10 security tips your account holders need to hear

As you gear up for Cyber Security Awareness Month, consider sharing these ten tips with your account holders

As we move into Cyber Security Awareness Month, we’ve assembled a list of security awareness tips that should be top of mind for account holders doing any type of online banking, or even just accessing the Internet in general. Many of these are likely things you have heard before, but a little repetition can go a long way. As you gear up for Cyber Security Awareness Month, consider sharing these ten tips with your account holders:

  1. Take infections seriously; a virus may not just be a virus. Most of us, if we’re honest, have probably been guilty of thinking that if our PC gets infected with something, it’s not that big of a deal—that’s what our IT department is for, after all. They’ll have whatever the latest nasty bug we’ve contracted wiped from our machine and we’ll be back on track in no time… right? Wrong. These things are not named after scary critters for no reason—they are serious and have serious implications. Think about the effect financial malware can have on your personal finances or to your small business’s network immediately upon download.
  2. Control access to your machine. Think twice before walking away from your computer to get that third cup of coffee without first locking it. Even worse is leaving your machine unattended in public, or in the backseat of your car during happy hour. Malicious physical access to devices can be an overlooked attack vector. It’s amazing how quickly files can be dumped or unintended access to sensitive information gained during a quick few minutes away from your machine.
  3. Trust but verify: if it sounds too good to be true, it probably is. Don’t fall prey to schemes that play on your natural inclination to trust. Being trusting is not necessarily a bad thing, but it’s important to verify before taking action. Be wary of things like employment offers to make a quick buck, claims that you are a lucky winner of something, or limited time offers to cash in on an opportunity. Simply put: if it sounds too good to be true, don’t be too quick to believe it.
  4. Don’t use insecure Wi-Fi or unknown machines for banking. Sensitive online activity, such as online banking, should only be conducted from a device that belongs to you on a trusted network. Paying a few bills while you’re sipping your favorite latte at a local coffee shop may seem innocent enough, but what do you really know about others who are connected to that public Wi-Fi? Sniffing traffic on a public Wi-Fi connection can be shockingly simple, and can leave everything you are doing on that network free for the taking.
  5. “TMI” – Don’t overshare on social media. We may all be guilty of sharing too much information (TMI) at times. Don’t let social media be your outlet for sharing “TMI” about yourself to millions of people all over the world. Social media outlets are information gold-mines for anyone who may be looking to learn more about their next victim. Knowing where you vacation, the name of your pet, and your mother’s maiden name may come in quite handy for someone attempting to impersonate you.
  6. If you’ve got it, update it. If you don’t need it, delete it. Updating your software is not something you should do only when your machine slows to an unbearable crawl because it hasn’t been updated in months. Installing the latest versions of software ensures that what you are running has the latest security patches and keeps you protected. Update your software as soon as new releases are announced, and delete any unnecessary programs on your devices that you don’t need in day-to-day business. Installing lots of nonessential software just provides increased exposure points for you and your information.
  7. Scrutinize your email. Many of us comb through hundreds of emails every day, and clicking through and opening these emails is second nature. However, email is one of the most common attack vectors and is a quick and easy way for attackers to drop malware onto your PC or mobile device, or to trick you into providing sensitive information. Pay close attention to any emails that appear to come from slightly odd senders, and be extremely wary of any email requesting you to provide or confirm sensitive information. Your financial institution should never ask you to confirm or provide any type of personal information via email. Report suspicious emails to your employer and delete them completely without opening or clicking any contained links.
  8. Be mindful of what you plug in. Throwing files onto a USB drive can be a quick and easy way to share information. However, it’s also a quick and easy way to spread malware. Only plug removable media that you know and trust into your devices, and never share these storage devices amongst multiple parties.
  9. Knowledge really is power. When it comes to online banking, it pays to be in the know. Use your financial institution’s real time alerts to keep yourself aware of anything that is going on in your account that may not be normal. Setting these alerts to deliver to multiple targets (voice calls, SMS text messages, and email) can help ensure their safe and quick delivery. Notify your financial institution immediately if you receive an alert regarding activity you did not generate.
  10. Get away from the “that can’t happen to me” mindset and prepare yourself. Live by the adage that it’s better to be safe than sorry. Believing that “it can’t happen to you” is a very risky position to take. Educate yourself on security precautions that you can take to prevent yourself or your business from becoming a victim. Work to spread the word of online safety to your friends, colleagues and families and be proactive in putting security measures into place.

