Take the Lead with Your Customer Awareness Campaign

 Author: Karen Crumbley, karenc@gladtech.net

Financial Institution (FI) management teams are embarking on the next steps in order to meet the FFIEC’s Supplement to Authentication in an Internet Banking Environment expectations.  The next line item on the agenda after the initial risk assessment is commonly the Customer Awareness and Education component of the guidance.  Whether your FI’s Information Security Officer is the lone soldier overseeing this project or there is a designated committee of individuals from different functional areas to manage the awareness campaign, they are likely in process with reviewing their options. 

Naturally, cost effective control solutions top the list when making a decision on your Customer Awareness and Education Campaign.  According to a recent fraud survey from Bank Info Security, FIs rank increasing and improving staff training just above enhancing customer and member education efforts for the top ten investments they plan to make over the next twelve months.   All signs indicate that FIs are planning to take an active approach to the guidance’s suggested enhancements to customer awareness. 

So, the remaining question is, “how are the funds going to be applied in line with the customer awareness campaign?”  As the guidance states, both online banking retail and commercial accounts holders will need to be educated.  FI management teams should really be strategically looking at three segments to provide training for, consumer/retail customers, commercial customers and internal personnel.  In other words, each category will need to be given information appropriate to their needs.  Consider a multi-dimensional approach to all audiences.  The options for presenting material to the online customers may roughly be broken down into the following three categories:

1. In person (through employee training, lunch and learns, onsite visits)
2. Electronically (websites, eblasts, online training portals)
3. Hard Copies (brochures, statement stuffers, standard mailings)

Given the above list of options, one of the FI’s most significant decisions will be in what delivery channels they choose to roll the training out to customers.  A major concern FIs have is that they do not want to risk alienating customers by asking them to participate in an interactive training course.  Another recurring concern is that FIs want to know what other FIs are doing.  These concerns are clearly valid.  FIs do not want to appear to be unreasonable in what they are asking of customers.  However, a little “hard line” security promotion might just be a plus.  In fact, I strongly encourage FIs to take a strong stance and have a thought leadership approach. 

No need to wait until your auditor or examiner makes a request for enhancements or become overly concerned with what other FIs are implementing.  Think of how you can provide the greatest service for your customers.  The concept is a little reminiscent of JFK’s, “ask not what your country can do for you; ask what you can do for your country”.  Seriously though, providing educational tools and designing an intentional campaign for your customers is a service that you can be proud to promote. Taking the lead and asking customers to assist in keeping their transactions safe is not too much to ask, is it?