By Angela Murphy
Banks don’t have it easy, balancing ever-changing consumer demands with the need for ironclad security and privacy. They’re responsible for managing more data than ever, across more devices—all while driving innovation and striving to exceed expectations. It’s certainly a tall order.
In the meantime, data exposure continues to rise, with the number of compromised consumer records jumping 126 percent in one year, as reported by the Identity Theft Resource Center. The result? Identity theft is now the fastest-growing crime of the 21st century, and it weighs heavily on the minds of most individuals. This increase in the cases of fraud and identity theft—coupled with competitive and regulatory pressures—make it a top priority for banks to protect their customers, employees and partners from identity-related crimes.
Much of the data breach activity can be attributed to the speed with which new technologies are emerging and the rush keep up. The move toward mobile banking and mobile payments in recent years is an excellent example of this pressure. Customers want financial power in the palm of their hand, and banks are delivering.
Hundreds of millions of people already access their financial accounts via their smartphone, and Juniper Research predicts that number will jump to 3 billion by 2021. However, mobile devices are especially vulnerable to cyberattacks. All it takes is one wrong tap for a customer—or even an employee—to download malware or ransomware, or for an individual to be tricked into entering their banking credentials into a fraudulent app. It’s easy to see how our mobile-first culture has ushered in a major gateway for security incidents, considering how many employees, account holders, and partners are leveraging their mobile devices to manage their finances and perform work functions.
Three keys to cyber defense
Consumers have faith that their bank will safeguard their money. They also expect their bank to protect them from identity fraud and to resolve fraud issues when they do occur. Javelin Strategy and Research found that three out of five account holders view their bank as the place to turn for help when experiencing identity fraud. And it’s in the bank’s best interest to be prepared to offer that help. The alternative—leaving the customer to go it alone in resolving their issues—can have a negative impact on the bank’s customer retention. That’s why every organization—especially in the financial sector, needs to implement protection, detection and resolution measures—both internally and externally.
1) Protection – How an account holder reacts in the face of a fraud incident is a critical consideration for banks, given the highly competitive environment for acquiring and retaining customers. One in three victims of a data breach later go on to experience an identity crime. If those victims don’t feel like their bank is protecting them, they won’t be afraid to take their business elsewhere. According to Javelin Strategy and Research, 20 percent make the switch without alerting their financial institution to the fraud at all.
Protection starts with leadership from information security, IT and cybersecurity teams in order to proactively identify and isolate risks from either within or outside of an organization’s four walls. All data, files and communications must be encrypted across all devices while the data is in use, in motion or at rest. That way, even if those items were stolen, they would be unusable.
2) Detection – It would be naïve to believe that any organization is completely safe from breaches. That’s where detection comes in. All employees, at every level of the organization, must be formally trained to ensure that individuals understand the seriousness of cyber threats—and know how to spot trouble. Consequences for disregarding security protocols must be clear, up to and including termination.
Software can be used to detect suspicious activity across all platforms in which your customers perform digital banking activities. From your bank’s mobile app through its web-based dashboard, being able to spot fraudulent login attempts, recognize unusual transactions, and identity suspicious activity is a critical first step to alert consumers that something is wrong. Additionally, banks should have the member service strategies and infrastructure in place to assist account holders who receive an alert and want to speak to a human to resolve their issue.
3) Resolution – The resolution stage is the linchpin of any proactive account holder protection plan. Your customers rely on you to safeguard their PII and financial account information—even if that information was exposed by a third party and not an internal security incident. Working with a partner to deliver 360-degree protection for financial and identity restoration services provides account holders with the peace of mind they seek after they are put in jeopardy. This builds good will with your customer base and can help to minimize attrition after a data exposure.
On an organizational level, formalizing an incident response plan is the first step. Key stakeholders throughout the organization should be prepared with an action plan if a data breach occurs, which will ultimately mitigate long-term damages—including breach costs and account holder churn.
When all banks are pushing forward in the race to adopt the latest innovation and emerging technologies, remember that cybersecurity is essential to remain competitive while protecting account holders. Be the trusted resource that empowers consumers to guard against fraud and cyber-attacks.
Angela Murphy is the chief operating officer of EZShield and IdentityForce, award-winning providers of secure, digital identity protection and cybersecurity solutions that help consumers, partners, and organizations of all sizes protect what matters most.