 

Cyber security and the threat landscape are constantly evolving, and keeping your institution and your account holders as secure as possible requires their participation. Use October to stress the importance of cyber security and remind your account holders of their own role in keeping themselves safe.

Virtual courting site for selecting vendors?

Wouldn’t it be great if there were a site like eHarmony© where financial institutions could find vendors who are compatible with them? For all I know it already exists, as these days there seems to be an app for every conceivable thing under the sun. (However, if someone steals this idea and makes millions, I want something for the thought.) This new wave of compatibility algorithms makes me wonder: how in the heck can a banker confidently decide which vendor to partner with, when they’re all slingin’ the same buzz words and promising the moon while clickin’ through fancy demos?

Even if there isn’t a solution similar to a dating website, there is something valuable about approaching the vendor-buyer relationship like, well, a relationship. That’s why the best way to determine compatibility is to actually pay the vendor a visit.

Maybe this seems like an obvious answer, but you’d be surprised at how easy it is get swept up in the ceremony of sales pitch.

In fact, several years ago I heard a salesman tell a banker something I don’t think I’ll ever forget. The banker repeatedly mentioned how slick one of the salesman’s competitor’s demo was. The salesman politely, yet confidently, replied, “With all due respect, these days two guys and a twelve pack in a college dorm room can create a pretty sweet demo.” You couldn’t argue his point— just as you can’t judge a book by its cover, you can’t, and shouldn’t, judge a software solution by its demo.

It’s an unfortunate truth in the sales industry that sometimes reps don’t always shoot straight. Believe it or not, I once lost a deal to a competitor who did not even have an interface to the core processor of the bank whose business we were competing for, yet told the bank they had nine referenceable clients for that particular core. Nine! I don’t know how they settled on nine as the magic number, but I guess if you’re going to lie, lie big! I always wondered why this bank never attempted to call any of the references to confirm whether they were happy with the vendor, or to see if they even existed. Sadly, sometimes the folks tasked with the due diligence have motives of their own, which is another powerful reason for why you should pay the companies you’re considering partnering with a visit.

I mean, why wouldn’t you? You’re about to invest a tidy sum of dollars and putting your personal reputation, the company’s brand, shareholders’ interests and, in many cases, the welfare of your account holders on the line. Heck, on multiple occasions I’ve had animal shelters visit my house to make sure the dog I wanted to adopt would be in good hands and they didn’t leave a single stone unturned. In my time at Q2, I’ve interviewed lots of our clients, and the last question I’ve asked them all is, “Why did you ultimately decide to partner with Q2?” Remarkably, nearly every one of them told me the same thing: “It was your people and your culture.” How else can you gain a sense of those things without paying the company a visit? Or know for sure that the company you’re considering isn’t in fact two guys and a twelve pack in a college dorm room?

User experience: What is it and why all the hype?

“Experience schmicksperience.” There is no doubt in my mind that this phrase has been uttered, or at least thought, by many a banking executive in response to a member of their staff expressing the need for an improved online account holder experience. Yours truly has witnessed a few such reactions first-hand. As one who believes strongly in the value of a quality user experience for online banking users, I’m hopeful that a fairly recent event will convince the skeptics who disregard user experience. But first, what exactly is user experience?

 

According to the Nielsen Norman Group—pioneers in the field of evidence-based user experience research, training, and consulting—user experience (UX), “…encompasses all aspects of the end-user’s interaction with the company, its services, and its products.” Carrie Cousins of Design Shack—an online locale that covers all things web-design related, defines user experience as “…how a person feels when interacting with a digital product.” Cousins adds that UX encompasses many other factors, including but not limited to: “…usability, accessibility, performance, design/aesthetics, utility, ergonomics, overall human interaction and marketing.”

