Blog article
See all stories »

Security should be a behaviour, not just a setting

Security is a huge risk in modern day society both within and outside of the payments industry. Cyber-attacks are growing in frequency, size and complexity and the weak links that fraudsters penetrate are increasingly more obscure in response to the consistently evolving fraud prevention measures in place. 

Whilst sophisticated fraud detection and prevention measures can achieve substantial results, technology may never be robust enough to wipe out fraud completely, especially considering the human element.

A bank for example, could have numerous measures in place, adhering to PCI, implementing both the latest and tried & tested fraud prevention methods from a rules-based engine to machine learning, an extensive staff training program and still suffer regular attacks from fraudsters, some of which will undoubtedly be successful. Often staff can get either knowingly or unknowingly entangled as accomplices to malicious behaviour, however, in my opinion, the biggest endangerment to the most secure financial institution remains the consumer. 

The consumer who deems contactless cards too risky to use and won’t consider using their mobile for payments, is usually the same consumer who whinges about the additional security measures on their internet banking. In the worst case scenario, it is the consumer whose password is their own name, their PIN is 1234 and that can regularly be heard on the bus yelling out their card number and CVV to pay for something over the phone. The downside is that in all likelihood, even though they have made no effort to secure their card details, they still expect the third parties they interact with to do so.

I realise there are some mass generalisations here, there are plenty of security conscious members of society. However, the fact remains that whilst many consumers are suspicious of the security of their financial data, they still do not position themselves as a key responsible party for ensuring its secrecy. 

The consumer clearly sees security subjectively, based on personal experience. A person who has suffered a data breach is inclined to be far more diligent that one that hasn’t, but how can we convince the consumer of their own sense of responsibility and to change their behaviour to help prevent fraud before it occurs?

Consumer education is an often overlooked link in the security chain. Consumers tick the terms and conditions boxes but don’t read the small print; they keep their PIN saved on their mobile, or give out their card details without a second thought. There is a reason identity theft is the largest growing threat. According to AOL, Current account fraud is now so common that at least 89 in every 10,000 applications for a current account are made by a fraudster. 

Financial institutions need to invest in educating their consumers of the risks they may be exposing themselves to in their daily lives. A collaborative approach between the bank and the customer whereby the customer is made aware of how to safely dispose of their financial correspondence, to check ATMs for suspicious devices, to never let their card out of their sight and install antivirus software on their computers is far more likely to make the customer feel that their financial security is a priority. Advertising campaigns with lifestyle messages that actually have very little to do with banking and try to capitalise on attachments to emotional imagery will not build the kind of loyalty that an active demonstration of customer care can. A comprehensive education strategy is what can ultimately lower the costs associated with fraud and drive trust and longevity in consumer relationships.

Or you could just invest in videos of someone returning a man his scarf or of a horse growing up......high profile data breaches and disgruntled customers are great for brand recognition after all.


Comments: (0)

Now hiring