For the second year in a row, the winter edition of the FDIC’s Supervisory Insights Journal includes an article discussing the risks associated with mobile payment services. Last year’s article, which focused primarily on security and fraud concerns, was reviewed in a blog post last December. This year’s article highlights a broader range of risks associated with mobile payments. These risks arise in part from the fact that mobile payments require interactions between numerous entities in the payment process. In addition, much of the innovation in the market is driven by young, entrepreneurial companies that may not be familiar with the supervisory framework applicable to depository institutions.
Entries in Electronic Transactions (9)
The Financial Crimes Enforcement Network (FinCEN) recently issued an advisory bulletin warning financial institutions on the risks associated with maintaining deposit accounts for third-party payment processors (“Payment Processors”). Payment Processors are companies that initiate payment transactions on behalf of their own customers, typically merchants and other businesses, where these customers lack a direct relationship with the financial institution. Payment processors may service domestic or foreign businesses that are conventional bricks-and-mortar establishments or internet-based.
The FFIEC and several federal banking agencies (the Federal Reserve, FDIC, and OCC) recently announced the publication of new and revised guidance on the use of third-party technology service providers (“TSPs”) by federally-regulated financial institutions...
First Circuit Reverses Patco v. People’s United: Internet Banking Security Procedures were not Commercially Reasonable
On July 3, 2012, a three-judge panel of the the First Circuit Court of Appeals reversed the summary judgment granted to People’s United Bank in the case of Patco Construction Co., Inc. v. Peoples United Bank, --- F.3d ----, 2012 WL 2543057 (C.A. 1 (Me.)). The case has been widely followed in the banking industry, there being few court decisions analyzing the legal framework for liability with respect to unauthorized internet banking transactions. The original grant of summary judgment by the Federal District Court of the District of Maine was considered a victory for the bank, but the First Circuit’s decision negates most of this victory.
A special Electronic Crimes Task Force formed by the United States Secret Service and the Texas Department of Banking recently issued a report entitled “Best Practices: Reducing the Risks of Corporate Account Takeovers” (the “Report”). The Report details nineteen recommended processes and controls that focus on the core elements of a risk-management framework developed by the Secret Service, the FBI, the Internet Crime Complaint Center, and the Financial Services Information Sharing and Analysis Center: protect, detect, and respond. The Report expands on the standards set forth in the FFIEC’s Supplement to Authentication in an Internet Banking Environment issued in June of 2011, which we discussed in a prior blog post.
The value of the Report lies in the specificity of its recommendations. Each of its nineteen recommended processes and controls is accompanied by detailed examples and “best practices” for consideration. The Report also provides a number of references and sample forms, including for risk assessment and employee/customer training. Although certain best practices may not be appropriate in a particular circumstance, the Report can serve as a useful checklist and resource in developing risk assessment and mitigation programs.