10 security tips your account holders need to hear

As you gear up for Cyber Security Awareness Month, consider sharing these ten tips with your account holders

As we move into Cyber Security Awareness Month, we’ve assembled a list of security awareness tips that should be top of mind for account holders doing any type of online banking, or even just accessing the Internet in general. Many of these are likely things you have heard before, but a little repetition can go a long way. As you gear up for Cyber Security Awareness Month, consider sharing these ten tips with your account holders:

  1. Take infections seriously; a virus may not just be a virus. Most of us, if we’re honest, have probably been guilty of thinking that if our PC gets infected with something, it’s not that big of a deal—that’s what our IT department is for, after all. They’ll have whatever the latest nasty bug we’ve contracted wiped from our machine and we’ll be back on track in no time… right? Wrong. These things are not named after scary critters for no reason—they are serious and have serious implications. Think about the effect financial malware can have on your personal finances or to your small business’s network immediately upon download.
  2. Control access to your machine. Think twice before walking away from your computer to get that third cup of coffee without first locking it. Even worse is leaving your machine unattended in public, or in the backseat of your car during happy hour. Malicious physical access to devices can be an overlooked attack vector. It’s amazing how quickly files can be dumped or unintended access to sensitive information gained during a quick few minutes away from your machine.
  3. Trust but verify: if it sounds too good to be true, it probably is. Don’t fall prey to schemes that play on your natural inclination to trust. Being trusting is not necessarily a bad thing, but it’s important to verify before taking action. Be wary of things like employment offers to make a quick buck, claims that you are a lucky winner of something, or limited time offers to cash in on an opportunity. Simply put: if it sounds too good to be true, don’t be too quick to believe it.
  4. Don’t use insecure Wi-Fi or unknown machines for banking. Sensitive online activity, such as online banking, should only be conducted from a device that belongs to you on a trusted network. Paying a few bills while you’re sipping your favorite latte at a local coffee shop may seem innocent enough, but what do you really know about others who are connected to that public Wi-Fi? Sniffing traffic on a public Wi-Fi connection can be shockingly simple, and can leave everything you are doing on that network free for the taking.
  5. “TMI” – Don’t overshare on social media. We may all be guilty of sharing too much information (TMI) at times. Don’t let social media be your outlet for sharing “TMI” about yourself to millions of people all over the world. Social media outlets are information gold-mines for anyone who may be looking to learn more about their next victim. Knowing where you vacation, the name of your pet, and your mother’s maiden name may come in quite handy for someone attempting to impersonate you.
  6. If you’ve got it, update it. If you don’t need it, delete it. Updating your software is not something you should do only when your machine slows to an unbearable crawl because it hasn’t been updated in months. Installing the latest versions of software ensures that what you are running has the latest security patches and keeps you protected. Update your software as soon as new releases are announced, and delete any unnecessary programs on your devices that you don’t need in day-to-day business. Installing lots of nonessential software just provides increased exposure points for you and your information.
  7. Scrutinize your email. Many of us comb through hundreds of emails every day, and clicking through and opening these emails is second nature. However, email is one of the most common attack vectors and is a quick and easy way for attackers to drop malware onto your PC or mobile device, or to trick you into providing sensitive information. Pay close attention to any emails that appear to come from slightly odd senders, and be extremely wary of any email requesting you to provide or confirm sensitive information. Your financial institution should never ask you to confirm or provide any type of personal information via email. Report suspicious emails to your employer and delete them completely without opening or clicking any contained links.
  8. Be mindful of what you plug in. Throwing files onto a USB drive can be a quick and easy way to share information. However, it’s also a quick and easy way to spread malware. Only plug removable media that you know and trust into your devices, and never share these storage devices amongst multiple parties.
  9. Knowledge really is power. When it comes to online banking, it pays to be in the know. Use your financial institution’s real time alerts to keep yourself aware of anything that is going on in your account that may not be normal. Setting these alerts to deliver to multiple targets (voice calls, SMS text messages, and email) can help ensure their safe and quick delivery. Notify your financial institution immediately if you receive an alert regarding activity you did not generate.
  10. Get away from the “that can’t happen to me” mindset and prepare yourself. Live by the adage that it’s better to be safe than sorry. Believing that “it can’t happen to you” is a very risky position to take. Educate yourself on security precautions that you can take to prevent yourself or your business from becoming a victim. Work to spread the word of online safety to your friends, colleagues and families and be proactive in putting security measures into place.

 

Cyber security and the threat landscape are constantly evolving, and keeping your institution and your account holders as secure as possible requires their participation. Use October to stress the importance of cyber security and remind your account holders of their own role in keeping themselves safe.

User experience: What is it and why all the hype?

