I attended a fraud symposium sponsored by one of my state’s largest banks where they referenced their approach on preventing and detecting fraud as a “shared responsibility.” The bank’s representatives highlighted bank products available to better protect the customer and the bank from instances of fraud, and discussed how in the future account holders would have to decide if they wanted the additional bank products (for a cost), and if not used, then the burden (and cost) of a fraud could shift from the bank to the customer.
Another banking session discussed the customer’s responsibilities to detect fraud and to timely notify the bank of any potential or actual instances of fraud in a timely manner (or run the risk of bearing the cost of the fraud versus the bank). The “timely” was defined as 30 days for paper statement customers, and as quickly as 24 hours for any electronic or on-line customers.
Well, the shift seems to be happening as described.
In reviewing Bank of America’s electronic agreements today, I noticed written within one of the long detailed legal notice (something I suspect no one ever reads but simply clicks the “accept” button) that if you fail to notify the bank of a potential compromise of the account of user id information within (4) days, and the bank can show the customer should have known of the compromise, the customer will be exposed up to $500. I saw similar language in my mortgage company during the fall, shifting the burden away from them to protect my account and information.
Here’s an interesting question to raise with your state’s banking commission. If you go away on a vacation for a period greater than the four day requirement, and while away you have no Internet access (you are one of the lucky ones basking in the sun on the Fiji Islands), how would you be able to monitor your on-line accounts daily to enable you to fulfill the four day requirement. If your account was compromised on Monday, and you returned on the following Saturday, the first day you had an opportunity to check your account activity, five business days would have passed, and now you could be potentially responsible for the fraudulent activity that occurred between Monday and Saturday (or have to prove to the bank you had no way of knowing).
Seem ludicrous? You may want to check you bank’s policies.