The Agency Insider with Linda McGlasson

When is a Customer Too Much of a Security Risk?

When is a Customer Too Much of a Security Risk?

It's not always easy to decide to stop doing business with a person or entity. In fact, it might be a decision that many bankers aren't willing to face. However, when an institution sees a growing amount of fraud losses on a customer's online banking account due to their negligence, it may be wiser to say "Hey [name], you've been a customer for the last three years, but I can't let you bank online anymore because you've cost me more money than you're worth."

To how many customers at your institution would you want to say this line?

Listening to some of the "dumb customer" stories over the last several years from banking information security professionals, I ask 'What is a smart customer worth these days?'

Yes, you know the ones - they're concerned about their privacy and their money and take responsibility for it. They are the "Have Security on My Mind" types that are wiser, savvier and question things that don't appear to be 100 percent. They keep their machine clean and update it on a regular basis. They also call the institution's customer service center when they get a suspicious looking email that purports to be from the institution. Their worth? Well, if we all had the majority of our customers like the one described above we'd be very happy, and many more of us would sleep better at night.

The other kind of customer also cares about their money and their privacy, but can't be bothered with taking responsibility for protecting it. They expect the bank to replace every dollar taken out of their account, even when they played a role in causing the loss. They insist on accessing online accounts from the local library and just "know" they couldn't have had their username and password compromised there. You think a teenager has bad computer security habits? These customers run neck and neck with the 13-year old crowd in performing stupid computer moves. In short, these online banking customers can be defined as reckless, distracted, or just not the "brightest bulb in the knife drawer" type.

The rest of online banking customers are somewhere in between these two groups to varying degrees. Does this paint an ugly picture about your online banking customers and their acceptance of a level of responsibility?

What is heard from practitioners out in the trenches is that online banking customers need additional doses of security education and awareness, something to consider when developing your written ID Theft Red Flags documentation of your customer security awareness program. Customer education on their responsibility and accountability when banking online should be at the top of any institution's list - in the end it will benefit not just the customer, but your institution's overall security and soundness as well.

So what are you doing to educate those users who insist that their computer habits and practices have nothing to do with their account being hacked? Can you put a dollar amount on what a smart customer is worth to your institution?



About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.