With cybercrimes reaching unprecedented levels and impacting businesses in every industry, consumers are naturally wary of providing personal information online. Financial institutions continually rank among the most trusted organizations with which consumers do business, but FIs can quickly lose their coveted ground if their customers or members lose cyber-trust due to lack of privacy protections and transparency.
Javelin Strategy & Research’s “Cyber-Trust in Banking Scorecard,” which ranked 21 U.S. FIs on consumer privacy, cybersecurity empowerment, and cybersecurity education, finds that FIs that focus on focusing on privacy, empowerment and education for customers and members are the best situated to cultivate trustworthiness and long-term relationships.
Cyber-Trust Defined
What is cyber-trust and why is it important that financial institutions nurture this among their members and customers?
“The relationship between a consumer and the organization that they are doing repeated business with is contingent on trust,” said Suzanne Sando, senior analyst of Fraud & Security at Javelin. “You’re not going to go back and continue to do business with a company that you don’t feel takes you seriously or takes your privacy and your general livelihood seriously. Looking through the lens of financial institutions, they are arguably one of the most trusted organizations, which I think is why building and maintaining what we call cyber-trust is so important for FIs.”
“The impetus for this Cyber-Trust in Banking Scorecard was for us to get a feel for how much our financial institutions in the U.S. are focusing on empowering consumers from a cybersecurity perspective,” said Tracy Kitten, director of Fraud & Security at Javelin. “What’s interesting and ironic about it is that right after our report published, we saw so many institutions putting into motion some of the recommendations that we listed in the report.”
This comes as Congress continues to come down on FIs have responded positively, as they have made changes in the right direction.
How Consumers Define Cyber-Trust
The scorecard revealed how consumers’ trust in their FIs determines consumers’ willingness to surrender personal data. However, the FI must still handle consumers’ personal data responsibly.
“Consumers who trust their primary financial institution are more comfortable than those who don’t trust their FI with cybersecurity-relevant data being collected by their FI,” said Sando. “So, for a further example, of consumers who trust their FI, 62% are comfortable with their financial institution collecting PII (personally identifiable information) versus just 30% of consumers who don’t trust their FI. When that relevant data is being collected, if a consumer trusts their FI and they know what’s happening with that data, they’re OK with it.”
“The important takeaway here is that FIs can interpret this as a level of cyber-trust, but that doesn’t mean that they can just go crazy with collecting customer data,” Sando added. “Only things that are absolutely necessary for business should be collected. You don’t want to abuse that trust because consumers are going to react if they feel like their FI is overstepping their bounds. And that trust is destroyed in an instant when privacy expectations aren’t met. The main point here is that transparency matters.”
Cybersecurity has taken on many forms, including biometrics authentication, and consumers are willing to share physical and behavioral biometrics data to ensure stronger cybersecurity. They are not as closed-minded or fearful as FIs tend to think.
“If a consumer knows that tracking their behaviors and using biometric authentication is going to enhance security, they’re more than willing to share that information and have that information be used about themselves or about their physical being,” said Kitten. “And that’s just something that financial institutions historically have not been super transparent about.”
In fact, consumers are much more cyber-aware these days and are not scared off if FIs use the word “cybersecurity,” Kitten added.
“They want to be educated, they want to be talked to,” said Kitten. “We shouldn’t treat them like children who don’t understand anything about cybersecurity. I think it is one of the bigger takeaways.”
Knowledge about cybersecurity empowers consumers to make more informed decisions about protecting their security, forming a powerful alliance with their Fis against fraud.
“The more a consumer knows, the more they’re going to trust their FI because they have a better understanding of what is out there that’s threatening their privacy, it’s threatening their accounts, their own security,” said Sando. “And that’s why I think when we did the scorecard, that’s the strong foundation of having that protection for your accounts, for your identity, for the fact that you need to have the knowledge to better detect and report scams.”
The bottom line is that the education of consumers eradicates any fear involved in taking the necessary cybersecurity measures.
How FIs Can Bridge the Gap between Service and Cyber-Trust
FIs have an enormous wealth of resources and educational materials at their disposal that are not being leveraged to their fullest potential; consequently, consumers remain in the dark about cybersecurity protection. This can potentially place the cybersecurity of both the FI and the consumer in jeopardy.
