Content Inventory

© 2015 Ameriprise Financial, Inc. All rights reserved.
Content Inventory
UX Catalogue of Content for Privacy, Security, and Fraud
October 2016

Content Outline
• Privacy disclosures
• Privacy specific content
• Security specific content
• Fraud specific content
• Methods of Contact for Categories
• Additional Amp Pages with Category Content
For internal use only. Not intended for inspection by, or distribution or quotation to the general public. 2

Privacy Disclosures
• Page = Privacy and Security Center - Primary Page
• Location = Customer Service Center
• Privacy Disclosures listed on page:
• Ameriprise Privacy Notice (optional PDF Download)
• Ameriprise Privacy Policy FAQ (optional PDF Download)
• Internet Privacy Statement
• Ameriprise National Trust Bank privacy notice (optional PDF Download)
• Travel Insurance Privacy Notice (optional PDF Download)
• Social Security Number Protection Policy

Privacy Disclosures Continued
• Page = Our Privacy Policy- Child Page
• Location = Customer Service Center – Subpage of Privacy and Security Center
• Privacy Disclosures listed on page:
• Ameriprise Privacy Notice (optional PDF Download)
• Ameriprise Privacy Policy FAQ (optional PDF Download)
• Internet Privacy Statement
• Travel Insurance Privacy Notice (optional PDF Download)
• Social Security Number Protection Policy
• Additional Privacy “Statement” – Not an explicit disclosure
• Page = Child of “Our Privacy Policy”
• No PDF download option
• Displays information about what we collect from the users (data, activity
tracking, cookies, etc)

Privacy Specific Content
• Page = Online Security Guarantee - Child Page
• Location = Child of Privacy and Security Center – Customer Service Center
• Page Content:
• Our commitment
• Our guarantee
• Client online security responsibilities
• For more information blurb

Security Specific Content
• Page Content:
• Our commitment
• Our guarantee

Security Specific Content Continued
• Page = How we safeguard your information – Primary/Landing Page
• Page Content = Hyperlinked and bulleted list of information, which corresponds
to the child pages of “How we safeguard your information”:
• Bulleted Links:
• Passwords
• Information access
• Information we may request from you
• Secure sessions, encryption, and security questions
• Secure messaging and decryption
• Surveillance
• Email
• Notes:
• No other content is displayed on the page.
• This page only houses those links.

• Page = Passwords – Child Page
• Location = Child of “How we safeguard your information”
• Page Content:
• Explanatory paragraph on required use of a User Name and Password to
access account information on the site, mobile and desktop.
• Six tips for establishing a secure password.
• An additional note on how to create a “strong password.”
• Notes:
• Source listed on this page is for onguardonline.gov
• The source is not hyperlinked.

• Page = Information Access – Child Page
• Page Content:
• A single explanatory paragraph.
• Informs the user that Ameriprise Financial computers are protected by
security and only authorized personnel can use those company systems.

• Page = Information we may request from you – Child Page
• Page Content:
• Two paragraphs and one solitary sentence.
• Paragraph one informs the user that the company will need to verify their
accounts should they contact us. Tells the user what information we will
not ask for when verifying their account over email.
• Paragraph two provides contact information via phone, in the event the
user has questions on or wants to report suspicious activity.
• The lone sentence tells the user they can “forward fraudulent emails or
report security concerns” via the hyperlinked portion of that sentence.
• No outright email address is provided.
• Users click the link and are directed to the “Reporting fraud to
Ameriprise financial page.”

• Page = Secure Messaging and Decryption – Child Page
• Page Content:
• Secure Messaging Section – details what the Ameriprise message center
is
• Section One details “Secure sessions and encryption”:
• Informs user of ways to verify the session is secure. Information
on https in the address bar, and the padlock symbol, logging out of
secure sessions, etc.
• Encourages the user to register on the secure site for an account,
so that they have access to the secure messaging option.
• Section Two provides an explanatory paragraph on the roll of ‘decryption’
tools.
• Tells the user they will need decryption tools to open a secure file
sent to them by Ameriprise.
• Displays a table that outlines decryption tools, along with the costs
(some are free) and download links – instructions.