“Experience schmicksperience.” There is no doubt in my mind that this phrase has been uttered, or at least thought, by many a banking executive in response to a member of their staff expressing the need for an improved online account holder experience. Yours truly has witnessed a few such reactions first-hand. As one who believes strongly in the value of a quality user experience for online banking users, I’m hopeful that a fairly recent event will convince the skeptics who disregard user experience. But first, what exactly is user experience?

 

According to the Nielsen Norman Group—pioneers in the field of evidence-based user experience research, training, and consulting—user experience (UX), “…encompasses all aspects of the end-user’s interaction with the company, its services, and its products.” Carrie Cousins of Design Shack—an online locale that covers all things web-design related, defines user experience as “…how a person feels when interacting with a digital product.” Cousins adds that UX encompasses many other factors, including but not limited to: “…usability, accessibility, performance, design/aesthetics, utility, ergonomics, overall human interaction and marketing.”

 

While some folks find it necessary to distinguish between usability—how things work— and user experience—how things feel, most lump the two terms together when discussing the totality of an end user’s digital experience. Plainly put: user experience concerns how things look, feel, and operate. This concept tends to be abstract and difficult to quantify, which is why it doesn’t fit neatly into the CFO’s spreadsheet. It’s hard as heck to quantify it; hard as heck to truly appreciate; and hard as heck to sell to bankers who are already paying a bunch for their digital channel efforts every month. So how did it become such a big deal, and why all the hype? Believe it or not, there’s science behind it.

 

One of the earliest and most interesting studies around UX was conducted by the UK Design School between Dec. 1993 and Dec. 1994. Researchers tracked the share prices of publicly traded companies who had won awards for their focus on design and UX, and then compared them to various indices such as the FTSE 100 and the FTSE All Share index. They found that the design-focused companies out performed all others by more than 200 percent. And that was over the course of a five-year bear market, a three-year bull market, and the beginning of the recovery in 2003; the superior performance of the design-led companies persisted throughout.

 

Intrigued by the findings of the UK study, in 2006 researchers in Canada created a UX fund of their own, comprised exclusively of companies well-known for their UX prowess, such as Google, Apple, and Netflix, and promptly invested $50,000. Their original plan was to sell after one year, but when they realized a nearly 40 percent return in year one, they simply couldn’t sell; four and a half years later, the fund had matured 101.8 percent! These two studies kicked off a wave of UX studies around the globe, as more and more business leaders began to grow curious. U.S.-based Watermark Consulting conducted a study from 2007-2012 that found that the top ten leaders in customer experience—based on Forrester Research’s Annual Customer Experience Index— outperformed the S&P with close to triple the returns, at a cumulative total of +43 percent. In spite of a growing mountain of evidence in support of UX investment, skeptics remain.

 

Which brings us back to that “fairly recent” event I referenced earlier. On Oct. 2, 2014, Capital One– yes, that Capital One– acquired San Francisco-based Adaptive Path. Why was this so significant, you ask? Because, Adaptive Path and the folks they employ are considered by many as the gurus of UX. The huge-font verbiage that adorns the Adaptive Path corporate home page makes it very clear what they do and what they believe: Great businesses are built on great experiences. We make those experiences happen. If you explore their website further, you’ll encounter such statements as, “When Adaptive Path was founded (2001), UX (user experience) firms didn’t exist…” Not only are they the gurus of UX, you could also say they invented the space. And Capital One just acquired them – lock, stock, and barrel. If you’re someone who provides financial services to consumers and you haven’t been taking all this UX stuff seriously, it’s officially time to begin doing so–others are taking it very seriously. It can mean the difference between winning and losing.

What a gaming conference can teach FIs about user experience

I recently escorted my son and several of his friends to PAX South, a three-day convention celebrating all things gaming. The most lasting impression I came away with was that this event exists first and foremost to serve the broad community of gaming enthusiasts; considerations of commerce and enterprise are subordinate to the experience itself. As a result, PAX events nationwide have earned a large number of loyal and raving fans.

 

So, what does a gaming conference have to do with community banking or the digital channel?

 

PAX demonstrated a complete commitment to their audience. In addition, there are several other attributes of the show that I believe contribute to its popularity. It is these attributes that should be remembered when cultivating a community whose primary engagement is online.

 

Content

The content of PAX focuses exclusively on gaming and its attendant culture, and varies widely from immersive (PC, console, mobile and tabletop games) to spectator-oriented (panels, tournaments, concerts) to traditional (game developer and creator interactions with fans and fans’ interactions with each other). This range of content style and depth makes participants at all levels of fandom and gaming experience feel welcome and relevant. Perhaps most importantly, thanks to PAX’s dedication to their constituency, gaming aficionados like myself need not worry about becoming bored.

