II.C.16(a)     Customer Awareness

The institution's customer awareness and education efforts should consider both retail and commercial account holders and include the following elements:

  • An explanation of protections provided, and not provided, to account holders relative to electronic funds transfers under Regulation E, and a related explanation of the applicability of Regulation E to the types of accounts accessible online.
  • An explanation that while the institution may contact a customer regarding his or her account or suspicious activities related to his or her account, the institution should never ask the customer to provide his or her log-in credentials over the phone or via e-mail.
  • A list of recommended controls and prudent practices that the customer should implement when using the institution's remote financial services.
  • A suggestion that commercial online customers perform a related risk assessment and controls evaluation periodically.
  • Recommendations of technical and business controls to commercial customers that can be implemented to mitigate the risks from fraud schemes such as Business Email Compromise.See Federal Bureau of Investigation, Alert I-012215-PSA.
  • A method to contact the institution if customers notice suspicious account activity.


Previous Section
II.C.16 Customer Remote Access to Financial Services
Next Section
II.C.17 Application Security