USAA Hits 1 Million Mobile Users; Grabs Great Press Coverage with Remote Deposit Feature

imageThe New York Times ran a positive piece on USAA’s mobile efforts today, leading with the bank’s innovative mobile rimageemote check deposit service. A feature the bank announced in June and is rolling out this week.

USAA is the first major financial institution to use the iPhone’s camera to allow customers to upload paper checks for automatic deposit. However, it was beaten to market by tiny WV United FCU, which launched a cruder version two weeks ago (previous post).

The San Antonio-based bank with 7.2 million customers, now has one million mobile users, a 14% penetration rate, up from 11% in May. It’s the second U.S. financial institution (after Bank of America with more than 3 million; see note 1) to officially hit the million mark, though Chase/WaMu and Wells/Wachovia are believed to have passed that milestone last year.

Financial institution lesson: Mobile banking, and the iPhone specifically, still make a great story for the press (and customers). If you’re first in your market with an iPhone app, or some other mobile milestone, let the media know.

Live demo of USAA’s Deposit@Home iPhone app
Starts at 1-minute mark

1. 43% of BofA’s mobile customers access via iPhone or iPod Touch. The bank does not yet support text-banking, so it’s user base is skewed towards smartphone users.
2. For more info, see our Online Banking Report on iPhone Mobile Banking

Fallout from Rudder’s mishap, will it impact all third-party PFM apps?

imageYesterday, Rudder suffered an embarrassing email glitch that affected 732 customers. In the pre-Internet days, no one other than those few hundred customers, and a few of their friends, would have heard about it. Even in the days before blogs became common, pre-2007, it’s unlikely the story would have made it to the mainstream press.

And even last year, before Twitter, the story might have died without ever crossing over to the mass media. But when it comes to breaking news and company gaffes, it’s a whole new ball game. Everyone wants 15 minutes of fame as an investigative reporter, and Twitter is the dream platform.

I’m going to recap the problem, and how the news broke, in excruciating detail, because it illustrates the power of Twitter- and blog-fueled grassroots reporting. If you are a financial services company, think about how you could use social media to help with damage control should something similar happen to you.  

What happened at Rudder
According to the detailed description first published in TechCrunch and then later published by the company on a new blog created specifically for this issue, an email upgrade the night of May 18 caused 732 users to receive dozens of email updates containing balance and transaction information of other users. Only Rudder users with email addresses that begin with “a” or “b” received the erroneous emails because the company stopped the email job at that point after realizing the “upgrade” had gone terribly wrong.

Besides seeing the info in the email updates, the bigger security/privacy problem was that unauthorized users were able to click through email links to access the full aggregated account at (see screenshot in the TechCrunch article). However, at no time could anyone actually log in to anyone’s bank account or move money in any way.

Luckily, Rudder, like all account-aggregation companies, does not include account numbers or personal details in the updates. However, the email addresses of each user was displayed, so any of the 732 customers using an email address at Rudder that can be traced back to their real name, had their financial details exposed to hundreds of users. 

How the news broke
At 5:36 AM yesterday (19 May), Twitter user @adambassador tweeted this:


And @adambassador didn’t stop at that. He took the time to search and communicate warnings directly to several other users who’d recently mentioned “” on Twitter. Adambassador would go on to tweet 21 times yesterday about the Rudder problem.

One of the people who heard from @adambassador was financial services consultant and blogger, Mike Linskey (@mikelinskey) who’d just Tweeted about several of the PFM companies he’d seen at our FinovateStartup conference, including Mike then posted the problem to his Fincision blog at 8:04 AM, and at Mike’s request, adambassador posted screenshots of the emails to document the problem, which were then published in Mike’s blog entry.


At 10:05 AM, using Twitter, Mike alerted the blog Mashable about the Rudder problem. A half-hour later, Mashable, the fifth largest blog in the country (see note 1), posted the story citing adambassador’s tweets and Mike’s blog entry. From the Mashable blog entry (below), the problem was retweeted 115 times (see the retweet button below on left).


Then at noon, the second largest blog, TechCrunch, with more than 2 million subscribers, posted the story. And because of high comment activity, it stayed on the top of TechCrunch most of the day (see screenshot below), generating 58 comments.

