American Express Spruces Up its Email Confirmations

American Express, long one of the savviest financial marketers, recently updated the look of its routine "payment received" email confirmation.

Amex_payment_confirmation_1It’s a nice change from the typical text-only message. Key features include:
– last 5 digits of card number for verification
– account login
– balance transfer offer
– Blue Cash offer

But the "Dear Cardmember" salutation is a mistake.

With all the hysteria about phishing and email fraud, the opening should be personalized, both to differentiate itself from SPAM and to insulate cardmembers (and itself) from phishing attacks. This is especially important in a communication which includes a built-in login button, an inviting target for phishers.

American Express does provide several unique identifiers: the last 5 digits of the card number, the payment date, and payment amount. But those aren’t instantly recognizable to all cardmembers. The combination of account name and the last few digits is much more effective (see Citibank article).

A  for look & feel
A- for cross sales (two offers might be a bit much)
A for self-service with five links to popular online card management functions
B- for security (last 5 digits included, but no cardholder name, no mention of how to verify the authenticity)
A- overall


If you’d like to learn more about the bank and financial services email trends, check out Email Marketing in Financial Services: Leveraging the Inbox from our sister publication, the Online Banking Report.

Citibank Fights Fraud with Personalized Emails

Citi_secure_email_closeupIt’s fitting that the financial company most targeted in phishing attacks, Citibank, would be the first to introduce a new email format that goes a long way towards helping users identify legitimate email messages.

Citi_secure_email_message The personalized emails (click on inset to enlarge) include not only the name of the recipient, but also the last 4 digits of the user’s ATM card. While simple personalization with the customer name would help many users identify legitimate emails, it’s far from fool-proof.

First, there’s the relatively common practice of including first name and/or last names in email addresses. Also, some phishers are using direct marketing tactics and first running email addresses through various databases to append actual names and other info to the email record in order to develop a personalized pitch (see ZD-Net article).

Citibank’s new email format was announced to customers through a short message on the top of the online banking screen in early May. It is also now mentioned in the bank’s main FAQ page.

This is a great first step in winning back the confidence of users. Eventually email standards will evolve so that the email client will be able to readily identify legitimate emails, but that could be years in the future.

If you are considering a similar approach, you might want to let users choose the name and identifying information that appears in the personalization box. In February, we reported on a UK security initiative that took that approach.

For more information:


Editor’s Note: Citibank received an OBR Best of the Web award for this and other security features in Online Banking Report #119, "Marketing Security."

Synovate Reports Credit Card Direct Marketing Futility


Synovate reported the results of their annual tracking study of U.S. credit card solicitations. Like the number of branches, the totals just keep growing, despite the inevitable decline in their effectiveness.

In 2004, the U.S. card issuers sent a record 5.25 billion solicitations, to about 75 million households (71% of all U.S. households). It averaged 5.7 offers per month, or 70 annually. And you don’t need a degree in economics to predict the results: record low response rate of 0.4%, down 2/3 from as recently as 6 years ago (1.2% response in 1998, see chart above).

It’s almost surprising that the average household gets less than 6 card offers per month, we’ve gotten that many in a day. And no one here has responded to an offer since the last century. 

But I digress. The point is that financial services marketing departments all over the country are looking for cost-effective alternatives. If you figure traditional DM costs $1 per piece when you load in all costs, the acquisition cost has increased from $80/acct in 1998 to $250/acct in 2004. 

And thanks to the spam overload and phishing hype, it doesn’t seem like email will be the answer anytime soon.

What’s left? It’s that captive audience called online bankers. Here is a group of customers you know extremely well, thanks to tracking their bill pay activity, and that come to you several times a week on average. Grab some of that DM budget this year and show what kind of sales you can deliver. 


eBay Personalized Email Marketing

Ebay has been on the forefront of fighting online fraud, introducing Account Guard on its toolbar in Feb. 2004 (see Online Banking Report, #105/106 and #85), as well as a number of safeguards into its service delivery over the years.

Ebay_personalilzed_email_4The auction giant recently elevated the personalization in its emails, incorporating name and eBay username, in an effort to help users recognize genuine messages.


View closeup of personalization


If you’d like to learn more about the future of financial email messaging, check out Email Marketing in Financial Services: Leveraging the Inbox from our sister publication, the Online Banking Report.

Improving the “Look and Feel” of Bank Emails

In our most recent tests, we found great improvement in the quality and
timeliness of responses to Web-based queries. However, we found that the “look
and feel” of email responses left a lot to be desired. The typical bank response
was a few lines of text and perhaps a link or two to general information. And
because of poor choices in the FROM and SUBJECT fields, the responses looked
spam like and easily overlooked.


Compare those bank messages to email responses from leading Web-based
retailers and service providers such as GoDaddy, an Internet domain name
registrar (screenshot below). Most savvy retailers use graphically
appealing HTML messages to get their point across effectively, and when
appropriate, up-sell the user on a solution that solves their problem. In the
GoDaddy example below, I asked a question about website capabilities and
received an excellent response along with an appropriate upsell into their
$3.95/mo hosting option (see note point 4 on the screenshot below).


GoDaddy knows shows their savvy in responding to customer service inquiries.
Not only is it good looking and answers my question, it arrived eight minutes
after the question was submitted, beating by three minutes the
expected call center hold time listed on the website. That’s how to deliver
e-service, faster than alternative channels. The email response grabs your
attention with a well-designed layout including the following (see
corresponding numbers above

1.      Answer to my question (at the top)

2.      A real person responding to the question

3.      Link to a privacy

4.      Banner to select the service upgrade about which I had inquired

5.      Phone numbers for customer support

6.      Repeat of my original question (not visible on the

My only major complaint with GoDaddy’s message is that it fails to identify
itself in either the email From field (it used “Support”) or the
field (it used: “Other: One page website incident 040506-001360”). 

Bank Examples

In comparison, the typical bank response is delivered in plain text with few
helpful links. Following are examples of banks responses to a general
non-customer query via their websites.  

The question posed: Do you offer overdraft protection that does not
charge for each advance?

Email response from Chase to a question about whether they
offered no-fee overdraft protection: The speedy response, 41 minutes, answered
the question correctly and concisely and provided a phone number for more
information. However, there were no links in case I wanted to sign right up for
the account I asked about. Score: A for service, D for sales. (09 Apr 2004)