Today, Apple held their seasonal keynote event, to highlight new services in a range of categories. You may get a kick out of their Apple TV+ lineup. Maybe you’re stoked about reading all your magazines on your iPhone with Apple News+.
But you’re here for Apple Pay improvements. We are talking about the banking world, right?
It’s a “mobile-first” card, in that you do most of your spending, tracking, and reward redemptions all within the app.
The entire platform lives within the native Wallet app in your iPhone. No more downloading a banking app just to pay the credit card bill.
You can track spending by category, merchant, and even view trends. Payments are simplified, with realtime interest calculations based on what you choose to pay. And rewards deposit daily (they’re calling it Daily Cash) into your Apple Cash account (we’ve spoken about this before).
And the physical card is shiny! (It’s made out of titanium!)
Fabulous metal aside, you care about what the card offers. And is it a threat to your institution?
Spoiler: Yes. Probably.
The Apple Strategy
With more than a billion active devices, any time Apple does something, it matters. Few companies have the ability to affect the behaviors of so many so quickly. I’m not even suggesting you try.
What they did with Apple Card is look at all the pain points within the credit card realm:
Redeeming (and understanding) rewards
Understanding interest costs (and how to minimize)
Getting questions answered
Then they added a bit of Apple touch to align the offering with their mission:
Beauty (it’s subjective, sure, but the card is so pretty!)
The result is a mobile-first, simplified, and streamlined vision of a credit card.
Here’s how they addressed those pain points:
Application: Tap to apply. Done. It automatically issues the digital version, adds it to your Wallet, and that’s it. The physical copy gets mailed.
Tracking spending: The app color-codes spending categories, gives merchants their real logos, and uses machine learning (AI) to decrypt those obscure “IC SPEND A-MERCH 14312” charges (it was the Greek food truck, by the way). It will even show it on a map and link to it on Yelp!
Paying/Interest: Graphical wheel that you slide your finger around to see your payments change, along with the interest accrued. Financial education with a swipe.
Rewards: 3% at Apple, 2% using the digital version, 1% with physical card. Redeems automatically as cash every day (with notation) into your Apple Pay Cash card. Which you can spend at merchants, online, send to friends/family, and more.
Privacy: No merchant gets any details about you on any purchase.
Security: Every payment uses a one-time code (just like any other ApplePay transaction). Suspicious transactions appear as notifications (and can be approved or denied with a tap). A new card is sent out and no changes needed.
Support: Using Business Chat for iMessage, customers can simply text their question to the service. A person answers and helps them out. Through their normal messaging app.
Fees: They don’t have them. Any. At all.
Can Your Credit Union Compete?
That’s a great question. On the surface, no. You cannot create such a streamlined system with the tight integration between bank and provider.
However, all is not lost!
I’ve made a point to talk about partnering in many previous posts. It’s just as valuable (if not more so) today!
Your institution is good at the money part. You might also be great in the relationship area.
But, let’s be honest. You’re not awesome with the technology. It’s a constant effort to keep up with evolving expectations as it is, right?
That’s why you need to partner with companies who specialize in these things. My last post talked about making member communication simple. That’s one of their pain points!
And the most cynical/sarcastic/actually realistic answer to this question:
Sure, because it only works for members with an iPhone. Look at all those Android users you can still attract!
Mobile First = Simple First
You’ll hear a lot of talk about how “mobile first” design is essential. That making services for a computer is immediately alienating your target audience. I’m betting the firms which sell you these platforms will be climbing over each other to talk about how their stuff is so mobile first ready.
It’s not wrong. There’s a lot of value to making sure your offering is accessible from where people are.
However, I want to be clear:
Mobile First doesn’t just mean you need to make sure it works on phones.
Mobile First means that your driving strategy is:
How can we make something so simple, so intuitive, so obvious that members can do what they want in a few seconds?
Apple stepped back and saw many of the traditional challenges in credit cards. Then, they built a system (with appropriate partners) to overcome these “yucky spots”.
