The sorry state of bank phishing today — and what should be done about this
A story from last week’s FT Weekend portend a sorry state of people literacy with regards to push fraud — messages looking as genuine communication from their bank, but to great effect being used by organised groups to lure money as people believe their card is being blocked, or that they remit money using genuine IBAN number and routing code etc.
Where banks believe their are protecting their users by announcing the code of conduct on their website, a genuine looking website without these steps are effectively what’s blocking users from reintroducing their shallow minds on the subject. Where it’s day to day profession of bankers to identify and work with certain threats of money theft and laundering, users are getting more and more complacent on money matters — as so dictates the de-rigeur norm of online relationship.
Only partly one can address the problem through direct education, the major case rests on the side of psychology — and technology. Where norms are proposed by the mediums that dominate the timeline, those we adhere to irregularly need to follow and account for this formed behaviour. The case for data privacy, currently propagated firmly in the corporate realm, needs to have a customer facing end — to educate that sending identifiable information should no longer be the case, as should not be the open paying of legitimately looking invoices and open communication, where users are asked to identify themselves, contrary to the rule where banks should already know when they are calling their customers.
According to Santander in the UK, about 74 per cent of its customers had been targeted by scammers with phishing emails, texts and calls. It is estimated that 600 million scam attempts were made in the UK in the previous 12 months (FT).
> Rethinking authentication and payment token generation: I have already made the case that identity would benefit much more from the tokenisation tech than just payments, as increasingly its the personal data the criminals are after, to farm identities and apply for loans. So should any exchange of data be properly secured and encrypted.
This in fact may open up a new opportunity and role for banks, currently fearful of loosing touch with their customers. Personal data expertise is something that has defined banking from the beginning, where the social aspect of a transaction and money itself was about building trust from the identity of a users.
> Encypting and strengthening the communication may go via the app route — where all communications are done through a mobile banking app the user has downloaded to do its banking, so both push and voice communication can go through this medium.