10/11/2010
Is sharing a user ID and password (provided by a service provider) acceptable for commercial and subscription-based applications? Sharing of user-level access is generally prohibited within the corporate and other secured environment.
09/27/2010
With all the new advances in online banking, what are the rules concerning online banking transfers between two business accounts (corporate, LLC, partnership) with two different tax ID numbers, but both are owned by the same person?
05/10/2010
Many of our commercial clients originate ACH files and some transactions get returned for insufficient funds, etc. When an ACH transaction is returned to us, we charge it back to the client’s account, much like we do for returned checks. We have a couple of clients who have asked for an individual ID to appear on our ACH Return Notices, along with appearing on the transaction itself (though DDA and/or Online Banking history), and appearing on the DDA statement. We have a procedure in place that stops this information from printing on the original ACH transaction for consumer clients. Many of them complained, since this field may contain social security numbers. There is no regulation on what has to appear in this field. It may contain a SS number, but may also contain other information. I have seen a mix of things in this field ranging from a blank field, to a person’s name, to a string of numbers and letters that do not mean anything to me. Basically, we hide this field from consumers due to their complaints. The situation I am asking about is slightly different, but I would still like to confirm with you that there are no regulatory or privacy issues. For the custom we are getting ready to ask for, it will show the information that is in this field, it will show it on the actual return notice, it will print it on the statement, and will also appear through DDA and OLB history. The difference here though is that the client who sees this information on his return notice and on hus statement is the same client who populated that field, so I do not think it will be an issue, since it is information that the client provided to us originally, and that he already has access to it, but I wanted to double check before we get too far down this road.
07/26/2009
A bank's customer has signed up for the bank's online banking program. The customer also signs up for bill pay using the bank's bill pay application. The customer’s PC has been hacked between the customer's PC and the bank's computer system. The bad guy has control over the customer's PC and can now see ID, passwords, everything. The bad guy transfers money out of the customer's account to a valid DDA account in Florida. The customer in the Florida bank was hired by the bad guy to keep $500.00 and wire the rest of the money out of the country. The customer in my bank sees his DDA statement and sees the bad transaction(s). He comes to the bank and dispute the items. The bank says sorry, the loss is yours; you should protect your PC better. Who has the loss, the customer with online banking or the bank? Is the customer protected because of Reg. E? Reg E was not written for online banking and bill pay, but maybe it extends coverage to now include online banking? Do you know of any legal cases in the US that might help address this as well?
06/22/2009
We are looking for some clarification on Reg E - 205.9 on periodic statements. In section (a) it talks about what is required on the receipt from a merchant, then in (b) when it is talking about the periodic statements, the requirement (v) says the name of any third party to or from whom funds were transferred. We have several merchants in the area that are passing just an address in the field captured by the core product and not putting an actual name. Is the merchant, such as ABC Company, considered the third party, and is the company name required on the statement? The item appears with date, amount, terminal ID number, location, but does not necessarily say the business name.
03/23/2009
Can someone please explain what “push” and “pull” mean in regards to e-banking?
03/23/2009
How do you deal with e-statements that are undeliverable that bounce back to the bank unopened?
01/12/2009
We have a situation where an ex-spouse has been accessing the online banking portal of one of our customers. This ex-spouse has not transacted anything fraudulently as of yet. We have reset the password since being notified of this unauthorized access. We have verified, via IP addresses and times, that our customer did not log in and that it was in fact, the ex-spouse. What law(s) have been broken by the ex-spouse logging into the online banking site of the customer? Are there any areas of Reg E that would apply?
11/17/2008
I'm not sure if we have crossed any compliance or legal lines by allowing the following with regards to online banking access. A customer is both an officer and an authorized signer on a business account, either a corporation or LLC. This person also has a personal DDA account with the bank. The customer has applied for and been granted access to view his business account via our online banking product. The same customer also wants to view his personal account via online banking, but he does not want to have a separate access ID and password for the personal account. To honor the customer's request we have granted viewing privileges to both the business and personal DDA accounts under one access ID and password. Can you tell me if we have entered a gray area by doing this? Should the bank insist on keeping business and personal accounts separate in online banking by having different access IDs for both types of accounts?
05/28/2007
We have a customer who had their Visa debit card stolen. He filed a police report and we filed a dispute. The dispute came back denied because they had a signature, but it was not his signature. Why are [Name of Discount Stores Withheld] not responsible for these charges as they did not check the ID of their customer? The signature is clearly different, what can we do?