NBC Nightly News Takes the Banking Industry to Task Yet Again

Nbc_nightly_news During the past year, NBC Nightly News, more than any other national show, has publicized fraud concerns in the online channel. They played a large role in publicizing the $90,000 apparent key-logging loss by a Bank of America small business customer in Florida. They also covered, rather sloppily, last summer’s flawed Gartner study about multi-billion dollar losses in identity theft.

QchexThe most recent story, which appeared on television last night, covered demand draft fraud initiated at Qchex.com among other locations. The NBC Nightly News story appears to have been based primarily on a May 24 article by MSNBC’s Bob Sullivan in his closely watched online column on ecommerce. Sullivan was also the primary source for the Gartner story.

Analysis
When NBC goes on the air pointing fingers at the banking industry’s security practices, you better be ready with a response. Your branches and customer support personnel should be briefed on the subject and be prepared to answer customer concerns. You should also prepare a response in your online service HELP/FAQ area that addresses the issue.

In the future, you might want to pay attention to Bob Sullivan’s columns. If he’s writing about it, and if it’s a new twist on an Internet scam, there’s a good chance the Nightly News will pick it up. Had you been reading his column yesterday morning at 8:15 am, you’d have had a day to prepare damage control.

As far as solving the demand draft problem, that’s something we’ll leave to the regulators. But requiring Internet originators like Qchex.com to verify account ownership before processing a debit, would be a good first start.

JB

Online Banking Account Authentication Tips & Tricks

Although the cyberthieves have made in-roads this year, there are a number of clever low-cost authentication methods being tested. The thing they have in common, simplicity with no new hardware.

Here is a quick recap of the available techniques. Generally, these techniques would be used in addition to a username and password:

To thwart keylogging (but not phishing):

  • virtual keypad (or string of numbers from 1 to 10): user selects numbers from the keypad/list instead of typing (for added security the numbers should be positioned differently each time)

To thwart keylogging AND phishing:

  • picture/graphic selection: instead of a numerical ID, users identify the correct graphical image or picture from a everchanging pool of choices
  • bingo card: user enters the requested coordinates (which change each login) from a preprinted "bingo" card (">refer to previous NB article)
  • one-time PINs: user enters a number from a list of one-time-use PIN numbers previously mailed, emailed, text-messaged to a mobile phone, or voice messaged to any phone
  • shared secrets: the bank and the user establish a serious of shared secrets, one of which must be answered correctly to complete login
  • random partial passwords: similar to the shared secret approach, the bank asks for a different portion of the PIN number at each login

For more information, refer to our previous security NetBanker security articles and Online Banking Report (#93/94).

JB

 

Put an End to “3 Strikes and You’re Out” Password Management

3_strikesPassword management is a pain and only promises to get worse as banks and other ecommerce providers tighten up access controls due to sophisticated fraud attacks.

However there is one area where some banks are still "penny-wise and pound foolish." Specifically, the old-fashioned notion of locking an account after three unsuccessful password attempts.

It’s just too easy for to miss three times. Here’s what just happened to me at Bank One’s credit card site:

1. Correct username, incorrect password
2. Correct username, retype same (incorrect) password in case I made an inadvertent typo the first time (since the password is masked and I can’t see what I typed the first time)
3. Correct username, another shot at the password which turned out to be incorrect (probably because I changed it last time I was locked out)

RESULT: Locked out and in need of an account reset, which luckily you can do online if you have the card number, expiration date, 3-digit code, and primary social security number.

Analysis
The last time we took an in-depth survey, in our April 2003 report on Security & Privacy (OBR 93/94), 4 of the 14 major financial institutions we tested locked users out after just three attempts, while 6 of 14 fell within the recommended range of 5 to 10 attempts.

We recommend that you allow at least five unsuccessful logins, and preferably closer to 10, prior to freezing the account. The amount of fraud deterred between locking out at three attempts vs. locking out at six is so small as to be virtually unmeasurable. However, there is a real cost in customer service and consumer dissatisfaction for constantly requiring password resets.