• Page = Surveillance – Child Page
• Page Content:
• This single paragraph – “Ameriprise Financial builds profiles for all of its
users that document normal site usage patterns, including login
frequency and transactions performed online. We use this information to
detect unusual activity on your account, so that we can verify your
identity and ensure that no one has unauthorized access to your
accounts.”
• No other information is on the page, no links, just that paragraph.

• Page = Email – Child Page
• Page Content:
• One solid paragraph and a few other lines of information with links to other relevant
Amp pages.
• Informs the user that Ameriprise communication falls into two categories – the
paragraphs provides this information:
•“Client service email may include information about your online registration, electronic
delivery notification that a message or document is available for you to view online,
information about products and services for which you are registered, and responses to
client service emails you initiate. You cannot opt out of client service emails and may
continue to receive these emails even if you have requested to not receive email
marketing offers from Ameriprise Financial.
•“Marketing email may include newsletters, information about products and services or
special offers from your advisor or Ameriprise Financial. You may opt out of marketing
email messages at any time.”
• The “opt out” link directs the user to a different page
(https://ipp.ameriprise.com/emailcpt/) and tells them enter their email to begin
updating preferences. No other information is provided on this landing page. No
breadcrumbs or identifying navigation as to where this page is stored.
• The last sentence directs the user to “Take these steps to help ensure you receive
emails from Ameriprise Financial.
• That page provides a list of emails the users should add to their email
accounts so that messages received from those addresses are not sent to
spam.

• Page = Update Email Preferences – Child Page
• Page Content:
• This is the same page that users can access via the “Email” page, if they click the
“opt out” link in the first paragraph of that page.
• Users are directed to a stand-alone page.

• Page = How you can protect yourself
• Page Content:

Fraud Specific Content
• Page = Information we may request from you – Child Page
• Page Content:
• “If you are contacted otherwise or if you encounter a suspicious
communication that you believe appears to be from Ameriprise Financial,
please contact us at the Ameriprise Financial Services Suspicious Activity
Hotline at 800.862.7919, Ext 11208, Monday through Friday 8:00 a.m. –
4:30 p.m. Central Time.”
• “You may also forward fraudulent emails or report security concerns.”

Methods of Contact for Categories
• Page Content:
• Our commitment
• Our guarantee

UX Practices
Evaluation Guide:
• In the process of gap analysis (or any analysis) there is a general list of
principles again which products (ex: desktop) are held to:
1. The site should provide multiple ways to access the same information.
2. Indexes and sitemaps should be employed to supplement that taxonomy.
3. The navigation system should provide users with a sense of context.
4. The site should consistently use language appropriate for the audience.
5. Searching and browsing should be integrated and reinforce each other.
6. Is it ROT? Redundant, outdated, and/or trivial?
• This guide can be applied in almost any context, however in this analysis the
examination will also consider consistency across all Ameriprise channels.

Gap 1
Usefulness, Relevance, and
Communication

Gap 1 - Usefulness, Relevance, and Communication
• Present security threats more clearly – if users need to know about a potential
breach, or a new virus is in the news, alert the users with that information in
some kind of alert. This could be a ‘spotlight’ section or module.
• This fosters a sense of importance and communicates to the user that we are
constantly addressing those concerns and keeping them up-to-date.
• That could also tie in to future pages that focus specifically on
fraud/security/privacy.
• Tie into advisors potential and communicate that we’re proactive in person, not
just online. Don’t put all of the onus on the user and hope the online security
guarantee (and other guarantees) is enough to placate. This could tie into
greater marketing potential on join.com, as our advisors taken client care to the
next level by being more vigilante than competitors on account security, fraud,
etc.
• When breaking out next steps, don’t just highlight what the user needs to do in
that situation (and there is more than one) but tell them what they can expect
from Ameriprise each step of the way. How long will it take us to contact them?
When can they expect a reimbursement, etc.

Gap 1 - Usefulness, Relevance, and Communication
• How you can protect yourself:
• We address spyware and antivirus protection but don’t take the extra step of
recommending any particular software they can use (either free or for charge).
At least follow-through and provide external links for that information.
• With encryption and secure messaging much of this information can be
condensed or restructured altogether.
• Commitment to Security page:
• This is essentially a list of the three paragraphs of distinct guarantees and a
text link to our Customer Privacy Statement. If the privacy statement is that
important, call it out elsewhere, but inline with other privacy statements.
• This page could be folded under the general Privacy and Security page.

