Cause and Effect: If you build it, will they come?

This is an excerpt of an article original posted on Bank Systems & Technology.

Many financial institutions assume that digital banking is lucrative because the most valuable customers happen to bank online. While there is certainly a correlation between online bankers and higher profitability, quantitative evidence suggests that customers who adopt digital banking and develop into active users also become more profitable.

Jason Weinick photo 2014Digital banking tools encourage customer behavioral changes that benefit banks. Offering remote deposit technology can allow financial institutions to create a more engaged experience for their customers and alter their banking behavior. For example, banks may find that customers that use Remote Deposit Capture (RDC) leads to increased deposits due to the convenience of the service and the fact that it incorporate familiar technology. A 2012 Javelin Strategy & Research study mentioned that more than one in four consumers found mobile deposit desirable or very desirable and about 80% of consumers who desired mobile RDC already actively used their mobile phones to take photos.

As customers rely on digital tools for one function, they are primed to move to another. Financial services can seize on this opportunity by actively cross-promoting their offerings to customers who might not be otherwise inclined to adopt new technologies.

Non-digital customers still matter—but the growth is clearly on the other side of the coin. Once a customer moves online, the more profitable they become. The opportunity then lies in keeping those customers engaged with a breadth and depth of online and mobile offerings supported by targeted marketing programs that drive adoption and active use.

For the full article on Bank Systems & Technology please click here.

Jason Weinick is Manager of Analytics with Digital Insight. In this role, he leads the initiative on client profitability analyses, providing banks and credit unions a valuable in-depth look into the value of the online channel. Jason’s background includes 15 years of experience within the financial services sector, focusing on consumer behavior, risk modeling, reporting and financial analysis.

Game On: The Chase for NFC-Enabled Mobile Payments

Banking is serious business for serious individuals and institutions. Financial services are for stable entities in thoughtful, analytical environments. This is real life for the real world. It’s not a video game.

But then again. . .

A couple of years ago, Nintendo earned praise for incorporating some new and exciting capabilities into its new Wii U platform, such as the GamePad, a new controller with a 6.2 inch touchscreen. But there was also something else. In fact, this was the first gaming platform to incorporate Near Field Communication, or NFC.

But that’s gaming. Here’s what it has to do with banking.

First, for the uninitiated, NFC comprises a set of standards for mobile and other devices to establish radio communication through touching or proximity, collectively encompassing a broad spectrum of communications protocols and data exchange formats. We already have quite a few applications taking advantage of these protocols, from contactless transactions to simplified Wi-Fi.

As the industry trade publication American Banker pointed out recently, financial services corporations have long sought to boost the use of NFC services for mobile payments. But as with many other aspects payments, success has been hard to come by. And that’s exactly why hose sober, solid and sensible banking industry types should look to industries such and video gaming—and more specifically companies like Nintendo—for pointers on what to do.

To be sure, there’s quite a bit of success to emulate. The original NFC technology in the Nintendo console didn’t seem to have much purpose, but the company recently that the reader will come to life through a series of NFC figurines that easily interact with many popular games.  Those figurines, incidentally are also sold as action figures; the character equivalents take life in the game, and can follow multiple storylines in accordance with the layers’ preferences.

Here’s one sign of the success. This represents another potentially lucrative channel for the creators and owners of these figurines, including Disney and Activision. The latter’s Skylanders was an original backer of this concept, and the franchise passed $2 billion in revenue earlier this year.

Here’s the point: Consumers can make mobile payments through a variety of channels right now, saving massive costs for the financial services institutions involved. But very few are doing it.  There might yet be large-scale adoption, and the numbers will surely keep growing, but the truth is that technology is a fickle business. We don’t really know why some advances take off immediately and others take time. So far, at least, this one hasn’t.

But we also know that the next generation—the one obsessively playing video games right now—will be opening back accounts soon enough. Those now-youngsters will have absolutely no understanding of a world without millions of mobile apps, and it will be completely comfortable with NFC.

Banking and multi-players games surely make for an odd hybrid, but there are precedents. Innovators such as American Express have been embedded in this market for years, specifically to wean an emerging generation of cardholders. Several telecom giants have also had some success with built-in NFC capabilities.

Today, it seems like a long leap from shoot-’em-up games to, say, mortgage banking. But that’s exactly what innovation requires—a leap in imagination and then practice. Those pesky kids playing games today will be opening bank accounts and making payments tomorrow. We need to find ways to reach them before that.

Ransomware: Now Aiming At Banking Apps

Ransomware: The very word is unpleasant, turning up the seamy underbelly to hardware and software. But it is a real thing, and it’s gotten immensely popular. And now, it’s crashing our party.

