Should Financial Institutions take greater responsibility for personal data theft?

Cases of identity fraud are on the rise, unlike public awareness on the issue. Can financial services institutions use this as an opportunity to build deeper, more meaningful connections with customers?

In many countries, individuals are now more likely to be a victim of fraud than any other crime. And in today’s technologically advanced, and often turbulent, economic climate, the opportunities for cybercrime and fraud are greater than ever before.

Traditionally, banks have invested a great deal of time and money in fraud and data protection and, every time a consumer carries out a transaction, technology monitors it and flags up any anomalies compared with regular behaviour patterns. But, with privacy and data protection increasingly in consumers’ hands and the nature of potential threats becoming so varied, banks’ defences are no longer strong enough to cope alone.

The very nature of fraud is changing and criminals are seeking to take control of an individual’s affairs through their online passwords or by gaining access to sensitive information via people’s social media accounts. Customers’ poor data management practices can really increase the frequency and extent of the fraud threat. Research by Telesign shows that 54% of people use five passwords or less for their online activity meaning that a fraudster can take control of large portions of a person’s affairs relatively easily. Likewise, the rise of the dark web, where personal data can be sold so easily with complete anonymity, means that there is an attractive marketplace for both opportunist and organised fraudsters.

With a constantly shifting fraud landscape, there is a lack of clarity around whose responsibility it is and how to best protect against fraud, which leads to dangers for all concerned. For banks and businesses, it is likely impossible to avoid reputational damage and the potential loss of customers if they fail to adequately support their customers in cases of identity fraud. According to Simon Borwick, director in the cyber services team at Deloitte, many organisations are failing to prepare themselves against the range of cyber attacks: “Cyber security has moved beyond simply being an IT issue; it is now a business-wide risk which requires immediate attention at the highest level.” Likewise for consumers, reliance on security provided by their bank and the lack of awareness around identity fraud results in a failure to take responsibility for their actions online. Given that the world is increasingly reliant on the internet, it is ultimately everyone’s responsibility to try and protect it.

Equally, the current situation could be regarded as a source of opportunity for the banking community. Firstly, they can educate consumers about the risks and steps they can take to protect themselves as evidence shows that consumers simply don’t understand the risks. Indeed, this is a view that is supported by senior analyst at Aite Group, Shirley Inscoe: “In order for financial fraud to decrease, consumers must play a role… consumers are not changing their behaviour in a way that indicates an understanding of risk and a desire to protect themselves.” By enabling people to make better security and fraud prevention choices that are backed up by relevant and knowledgeable support when things go wrong, banks can enhance their reputation with customers. This should increase a customer’s emotional affinity and loyalty to their bank – and reduce the amount banks pay out in relation to fraudulent activity.

Banks are also generally among the most trusted brands by consumers when it comes to data security – the Symantec State of Privacy Report in 2015 revealed that banks were trusted by 66% of respondents with their data and only hospitals and medical services were more trusted at 69%. This means that a great deal of goodwill and brand value already exists for financial services institutions that they are currently failing to maximise. It is clear that protecting information is important to consumers and so banks should be looking to evolve their propositions and capitalise on this. For example, if a bank extends its reach into a consumer’s life by providing secure data storage services to help individuals protect their digital footprint, the feeling of trust can only grow.

Of course concerns may well exist among the banking community about going down this road, as it could lead to greater reputational damage if a data breach ever occurred. However, technological advancements, such as the use of biometrics in securing transactions, should help to nullify these fears. If consumers start placing greater trust with their bank and put them in control of securing their digital assets too, this will, ultimately, make the decision to change banking provider that much more difficult, an opportunity that is too great to ignore.

Perhaps the time has come for financial services institutions to look beyond the threat and instead see the challenge as a potential opportunity. An opportunity to help customers protect themselves – which automatically makes a bank’s own defences that much stronger – and one for financial services institutions to place their organisation at the centre of more areas of a person’s life, thus preventing customer churn and fostering deeper, longer lasting relationships with consumers.

By Steve Parsons, vice president of international product development at Affinion