Gap 2
Clarity, Accuracy, and Completeness

Gap 2 – Clarity, Accuracy, and Completeness
• We devote more attention to privacy agreements then we do to Fraud and
Security.
• Provide clear distinctions between Security, Fraud, and Privacy.
- Move the “Our commitment to security” promise to the initial page of the Security Center.
- Move each statement on our “commitment” to the appropriate section. Commitment to Privacy goes
on privacy, etc.
- Change wording for Senior Citizen/Vulnerable resources - “Resources for Mature or Vulnerable
Investors.”
- Make all “sources” live links.
• Provide clear access to Fraud, complete with it’s own landing page and incorporation into
the left side navigation.
• Consistency – methods of contact (including both who and how), as well as hours of
operation need to be consistent, not just across these pages but across the site.
- Secure Sites and any other channel should present the same information when necessary. If they
have different hours of operation for something, then that should be noted.
- If mobile phone (app) customer service contact hours are different, then that should be addressed
on the mobile app as well.

Fraud:
• Provide clear steps on how to report fraud, with multiple points of contact and
consistency across all sites/channels for contact hours, methods of contact,
required information from the user, etc.
• Provide the user with examples of fraud, including visual cues, explanatory
information, and next steps should they suspect they’ve encountered
something.
• Address concerns and next steps for reporting fraud and suspicious activity
more clearly. Break that information out from the bottom of the “contact us”
page.
• Provide more insights and preventative measures with articles/external links
to additional resources.
• Clearly define and separate phone contact and email contact info/instructions
• Types of fraud, let’s keep these all on the same page. A paragraph should
suffice, max, since we can clearly define “examples” visually under the
Examples of Fraud page.

Fraud:
something.
page.
suffice, max, since we can clearly define “examples” visually under the
Examples of Fraud page.

Gap 3
Navigation and Ease of Use

Analysis:
• Media is scattered per “category”, but there is no central location. The
Newsroom is separate from Financial Articles, which is separate from Special
Studies, which is separate from several other items:
- Newsroom:
○ Commentary
○ Research Studies
○ News Releases
- Financial Articles
- Research Tools
○ News Headlines
- Research & Life Events:
○ Insights
- Videos

Analysis:
• The customer service page navigation (left side) is convoluted; it takes the
user too long to find specific information that is not in someway related to a
privacy agreement/privacy blurb.
• When users query for information on security, privacy, and fraud our search
returns are minimal.
- User searches on Amp.com for the security, privacy, and fraud return the top two or three results will
return relevant information. We should tie in more articles or sources that will display for those
“generalized” search

Recommendations
Short Term and Long Term

Recommendations
Short Term
• Add a link on the home page and in top navigation that directs the user to
Security, Privacy, and Fraud
• However you word it, ex: Center, Resources, Library, etc - the label (CTA or Text
Link) for that user direction should be less than seven words and tell the user
what they’re going to find when they navigate.
• Condense Privacy notices and agreements on to one or two pages.
• If a privacy notice, or any kind of guarantee contains a max of two paragraphs, it
can be grouped on to a primary page or another subpage.
• Give fraud it’s own landing page and add examples of fraud types.
• Add clear, concise “next steps” for both security and fraud:
• For both prevention and remedy.
• Breakout a subpage (L2) entirely for mobile security.
• This will be more concise and clear if remains a subpage, not a primary (L1) page.

Recommendations
Long Term
• Continue building out the Fraud ”Center”.
• Let the user sign up for continued alerts or tips on protection, that can be
emailed/texted/tweeted/whatever you.
• Build out quizzes (more than one and in differing formats) that test preparation,
knowledge, etc.
• Continue to make reporting concerns or directly contacting customer service
regarding possible fraud or security breaches easier – including allowing them to
submit screenshots or attachments so we can better see what they’re seeing.
• Examine the rest of the site architecture to find more places to tie-in to the
Security, privacy, and fraud pages. – Ex Insight pages, Newsroom page, etc. –
Whether we employ banners or some CTA.
• When making the experience more interactive, consider regions. For ex: users
could find security and fraud data by interactive with a ”map(s)”, and finding data
relevant to other cities or countries. Another way to look at this is gamification.
• Optimize the search engine to display more results and more specialized results
when users search key words related security, privacy, and fraud.

