04/01/2013
What is the difference between Facsimile Signature vs. Digitized Signature
09/26/2011
What are the components of a secure cashier's check issuance process?
03/14/2011
Does the Durbin Amendment (Dodd-Frank Act) require all banks to adopt PIN-debit (versus signature) transaction technology?
10/04/2010
Regarding automated telephone banking systems, customers can currently inquire (get account balance and info) by phone with their account number and last four digits of their SSN. If they want to transfer funds between their accounts, they must complete an application. My bank wants to give automatic access to transfers too. I'm concerned about Reg E issuing access device rules. Is calling the number and following the steps, "requesting" the access? We have new operations personnel who say all banks do this automatically. Other banks don't have customers fill out a form or call and talk to someone, it is all done through the automated phone system. Does this comply?
11/09/2009
Management is searching for a way to use the internet sign-in process by customers (two factor authentication) as "demonstrable consent" for purposes of E-Sign. I am seeking support for why multi-factor alone cannot be used as demonstrable consent, verifying that the customer was able to receive and read materials sent to them.
02/11/2008
Is there anything stating that we must force our credit union member to opt into answering a security question for password resets online?
09/03/2007
When a ordering debit cards for customers, are there any guidelines that state a bank is required to obtain a signature to order the card?
04/09/2007
What are the rules for customer notification with regards to multi-factor authentication? Do we have to notify the customer 30 days from implementation date?
03/12/2007
We have had several customers express ardent displeasure with multi-factor authentication and the desire to be "opted out." Our system allows for opt-out but an FDIC examiner has told us that opt-out should never be allowed. I understand that it should be extremely limited, but if a very good customer says "turn it off," why should they not have the choice since it is being put in place for their security - provided they are willing to sign some kind of hold harmless agreement. From a Regulatory compliance standpoint we are meeting our obligations by putting multi-factor generally in place, but is the expectation that no customer ever be given a choice?
02/12/2007
Can we allow customers to opt-out of multi-factor authentication?