Using online banking to beat phishing

Phishing and spear phishing attacks do more than increase fraud.
The fall-out of criminals impersonating sites that don’t belong to them to trick people into giving their personal information goes beyond fraud and identify theft statistics. Similar to terrorist attacks, it changes the processes and procedures that law abiding citizens go through to transact normal business. Basically, it changes our daily routines because the average Joe has to go through and think about extra stuff to be security conscious. One example is that consumer advocates and the media coach consumers not to open emails that ask for personal information or to update their account.

So how do you deliver messages to consumers that they can trust?
For banks, brokerages, and credit unions, this makes email a tough digital channel to deliver messaging because the content concerns an account or service from the bank or credit union with personal financial information. What’s the first thing you think when you get an email from your bank that says your monthly statement is ready for viewing? (Click here to open the statement)

The online banking inbox provides a nice alternative for a secure message area.
What makes phishing attacks so deceptive is the receiver doesn’t truly know the originating source.  But the online banking inbox is controlled by the owning financial institution.  It’s a place where the account holder trust the message contents. Now I realize that not everyone uses online banking and that consumers may have a relationship with a financial institution that doesn’t require online banking. So this isn’t and end-all solution, but it can be a piece of an overall communications strategy to consumers.

This idea promotes the use of online banking as a richer resource center.
Online banking areas are growing in service offerings. Financial institutions have filled it with a stack of valuable tools for consumers. Bill pay, funds transfer, financial management tools, tax software, and account opening, are a few examples.  They do this because online banking is sticky. The more services an account holder uses, the harder it is for them to leave the relationship.

Online banking messages do not require an email address to be delivered.
It’s known in the financial industry that banks and credit unions do not have accurate email lists for their account holders. So the online message center helps with delivery but also provides another touch-point to collect the email address from the customer. Financial institutions can ask their account holders to setup their email to be notified when a new message is placed in their online banking inbox. I know, this sounds like double messaging. But remember the idea is to find a place to put trusted messages about financial accounts and consumers may not log into online banking as frequently as they do with their email account.

So how do you want to receive secure messages?
What’s your preference for receiving sensitive messages that concern your financial accounts? Is there a way to beat the phishing and spear phishing attacks?