Automated Telephone Banking Systems

Answered by:

Question:

Regarding automated telephone banking systems, customers can currently inquire (get account balance and info) by phone with their account number and last four digits of their SSN. If they want to transfer funds between their accounts, they must complete an application. My bank wants to give automatic access to transfers too. I'm concerned about Reg E issuing access device rules. Is calling the number and following the steps, "requesting" the access? We have new operations personnel who say all banks do this automatically. Other banks don't have customers fill out a form or call and talk to someone, it is all done through the automated phone system. Does this comply?

Answer:

I'd start by eliminating that "last four of SSN" feature. That's a huge gaping security hole in the event your customer is phished, or a document providing his last four SSN digits is compromised. Even before access is increased beyond the release of balance information, it's poor security. The system needs to be enhanced to provide user name and password security at the minimum, and regulators will push for multiple factor authentication of customer logins.

Regulation E doesn't require an application. However, I do recommend making the customer jump through at least some hoops to gain transaction (transfer) capabilities. Your bank should, at minimum, have a way to be assured that it is the correct customer accessing the account for balances and transfers.

First published on BankersOnline.com 10/04/10