Of course, ransomware is still basically malware in that it restricts access to the system it infects. However, it goes further than rival strains by specifically demanding a ransom in order go away. Like other viruses its specific origins are dubious, but there’s no question that this bit of capitalist skullduggery initially gained traction in Russia. True to form, it didn’t stay there long—according to anti-virus vendor McAfee, it doubled in scope in one year to 250,000 unique samples in the first quarter of 2013.

Those with memories of Soviet-era paranoia and Cold War hysteria might remember that there were constant fears of Russian spies sabotaging the U.S. infrastructure. One supposed threat was that those sneaky Russkies would infiltrate the banking system and undermine it, bringing the economy to a screeching halt. Well, it’s a few decades later, and the latest ransomware may not be quite such a problem, but there’s a whiff of those old fears anyway.

So, meet Svpeng. Kaspersky Labs first shed a light on this nasty piece of work last year, when it was still in mother Russia. But in June, a particular breed arrived here in search of Android devices. More specifically, it takes direct aim at mobile banking apps running on those devices and uses them to shut down the phone or tablet. The ransomware then emerges to ask for money to unlock it.

All this is bad enough, but there’s another milestone of sorts here. By some accounts, this is the first major virus to systematically target mobile banking apps. And given that there are more than 100 million mobile banking users in the country, that’s potentially very bad news.

While these are early days and there will surely be other variants, here’s how the scenario currently plays out. Svpeng gets into the device through a coordinated social media campaign, then seeks out apps from a list of blue-chip vendors, such as American Express, Citigroup, Bank of America, Wells Fargo and JPMorgan Chase. And once it’s in there it’s almost impossible to scrub.

The ransomware takes the form of a fake FBI letter that asks for $200 in the form of to be paid through Green Dot MoneyPak cards. (It helpfully suggests outlets where those cards can be bought.) So far the malware doesn’t seem to be stealing bank credentials, but that’s what it did in Russia, so it will likely happen here soon enough.

That fact that malware has become so targeted and proficient is not a surprise, but it’s unfortunate nonetheless. The bigger worry may be that the financial services providers developing and distributing those for the public to use can’t really do much about it—they can perhaps exert some control over customers’ interactions with those apps, and that’s about it.

We’ve known all along that the unbelievable growth of mobile banking would give rise to a new generation of cyber criminals, and it’s happening now. There will be more such attacks not less, and we can’t put the genie back in the bottle, any more than we can take control of our customers’ phones.

There’s no magic bullet here. What we can do, over and over again, is urge our customers to practice greater caution in downloads and communication with strangers. Most consumers still fail to exercise basic security procedures, and a little goes a long way. Otherwise, we’ll all end up paying the ransom.

This Week’s Reads: Digital Channels, Cause & Effect, Millennials

Below are interesting stories the Banking.com staff has been reading over the past week. What have you been reading? Let us know in the comments section below or Tweet @bankingdotcom.

This Week’s Reads: Security, Mobile Banking Malware, ATMs

Below are interesting stories the Banking.com staff has been reading over the past week. What have you been reading? Let us know in the comments section below or Tweet @bankingdotcom.

Customer Service, Modern Style

There are always discussions in our industry about how best to build and maintain relationships with customers, and that’s a good thing. Too often, however, it comes down to forcing a choice between rethinking the branch approach and relying heavily on online and mobile technologies. That’s actually no choice at all—we have to make them work together.

First, let’s acknowledge that despite shrinking numbers, the branch isn’t exactly going away anytime soon. Sure, a whopping 80% of retail banking transactions are now conducted through self-service channels, admittedly including ATMs and voice-driven instructions. However, it also appears that a majority of retail customers now visit the branch at least once every six months.  Those face-to-face interactions are surely important for long-term relationships.

That‘s why, on this blog, we’ve often admired alternative approaches to branch banking. Some institutions have introduced innovations such as teller pods and community rooms, while others have become interchangeable with event spaces with cocktail lounges.  Odd as all this sounds, especially out of context, it’s exactly the sort of new thinking the industry needs to keep customers coming in.

There are plenty of other good ideas in this vein. For example, one institution getting positive interest is Umpqua Bank, which launched over 60 years ago in Portland, Ore., and has since spread quite wide. The concept behind its operation—it calls its outlets ‘stores,’ and goes very far in making the personal experience quite personal—has since been adopted by much larger corporations.