How Rudder handled it
By almost any standard, Rudder did a good job responding. Although their reply took more than 10 hours since the error was first reported on Twitter, Rudder’s CEO posted a detailed comment on the TechCrunch (scroll down to his comment at 4:38 PM here) and Mashable posts, apologizing for the error and explaining in great detail what had happened. 

In addition, Rudder created a special “Rudder Update” blog (see screenshot below) apologizing, explaining the mishap and exactly what info was mistakenly displayed, and detailing the steps they were taking to fix the problem and help affected customers:

  • Turned off the email system entirely
  • Contacted each affected user individually and offered them a complimentary subscription to an identity theft service
  • Engaged an independent security auditor to survey its system and look for weaknesses
  • Published a URL for users to go in and delete their accounts if desired

Rudder did a good job considering the situation. It was smart to comment on TechCrunch and Mashable, and the new damage-control blog site was a savvy move. And the company did an exceptionally good job with the tone and wording of its mea culpa.

That said, the company could have used social media better. The company’s Twitter page (@userudder) and that of its CEO (@nikhilroy) were silent all day. A short Twitter posting, even “we’ve stopped all emails and are working on it” would have reassured users and potentially made the Mashable post less alarming. Also, the company didn’t have a blog, so there was no place where they could post periodic updates during the day. It was complete silence for 11 hours, other than the interview with TechCrunch’s Erick Schonfeld mid-day.

Impact on third-party PFM credibility
While this was embarrassing and violated the privacy of several hundred users, there will likely be no financial loss to anyone. There was no data breach or stolen account numbers. Even a single bank account statement stolen from a mailbox could cause more potential financial damage.

And even though third-party PFM providers have had a relatively spotless record for security/privacy, this mistake, now well-documented in two of the largest online publications in the world, will be cited in the media for years, to cast doubt on the security of online personal finance.

It might cost the industry a point or two in short-term market share, but it would take something much worse to materially slow growth. Even Rudder should be fine. By addressing the issue in a highly professional way on the same day, most customers will be reassured, at least those that weren’t directly impacted.

The bigger lesson here is the need for damage-control procedures that take into account the power and speed of new media (note 3). The entire episode could haveprior to Twitter and the blogospherebeen known to just a few hundred customers of a very small company, but instead traveled from a lone tweet to a large splash across the homepage of a major publication, all within a 6-hour period.     

TechCrunch featured the Rudder post on its main page most of the afternoon (19 May 2009)


Special damage control blog created by Rudder yesterday
(19 May 2009; link)


1. Ranking by Technorati authority (here)
2. Thanks to Mike Linskey for the tip yesterday morning.
3. Also, account aggregation users should use an email address that is not directly associated with their name.

Target Taps Customers via Facebook to Designate Recipients for its Corporate Giving

imageTarget is running a clever Facebook promotion that allows Facebook users to allocate the retailer’s $3 million weekly corporate donation among eight pre-selected charities. I heard about it in an email from the Red Cross encouraging its supporters to go to Facebook and vote more of cash its way (see screenshots below).     

How it works: When Facebook users vote, they are given the opportunity to automatically publicize their activity with their friends (see second Target screenshot). Finally, after a vote, Target shows the running totals for each charity. As of today, nearly 70,000 votes had been tallied.

Analysis: This is a good way to leverage social networking. Not only is Target reinforcing its brand, and its commitment to donate 5% of its income to charity, it’s created a non-intrusive viral campaign with both Facebook users and the charitable organizations motivated to spread the word. Nicely done.

Opportunity: This approach would also work great for a financial institution.

From Target website (link)


Target’s voting page on Facebook (14 May 2009)


Voters are given the opportunity to spread the word to their Facebook friends (14 May 2009)


After each vote, Target displays a running total (14 May 2009)


Bank of America’s Second Blog Supports Mobile Banking

image When researching yesterday’s post on BofA’s iPhone app, I searched Google for “Bank of America mobile banking” and ended up at the bank’s mobile banking news blog (see screenshot below).

This is the second blog the bank has launched in recent months. The first supports its MIT Center for Future Banking (post here).   

While purists may claim this latest effort is not really a blog because there are no community features such as comments, it’s updated infrequently (5 posts in 3 months, see note 1) and appears purely promotional in nature. The bank doesn’t even refer to it as a blog. The official title is: Mobile Banking Media Center for Bank of America.

