Taking Transactions Mobile


Published on

ESRA 2011 Fall Conference, David Whitaker Presentation

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Taking Transactions Mobile

  1. 1. Taking Transactions Mobile R. David Whitaker Senior Company Counsel Strategy and Operational Risk Group Wells Fargo Bank, N.A. November 9, 2011
  2. 2. Mobile Website (wf.com) (Launched July 2007) Account Balances Transaction History Me2Me Transfers Bill Pay Mobile P2P (Intra-bank) Inter-FI Transfers Store Locator OLB is required Go to wf.com on mobile browser Login using online credentials Classic vs. Enhanced depends on device & browser HOW TO USE Classic (non-webkit) Enhanced (webkit) <ul><li>Core Wells Fargo Mobile Banking Features and Functionality </li></ul><ul><ul><li>Device/platform-specific Downloadable Applications </li></ul></ul><ul><ul><ul><ul><li>iPhone Application </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Palm Application </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Blackberry Application </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Android Application </li></ul></ul></ul></ul>Baseline – Mobile Banking Overview Text Banking (Launched October 2007) Account Balances Transaction History Detailed Trans. History Credit Card Due Date Store Locator One-Time pass-code OLB is not required Activate online (PC) or via wf.com Send text to 93557 (WELLS) Receive response within 10 sec CURRENT FUNCTIONALITY Mobile Application (Launched May 2009) OLB is required Download via App Store Login using online credentials GPS based Store Locator Same features as wf.com iPhone, Palm, iTouch,, (Android, Blackberry)
  3. 3. Baseline -- Legal and Compliance Goals for Mobile Doc Delivery and Signature Meet the legal requirements <ul><li>Deliver all the required information </li></ul><ul><li>Obtain an enforceable agreement </li></ul><ul><li>Meet the procedural requirements </li></ul><ul><ul><li>Method of delivery </li></ul></ul><ul><ul><li>Notice of delivery </li></ul></ul><ul><ul><li>Timing of delivery </li></ul></ul><ul><ul><li>Opportunity to review </li></ul></ul><ul><ul><li>Method of agreement </li></ul></ul><ul><ul><li>Need for signature </li></ul></ul><ul><ul><li>Retention of records by us </li></ul></ul><ul><ul><li>Retention of records by the customer </li></ul></ul><ul><li>Sources – Where do “legal requirements” come from? </li></ul><ul><ul><li>Statutes </li></ul></ul><ul><ul><li>Regulations </li></ul></ul><ul><ul><li>Interpretation by Regulators </li></ul></ul><ul><ul><li>Judicial decisions and court rules </li></ul></ul><ul><ul><li>System rules </li></ul></ul><ul><ul><li>Contract obligations </li></ul></ul>Create an opportunity for a fully informed decision <ul><li>Explain the product or service </li></ul><ul><ul><li>What it does </li></ul></ul><ul><ul><li>How it works </li></ul></ul><ul><ul><li>What it costs </li></ul></ul><ul><li>Explain the limitations </li></ul><ul><ul><li>Time frames </li></ul></ul><ul><ul><li>Conditions </li></ul></ul><ul><ul><li>Customer responsibilities </li></ul></ul><ul><ul><li>Risk of loss </li></ul></ul><ul><ul><li>Rules for use </li></ul></ul><ul><ul><li>Exceptions </li></ul></ul><ul><ul><li>Correcting errors </li></ul></ul><ul><ul><li>Handling unauthorized activity </li></ul></ul><ul><li>Present clear choices </li></ul><ul><li>Sources – balancing these sources is often more art than science </li></ul><ul><ul><li>Judicial decisions </li></ul></ul><ul><ul><li>Regulatory guidance </li></ul></ul><ul><ul><li>UDAP statutes </li></ul></ul><ul><ul><li>Industry standards </li></ul></ul><ul><ul><li>Behavioral studies </li></ul></ul><ul><ul><li>Common sense </li></ul></ul>
  4. 4. Baseline – Delivering Disclosures and Signing Agreements – The Record Management Cycle Secure Communication Record Management Responsibility Generate Deliver Store Manage Destroy Record Life Cycle Propagate Data Track Record Versions Extract & Index Data Create Audit Trails & Reports Secure and Consistent Record Management Active Data Processes Access Controls Quality & Integrity Controls Record Destruction Business Continuity Key Systems Issues Boilerplate Docs Transaction-specific Docs Audit Trails for Enrollment, Delivery/Signing Screen Shots & Process Flows Primary Record Categories Search and Report Capabilities Company Policies and Guidelines Record Management Audit Trails & Reports
  5. 5. Delivering Records and Obtaining Signatures – Key Requirements to ponder in a Mobile Environment <ul><li>Consent is required if law otherwise requires info delivered in writing </li></ul><ul><ul><ul><li>ESIGN Consumer Consent Process </li></ul></ul></ul><ul><ul><ul><li>B-to-B Consent </li></ul></ul></ul><ul><li>UETA delivery provisions not preempted by ESIGN </li></ul><ul><ul><ul><li>Need Agreement (express or implied) on Delivery Method </li></ul></ul></ul><ul><ul><ul><li>Need to deal with bouncebacks if email delivery fails </li></ul></ul></ul><ul><li>Delivery Issues </li></ul><ul><ul><ul><li>Records displayed as part of an interactive session </li></ul></ul></ul><ul><ul><ul><li>Customer must be able to retain a copy for later reference </li></ul></ul></ul><ul><ul><ul><li>All formatting, timing and display requirements must be observed. “Timing” includes: </li></ul></ul></ul><ul><ul><ul><ul><li>Proper sequence within transaction </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Any time frames or deadlines for delivery </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Length of time the information/document remains accessible </li></ul></ul></ul></ul>
  6. 6. Delivering Records and Obtaining Signatures – General Signature Strategy on a Mobile Device Offline Or Online? Assure all signature elements addressed – Intent, Attribution, Authority Present record in full-screen display, Using a series of screens, if necessary Email for retention or obtain agreement and provide online retention copy Get Consent Present Document Obtain Signature Deliver Retention Copy
  7. 7. Delivering Records and Obtaining Signatures – The Design Process for Mobile Apps <ul><li>Authentication to System </li></ul><ul><li>Version Control </li></ul><ul><li>Online/Offline Operation </li></ul><ul><li>Push Notification </li></ul><ul><li>Reporting and Tracking </li></ul><ul><li>Record Security and Management </li></ul><ul><li>User enrollment </li></ul><ul><li>Machine authorization </li></ul><ul><li>User access to Machine </li></ul><ul><li>Application Access to remote data </li></ul><ul><li>Data propagation to the device </li></ul><ul><li>Data transmission and encryption </li></ul><ul><li>Data storage and encryption </li></ul><ul><li>Offline operation </li></ul><ul><li>Data and document management </li></ul><ul><li>Update procedures </li></ul><ul><li>Tracking authorized users </li></ul><ul><li>Tracking repatriation of data and records </li></ul><ul><li>Monitoring retention/destruction of local data </li></ul><ul><li>Testing returning data and records for completion </li></ul><ul><li>Testing returning data and records for alteration or corruption </li></ul><ul><li>Filtering returning records to prevent introduction of malware and viruses </li></ul>Special Deployment Considerations Special Design Considerations Special Management Considerations