Ouch! What If This Was Your Institution?
My first stop was Digg.com - a web 2.0/social media website. The site receives TENS of millions of visitors each day (Compete.com traffic details). And there it was, front and center on the front page:
Tens of millions of people visit the site each day - these are tens of millions of people with bank accounts.
I was in shock, I could not believe such a headline made front page news on Digg.com. I didn't think anyone would believe me; I had to take a screenshot! OK, OK, I may be exaggerating a bit - however I can say that as much as I visit Digg.com, rarely do I see something that has implications to banking and information security make the front page. Perhaps a very topical story on phishing will make it, but it's rare to see a headline about identity theft with a particular bank being named - albeit a very large bank.
What's that you say? What is Digg.com again? As I stated earlier, technically I would say Digg.com is a social media website, falling into the realm of "web 2.0". More specifically, any person can submit any web page (in essence a headline and short description), and then other users can digg (vote for) the web page. The more diggs/votes the web page gets, the closer the listing moves to the front page. On very, very rare occasions, a web page will become so popular it makes it to the front page of Digg.com, and millions of people will see it.
And I'm not alone. Tens of millions of people visit the site each day - these are tens of millions of people with bank accounts. A little more on the Digg.com user demographics for those interested (from Microsoft advertising):
- 74% are between the ages 18-49;
- Average user household income is $85k;
- 75% are employed full or part-time;
- 90% have been using the Internet 7+ years.
Still not convinced the Digg.com users matter? A whopping 65% of the users on Digg.com seek/post product reviews - way, way above the general online adult population average. Simply put, Digg.com users are major influencers both online and offline, people seek them for advice - perhaps advice on who to bank with. Again, we are talking on average TENS of MILLIONS of users, every day, and many of those users are influencers within their sphere of friends and family.
I'm quite sure Bank of America will get over it; however this type of news can sting quite a bit for a nation-wide institution. Now, I'm not saying I think every community bank and credit union should panic that the next security incident they have will reach the front page of Digg.com. Larger, perhaps nationwide institutions should probably think about it, but the same type of effect can be achieved on a local scale through newspapers, TV, and word-of-mouth.
I was surprised at first to see this story make it to the front page of Digg.com, however, now that I think about it ... perhaps I shouldn't have been. Given recent headlines regarding the financial woes of some entities in the banking industry, along with current initiatives from the banking agencies to combat identity theft, it seems like only a short matter of time before these stories start to appear more and more frequently in major media outlets.
I think identity theft and phishing are only the tip of the iceberg when it comes to the security and privacy issues consumers will begin to consider when it comes to banking. No one wants to be presented badly in the headlines, and no one wants to draw attention to something (security and privacy issues) that can raise concern among customers. But at the same time, by showing that you are being proactive about security and privacy can be a draw for customers. By doing so you can prevent the sting of a negative headline on Digg.com...in other words minimize the word-of-mouth chatter that has such a major impact on your customers' confidence.
My question is: Does your institution care about customer confidence and trust - is security something you tout to strengthen your image?