But it’s laid out like a blog. The content is arranged in reverse chronological postings, with categories/tagging/permalinks. The variety of content includes YouTube videos, and you can subscribe via RSS feeds.

That’s a blog to me, and a very good one at that. While the core audience consists of press and analysts, it’s a great resource for anyone interested in the bank’s mobile offerings. And as my search yesterday proved, Google has rewarded it with a high organic result, the first position on my search. That can potentially save the bank hundreds of thousands of dollars in search-engine advertising.

Bottom line: Call it what you will, but BofA demonstrates one of the most effective uses of the blog-like format: supporting PR and educational efforts for a new strategic effort (mobile banking) in an easy-to-follow and easy-to-administer format (see note 2).

 Bank of America mobile banking blog (21 Jan 2009)

1. There are five posts on the homepage, but if you drill into the top categories, you’ll find some older press releases.

2. For more ideas, see our Online Banking Report on Bank 2.0 Techniques

3. BofA’s new Blackberry app is shown at the top of this post.

Scooter Loans from "Green" Credit Unions

image According to the Wall Street Journal, scooter sales in the U.S. are up 25% compared to last year (article here). While still relatively rare in U.S. cities, I have a feeling that 10 years from now, after a steady diet of $5/gal gas, American cities will look more like their European counterparts, with scooters zipping about everywhere.

For banks or credit unions, this might be the ideal time to jump on the scooter bandwagon by helping customers buy the energy-efficient vehicles. It would be a great way to grab a little PR boost during the slow summer-news cycle, and with some models selling for $4,000 or more, you could boost vehicle loan outstandings by a measurable amount.

A brief Google search located two financial institutions pushing scooter loans, both appropriately with “green” in their name: South Burlington, VT-based Green Mountain Credit Union and a Wisconsin-based credit union (who’s name we removed at their request in Aug. 2010 because the offer is no longer available and they still get inquiries from this post). 

Evergreen is promoting a special one-day, 3.99% scooter loan on its homepage (see screenshot below and note 1). The Saturday morning event, conducted in partnership with a local scooter dealer, included test rides, free hot dogs, and prize drawings. The CU also gave away a scooter earlier this month as part of its 50th anniversary special.


  • Incremental loan originations: If you are a good relationship lender, the $4,000 scooter loan today could lead to many $25,000 car loans in the future. 
  • Search-engine marketing: Currently, there are no direct ads running on the keywords “scooter loans,” although you will compete with several advertisers displaying against the generic “loan” in the search term. There are also few organic results for the term, so there’s a good chance an SEO-optimized landing page would rate highly in Google results.
  • Leverage branch parking: One of the problems with urban scooter use is lack of available parking. Branches with parking could turn over one or more spaces for customers with scooters, creating good will, as well as the occasional picture on the 5 PM news.
  • Public relations: Anything that saves gas makes for a good story this summer and beyond. It can also be pitched as a “green banking” story, although it’s not a pure environmental win. The gas savings are easy to see, but scooter emissions can be significantly higher than those of the automobiles they replace.
  • Starter loan/credit: If you can convince your underwriting staff to accept applicants with limited or no credit history, the scooter loan could be a great way for young adults to build a credit file and improve their credit score (thanks, Andrea, for the idea)
  • Customer acquisition: Scooter loans could be a great way to introduce younger consumers to your financial institution.
  • Trendy icon: At least for urban customers, the scooter, especially the classic Vespa look, makes for an attractive graphical image, conjuring up memories of trips to Italy, or at least movies shot there on location. Your scooter program could make for good website content, eye-catching outdoor feel (great bus ad!), and or a nice flourish for other media efforts.
  • Strike a deal with Scooter Financial: The number one result at Google for “scooter loans” is Scooter Financial, which does exactly what you’d expect, make loans to buy scooters. Given their name and Google pagerank, they could be an ideal company to partner with.

Cons and potential problems

  • It’s an asset easily hidden from the repossession agent, so it’s harder to use the repo-threat to enforce outstanding debt. 
  • The accidental death rate for scooter owners is about 65% higher than that for cars; so you might want to be careful how much you push it as an “automobile alternative.” But the news isn’t all bad: Scooter owners are much less likely to perish than motorcycle owners. 
  • Most gas-powered scooters release significantly more pollutants than most automobiles.
  • The smaller loan sizes may lead to little, if any, profits.
  • Not a big market overall.