Continuing
Recommendations
Individually addressing Security, Privacy
and Fraud

Security Center Recommendations
The bulk of what’s listed on the existing Online Security Guarantee site, from the left
side navigation of Client Online Security Responsibilities down, can be moved under
the “How you can protect yourself.”
• Or we can leave a blurb that highlights how online security is also their responsibility, and
provide a link for those “steps” that’ll direct them to the section under “how you can
protect yourself.”
Under “How we safeguard you” – Combine the following pages:
1. Info Access (Page) and What we may request of you can be on the same
page.
2. Email and Update email preferences can be on the same page.
3. Instead of making them their own pages, these could be expanding panels
that display this information, so they can click to open “passwords” or “secure
messaging/decryption” if they want to read it.
4. Move the “Take these steps to ensure you receive Amp email” under the
Email page/Update Email page.
○ We could leave a hyperlink to those next steps but this could also be an expanding
panel of info, so they can open the information on the same page.
○ Leave it as Email (Email Security and Preferences)
33

Security Center Recommendations
• Move the “Commitment to Security” information, so that’s now a sub-page of the
primary “Security/Security Center” site.
• Or since Privacy policies would not be housed under the “Privacy” page, there would be
room to incorporate it on to the Primary Security page, instead of creating a subpage.
• Remove the “Privacy Policy” call out from the “Commitment to Security Info”
since Privacy is its own separate section.
• If the Internet Privacy Statement is actually a statement and not a “policy” then it
should be removed from the overall Privacy Policy list.
• Change the wording of the “Secure sessions, encryption, etc” to simply state
“Encryption and Security.” Something similar. That or create a new page that
combines info on Encryption and Decryption.
• Possibly move the Surveillance page – moved under the new Information
Access/Info we will want page.

Privacy Recommendations
• Remove the download icon by each one privacy statement, as clicking the link
opens the form and users have the option to download from there.
• Or provide explanatory text telling them they will have to actively download to
their desktop once opening the file.
• List all the Policies in place, except for the Fraud Guarantee – which would be
moved to the Fraud Security section.
• The “Internet Privacy Statement” under Our Privacy Policy does not need to be
it’s own subpage.
• Either offer users a link for this on the Privacy policy page, allowing them to choose to
review it that way. Wouldn’t need to be a separate page, this could be a pop-out display.

Fraud Recommendations
• When displaying examples/types of fraud, try to keep them all accessible from
one the same page.
• A single explanatory paragraph on the specific ‘type’ of fraud should suffice,
max, since we can clearly define “examples” since we should also present
visual representations whenever possible.
something.
page.

Fraud Recommendations
suffice, max, since we can clearly define “examples” visually under the Examples
of Fraud page.

Proposed Architecture
Structuring content and site mapping

Architecture Recommendations
1 Security and Privacy Center (primary page/landing page):
2 Online security commitment and guarantee (Subpage)
2 Mobile Security (Subpage)
2 Privacy (Subpage)
2 How you can protect yourself (Subpage)
3 Spyware, Antivirus, and Firewall Protection (Sub page of how you can
protect yourself)
2 Safeguarding your information (Subpage)
3 Information Access and Information we may request:
◦ Surveillance
3 Encryption and Security:
◦ Passwords
◦ Secure messaging/encryption/decryption
3 Email Security and Preferences
2 How knowledgeable are you/quizzes?

Architecture Recommendations
1 Fraud Protection (primary page/landing page):
2 Our Fraud Guarantee (subpage)
2 Reporting Fraud
2 Personal Information and Fraud (Or just personal info)
2 Types of Fraud/Examples
2 Resources (articles, videos, external links to more information on
Fraud Protection, etc).

Research, Insights and
Resources

Research, Insights and Resources
Security Search Results:
Top 3 Results:
1. Online security guarantee
2. Privacy and security center
3. Social security retirement
benefits

Fraud Search Results:
Top 3 Results:
1. Reporting fraud to Ameriprise
2. About email fraud
3. Commitment to security

Privacy Search Results
Top 3 Results:
1. Privacy and Security Center
2. Internet Privacy Statement
3. Our Privacy Policy

