Problem: People balk at having online access to seldom used financial, insurance, and service accounts.
Financial and insurance institutions want consumers to access accounts online. It lowers costs and provides consistent service.
People note the potential for high cost losses, the one-sided user agreements, and complete lack of recourse for most fraud. Some may choose online access for primary banking; the convenience outweighing the risk. Many more will avoid online access to a 401(k) plan.
Solution: Provide information only accounts by default.
Information about an account is less valuable than the money in it. Being a little careless with your account, such as accessing it from a computer, becomes similiar to throwing out printed statements without shreading them.
These accounts would let people see their balances and fees, make most routine changes, but not make ones that severly compromise security. For example, transfering money from savings to checking is OK; changing mutual funds is OK; adding a newborn to your insurance is OK; changing your address is not OK; disbursing money to outside accounts is right out. The risk of catastrophic loss decreases.
There are some implementations approaching this solution, aimed at preventing catastrophic losses. Bank of America provides alert notifications by email when selected activities occur, such as adding a new Payee. E*Trade uses separate passwords for viewing information and trading securities.
This idea provides lower costs to institutions, more convenience to consumers, and less loss to fraud all around. What’s not to like?
4 comments ↓
I’m OK with merely seeing the data online, and requiring a phone call even for transferring between mutual funds.
This is what Charles Schwab does by default. You can trade stocks, mutual funds, look at balances and positions, etc., but transferring money to an outside account, or having a check sent, requires additional paperwork and proof of identity. Works for me.
Unlike Judith, I prefer full online access to my account, and would change brokers if they didn’t make it available. I don’t see a telephone call (with, presumably, a PIN for authentication) as more secure than SSL over the public Internet.
(Sorry, in the above, I should point out that I meant “requires additional paperwork and proof of identity” to set up, not for every instance of use.)
Hi Micheal,
I agree with you that it’s up to each user to figure out what the comfort zone. I spent a comical half hour recently with another large brokerage/financial house trying to guess what my password was when I last touched the online access to the account in 2005. I needed to transfer over an old account which I last touched in 2001.
The usual worry is that this sequence usually transfers money if the computer or upstream has been compromised:
1. Change the mailing address. Block delivery of email confirmations to changes.
2. Wait 15 days of lock-out period.
3. Request a reset of the PIN and paperwork system. Fill in more paperwork. Wait.
4. Transfer money out.
Because the user is ultimately on the hook for the loss, the user must be in control.
Leave a Comment