Practice what you preach?
14 September 2015
This is the next – I have a terrible feeling its not the last though – of seeing the cards world through the eyes of a consumer. The story so far is contained in three previous posts, with the last reporting that my card details were skimmed (we assume) in the US. This post however looks at the experience at home. As a consumer, we often get warnings from our banks about phishing attacks – we will never do this, our emails will look like this, etc. Then consider what a daily average inbox looks like – full of identical emails from fraudsters, often better written, and better laid out. Furthermore, banks only focus on emails and outbound calls. I’m possibly wrong, but I’m fairly sure never had the same warnings about text messages, tweets etc. Consider then these channels and how many spam messages you get on a daily basis. (It’s probably ok though, as all the PPI claims I’m told I have should more than compensate me for all the recent accidents I’m alleged to have been in!) Saturday afternoon I received this text: Note that it comes from a mobile number, and texts from my card provider have their details in the text. I deleted it, assuming it was spam, and that if I replied I’d be signed up to some premium rate text service…again. Something made me pause, so I rang my card company, using the number that I already had. And I was right to do so, as it was from them. Thats why I've blurred the full number - this is an active line that they are using, but don't advertise They seemed surprised that I was querying the method, yet when I asked how many people responded to texts, they seemed less certain (to be fair, it was a call center operator!). As a consumer, I appreciate the attempt to make it as seamless and easy as possible. Yet it contradicts the advice we’re given. It would be very simple to text people randomly and ask them personal detail to confirm who they are or to log into a man-in-the-middle website. It feels a little chicken and egg. Consumers need educating. Explaining that the layers of security are providing them protection. At the same time, banks need to think about how consumers will – or should – view their messaging. Given the nature of the message, and the reputational issues, I wonder whether it’s time for the banks collectively to find a solution. Detecting fraud and managing it could be a competitive differentiator – or it could prove far more powerful to do collectively. Across providers, across channels, across products. Best practice across the industry surely has got to benefit everyone long term?