 

While some folks find it necessary to distinguish between usability—how things work— and user experience—how things feel, most lump the two terms together when discussing the totality of an end user’s digital experience. Plainly put: user experience concerns how things look, feel, and operate. This concept tends to be abstract and difficult to quantify, which is why it doesn’t fit neatly into the CFO’s spreadsheet. It’s hard as heck to quantify it; hard as heck to truly appreciate; and hard as heck to sell to bankers who are already paying a bunch for their digital channel efforts every month. So how did it become such a big deal, and why all the hype? Believe it or not, there’s science behind it.

 

One of the earliest and most interesting studies around UX was conducted by the UK Design School between Dec. 1993 and Dec. 1994. Researchers tracked the share prices of publicly traded companies who had won awards for their focus on design and UX, and then compared them to various indices such as the FTSE 100 and the FTSE All Share index. They found that the design-focused companies out performed all others by more than 200 percent. And that was over the course of a five-year bear market, a three-year bull market, and the beginning of the recovery in 2003; the superior performance of the design-led companies persisted throughout.

 

Intrigued by the findings of the UK study, in 2006 researchers in Canada created a UX fund of their own, comprised exclusively of companies well-known for their UX prowess, such as Google, Apple, and Netflix, and promptly invested $50,000. Their original plan was to sell after one year, but when they realized a nearly 40 percent return in year one, they simply couldn’t sell; four and a half years later, the fund had matured 101.8 percent! These two studies kicked off a wave of UX studies around the globe, as more and more business leaders began to grow curious. U.S.-based Watermark Consulting conducted a study from 2007-2012 that found that the top ten leaders in customer experience—based on Forrester Research’s Annual Customer Experience Index— outperformed the S&P with close to triple the returns, at a cumulative total of +43 percent. In spite of a growing mountain of evidence in support of UX investment, skeptics remain.

 

Which brings us back to that “fairly recent” event I referenced earlier. On Oct. 2, 2014, Capital One– yes, that Capital One– acquired San Francisco-based Adaptive Path. Why was this so significant, you ask? Because, Adaptive Path and the folks they employ are considered by many as the gurus of UX. The huge-font verbiage that adorns the Adaptive Path corporate home page makes it very clear what they do and what they believe: Great businesses are built on great experiences. We make those experiences happen. If you explore their website further, you’ll encounter such statements as, “When Adaptive Path was founded (2001), UX (user experience) firms didn’t exist…” Not only are they the gurus of UX, you could also say they invented the space. And Capital One just acquired them – lock, stock, and barrel. If you’re someone who provides financial services to consumers and you haven’t been taking all this UX stuff seriously, it’s officially time to begin doing so–others are taking it very seriously. It can mean the difference between winning and losing.

Words Have Meaning…Names, Power

The Patagonian Toothfish proved to be so popular that several years ago there was concern the species was on the verge of ecological collapse. How is it possible you’ve likely never heard of this fish, yet enough of it is sold and eaten each year to threaten its viability? The ugly creature was remarkably unpopular until it was marketed under the more attractive and exotic name, Chilean Sea Bass, by an enterprising fish wholesaler.

 

Everything from fish names to product and feature titles is responsible for creating powerful first impressions for consumers. Based on consumer impressions, products and features either experience widespread adoption or massive failure. Specific to financial services, here is a more concrete example: Mobile Remote Deposit Capture. If you’re a banker or commercial client, this is a great name for taking a picture of a check and depositing it remotely, versus driving to the local branch. However, if you’re a consumer, this is jargon. Taking high-value business-centric features like the remote capture of a check for deposit to consumers is a great way to create a high-value, self-service workflow. However, the packaging and naming must create logical connections and context associated with the features. Essentially, you have to create a brand around the feature for consumers to connect with and embrace.

 

The more complex the function, the more important it is to create an intuitive message about the what and why of a new feature. Without establishing a relatable name, value proposition and brand, consumer adoption and satisfaction of valuable workflows and features are likely to lag. Naming, branding, and complexity are key elements to consider when delivering business services to consumers in ways that delight, rather than frustrate them.

 

Products and services are named with the same goal in mind: to say something about the product that a lengthy explanation cannot. Easy Deposit is a tremendously popular name for Retail Mobile Remote Deposit Capture because it communicates the benefits of the feature. The emphasis is on the function (deposit) and the benefit (ease). The value proposition is built into a simple name that provides the context for use and a promise of why consumers should care.

