Community

Hi Kalle,

YES - I'm saying that by NOT sending email to customers and educating them on what to expect, their customers are left wide open to phishing attempts.

Banks have tried the "We will not send email" route and the sad result is that phishing has increased.

So my view is that we can't stop phishing. We can make it more difficult by adding technology and education to the mix. A good start is adding SPF to your DNS and DKIM to the email headers (effectively signing the mail as authentic). These 2 technologies alone will have a huge impact on the amount of phishing email that actually gets to the inbox.

But more important is that education of what to look for in legitimate email is the key to reducing the number of victims of this type of fraud. If customers are receiving legitimate emails that enable them to identify that the emails are from their bank (personal data in the email) then when the phishing emails arrive it will be easy to spot them.

I don't think this will eradicate phishing as a fraudulent activity - but if we reduce its effectiveness then we're part way to winning the battle.

The legitimate emails should have features that can't be easily replicated - like the last 4 digits of my account number and mobile phone. This information on the face of the email enables me to know that the sender is someone that knows me.

I'm not saying that a fraudster can't get hold of this information - but the process of sending millions of phishing emails out so that you get a tiny % of people to click that link will be much harder if you need everyone's details.

Part of what I'm saying is a reality anyway - banks are sending millions of marketing and service emails every month. What they need to do is be consistent in their identification, authentication and verification tools and techniques and ensure that they educate their clients about these every time.

The reason that there are still so many cheques is that the fees are not yet aligned to the costs. 

As per the comment above - once the true costs of processing each cheque are charged to the drawer and the payee, then the use will drastically drop until it is only used for specific mandated transactions.

I recently had to send a cheque for £2 for a kids swimming badge. I would hazard a guess that the costs to both my bank and the recipients bank would be a huge % of that amount and hence it is a totally inefficient payment method. 

In today's financial world, inefficiencies are constantly being challenged and ruthlessly removed. Paper statements are being replaced by eStatements and paper bills by eBilling.

The cheque is not a holy cow and will eventually suffer the same fate as all inefficient processes.

Robert,

What leads you to the conclusion that the strong passwords were hacked rather than phished ?

My understanding is that the stronger the password, the harder it is to hack (i.e. guess) and therefore the more likely it is to have been phished (social engineering) or recorded by a key logging trojan or virus.

One of the fundamental issues that should be mentioned here is that people often use the same password on many different sites.

You should always make sure that you use different passwords for your banking sites and your email sites - having one password for low risk sites is not a good idea but probably expedient.

regards

Mike

(P.S. Banks should be standardising on anti-phishing measures in their email)

T-Mobile - retracts paper bill charge

It didn't take long for T-Mobile to feel the pain of this decision.

"We've decided to not charge our customers a paper bill fee for now," the company said in a statement. "Instead, we'll be taking more time to determine the fairest way possible to encourage people to go paperless."

The stick is not always the best way to motivate customer behavior.

eBilling managers will be back to the campaigns and incentives to pull customers towards their online statements.

For many of us involved in the eBilling and eInvoicing industry, the question of a Malcolm Gladwell "Tipping Point" has been the subject of much discussion.

There is a general agreement about the inevitability of the eBilling and eInvoicing - and the key to the concept moving from the minor to the major leagues has been the widespread adoption by SME businesses.

A prerequisite has always been the removal of any regulatory obstacles or even the hint of anything that would reduce the legality of an electronic invoice.

As Bo points out, "With DG Taxud's Equal Treatment initiative" electronic documents are now afforded the same treatment as their traditional paper counterparts.

What has begun with a trickle should now turn into a flood with every organisation moving from paper to electronic billing, especially the SME's.

I'd encourage them to start sooner rather than later - it requires a bit of BPR within the accounting function - but the long term benefits are now tangible and within anyone reach. 

The only loser in this process is the Postal Services - with the USPS proposing a change in the mail delivery from 6 days to 5 days to save costs in the light of a reduction of 9 billion mail items in 2008 alone. 

If there was any indication that email and eBilling is slowly taking hold - this is it.

Yes, The Nordic countries have been very successful at both eBilling and eInvoicing. One of the potential reasons is that the banks became the driving forces behind this from an early stage.

What is not clear is why this model has not been replicated in other countries ? Do you have any insights ?

The UK banking initiative (www.onevu.co.uk) is struggling to achieve the payments that it needs to justify it's costs.

What we have found is that most people will happily receive an email bill without having asked for it - whereas they will not make an effort to register for eBilling and visit the website each month.

Yes - the Nordic countries have latched onto eBilling and eInvoicing with tremendous success. One of the reasons for this that has been put forward is that the banks were a driving force behind the process from early on.

It's interesting that other countries around the world have not been able to replicate the Nordic success - even with a successful model to follow.

In the UK, www.onevu.co.uk is working to gain the traction and mass market acceptance that would make the consolidator 'pull' model a similar success.

But the jury is still out on the push vs pull model. People are just different I guess - and each country has to find what works for them.

We've found that email billing cuts across these cultural differences as everyone tends to use and understand email all over the world.