Peopleâs United ACH Service, Banking Security & Client Support Conundrum.
I hope that what I am writing here would come across as nothing other than constructive criticisms to the bankâs ACH payment service and policies regarding banking security protection, technological implementation and its servicing of this product. This is not intended to attack any individuals involved in this process, neither it is intended to attack Peopleâs United as an organization. I will talk about my experience (the situation), from which I will point out challenges presented by the organizationâs policies and practices that I perceived. I will address these issues: 1) redundant and not-well-thought through verification factors built-in to the online service, 2) inefficient, time-consuming procedures, particularly with the ACH Daily Limit Increase Request, and lastly 3) inadequate record filing procedure and/or lack of vertical communication within the organization. Finally, my suggestions are based on my personal assumptions and needs.Â
Background information: I needed to set up ACH payment capacity to my online banking account due to my need of an easier process to make payments to my service providers/ vendors. For those of you who donât already know what ACH payment is, ACH stands for Automated Clearing House is an electronic network for financial transactions in the United States. It processes large volumes of credit and debit transactions in batches. One of â[the] most common uses of ACH are online bill payment, mortgage and loan repayment, and direct deposit of payroll. ACH payments are an efficient and cost-reducing alternative to paper checks and credit cards. On the Internet, ACH is primarily used for person-to-person (P2P), business-to-customer (B2C), and business-to-business (B2B) payments.â (Sources: en.wikipedia.org/wiki/Automated_Clearing_House, https://www.paypalobjects.com/en_US/vhelp/paypalmanager_help/about_ach_payments.htm). In the past, I frequently traveled to areas in the Northeast where I didnât have convenient access to local branch. For example, one time I was at Pilot Knob, Lake George, New York, and needed to make a payment to my vendor; I had to drive to the closest branch at Fair Haven to do a wire transfer. What a drive! Therefore, I enrolled in this ACH payment service on December 22, 2014 in order to enjoy the freedom of doing banking online anywhere anytime.Â
However, when I needed to initiate a wire transfer in April, 2015, it took me 4 hours to be online, talk to at least 4 client support representative. I finally gave up and drove to the Northampton branch to complete my transaction because I was so frustrated with the whole process, and honestly, refuse to give-in to a service/system that, in my opinion, is not well-designed.Â
So here are my thoughts:Â
1). Redundant and not-well-thought through verification factors: 1a. The situation: When I logged in to my account, usually there are at least 3 to 4 verification factors I would need to go through. My experience during the time I tried to initiate the ACH payment, I went through 4 verification factors every single time I logged in. Those verification factors include: company ID, personal ID, one-time verification code (texted via cell phone), combination password (constant password key combined with auto-generated code provided by a token). 1b. The challenge:Â
1b1. Access to a cell phone; 1b2. Accessibility to cell phone service (domestically/ internationally) and/or cell phone reception;
As much as I appreciated added security protection to my online account, at the personal level, for me as a small business client, I believe it is a deal-breaker. Why? I wanted an ACH service that can help me facilitate payments with ease (anywhere, anytime), especially to accommodate my frequent travels to domestic areas where, honestly, I have either limited or no cellphone reception at all. As a result, the one-time security code option sent via cellphone (call or text) before I can use my combination password is, in my humble opinion, a very ill-fitting feature. Also, this feature is even more problematic when I or any clients (please allow me to assume) travel to foreign countries where I can have access to internet but not the same cell phone service provider/ numbers that I use in the US. For instant, if I go to Germany, I can see that T-mobile is a prominent cell phone service provider there. But sorry, even though I have T-mobile in the US, I will not be able to use my T-mobile service cell number. How am I going to receive this one-time passcode? So, this one-time security code verification factor is creating a real challenge to me as a user with my particular needs. 1c. Suggestion(s): I am not quite sure if there is an option to have this one-time security code emailed to clients. Regardless of its method, I still think it is so redundant. 2). Inefficient, time-consuming built-in procedures (in specific, Daily Limit Increase Request Submission) 2a. Situation: When I needed to have my pre-set daily limit increase, I will need to access the form online, printed it out, completed it, signed, either faxed or scanned and emailed it to client support, and then called to talk to a client support to have it approved. 2b. Challenges:Â
2b1. Access to a printer; 2b2: Access to fax machine/scanner; 2b3. A time-consuming process.
