Skip to main content

The cost of being reactive: a cautionary tale for financial institutions

In a small but tightly-knit community, a local bank recently found itself at the center of a highly disruptive bank impersonation scam. Residents, both customers and non-customers, received fraudulent text messages appearing to come from the bank’s phone number. The messages were crafted with alarming precision, instructing recipients to click on a link that led to a spoofed website. Once there, unsuspecting individuals entered their login credentials, which the fraudsters used to access the real banking site. With the two-factor authentication (2FA) code provided by victims, the fraudsters gained full access to many accounts.

This scenario is not unique. These types of scams are proliferating across the United States, and they are shockingly simple for fraudsters to execute. Yet, in this particular case, the bank’s lack of preparedness turned a manageable threat into a full-blown crisis, with far-reaching consequences for both its operations and reputation.

The Reactive Process: A Costly Response

When the bank became aware of the scam, it was forced to go into full reaction mode. Without proactive measures in place, it scrambled to address the issue while facing an overwhelming surge in customer inquiries.
Here’s what unfolded:

  1. All Hands on Deck:
    • Bank staff were pulled from their regular responsibilities to focus solely on managing the crisis. This reallocation of resources disrupted normal operations and created backlogs in other areas.
    • In the first day alone, over 600 calls flooded their customer service lines, with additional emails and in-person visits from concerned customers and non-customers.
  2. Customer Communication:
    • Emergency alerts were sent via email, text messages, and app notifications to warn account holders about the scam.
    • Staff scrambled to post information on the bank’s website and mobile app, explaining the nature of the scam and advising customers on how to protect themselves.
    • FAQs and quick-response scripts had to be hastily created to assist staff in addressing common questions.
    • After-hours phone messages were updated to reflect the situation, adding to the workload.
  3. Engagement with Third-Party Services:
    • The bank worked with its website host and app developers to add banners and pop-ups, but this required urgent coordination, further straining resources.
  4. Social Media and Community Outreach:
    • The bank’s social media team was inundated with posts, direct messages, and comments from concerned community members.
    • The local newspaper was later engaged to help spread the word and reinforce key messages.
  5. Dedicated Support Resources:
    • A dedicated phone line for fraud inquiries was established, and customer service hours were extended. Additional staff had to be deployed to handle the surge in demand.
  6. Guidance for Customers:
    • Customers were advised never to share personal information via text or email.
    • Those who had already fallen victim were given step-by-step instructions to secure their accounts and monitor for unauthorized activity.
  7. Internal Investigation and Collaboration:
    • The bank’s fraud team worked to track potential compromises and identify impacted accounts.
  8. Post-Scam Follow-Up:
    • The bank provided updates on steps being taken to protect customers and prevent similar incidents in the future.
  9. Consideration of a "Kill Switch":  In the aftermath of the scam, the bank considered the idea of a "kill switch" to temporarily disable Zelle and online banking access during such crises. While this may seem like an effective way to stop fraudsters in their tracks, it introduces a host of other issues:
    • Customer Frustration: Disabling online banking services would inconvenience thousands of customers who rely on these platforms for essential transactions.
    • Operational Costs: Shutting down and restarting systems could require significant time and resources from IT teams and third-party vendors.
    • Reputational Risk: Customers may view the kill switch as an overreaction or a sign that the bank’s systems are not secure.
    • Potential Revenue Loss: Interrupting digital banking services could lead to a decline in transaction-based revenue and erode customer trust.

Ultimately, while a kill switch might provide temporary relief, it would likely exacerbate the overall impact of the crisis, creating new challenges and costs.

The Perception Problem

Many customers and even non-customers contacted the bank to alert them to the scam, underscoring the bank’s unpreparedness. The situation painted a picture of an institution that was not in control and needed external help to respond effectively. For a financial institution, this lack of preparedness can erode trust and damage its reputation in the community.

The Proactive Advantage

This example highlights the stark contrast between being reactive and proactive. Here’s how a proactive approach could have mitigated the crisis:

  1. Pre-Education Reduces Panic:
  • If the bank had consistently educated its community about impersonation scams and maintained ongoing fraud awareness campaigns, customers would have developed a heightened sense of vigilance against fraud scams, no matter the method. Many individuals would have been able to recognize the fraudulent text messages immediately.  This could have reduced the volume of calls and inquiries, saving significant time and resources.
  1. Proactive Website Content:

    • Having information about common scams, including text-based impersonation attempts, already published on the bank’s website would have demonstrated the institution’s expertise and vigilance. Customers could have easily referred to this content, further reducing the burden on customer service.
  2. Cost Savings and Efficiency:

    • Proactive education would have minimized the need for emergency measures like after-hours staffing, rushed updates to digital platforms, and media engagement.
    • The bank’s internal processes could have operated smoothly, avoiding disruption to normal operations.
    • Front-line and call center staff would have had readily available resources to reference and share, making it easier and faster to address customer concerns, further reducing strain on operations.
  3. Trust and Reputation:

    • Proactively addressing the risks of scams builds trust within the community. Account holders feel more confident banking with an institution that anticipates threats and provides tools to protect them.

The Takeaway

Financial institution impersonation scams are not going away. They are easy to execute, widespread, and highly damaging. Financial institutions that rely solely on reactive measures will face greater costs, disruptions, and reputational harm.

By investing in proactive fraud education and prevention strategies, financial institutions can drastically reduce the impact of scams, protect their account holders and community, and position themselves as trusted leaders in fraud prevention. The cost of being reactive is simply too high to ignore.

eFraud Prevention

Contact