Why Phishing Matters

Almost every day I speak with a bank somewhere about phishing. I ask them how much of a threat is it, what are they doing about it, and how does it affect their business. Surprisingly, the answers I get vary quite a bit from one organization to another. Most are concerned about the costs of fraud losses. In the US, due to Regulation E, banks must make customers whole when their account is compromised and funds are stolen. Many banks are also concerned about the costs of dealing with phishing and similar attacks. The overhead costs due to fraud are significant. Call centers, fraud investigations, suspicious activity reports (SARS), and other bank functions are involved in managing fraud. Interestingly, not all of the banks we speak to are focused on the brand and reputation effects of phishing as they should be.

According to a Harris Interactive poll conducted on behalf of Entersekt, 71% of US adults would be somewhat likely to switch banks if they became a victim of phishing. That is significant. According to one author, a reduction of 5% in customer churn can improve a bank’s profits 80%. That strikes me as high, but whatever the numbers, customer churn has a significant impact on the bottom line.

Some other interesting notes from the poll:

• 85% of US adults with banking accounts are at least somewhat concerned about online banking fraud
• 58% of US adults would be at least somewhat willing to take an active role in securing their online banking transactions

– John LaCour