New Guidance Raises the Bar for Bank Internet Security


it-security-article.pngOn the morning of January 22, 2009, an employee of Experi-Metal in Macomb County, Michigan, a manufacturer for the auto industry, received an email forwarded from a colleague. It appeared to come from the company’s financial institution, Dallas-based Comerica Bank, and said: “Comerica Business Connect Customer Form.”  The employee followed the link to another web site, where he complied with instructions to type in his secure login for the company’s bank account and other identifying information.

Sometime between the hours of 7:30 a.m. and 2:02 p.m. that day, 93 fraudulent payment orders totaling $1.9 million were executed on the company’s account.

Comerica eventually recovered all but $561,399. Experi-Metal sued the bank for its loss and won the case last month, putting Comerica on the hook for the fraud.

A Comerica spokesman, Wayne Mielke, said the company is considering alternatives, including a possible appeal.

U.S. District Court Judge Patrick Duggan wrote in his opinion that he considered multiple factors as to whether the bank acted in “good faith,” using “commercially reasonable” security measures. Among clues that something was going wrong at Experi-Metal: The sheer volume and frequency of the fraudulent transactions; a $5 million overdraft executed on an account with normally a zero balance; a history of limited wire activity on the part of the company; and the destinations and beneficiaries of those funds (banks in places such as Russia or Estonia, long known as hubs for such fraud).

That case emphasizes the importance of looking for anomalies in accounts—missing those could make a bank liable for fraud. There are other reasons why providing customers with a log in and password is not enough.

Michael Dunne, an attorney with Day Pitney in Parsippany, New Jersey, thinks the new guidance issued last month from federal regulators—the Federal Financial Institutions Examination Council—raises the bar much higher in terms of what’s “commercially reasonable,” the legal standard for what a bank is supposed to provide in terms of Internet security for customers.

No longer can banks rely on dual-factor security, typically a log in, password, plus something like a security token that recognizes a computer or other device that is logging in. That dual-factor security was OK in the 2005 guidance on Internet security, Dunne says. Now, banks will have to introduce even more layers of security on top of that, which many of them already are doing.

An example of an extra layer would be email notifications to the customer every time payments are requested on the account.

At a minimum, banks will now be required to have a process that detects anomalies and responds to them, such as a customer suddenly initiating 93 payment orders for $1.9 million in one day, where few such transactions occurred before.

Banks also must have controls for system administrators on business accounts. Such a person could have the ability to approve all transactions on a commercial account when multiple employees have access to the account.

The guidance goes into effect in January for bank examinations, but Dunne thinks it could have an impact much earlier, in terms of the lawyers bringing up the new standard in court cases where banks get sued by victims of fraud.

Meeting the Needs of the New Financial Consumer: A Snapshot of Six Customer Segments


FD-WhitePaper1.jpgConsumers have a lot of options when choosing a bank or credit union. To be successful in today’s highly competitive environment, financial institutions must creatively and innovatively meet their customers’ needs and expectations. However, consumers are not a homogenous group—and attitudes, behaviors and expectations related to desired products, communication tools and service vary dramatically.

Even more challenging for financial institutions, consumers are rapidly evolving in their use of technology. As consumers increasingly use technology in their day-to-day lives, many expect the convenience of high-tech tools from their banks and other financial institutions. At the same time, a persistently weak economy, the widespread erosion of savings and investments, and the lending crisis have fundamentally altered many consumers’ mindsets. Especially among baby boomers—the backbone of financial industry growth over the last 25 years—confidence in financial institutions and a willingness to engage in carefree spending appear to be things of the past.

So, how can financial institutions best meet the needs of a diverse and evolving consumer base? To find out, First Data and Market Strategies International jointly conducted an online survey of 2,000 U.S. consumers. The “New Consumer and Financial Behavior” study looked at consumers’ attitudes, behaviors, desires and technology adoption. The results revealed six distinct consumer segments, providing financial institutions with valuable insights into opportunities and challenges associated with different types of customers.

By understanding the needs and expectations of different consumers, financial institutions can:

  • Determine which types of consumers are most valuable.
  • Target products, technology and tools at specific customer groups.
  • Improve customer retention through targeted customer loyalty programs.
  • Better service customers by meeting their needs and expectations for products, services, communication and technology.

