• Home
  • Subscribe
  • About
  • Archives
  • Search
  • Views
  • Bookstore
  • Careers
  • Consulting
  • Education

OCC Issues Customer Authentication and Internet Banking Alert

Tags » Authentication, Financial Regulators, Online Banking

The Office of the Comptroller of the Currency has published a "Customer Authentication and Internet Banking Alert" to banks reminding them of their need to comply with FFIEC guidance issued last fall and suggesting that "it is anticipated that there will be increased activity by fraudsters to send false communications with the intent of obtaining customer information for the purposes of fraud and identity theft. These communications may attempt to exploit the December 31, 2006, conformance date. For example, communications purporting to be from a national bank could inform customers that, due to the FFIEC guidance, the bank is required to change its security procedures and, as a result, request customers to re-register or provide personal information that would enable the bank to comply with the regulatory requirement."

In addition to the common practice of cloning financial institution Web site, logo, and e-mail formats, such attempts may also use or include the FFIEC logo and may even contain or provide a link to the interagency guidance. The methods used to communicate with customers may include e-mail, telephone calls, and postal mail. Sophisticated schemes may employ multiple methods to "convince" the customer of their legitimacy.

In anticipation of this potential for fraudulent schemes, national banks should inform their customers well in advance of the year-end deadline of their plans and any changes to the bank’s Internet or electronic banking applications, or that no changes are expected. Customers should be warned of possible fraudulent activity and about the types of information that may be requested, such as their social security number, account numbers, passwords, validation questions and answers. Banks should explain their policy regarding such information, e.g., "XYZ National Bank will not ask that you provide to us your social security number, account number, password, or personal identification number (PIN) as this is information we already have on file." Customers should be advised to call the bank for verification before responding to any such request. Banks should consider the establishment of a "hot-line" or toll-free number if one is not currently available.

Date: September 11, 2006 at 09:22 AM Pacific   |      |  

Add your comment... (note that all comments are reviewed before they're published)

Sponsors

News View

Payments Consultants

Subscribe


  • or via RSS

Search

Languages
Glenbrook Partners

PAYMENTS NEWS IS PRODUCED BY AND IS A SERVICE MARK OF GLENBROOK PARTNERS, LLC
ISSN 1556-4487

Glenbrook's Consulting Services

  • Innovation and Strategy
  • Payments Product Development
  • Payments Market Assessments
  • Payments Vendor Selection
  • Merchant Payments Optimization
  • Payments Risk Management
  •  
  • To discuss how Glenbrook can
    help you    , email us:

Glenbrook's Payments Education

  • Payments Boot Camp
  • Emerging Payments Roundtables
  • Special Focus Workshops
  • Private Payments Workshops
  •  
  •  
  •  
  • For more information on Glenbrook's payments education, email us:

Tools for Payments Professionals

  • Glenbrook Writings
  • Payments News
  • Payments Jobs
  • Payments Education
  • Payments Bookstore
  • Payments Glossary
  •  
  • To send us news that you'd like us to cover on Payments News, email us:

Contacts:                        
Compilation Copyright © 2002 - 2008 Glenbrook Partners LLC. All Rights Reserved.
Terms of Use        Privacy Policy        RSS Feed        Payments News RSS Feed

Subscribe to Payments News   

Follow Payments News on Twitter for Real-Time Updates