1 files changed, 22 insertions, 2 deletions

diff --git a/core/api-bank-wire.rst b/core/api-bank-wire.rst
index a76f5195..84184ec9 100644
--- a/core/api-bank-wire.rst
+++ b/core/api-bank-wire.rst
@@ -133,7 +133,8 @@ Making Transactions
       // time period a transaction belongs to).
       timestamp: Timestamp;
 
-      // Opaque ID of the transaction that the bank has made.
+      // Opaque ID of the wire transfer initiation performed by the bank.
+      // It is different from the /history endpoints row_id.
       row_id: SafeUint64;
     }
 
@@ -429,6 +430,25 @@ exposed by bank gateways in production.
       // time period a transaction belongs to).
       timestamp: Timestamp;
 
-      // Opaque ID of the transaction that the bank has made.
+      // Opaque ID of the wire transfer initiation performed by the bank.
+      // It is different from the /history endpoints row_id.
       row_id: SafeUint64;
     }
+
+
+Security Considerations
+=======================
+
+For implementors:
+
+* The withdrawal operation ID must contain enough entropy to be unguessable.
+
+Design:
+
+* The user must complete the 2FA step of the withdrawal in the context of their banking
+  app or online banking Website.
+  We explicitly reject any design where the user would have to enter a confirmation code
+  they get from their bank in the context of the wallet, as this would teach and normalize
+  bad security habits.
+
+