This feature and procedure are not built with clientsâ ease of use in mind. Why? It is because it requires the user to have 2b1) an access to a printer and/ or 2b2) a fax machine or a scanner in order to complete this one simple request. Whether you use a conventional old-school fax machine to transmit your document or an email faxing/ efaxing feature to send your faxed document to your email inbox, it is not as secure and efficient as it might appear. It is argued that faxing a document via a fax machine might be more secured than emailing the document as an attachment. However, in this time and age, using a fax machine to transmit is simply a little out of date. Using email faxing is almost the same as emailing with an attachment. All in all, this process alone is comprised of multiple time-consuming steps regardless of your chosen methods. Now, if I had already went through 4 verification factors to identify who the user is, is this added multiple-steps procedure necessary in terms of verification (having authorized signature on the submitted form)? 2c. Suggestion(s):Â
2c1: Built-in online submission form with 2c2. e-signature feature right inside user account (if verified signature is an absolute need);Â
With this two features, instead of having clients print the form out, manually sign it, then fax/scan it back, clients can simply open the form on a separate dialogue box inside their online account, complete the form online, use e-signature with your chosen e-signature identification format, and submit the form online. All of these steps will be able to do in real time, at one single location, using one single electronic devise (either your PC/ laptop or tablet). Wouldn't it be such a time saver, hence, money saver? 3). Inadequate filing procedure and/or lack of vertical communication within the organization: 3a. Situation: After I printed out the Daily Limit Increase Request form, signing it the exact way I did on the ACH Agreement Form (which I had right in front of me), scanning it and emailing it to client support, I called in to talk a client support in order for me to have the request approved in time. The first time, the client support prep simply told me she could not verify my signature on file. No further explanation was given or was allowed to give to me due to security purpose. I was asked to go through the process again to resubmit the form. I complied and went through the process again, and got on the phone to call client support. This time, I spoke to a different person, whom, again said that she could not verify my signature on file, and advised me to resubmit the form. I keep asking her what form she was looking at, she kept refusing to tell me, once again, due to security purpose. I insisted that I signed it the exact way I had done on the ACH Agreement Form that I had submitted when I signed the contract, and I honestly did not know what else to do, she finally told me that she was looking at an old wire transfer request form that I had completed in person at a local branch on 12/05/2014.Â
I asked if she had a copy of the ACH Agreement to verify my signature only to find that the client support had access to the ACH Agreement or the signed page of the ACH Agreement on which my official signature could be verified. 3b. The challenges:Â
3b1. Inadequate record filing procedure; 3b2. Lack of vertical communication within the organization; 3b3. Ineffective safety/security procedure that prevents effective communication with clients;Â
3c. Suggestions:Â
3c1. Improve client record keeping/retrieval/ sharing; A Customer Service Manager at the local branch (I am not going to mention her name here) suggested that sheâd make a copy of the signed page of the ACH Agreement to send in to the ACH Processing/ Client Support department so that they could have it on file. Her recommendation was spot on. However, it would simply be an answer to a very particular incident/ this case, a solution to a problem. However, that solution would be applicable to not only this case (my case). Howâs about the over all office procedure? The fact that 4 months after I signed on to the service, client supports did not have access to the very important piece of paper--the signed page of the ACH Agreement--pertaining to the service in order to verify the user/client is very upsetting to me, especially that I have paid my monthly fee to the service. Letâs go back to my signatures and say that because I use two different signatures, therefore, client supports cannot verify. To the best of my knowledge, a lawyer that I consulted advised me that it was OK that I signed my full legal name on important legal documents (in this case, the ACH Agreement) and abbreviated version of my name in other occasions (in this case paperworks I had signed in person at a local branch because bankers have already verify my identity). So, whatâs left? Now, I would assume that the signed page of the ACH Agreement might not be on file. As a consequence, I would assume that client record storage, retrieval and sharing policy/ practice is also insufficient. Or letâs presume that the document--the ACH Agreement and the signed page of the agreement is on file, but all of the client supports I spoke to that day did not have it or have access to it.
As much as I know, depending on the position of an employee, he/she will be granted different accessibility levels to company's servers and archive. As a result, he/she can have no to limited access to different layers the intranet or records stored on certain servers. However, in this case specific, it is because the service was particularly for ACH Payment Service and the client support was a dedicated department to take care of clients' ACH Payments needs, I would highly recommend client support staff to have access to at least this signed page of the ACH Agreement if not the whole agreement. To conclude, I think online banking needs extra precautionary steps to protect clients against online financial fraud and identify theft. However, technological procedures do need to be sensible and practical, reflecting the needs not only of clients but also social-technological changes. It is necessary not to get lost in reactionary measures while neglecting some very critical practices such as filing, internal file sharing, vertical and horizontal communication within and across an organization, and effective communication.