It’s about looking at what the real problems are, and how you can address them.
If Edison had only tried to make a brighter candle, he would never have invented the light bulb.
To help illuminate (pun actually not intended, but enjoyed) your best path forward, I encourage you to Subscribe to my blog.
How do you connect with members? Phone? E-mail? In-person? Carrier pigeon? Owl?
Each have their drawbacks, especially the pigeons, since they’re extinct. Who answers their phone anymore, and we all get so much e-mail, standing out is challenging. Not every member visits your branches, and without a letter from Hogwarts, they wouldn’t even know about the owls!
Through my work with credit unions, the medium most favored tends to be e-mail. It’s cheap, relatively easy, and can reach a wide swath of the membership. There are pretty large downsides, though. Many people receive hundreds of messages a day, then there’s the spam. Getting noticed, read, and clicked is a major victory. Despite these challenges, e-mail still makes sense. Just not as the only thing. Here’s where we listen to your marketing team and diversify engagement.
Let Me Just Check This Alert
What communication medium does nearly everyone read promptly, then act upon? Ding ding. You can go check that message…I’ll wait. Yes, text messages. Be they iMessage, Facebook Messenger, WhatsApp, or good-old SMS (that’s the green bubble for iPhone readers), they get read. How can your credit union take advantage for member communication without “spamming”?
As you may know, there are some regulations governing phone number usage (TCPA). You can send a single service notification, but future messages require additional opt-in. There’s more to it, yet with that as a starting point, it sure doesn’t sound like a useful engagement strategy. Or is it? I know where I’m going…to get some opt-ins!
Why Text Members?
Let me back up for just a moment. Why bother texting members? Case studies found recipients of SMS reminders or calls to action acted at a much higher rate than those sent paper notices, phone calls, and e-mails. So if you want to spur members to action, there’s no more effective way than through text. But it has to be relevant. Otherwise, you’re the spam. How do we set the member expectation of hearing from their credit union?
Display your SMS number prominently in branches and online.
Encourage members in all interactions that if they, “Want more from their CU to add xxx-xxx-xxxx to their contacts!”
Are you more likely to read a message from a random phone number or one which has a contact name linked?
Place a widget on your website for members to opt-in their mobile number.
Upon mobile banking sign-in, ask if members have their phone number in their profile.
Provide a vCard download on website (mobile and desktop) so members can add the CU contact information in one click or tap.
Recognize it’s their credit union
Opt-in to receive specific messaging (which has a pre-defined maximum number of texts sent per week/month)
Find value in the messaging,
then it can become a valuable outreach strategy.
Of course, this is only for non-secure marketing and service messages. If only there were some way to continue the conversation on that phone…
Two-Way Texting & More
Turns out, that marketing text isn’t the only thing you can do. A company called Shastic developed Elle, a two-way texting platform for credit unions. What does this enable? Well, for one, your member can answer that text. And your team can respond. It’s like a chat. In a text. Ok, it is a chat. This means your marketing out is now using the same channel as support in. With the ability to easily share documents and other information with your members. And you’re now a 24/7 operation beyond online banking.
Not all your members use that channel (though a huge portion do). And it’s about being ubiquitously available. So, keep your Twitter account active for answering public and DM (direct message) requests. Then, there’s the newest player on the block (for iOS users): Business Chat for iMessage. A few small companies are starting with it now…you know, like Wells Fargo. This platform already supports the exchange of money (ie. buying stuff) using your Apple Pay(or Apple Pay Cash) account (which, if you’re promoting, can absolutely be your cards!).
This article is adapted from my company’s Learning Library, a source of honest insights on a range of industry challenges, products, and opportunities. It’s an estimated 13 minute read. There are two reasons why I’m cool with sharing this article here:
I wrote the original.
The Learning Library isn’t about selling, rather informing, just like here!
