Invesco's Online Plans Are Questioned
September 6, 1999
Electronic commerce consultants to the mutual fund industry are questioning how Invesco Funds Management of Denver, Colo., will allow customers to open accounts online while avoiding fraud.
Invesco announced Aug. 23 it would be the first mutual fund company to enable customers to open accounts in a single Internet session, without the need for faxes, mail or signatures.
Invesco declined to explain the mechanics of what it is calling "electronic consent forms" it plans to use in lieu of written signatures. An Invesco spokesperson said only that the firm's online plans "comply with concerns of both inside and outside counsel."
The company also will not disclose details of its security measures even after the online program begins Oct. 1 for "competitive reasons," the spokesperson said.
However, e-commerce consultants said there are problems with opening accounts entirely online because electronic consent forms and digital signatures can themselves be forged, leaving Invesco open to fraud. Further, without a hard-copy signature on file, Invesco will not be complying with contract law, these consultants said. That would enable a person who had opened an account with Invesco via the Internet to possibly contest the account later, they said.
The electronic consent forms Invesco plans to use will probably use personal, or digital, certificates, also known as digital or electronic signatures, said Drew Lapsley, director of Insource Technology Corporation of Houston, Texas, an electronic commerce consulting firm to financial services companies.
Lapsley likened personal certificates to a code embedded in a computer hard-drive.
"Personal certificates are software that is downloaded from the Internet and attached to a user's browser," he said. Combined with passwords, they are designed to authenticate a person using a particular computer, he said. Personal certificate software is available from Verisign of Mountain View, Calif. and other companies, said Lapsley.
However, personal certificates, digital signatures or other kinds of electronic consent forms can be forged, Lapsley said.
Verisign, for instance, only asks an applicant for a personal certificate for his name, birth date, address, credit card number and expiration date (to pay for the annual $14.95 fee). Verisign also asks the applicant for a password which it calls a "challenging phrase." However, an imposter who had obtained all of this information on another person along with that person's bank account number could fraudulently apply for a personal certificate and then fraudulently open a mutual fund account online, Lapsley said.
Opening accounts online without any accompanying hard copy "is a pretty bold move," he said.
"I'm not sure how they will avoid fraud - how they'll ensure that people are who they say they are," said Lapsley. "If someone broke in and took money from Aunt Matilda's life savings, that would be front-page news."
Phillip Lawrence, a partner with Ernst & Young, also said he was surprised by Invesco's decision to open accounts online. Mutual fund companies have been eager to offer such a convenience to customers, he said. But, "part of the issue is security and what the cost of failure would look like," he said.
Internet Broadcasting Company is a mutual fund consent management vendor that sends investors statements and prospectuses online after investors have mailed or faxed a signed request giving their permission that they be sent such documents electronically. The company has no plans to open mutual fund accounts online since it does not trust digital signatures or electronic consent forms, said Brad Levine, chief executive officer and president of Internet Broadcasting Company of Pompano Beach, Fla.