Question: Have you let password fatigue affect you and your financial security?
Partnering with consumers is one of the strongest ways to fight fraud. And it’s clear that many consumers want to take part – more and more are adopting apps that enable them to turn off and on payments cards from their phones, thus protecting against use of cards that have been misplaced or lost. But as fraudsters continually evolve their methods, it’s incumbent upon financial institutions to make sure they partner with their customers in the right way so both sides can be as secure as possible.
New roles vs. old needs
Banks have evolved from mere vaults and payment facilitators to stewards of customers and their money – particularly, when it comes to protecting against fraud. That’s why strong authentication – e.g., sending digital codes to consumers to enable online account access – and other safety nets have become so common.
Unfortunately, that focus on building new security tools has some financial institutions overlooking older, more basic steps they can take to help their customers stay safe. For instance, have you reminded your customers lately to change their PIN and password? Do you encourage them not to reuse passwords across accounts? Have you recommended they closely review their statements for suspicious activity, or explained to them that fraudsters often steal in small dollar amounts so that the payments are overlooked? It’s also important to make sure your customers follow the spirit of your security measures, not just the word. Recent FTC research found that, even among people who change their passwords regularly, the passwords are often weak, and the changes made often are so subtle that a new password can be easily hacked if you know a past one.
The problem often is password fatigue. There’s a good chance you don’t even know the number of passwords you have, much less the passwords themselves. A good choice to overcome that problem is to use software that securely stores passwords for you. But only eight percent of consumers use them, according to a survey by Siber Systems in the United States and the UK.
Is there a better mousetrap?
Fortunately for financial institutions and their customers, there is a new answer: digital identification. Digital identification takes tokenization to a new level of security; consumers register once to access multiple accounts with participating financial institutions and retailers. Instead of using passwords, digital identification leverages data analytics and authentication technologies such as biometrics and device profiling – the person’s mobile phone, tablet or computer, for instance. That combination of things only the proper customer would possess has the potential to render passwords obsolete.
Here’s how it works:
As a trusted partner in protecting people from fraud, banks should be more proactive in communicating with their customers to remain diligent – e.g., sending out reminders to customers to change their passwords and check their statements carefully. They also need to take advantage of available tools – card controls, texts (or emails or phone calls) to verify purchases and more – while keeping an eye out for tools that will keep them on the leading edge of the fight against fraud.