Is your bank’s current authentication strategy enough to avoid liability?

Posted on: January 24th, 2012 by art

As bankers, we all know that trust is at the core of the bank-customer relationship. Without the trust and confidence of our customers, we don’t have customers. It’s that simple. That said, there’s something else that can come between banks and their customers, a little something called “good faith”.

According to one U.S. District Judge, the inability to act in good faith by adhering to requirements under Uniform Commercial Code (UCC) Article 4A for accepting and processing fraudulent payment transfers has cost a bank substantial financial loss, and could ultimately cost them customers and future profits as a result of damage to the bank’s reputation.

In the article, “Court Says Bank Must Pay After Customer Is Hacked,” a Michigan judge ruled that a bank did not carry its burden of proving that it acted in “good faith” in acting in accordance with reasonable commercial standards of fair dealing in processing fraudulent transactions. As a result, the court ruled that the bank had to pay the Plaintiff $560,000 in damages.

While the bank did satisfy several UCC requirements for authenticating transfers through a security procedure that was commercially reasonable, it failed to provide enough evidence of meeting reasonable commercial standards for responding to phishing-related fraud, in which the Plaintiff lost $1.9 million from 93 fraudulent transfers after an employee was tricked into entering their confidential security token identification and other online credentials.

Had the financial institution acted in accordance with the reasonable standards, the judge said it would have been able to identify the fraudulent transactions based on the customer’s volume and frequency of orders, the large overdraft, and the destination and identities of the beneficiaries.

“A bank dealing fair with its customer, under these circumstances, would have detected and/or stopped the fraudulent wire activity earlier.”

With so much attention on meeting the updated Federal Financial Institutions Examination Council (FFIEC) authentication guidelines, banking institutions need to ask themselves if their current authentication strategy is putting their business, customers and reputation at risk. If so, they may be legally liable, even if the fraudulent payment transfers submitted to the bank are initiated by valid customer credentials.

Today, it is more important than ever that financial institutions take a proactive, multi-layered approach against bank fraud across all banking channels, including the telephone channel. Doing so helps ensure their bank is in accordance with the required standards for identifying fraudulent transactions, and is essential for building and maintaining a high level of trust and confidence with their customers.

An identity authentication solution such as the TrustID® network-based Physical Caller Authentication tool helps banks protect the telephone channel by making the phone number a valid “Something you have” authentication credential, an essential piece of the FFIEC’s multi-factor authentication paradigm for identifying customers. By automatically validating the physical location of the caller before the phone is answered, banks proactively identify fraudulent calls and address good customer inquiries faster, all without putting them through burdensome telephone interrogations that are required by other knowledge-based authentication (KBA) solutions.

While TrustID’s automatic caller authentication secures the telephone channel and helps bank’s meet the FFIEC’s requirements for increased multi-factor authentication, financial institutions are better equipped to protect their business, shareholders’ investments and customer accounts from fraudulent transactions, which as we know can result in long-term reputation damage and significant financial losses.

Tags: , , , , , , , , , , ,

Comments are closed.

  • REQUEST INDUSTRY BRIEFING PAPERS
  • VIEW DEMO
  • USE CASE
  • ANI SPOOFING TOOL

  • CISO Text

             

    Authentication without caller involvement materially improves the customer experience, especially for ‘premier accounts.’ TrustID will greatly assist with not only customer service, but also with board level compliance issues.

    – CISO, top 10 global bank

  • CISO 2 Text

             

    As less customer PII is made available to our contact  center advocates for identity validation, our enterprise risk of a costly data  breach is dramatically decreased.

              – CSO, global financial company

    Offshore agents are highly vulnerable to fraud schemes  and social engineering. TrustID’s solution enables informed routing decisions,  optimizing agent cost reduction programs.

             - CISO, top 10 global bank           

  • VP Quote text

         

    Since  it is now commonly sold by criminals, personal information for identity  authentication is no longer the single solution to identity resolution. The  value of knowing reliably that a customer is calling from their phone is far better security than knowing the last four digits of someone’s SSN.

    - VP of Card Fraud, large international bank