Regarding automated telephone banking systems, customers can currently inquire (get account balance and info) by phone with their account number and last four digits of their SSN. If they want to transfer funds between their accounts, they must complete an application. My bank wants to give automatic access to transfers too. I'm concerned about Reg E issuing access device rules. Is calling the number and following the steps, "requesting" the access? We have new operations personnel who say all banks do this automatically. Other banks don't have customers fill out a form or call and talk to someone, it is all done through the automated phone system. Does this comply?
What does it cost to have a cyber security firm test a bank's computer security to find out where the bank is vulnerable to outside hackers? Who does this work?
Who or what department should own responsibility for ensuring that user access to the internal network and the core banking system is appropriate, and changes to access are made in a timely manner upon termination or transfer of a user to a new position? Should this be HR, managers, IT, or some combination of those three or someone else entirely?
Many of our commercial clients originate ACH files and some transactions get returned for insufficient funds, etc. When an ACH transaction is returned to us, we charge it back to the client’s account, much like we do for returned checks. We have a couple of clients who have asked for an individual ID to appear on our ACH Return Notices, along with appearing on the transaction itself (though DDA and/or Online Banking history), and appearing on the DDA statement. We have a procedure in place that stops this information from printing on the original ACH transaction for consumer clients. Many of them complained, since this field may contain social security numbers. There is no regulation on what has to appear in this field. It may contain a SS number, but may also contain other information. I have seen a mix of things in this field ranging from a blank field, to a person’s name, to a string of numbers and letters that do not mean anything to me. Basically, we hide this field from consumers due to their complaints. The situation I am asking about is slightly different, but I would still like to confirm with you that there are no regulatory or privacy issues. For the custom we are getting ready to ask for, it will show the information that is in this field, it will show it on the actual return notice, it will print it on the statement, and will also appear through DDA and OLB history. The difference here though is that the client who sees this information on his return notice and on hus statement is the same client who populated that field, so I do not think it will be an issue, since it is information that the client provided to us originally, and that he already has access to it, but I wanted to double check before we get too far down this road.
How do you determine the difference between a "check card dispute" and "check card fraud?" If a customer claims he did not make the transaction, but the merchandise was shipped to his address, can we deny the claim? If a merchant verifies the security questions through Visa, and the transaction is approved, is the bank obligated to reimburse the customer?
I've been looking for an alternative to our current image technology. My institution is in the same position as many others: the need to upgrade our system and the desire to do better at providing an image of investigative quality, with no money to do it. Are there any new alternatives for our existing cameras? We've already dropped our lobby cameras to six feet and installed height-marker cameras.
A hold was placed on a deposited check that the bank received by mail. The bank was unable to reach the customer by phone, but mailed the hold notification the same day. The customer contacted the bank by email a week later, upset that he wasn't notified at the time the hold was placed. He stated he received the notification three days after the deposit was made. Would it have been acceptable to notify the customer by email if the message was not detailed, but stated something to the effect "Please contact (bank employee) at (bank name) concerning a hold."?
Do the new E-Verify rules that are effective Sept 8th pertain to banks?
Is a pop up box required to let customers know that they are leaving our bank’s website and linking to our affiliate’s websites?