Business Online Banking Risks - Banks Need to Proactively Educate Customers
17 March 2010
Jacob Jegher
I just returned from the Digital Insight National Client Conference in San Antonio. I was invited to speak on social media for banking, and I also took some time to attend several of the sessions. One of the sessions I attended was a panel discussion with a group of four commercial businesses. These middle market firms discussed various cash management and online banking issues and described how they run their businesses. Eventually the discussion turned to security and the moderator asked the firms about their security best practices. Each firm described their setup and one of the businesses described a fraudulent incident where a keystroke logger was installed on a computer used for online banking. Three out of the four panelists were unaware of the rash of business online banking fraud that has hit the market (see my blog entries on this here and here). I asked the panel if their financial institution had contacted them recently to make them aware of some of the risks, or if their financial institution had implemented new policies or solutions that they would be required to adopt. The answer of all four businesses - a flat out no. Their banks had not contacted them recently about anything related to security. Needless to say I was not entirely surprised, but I was frustrated by the situation. Business banking is very much about relationships. Banks should be investing in these relationships and at the very least should be providing educational tools and support to their customers. Given what is going on in the market, security education isn't an option but a strict requirement. Even with the various warnings and advisories that have come out it appears that banks aren't doing enough to proactively educate their customers. There is a lot at stake and just this week several agencies have issued an ACH and wire fraud advisory. I agree with most of the points of the advisory. However, there is nothing mentioned regarding security education in the section called, "Actions for Financial Institutions." Additionally, the recommended best practice for businesses is to use a dedicated computer for online banking. This is completely unrealistic and counterproductive. Before you know it we will all need to have separate computers to login to facebook, another to send email - you get the pictures. This scare tactic also has the potential to reduce business online banking adoption. Proactive and ongoing security education, smart practices (e.g. setting dual approval, limits) coupled with multiple layers of security solutions can solve a good chunk of this problem.
Comments
-
Thanks for your comments Adam. I completely agree with your points. In addition, it's fascinating that the overwhelming majority of banks are emphasizing the importance of risk management, but don't necessarily correlate it with customer relationships.
You make an excellent point, Jacob. As bankers we have to pull our heads out of the sand and be better partners in the banking relationship. One thing that is surfacing quickly (and as you pointed out so well in your conference presentation) is that banks have to be willing to give more in the relationship without expectation of something in return. The value of most relationships is not measured in fee income or dollars, it is most often measured in mutual respect and a willingness to give and assist. The monetary benefits will follow as a result of how well you cultivate the connection.