Green Mountain Credit Union homepage promotes 6.49% scooter loans

(21 May 2008)

Scooter loans from Green Mountain CU homepage

Credit Union homepage promotes Saturday “scooter loan” special (21 May 2008)


Giving the Gift of Microfinance

Instead of giving yet another gift card, how about making a difference for someone 5,000 miles away?  The biggest online microfinance lender, Kiva, with $12 million loaned to date, offers gift certificates (here) as does Danish microfinance startup, MyC4, that just launched its public beta in September and offers microloan gift certificates (here).

The recipient of the gift certificate logs in and chooses an entrepreneur to assist. For example, the inset is from a listing for a Cambodian village looking to Kiva for $600 to purchase a second cow and a motorbike trailer.

For your kids, it's a great lesson in business, demonstrating how a small amount of capital can make a huge difference in someone's life. And it's a gift that keeps on giving. As the loan is repaid, it can be lent back out to someone else.

Kiva Gift Certificate

MyC4 Gift Certificate

"Prosper Days" User Conference Videos Repurposed to Educate Customers

Prosper is one of the few (only???) national retail financial services companies that holds a users conference. The second annual Prosper Days is scheduled for Feb. 25/26 in San Francisco (more info here) and costs $55 in advance or $75 after Jan. 31. This year, they've added a famous keynoter, Freakonomics co-author Stephen Dubner. I will also be on stage later as part of a panel discussion of bloggers covering the space.

The conference is an excellent idea, creating a buzz around the company and providing a platform for its most loyal customers to share success stories and network. It's a model eBay has used successfully for years. The addition of Dubner should increase press coverage and attendance.  

I'm also impressed at how Prosper reuses the content created for the conference. The sessions are recorded and posted to its website to help educate borrowers and lenders. A total of ten videos are available here (see screenshot below).

Banks Scarier than Criminals. Really?

You know you are losing the PR battle when headlines like this begin to appear:

The point of Tuesday's column from MSNBC's Bob Sullivan, is that consumers fear overdraft fees more than fraud. Hmmm….would that have anything to do with the fact that customers PAY for overdraft fees while the bank picks up the tab for most fraud?

But even overlooking that minor piece of common sense, how does annoyance at overdraft fees equate to being "scarier than criminals?" The headline does a disservice to Sullivan's well-researched and thoughtful column.  

What Banks Should Do
While the headlines will hopefully be a bit more objective, expect more of the same in the coming year. Overdraft fees are becoming a big story. And as the 2008 election cycle kicks in to full gear, expect more grandstanding from politicians on both sides of the aisle. No one wants to be on record as being "for" overdraft fees, or any bank fee for that matter.

Banks need to do two things to head off a PR disaster and avoid pricing caps and/or more regulation from Congress:

1. Look hard at overdraft fee policies including both size and timing of the charges. And if you do find a way to cap/lower or lower overdraft fees, wrap that news in a big bow and deliver it to your customers for the holidays. And if you have a lower fee than the big banks in your market, by all means, let your customers know.  

2. Proactively sell overdraft protection options and balance-awareness services such as online/mobile banking and low-balance alerts via email and text message.

And one more thing:

In press interviews and marketing messages, eliminate all references to "courtesy" and "a service for our customers" in describing overdraft fees. Stay on the message that the onus is on the customer to track their balances. Here's a great response, ABA congressional testimony quoted in the MSNBC article:

The bottom line is that customers are in the best position to know what their actual balance is — only they know what checks they have written, automatic payments they have authorized and debit card transactions they have approved," Nessa Feddis, a spokeswoman for the American Bankers Association, said during congressional hearings earlier this year. "Simply put, consumers are in control of their finances and can avoid overdraft fees.

Facebook Battle: Students 1, HSBC 0

My teenage son has just starting "Facebooking," and he loves it. It's his first foray into social networking, and I can tell he'll be a user for the rest of his life, or at least until something better comes along.

Those of us who are merely parents of social network users often find it difficult to understand its power. In my son's circle, Facebook IS the Internet. It's where every online session begins and ends and where important social connections are made and nurtured. That's why strategic investors such as Microsoft, Google and others are said to be giving Facebook as much as a $10 billion valuation (see previous coverage here).  

