Banks' customer awareness programs should explain protections provided by the institution that deal with electronic funds transfers, according to the FFIEC. They also should explain any circumstances that would cause the bank to contact the customer and request electronic banking credentials. Commercial customers should be advised to conduct their own regular risk assessments, and banks should provide information about alternative control mechanisms that customers might want to consider for mitigating their own risk. Customers should have access to information about who to contact at their bank if they notice any suspicious activity.
NACHA stresses that banks need to understand that customer education is an ongoing process that requires repeated messages. Posting one-time notices is not enough, the association says. Educational materials should also be easy for customers to understand -- don't use industry jargon. Further, banks need to ensure that customers who contact them regarding suspicious account activity receive a prompt reply. Customers need to be aware of their rights under Regulation E -- the Federal Reserve rules governing electronic funds transfers -- and customers not covered by the regulation should understand what that entails.
The FFIEC's Supplement to Authentication in an Internet Banking Environment can be downloaded at tinyurl.com/9hx7smm.
Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio