We continue to get more requests about the Regulation E opt-in process on our banking customer websites. To get up to speed, you can read my first post last week on recommendations and the second one this week “in English.”

Since then, we’ve prepared a sample page on the Dovetail site that provides an example of the combined technologies for a possible form. To check it out, just follow the link to the Regulation E Overdraft Opt-in Form Sample.

-- Mike

I’ve received quite a bit of feedback on my post from last week on recommendations for implementing a Regulation E opt-in form on your banking website. My favorite though was a request to see if I could re-write it in “English.”

I am certainly guilty of sometimes talking a bit too technically on such things, so with a bit of a mea culpa, let’s see if I can explain how the recommended scenario would actually work. And if I feel I have to get technical I’ll footnote it and put it in a “Techie Note” at the end of the post, so feel free to glaze over those if need be.

1. Create an online version of your opt-in form as a new web page.
    
2. Include all the appropriate verbiage recommended along with your overdraft fee disclosures as required along with fields where the visitor can enter their name, account number, date and opt-in or opt-out selection.
    
3. Once a user completes the form, they will click a button to send the request. The contents of the request as entered by the user needs to then be sent securely to the bank. The best way to do this is to send all submissions as a secure email to a designee at the bank or credit union. [1] 
   
   NEVER SEND THE FORM INFORMATION VIA UNENCRYPTED EMAIL. 
    
4. To maximize effectiveness of the online form, and minimize customer support needs, you will want to make the form easy to find and freely accessible to anyone. This will mean that you will need to properly authenticate all requests to validate them as true. [2]
    
5. Next, you will want to work with your web host provider to set the new form to only operate when visited by users with an HTTPS address. This will ensure that any contents submitted are encrypted at the same high standards as your online banking applications. [3] 
    
6. Now, add the page into your website’s navigation so that it can be found in your site’s menus easily. You should also provide the link to your customers in any notifications that are sent to them. [4]

Once you’ve made your form live, you will start to receive the opt-in (or out) requests securely to your bank or credit union. Hopefully this post is a bit easier to follow, but please comment, let me know what you think or if you have any further questions. Thanks.

-- Mike

Techie Notes:

Techie Note 2: Since there are programs (known as “Spam-Bots”) that search the Internet for forms and then submit bogus content, an anti-spam-bot technique known as CAPTCHA can thwart these entries by presenting an image of text that the user has to type in to confirm that the form is legitimate. Below is a picture of what a CAPTCHA form might look like.

[top]

Techie Note 3: HTTPS is driven by what is called an SSL Certificate. A certificate is a digital key that serves two roles, first it handles the encryption between the user and the site server, but second an SSL certificate also verifies the identity of the website owner (i.e. your bank or credit union) and helps to ensure that users are comfortable submitting their information.

Additionally, a specific type of SSL Certificate, known as an Extended Validation (or “EV” for short) has the added benefit of displaying green over your address bar in the browser (an example is seen below) and goes through more rigorous validation than a normal certificate.

  [top]

Techie Note 4: a friendly page address can go a long way towards making the form easy for customers to find. Perhaps an address like http://www.yourdomain.com/overdraft-opt-in might work well.  [top]

On July 1, 2010 the Regulation E rules established by the Board of Governors of the Federal Reserve take effect. By then all financial institutions must have in place controls that opt-out all customers from overdraft protection for ATM and one-time debit card transactions if they have not affirmatively consented, or opted-in for the service.

Over the past couple of weeks, we have received a number of inquiries from our bank and credit union customers looking for guidance on how to create online forms that can meet the opt-in and opt-out requirements of Regulation E.

Based on our research on the topic and various conversations with customers here is what we understand.

1. Before the compliance deadline, all customers must be set to an opt-out status for specified overdraft services.
2. Notification must be sent to customers instructing them that to continue the specified protection, they must opt-in.
3. The institution must provide a full explanation of the overdraft protection including all fee disclosures.
4. Customers can then indicate their consent for the protection or continue to opt-out.
5. Assuming that the first two requirements are met by the bank or credit union, they may direct customers to an online consent form in order to opt-in.

