Supplement to Consumers Union Policy on Electronic Money and Banking
1. Providers of on-line financial services should provide sites that are secure.
Secure sites should include the most effective existing protections such as passwords and encryption, and should be routinely reviewed and updated to ensure that new security features are added as they are developed.
2. Financial services providers should be vigilant to expose imposters using their names or similar names to induce consumers to reveal personal financial information.
3. Federal and state regulators should carefully scrutinize the operating practices, security and solvency standards, and privacy policies of both on-line providers of financial services and of third-party providers, contractors and subcontractors.
4. Financial services entities should take responsibility to make the consumer whole for losses from computer crime not caused by the consumer; for security breaches; for failures and losses caused by third parties selected by the financial services entity or by its subcontractors; and for losses contributed to by the financial institution’s sharing of customer data internally, with an affiliate, or with a third party.
5. Providers of on-line financial services should accept the responsibility to try to prevent, detect, and eradicate viruses and other security breaches. Viruses sometimes cannot be prevented, but some on-line banking contracts offered today attempt to eliminate all responsibility on the provider even to try to do so. Because a consumer’s ability to access funds needed for daily living can be affected by viruses and other security breaches, on-line financial services providers should accept more responsibility than is commonly accepted by web site providers of lower-cost, less financially sensitive products.
6. Banks should take affirmative steps to make on-line banking services available in neighborhoods where access to on-line services is low. This may include providing access and training in community centers, housing projects, and urban high schools, as well as other creative approaches.
7. On-line banking channels should not replace other channels that permit in-person activity unless and until there is clear evidence that all demographic groups (including age and income groups) are in fact being equally well served by on-line banking as by other bank channels, including brick and mortar branches.
8. Banks who provide special offers to Internet customers must also have an effective method to make those offers available to customers without access to the Internet.
9. Access to on-line banking services should not be tied to the purchase of another product or service, nor to high minimum balance requirements.
10. Banks and insured financial services providers who accept deposits nationally should not restrict their Community Reinvestment Act areas to the physical location of their home offices.
11. Banks and other providers of on-line financial services should protect and respect consumers’ financial privacy. Information about account numbers, account balances, transaction patterns, specific transactions or similar information should never be provided to third parties, affiliates, or internal divisions without the express permission of the customer. Material used to seek permission should describe all of the types of information that might be shared and with whom the information might be shared.
12. Banks who use an opt-out method should provide a means to exercise the opt-out directly through the sign-up process, in addition to providing a phone number or other methods. The customer who knows he or she wishes to opt-out at the time of signing up for on-line banking should not have to take a separate step to do so. If opt-out is used, it must include the opportunity to opt-out from information sharing among both affiliates and internal bank departments, as well as with third parties.
13. Financial services providers should not condition the provision of on-line services upon consent to share financial information with an internal division, affiliate, or third party, except to the extent that the internal sharing of such information is both necessary for the provision of the service and fully disclosed to the consumer.
14. Financial services sites should never store information about the consumer in any location where it can be accessed by a third party. On-line financial services providers should fully disclose the nature and purpose of any electronic markers they propose to place in the consumer’s system, secure the consumer’s consent to place those markers, and permit the consumer to decline to accept such markers.
Insured and Uninsured Products
15. Banks and others offering uninsured on-line financial services should prominently and effectively disclose which services, accounts, or products are not insured by the FDIC. At a minimum, insured and uninsured products should not be offered on the same screen. When linking from an insured to an uninsured product screen, special care must be taken to identify the uninsured nature of the products offered through the link. Providers should test their customer base to evaluate the effectiveness of these disclosures. Regulators should actively enforce these requirements, and should conduct their own tests to evaluate the effectiveness of disclosures.
16. Banks and other FDIC-insured entities should never permit their names to be used by or licensed to uninsured entities, nor to be used by any third party in a fashion that creates an impression that a communication from the third party is from the bank.
Information and Disclosure
17. Increases in fees and changes in material terms should be accompanied by at least 30 days advance notice. The notice should be sent by a means calculated to actually communicate the information to the customer. Posting information on the bank’s web site about new fees or changes in material terms is not sufficient.
18. Providers of on-line financial services should make their contracts available before the customer must give personal financial information and should make those agreements available in a form which the customer can download, print, and retain in a manner that shows what the agreement was when the consumer entered into it.
19. On-line bill payment services, whether or not associated with on-line banking, should clearly disclose on the screen which is used to schedule the payment the date and time that the payment will be sent and whether the payment will be sent electronically or by ordinary mail.
20. On-line financial services providers should use the power of the electronic environment to facilitate more effective consumer disclosure and education.
21. On-line banking services should meet the consumer protection and other statutory requirements and restrictions of the consumer’s home state.
22. Disputes arising from on-line banking and bill payment should be resolved promptly, and should be at least as prompt as the voluntary timeframe of not more than five business days to recredit disputed funds which has been developed for debit cards.
23. If an arbitration clause is used, it should permit the consumer to choose whether to agree to arbitration after the dispute arises, and should provide fair, cost-effective procedures for the consumer.
24. On-line bill payment services should not impose an earlier time for stop payments than the time the payment could be stopped if it were made by check.
25. Financial services providers who use electronic mail to communicate with their customers should provide two-way convenience to the customer by treating emailed notices of disputes, stop notices, and similar documents required by law to be sent in writing in the same way as if those documents had been mailed.
26. Customers wishing to close their accounts should be able to do so with an instantaneous electronic transfer of funds to another designated account.
27. On-line banking contracts contain no provision presuming that a consumer is in receipt of information simply because the bank has sent or posted that information.