OK, I feel better now. Thanks for listening.

JB

Monetize Your Online Customers with Insurance

Insurance_signNow that financial institutions are interacting with a substantial portion of their customer base online, it becomes feasible to cross-sell niche products that don’t necessarily have broad appeal.

One relatively untapped area is insurance, especially products outside the highly competitive term life and auto market. For example, in today’s Wall Street Journal Family Finance column, Jennifer Saranow discussed new all-in-one insurance policies combining auto and homeowner coverage.

Other possible insurance offerings that might interest your online customers:

  • Small business coverage
  • Umbrella liability
  • Combination credit insurance that covers multiple loans and revolving balances under one policy
  • Bill insurance that would pay all previously scheduled bills for a defined period

Analysis
As any insurance sales rep can tell you, it takes time to build an insurance clientele, but once built it can be quite lucrative.

For example, if you could sell a new policy to just 1% of your online banking customers each year, by the end of 10 years you’d have 10% penetration (ignoring attrition for the sake of simplicity).

If you had 25,000 online banking subscribers and you earned $100 per year per customer on insurance, by the end of the decade you would be earning $250,000 per year from your online insurance business.

While that may not be a huge number, if you put together a half-dozen niche-product cross sales programs, you could soon be earning $1 million or more per year; money you wouldn’t have had without the online channel.

We’ll get back to this issue in future articles.

JB

Intrust Pays $6 Per GB for Online Archives

If you are wondering how much it might cost to enable long-term or lifetime archives for your customers, here’s a data point from an article in today’s American Banker about the pros and cons of pooling image archives with other banks.

Intrust_logoIntrust says that it’s latest 5-terabyte upgrade cost just $30,000. Doing the math, that’s $6 per gig for approximately 5000 gigabytes of storage. Here’s the exact quotation attributed to Jim Simon, Intrust’s VP of operations:

Last summer (Intrust) put its entire (image) archive online as a result of a five-terabyte storage system upgrade that cost just $30,000.

Analysis
At $6 per GB, storage space for online archives is already so inexpensive that it won’t be long (2 to 3 years) before real-time online access to 7+ years of image/statement history is the norm in banking; and by the end of the decade, we expect most financial institutions to offer lifetime archives.

So if you want to use lifetime archives as a point of differentiation, you better move fast. You only have a one- or two-year window before it’s just another me-too upgrade.

For more information:

JB

Honor System for Bank Remote Deposits

Psecu_upostFew innovations of the past five years can top Pennsylvania State Employees Credit Union’s (PSECU) Upost@Home service. Launched in late 2001, the service allows qualified members to enter deposit items online for instant credit to their account. Members then send the paper items to the CU through the mail for reconciliation.

The service was named an OBR Best of the Web winner in 2003 and earned the #23 spot on the OBR list of the Top 25 Innovations of All Time (see OBR 103).

Now the service is being marketed to other financial companies through PSECU’s CUSO affiliate, eCU Technologies. The service is already in place at Southland Civic Credit Union and Deere and Company Credit Union.

As part of the marketing effort, eCU has released updated metrics on the usage at PSECU and the estimated cost savings:

Total deposit sessions: 700,000
Total deposit dollars: $300 million
Deposits per session: $430
Total losses: $13,000
Losses as a percent of deposits: 0.4 basis points (0.00004)
Losses per deposit session: $0.02
Savings per deposit session (vs. teller or ATM): $1.14
Total program savings: $800,000

Action Item
Specific results from three credit unions along with program details will be discussed at a free Webinar May 23. We urge you to attend.

JB

Communicating through RSS/XML feeds

Looking for an alternative to email for marketing and service communications?

Bank_of_montreal_newsfeedAs more users subscribe to RSS (Rich Site Summary or Really Simple Syndication) or XML feeds to automate the process of reading online news, blogs, and other information, they will expect their financial institution to support this communications technique.

