Over the last few years, competitive pressure to offer consumer-focused banking access, as well as opportunities for increased internal efficiency, have led to a surge in text usage across the financial services industry. In fact, major banking corporations like Wells Fargo, Bank of America, U.S. Bank and Chase are all offering SMS text and banking apps to expedite communications and transactions with their customers. While certainly an improvement to convenience and efficiency, financial institutions should strongly consider the potential ramifications of native SMS texting and instead implement a more secure, compliant and equally convenient communication option – secure messaging.
The Rise of Text Banking
Traditionally, banks and other financial institutions are required to call their clients to confirm customer bank account and credit card balances, transactions and amounts before processing anything. This process not only delays transactions and updates for the customer, but also impedes the financial professional with menial tasks that they could be relieved of through a more modern approach.
(Related: What Tech Traps Are Examiners Looking For?)
In addition, today’s consumers expect these retail-like services across the financial services spectrum, as nearly half of millennials want to receive SMS alerts from their bank and more than a quarter are completely reliant on mobile banking apps. With their preference for instant gratification, millennials don’t visit brick and mortar banks or ATMs, but fully depend on their mobile phones to deposit checks, transfer money and pay bills in real time.
Recognizing the inefficiencies of manual processes, in addition to consumer demand, big banks have led the charge to modernize with mobile banking apps and text banking services, which enable customers to perform basic transactions and communicate account information using SMS text messaging. Implementing mobility in banking significantly enhances convenience and efficiency for both the client and the employees, as the majority of phone calls are related to such simple requests that can now be completed in real-time by the client. As a result, it frees up employees to focus on more lucrative tasks.
To keep up with mobile banking demand, smaller financial firms, particularly in specialty areas like private wealth management, are feeling the pressure to quickly communicate with clients over text instead of time-consuming phone calls. For example, a wealthy retiree or busy executive values the ability to communicate with their wealth manager via text, as it provides an increased sense of availability and personalization.
As a result of the rising popularity of text banking, FINRA recently published a regulatory notice that states financial organizations must keep records of any communications made via text messages. However, since native text messaging doesn’t offer this functionality, many firms are putting their customer’s data and sensitive organizational information at risk, opening themselves up for compliance and legal ramifications, or banning use of text completely.
Securing Sensitive Communications
In 2016, financial services became the No. 1 target of cybercriminals, according to an IBM threat index. With the increasing use of text banking, targeted cyberattacks via SMS messages is a growing practice. A typical SMS phishing (SMiShing) scam involves a text alert that appears to be from a bank. The text creates a sense of urgency by saying something is wrong with the recipients’ account and directs them to a toll-free phone number or website, where they are tricked into providing their account and password, Social Security number or other PII. A successful SMiShing attack can result in significant financial and reputational damages to financial institutions and, based on severity, can even put them out of business.
Banning text banking and mobile banking apps, however, does not have to be the solution. While the convenience and efficiency do not outweigh the risk of cyberattacks and compliance violations, there is a way to have both.
Secure messaging alleviates the risks associated with native SMS text, so financial organizations can leverage the efficiency of modern day mobile messaging without risking business information leaks and sensitive data breaches. With an advanced secure messaging solution, the sender maintains complete control of the conversation, the data and its use at all times, preventing unintentional sharing and propagation of information. Further, unlike native SMS texting, secure messaging ensures all texts are captured and archived to the organization’s repository of record for compliance purposes and processes, while removing texts from sender and recipient devices.
For example, a private wealth manager can provide real-time investment advice directly with a client via secure messaging to allow for immediate decision making, much to the delight of the client. In addition to convenience, wealth managers can communicate with confidence knowing they have full control of the information shared, that their clients’ financial information is secured, and that they’re protected from legal ramifications.
Though text banking creates more cybersecurity and regulatory issues, implementing a secure messaging platform allows financial organizations to maintain the convenience of SMS texting while ensuring the financial and personal information exchanged is protected. As the financial services industry continues to integrate texting into their operations and offerings, they must ensure that their text messaging is secure and compliant.
— Read FINRA Issues Social Media Q&A on ThinkAdvisor.