Your members have certain expectations of their credit union. A robust checking account. An easy place to accumulate savings. A destination for needed loans. And that’s just the big picture. Even more basic assumptions include:
Money I deposit will be safe
The amount I see is the amount I have
If someone steals from my account through ID Theft or fraud, the institution will make me whole
Are any of these going “too far”? I think we can agree they are universally held expectations. Yet you know financial theft is on the rise, and now may be wondering: “If we make them whole, who makes us whole?”
Great question. And it goes in line with what brought you here: Should our credit union provide ID Theft/Recovery Solutions to account holders?
Since it’s happened to my family (and millions of others), and it sucked, I’m on the side of, “Yes!”. My company offers this as a service through Value-Added Checking (that link goes to a description of the concept, not a product page). It’s something my company cares about deeply, so I feel obligated to share the details with you. Then, after reading, you can determine if some sort of protection makes sense at your credit union. Below, I’ll illuminate some surprising findings about digital theft and what it means for your credit union.
First, let’s look at the realities of financial theft.
Hacks Happen. A Lot.
With more of our lives saved “in the cloud”, the amount of personally-identifiable data on any of us increases daily. Each new service (supposedly) makes our lives easier and more connected. Unfortunately, that also means those who would do us harm have a lot more information to use. It’s not like I’ve ever written about the dangers of bad passwords or anything…
In the Identity Theft Resource Center’s (ITRC) 2017 Data Breach report, they found what you would expect. Breaches are up. A lot. In 2017, 1,579 data breaches exposed nearly 179 million records. If that sounds like a huge number, you’re not wrong.
That’s a 44% increase in number of breaches and a mind-boggling 389% increase in records exposed!
Who can forget the infamous Equifax hack of 2017? In one of the most darkly ironic hacks ever publicized, one of the top credit bureaus lost control of their information. The very company whose business model it is to protect people’s most sensitive personal information. And then, Equifax handled it with the grace of a puppy tumbling down a pile of freshly washed laundry, without all the cuteness.
In a scene reminiscent of an old Seinfeld episode, Equifax took their time even admitting to the hack (and changing the story of its extent numerous times). Then, they set up a special customer assistance web page. Except, they didn’t use their own trusted domain. Nor was it signed with their normal security certificate. And it asked for your social security number, in a mind-boggling faux-pax of internet security practices.
In fact, it looked suspiciously like a phishing site.
So, predictably, within hours, hackers had cloned the support page, and did so well even Equifax staff were forwarding affected customers to the fake site! (Where new groups were able to steal more customer information, thus making the hack even worse)
Things didn’t go well for the vast majority of us whose personal information was now…somewhere.
Is Getting Hacked Inevitable?
Are you connected to the internet in some way? Then, unfortunately, yes. Experts agree it’s not a matter of if, it’s a matter of when. In fact, I was at a credit union industry conference where security had a top focus. Every security expert present offered the following advice: “Have a security breach plan. It’s going to happen. It’s going to stink. But when you have a plan in place, at least you can mitigate the damage faster.” Needless to say, upon hearing these speakers, the room filled with clackering teeth and nervous tics.
As a financial institution, you possess two things which thieves love:
Personal information of people who may also have money elsewhere
So they’re going to try and get in. How does that affect your account holders and institution? And what can you realistically do?
Meeting Customer Expectations While Protecting Your Own Interests
Like it or not, when a member or customer’s account is breached, it’s going to take resources and dollars to rectify. And guess who pays? Let’s watch it play out.
Remember that plan we mentioned above? Now’s the time to put it in action. Your account holders expect you to handle it and make everything right again with their financial situation.
Of course, you know it’s not always easy, nor is it that simple.
There are two ways your customers can experience losses:
Individual account is compromised.
Financial institution’s systems are compromised.
From the perspective of your members or customers, they don’t care what happened; they just want access to their money (see Basic Assumptions from the beginning). If hackers gained access to just a single account, you can lock it down and assist the account holder in resetting passwords, replacing cards, and anything else necessary, as well as reimbursing for lost funds. Keep the idea of reimbursement on the back burner for just a moment.
