Well Fargo: Never Again (?)
- Wells Fargo
- Never Again
- Wednesday 1F
Convener: Marc Hochstein
Notes-taker(s): Karin Marr, John Best
- Tags for the session - technology discussed/ideas considered
Wells Fargo, UMA, SOVRIN
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Marc Hochstein - Editor American Banker
Using identity to prevent this from happening again.
Not don’t do evil / CAN’T BE EVIL
What are the three things that should’ve caught this and how did they fail.
- Explicit Consent - formal process that is enforced
- Notice - Gave consent
- Audit - Making sure consent was given to the right Explicit consent
- Follow HIPAA (in writing and signed)?
Was there a comparable law that was violated?
- Issue was an account created and on behalf of customer that CC was created with digital signature (based on account). When customers got card the recommendation was to ignore the card or just hang onto it. So customers were notified.
- INFORMED - lack of information until after the card was established
- SUCCINCT push notification - on the phone.
- The information is overwhelming when you get a new card
- Structural change in the legal structure??
This was a sales incentive gone wild - so do you create a different incentive that can't go down this road? They counted on the customer confusion.
Consent was "falsified", the notice was overwhelming and the audit favored the sales incentive.
Call centers were also incentified… and a part of this
Was there a mechanism to legally obtain a digital signature - not really - but the call center, drive-throughs, etc. all had these initiatives
Should there be parameters that are affiliated with an account? Besides UN/PW or email address where my relationship is controlled by self. Today all my accounts are not displayed on the first page but rather all over (indicating some are buried). Do we know anything other than UMA that can do this? Who provides these services? FDIC (for banks)? Loss was trust but also may have affected credit score.
- Model: Don't make the whole thing pivot on alerts - so that I inadvertently select
- Revocation is something that exists - maybe have it as "ACCEPT"
- (Justin) - authorization server has opportunity to query the consumer - OAUTH - but then the alert situation is possible but if can then later revoke, that option should be doable
- UMA solves half the problem (2 pcs)
- User Interface - that is consistent - check
- Resource scopes - NOT - are not uniformed (mechanism allows (in OAUTH) limited right of access (subset of rights rather than all or nothing)
- UMA solves half the problem (2 pcs)
What's toted as a feature (Blanket open to any and all types of accounts) is actually not and the solution would be to require consent for all types of accounts
Is revocation (UMA) the solution? (Adrian) - UMA allows for revocation - but does have a UX standard in the implementation (doesn't have to be implemented). Maybe works at the implementation but not at the consumer level.
"Docusign" - I give it digital signature and then I can use for all financial "signatures"
UMA isn't the agreed upon solution though so should not move on. We can make some standard technology changes, but until we have some level of abstract at User level, it’s the same as the 10 page legalese issues. Technology cannot solve all of this
It’s the optimization (exploitation really) (see toted) - that went bad. The issue is How they gained consent - by just getting one signature card. Revocation really says that "I as a consumer originally consented and now I want to revoke" rather than saying "I never authorized in the first place".
Should the consumer control the signature card? Institutes own the resource servers - so the institutes would own UMA - but UMA is a protocol - UMA tries to improve the relationship. Fiduciary information services - these services by law can only be responsible to the individual and not the institute.
(Justin) Everyone having an authorization server is not the solution? I can run my own, I can pay someone or pay in trade? UMA does not deliver this.
Some sort of legible agreement for consumer, outlining consent and options, and accounts. Should be similar to when you change password - you get notified that you did so after the fact.
The failure in the Wells Fargo system was related to not having a system with a clear notification process to inform the customer that a new account was opened on their behalf. The current system allowed staff to open accounts on the behalf of customers without their explicit consent. To auditors these accounts would look legitimate because of the controls in place had been satisfied.
Sovereign identity was also discussed, using the model of getting direct permission from the customer by getting their attention on the phone and having them agree to the opening of the account via Biometric.
All agreed that the breakdown in the explicit consent was the root of the problem. Also it cannot be ignored that inherent intent to do “bad” that was pervasive in the Well Fargo culture allowed it to grow to enormous proportions.
Picture of White Board