Skip to: contentnavigation

Our policy on reimbursement of on-line banking fraud

Purpose

The policy will determine who will be responsible for a loss as a result of on-line banking fraud against a member’s account. For the most part, the decision is either that the credit union will take responsibility for losses arising out of on-line banking fraud, or that the member will be responsible for any losses. The policy will outline the roles and responsibilities of both the credit union and the member in the event of losses.

The main objective is to clearly define

  • Fraud losses that will be reimbursed by the Credit Union
  • Fraud losses that will not be and will be assumed by the member
  • The investigative process to determine responsibility

Roles and Responsibilities of the Credit Union

  • Limit access to on-line banking to only the members that want it
  • Put safeguards in place to limit losses such as daily cash transfer limits and maximum transaction sizes
  • Implement Dual Authentication at login
  • Purchase On-Line Banking Fraud Insurance coverage
  • Keep operating systems and anti-virus programs up to date
  • Train staff on security and loss prevention
  • Educate the members about security

Roles and Responsibilities of the Member

  • Do not disclose their on-line password to anyone
  • Learn how not to be a victim of phishing
  • To have an up to date virus protection program installed on their computer Implement safe computer practices such as always closing your browser when your transactions are completed and avoid using public computers for on-line transactions

Fraud Losses that will be reimbursed to the member by the Credit Union

If the member has incurred a loss because of the following situations, the Credit Union will reimburse for the loss:

  • If their account was accessed by way of a virus or spyware that was unwittingly downloaded on the Member’s computer. If their account was compromised by the disclosure of their password through fraud or deceit (e.g. phishing).
  • If their account was compromised by someone impersonating them to a Credit Union employee to gain access.
  • If there was inadvertent disclosure of a password by a wireless network compromise of the member’s home computer. If the member was a victim of forced disclosure of their password by the use of extortion or the threat of bodily harm.
  • The member must notify the Credit Union immediately after they suspect their account or password has been compromised.
  • The member must cooperate fully in the subsequent investigation.


The Credit Union will not reimburse in the following situations:

  • Where the member is a victim of ‘friendly fraud’. This is where they have willingly given their password or access to their account, to a related party.
  • Where the member is a business entity that has multiple on-line users. Where the member has not cooperated in the investigation.
  • The Credit Union will not make any settlement to the member until the loss has been fully investigated and the member has fully cooperated.

Investigation Process

A proper investigation will accomplish the following:

  • Identify cases of ‘friendly fraud’
  • Identify the source of the compromise so that it can be fixed.
  • Help track the funds for potential recovery.
  • To facilitate the submission of an insurance claim.


Components of a Standard Investigation

  • Track the money – which account did it come out of; where did the funds go to (account number, financial institution, and country), is there a connection between the receiving account and the member?
  • Track the transaction – what account /password were used for the transaction; and which computer was used for the transaction. The Credit Union IT department and /or online banking system provider should be able to provide this information.
  • The member agreement should be reviewed to determine who is responsible for the loss.
  • Account history should be reviewed to determine if any similar transactions had ever been done.

If the loss was as a result of a virus or spyware – a system report should be obtained from the member indicating the type of infection and confirming that it has been cleaned. The member will need to obtain the services of a computer expert. Any findings from the computer expert will be provided to the Credit Union.

  • If the loss was a result of a phishing attack – copies of the emails will be obtained and an affidavit will be obtained from the member attesting that they did not perform the transaction.
  • The member must report the incident to the police.

To reiterate; the Credit Union will not make any settlement to the member until the loss has been fully investigated and the member has fully cooperated.

Wainwright Credit Union policy
December, 2010
 

Copyright © 2007–2012 Wainwright Credit Union Ltd. All rights reserved.