A bank's customer has signed up for the bank's online banking program. The customer also signs up for bill pay using the bank's bill pay application. The customer’s PC has been hacked between the customer's PC and the bank's computer system. The bad guy has control over the customer's PC and can now see ID, passwords, everything. The bad guy transfers money out of the customer's account to a valid DDA account in Florida. The customer in the Florida bank was hired by the bad guy to keep $500.00 and wire the rest of the money out of the country. The customer in my bank sees his DDA statement and sees the bad transaction(s). He comes to the bank and dispute the items. The bank says sorry, the loss is yours; you should protect your PC better. Who has the loss, the customer with online banking or the bank? Is the customer protected because of Reg. E? Reg E was not written for online banking and bill pay, but maybe it extends coverage to now include online banking? Do you know of any legal cases in the US that might help address this as well?
We would like to set up an online banking chat on our bank’s website, where our online banking customers will able to contact a customer service representative regarding their accounts. What compliance issues do we need to address to implement this service?
Our bank is currently in the process of testing electronic delivery of monthly deposit account statements to employees on a voluntary basis. The statements are delivered in the following manner: an e-mail notification is sent to customers letting them know that the statement is available for review. Then, in order to view the statement, the customer is required to sign onto the bank's website, where the statement can then be accessed (in order to receive electronic statements, the customer must be signed up for e-banking). The statement can then be printed and/or saved to another file by the customer. What would be the E-SIGN ramifications, if any, of this type of statement delivery? Does this type of statement delivery require the bank to obtain demonstrable consent? Would the log on procedures (username and password) suffice for the customer's electronic signature, etc.?
Can someone please explain what “push” and “pull” mean in regards to e-banking?
If an online banking customer is not opening their e-statements do we have to start sending them paper statements?
We have a situation where an ex-spouse has been accessing the online banking portal of one of our customers. This ex-spouse has not transacted anything fraudulently as of yet. We have reset the password since being notified of this unauthorized access. We have verified, via IP addresses and times, that our customer did not log in and that it was in fact, the ex-spouse. What law(s) have been broken by the ex-spouse logging into the online banking site of the customer? Are there any areas of Reg E that would apply?
Is there a requirement in any regulation that would require a paper statement be sent to a customer after a "bounced e-statement" if you don't get a valid email address in a certain period of time? We will try to contact the customer and get a valid email address when we get a "bounce" on estatements. Statements are also available for viewing for 60 days through online banking sign-on.
I'm not sure if we have crossed any compliance or legal lines by allowing the following with regards to online banking access. A customer is both an officer and an authorized signer on a business account, either a corporation or LLC. This person also has a personal DDA account with the bank. The customer has applied for and been granted access to view his business account via our online banking product. The same customer also wants to view his personal account via online banking, but he does not want to have a separate access ID and password for the personal account. To honor the customer's request we have granted viewing privileges to both the business and personal DDA accounts under one access ID and password. Can you tell me if we have entered a gray area by doing this? Should the bank insist on keeping business and personal accounts separate in online banking by having different access IDs for both types of accounts?
Can we refuse online banking services to a customer who has a history of overdrafts? We received a request for online banking and reviewed the account history and do not feel comfortable granting access to this customer.
We have customers who have signed up for online banking, but aren’t using it. We would like to deactivate these online accounts if there is no activity for 90 days or longer. Do we have to notify customers in advance before doing this?