This white paper is the first in a series of four based on results of the “New Consumer and Financial Behavior” study.

About the Study
The “New Consumer and Financial Behavior” study was conducted jointly by First Data and Market Strategies International, a market research consultancy. During March 2011, 2,000 banked consumers (who have at least one account at a financial institution) completed an online survey of their attitudes, behaviors and expectations pertaining to their primary financial institution, as well as their adoption of related technology. All respondents were individual or household financial decision-makers recruited from the uSamp opt-in online panel of U.S. adults. For purposes of analysis, respondents were grouped into six consumer segments using a sophisticated and robust segmentation approach that combines demographics, attitudes, behaviors and values to create comprehensive, instructive consumer profiles. A full description of the research methodology is included on p. 13.

Your Mobile Catalyst


In my last two posts, I’ve written about the applications of mobile technologies & strategies (“Disruptive? Mobile? Regulated? Check, check, check“) and new opportunities for financial institutions to use mobile banking as a growth strategy (“In search of the next great customer experience.”) Today, I take a look at how a few community banks have learned from their bigger counterparts after explaining why board members need to become better educated to the mobile technologies available to their institutions.

mobile-banking-3.jpgYou’d be hard pressed to find someone in our business that doesn’t know the name Deloitte. In the U.S. alone, the international accounting and consulting firm (and its subsidiaries) employs more than 45,000 professionals and counts a number of major financial institutions as clients.  At the board level, a firm like this enjoys a brand recognition normally reserved for the IBMs and Skadden, Arps of the world. So a Deloitte-authored white paper on “Priorities for Tech-Savvy Directors as they oversee IT Risk and Strategy” caught my eye this weekend and sparked today’s post.

If you’re a regular reader, you’ll know I spend most weeks on the road meeting with bank CEOs, chairmen and outside directors and/or service providers and product vendors that support the industry. From investment bankers to bank analysts, attorneys to community bankers, quite a few people have recently asked for my opinion on the board’s role in technology decisions. Let me borrow from Deloitte’s piece in sharing my response:

Just as the growing complexity of accounting and disclosure issues made financial literacy a mandatory requirement for members of audit committees, the growing complexity and pervasiveness of (information technology) is increasingly making IT literacy an essential competency for directors… 

As the organization’s use of IT expands, the board’s responsibility for IT oversight grows. Boards need to ensure that their organizations maximize the benefits of IT, both through the alignment of IT with business strategies and through the ability of IT to help identify and mitigate risks to the organization (including those associated with IT itself).

So what does this mean for those boards looking to go mobile?  Let’s start with the basics: Boards have a responsibility for understanding, guiding and governing the overall strategic direction of their banks.  Accordingly, if mobile banking hasn’t become a part of your growth plans, you need to understand how providing such access to personal accounts and your institution as a whole supports your overall business strategy.

Fortunately, you don’t have to be big to be mobile.  Heck, you don’t have to be a “young” or entrepreneurial bank to offer it. Case-in-point: More than 100-year-old community banks have made their way into the space. Chesapeake Bank is a few hours down the road from me in D.C., and offers its customers convenient and secure ways to review transaction histories, check account balances, transfer funds between accounts and pay bills. So, too, does Fidelity Deposit & Discount Bank in northeastern Pennsylvania, which recently introduced ZashPay, a product offered by Fiserv, which enables customers to send and receive money from anywhere at any time using only an email address or mobile telephone number.

Those are just two examples of smaller banks that have jumped on the mobile bandwagon. A recent report by Accenture highlights the promise available to all:

Banks generating the highest returns on their mobile banking investments achieved ROI by emphasizing customer convenience, providing rich exchanges of information between bank and customer and accurately measuring how customers use their mobile phones to bank…

As I’ve written before (and Accenture backs up), the mobile banking channel offers an opportunity for banks to create a meaningful dialogue with their customers, deepen loyalty and broaden the services to which their customers can subscribe.  In this way, mobile banking is a competitive differentiator, as it provides timely, accurate information to the bank— critical to business strategy, and a true responsibility of the board.

