Postponing Decisions for Online Banking Security Awareness Training = Risky Business

 Author: Karen Crumbley, karenc@gladtech.net

Contrary to those cartoons in popular culture where you see a devil sitting on one shoulder and the angel sitting on the other shoulder, making the best decision is not always evident.  As we like to say on a regular basis in the world of IT regulatory compliance, weigh the risks and then base your decision accordingly.  Sometimes the risk factors will outweigh the benefit and the decision is unmistakable. On the other hand, there are times when the decision making processing can be confusing, even daunting.  Does this sound like a familiar scenario? 

For example, how does one make a decision on getting the word out to online banking customers and providing the tools so that they can protect themselves from online fraud?   The FFIEC’s Supplemental Guidance on Internet Banking Authentication is clear that a financial institution’s (FI’s) customers should be educated on the risks to online banking transactions.  Apart from that, it leaves the details up to the FI to work out.  Most FIs will agree that educating customers is an important initiative but beyond that, it is uncertain territory.  One thing is apparent; your FI cannot afford to postpone a decision that has so much at stake.  Bank News reports in a recent survey that 52% of small to medium sized businesses said that it would only take one fraud incident, whether successful or not, for them to lose confidence in their FI. 

Each day that passes without educating your commercial customers and FI staff provides cyber-thieves another opportunity to compromise accounts and commit fraud. Educational and awareness campaigns are capable of preventing sophisticated attacks simply by making businesses aware of the signs to look for when it comes to fraudulent schemes. If your bank has been wondering how to best approach your customer awareness campaign or you are experiencing opposition to moving forward, consider the following important points:

1. Fraudulent activity is in on the rise and new viruses and scams are being developed daily.
2. The risk of a customer’s account being compromised increases with each day that they do not have the tools to protect themselves.
3. Customers are typically the first to alert FIs on fraud.
4. Your staff is also at risk for online fraud.

In addition to your customer base, employees also need to be educated on threats to online banking and on the signs of fraud. According to a recent fraud alert issued by the FBI, IC3 and FS-ISAC, there is a new trend in which cyber-criminals are targeting FI employees to obtain their credentials to initiate fraudulent wire transfers. 

So make the case to stakeholders within your organization that fraud will not wait. Postponing a decision will put your FI at even greater risk. Just like in those old cartoons with the devil and the angel, you can make them disappear (poof!) by asserting that your FI is committed to providing compelling and accessible security awareness training for online transactions.

Have you already started an education and awareness campaign for online banking security? Share your experience here.

BankNews Congratulates This Year’s Innovative Solutions Awards Winners – ProfitStars eCommercial Security Awareness Training in the category of Best Consulting/Training/Outsourcing Solution