they not have the choice since it is being put in place for their security - provided they are willing to sign some kind of hold harmless agreement. From a Regulatory compliance standpoint we are meeting our obligations by putting multi-factor generally in place, but is the expectation that no customer ever be given a choice?
Can we allow customers to opt-out of multi-factor authentication?