In search of the next great customer experience


In the mid-to-late ‘90s, when companies like InteliData were promoting online bill payment and presentment technologies, I was introduced to a wave of industry optimism that such technologies would dramatically improve our overall banking experience. While the adoption cycle for online banking proved far longer than many forecast, history may be repeating itself. Indeed, we are in another period of technological exuberance, albeit mobile in nature.

Given our growing love affairs with mobile devices of all shapes, sizes and underlying technologies, it’s really no surprise that mobile banking continues to transform the way people manage their finances. Now, I realize I’m just one of many sharing this perspective; indeed, far more experienced voices, such as Fiserv’s CEO Jeff Yabuki, has been known to tweet out thoughts like this:

jeff-tweet.jpg (*April 30, 2011) 

Much like the pre-IT bubble days of online banking, I’m inundated with promotional materials from tech vendors promising to enhance the experience of a bank’s customers while reducing an institution’s costs.

Ah, the promise of mobile banking.  All upside, right?  Well, the Boston-based Aite Group offers an interesting counterpoint.  Last month, the research and advisory firm published its analysis of the group’s mobile banking consumer behavior survey. Its big takeaway: Banks will have to make significant investments to improve or develop their mobile marketing capabilities based on:

  • The lack of retention benefits from the mobile banking channel;
  • Potential losses of overdraft fees from balance monitoring; and
  • Shift in consumer attention towards mobile banking capabilities.

Juxtapose Aite’s observation with a recent TowerGroup forecast. There will be 53 million mobile banking users by 2013, which represents an annual growth rate of more than 50 percent.  Clearly, this is a huge opportunity for financial institutions to use mobile banking as a growth strategy.  According to FIS, another leading technology firm in our industry, those institutions that are not waiting on the sidelines are benefitting in a number of ways:

  • Attracting new market segments;
  • Reducing operating costs;
  • Creating brand differentiation;
  • Deepening account relationships;
  • Increasing satisfaction and loyalty; and
  • Generating revenue.

Despite the promise of these benefits, far more financial institutions have yet to go mobile. For those who haven’t, what are you waiting for? And no, this is not a rhetorical question. We’d like to know as we prepare to roll out our new digital platform for the financial community next month, so we might better help you understand the benefits and drawbacks of products and services.

Bonus question:
How often does your board hear from your CIO, head of Transaction Services, Mobile Banking and/or Internet Banking?  I’ve posted this question on our LinkedIn group so feel free to chime in there or leave a message below.

Big banks still grapple with their own complexity, risk


puzzle.jpgThe world’s largest banks have made a lot of progress revamping how they handle risk in the wake of the financial crisis, but they keep bumping up against the limitations of their own technology.

That’s one of the more interesting conclusions from a report that came out this week from Ernst & Young and the Institute of International Finance, a global association of 400 financial institutions and agencies. This latest report is the second to monitor changes the group recommended in July 2008.

It’s a little less sexy than the issue of bank CEO pay, but still pretty important in light of the last few years of financial pain. How are the world’s biggest, most complex financial institutions able to understand the risks posed by their own balance sheets and do something about them?

Ernst & Young conducted the survey of the group’s membership between October and December of last year, resulting in 60 online survey responses and 35 interviews with bank executives at firms such as Bank of America, PNC Financial Services and the Royal Bank of Canada, among others.

The survey identified areas of the greatest “progress” in banking: 83 percent of banks surveyed said they increased board oversight of risk and strengthened the role of the chief risk officer, for example. (Most chief risk officers now actively participate in business strategy and planning).

Ninety-two percent of banks surveyed have made changes to liquidity risk management in the last two years and 93 percent have implemented new stress testing.

But more than 80 percent of respondents cited “problems with inefficient, fragmented systems that can’t ‘talk to each other’ to extract and aggregate the accurate, quality data needed to conduct stress testing across the enterprise,’’ the report said.

Many are struggling with the demands on the resources needed to execute what is often a manual process of conducting tests and gathering results across the portfolios and businesses. One executive told us it takes 150 people across the businesses to analyze the scenarios mandated by both the regulators and the board risk committee.

