I’ve heard about keylogging- how does it work?
Many of our commercial clients originate ACH files and some transactions get returned for insufficient funds, etc. When an ACH transaction is returned to us, we charge it back to the client’s account, much like we do for returned checks. We have a couple of clients who have asked for an individual ID to appear on our ACH Return Notices, along with appearing on the transaction itself (though DDA and/or Online Banking history), and appearing on the DDA statement. We have a procedure in place that stops this information from printing on the original ACH transaction for consumer clients. Many of them complained, since this field may contain social security numbers. There is no regulation on what has to appear in this field. It may contain a SS number, but may also contain other information. I have seen a mix of things in this field ranging from a blank field, to a person’s name, to a string of numbers and letters that do not mean anything to me. Basically, we hide this field from consumers due to their complaints. The situation I am asking about is slightly different, but I would still like to confirm with you that there are no regulatory or privacy issues. For the custom we are getting ready to ask for, it will show the information that is in this field, it will show it on the actual return notice, it will print it on the statement, and will also appear through DDA and OLB history. The difference here though is that the client who sees this information on his return notice and on hus statement is the same client who populated that field, so I do not think it will be an issue, since it is information that the client provided to us originally, and that he already has access to it, but I wanted to double check before we get too far down this road.
A hold was placed on a deposited check that the bank received by mail. The bank was unable to reach the customer by phone, but mailed the hold notification the same day. The customer contacted the bank by email a week later, upset that he wasn't notified at the time the hold was placed. He stated he received the notification three days after the deposit was made. Would it have been acceptable to notify the customer by email if the message was not detailed, but stated something to the effect "Please contact (bank employee) at (bank name) concerning a hold."?
Can you please tell me what charters/policies are required to be disclosed on our website? Also, does our Whistle Blower Policy need to be included on our website?
Is a pop up box required to let customers know that they are leaving our bank’s website and linking to our affiliate’s websites?
We have our residential mortgage applications available to print on our web site. We include our privacy notice within those documents. Does the applicant need to acknowledge receipt or acceptance of the privacy notice?
We have many customers who have agreed to accept e-statements. Can we include the annual privacy notice in their statement?
When would it be necessary to include a speed bump on a bank web site when moving from the bank web page to other pages such as mortgage or investment affiliates?
Are email addresses considered "non-public personal information" under the privacy rules and regs?