Here’s one sign of its success: Umpqua has gone from four branches in the mid-’90s to 400 ‘stores’ today. There are numerous stories of its commitment to customer service, and it hosts ‘business therapy’ sessions at its stores. (The jokes about the connection to the IFC network comedy show Portlandia virtually write themselves.) This is down-home banking with a billion-dollar payoff.

On the flip side of the equation—but not really, and that’s the point—is the relentless focus on digital tools that ease the banking experience for every customer, regardless of the complexity involved. For example, as mobile banking increasingly becomes the norm, there is ongoing debate about how to develop a mobile web presence to match the flurry of mobile apps. In particular, has the institution done its job if the mobile app links to a ‘traditional’ website, or should there a mobile-specific site option?

To many consumers, this is a discussion that belongs firmly in geek world. For financial services professionals, however, it could spell the difference between success and failure. One potential problem here is a factor that’s always been considered a luxury, the wealth of options. Google alone supports no less than three smartphone-optimized site configurations, and it’s unquestionably a critical differentiation. Add in the other complications: a broader range of forms factor and even operating systems than ever before, the staggering variety  of customized mobile apps (some heavily customized for specific technologies, others with only a mobile wrapping), and of course, the varying levels of technological sophistication involved.

It’s easy to assume that everyone has a smartphone, since everyone we know seems to have one. And yet, according to the Pew Internet Research Project, the reality is very different. As of January 2014, 90% of American adults have a cell phone, yet only 58% of have a smartphone. Yes, that’s not too far over half, which means that a great many consumers can’t get e-mails, receive promotional messages, download custom apps or conduct financial transactions via the phone.

And finally, there’s this. Just because we can do something doesn’t mean we will do it—as consumers we’re fickle, and so are our tastes and habits. We might be notified of a possibility via the phone, follow up later on the PC, ask someone about it at the branch because we’re in the vicinity, then complete the deal on the ATM. You might call it human behavior, but in our industry it’s come to be described as omnichannel banking.

It’s not about the branch or the app, per se. It’s about developing options for each customer-facing channel as it becomes available, then ensuring that they all work together seamlessly. That means it will be increasingly difficult at the back end, but it should be increasingly simple at the front end, for customers. That’s the only way to offer true service.

This Week’s Reads: Mobile Banking Secrets, Functionality, Challenges

Below are interesting stories the Banking.com staff has been reading over the past week. What have you been reading? Let us know in the comments section below or Tweet @bankingdotcom.

Are You Protecting Your Bank and Your Customers?

For the average banking customer, little attention is paid to the security aspect of public wireless networks at banks. Today’s users are so accustomed to attaching to free, public Wi-Fi services that they inherently trust that financial institutions are protecting their data and confidential information.

Contributor, James W. Gabberty

Contributor, James W. Gabberty

However, that is not always true. Often times, financial institutions do not regularly monitor and update their routers which put their wireless networks at risk. As routers are the devices that handle network connectivity, they are susceptible to many of the same anomalies as tablets and personal computers, such as performing sluggishly, occasionally locking up, and much worse, becoming infected with malware. Just like their computer counterparts, routers are usually shipped with an operating system that has been installed by the manufacturer which needs to be occasionally refreshed with an updated version, begging the questions: “how often do banks actually perform this upgrade?” The answer, simply put, is that while some do, others don’t. Why is this so?

One of the primary reasons that financial institutions are loathe to update their routers’ operating systems has to do with the sheer number of routers deployed by mid- and large-sized banks and the common sense notion that when one router is updated, all the rest must likewise be updated, which requires substantial planning and attention to detail (not to mention significant time and money).  While upgrading routers periodically is certainly a nuisance, not performing them en masse would be akin to individual users running disparate versions of the Microsoft operating system and office suites within a company – a seriously problematic proposition since the number of security vulnerabilities would skyrocket.

Many banks also simply don’t have an accurate, updated list of all the routers in their organization, not to mention each router’s individual IOS level and almost certainly, it’s configuration.  Asset management has long been a problem for all companies and banks are no exception.  Corporate policy is frequently bypassed and end-users often connect their own devices (USBs, smartphones, and even routers) into the corporate backbone. While there are security awareness techniques designed to stem the rush of employees connecting non-corporate devices to the company’s IT infrastructure, insider activity is still the number one vector of information security breaches within all corporations. Moreover, since keeping track of all infrastructure equipment is a monumental task – especially since proper change management policies are often by-passed, many firms don’t perform as good a measure of due diligence in terms of patching routers as they should.

Still another reason why router upgrades are problematic for financial institutions is tied to the configuration that many routers have been specifically tuned, or set at.  Internet-facing ports are a time-tested invitation for exploitation from outside the firm and significant time and effort must be expended to ensure that these ports are all closed while simultaneously enabling only those ports that are critical for the firm to operate.  Each time a router is updated, the configuration is lost and must be set again to match corporate policy guidelines; failure to reset the proper configuration causes vulnerabilities inside the firm to reappear.

