Anti-Phishing ProtectionPhishing is a global concern for financial institutions and other billers. When offering customers the convenience of eBilling, Billers also want to ensure that the solution successfully combats the risk of phishing and fraud.
'Pull' eBilling and phishing
Billers who rely on email notifications to drive consumers to their websites will continue to be targets for phishing and other fraudulent activities. The single, most phishable electronic process is to teach your customers to expect an email once a month saying "Your Statement is now ready - click here to view it" which takes the recipient to a login page.
'Push' eBilling and phishing
Striata's 'Push' email bill presentment and payment solution sets, do not require your customers to visit or log-in to any website. The entire contents of their bill or statement is delivered in the email package, which is the primary reason why this 'delivery' process is not susceptible to phishing.
The reality is however, while the actual eStatement format cannot be phished, the process can be copied to look like the billers process. Phishers then dupe people into entering their security details on a false website, via a link in the email.
Are eStatement's stilll safe?
Like Internet Banking, the electronic nature of email statements makes this process a target for phishing.
How to ensure your eStatements are safe:
- Digitally sign all Statement emails to provide Sender authentication. Educate your customers to look for and check the digital certificate.
- Remove any links from your email – it confuses people who cannot tell the difference between a legitimate web link and a fraudulent web link.
- Add an anti-phishing section to the cover emails. This section will highlight why this is a legitimate email. For example: this email is meant for Mr A Sample. Fraudsters will battle to recreate personalized data.
- The anti-phishing section must also say – "never input your ATM pin number on a website". If the phishing email copies the layout specifically, this will raise a red flag to the recipient when asked to input the ATM pin number in the content.
Teaching consumers to differentiate between a valid email and a fraudulent email is critical in the war against email phishing scams.
Striata's eStatement - features:
We encourage our clients to ensure that their customers can easily identify a Striata eStatement:
- Email Statements sent through Striata's application are delivered as an email with the encrypted statement attached.
- The email will be personalized – ie it will contain the recipient's name or business name: Dear Mr A Sample.
- Email Statements sent by Striata have a specific file extension, *.emc or *.pdf - any other file extension for example *.html – is not a valid Striata email statement.
- Striata's email statement will never be linked in any way to your ATM pin. Never input your ATM pin number into any website. Ever.
For further reading – here are two recent articles on our website:
Download this free whitepaper: What fraudsters know that you don't