John Safa's opinion piece entitled 'Banks are struggling
with email' presented a single lens to the topic. Here is an alternative viewpoint.
Banks are not 'struggling' with email, indeed they are increasingly embracing the reach and ubiquity of email as a core communication tool for the always-on world. It is almost impossible to engage with electronic banking without an email address. As customers
migrate to digital channels, email is fast becoming the most important option available. It is immediate as well as persistent. It doesn't have character restrictions or specific requirements for technology or software at the end user.
Banks do have a massive concern about data leakage but email is not the culprit, it is merely a potential channel.
Email works because everyone has it - many alternatives have been mooted, trialled and failed over the years because they all suffer from the lack of the network affect in the adoption process.
But we all know that email has its limitations in terms of inherent security in the SMTP protocol. Recent moves to enforce TLS connections by major ISPs has improved this slightly, but sending confidential information in the body of an email is still the
same as sending it on a postcard through the mail.
Security is a major focus area for all financial institutions and security of communication channels is a key part of this arena. However it would be disingenuous to lump all data protection risks on the transport medium. Copying information, sharing, downloading
and disclosing it to the media are all risks that apply equally to all communication mediums. It doesn't matter if you print and post a letter or present data within a secure online vault (something like Barclay's Cloud IT), as soon as it is accessed by an
end-user it is vulnerable.
We should also separate out internally focused email usage and externally focused customer communications. Data Loss Prevention tools are a necessity to protect against internal staff accidently sending confidential information to the wrong person outside
of the organisation. Security policies and multiple software applications enforce restrictions on the use of many potential endpoints such as Dropbox, USB drives, cloud drives and online storage apps. Securing email is almost trivial in comparison.
Email has a bad rap that originates from its use in phishing and malware attacks. These are real risks that banks are spending significant resources combating. However it doesn't follow that the banks should spurn email as a valuable tool for customer communications,
indeed the billions of client focused communications, both marketing and operational, sent by UK banks each year, are testament to the sophisticated and carefully planned usage of the medium.
What is interesting to note is the increased use of email for secure document delivery. Don't confuse this with encrypted email that has proven hard to roll-out to large B2C customer bases and which generally requires a PKI model. Secure Document Delivery
uses email as the delivery tool for an encrypted attachment. Far from not meeting the security or corporate governance requirements of leading banks, the use of 256bit AES encryption protocols means that the documents are protected both in transit and whilst
sitting in the customer's inbox.
Delivering bank statements by email provides a quick and easy way to move a customer relationship online and to the leave the print and post days behind us. This is especially true for mono-line customers that don't want to register and learn a new online
banking interface for one account they don't regularly access. These customers are digitally enabled and can be converted from paper to digital with relatively simple but focused secure delivery adoption techniques.
I do agree with John that email is not going away - it's an everyday part of our digital life - we just have to use it appropriately in a greater channel strategy to achieve our communication objectives.
(Disclaimer - I am the CEO of a software and SaaS business that provides secure document delivery and secure document repositories to Fortune 100 banks around the word - I like email and am inherently biased towards it)