Financial services firms make a lot of noise about the rise of identity theft and fraud coming from phishing, key loggers and internet attacks. Forrester, however, points out some of the practices of these firms actually contribute to the effectiveness of identity theft and fraud scams.
For instance, E*TRADE sends an introductory email to employees of participating companies asking them to enrol in its service for managing stock options.
The email is unexpected and seems unsolicited. The address looks as though it came from a company impersonating E*TRADE. The sending domain, etrade.pO.com, is owned by E*Trade’s marketing partner Yesmail. The message directs the recipient to a website that asks for a social security number as identification.
Forrester says phishing attacks are successful because the messages look as though they are from legitimate companies and contain what seem to be plausible requests. If financial services companies never asked for personal information in unsolicited communications, then consumers would be suspicious when receiving them and phishing attacks would be far less successful.
Another example involves Citibank. Forrester notes Citibank uses sophisticated tools to detect credit card fraud by tracking customers’ transactions.
Citibank calls the cardholder when there is activity requiring verification. A representative leaves a message the bank has identified some suspicious card activity, and a number to call. But when the customer calls back, he or she is asked to provide a credit card number and other personal information.
Forrester says this legitimate and well-intentioned activity follows the same pattern as phishing attacks, where an unsolicited communication puts fear of fraud into the customer’s head and directs him to an unverified channel.
If financial institutions want to continue moving their business operations and interactions online, and keep customers’ trust, they must act quickly, says Forrester.
“Banks need to get more aggressive with communication efforts than just placing educational inserts into statements and putting safety tips online within their websites. The best place to educate people is during online activities, especially enrolment. Don’t worry about scaring off customers – they’re already scared.”
See Criminal elements for related story on how banks fight back against fraud attacks.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.