The ultimate potential of the online channel is becoming clear. More than 87 million people manage their finances online, according to a Gartner survey. Transaction volumes continue to grow with an estimated 11 billion online transactions in 2006 and more than 24 billion online transactions predicted in 2010, according to TowerGroup. At many credit unions, online activity has surpassed other channels such as the branch, ATM, IVR and call center. Also, the costs per transaction can be significantly less expensive than other channel transactions.
Break down every barrier
Although online activity continues to increase, many consumers still do not use the online channel due to security fears. Credit unions should aggressively pursue this segment and truly deliver the trusted relationship that consumers need and expect. The stakes are high, as these members are more expensive to serve and are a target for competitors. However, successfully addressing security concerns also generates a significant opportunity for your institution, because your competitors also have an underserved offline population that you can attract with the right service offering.
Your credit union is responsible for all internal and external safeguards and there are a number of best practices for review. This article addresses consumer fears in the online channel – a problem that requires the member to be able to see improvements in policy and methods manifested in the online channel. It is important that you have an approved, enforced, and effective security policy before launching a proactive campaign addressing consumer security fears.
By directly addressing security fears, you will have a more educated and aware member population, which will bolster your security posture as members will be more apt to display secure behavior (e.g., create more secure credentials) and will be more likely to notice and report potential security issues with the more timely information available to them (e.g., e-mail alerts and prior session activity).
Ten Ways to Decrease Security Fears in the Online Channel
# 10 The ‘padlock’ icon – The simplest to deliver. The most expected assurance that the site and the user’s finances are secure should be located on or near the sign on control, and within the browser’s security status tool. When implementing a padlock icon, you should ensure that the icon is accurately reflecting the security status, and you should also realize that the icon is a label, not a security protection in and of itself. Use this visual cue to help your users understand the security measures in place, and always provide explanatory information describing what the icon means for those who wish to learn more.
# 9 Security discussion, training and education – Fear is a result of the unknown. The discussion and education you provide can help to relieve fear; it can also build confidence in both your online offering and your overall business.
# 8 Security guarantee – Providing security assurance through a financial guarantee not only reduces consumer anxiety, it also builds a stronger emotional connection with your members.
# 7 Control User ID and password – Because consumers believe that employees of the financial institution know their online credentials if the institution provides them, it is important to let the consumer select them. Users greatly prefer more control over security.
# 6 Date and time of last sign on – Providing a simple visual cue with last sign on information each time the consumer visits the site helps the user to know whether someone else accessed the system without their knowledge.
# 5 Summary of activity for current and prior sessions – This usability feature assists the consumer in recalling prior online activity; it also serves as a facility to help the consumer quickly determine whether someone else has accessed their account and what that person might have done.
# 4 Alerts – Consumers’ fear related to their online account being accessed is largely related to concerns about money being taken from their accounts. Email alerts are an excellent way to notify the user of possible unapproved activity in close to real-time. Receiving notifications of account activity exceeding consumer-defined thresholds reinforces that ‘everything is okay’ and gives the user the sense that their credit union is looking out for them.
# 3 PIN-less multi-factor authentication – Providing one more “PIN” for the user to perform transactions might be within recent federal mandates for heightened security, but it’s not very usable. Let your members know that you are also analyzing the consistency of the member’s online behavior signature (e.g., Is this the first time the consumer has accessed the online system from this geographic region? Does the consumer usually access the system at 2:00 AM? Has the member used this computer before?). Additionally, taking action to further confirm the legitimate user in cases where the user’s behavior is not consistent helps the consumer understand that even if their User ID and PIN are stolen, it isn’t assumed that someone can easily break into the online account.
# 2 Site verification – Phishing fraud is still a major concern among consumers. Providing a way for consumers to self-verify the authenticity of the online site remains important.
# 1 Control security – Do all consumers want to be able to do exactly the same things online? Of course not. Provide consumers the ability to determine what they can or can’t do online (within the institution’s boundaries) or which activities require the consumer to enter additional credentials before the user can continue.
BONUS: Security management console – You’ve got it all now. Do you? The last mile of this long journey is critical. The credit union is providing the right tools and resources, the consumer is now educated and is feeling more secure. Isn’t that enough? The answer is no. If you’ve done your job right, aspects of ‘security’ are pervasive within the online experience (as it should be). But, since security concerns remain so high, and are also becoming increasingly complex, having a central self-service security area on your online banking site is critical to gaining consumer confidence. This one-stop ‘security shop’ or ‘Security Console’ brings together the critical aspects of security awareness into one dashboard so the user can learn more about online security, manage their online credentials and online access, set critical alerts, audit prior session activity and manage their security access settings.
Go the last mile – invest in your security presence in the online channel. Millions of consumers are waiting for you….