For Burger King, the joke was over in about an hour — but in internet time, it might as well have been years.
On Presidents Day, hackers held the fast food chain's social identity hostage, changing BK's Twitter icon into its competitor's and announcing a fake acquisition by McDonald's. The news was a wake-up call for bank marketers. (Twitter did not respond to a request for comment.)
Since the Burger King incident, the number of banks interested in social media software that hedges against reputational risk has increased, says Devin Redmond, the chief executive of Social iQ Networks. The company launched a tool last year that helps banks and others prevent their online identities from getting trashed.
He says that the number of financial services companies approaching his team for its social media software has more than doubled, from six to nineteen. (Today, Citi is considering using Social iQ's software in addition to the social media publishing tools it already employs, says Frank Eliason, Citi's global director of social media.)
Indeed, social media has matured as a channel used by more and more banks to handle customer issues and monitor complaints that have the power to reach millions all at once.
"The thing I find very striking is the hacks you saw in 2011 look a lot like the same hacks you saw in 2012, and hacks you see today," says Redmond. "It is just that there are more of them."
The problem these banks are now encountering with their brands, however, is that on the social networks, all users are the same.
That means no matter who you are (bank or customer), you can be hacked. All are protected by the same basic authentication methods Twitter uses to fend off impersonators.
There are no foolproof methods to safeguard a Twitter account against an account takeover, says Eliason. "There are always these risks, and you have to mitigate these risks. The step that you can take, first and foremost, is to implement software," he says. Citi is using Sprinklr, a social media tool that allows marketers to manage their social media accounts across platforms (Facebook, LinkedIn, Youtube, etc.).
"We actually make it so [our marketing department] can access [Twitter] through this tool as opposed to directly through Twitter's website," Eliason says.
He adds that across all of Citi's dozens of branded Twitter accounts globally, only a select few have the passwords, which are frequently changed.
Eliason says that, mostly for "need to know reasons," not even he has access to the credentials to directly sign in to Twitter.
Citi follows protocols, such as deleting direct messages that involve customer correspondence after those issues have been resolved, to minimize the risk to its customers in case it does get hacked.
In addition, Eliason says the bank has strong relationships with all the social networks that would help it quickly shut down one of its accounts if it was hacked.
There are some built-in protections, as well.
For example, Eliason points out Citi has 'Verified' accounts that are validated by the social network in order to give special preference to specific people or brands with a high number of followers, such as the Melanie C of The Spice Girls.