05/18/2009
How can the bank optimize its vendor risk management efforts?
03/23/2009
Can someone please explain what “push” and “pull” mean in regards to e-banking?
03/09/2009
Our financial institution is thinking of immediately lowering our cardholders' daily limit to $100 until the compromised card can be closed and a new card re-issued. Can we do this without prior notification? If we do, would a phone call be considered proper notice or do we need to notify in writing?
02/09/2009
Should a requirement for the position of Information Security Officer be independence? Can the Information Security Officer also have duties associated with the finance area of the bank?
02/02/2009
We just implemented a BlackBerry plan for appropriate bankers. Users and security staff have different opinions regarding the time out control which inactivates the data portion of the BlackBerry requiring the user to re-enter a password to get back in. The factory defaults are set at two minutes, but from a security standpoint we increased it from two minutes to five minutes. The users want up to sixty minutes. What is the recommended industry standard for this control from a security perspective?
01/12/2009
We have a situation where an ex-spouse has been accessing the online banking portal of one of our customers. This ex-spouse has not transacted anything fraudulently as of yet. We have reset the password since being notified of this unauthorized access. We have verified, via IP addresses and times, that our customer did not log in and that it was in fact, the ex-spouse. What law(s) have been broken by the ex-spouse logging into the online banking site of the customer? Are there any areas of Reg E that would apply?
11/03/2008
What individual risk assessments is a bank expected to perform? How do the individual risk assessments fit together with an "enterprise risk assessment"?
09/08/2008
I have a customer that opened three accounts, one for each of her children as they receive Social Security direct deposit benefits. The mother is the signer on each account and the individual child was added as an owner only because they are only nine, eleven and seventeen years of age. The mother wants debit cards in the children’s names so she can keep the account straight as to where she is pulling the money from. Can we issue debit cards to a minor and if so, would the mother have the legal right to use them? How would it be handled if the child’s card was used and they wanted to dispute the transaction?
07/28/2008
I process Visa and MasterCard chargebacks for several financial institutions and I am currently working on a case where the financial institution is not wanting to provide the cardholder provisional credit. The cardholder was making several auto fuel purchases in Florida and was called around the same time to verify transactions on her account. No one knows exactly what was said to verify the charges, but the cardholder agreed the gas charges were hers. Unknowingly to the cardholder there was actually counterfeit activity going on at gas stations in Massachusetts, so after her card was unblocked the fraud continued to happen. The financial institution has decided since the cardholder agreed that the original charges were valid and the card was unblocked for more counterfeit transactions to post, they will not be giving the cardholder credit because the fraud alert company tried to stop a further loss, but the cardholder insisted it wasn't fraud. Since I am the fraud processor, the cardholder keeps calling me because she wants this to be taken care of ASAP. She is out hundreds of dollars, but the financial institution is not budging on giving her credit because it's going to be a loss to them due to the card being counterfeit. Please give me some advice on this issue. I think people can make mistakes and I think when [Name of Fraud Protection Co Withheld] called to verify charges it was an oversight of the cardholder due to her making the same type purchases in her home town and we can not guarantee [Name of Fraud Protection Co Withheld] told her it was out of state charges. The financial institution knows there was counterfeiting going on that weekend because they had at least five accounts affected for the same merchants and state. Is the financial institution required to give the cardholder credit?
07/14/2008
We are thinking about offering E-deposits to customers. The customer would go into the home banking application, enter the amount of the deposit and the check information then physically mail us the paper check. The customer would receive immediate availability on deposits up to a specific limit. Once checks are received (within 5 days) we verify the check information and process the checks normally, but do not post the funds. If the checks are not received in time, we can extend the time requirements. What type of transaction is this considered and which regulation does it follow? Reg D, DD, E or Z? Do we have to provide special disclosures and if so, which ones?