 

Community

The tone, language and design of the experience itself speak to the community in subtle but powerful ways. The rules of the event are written in clear, unornamented English (e.g., “Don’t harass anyone”). And unlike most technology-enthusiast-oriented shows (E3, Auto Shows, etc.), PAX explicitly bans “booth babes,” one example of many that speaks to a culture geared toward encouraging women to participate fully in the gaming community. The event staff are dressed recognizably, but informally, as are most exhibitors and presenters. As an attendee, you get the distinct feeling that even the people here who are “working” the event share in the culture and excitement of the community’s love for gaming.

 

Experience

PAX is certainly a tremendous platform for commerce, but again, commerce is secondary to the experience itself; it’s only present where it best serves attendees. The open booths invite attendees to play and discuss games and then make purchases if they so choose. With a standard badge, all of the content is essentially included and the “conversions” that occur after panels or in the exposition area are all attendee initiated. It would be possible to attend PAX, spend nothing beyond the cost of your badge, and have an incredibly rewarding day. By my estimation, however, this would be a rare occurrence, as most attendees were very keen on acquiring products they had tried or that reinforced and proclaimed their participation in the shared culture. Ironically, I think the fact that the experience comes before commerce, ultimately drives more commerce than if it were the other way around.

 

An event like PAX is the real-world, offline equivalent of an online user experience. It’s the convergence of an enormous number of online behaviors such as interactive gaming, message boards, and myriad content consumption from the likes of YouTube or webcomics. The event bridges the gap between the virtual experience and a physical, in-person experience in a fascinating way. There are tremendous lessons to be learned in the design of the experience, cultivation of the community, and integration of the commerce that funds the experience itself.

 

It has become popular to characterize the millennial generation as distracted, always online, detached from one another. Based on what I witnessed firsthand last weekend, I would contest every aspect of that view. If we want to learn how to reach them, we need to learn about the things that they love and why, and the way that PAX integrates their online and in-person experiences is a powerful model. To serve any community it is critical to understand its culture and values— I saw a tremendous display of both at PAX South.

Words Have Meaning…Names, Power

The Patagonian Toothfish proved to be so popular that several years ago there was concern the species was on the verge of ecological collapse. How is it possible you’ve likely never heard of this fish, yet enough of it is sold and eaten each year to threaten its viability? The ugly creature was remarkably unpopular until it was marketed under the more attractive and exotic name, Chilean Sea Bass, by an enterprising fish wholesaler.

 

Everything from fish names to product and feature titles is responsible for creating powerful first impressions for consumers. Based on consumer impressions, products and features either experience widespread adoption or massive failure. Specific to financial services, here is a more concrete example: Mobile Remote Deposit Capture. If you’re a banker or commercial client, this is a great name for taking a picture of a check and depositing it remotely, versus driving to the local branch. However, if you’re a consumer, this is jargon. Taking high-value business-centric features like the remote capture of a check for deposit to consumers is a great way to create a high-value, self-service workflow. However, the packaging and naming must create logical connections and context associated with the features. Essentially, you have to create a brand around the feature for consumers to connect with and embrace.

 

The more complex the function, the more important it is to create an intuitive message about the what and why of a new feature. Without establishing a relatable name, value proposition and brand, consumer adoption and satisfaction of valuable workflows and features are likely to lag. Naming, branding, and complexity are key elements to consider when delivering business services to consumers in ways that delight, rather than frustrate them.

 

Products and services are named with the same goal in mind: to say something about the product that a lengthy explanation cannot. Easy Deposit is a tremendously popular name for Retail Mobile Remote Deposit Capture because it communicates the benefits of the feature. The emphasis is on the function (deposit) and the benefit (ease). The value proposition is built into a simple name that provides the context for use and a promise of why consumers should care.

 

The second key component of bringing a business-oriented service to the consumer space is to think about the complexity of the task required to achieve the result. Transfers from a locally held account to an account at another financial institution via online or mobile banking are typically fulfilled via the ACH network, but not presented this way to retail customers. Given the lack of familiarity with ACH processing, a feature called ACH payment would be confusing. Therefore, further exploration for a name that creates context for consumers is vital for success.

 

Beyond the naming, this feature’s adoption benefits by reducing the choices of how the transfer is made, as well as the complexity required to set it up. Rather than a model in which end users create a recipient and bind an account triplet (ABA, account number, type) for the external account, the workflow for identifying the target account is simplified and broken into multiple steps, each step with an explanation of the required data and how to obtain it. Addressing the how in this case will prove as valuable to consumer adoption as addressing the what,demonstrating the power of fusing naming conventions and technology.