Bmo_xmlfeeds_allThe only bank XML feed we’ve seen so far is Bank of Montreal, which publishes its Online Banking News as an XML feed. Bank of Montreal has published 15 items since the feed became available in early March, including interest rate changes, usage tips, and security warnings (click on the thumbnail left to see all 15 items published).

The bank pubicizes the feed on its online banking login page (see inset right). Bmo_feeds_link

Analysis
According to the Pew Internet Project, only six million U.S. users were receiving RSS feeds in November, 2004, approximately 5% of total Internet users. Even if that number has doubled by now, it still a small minority of users.

However, now that Firefox and Apple’s Safari browser contain built-in RSS readers, it’s only a matter of time before Internet Explorer supports this feature. IE users can still use RSS feeds, but they must download a toolbar add-in such as Feed Scout (www.bytescout.com), use an aggregation site such as BlogLines (www.bloglines.com), or download a standalone newsreader such as Feed Demon (www.download.com). 

Once newsreaders become incorporated in most browsers, we expect usage to skyrocket. Most ecommerce players are expected to published feeds to support customer service and sales. For example, Amazon already offers XML feeds in more than 100 categories, updating users on new items in everything from mystery books, to hip-hop CDs, and action-figure toys.

Banks looking to project a modern image might as well get ahead of the curve and start sending service messages via XML feeds in 2005. It’s a good way to get information out to users who no longer receive or trust your email messages. Producing an XML feed is a relatively inexpensive project with little downside. If resources are too tight, make sure you add it to your 2006 plan.

For more information:
Wikipedia definition
Walt Mossberg’s Personal Technology column (5/5/05 Wall Street Journal)

JB

ING Direct and the Internet-only Banking Redux

Ing_on_bankrate_1During the height of the bubble, there were dozens, perhaps hundreds of banks secretly planning to launch Internet-oriented brands. But the strategy fell out of favor with the very public downfall of WingspanBank, which lost funding during a corporate restructuring at Bank One; followed by the collapse of NextCard, which went belly-up after a ill-advised bet on sub-prime credit.

But despite these public failures, there was never anything wrong with the underlying strategy. Quite the opposite. Direct banking has been a viable business model ever since deposit deregulation in the 1970s. The Internet only makes it easier to reach and serve customers.

Case-in-point: ING Direct, still not five years old in the United States, has amassed 2.5 million accounts holding $29 billion in deposits at year-end 2004, making it the 30th largest financial institution in the United States. If they continue to grow at the same pace, they should be close to cracking the top-20 by this time next year. Their laser sharp focus on savings accounts, trendy branding, and consistent high rates has put them on the map.

This success has not gone unnoticed around the country. They are frequently discussed at industry gatherings and internal planning meetings. However, you aren’t likely to see many of its more traditional competitors jumping on the high-deposit bandwagon. It doesn’t make sense for them to alienate their customers and branch employees by offering higher rates online. And they are not about to reprice their entire deposit base to compete with ING Direct and the other high-rate institutions.

Emigrant_direct_on_bankrateHowever, I think you will see smaller banks look to the Internet for growth using new brands or brand extensions. In perhaps the most aggressive launch since ING Direct in 2000/2001, Emigrant Savings practically owns the deposit real estate at BankRate.com. In a recent visit, the bank’s Emigrant Direct brand not only had the top banner, they also bought the skyscraper on the left-hand side, effectively "framing" the entire content screen (click in the inset for a better look).

Note to ING Direct, check your skyscraper ad at BankRate.com (see above). Emigrant Direct has hung a small ad on the bottom of your banner that looks like part of your ad. I hope you are at least getting a discount from BankRate.com. 

JB

If you’d like to learn more about the future of online banking include internet-only, check out the Online Banking & Bill Pay Forecast: Current, future and historical usage: 1994 to 2016 from our sister publication, The Online Banking Report.

Getting Online Banking Users to NOTICE Your Homepage

Online banking users often visit their primary bank’s website several times each week. Outside of webmail and chat services, few companies have this much traffic from their customers.

However, most online banking customers only touch down on the homepage for the briefest of moments; typing in a username and password then moving on. The challenge is to get them to notice your marketing and service messages.