Content Type Ameriprise
Edward
Jones Fidelity Vanguard Merrill Schwab
Wells
Fargo
Advisors
Commitment to security ◑ ○ ◕ ○ ◕ ◔ ○
Online Security Guarantee ● ○ ● ○ ● ● ●
Fraud awareness and
prevention
◔ ● ◔ ◔ ◑ ◔ ◔
Privacy policies ● ◕ ● ◑ ● ● ◑
How we safeguard your
information online
● ◔ ◕ ◑ ◑ ● ◑
How we safeguard your
information internally
○ ○ ● ◕ ◕ ● ○
How you can protect yourself ◑ ◔ ◑ ◑ ◔ ◕ ◑
Competitor Content Matrix – Content Gaps
Evaluated by the volume and promotion of content. Examples:
● = Dedicated section or multiple pages of content with promotion from the home page or high-level index page
◑ = A paragraph of content on the same page as other topics with little or no promotion
○ = No content at all

Research, Insights and Resources (Benchmarking)
Best Practice Ameriprise
Edward
Jones Fidelity Vanguard
Merrill
Lynch Schwab
Wells Fargo
Advisors
Offer a unified security center
that is easily accessible on both
public and private sites
● NA ● ◑ NA NA NA
Include mobile security advice
within security centers
◑ ○ ◑ ● ○ ◑ ●
Instead of vague security
advice, provide actionable steps
for protection
◔ ◔ ● ● ◑ ◕ ◔
Identify/define common cyber-
security threats to educate
clients
◑ ◑ ◑ ● ● ◑ ●
Offer multimedia resources to
better explain security policies
○ ○ ◔ ○ ○ ● ○
Spell out steps for reporting
fraud
◑ ◔ ● ● ◕ ● ◑
Provide contact info for federal
resources & credit agencies
◔ ◕ ◕ ◑ ◑ ◕ ●
Actively promote security
features and fraud
reimbursement policies
◑ ◔ ● ● ◑ ● ◑
Provide clients with discounts
on security products and free
system checkups
○ ○ ● ○ ● ◔ ◔
Properly curate security advice;
outdated security information is
counterproductive
◑ ◔ ◕ ◕ ◔ ◕ ◕

2015 Broker Monitor Report:
• Offer a unified security center that is easily accessible on both public and private
sites
• Include mobile security advice within security centers
• Instead of vague security advice, provide actionable steps for protection
• Identify and define common cyber-security threats to educate clients
• Offer multimedia resources to better explain security policies
• Spell out steps for reporting fraud
• Provide contact info for federal resources and credit agencies
• Actively promote security features and fraud reimbursement policies
• Provide clients with discounts on security products and free system checkups
• Properly curate security advice; outdated security information is counterproductive

Broker Monitor Recommendations:
• Firms should incorporate their security centers into the overarching navigation of
their websites and move away from standalone security sitelets.
• Include mobile security advice within security centers.
• Offer general mobile safety tips
• Offer detailed, actionable steps that clients can follow to improve digital security.
• Provide detailed information about existing threats, including definitions, visual
examples, symptoms, preventative measures, and next-steps for clients.
• Spell out next-steps for fraud.
• Include a recent security alerts section within the security center that addresses
both firm-specific and general cyber threats.

FINRA Examples:
• List detailed examples of fraud, including lists of common tactics and
prevention strategies.
• Preventions tips, including red flags, questions and the “correct” responses to
expect from investment professionals.
• Risk and scam meters, aka quizzes to determine rate of risk.
• Concise list of when (and for whom) it is okay for users to reveal data such as
social security number, along with clear next-steps for reporting and following-
up.

Americans feel the tensions between privacy and security concerns:
• http://www.pewresearch.org/topics/privacy-and-safety/
Key findings from The Global State of Information Security® Survey 2016:
• http://www.pwc.com/gx/en/consulting-services/information-security-survey/assets/pwc-
gsiss-2016-financial-services.pdf
2015 Broker Monitor Report
Practices and Standards:
• https://www.suntrust.com/Static/Documents/Commercial_Corporate_and_Institutional/
SunTrust_10BestPracticesforOnlineSecurityandFraudProtection.pdf
FINRA:
• http://www.finra.org/investors/avoid-fraud
Top word searches:
• http://www.wordstream.com/popular-keywords/internet-security-keywords

Content Inventory

Recommended

Recommended

More Related Content

Similar to Content Inventory

Similar to Content Inventory (20)

More from Jaime Brown

More from Jaime Brown (20)

Recently uploaded

Recently uploaded (20)

Content Inventory