Ugh. The problems associated with risk management don’t get much better:

More than 50 percent of those interviewed rate their ability to track adherence to risk appetite as moderate. The reasons cited range from the lack of clarity around which metrics align with risk appetite, to ill-defined methodologies for capturing and reporting information, to poor data quality and inadequate systems.

Poor data quality and inadequate systems? These are the largest banks in the world, remember. Perhaps this is an issue that will take only a few years to iron out. This is definitely one of those problems that won’t get a lot of publicity, but will really matter in preventing the next financial crisis.

Social Media Series: A Look Ahead


This is the fifth and final post on the value of social media for today’s financial services executive. Over the last month, we’ve looked at the fundamentals and why you need to care about newer trends and technologies, how some have successfully incorporated social media into their institutions way of doing business, the need for individuals and companies to be both authentic and transparent, and how you might personally get up and running if you’re not already. Today, we look ahead to social media in 2011.  

As this series draws to a close, cue the music*:

If this is it
Please let me know
If this ain’t love you better let me go
If this is
I want to know
If this ain’t love baby
Just say so

By now, we all know that social media marketing carries the same risks as traditional marketing. But with the continued surge in social services like those offered by Twitter, LinkedIn and Facebook, social networking platforms present powerful ways to connect with employees, consumers and shareholders of all generations.

fortune.jpg

Social media blends technology and social interaction; done right, it can be a win/win/win. Such networking co-creates value for you, your financial services company and your customers. Community building is something we all can do more of in 2011; hopefully these columns have inspired you to think about how you can get engaged and stay involved with conversations about your institution. Yes, a LOT has been written about social media, so I thought it would be interesting to share three predictions for 2011.  

Beyond the standard ‘you will train employees on the proper way to communicate with customers through social media,’ I’m excited to see the following take place:

  1. As more people take to mobile technologies (coupled with a wider adoption of tablets like the iPad), marketing efforts that incorporate online, in person and in print activities — supported by social media plans — will appreciate in value.
  2. Customer service departments take over as the main proponents of social media, with the full support of the CMO and leadership teams.
  3. Banks leverage geo-tagging applications to prepare/predict for traffic in their branches and at least one gets into social gaming in a big, big way.

Have a few predictions of your own that you’d like to share? Leave a comment for us below. While this is the last post on this particular series, our VP of Digital Strategy will be leading a panel discussion at our annual Acquire or Be Acquired conference in Scottsdale later this month. If you’re game to share your view(s) with her, I know she’d appreciate your thoughts.

*Can’t get the refrain out of your head? You have Huey Lewis & The News to thank for that.

Social Media Series: Authentic – true to one’s personality, spirit, character…


Last Monday, I wrote about how social networks are changing a bank’s customers’ experience. Well, its up to the leadership within an institution to incorporate your online interaction into your way of doing business, and today’s column looks at how one company is doing just that.

If pressed to offer just one word that that sums up social media today, it is the title of today’s post.  That is, successful financial services companies do not automate their responses, yet they do integrate links/videos/pictures and they understand that they simply influence (not control) their bank’s message.  In short, they are true to their culture, which I assume aspires to provide exceptional customer service.

In our “world-is-flat” day and age, the Internet offers around-the-clock service and availability to customers as well as an engaging platform for prospective ones. Being “always on” allows a company, bank or credit union to continuously share brand messages and gain macro-level insights into their customers’ online behavior. Regardless of your asset size, understanding the strengths and weaknesses of your competitors is a critical component for improving your own institution’s business results and profitability.

social-media-ally.jpgWhether you’re a bank with relatively small deposits, an institution of a healthy asset size or one of these banks’ competitors, social media provides smart, progressive types with a tremendous amount of research on user behavior and attitudes.  Take, for example, Ally Bank and USAA.  The former being the old GMAC; the latter, serving the military and their families since 1922.  Both provide insurance, online banking and mortgage operations to its customers.  But notice anything interesting about the twos interaction with their respective followers on a social media site like Twitter?

