I recently came across an interview on BankInfoSecurity entitled, “Banks Must Assume Customers Will Compromise Themselves”.
In this interview, Tom Oscherwitz, chief privacy officer and vice president of government affairs for ID Analytics, discussed why online security measures are failing due to basic authentication techniques. With the use of current social networking sites, such as Facebook, customers are often revealing all the information fraudsters need to figure out their log-in credentials.
Many experts (and vendors) are recommending banks increase their security measures and implement expensive fraud detection technology solutions and measures. Unfortunately this is merely reacting to a symptom rather than preventing the problem. The root of the problem is uneducated consumers and lack of situational awareness, so why not teach situational awareness and help bank customers work with banks to proactively protect their personal information?
If bank customers could make the connection between sharing their maiden name, pets’ names, nicknames, birth place, birthday, etc. on their Facebook profile and then using that same information as their authentication question for their online banking, they may be less inclined to do so.
And those Financial institutions implementing ongoing customer awareness programs will gain a competitive advantage by having customers who are more aware and working with the bank to mitigate risks involving:
- Email Security
- Online Risks (shopping, sharing music, online gaming)
- Viruses, Spyware, Crimeware and Bots
- Internet Safety (social networking sites)
- Password Security
- Information Disposal
- Mobile devices
- Home Networks
- Identity Theft
As risks, threats, regulations, etc. are constantly changing, it will be critical to maintain an ONGOING program. And financial institutions sharing lessons learned from current data breaches will help ensure copycat breaches do not happen at their institutions or to their customers.
Visionary Financial leaders providing situational awareness training for their customers will not only be helping their customers, but also preventing expensive data breaches and lawsuits and improving their ongoing customer relationships, customer trust and their institution’s reputation. Financial institutions should stop assuming things about their customers, realize more technology is not the answer, and start helping their customers make better decisions.