All this has enormous implication for every retailer and service company on the planet. It amplifies word of mouth exponentially. Remember the old adage that every disappointed customer tells 10 people about their problem. With the instant broadcasting capabilities, an unhappy customer can now share his/her thoughts with 100+ Facebook friends with a single click (note 1).  

And it's not something that is 15, 10 or even 5 years away. It's happening today. Case in point: this summer HSBC (UK) was forced to reverse a policy change that would have ended a common perk for U.K. student banking accounts, a multi-year grace period for overdraft credit lines with limits up to US$3,000 (see HSBC student page here).

Local students were so taken aback by this change in account terms, they formed a Facebook group called, "Stop the Great HSBC Graduate Rip-Off" (here or see screenshot below). Apparently the group was planning to rally its 5,000 members into a little civil disobedience. The group was hoping to cause customer service headaches by flooding the bank's branches, and overloading teller lines, with student customers asking for detailed explanations of the new fees.

According to news reports (here and here), the bank quickly backed off the rate change and reverted to the liberal interest-free borrowing guidelines.

You should be using, tracking, analyzing, and brainstorming about how to tap social networks for sales, marketing, service, and recruitment.  


1. And the simple click-and-complain activity can be broadcast to every friend before the disgruntled customer has a chance to cool down (and/or sober up) and think through the issue in a more rational way.

Bank of America Launches SafePass, but You’d Never Know From its Website

If you were in the office yesterday, you probably heard about Bank of America's announcement of SafePass, an optional out-of-band authorization technique for high-risk online banking transactions. It was all over the news, including the trades, blogs, and a few mainstream press articles. Here's the press release.

The system, common in many countries, but available only at Citibank in the United States (previous coverage here), sends users a 6-digit code via text message. The code is then entered at BofA's website to authorize larger transfers, new bill-pay merchants, new accounts for funds transfer, or to login from a new computer, not previously "registered" for online banking. VeriSign developed the technology.

The service will roll out across the BofA empire this year, with many customers having it as soon as next week. Next year, a wallet-card token "SafePass card" will be offered for customers who don't have text-messaging capabilities on their phones.

SafePass is a solid enhancement to security, at least perceived security, since it probably won't do much to cut down on actual fraud losses. It's already pretty difficult to get through BofA's security gates and pull money out of someone's online account. The bank did the right thing in making it optional. Only the paranoiacs, road warriors, or those with unusually high transaction amounts will want to undergo the extra steps.   

So while it may be ho-hum in terms of fraud reductions, SafePass is brilliant marketing (note 1). It's a tangible and easily understood copy-point as to why one should choose BofA over the other 15,000 U.S. financial institutions. Think of the bragging rights they now have (all firsts are U.S. only):

  • First to integrate mobile messaging into the authentication process
  • First to offer optional extra security
  • First to safeguard the process of adding a new bill payment payee
  • Potentially first to offer choice of token or mobile text message for out-of-channel authorization
  • Only bank able to put "SafePass" on their websitea very good name
  • Able to say, "no one has more security options than us"
  • Able to say they are a "pioneer in security enhancements"
  • Able to they "put the customer in charge of their own extra security"
  • And so on …

Congratulations to Bank of America for once again raising the bar in online security.

While I like what the bank has done, once again I find it astonishing that even 48 hours after releasing the news in a press release here, THERE IS NOTHING ON THE BofA WEBSITE ABOUT IT. A site search for "SafePass" pretending to be from North Carolina, New York, or California results yields just a single obscure business insurance product. Bank of America's search doesn't even return the press release announcing the service!

SafePass is also not mentioned in the bank's security, online banking, or mobile banking sections. I've worked in a Fortune 50 company, so I understand all too well how hard it is to sync advertising, PR, sales, and so on at a huge company. But with 22 million active online banking users, you'd think BofA would be a leader in syncing its website to its marketing plan. 

Am I being overly critical?  It's certainly worth writing about. 


1. For more information on the synergy between security and marketing efforts, see our full report on the subject at Online Banking Report.