 

Finally, in this particular example, careful consideration of the entry point for this feature, which is often the transfer menu item, should be considered. The typical distinction between an internal funds transfer and an external ACH-fulfilled transfer is likely hidden or invisible to consumer banking customers. After a self-service linking process (often involving micro deposits), the external accounts should be presented alongside the account holder’s internal accounts as options for transferring funds.

 

Packaging, including naming and reviewing workflows, will greatly influence how consumer banking customers will perceive the value of business features or services.  Creativity and workflow review will make the difference between success and failure.  Ensure the features and benefits are easy to discover, use, recall and share. Ultimately, a well-packaged feature may require significant effort to repackage and market, but without this effort, business features are likely to live in obscurity – like the nearly forgotten Patagonian Toothfish – rather than embraced and adopted by millions.

 

This article was originally printed in the September/October 2014 issue of Western Banker magazine.

Are you a good banking solution or a great one?

“Sometimes you have to leave today’s good for something great,” an account holder recently summarized about the interactions with her long-time, hometown bank. This got me thinking—from a consumer’s perspective, all the work we do can often be summed up in a single word. So, what differentiates a good banking solution from a great one? And when and how is that determination made?

This account holder’s perspective was that, while her good bank adequately delivered on the features they offered and had provided an acceptable level of service, she had no expectation for innovation—even if she never realized she wanted any. Overall, she had no complaints as she didn’t know what she didn’t know and the institution had provided a sufficiently good experience with classic banking products and delivery.

In contrast, her new, ‘great’ bank was simply more innovative than she expected. She was attracted by the bank’s technology reputation and ability to open an account online, and once she was enrolled there was no slowing down. She learned she could utilize the bank’s technology to do everything important to her, including mortgage and lending via apps and e-signatures. Though not groundbreaking in the financial services industry, this convenience and self-service experience was entirely new for her. The ability to e-sign loan documents from her phone while in a meeting or deposit a check from her kitchen table was exactly what she needed at this time in her life.

When asked what makes her relationship with her new financial institution better than the first, she remarked, “This great bank constantly innovates and releases new features that I not only adopt and use regularly, but—in some cases—have become very dependent upon, especially through my mobile devices.” “The feature just appears. It looks and feels organic, and there is no bumpy enrollment or adoption process. I love this bank and their attention to me as a technology user.” Couple that very positive emotional response with great call center service and this institution has created a self-described loyal customer who, without a branch interaction, evangelizes their great banking experience as though it were a hot new mobility app—which, in reality, it has also become.

In the business of banking, it is easy to forget about the significance of emotional connection to a brand or experience. Traditional banking functions such as checking a balance or withdrawing money from an ATM are not emotional experiences. Or are they? If someone is heading out for an evening and cannot find an ATM or must pay a fee through a non-affiliated ATM, there is negative emotion associated with the irritation of not having easy access to their cash. If banking requires an appointment or lengthy wait at a branch, away from an individual’s life, the experience can be emotionally negative before it even begins. Conversely the examples noted above transformed an individual who was simply an account holder into an excited, vested and emotionally connected cheerleader for the brand. Emotional connection is a very real part of whether your business is characterized as good, great or any of many other single word descriptors. And fortunately today, reinforcing that emotional connection through technology makes that much easier than a generation or two ago where branch location and new account opening gifts were among the only tools available to keep customer experience positive.

We’ve touched on ‘good’ versus ‘great’ from a consumer’s perspective, but how does that work from the service side of the counter? Is simply investing in new technology enough? The answer is both yes and no. Yes, a technology investment that is properly marketed and deployed can increase customer happiness with your brand and increase feature adoption in the near term, but the pendulum can swing in the other direction by investing in the wrong technology and/or deployment method. Here are some key questions to ask:

  • Does a new feature fit naturally into the digital channel or is it a third- party offering that looks “bolted on?”
  • Does the offering’s workflow feel the same through all your electronic channels?
  • Does it match the workflow the user would experience in the branch? (an easy miss as many institutions stop thinking about the downstream affect at feature rollout.)

“Future-proofing” requires investing in a strategy that allows new features to feel organic on the digital platform and to the account holders’ interactions with your brand. In a world of rising consumer expectations, spending the time up front to map an experience that feels the same wherever an account holder touches your brand is important. This can oftentimes be as simple as using the digital channels with the account holder in the branch, so workflows don’t just feel the same, butare the same. For example, using a tablet equipped with your electronic offerings to help solve an account holder’s problem in the branch keeps your servicing touch points aligned in both form and function. This continuity through every interaction subtly and repeatedly reaffirms your institution’s commitment to innovation and account holder experience.

Today’s account holders are choosing their financial institutions for their commitment to thoughtful, relevant innovation. So in the year 2014, it’s important to ask yourself: what’s your innovation reputation?