If it’s not a single account, but rather, the entire financial institution system, the effort needed to get back to normal can be substantial. (Another piece of wisdom from that industry conference: Getting everything back to 100% takes longer than your IT team estimates. They’re working hard; it’s just a lot to do!) Expenses and staff time can pile up as the direct effects of a hack make themselves known. Recovering from backups or other systems adds time and money to an already stressful process for all involved.
After a lot of hard work and cooperation, kudos to your team; the hack is behind you all. Back to business!
Ah, but what about the actual monetary losses from account holders? Whether it was one or many accounts, the expectation is that the money was safe, thus, it has to return! According to a study by Javelin Research, mean fraud amount per individual is $1,038. Yet their total out of pocket loss averaged $48.
No worries, someone else pays…right?
We’re Covered, Right?
No. The buck stops with you. Most institutions write off the dollar losses of breaches and fraudulent access as a “cost of doing business”. While Federal Regulations do protect account holders, liability shifts to the corresponding financial institution.
So how much might you need to pay? Under the Electronic Funds Transfer Act, account holders’ losses are limited based on when the error or fraud gets reported:
Within two business days, account holder loss is $50.
Within 60 days, account holder loss limit is $500.
Past 60 days, the account holder will probably be out the money and any overdraft fees incurred as a result.
Remember the average out of pocket loss was $48. Your financial institution makes up the difference (and often ensures the account holder suffers no losses at all).
And, of course, there’s insurance (or special bonds) to protect you as well. Except… it’s rare for it to apply. According to bank execs we spoke to during research for this article, the deductibles on this coverage are typically much higher than the average account balance.
So your institution simply absorbs these losses.
Additional Costs of ID Theft
Beyond the hard costs of restoration for your institution and/or account holders, the additional “soft costs” of time and resources add up quickly. Things including:
Assisting customers to restore their accounts
The cost of issuing new cards
The time your staff must take to ensure this happens smoothly
Plus, since identity theft affects a wide range of an individual’s life data, there is work involved contacting law enforcement, social security, DMV, loan-holders, and other agencies.
Becoming “Numb” To Financial Security
“Comfortably Numb” is more than a great song. It’s also how many people view protecting their personal information. With massive breaches and individual hacks now a regular occurrence, the general public is more indifferent to them than ever before. In fact, an Experian survey indicates consumers may actually be making it even easier for thieves:
While 84 percent of respondents acknowledge being concerned about the security of personal information online, nearly two-thirds (64 percent) agree it’s “too much of a hassle to constantly worry about securing personal information online.” The majority say staying on top of financial transactions is a challenge (53 percent), and nearly half (48 percent) don’t even check their credit reports regularly for errors or suspicious activity.
So if your own account holders are more vulnerable than ever to these losses, yet the money lost is overwhelmingly borne by your financial institution, what can you do?
Should financial institutions offer ID Theft insurance?
That’s a question only you can answer. Before you do, let’s first look at:
What ID Theft Insurance Covers
What ID Theft Insurance Does Not Cover
ID Theft Insurance vs. Restoration
Proactive vs. Reactive Coverage
Costs of coverage
ID Theft Insurance
Thanks to Federal protections, average out of pocket cash loss is $48 to consumers. That’s why some organizations advise against the purchase of Identity Theft insurance. These services (such as LifeLock) offer coverages from $10,000 all the way to $1,000,000, yet, as research shows, these amounts of liability and losses are extremely unlikely. The real impacts for most are felt in the Restoration process.
ID Theft Restoration
2 billion accounts had personal information stolen. Much of that data was sold to criminal enterprises around the planet, where it is held for varying lengths of time (often to let the monitoring expire) before acting upon it. Depending on how much information is available, fraudsters may accomplish a full takeover or cloning of a consumer’s identity. That opens up a world of criminal opportunities, from new credit cards to pension and social security payment kidnapping!
The first step upon discovering ID Theft is a freezing of all applicable accounts. Recent transactions get reviewed, illuminating suspect transactions. Then, new account numbers (and cards) must be issued. And that’s just for one financial institution.
