RSS has the potential to wipe out phishing and displace email as a communication tool between banks and customers. But it needs to be really simple to use before that happens, writes Simon van Wyk.
‘Phishing’, the practice of sending fraudulent emails to bank customers pretending to be from their bank, sending them to fake sites that gather their personal data and use it to drain their account, is approaching plague proportions.
All of Australia’s major banks have been the target of a number of serious attacks in the last year. Online security firm Symantec found that during the last half of 2005, 7.9 million daily phishing attempts were identified, a massive increase over the 5.7 million attempts per day in the first half of the year. Symantec expects that figure to grow even higher in 2006.
A First Data Corp survey last year found that 43 per cent of US adults had received at least one email from a phisher. Of those, about 5 per cent provided the requested information, and about half of those - more than 2 million people - ended up being victims of theft or identity fraud.
The US-based National Consumers League reports that the average loss per phishing victim is US$600, but the figure is much higher for people who end up providing personal information such as tax file numbers or social security numbers (in the US), which can be used to open bank or credit accounts or other types of fake identity.
Phishing is widespread
Phishing is becoming so widespread, its variations are taking on cute names. It used to be limited to the largest banks, but a new twist, called ‘puddle phishing’ has the fraudsters going after the customers of regional banks or credit unions, while targeting small groups or individual companies is known as ’spear phishing’.
Although Forrester Research reports that the actual financial losses from phishing remain minor compared with online credit card fraud or theft involving bank insiders, the effect on banks’ brands and reputations is stronger than these other types of fraud.
A recent Consumer Reports survey found that 90 per cent of Internet users over 18 have made changes to their online behaviour due to fear of identity theft, with 30 per cent reducing their use of the Web. A survey by email company Pontini found that 80 per cent of US banking account holders revealed phishing had affected their trust in email, with 75 per cent of those customers less likely to respond to email from their bank and 65 per cent less likely to sign up or continue to use their bank’s online services.
Little faith in email communication
Many banks are reporting that the problem is so prevalent that many customers won’t open any email that purports to be from their financial institution - even legitimate ones.
The finance industry is responding by tactics that tighten up on authentication, using devices such as virtual keypads, recently introduced locally by Westpac. However, security experts and customers have had a mixed response to the new keypad, criticising the functionality and even suggesting it could make logging onto online banking less secure. Westpac has said the tool was designed purely to reduce the risk from generic keylogging Trojans deployed on customers’ computers.
With these sorts of barriers to customer communication, not to mention more and more email being caught by spam filters, it’s no wonder that many online marketing experts are declaring that email marketing, particularly for financial institutions, is dead.
RSS is the answer
In their quest to find ways to connect with customers online without the problems of email, many financial institutions are turning to Really Simple Syndication (RSS). RSS allows people to subscribe to content from websites that offer an RSS feed, from which they can view the content on their desktops. The information is updated every time the feed is revised.
Although RSS was initially adopted by news websites as a way to keep users up-to-date on news developments, more and more commerce-based sites are using RSS to send marketing messages outside the restrictions posed by email. Phishing and spam are impossible via RSS, because subscribing to a feed implies confirmation that a customer wants to receive a company’s messages.
Although RSS has been around for several years, it is still not very well known or understood. According to a Forrester survey last year, only 14 per cent of Internet users even know what RSS is and fewer than 5 per cent say have used it. That number is low partly because some consumers are already using RSS and don’t even know it. Internet researchers comScore Networks reported that more than 30 million people had created personalised Yahoo home pages as of last December, setting up personalised stock quotes, news feeds and other information, all information that is delivered via RSS.
Banks can use RSS feeds for information such as updated mortgage rates, daily foreign exchange rates, product investments rates and information about specials. One of the first banks to use RSS, the California-based City National Bank, pushes out all company-issued news releases, as well as daily foreign exchange commentary and weekly local and international market perspectives from the bank’s experts.
Huge potential
One of the exciting things about RSS is the potential to have individual customer information provided by the feed, which could provide more security for customers and eliminate the need for email communication. Indeed, I’m excited about new RSS products on the marketplace that position RSS as the real alternative to email marketing. Providing marketers with deliverability along with measurability. And as more and more consumers start using feeds, it seems to me that RSS is a perfect solution for phishing woes.