Hancock Bank Approaches Hurricane Season with Proactive Approach

If you live in the U.S. hurricane zone, the memories of the summer of 2005 are still all too fresh. That's why it's great to see Gulfport, Mississippi-based Hancock Bank take a proactive approach to storm season with its "storm readiness" plan released in a June 1 press release (here).* 

While normally, your disaster planning efforts rate no more than a deep link on your website, Gulf Coast residents need more prominent reassurances. Hancock does a great job reassuring customers in its press release covering these four areas of storm preparation: 

  • Designated certain branches "lighthouse branches — beacons to safety." These branches stay open as long as possible and re-open as soon as possible. Emergency procedures for employee communications, food, shelter, back-up power, and fuel are detailed.
  • Offsite backup for its website and online banking so there will be "virtually no downtime." 
  • Data center precautions, including safeguards at its main center, dubbed "the fortress," plus plans for emergency off-site backup.
  • ATM system procedures and priorities in the event of a prolonged emergency.

Overall, this is a good press release and sound plan, especially the concept of "lighthouse branches" which play off the company's logo and branding. It should receive good play in the local media.

However, I couldn't find this info anywhere on the bank's website, other than the press release buried in Investor Relations. This time of year there should be a prominent link to the bank's plan on the homepage or at least in the personal banking section. If you were looking for a new bank in the Gulf area, this would help your decision.

And financial institutions should do even more by making online banking and electronic communications prominent in the disaster plan. Here are eight additional ideas. While, some would require product development, they are relatively minor projects. Financial institution benefits are in italics.  

  1. Create a "customer communication plan" that send emails or text messages to customers to keep them informed of developments with branch, ATM, and online banking outages. 
        Helps bump up online banking and email registrations. 
  2. Remind customers how important it is to have up-to-date email addresses and cell phone numbers on file. 
        Helps improve your delivery rate on marketing and
        service messages.
  3. Since customers may not have power, they may need to rely on mobile phones for information. And since waiting on hold uses up precious phone charge time, create a call-back plan for emergencies. Customers would call or text the bank requesting a call back on their mobile.  
         Helps differentiate you from the competition.
  4. Create an "open branch & ATM" query. Customers could send a text message requesting a list (with address, phone number) of all open branches and ATMs.  
         Again, differentiates you from the competition.
         And if ever needed, will help create lifetime customers.
  5. Let customers use designated branches to charge phones or laptops in the event of widespread power outage.
         More differentiation and customer advocacy.
  6. Develop a blog that can be used to keep customers apprised of any changes to banking services. Several employees should be prepared to update the blog through mobile phones if power was out. And at least one person should have access to a satellite phone so they can remotely post updates to the blog (perhaps working with someone outside the disaster zone, who can do the actual typing/posting).
         Another great relationship builder.
  7. The Web-based branch finder should include a search for "lighthouse branches." 
         Expose your impressive disaster preparations to
         prospective new customers.
  8. Refer customers to disaster preparation website resources for so they can put together household stockpiles and family communication plans.
         More customer advocacy, not to mention the "right" thing to do. 

*Full disclosure: We have done some website evaluation work in the past for Hancock Bank.   

The Title Says it All: "Online Banking: Protecting the Earth and Yourself"

A few days after our recent post on pro-environment banking programs (here), we were greeted with this headline in yesterday's Seattle P-I:

Seattle PI article on online banking benefits

The tide has definitely turned in media perceptions of online banking. Here's a short history of the mass media view of online banking:

1994 to 1997: Sounds good, but what is it?

1998 to 1999: All things online are great

2000 to 2002: All things online are over-hyped

2003 to 2006: Is it really secure?

2007 to ???: Protecting the earth and yourself 

Naturally, I think online banking is great, but I never expected to see it elevated to motherhood-and-apple-pie status. The PI article (here) uses recent NACHA and Javelin numbers to recommend online banking both for its paper-saving and identity-theft prevention benefits. Time Magazine (April 9 issue) also listed "paying your bills online" as one of 51 things consumers can do now to help the environment (here).

However, Time might need to beef up the math skills on its fact-checking team. The article says paying all bills online would save 1.6 billion tons of paper. That would be more than 2,000 pounds every month for every U.S. household, even I don't get that much junk mail. I'm guessing they meant 1.6 billion pounds not tons, which would be about 15 pounds of bills per year per household.