One possible way to move those logging in eyeballs off the username/password corner, is to post easily-scannable, interesting, and ever changing information in a different area of the homepage, enticing the eyeballs to wander. In the banking world, there are few content choices available that fits this criteria.

Weather information.

Time_tempThe time/weather sign in front of the bank branch used to be, and still is in some places, a common sight on main street.

Why not take that same approach online? Place a personalized weather "sign" some distance from your login area. If you have the capability to move content elements around, test different locations and see which cause the most click-throughs on other sales and service elements.

Analysis
Thankfully, most banks have retreated from the idea of becoming a news and information portal. It’s just not possible to compete with CNN.com, Yahoo Finance, and others in disseminating news and investment info.

However, weather is another matter. Almost everyone is interested in the subject matter; it takes only a few seconds to absorb, so it’s not distracting; it’s dirt cheap to post on your website; it changes constantly; and it can be easily personalized to the user’s zip code.

Apple_weatherAlthough it still carries negative connotations as an example of bubble-induced folly (e.g., at Net.Finance this week, a Wells Fargo exec told how in 2000, the bank was actually seeking suppliers for "horoscopes and weather info."), the latest upgrades to Apple’s OS X, Tiger, include a cool dashboard, which includes among other things, a weather display (see inset).

For more information, see OBR 85.

JB

Financial Search Engine Marketing Conversion Rates

Yahoosearchmarketing_logoDisappointed in your conversion rates on prospects attracted to your site via search (paid or natural)? Compete and Yahoo Search Marketing (formerly Overture) released results of new research at the recent Net.Finance conference.

Compete_logoThe study looked at a pool of 75,700 searchers who conducted 250,000 financial information searches. Of that total, just 5,640, or 7.5%, ended up submitting an application for a financial product. Since they are often looking at more than one provider, your "expected" share would be less than 7.5%.

So if you are closing 5% or more of your visitors, you are hitting it out of the park. Even a 3 or 4% close rate is exceptional. On the other hand, if you are closing 2% or less, your creative and/or offer may be lacking.

JB

Online Bank and Mortgage Lead Generation

One subject that doesn’t get enough attention, online lead generation.

Now that most bank websites get more traffic than its branches, at least if you measure total number of visits*, you should be committing resources to maximizing the number of leads generated by your website.

Most banks have the low-hanging fruit covered with prominent phone numbers and website inquiry forms. But what about those prospects less willing to initiate a sales interaction?

Amerisave_logoMy favorite presentation from the recent Net.Finance conference, and one I almost didn’t attend because I thought it would be focused on offline activities, was Evaluating Online Lead Generation and Management, from Dave Herpers, Chief Marketing Officer at Amerisave, an online mortgage originator.

If you ever have a chance to hear him speak, I highly recommend it. Previously he was marketing director at DeepGreen Bank and also did a stint at Bank of America, so he has a great background in online lending.

Besides the fascinating discussion of the methodical generation and processing of online and telephone leads, he provided a number of ideas that financial services companies can use on their website to improve the number of leads available to sales people.

Action Items
As customers research products and use your online tools, allow them to have any of the results emailed to them for future reference. Customers like it because they don’t lose all the work they’ve done and it’s serves as a reminder as to where they found all the great info.

Mr. Herpers suggested the following email functions:

  • Email me the results from the mortgage/refi/HEQ calculator
  • Email me my estimated closing costs
  • Email me the rate info I was just looking at
  • Email me info on the products I was just looking at

Any customer who uses the email functionality becomes a valuable product lead.

Other lead generation opportunities:

  • Contact Me buttons
  • incomplete applications
  • Request a Consultation form
  • Rate Alerts

Amerisave_rate_searchAmerisave reports that there best leads, other than telephone calls which are always first priority, are those from customers preforming rate searches at its website (see inset).

If you’d like to learn more about the best financial online marketing ideas, check out the Interactive Financial Marketing Database from our sister publication, the Online Banking Report.