How many places do you have money saved or borrowed in some form? Each needs to be contacted, along with at least one credit bureau (to put a freeze on any credit inquiries or approvals). Take a breath, because we’re just getting started.
Now that immediate monetary accounts are secure, you need to reach out to law enforcement. Then the Federal Trade Commission, and even mortgage, rental, and utility companies. We’re talking any entity where a consumer has a business relationship.
I wish I were exaggerating. When my family member’s social security number was somehow exposed, not only did they find dozens of fraudulent charges on their credit card, they also saw unpaid bills from their power company for a residence that was not theirs. Yes, a criminal was using the stolen identity to (not) pay for electricity at another home! And this doesn’t include the dozens of new in-store credit cards and accounts at financial institutions unfamiliar to the family member.
Up to 1,200 Hours
Clear your schedule, because this could take a while. According to LifeLock, the average time spent fixing an identity theft issue is seven hours, usually over the course of a day, but up to a month. In extreme cases, people may spend up to 1,200 hours over the course of a year or more resolving identity theft problems. As a popular meme says, “Ain’t nobody got time for that!”
Needless to say, this can become a major source of anxiety, stress, and even time lost from work. As your account holder’s primary (or favorite) institution, they will be looking to you for help. What do you have to offer?
Much of this lost time and resources (for both the people affected and your institution) can be avoided with a proactive, resolution-based ID Theft insurance system. How?
What’s the difference between Proactive and Reactive?
I’ll answer with another question: What’s better, dealing with fraud after it happens or just stopping it at the first sign of a problem?
Not a difficult answer. Stopping fraud before it causes problems is the objective of Proactive programs. Monitoring tools run 24/7, catching suspicious activity as it happens, then notifying the individual through text message (SMS), e-mail, and even phone alerts in the moment. This prevents most damage from taking place.
A Reactive program simply provides tools to check credit bureau reports and other personal information, along with a variety of tips on keeping their personal data safe. With no constant monitoring, a problem gets discovered because something already went wrong, making restoration a greater challenge.
No matter which coverage an individual has, both provide assistance in the event of fraud. However, the degree to which they get you back to normal depends on the naming: “Restoration” or “Resolution”.
Which is better? Resolution or Restoration?
This is a trick question, right? Unfortunately, it’s not. While both work towards the same outcome, each have a unique approach.
The Resolution approach is more DIY and generally includes advice and a step-by-step process for the consumer. There is no dedicated person at the company assisting, however, they may offer customer service to answer questions.
With Restoration, the affected individual works with the ID Theft insurance company. Typically, a specialist gets assigned to their case, and that person will help them with the legwork…the calls, communications, and paperwork necessary to ensure their identity is fully restored.
No matter which approach a person chooses, costs incurred by them during the process can be reimbursed by the insurance company (up to stated limits).
What Does ID Theft Insurance Cost?
As we covered above, premiums can vary greatly depending upon the coverage chosen: whether it is Proactive or Reactive, if it is for Restoration or Resolution, and what the limits are.
Due to the importance of having as many account holders covered as possible, over 600 financial institutions currently integrate ID Protect (Full disclosure: My company offers this product.) into their Value-Added Checking. This is blanket coverage, available at a fraction of the cost of any retail plan, and is generally part of a revenue-generating benefit bundle tied to your account holder’s checking account.
What ID Theft Insurance Does For Your Institution
Relieves hard and soft costs to your institution
Helps prevent instances of fraud
May shift restoration responsibilities to insurance company
To me, ensuring your account holders have peace of mind is well worth the effort. Plus, your own institution saves staff time and money. Also, if you offer it as part of a Value-Added Checking program (whether it’s provided by my company or someone else), it helps differentiate your credit union.
Learn Even More
My company has a Learning Library where we discuss this and other topics. Think of it like this blog, except with more detail on your products, better answers, and fewer (blatant) geek references. I’m here to help illuminate challenges to credit unions. The Learning Library dives deep into everything so you get honest insights without jumping site to site.