“It’s in a financial institution’s best interest to provide comprehensive educational materials from cybersecurity to fraud, scams,” Sando said. “When educational material is actually used by consumers, the vast majority say it’s useful, which is great. But the problem is, many FIs don’t have it organized in a way that is convenient for the consumer. If you look at FIs that use external search functions within their online website search, you’re pulling in a lot of results that maybe aren’t necessary. Relevancy and usefulness are incredibly important for a consumer to find real use from these educational materials.”
Presentation of materials in all formats is important in order to engage with all consumers. Audio and video content will be highly useful, as it is an easily consumable content. It takes more time and effort to sit down and read educational materials.
Kitten added that educational materials should be, “easy to find.”
“If you have all of the educational materials buried deep into the website where no one can find them, they’re not doing anyone any good,” she said. “And we don’t want to have to download a lot of white papers and read them. When I’m working, I find it very easy just to put on a podcast in the background. I like to do the same thing with webinars. I can still check my email, but I’m also able to multitask and it’s just a more engaging way to interact and educate.”
Another highly engaging way to interact with consumers is by using gamification techniques.
“One of the other things that we looked at in the scorecard were interactive fraud and cyber assessments,” said Sando. “And only 14% of FIs were actually making use of gamification through an interactive assessment. They’re arguably one of the best ways to engage consumers because we are naturally curious about our own aptitude. Gamifying this education gives consumers a chance to benchmark their own fraud and security proficiencies. They can get a better sense of ‘where am I at? what do I need to do better?’ It’s not that cybersecurity is scary. It doesn’t have to be.”
Gamification uses both competition and rewards to enhance both learning and engagement.
Kitten added, “And also, it’s a little bit more fun, right? When you make it a game, if you make it a self-assessment, you’re posing questions that consumers might not even think about. They may not think about social media use or how often they’re changing their passwords. If they’re reusing passwords, do they use a password manager? All these things are questions that the FI could be posing in a self-assessment that would help.”
This will ensure that both the FI and the consumer can benefit from having extra layers of security.
FIs should also remember to speak to their consumers in a language that consumers comprehend. Industry jargon should not be used to communicate critical information to customers.
“When an FI has a privacy policy that’s comprehensive, it’s easy to understand, easy to read, in language that we can all take in and understand what’s going on, that is fostering a sense of trust because the consumer understands what is happening with their data, their privacy, and anything that goes along with it,” Sando said. “I think that transparency when it comes to data collection and marketing is also really important to establishing trust. When you disclose the data collection or your tracking practices, it leads to that sense of cyber-trust and -security among consumers because they feel like they have more of a sense of control over what’s going on with their data and that sense of autonomy right there, which leads to independence and a greater sense of satisfaction, which of course leads to cyber-trust.”
“Legalese has to go away, Kitten added. “These privacy policies have to be written in ways that the layperson will understand,” she said. “That’s one of the big things that some institutions are doing a better job than others, but all of them have room for improvement.”
So, what are the implications or consequences for FIs that fail to maintain cyber-trust among their customers?
“I think one last point here in terms of consumer privacy is just the implications of a breach of trust,” said Sando. “If a business is considered untrustworthy and betrays the trust of a consumer, the impact is not that substantial because the consumer probably didn’t have a lot of faith with them to begin with. They weren’t doing a ton of business with this, with this company anyway. But if an FI violates that cyber-trust, that impact of a breach of trust is so much more significant because the consumer had a greater level of trust to begin with. If you want to reduce the risk of attrition, reduce the risk of even just a consumer, maybe taking some of their services away from their FI and finding other sources for this business, you really have to focus on consumer privacy and fostering that sense of trust just within their own data and their own security.”
Cultivating Cyber-Trust
The key takeaway from this report is that FIs must do all they can to reveal to their customers their intentions for collecting their personal information. They must also continue to make cybersecurity education a priority by making it both relevant and accessible to all.
“Be transparent,” Sando said. “Transparency about everything from your privacy policy rights, to the data collection, to how you know you’re using targeted marketing, educational materials, security features that are accessible and easily found for all consumers. Everything has to be made aware to a consumer if you want to foster cyber-trust.”
“Institutions really need to lean into this role of being an educator,” said Kitten. “They’re trusted. They’re deemed to be much more secure than many other industries and businesses. So take advantage of that. Consumers are going to look to institutions for education, for support — take advantage of it and use it to just continually build on the trust that’s already there.”
“Prioritizing education, expanding your topic coverage, making use of all content formats. You want to maximize consumer engagement because anything that gives a consumer a better sense of independence and a better sense of control over their financial wellness as a whole is just going to lead to a greater long-lasting partnership.”