Customer Controls. a) Customer understands that all portions, aspects, and details of the security procedure, including User IDs, passwords, and security devices, are confidential. Customer agrees to establish physical, operational, and technical controls to protect the confidentiality of the security procedure and limit access and disclosure to only those persons who have a need to know such information. Customer agrees to: (i) prohibit Authorized Users from sharing User IDs or passwords; (ii) require that each Authorized User change their password (A) on a periodic basis; (B) any time instructed by Bank; and (C) any time the Authorized User has reason to believe that any other person may know their password; (iii) periodically review all Authorized Users to determine whether each should be entitled to view, access, or control an Account or use any Service; (iv) use the "self-service" functionality of any Service, if available, to immediately remove any Authorized User Customer deems no longer authorized to view, access, or control Customer's Account or use any Service, and any Authorized User that leaves Customer's employment. If "self-service" functionality is not made available to Customer, Customer will immediately notify Bank of any Authorized User Customer deems no longer authorized to view, access, or control an Account or use any Service, and any Authorized User that leaves Customer's employment; (v) institute an internal review process whereby before any Payment Order can be made or released, such Payment Order must be (A) reviewed to ensure that it is for an amount within the purported Authorized User's internally established authority ("threshold control") and (B) approved by at least one other person ("dual control"); and (vi) keep all Components (as defined in Section 17 below) used for any Services up-to-date in accordance with the manufacturer's recommendations, industry standards, and as otherwise required by Bank. b) Some Services provide functionality that enables Customer to electronically establish threshold control and dual control. If provided, Customer is required to use such functionality. c) Customer understands that its failure to implement any of the controls described in this Section 7 increases Customer's exposure to, and potential liability for, unauthorized or fraudulent transactions, including Payment Orders. Bank is released from, and Customer will be solely liable for, any loss, damage, cost, or expense that may result from Customer's failure to establish, implement, or maintain any control described in this Section 7.
Appears in 2 contracts
Sources: Business Online Banking Agreement, Business Online Banking Agreement