In earlier reports, we looked at long-term strategies to improve security and prevent unauthorized account access from ID thieves and mass phishers (see OBR #100/101, #93/94). This report looks specifically at recent user education efforts against fake emails and potential solutions, both short- and long-term.
While monetary losses from these incursions are relatively small, the bigger issue is lost trust, making it harder to use the online channel profitably. We’ve even heard that some banks are considering eliminating all links from email messages, a move that if widely adopted, would be a major setback to the industry.
Before surrendering to the crooks, we recommend some less-drastic approaches involving user education and digital signatures (see pp 2-7). We recommend using email messages and a dedicated website security section to do the job (see pp. 2-4).
But go easy on the scary homepage messages. You can be sure the media will do a fine job of creating fear, uncertainty, and dread among your online customers. Your job is to make customers feel more secure, not less.