Tuesday, December 01, 2009
Text Message - Read it to say "We want to rob you"
Do thieves use technology to rob your customers? If it works, you bet they do. Bankers must remind customers to be ever vigilant. It is one thing to know that an email is a spam and a scam when you don't do business with the sender, but when you get a text message from your bank that says there is a problem, it is not as easy to discount. In Nampa, Idaho, people are receiving text messages concerning their accounts with Mountain Gem Credit Union. They are asked to call a toll-free number. There can't be any harm in that, right?
If the call is placed, your customer may be asked for confidential information that may be used for identity theft and access to their account, and may be charged an exorbitant amount for the "toll-free" call.
What should banks be telling their customers?
- Will you ever contact them via text messaging, if so, when and why?
- How can they easily verify your number?
- Do you post warnings of such scams on your website? (Hint: you should.)
- If they receive a message, how can they verify authenticity?
- If they release information and later believe it may be a scam, what should they do? What guidance do you provide?
One reason this is important is because of the volume of financial crime. The Computer Security Institute's 14th annual security report is due out this week. Here is a peek at what it says:
- Products to protect computer users are fine, but awareness programs are lacking. This can apply to the corporate world as well as the consumer.
- Financial fraud claims are at 19.5 percent in 2009, as compared to 12 percent last year.
- Malware infection are at 64 percent in 2009, and were just over 50 percent last year.
- Denials of service are at 29.2 percent in 2009, and were 21 percent last year.
- Password sniffing incidents are at 17.3 percent, compared to 9 percent last year.
The survey showed significant dips in wireless exploits, 7.6 percent but down from 14 percent in 2008, and instant messaging abuse is also down to 7.6 percent, from 21 percent in 2008. But just because some threats are down, doesn't mean you don't need to prepare for them.
25 percent of the survey respondents said non-malicious incidents caused by insiders were the cause of the majority of their losses. So you also need to protect yourself from the inside out. Average losses per incident cost respondents $234,244. That is a significant cost which is more in line with a breach or theft than text messaging attacks, especially at smaller community organizations. But that begs the question, what amount is an acceptable loss? With adequate prevention, hopefully this number will be zero and scammers will move on to an easier target. When your customer gets burned, they may cease electronic banking in an effort to protect themselves in the future. That mentality will drive your costs back up.
Prevention is a key toward fewer losses and lost accounts, and communication is a major part of prevention.
Do thieves use technology to rob your customers? If it works, you bet they do. Bankers must remind customers to be ever vigilant. It is one thing to know that an email is a spam and a scam when you don't do business with the sender, but when you get a text message from your bank that says there is a problem, it is not as easy to discount. In Nampa, Idaho, people are receiving text messages concerning their accounts with Mountain Gem Credit Union. They are asked to call a toll-free number. There can't be any harm in that, right?
If the call is placed, your customer may be asked for confidential information that may be used for identity theft and access to their account, and may be charged an exorbitant amount for the "toll-free" call.
What should banks be telling their customers?
- Will you ever contact them via text messaging, if so, when and why?
- How can they easily verify your number?
- Do you post warnings of such scams on your website? (Hint: you should.)
- If they receive a message, how can they verify authenticity?
- If they release information and later believe it may be a scam, what should they do? What guidance do you provide?
One reason this is important is because of the volume of financial crime. The Computer Security Institute's 14th annual security report is due out this week. Here is a peek at what it says:
- Products to protect computer users are fine, but awareness programs are lacking. This can apply to the corporate world as well as the consumer.
- Financial fraud claims are at 19.5 percent in 2009, as compared to 12 percent last year.
- Malware infection are at 64 percent in 2009, and were just over 50 percent last year.
- Denials of service are at 29.2 percent in 2009, and were 21 percent last year.
- Password sniffing incidents are at 17.3 percent, compared to 9 percent last year.
The survey showed significant dips in wireless exploits, 7.6 percent but down from 14 percent in 2008, and instant messaging abuse is also down to 7.6 percent, from 21 percent in 2008. But just because some threats are down, doesn't mean you don't need to prepare for them.
25 percent of the survey respondents said non-malicious incidents caused by insiders were the cause of the majority of their losses. So you also need to protect yourself from the inside out. Average losses per incident cost respondents $234,244. That is a significant cost which is more in line with a breach or theft than text messaging attacks, especially at smaller community organizations. But that begs the question, what amount is an acceptable loss? With adequate prevention, hopefully this number will be zero and scammers will move on to an easier target. When your customer gets burned, they may cease electronic banking in an effort to protect themselves in the future. That mentality will drive your costs back up.
Prevention is a key toward fewer losses and lost accounts, and communication is a major part of prevention.
Comments:
Post a Comment
