Why education is the key to digital security

Build on your relationships with customers by helping them stay safe online.

By Colleen Morrison

When it comes to mobile banking security, the benefits of customer education extend beyond simply protecting customers and the institution. Customer education also supports the adoption of mobile banking and payments.

Fiserv’s July 2018 Expectations & Experiences: Consumer Payments Survey homed in on the importance of customer education for further adoption. One-third (33 percent) of consumers say there are mobile banking features they would like to use, but they don’t know how.

Yet, as well as “how-to” knowledge, community banks need to provide insights on the strength of their security measures to truly drive mobile use. The Fiserv study also found more than half of consumers (53 percent) say they strongly distrust internet security and privacy generally.

“Historically, as an industry, we’ve been pretty loath to talk to our consumers about what it is we actually do to secure the data.”
—Justin Jackson, Fiserv

“One of the biggest things that we can be doing is educating our users,” says Justin Jackson, vice president of integrated payment solutions at Fiserv. “Historically, as an industry, we’ve been pretty loath to talk to our consumers about what it is we actually do to secure the data. The last thing that we want to do is hand a fraudster a blueprint, but I think sometimes that pendulum has swung a little too far.”

Information-sharing experts agree. With customers acting as an entry point for certain types of cyberattacks, an educated consumer becomes a partner in security.

“Institutions use a layered security model to cover a wide area of different threats,” notes Jeffrey Korte, director of community institution and associations, Financial Services Information Sharing and Analysis Center (FS-ISAC). “By educating their customers, institutions strengthen their layered security by helping make customers part of that security net.”

And, as the demand for and use of mobile banking and payments grows, so does the corresponding need for customer education.

A growing need for knowledge

Mobile banking use has risen steadily in recent years. In fact, the Federal Reserve Board’s Survey of Household Economics and Decisionmaking (SHED) reports that in 2017, about half of U.S. adults with bank accounts had received electronic alerts (often through mobile device) in the past year. Another report from the Federal Reserve Bank of Boston found that one-third of consumers made a mobile payment in 2017, up from about 25 percent in 2015. “Consumers are clearly expressing a preference for digital,” notes Jackson. “[They] are looking to their bank to be that trusted advisor. We can be that expert for them, and we can help our users.”

That help may come in the form of cybersecurity education. In fact, studies emphasize opportunities for banks to bolster the use of mobile solutions by providing education on the safety and security of these platforms.

The Federal Reserve’s 2015 Mobile Survey found that concerns about security may hinder customers’ mobile use. When asked about the perceived safety of personal information on mobile banking platforms, occasional users—defined in the study as task-only users—reported it was very unsafe or somewhat unsafe (54 percent) or said they did not know (14 percent). In a similar vein, the Fiserv study found that of those who do not use mobile banking, 57 percent point to security concerns as their primary reason for not engaging.

“There’s an awareness problem, a perception problem related to security,” Jackson reiterates. “Talking to the consumer about what we have in place and how we react if something does go wrong goes a long way to addressing the misperception that there’s a security challenge with these digital options.”

Making it personal

That ability to connect with and educate customers is right up a community bank’s alley. It may be that a community bank’s biggest asset—its close relationships with customers—is the key to increasing use of mobile banking and payments, as well as boosting its security. “Education through a natural conversation is still the best option,” states Chad Killingsworth, software engineering director for the Banno Platform at Jack Henry & Associates. “I vividly remember a day my bank called me because a person was attempting to cash a large check from me, and they wanted to validate that it was legitimate. It was, but I very much appreciated that phone call and felt all the safer knowing that they took the time to verify things. Why should the digital channel be any different?”

That verification and trust-building process may also involve security awareness training with bank staff and with other institutions. As IBM notes, people are the first line of defense in cybersecurity.

“Think of information sharing like a neighborhood watch program,” recommends Korte. “One homeowner sees suspicious activity at a neighbor’s home and alerts others in the neighborhood. The more institutions share, the less likely they will be victims of a cyberattack.”

Quick stat


Percentage of consumers who “strongly distrust” internet security and privacy

Source: Fiserv

The information-sharing process helps community banks keep up to date on emerging threats. It also positions them even more strongly to do what community banks do best: connect with their customers.

“I had a client last year who was a snowbird client. He was preparing to leave the area, and he was having some challenges in online banking,” says Sarena Barker, vice president of Plumas Bank, a $765 million-asset institution in Quincy, Calif. “It was a great opportunity, because I said, ‘Let’s take a look at some of these other security options that we can put in place for you.’ We got the security stuff all dialed in.”

And this is where human nature comes into play. If a customer fully understands the protections that a community bank has in place around mobile banking and payments and feels connected to the institution, he or she becomes that much more likely to try new bank solutions.

“It’s highly important to us that we’re educating clients on all of the banking products and services,” says Amber Marshall, assistant vice president and security officer at Plumas Bank. “When we’re having these conversations, it does establish a stronger relationship, where they’re putting more trust in our ability to provide these services.”

In addition to personalized dialogue, banks benefit from using multiple communications channels, including everything from traditional print flyers at the branch to secure messaging to social media.

“You cannot overeducate your clients [on security]. You have to use every single forum that is available to you.”
—Sarena Barker, Plumas Bank

“You cannot overeducate your clients [on security],” Barker points out. “You have to use every single forum that is available to you.”

Marshall concurs. “Consumers are the frontline defense when it comes to combatting financial-related crimes. They are the most important as far as bank security measures.”

10 online security tips for customers

Pass on these tips when you’re talking to customers about online and mobile banking security.

  1. Protect your mobile phone using strong passwords for applications. Think of your mobile phone like you do your tablet or computer, and use the same safeguards.
  2. Keep your phone’s operating system and apps up to date, and use mobile phone security software. Antivirus and anti-spam apps ensure your phone has its own security.
  3. Don’t click on emailed or texted links from unknown sources, and don’t open messages from unknown senders. Go directly to a vendor site rather than clicking on a link. Once you’re on a webpage, look for https:// or the green padlock icon in the search bar to ensure the site is secure.
  4. Don’t store bank account information and/or an unsecured list of passwords in your phone.
  5. Research apps before downloading. Customer reviews can be a good way of spotting suspicious apps.
  6. Turn on and use geolocation with caution. Turn it off when you aren’t actively using it.
  7. Never connect to unknown WiFi networks. If you do, don’t use mobile banking apps or conduct other confidential transactions.
  8. Don’t email or text confidential information, including your name in conjunction with your date of birth, social security number and/or bank account number. Legitimate businesses will not ask for information this way.
  9. Log out of mobile banking apps after you complete your business. Close your session.
  10. Monitor bank account activity and report unauthorized activity to your bank immediately.

The FDIC also offers a downloadable consumer education brochure, “A Cybersecurity Guide for Financial Institution Customers.” For more information, visit bit.ly/fdicsecuritytips

Colleen Morrison is a writer in Virginia.