Answer:
In short, Yes. You have Reg. E responsibilities and liabilities regardless of who chooses passwords to enter your system. With the customer choosing the passwords you are better off than if you did this, for security reasons. If your employees have no access, you have removed that security risk in the event there is an unauthorized withdrawal claim.
As to security of the system itself, you simply cannot do enough. You have to ensure your systems are secure and those of your vendors. Testing should be done and documented. Check your IT exam procedures to determine what in particular should be done and how often. The OCC has combined much of their Net Banking information in one place. http://www.occ.treas.gov/netbank/netbank.htm is a good reference, although it is not exclusive; look around on the Web and you'll find plenty of information on securing sites and transactions.
First published on BankersOnline.com 3/5/01
Copyright, 2001, BankersOnline.com.
print
share