Suggested wording of the form is provided by the Federal Reserve and should include the ability to select the opt-in or opt-out status, the customer’s name, the date, and the customer’s account number. In order to request this information online, special attention must be paid to security.

The following recommendations offer a guideline for your online form.

1. Ensure that the form is only available through SSL encryption.
2. In order to help the customer verify the validity of the form, an Extended Validation SSL certificate (such as a VeriSign Secure Site with EV) is also recommended.
3. Use secure email to deliver the form contents. Sign and encrypt the email using a personal certificate associated with the recipient email address (such as a VeriSign Digital IDs for Secure Email).
4. Include a form validation such as the free reCAPTCHA anti-bot service to reduce the number of false form submissions.

Financial institutions that are users of the novo for Banking web content management system can meet all of these recommendations. If you’re not currently using novo for Banking, there are implementation steps that can be applied to your site as well.

If the above recommendations cannot be met for whatever reason, then we would further recommend that the website provide only a PDF version of the form which customers can print, complete, and deliver it to a branch personally.

For assistance, contact any of us here at Dovetail and we’ll be happy to help ensure you’re ready for Regulation E.

-- Mike

For anyone in banking, regulations are a constant, and rightfully so. However that doesn’t make it any easier for those who are responsible for ensuring compliance.

As you know, changes to “Regulation Z” (which became effective yesterday, October 1st) are impacting the way financial institutions have to post certain product and rate information.

As the go to web partner for over 40 banks and credit unions, we’ve seen a fair increase in support calls for users of our RateDisplay rate web publishing system. Specifically users are needing to alter the way certain tiered rate products are listed on their tables.

The great news is that we’ve got you covered. With the latest release of RateDisplay, version 3.11, users can now create a custom rate field. By using that field and making a few adjustments to the individual rate products, you can present these rates in a Reg-Z compliant manner.

If you are already on version 3.11, contact our Customer Service team to find out how you can rework your rate tables.

Over the coming week we will be contacting our clients not currently on the latest version, to discuss what your upgrade path is and what needs to happen. You may also contact us at anytime if you'd like to get the process started sooner.

-- Mike

follow me on Twitter: @mikevilla

On Tuesday, the National Credit Union Administration (NCUA) issued a Fraud Alert indicating that fraudulent letters were being circulated to credit unions along with two compact discs labeled as training materials which the letter instructs recipients to review.

The release goes on to warn:

“DOING SO COULD RESULT IN A POSSIBLE SECURITY BREACH TO YOUR COMPUTER SYSTEM, OR HAVE OTHER ADVERSE CONSEQUENCES.”

And further instructs that “Should you receive this package or a similar package DO NOT run the CDs. You should contact your NCUA Regional Office or the NCUA Fraud Hotline at 1-800-827-9650.”

You can view the original alert here and view the bogus letter here.

-- Mike

The other day, a White House special committee released information predicting the potential far-reaching impact of the H1N1 Swine Flu and urged businesses to prepare for a potential pandemic.

The next day I received a call from a customer wanting to understand what the impact would be on his company’s website in a pandemic. I have to admit that I was a little thrown off by the question. It wasn’t something I expected to be asked about and wasn’t immediately prepared to respond either.

Upon further reflection after the call, though, I had the opportunity to review our standard Disaster Recovery Plan and service offerings and was able to bring the unique question into standard operating elements. That is probably best advice I can give.

If you’re responsible for such planning in your organization check see what happens according to your current planning. See how they relate to the potential effects of an outbreak.

There are plenty of resources online from one extreme to another. The article linked above offers some good starters and the World Health Organization has a complete Pandemic Preparedness guide available for download.

What are your pandemic plans? Are you thinking about it? What are your thoughts? Comment here and let me know!

-- Mike

I recently came across a blog post from 2005 that laid out a “typical” web development lifecycle in a very creative way. It’s from a no longer active Japanese site, pingmag, and in the post titled The Website Development Process, the author uses some great photos to illustrate his take on the process. He presents the “programmer,” “designer” and “client” in various vignettes using little toy characters.

Of course, any attempt to generalize a web development process is going to be very idealized, and it probably won’t apply to a real-world project. (Just ask any project manager and they’ll confirm that for you.) However, that’s not really the point of the piece. It really does do a great job highlighting the typical milestones: definition, brainstorming, site maps, wireframes, design, client review, revision, production, presentation, beta testing, revision, and go-live.

