Tuesday Tactics: Opting Customers In to Proactive Fraud Alerts

bofa_logoLast week, I logged into my Bank of America account (checking, personal credit card, business credit card) and the bank used a pop-up screen to gain my permission for proactive fraud alerts (see screenshot below). I’ve been a mobile user for seven years, so it wasn’t like they needed my mobile phone number. And as far as I know, I’d already selected all the available fraud alerts. So it seems that the bank is looking to get more specific permission, and perhaps uptake, to its proactive security communications.

Customers have a chance to choose text message alerts and/or phone calls. Then there is the usual T&C (terms & conditions) to agree to, and that’s that. It took all of 30 seconds and made me feel like Bank of America was watching out for me. So, if this makes the banks lawyers happy, it’s a win-win.

bofa_fraud_optin

 

Mobile Fees: BillGuard Goes Freemium with Integrated Credit Monitoring

 

billguard choices

We are always on the lookout for digital fee income opportunities. And if I got a nickel for every one of them I’ve ever found…I’d have about a buck at this point. Fees in U.S. online banking are rarer than the (not-so) mythical fintech unicorn. And mobile banking fees are pretty much non-existent outside a few remote deposit fees (see previous post).

billguard_main_newBut last week BillGuard demonstrated a promising new avenue for incremental fee income: integrated mobile identity theft alerts, resolution and insurance (see inset). Actual credit report access is not included, but BillGuard says that it is coming soon. The service is mobile only, and the company currently has no plans to add it to the desktop version.

The credit and fraud monitoring is powered by CSIdentity (CSID), an Austin-based firm that says it powers 80% of the retail identity theft protection industry. The company, founded in 2006, has raised $36 million in equity (mostly in 2010) and $6 million in debt

What it costs:
The service is value-priced, at $2.99/mo for the single bureau Pro version or $6.99/mo for the 3-bureau Ultimate. In comparison, most ID protection services are in the $15 to $20/mo range (Experian charges $15.95/mo for a private-labeled version called ProtectMyID with BillGuard). Founder Yaron Samid says BillGuard provides essentially the same third-party monitoring as the $30/mo offering from Lifelock for one-fourth the cost. And with BillGuard, users get credit/debit card transaction monitoring (powered by Yodlee) for free.

BillGuard premium benefits:

  • Credit bureau monitoring (3 bureaus in Ultimate service, 1 in Pro service)
  • Identity restoration services (via call center help)
  • 24/7 call center support
  • Lost wallet recovery
  • Social security number fraud alerts (Ultimate service only)
  • Black market alerts (Ultimate only)
  • $1 million insurance (Ultimate only)

Cardholders are already looking to their smartphones to stay informed of problems in real-time (case in point, BofA just integrated fraud alerts into its mobile app). So it makes sense to deliver extra protections services in-app. Although there is stiff competition from free ad-supported versions such as Credit Karma, we believe integrated protection services are a logical fee-based upgrade for mobile banking customers. 

——–

Screenshots:

BillGuard iOS app home screen includes pitch for its premium ID protection (17 June 2015)

billguard_home

An actual fraud alert I received after signup for for BillGuard Ultimate (19 June 2015)
Note: It was from a breach in November, 2013. I assume I received alert this week since I was a new customer.  

billguard_fraudalert_adobe

Feature Friday: Capital One Helps Users Identify Recurring Charges After Card Reissue

capitalone_mobileCard reissues after a data breach, or lost/stolen situation, are annoying for cardholders. But it’s even worse for the issuer who has to pay for a new card, hound the customer to activate it, handle customer service calls, and then risk losing recurring revenues from now-broken automated pre-authorized charges.

So kudos to Capital One for taking an important step in solving this problem.

Earlier this week I received a new card and number from Capital One, presumably because my card had been involved in a breach. I am not aware of any unauthorized attempts to use it.

In a followup email this morning, the giant issuer reminded me to activate the new card. That’s a fairly typical technique these days. But the help didn’t end there. The bank provided a list of likely merchants where I may need to update card info to avoid the charge being denied (see screenshot below).

That’s great customer service and something I’ve not seen before. But of course I want more. The list I received was primarily merchants where I made one-off payments. Who has a recurring charge with United Airlines? So it needs to be scrubbed better. And it would help to include the most recent charge amount and number of charges to help identify actual recurring charges.

And ultimately, it would be even better if the process was semi-automatic. Let me respond to the email with a simple yes/no response for each merchant indicating if I wanted them to continue the automatic billing under the new card number. Or at least provide links to reduce the friction of the task.

But all-in-all, a welcome improvement.

———

Capital One email to cardholder (19 June 2015)

capitalone_email_recurring_new

 

 

Apple Touches Off First Wave of Mobile Banking Biometrics

image We’ve known this day was coming ever since Apple acquired AuthenTec two years ago for $350 million. That was real money back in the pre-Beats/Nest/Oculus days.

Monday, Apple made it official at its annual developers’ conference: The fingerprint authentication system built into the iPhone 5S (Touch ID) will open to outside developers in the next iOS update (v8.0 expected in mid-September). That means that app publishers, including banks, credit unions & wallet providers, will be able to use it to provide initial authorization into a secure app. 

image The new feature was demonstrated on stage by logging in to Mint (see inset, screen cap tweeted by Bradley Leimer Monday). In the demo, Mint users are prompted to use the touchpad to open the app (the small type says, “Please authenticate in order to proceed”). Users are also given a password option.

Most likely, banks will use Touch ID, as well as other handset-resident biometric systems (note 1) to deliver “read-only” access to data. It’s an approach that’s been catching on around the world even before Apple’s biometric wizardry. Citibank is the most recent to provide a no-login glimpse in its mobile app (called SnapShot), rolling it out nationwide two weeks ago (press release). It’s also used at Westpac (NZ), Commonwealth (AU), Bank of the West, City Bank of Texas and many more (note 2).

For anything transactional, such as a wire transfer, banks will likely require additional authentication (see our Nine Circles of Security).

And of course, these security changes will generally need to be optional for customers until they become commonly accepted practices. Most users are still extremely wary of security on mobile phones, even though it is a marked improvement over the desktop (note 3).

While it’s too early to know if any financial institutions will have it enabled by September, one fintech payment provider, CardFlight, wasted no time, announcing support for Touch ID just a few hours after the Apple keynote (note 4).

—————————

Notes:
1. Celent’s Jacob Jegher showed me his facial recognition login on his Android phone (Samsung?) at last month’s FinovateSpring. Very cool, though he doesn’t have it enabled since it slows up the login process just slightly.
2. Malauzai Software powers more than 90 credit unions and banks alone (post).
3. See our latest report on Mobile Security (March 2014, subscription) for more info.
4. Cardflight will be showing off its latest tools at our first developer event, FinDEVr, 30 Sep 2014, in San Francisco.