I’ve received quite a bit of feedback on my post from last week on recommendations for implementing a Regulation E opt-in form on your banking website. My favorite though was a request to see if I could re-write it in “English.”

I am certainly guilty of sometimes talking a bit too technically on such things, so with a bit of a mea culpa, let’s see if I can explain how the recommended scenario would actually work. And if I feel I have to get technical I’ll footnote it and put it in a “Techie Note” at the end of the post, so feel free to glaze over those if need be.

1. Create an online version of your opt-in form as a new web page.
    
2. Include all the appropriate verbiage recommended along with your overdraft fee disclosures as required along with fields where the visitor can enter their name, account number, date and opt-in or opt-out selection.
    
3. Once a user completes the form, they will click a button to send the request. The contents of the request as entered by the user needs to then be sent securely to the bank. The best way to do this is to send all submissions as a secure email to a designee at the bank or credit union. [1] 
   
   NEVER SEND THE FORM INFORMATION VIA UNENCRYPTED EMAIL. 
    
4. To maximize effectiveness of the online form, and minimize customer support needs, you will want to make the form easy to find and freely accessible to anyone. This will mean that you will need to properly authenticate all requests to validate them as true. [2]
    
5. Next, you will want to work with your web host provider to set the new form to only operate when visited by users with an HTTPS address. This will ensure that any contents submitted are encrypted at the same high standards as your online banking applications. [3] 
    
6. Now, add the page into your website’s navigation so that it can be found in your site’s menus easily. You should also provide the link to your customers in any notifications that are sent to them. [4]

Once you’ve made your form live, you will start to receive the opt-in (or out) requests securely to your bank or credit union. Hopefully this post is a bit easier to follow, but please comment, let me know what you think or if you have any further questions. Thanks.

-- Mike

Techie Notes:

Techie Note 2: Since there are programs (known as “Spam-Bots”) that search the Internet for forms and then submit bogus content, an anti-spam-bot technique known as CAPTCHA can thwart these entries by presenting an image of text that the user has to type in to confirm that the form is legitimate. Below is a picture of what a CAPTCHA form might look like.

[top]

Techie Note 3: HTTPS is driven by what is called an SSL Certificate. A certificate is a digital key that serves two roles, first it handles the encryption between the user and the site server, but second an SSL certificate also verifies the identity of the website owner (i.e. your bank or credit union) and helps to ensure that users are comfortable submitting their information.

Additionally, a specific type of SSL Certificate, known as an Extended Validation (or “EV” for short) has the added benefit of displaying green over your address bar in the browser (an example is seen below) and goes through more rigorous validation than a normal certificate.

  [top]

Techie Note 4: a friendly page address can go a long way towards making the form easy for customers to find. Perhaps an address like http://www.yourdomain.com/overdraft-opt-in might work well.  [top]