How to Show Customers Security Is Job One at Your Bank
Bank regulators are likely to take further action to force banks to upgrade their cybersecurity processes as hackers continue to find ways to penetrate institutions defenses, Benjamin Lawsky, the top former New York bank supervisor, said Tuesday.July 28
Claims of security lapses at LifeLock and Experian call into question the value of these companies' identity theft protection services, which many banks offer to their customers.July 24
Ashley Madison, an online extramarital dating service that claims to protect users' privacy and security, has had its customer database compromised.July 20
Business went on as usual at commercial banks as the New York Stock Exchange and other large businesses suffered outages. But the confluence of events served as an unnerving reminder of the cyber risks facing the industry.July 8
The leak of documents from the surveillance software and "ethical hacking" firm Hacking Team revealed that some foreign banks were clients. Had any U.S. banks been on the list, the last two weeks would have been interesting.July 16
Bankers tend to think of security as an IT concern. But the recent leveling-off in mobile banking transactions suggests that security worries are a barrier to growth.
After three years of steady increases in the adoption of mobile banking services, a 2015 Federal Reserve study found that the number of smartphone owners accessing a bank account barely increased in the previous year. Fifty-two percent of smartphone owners conducted one mobile banking transaction in 2014, up just one percentage point from 2013. Nearly two-thirds of those who did not use mobile banking said they were concerned about security issues such as data interception, phone hacking or a lost or stolen phone.
A 2014 poll conducted by GoBankRates found the two biggest fears about mobile banking were identity theft and corporate misuse of information. Thirty-seven percent of consumers said they feared identity theft and 7% cited potential misuse of personal data. Older consumers were most concerned with identity theft.
Although frequency of use among mobile banking customers is increasing, mobile penetration will not go much higher until these fears are addressed.
Consumers are right to be worried. Massive cybersecurity breaches have affected customers at a number of companies including Target, Walmart, JPMorgan Chase and the adultery website Ashley Madison, as well as federal employees. Anthem, one of the industry's largest health insurance providers, recently experienced a breach that exposed the personal information of nearly 80 million customers. And a 2015 RiskIQ study of 350,000 Android mobile banking apps available at 90 different app stores found that more than 40,000 (11%) contained malware.
If consumers' security concerns are inhibiting mobile transactions, it's likely that these fears also temper email response rates, the effectiveness of digital retail and mortgage campaigns and even web traffic.
To counter this effect, banks should consider developing a security communication strategy to boost customer trust and confidence. They must take every opportunity to demonstrate the ways they successfully manage sensitive data. Financial institutions take security concerns very seriously, but few make it a priority to keep accountholders updated on their safeguarding efforts.
Here are a few ideas to include in a communication strategy:
- Consider launching a monthly or bimonthly security e-newsletter filled with consumer tips. The Financial Services Information Sharing and Analysis Center, a nonprofit financial group, provides free monthly content that can be used in newsletters or emails. By interspersing bank security initiatives with consumer tips, banks underscore their commitment to security.
- Gather stories that illustrate how employees have helped accountholders avoid scams or identity theft. Include them in newsletters, ads or mailings.
- Invite local police or security officials to give seminars on protecting personal data. Videotape the event and post the highlights on your website. Or interview a bank security officer about existing safeguards.
- Organize free paper-shredding events (which make for excellent community outreach programs, too).
- For free or a modest fee offer identity protection or identity resolution services to checking accounts.
- Develop an information campaign around tokenization and security benefits of the new EMV chip.
The goal is to portray your bank as a very security-conscious institution doing everything it can to protect vital information.
Banks already enjoy a high degree of customer trust. In a survey of 6,100 consumers, consulting firm Aite Group found that 58% of respondents believe banks do a better job of safeguarding data than retailers, governments, or law enforcement agencies. But we as an industry need to do more.
Kevin Tynan is senior vice president of marketing at Liberty Bank in Chicago.