I recommend you read the piece. You’ll get a chuckle as you do.

But there’s one thing that the article missed altogether. At the end of the piece, the go live is defined as the end, and though the piece comments about the need for a cure period where post-live issues are resolved, but it misses the biggest milestone of all – post-live maintenance and growth of the site. I often use the mantra that “your website is never done” – to be truly effective as a web presence you need to constantly update and adjust, grow and change  your site as your company does.

From the Dovetail perspective, that milestone is the most important. What happens after the project is “done” and the customer is handed over the keys to the kingdom. Of course, we’ve developed novo to help small and mid-sized businesses do just that – take control of their web and sales and marketing strategy by never forgetting that their site is never done and helping them to keep it fresh.

-- Mike

follow me on Twitter: @mikevilla

I just read an article in the July 20th issue Worcester Business Journal entitled “How To Keep Business Tweets Out Of Court.” The title grabbed my attention right away (after all, I seem to be particularly drawn to the latest musings in print on the social media spectrum). 

As I started to read through the piece, I was hoping to receive some sage words of advice or specific examples of what types of Twitter activity has gotten businesses into hot water. However, as I read through the article a few things became apparent.

First, there was not a single, actual example that the reporter sited to demonstrate the types of problems that can arise. Does this mean the problem doesn’t exist? Not necessarily, but the article didn’t live up to the hype in the headline.

The article alluded to the release of confidential information as the most plausible risk for business. But if that’s the case then this is certainly not a new phenomena. This issue has been around since Eve leaked the secret apple recipe to Adam. More specifically, we’ve already answered these questions with email, instant message, texting and blog trends.

It seems to me that the article, and the editors of WBJ, would have been better served to publish a story outlining the types of policies and education that business owners should be working on.

The world of social media can be a powerful tool for business. From customer service, to web search optimization, to community building there is a lot of potential gain. However like anything, proper education and preparation are key to success (or failure for that matter). If you are going to embrace the blogosphere, then write a Corporate Blogging Policy. If you are going to “experiment” with social media, develop a Social Media Marketing Manifesto like the one I posted here in the blog. Know why you are there, what you hope to benefit from, and create some simple guidelines for acceptable use and content.

True enough, Twitter may or may not be right for your business but either way, don’t let catchy headlines scare you from taking advantage of the power of communication.

-- Mike

follow me on Twitter @mikevilla

In my last post I started discussing who benefits from using a CMS for managing web content. In that post, I talked about the IT Department. In this second part I turn my eyes towards marketing.

Fundamentally, marketing exists for one purpose – to drive sales. Whether through brand definition, community outreach, product launches, advertising, and so on all marketing functions ultimately lead towards increasing leads and supporting sales efforts. In order to do that the marketing team is constantly evaluating new ways to drive towards that goal.

Of all the areas in an organization the marketing department in many ways is the most dynamic. Whether driven by seasonality, customer response, new offerings or whatever, the marketing professional is constantly looking at the same things in new ways.

In order then to be successful at marketing, a company needs to be able to quickly execute strategies before windows of opportunity close. To that end agility is the name of the game. When marketing is then handcuffed by inefficiency or lack of control they are not able to perform at 100%. This can be especially true with the website.

By giving marketing the power to manage the website’s content, navigation and design they are best able to adapt the web presence to meet the needs of the day. Web content management then is the tool that is best suited to do that. Not only because it lowers the technical threshold necessary to work with the site, but because it also protects the the site’s elements from inadvertent changes. As opposed to website editors that just allow you to edit the code, a CMS system isolates the elements from each other and allows the proper process to be followed while still offering a fast-paced environment to work within.

Furthermore by lessening the technical aspects of updating the website the marketing team can move about freely within the scope of their efforts without having to rely on the IT Department or an outsourced vendor. This independence then translates to a more effective web presence and a bottom-line decrease in costs associated with the site.

So if you are in the marketing team at any company and want to have the freedom that web CMS can provide, be sure to consider novo, it’s ideally suited for your needs.

-- Mike

Follow Michael Villa on Twitter: @mikevilla