Scammers, thieves, hackers, online impersonators, Black Hats; whatever you call them, digital criminals are here to stay. In fact, stealing consumer information and selling it online within a criminal network is more lucrative and much less risky for said network than the illegal drug trade.
While consumers should be aware, ultimately it falls on the shoulders of financial institutions to make sure they protect not only their institution but also their account holders from intrusions, regardless of where they originate.
Here’s a great example; we recently identified a relatively large financial institution that started hearing from customers that they were getting calls from their financial institution asking for personal information – information that this institution should already have. The account holders, in this case, were the victims of a phishing scam. Someone obtained a list of customers, including phone numbers, and were reaching out to try and obtain credentials that would give them access to an online banking portal.
These types of scams are becoming more and more common, putting any sized financial institution (and their customers) at risk. Even with a solid crisis plan and training, panic and confusion can happen before the policies and procedures kick in. What is the customer/member saying or asking? Are there multiple offenses. What did you tell them? Did you follow procedure? What are our next steps? Who do we communicate to? What’s the follow-up?
First and foremost, when a breach has occurred or a targeted scam has been identified, you must deliver your disaster communications protocol to the organization. Consistent communication throughout the organization – from CEO to CSR – is critical to maintaining employee and account holder confidence. While the outbound message is crucial, you must also be positioned to collect information from account holders who may have been impacted. Employees must be equipped to handle these inquiries and quickly adapt to new information as it comes.
Crisis plan in place, account holders are being notified, information to help you understand what happened is being collected.
Great question. This is where things get a little gray. Have you done as much as possible to protect account holders? Is it enough to tell them about the incident? Or is there more you could and should be doing?
It’s important to ensure your account holders feel secure. Even if they inadvertently handed over their password and login credentials, you have an opportunity, as their trusted financial institution, to help them recover – financially and perhaps emotionally. We’re not suggesting that you to make a personal house call to every account holder who has experienced or felt vulnerable to theft. Instead, manage to the problem. People will be scammed, they will be tricked and their identity will be stolen. It’s an inevitability in the world we live in. The thieves are ahead of the game.
Fortunately, you can provide account holders protection in the event of identity theft and you can help them recover in case of a loss or theft. With the added benefit that you can tell them – every day – not just after the theft has occurred, and you can sleep better at night knowing that you are doing enough to help protect, recover, and resolve any loss account holders experience due to identity theft.
We have a lot of experience inside and alongside financial institutions. This experience means we can quickly understand and assist when an issue like this becomes apparent or even better, before an incident ever occurs. We also have a tested an effective approach to dealing with these types of situations.
So I challenge you to ask yourself this simple question, “Am I doing enough TODAY to protect my customers?” Then reach out to us and we will make sure to get you CURRENT.