Topic: Mobile Banking
-
Our core processor notified us that we needed to update our mobile banking app privacy notice to alert customers that the app may access information stored on their device, such their location, contacts, and camera. Apparently, Google requires these additions. We added this information to the “What?” box on the first page of the Regulation P model privacy form, which our processor said was appropriate. However, Laser Pro has informed us that adding this information exceeds the character limit for the “What?” box, and we should instead add the information to the “Other important information” box on page 2 of the model form. Is it permissible to add this information to the “What?” box, and would we still be protected by Regulation P’s safe harbor?
—
by
We do not believe this information should be added to Regulation P’s model privacy form in the “What?” box or “Other important information” box. We believe that the Regulation P privacy policy may be modified only in ways specified in the rule in order for the safe harbor to remain effective. Instead, we recommend adding…
-
If our customer attaches a debit card issued by our bank to a non-bank person-to-person (P2P) payment mobile application, and our customer temporarily loans their phone to a friend, who uses the P2P app to send themself money without permission, would the P2P app be considered the access device? Would the non-bank P2P provider be considered the “financial institution” for error resolution purposes, meaning we can refer the customer to the non-bank P2P provider if the customer notifies us of the fraudulent transaction? Would the answer to this change if the P2P app instead accessed our customer’s account directly rather than through a debit card? Would this even be considered an unauthorized electronic fund transfer (EFT) since the customer voluntarily loaned their phone to their friend? How would this answer change if the fraud was instead committed by an unknown third-party scammer who obtained our customer’s P2P app username and password?
—
by
Yes, we believe the non-bank P2P payment mobile application would be the relevant “access device” in this scenario, as Regulation E defines “access device” as a “card, code, or other means of access to a consumer’s account, or any combination thereof, that may be used by the consumer to initiate electronic fund transfers.” Also, a…
-
If our customer attaches a debit card issued by our bank to a non-bank person-to-person (P2P) payment mobile application, how would this affect what is considered an “accepted access device” under Regulation E? Would the P2P provider be considered the “financial institution” for the purposes of Regulation E’s dispute resolution provisions?
—
by
We believe that an “accepted access device” under Regulation E could include a P2P payment app that your customer has attached to their bank-issued debit card. Under Regulation E, an access device is a “card, code, or other means of access to a consumer’s account, or any combination thereof, that may be used by the…
-
Are there any laws or regulations we must follow with respect to funds availability for mobile deposits? We are aware that Regulation CC is not applicable.
—
by
We are not aware of any law or regulation applicable to funds availability for mobile deposits. Therefore, we believe that the funds availability for your customers’ mobile deposits would be governed by your account agreements and possibly your electronic presentment agreements with other banks. You are correct that Regulation CC’s funds availability provisions are not…
-
We are launching person-to-person payments on our mobile app, using a service provided by our core processor. The service allows our customers to send money to any debit cardholder using the recipient’s debit card number. We have received conflicting opinions as to whether these transactions are covered by Regulation E, meaning that we would be liable for fraud losses (or even customer errors). Our core processor tells us the transactions are not covered by Regulation E, since they are account-to-card transactions.
—
by
We believe that Regulation E and its error resolution requirements would apply to these person-to-person transactions, which qualify as electronic fund transfers. A customer’s electronic authorization of a debit to their account fits squarely in Regulation E’s definition of an “electronic fund transfer.” Regulation E applies to “electronic fund transfers,” defined as transfers initiated through…
-
A form entitled “CONSENT TO CONTACT YOU BY TELEPHONE, TEXT AND EMAIL” has started to appear in our test loan production environment. The form authorizes a lender to contact its loan customer about their loan account by telephone, text and email. Is this form required under Illinois law?
—
by
No, we do not believe this form is required by Illinois law, and we are not aware of any Illinois law requiring a lender to obtain written consent to contact their customers about their loan accounts by telephone, text or email. However, federal law may require that you obtain prior written consent to contact your…
-
We have a potential business customer that would like to set up a deposit account and line of credit. The company sells point of sale (POS) solutions for businesses, by providing equipment for processing POS transactions (they use a third-party vendor to process the transactions). They employ several salespeople in many different states to sell this equipment, and they want to deposit checks by having salespeople take pictures of their checks on their phones and send them to the business owner, who would use our consumer mobile remote deposit capture (RDC) system to deposit the checks, rather than our business RDC system. What are the risks of allowing a customer to use RDC to deposit copies of checks? Does the restrictive endorsement “for mobile banking deposit only” provide sufficient protections?
—
by
Based on the information provided, it is likely that this customer’s deposit methods will increase the risk of fraud. However, it may be possible to reduce the risk of fraud by requiring the customer’s salespeople to apply a restrictive endorsement on the checks before forwarding photos of the checks to the customer’s owner for deposit.…
-
The Official Interpretations for Regulation E note that an unauthorized electronic fund transfer (EFT) includes a transfer made by a consumer at an ATM who was “induced by force to initiate the transfer.” Does similar logic apply when other types of electronic payments are initiated by threat or force? For example, would a customer held at gunpoint and forced to make an EFT using a mobile payment app (such as Venmo) be considered unauthorized?
—
by
In our view, an electronic payment initiated by a consumer through a third-party mobile app like Venmo under threat or force technically would not be considered an “unauthorized transaction.” However, while a consumer may not be eligible for a legally mandated reimbursement for such a transaction, your bank could voluntarily reimburse the customer based on…
-
Our Bank is considering changing the way checks deposited via mobile Remote Deposit Capture (RDC) are reviewed. Currently, if a check is deposited via mobile RDC, it is either accepted or declined, and all deposits are accepted until 6:00 p.m. The deposits are processed as electronic checks and are available for withdrawal the following day. Under the new process, checks will be reviewed by bank staff periodically throughout the day until 5:00 p.m. Any checks that are deposited after 5:00 p.m. will be put into a “suspended” status and will not be reviewed or deposited into the customer’s account until the following business day. Will this new process be compliant with Regulation CC?
—
by
Regulation CC’s availability of fund provisions are not currently applicable to electronic checks. Therefore, we believe that your bank’s policies regarding availability of funds for mobile deposits processed as electronic checks will be governed by your account agreements, which should be updated to reflect the earlier deposit cutoff time of 5:00 p.m. The Federal Reserve…