With the rise of popularity in online banking and app-based financial transactions, fraud and data breaches are two of the most serious issues confronting the financial industry today. In response, password management services such as LastPass, Bitwarden, NordPass, Apple iCloud Keychain, and many others have also increased in popularity promising convenience in not having to remember multiple passwords and security behind it.
Multi-level encryption is used by password managers to safeguard the data they hold and promise a sense of security unmatched by most services. However, it’s crucial to remember – and to remind your customers – that no technology is impenetrable, and there is always a chance that a password manager could be compromised.
Cybercriminals have continued to figure out how to obtain the increasingly complex data of these password management services such as usernames, passwords, and financial information. This has resulted in massive data breaches amongst some of the most popular password managers on the market and causing distress amongst customers.
On top of providing regular financial education on data protection, it’s crucial for you to take action to notify your customers if a data breach occurs in one of these password managers. Here are some preventative and reactive steps that you can take in the event of a breach:
Notify Customers of the Data Breach
Notifying consumers is one of the first and most important actions that you should take in the event of a password manager data breach. This can be accomplished by sending an email, push notification via mobile apps, or letter to all affected customers. The message should include (or have a link to) details about the provider affected, what information was potentially impacted, and suggestions for how the affected consumers can take action to protect their personal data. It’s crucial to make sure the message is clear, succinct, and conveys a feeling of urgency to the customer.
Dedicated Customer Service Line
On top of having a regularly staffed and dedicated customer service line, setting up a separate customer care line in lieu of a data breach that customers may call with queries or grievances may be necessary. Staffing this line with competent agents who can respond to customers’ inquiries, offer advice on data security, or quickly direct them to other departments who can assist can streamline service and drive a positive customer experience. Not all data breaches may require such a step, but having a plan-of-action in place in case of such an event is important.
Credit Monitoring Services
While not always possible, offering or directing affected customers to credit monitoring services is an option that you may be able to take. This will allow customers to keep a close eye on their credit report, alert them if any suspicious activity, or if the creation of any unauthorized accounts are detected.
Having a regularly updated digital library of educational resources for customers to access on how to protect their information is important in playing an active role to protect your customers prior to such breaches occurring. This library should include resources such as tips for creating strong passwords, the complexities of using a password manager, the importance of not sharing sensitive information, and how to identify and report suspicious activity. These resources can help customers become more informed about the latest security threats and can help them take steps to protect their information in the future.
Change Passwords and Set Up Two-Factor Authentication
Finally, following a data breach, you may suggest or offer to change all impacted customers passwords as soon as is practical. This will lessen the possibility of fraud and help prevent unauthorized access to sensitive data, including personal and financial information. You may also advise customers with accounts that don’t already use two-factor authentication to set it up. Anyone attempting to access the account will have to go through an additional step as a result of this, adding an additional degree of security.
Password managers can be a useful tool for customers to safeguard their data, but they are not infallible. Early recognition and providing customers with as much information as possible to safeguard their information not only drive a positive customer experience but speak to the mission and promise of ourselves as industry leaders.
The Financial Fraud Consortium is a membership-based group of industry experts dedicated to identifying, detecting, and helping your business become aware and proactive in protecting you and your business against many types of complex fraud.
Members of the Financial Fraud Consortium gain access a variety of benefits including:
- Access to our library of educational resources webinars, white papers, and alerts
- Networking with like-minded companies
- Leadership opportunities in helping to adopt best practices around risk and fraud prevention
- Visibility as a leader in fighting fraud and decreasing your overall risks