Skip to content
GeoDataVision
Thread Options
#1510464 - 02/15/11 09:10 PM "Go To Assist" - remoting to clients computer
travelgirl Offline
100 Club
Joined: Mar 2004
Posts: 223
Minnesota
I have been asked to dig up any compliance related considerations for something I know very little about - remote support. We are looking at using something called "Go To Assist" to help clients troubleshoot issues they may be having with Merchant Capture, Online Banking, etc. Apparently there are several software programs out there that work the same.

Basically this type of product allows the bank to remote into the customers computer (with their permission, of course) so that we can see exactly what they are experiencing and to help them fix it. I know our vendor, Wolters Kluwer, uses a similar product and has used it for us when we were experiencing problems.

Is there anyone out there familiar with this and can shed some light on what we should be considering from a compliance standpoint, if anything? I realize there are security related issues too - those are being researched by our security officer, but if you have any advice in that area too, I'll take it.

Return to Top
eBanking / Technology
#1511228 - 02/17/11 02:10 PM Re: "Go To Assist" - remoting to clients computer travelgirl
AFaquir Offline
Platinum Poster
AFaquir
Joined: Jan 2011
Posts: 763
Top of the world... and never ...
We don't use any kind of "go to assisst" our customers directly on their devices. However I think the compliance issues are going to stem from security.

Can you garauntee a "secure" session?

How will you authenticate that the customer who requests the assistance is the customer you are assisting? (i.e. not a zombie or corrupted device? and not a "fraudster" asking for a assistance?)

Similarly to what should happen when W-K logs into help you, you should be keeping a log of who requested help and who logged in to help, What device and terminal are you logging in to and from; Why you were asked to log in. When did the request happen, when did you log in, and how long you were logged in. Most importantly for the log is logging WHAT you did while fixing the problem... with fairly specific detail...

Will you be finishing or processing any transactions that you troubleshoot?
Are you originating or authorizing any transactions you create to resolve the problem?
Will you be able to materially impact the account of the customer you are assisting?

What is your feeling towards Reg E errors should you process transactions that you were not authorized to do by the customer?

Who has oversight of this program inside the bank?

Who will the bank hire or utilize to perform these tasks?

What will the bank do to audit the usage of the program?


I mean to be honest the list of concerns you should consider is extensive, however they can all be mitigated effectively. The questions I listed here are the ones that pop to mind when I think about what I would want to see if presented with a similar choice... However to reaffirm, we do not currently have any system like this in place, so take my thoughts for what they are worth.

Cheers!
_________________________
In life, there is a lot less that could get better and a lot more that could get worse.

MBA Fin/MBS HR

My views only!

Return to Top
#1511260 - 02/17/11 02:52 PM Re: "Go To Assist" - remoting to clients computer travelgirl
Kathleen O. Blanchard Offline

10K Club
Kathleen O. Blanchard
Joined: Dec 2000
Posts: 21,281
One concern I would have with doing this with consumer's pcs is the risk that whenever anything goes wrong with their pc going forward they are going to blame the bank.
_________________________
Kathleen O. Blanchard, CRCM "Kaybee"
HMDA/CRA Training/Consulting/Mapping
The HMDA Academy
www.kaybeescomplianceinsights.com

Return to Top
#1511771 - 02/17/11 11:50 PM Re: "Go To Assist" - remoting to clients computer Kathleen O. Blanchard
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,546
On the Net
We had a similar discussion some time back.

http://www.bankersonline.com/forum/ubbth...rue#Post1077271

I'd also browse the FFIEC IT handbook.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top

Moderator:  Andy_Z