Home › Forums › General Discussion › Using Client Login Credentials
- This topic has 17 replies, 14 voices, and was last updated 5 years, 1 month ago by Meryl Schaffer.
-
AuthorPosts
-
January 9, 2018 at 6:10 am #11894Joel CataniaSpectator
I know many DMMs use the login credentials of their clients when accessing online accounts for reconciliation and bill-paying purposes and am wondering, if you do this, do you have the client sign an authorization form, specifying that they’re knowingly granting you the ability to use their usernames and passwords, and the specific things you are / are not authorized to use them for? If not, how do you address the risk that someone (the client, a relative, etc.) might later state that they didn’t know that’s what you were doing (especially if something goes wrong, such as fraud)?
Thanks for sharing your insights.
Karen Ethridge
K2.Financial LLCJanuary 9, 2018 at 10:21 am #12406Rita KuehnisSpectatorI have a portion of my contract where I list the specific account access and the role I will play with that specific account. This way, the client is signing off on the scope of work, the accounts they are giving access to and what I will be doing all in one document.
January 9, 2018 at 2:22 pm #12408Meryl SchafferSpectatorI have a separate “Consent for Use…” just for clients were I have access to their accounts from my own computer or when they are not present.
I know this is strongly recommended by our insurance as well.
Cari
January 9, 2018 at 5:48 pm #12410AnonymousInactiveWe also have a separate consent for online access. We always make sure that at least one other person (usually the POA, sometimes an accountant, financial advisor or attorney) knows what we are doing so it is not a surprise. Do keep in mind that if something does go wrong, the bank may consider their agreement with the customer void since most banking agreements clearly state that the user is not to share their logon information. Having said that, we still find it is the most efficient way to have online access.
Leah
January 11, 2018 at 6:36 am #12412AnonymousInactiveWould one of you be willing to share your consent? I’d like to create one.
Thank you in advance
Julianne70miller@gmail.comJanuary 11, 2018 at 7:17 am #12413AnonymousInactiveI would also be interested in hearing from DMMs who won’t go on to the client’s online account without a limited power of attorney. What is the rationale for that? Do those of you who do that carry fiduciary liability insurance? Thanks, Leah
January 15, 2018 at 3:33 pm #12422Lynne EdwardsSpectatorEarlier today I posted a comment regarding Estate Documents & Digital Assets that addresses this issue. I won’t repeat that post here, but it’s about accessing online accounts for another. I imagine we all encourage clients to maintain a list of accounts and passwords (for use by another when they die/are incapacitated), but that doesn’t fully address the increasingly important issue of digital access/afterlife. For one thing, companies increasingly require multiple-factor authorization (i.e., a password alone doesn’t get you in, you also must get a text code or other additional identifier). And, I’ve learned, litigation is increasing when companies discover that their online account agreements (which prohibit anyone other than the registered user from accessing an online account, even family members or executors) have been violated. According to some legal advisors, that means every individual’s estate documents must specifically authorize one or more individuals to access and manage their digital assets. And, to avoid complications, it was recommended that users check with each institution to learn whether other paperwork may be required in addition to a Trust, or will, or POA that mentions digital access. (For instance, every bank I deal with on behalf of clients has a separate form that must be signed to complement my POA.) Just today I sent my estate attorney an email asking his guidance because I don’t see any such language specifically addressing digital assets in my own documents.
February 20, 2018 at 2:46 pm #12468AnonymousInactiveMany online banking accounts have the ability to add additional users to the online account and specify what activities that person is able to do. For instance just have the ability to do online bill pay. The client would need to set that up but then going forward you would have your own credentials to login and pay bills or whatever they give you authorization to do. All of that activity would be trackable under your login and not theirs, thereby shifting liability to you for anything done under your login.
October 24, 2018 at 11:26 pm #12780AnonymousInactiveFor those of you using a “Consent of Use”, would you be willing to share that with me as well? Thank you for your help.
October 25, 2018 at 5:57 pm #12782AnonymousInactiveLori,
Thank you for posting your reply. I will check with one of my clients to see if this option is available with their bank.
Jennifer
October 31, 2018 at 6:53 pm #12785AnonymousInactiveI will be touching on this topic when I speak this Saturday at the conference. My recommendation is that you should always have a separate login for accessing financial accounts and the account should be setup for two factor authentication.
If the client’s computer is compromised and someone is able to login to their account using this “shared” password and they remove money you may be financially responsible.
If the bank does not allow multiple logins, a cleaner way would be to have the client open a joint account with you and then setup automatic transfers from one account to the other to cover any bills that need to be paid. In this day and age, they do not even have to be at the same bank. Now you have a paper/digital trail of money transfers into and out of the account that you are managing.
May 29, 2019 at 7:55 pm #12968Catherine KreinSpectatorGood Evening,
I have a new client who has hired me to pay bills, track spending and payoff debt. The client would like to set up a separate bank account in which funds would be deposited every month in order for me to pay the bills . However; the client is not comfortable providing me with any username and passwords for any of the vendors in order for me to set up Payee’s in the new bank account. How can I pay the client’s bills if the client has only provided me with amounts, vendor names and some due dates??? Even if I use Quicken to link to their existing bank account, I would still need a username and password. Maybe I’m missing something. Appreciate all of your feedback.
Danielle
Bills & BudgetsMay 29, 2019 at 10:43 pm #12969Catherine KreinSpectatorI forgot to mention that I work remotely and the client lives 3 hours away.
May 30, 2019 at 1:06 am #12970Meryl SchafferSpectatorHi Danielle.
If the bank account has bill pay, then you could certainly pay the Vendors through the bill pay system without logging into the specific vendor sites. Maybe your client could change the email notifications on all the bills to go to you?
That being said, I find that to really be able to serve my clients well, I need to have access to these logins. There is really very little security risk in sharing non-banking logins, so I would ask again. It would make your clients job much easier.Cari
May 30, 2019 at 3:01 pm #12972AnonymousInactiveA password management site like LastPass or Roboform would be helpful in getting access to vendor sites or their bank accounts for those with remote clients. The client would have to set up their own LastPass account and could then share the sites with you that you needed. If they no longer wanted you to have access to that account, they could change the password on that specific site and it would require them to share the info with you again in order for you to gain access. Hope that makes sense. I love using LastPass and would definitely recommend it.
-
AuthorPosts
- You must be logged in to reply to this topic.