 

The second key component of bringing a business-oriented service to the consumer space is to think about the complexity of the task required to achieve the result. Transfers from a locally held account to an account at another financial institution via online or mobile banking are typically fulfilled via the ACH network, but not presented this way to retail customers. Given the lack of familiarity with ACH processing, a feature called ACH payment would be confusing. Therefore, further exploration for a name that creates context for consumers is vital for success.

 

Beyond the naming, this feature’s adoption benefits by reducing the choices of how the transfer is made, as well as the complexity required to set it up. Rather than a model in which end users create a recipient and bind an account triplet (ABA, account number, type) for the external account, the workflow for identifying the target account is simplified and broken into multiple steps, each step with an explanation of the required data and how to obtain it. Addressing the how in this case will prove as valuable to consumer adoption as addressing the what,demonstrating the power of fusing naming conventions and technology.

 

Finally, in this particular example, careful consideration of the entry point for this feature, which is often the transfer menu item, should be considered. The typical distinction between an internal funds transfer and an external ACH-fulfilled transfer is likely hidden or invisible to consumer banking customers. After a self-service linking process (often involving micro deposits), the external accounts should be presented alongside the account holder’s internal accounts as options for transferring funds.

 

Packaging, including naming and reviewing workflows, will greatly influence how consumer banking customers will perceive the value of business features or services.  Creativity and workflow review will make the difference between success and failure.  Ensure the features and benefits are easy to discover, use, recall and share. Ultimately, a well-packaged feature may require significant effort to repackage and market, but without this effort, business features are likely to live in obscurity – like the nearly forgotten Patagonian Toothfish – rather than embraced and adopted by millions.

 

This article was originally printed in the September/October 2014 issue of Western Banker magazine.

Defining Your Customer Experience Leads to Loyalty

Let’s face it, defining a superior customer experience is a tricky prospect. Everyone knows what “customer” means. The confusion arises from the word “experience.” What does that word mean in the context of providing financial services? Is it 24-hour support? Does it mean products work as advertised and your account holders are happy – or just not complaining? What exactly constitutes an “experience”?

A few years ago, Harley Manning at Forrester created a definition of “Customer Experience.” He noted an experience must come from the perspective of the customer and have three components: 1) be useful (deliver value), 2) be usable (make it easy to find and engage with the value), and 3) be enjoyable (emotionally engaging).

This is a pretty good definition, however, I would summarize superior customer experience this way: Superior customer experience occurs when a company or an institution consistently exceeds customer expectations, leaving them with a feeling of delight.

Most businesses – including financial institutions – aim to provide superior customer service. That being said, the definition of “superior” is often times defined by the company, rather than its customers. The problem is, the essence of “customer experience” is individual and emotional. The key, then, to providing this experience is to create a business that focuses on delighting each end user.

A huge factor in this endeavor is that consumer expectations of their FIs are now driven by their non-financial brand experiences with services such as Netflix and Facebook, who offer applications on any device, anywhere, at any time. Customers now expect a unified experience between their smartphone, tablet, and online banking services. This experience not only has a consistent user interface and navigation, but it is optimized for each specific device. A tablet-first design is also critical because it provides both access to the services your FI offers and enables customers to swipe, touch, and tap intuitively in an engaging way.

Beyond the “any” access strategy, becoming aware of all of the ways that an account holder comes into contact with your organization is necessary. If you are a typical financial institution, customers can walk into a branch, call you on the phone, see your ads, read about you in the newspaper, go to your website, talk about you via social media, access virtual support, open your statements and other snail mailings, talk with the CEO at Kiwanis, and more. Have you planned for a great experience to be the logical outcome of your account holder’s interactions or are you just hoping it will happen?

Make a specific organization-wide focus to change the interactions you have with your account holders at every touch point, with a focus on creating an experience, built over time. Your strongest asset is your people and they are human, so they will make mistakes. However, if you compile a storehouse of superior experiences with your account holders, one bad event will not deter from their overall emotional response. By investing in delivering a positive emotional response from your account holders – consistently delivered from every touch point – you will come closer to acquiring the one trait that you can no longer buy or generationally expect, loyalty.