With the growing popularity of online banking, your customers are at greater risk than ever to identity theft. The fastest-growing form of identity theft is “phishing” – spam e-mails that prompt customers to visit imposter Websites that ask for personal and financial data such as Social Security numbers, birth dates, credit card numbers, etc.

Your challenge – indeed, your responsibility – is to alert your customers to the danger of phishing and educate them on how to recognize the signs of these bogus e-mails and what they can do to protect themselves. Companies that do so effectively will benefit from gaining the trust and confidence of their customers, which can translate into increased customer loyalty and retention, and decreased customer-acquisition costs.

 

A Growing Problem in Financial Services

Meet MarshComm at the 2005 CBA Marketing Conference We will be attending the CBA Marketing Conference at Lake Lanier Islands on March 3 & 4.  Look for us and our tabletop displays. We will be happy to talk with you about your communications needs.

According to a recent study by Gartner, 57 million Internet users in the United States have received e-mails linked to phishing. Estimates put the success rate of these scams at 5 percent. That’s nearly three million Americans who have had their identity stolen via phishing.

The Anti-Phishing Working Group (APWG) reports that financial services is the most targeted industry sector for phishing attacks, both in the total number of counterfeit Websites and the number of companies targeted. In fact, financial services averaged 73 percent of all hijacked brands as of October 2004, including such major U.S. banks as Bank of America, Wachovia, Bank One, the former FleetBoston, Wells Fargo and MBNA.

 

How Phishing is Done

Here’s how phishing commonly works. E-mails claiming to be from your company are sent to your customers asking for updated personal or financial information regarding one or several of their accounts. Often, the e-mails warn that accounts will be shut down unless the consumer provides the information. Customers are asked to click on an icon or link to be directed to your institution’s Website.

The link directs customers to a fake Webpage that is mocked up to look exactly like your Website, or actually takes customers to your Website, at which time a pop-up window comes up in front of your page. The phony Webpage or pop-up window asks customers to divulge personal and financial information that the scam artists then collect and use to defraud your customers.

Following are some tips on how best to warn your customers about phishing and ID theft, in general, and the key points you should communicate.

 

Educating Your Customers

The best way for financial services companies to combat phishing is to educate customers regularly on how to recognize the signs of this scam and encourage them to adhere to protective guidelines published by the Federal Trade Commission (FTC), the Better Business Bureau, and the APWG.

A highly visible message on your institution’s Website is an effective way to get the message out to consumers. State a clear company policy that explains exactly how you interact with customers regarding their personal information.

In addition to a company policy section on your Website, consider adding a regular article or column on computer and Internet safety, especially as it concerns online banking and financial transactions. Keep the information updated and fresh to hold your customers’ interest over the long term.

Online and hard-copy newsletters are another effective way to educate customers. Informative newsletters that include consumer tips on how to recognize and avoid online fraud can be distributed via your Website as well as at branch office locations and other customer touch points. You also can use condensed versions of the identity theft articles as statement stuffers.

E-mail is another method that can be used to communicate with customers, though great care must be taken, as this is the primary vehicle of scammers. You do not want to confuse customers or set a precedent of communicating via e-mail if that is not the regular course of business.

 

Key Messages

There are several key points that you should communicate to your customers regarding phishing and identity theft protection:

• Your company never asks customers to update personal or financial information via e-mail, nor asks for such information via a pop-up window. Your customers should never divulge personal or account information over the phone or on your Website unless they initiated the transaction and can verify with whom they’re dealing.
  
  
• Do not click on any links that purport to go to a section of your Website. Instruct customers to always type in your Web address manually.
  
  
• When customers need to conduct online transactions, they should make sure your site is using encryption, which usually is demonstrated in at least one of two ways. They should look for a locked yellow padlock icon on their browser’s status bar (see example below). The absence of this is a good indicator of an imposter Website. They can also check to see if the Internet address in the browser’s address field has changed from http: to https: (secure).
  
  
• Suspect e-mail should be deleted or sent to the FTC at www.ftc.gov. If customers believe they have been defrauded, they can file a complaint at the same site.
  
  
• Provide a phone number your customers can call if they have any questions or suspicions about correspondence seemingly coming from your institution.
  
  
• Customers routinely should review credit card and bank statements to check for unauthorized charges, as well as regularly review their credit report.
  
  
• For additional guidance on how to protect themselves against phishing attempts, customers can visit the FTC consumer help site at www.consumer.gov.