Understanding some reasons why financial institutions do not invest the proper time needed for router software updates, here are some simple questions for IT security management to simplify the process and ensure protection for wireless networks: (1) Do you have a list of all routers in your organization, the IOS level and the configuration? (2) Have you validated the authenticity of the vendor you purchased your routers from? (3) When was the last time you checked your routers’ configuration and does it match policy? (4) Have you checked that it hasn’t been modified on a daily or weekly basis? (5) Are you logging improper events and staying vigilant? (6) Are you continuously making sure that there are no open ports facing the internet?

Due diligence on the part of maintaining your bank’s many routers can go a long way in ensuring that your customers – and their trust – remain loyal.

Gabberty is a professor of information systems at Pace University in New York City. An alumnus of the Massachusetts Institute of Technology and New York University Polytechnic Institute, he has served as an expert witness in telecommunication and information security at the federal and state levels and holds numerous certifications from SANS & ISACA.

Mobile Banking: The Monetization Code

Mobile banking in its current form—complete with company-specific apps and services to match—has been with us forever, or at least five years, whichever comes first. Either way, in tech years, that’s an eternity. So why does it still feel like the financial services industry us still trying to figure out what to do about this whole mobile thing?

One reason we’re always playing catch-up is that there’s a lot to catch up to. Technology delivers progress in its purest form, which innovations come down the pike on a regular basis. However, mobile advances seem to arrive faster than ever before. There are always new apps, new channels and new capabilities, and far from being tentative about changing too much too soon, users jump from one bandwagon to another with relish. Meanwhile, the servers in the back room have to ensure that it’s all compatible, not mention secure and compliant, and that’s a whole lot more difficult than trying out a free download to see if we like it.

That said, it’s still sobering to hear that we haven’t yet really cracked the code on how best to monetize this phenomenon, if indeed we can. Here’s one indication: “The 2014 Monetizing Mobile Banking for Small Business Customers Study,” a new research initiative from consulting firm Simon-Kucher & Partners, tells us that, unlike consumers, many small businesses are willing to pay for mobile banking services—perhaps a small monthly fee of $5 for peer-to-peer transfers, or to add money to prepaid cards.

It’s good to ask these questions, of course, but shouldn’t we have figured out the answers by now?

For the record, the study also reveals the diversity of the market, which is a nice way of saying that it’s still emerging. Fully a third of the respondents report using mobile banking on a weekly basis, while on the other end of the spectrum 18% say they see no need for such services at all. The numbers are similarly widespread for online banking.

To put this in perspective, let’s understand the basic elements in this equation. First, the only thing small businesses have in common is that they’re small; in every other way, they’re completely different. A corner deli and a dentist’s office might be neighbors with the same number of employees, but their business needs are hardly similar. More to the point, waiting for a mass market in the traditional sense is an exercise in futility. By the time a sizeable segment of the target demographic has adopted a particular mobile platform, channel or app, there are multiple options already available and finding an audience.

It’s not that the market for mobile banking is still emerging; it’s that it will always be emerging. It will never settle down.

So what should the industry do about this? There’s clearly a huge market out there, with banking customers hungry and waiting for capabilities they don’t have, even if they can’t or won’t articulate specific preferences. We’ve covered on this blog how customers are rapidly eschewing branch banking to go digital, and that trend continues with mobile. For example, M&T Bank claims that 65% of its online customer base, some 700,000 customers, have already registered for mobile services, and the numbers keep growing.

However, we might have to acknowledge a harsh reality—waiting to see what these customers want is often a mistake. In a traditional sense, the wise course of action would be to see which specific technologies users prefer, these developing services for those sub-markets. But technology isn’t traditional, and mobile is even less so. This is why following the lead set by others means always being behind the curve.

Trying to stay ahead, meanwhile, means investing in platforms that either don’t catch on or, worse, go from killer app to legacy overnight. It means making blind choices and predictions. It means risk.

So, mobile banking is risky business. But when done right—when the monetizing model is just right—it’s also very good business. It’s up to us to figure out the difference, and we need to do it soon.

Stat of the Week

Here’s this week’s stat of the week, courtesy of the International Data Corporation (IDC) Worldwide Quarterly Smart Connected Devices Tracker.

Do you have an interesting industry stat you think should be featured on Banking.com? Let us know in the comments section or Tweet @bankingdotcom.

Stat of the Week - 6 24