While I’m not suggestion the number of tweets correlates to the number of followers, a quick survey of the comments and conversation leads me to believe that USAA gets the whole concept of community building.  In fact, I reached out to both Ally and USAA through Twitter where my online inquiry to Ally was met with silence, and the one sent to USAA received a response within two hours.  Community building is something that all banks should be doing, as so much of what we do work-wise and personally requires some form of relationship with a bank.  And it’s not just on Twitter that USAA is making itself available. Take a look at its Facebook page.  As of December 22nd, 127,696 people “Liked This.” Impressive.

USAA-_Facebook.jpg

I use these two examples not to castigate Ally or promote USAA; rather, to show how one company has realized that, despite our turbulent financial environment, investing in this medium allows them to really engage with their customers, build trust and act in an open and honest manner.  Living in Washington, the word that bankers and financiers can’t escape is transparency.  So if we opened today’s post with the word authentic, let me close with transparent.  If you can marry the two, you’ll be well ahead of your competition.

Social Media Series: Is your bank using?


In my last column, I wrote about social networking platforms presenting banks with powerful new ways to connect with consumers of all generations. This week, we look at the benefits of social media and clear up some misconceptions about the practice.

At a time when a number of institutions — both big and small — consider implementing new technology strategies to lower costs for retaining clients, improving operating efficiencies and differentiating brands and customer offerings, surprisingly few banks leverage social media as a communications channel. Considering the U.S. economy struggles to emerge from its bleakest conditions in 80+ years, one would think that most would readily embrace an opportunity to engage with anyone visiting them “digitally.”
 
diving-board.jpgIn today’s massively connected world, tools and technologies continue to present new ways to share/consume day-to-day information. According to a white paper put out by comScore, an Internet marketing research firm, this has significant impact on the industry. While its generally accepted that online banking continues to grow in importance for the average American, did you know that “in any given quarter, nearly 60% of the total U.S. Internet population visits at least one of the top 20 financial institution sites.

Those are some big numbers that any bank — community, mid-size or large — should take note of.  Now, I’m not suggesting you go out and start using social media to promote your latest credit card offer. A word of caution that banks using social media channels to sell products or hype their services will quickly fall behind those using such tools to boost their customer service quality. Resolving issues quickly; now that’s something people want that you can give them. 

This lines up with another point from last week: the fact that you no longer wholly control your message. This idea caught a few by surprise, so I reached out to Susan Jacobsen, the president of LUV2XLPR, for her thoughts. As her work bridges public relations and new media, we talked about ways her clients are navigating a rapidly changing social media landscape. While a daunting task to some, Susan suggested that executives look at social media as a means for “engaging with customers while balancing the legal, compliance and risk liabilities.” She continued that “once they make the decision to engage online, whether through Twitter, commenting on blogs or via LinkedIn, it has to be a commitment to continue the dialog and not disappear if they don’t like what they’re reading. Social networks will not go away and neither should they.”

Sage advice to anyone thinking about using these tools to expand their customer experience in 2011 and beyond.

Using Technology to Manage Lending Practices


The most recent issue of Bank Director includes these words of wisdom: oftentimes a bank’s most important lending decision is the loan it doesn’t make.”  That line struck a chord — and sent me back down the path of Big Data and the value of business intelligence for today’s column.

Now, in my last post, I cited a list a handful of tech firms in the “Big Data” space that support the financial industry. Inadvertently, I left out SAS — one of the leaders in business analytics software and services.  An oversight on my part, as their support of banks, credit unions, lenders and capital markets firms is considerable.  While some technologists consider them expensive, the tools and services they provide to solve risk management issues, develop stronger customer relationships and create clear competitive differentiation ties into that post’s central theme of growing organically and today’s lending practices.

bsns-man-grass.jpg

I mention SAS’s support of the industry as a means to an end: their case studies show how a number of their clients — mid- to large financial institutions, both foreign and domestic — invested time, money and resources to integrate, organize and manage an explosion of customer data.  All of which returns us to the value of understanding your customer’s data in the context of lending.

With bankers across the country tightening their lending practices due to credit delinquencies, new legislation and tighter regulatory controls, providing new and/or easier ways for non-technical users to explore, visualize and interpret data has to sound pretty good, right?