Tech can’t solve security solo

With the growing popularity of digital banking, fewer and fewer people are utilizing their bank’s human resources, instead relying solely on websites and mobile apps to satisfy their banking needs. However, some things, such as customer security, simply cannot be left up to technology alone.

One of the biggest threats to the security of bank customers is wire fraud. Recently, criminals have realized that if they contact a bank claiming that they are unable to initiate a simple wire transfer, or access a certain service, the bank is usually more than helpful in giving them the access they require. This often leads to wire fraud losses, false transactions, and even stolen identities.

Bank employees cannot rely solely on emails and system requests when it comes to moving customer’s money. (Indeed, the growing “business email compromise” scam was among the technology risks highlighted recently by the Comptroller of the Currency.) They must follow explicit procedures with each individual customer to ensure the security of everyone.

How to build a security foundation

The first way a bank can ensure security is by taking the time to understand each customer’s specific needs.

At the start of the relationship between bank and customer, bankers should sit down with the individual in a face-to-face meeting to go over the products and services they will be accessing, as well as what they are looking for out of their banking experience.

Establishing human contact is essential. Onboarding new customers should not be handled by technology alone. Knowing what customers look like, how they speak, and what they want are valuable pieces of information that bank employees can use to verify sensitive requests in the future.

It is also important for the banker to take this time to educate the customer on serious security threats that can be prevented from their end. For instance, the customer should be warned not to put anything on the internet that they would not want the general public to know. It has grown increasingly easy for criminals to find sensitive information online and use it to their advantage.

Perform customer due diligence

In addition to meeting each person at the start of the relationship, banks must underwrite every customer. This includes determining specific limits for the transactions the customer will make, as well as pre-approving the customer for the limit that has been agreed upon by all parties.

If there is a documented agreement between bank and customer, it will be much harder for an unauthorized person to violate the customer’s security.

Of course, an agreement means nothing if the parameters of that agreement are not strictly enforced. The bank should constantly look for, and question, any anomalies in wire transfer requests, including payments to new accounts, new account information; higher or lower transfer amounts than normal; and inconsistent methods of initiating a request.

Have to follow it to make it work

Enforcing the proper internal protocol is arguably the most important step that a bank can take to ensure the security of its customers.

The first part of this is alerting the customer of the procedures upfront, so that they are aware of the steps that will be taken in the future. For instance, banks should always implement callbacks to vocally confirm wire transfers, as well as ask for specific details in order to uncover possible fraud. Bankers must always act as a human check to digital processes.

In an earlier Banking Exchange article, the focus was on criminals with clever email domain names that may fool even the most updated automated systems. Unless carefully checked by a bank employee, [email protected] could easily pass for [email protected].

This is more work for the bank, and the customer may not be granted immediate access should they accidentally lose access to their account or require an increased transaction limit. But the security threats that these steps eliminate are huge.

Doesn’t work without training

In order to properly implement these procedures into every bank branch, employee training must be provided and constantly reinforced. Not only will this help with customer security, but it will also keep internal processes running smoothly in preparation for regular compliance audits.

If all banks would take the time to understand each customer’s needs, underwrite their actions, and enforce proper internal protocol, both customer security and the necessity for bank branches would be greatly increased.

About the author

Ruth Razook is founder and chief executive officer of RLR Management Consulting. The firm consults with community banks in four primary categories: technology, regulations/compliance, operations, and M&A. For more information, visit www.rlrmgmt.com