Tech Forum

While setting up a new auxiliary leader in MLS 3.0, I noticed that a user with only Organization user rights can access and print the Signature Card form. This seems like a potentially serious flaw in the checks & balances around ward finances. Is there a reason the signature card needs to be accessible to any user level other than Finance?

sms1970 wrote:While setting up a new auxiliary leader in MLS 3.0, I noticed that a user with only Organization user rights can access and print the Signature Card form. This seems like a potentially serious flaw in the checks & balances around ward finances. Is there a reason the signature card needs to be accessible to any user level other than Finance?

I doubt there's a reason the signature card needs to be accessible by any other user level, but I also doubt that the MLS developers provided for separate security levels for different forms. Either you have access to the forms or not (except for the confidential forms, which are in a totally different area of MLS).

Although it would be nice to secure the Signature Card, I don't see this is a very big issue. Even if someone with ill intent could get a signature card and send it in, they would have no access to the check stock, and no access to MLS to write a check. All they could possibly do is create a bit of annoyance by requiring the priesthood leader to contact the Church and tell them to disregard the bogus Signature Card.

Thanks for the response Alan. I agree that the risk of loss is low -- the controls you mentioned plus the positive pay verification step before the check clears virtually ensures that no funds would be lost due to signature card fraud/mischief alone. I was thinking more of the impact to members that could result from the delay or return of valid fast offering checks.

No need to continue this thread. I just need to familiarize myself with the finance department's policies for dealing with mismatched signatures to see if its worth submitting this as a defect.

(Just personal thoughts, ...)

I would think that unless there is evidence this specific issue has been deliberately considered and dealt with, a case could be made that it should be reported as a defect so that the potential impact can be analyzed and the proper disposition deliberately decided. If it has already been dealt with and decided upon, a new report will quickly match on the earlier decision.

Proper security systems are built in layers. It is generally not a good idea to be comfortable with having known holes in each layer, because that can lead to a set of holes that can breach the entire system. However, that said, it would surprise me if a bogus signature card would get past an initial comparison against the names of those currently in the relevant callings or known to have been recently called.