We are expanding our fraud department and trying to find ways to help customers/prevent future fraud. When we have a customer that has malware on their computer we suggest to them that they should get their computer wiped/scrubbed and then issue new usernames for online banking, bill pay, etc. We are thinking about requiring proof that they have done this or even offering it as a service by our IT department (obviously we would look at different software as well as legalities of this and getting a waiver). Does anyone do either of these? If not, what is your process especially if happens again? thank you

If you talking about consumers, don't give them on-line banking access again. As far as you getting involved in scrubbing other people's computers, I would not touch that with a ten foot pole. I am sure your legal counsel and insurance companies will agree with me.

Agree with Randy about NOT having your IT folks involved. However, we have accepted evidence that computer was wiped out and viruses removed and we have granted access as view only once we receive and on a very rare occasion, transactional ability but that is based on a very tight exception basis.

for our commercial OLB portal, when we are alerted to malware (and we have a service that scans and alerts) on a client computer, we suspend the access of the business and will not re-instate until they provide certification that malware was removed.

we do nothing for retail OLB portal regarding malware, but do give them the option of downloading a 3rd party detection software. if someone has too many instances of issues with retail OLB fraud, we look to remove them as customers (and this does not relate solely to malware, but also if their credentials are compromised in other methods).