|
|
Phishing is a global concern for financial institutions and other billers.
When offering customers the convenience of eBilling, Billers also want to ensure
that the solution successfully combats the risk of phishing and fraud. This edition
of eBilling Insight asks, "Are you training your customers to be phished?" and looks
into how you can ensure your eStatements are secure.
Are you training your customers to be phished?
Billers who rely on email notifications to drive consumers to their websites (or 'Pull' eBilling)
will continue to be targets for phishing and other fraudulent activities. The single most phishable
electronic process is to teach your customers to expect an email once a month saying "Your Statement
is now ready - click here to view it" which takes the recipient to a login page.
'Push' email bill presentment and payment solution sets do not require your customers to
visit or log-in to any website. The entire contents of their bill or statement is delivered in the email
package, which is the primary reason why this 'delivery' process is not susceptible to phishing.
The reality is however, while the actual eStatement format cannot be phished, the process can be
copied to look like the billers process. Phishers then dupe people into entering their security details
on a false website, via a link in the email.
Are eStatements still safe?
Like Internet Banking, the electronic nature of email statements makes this process a target for phishing.
How to ensure your eStatements are safe:
- Digitally sign all statement emails to provide sender authentication. Educate your customers to look
for and check the digital certificate.
- Remove any links from your email - it confuses people who cannot tell the difference
between a legitimate web link and a fraudulent web link.
- Add an anti-phishing section to the cover emails. This section will highlight why this is a legitimate email.
For example: this email is meant for Mr A Sample. Fraudsters will battle to recreate personalized data.
- The anti-phishing section must also say - "never input your ATM pin number on a website". If the phishing
email copies the layout specifically, this will raise a red flag to the recipient when asked to input the ATM pin
number in the content.
Teaching consumers to differentiate between a valid email and a fraudulent email is critical in the war against
email phishing scams.
|
 Read more to understand Striata's eStatement features |
|
|
|
 |
 |
ANNOUNCEMENT
|
|
|
|
|
 |
INDUSTRY TRENDS
|
|
|
All phishing attacks, by Top Level Domain (TLD) 1st Half 2010
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
RESOURCES FOR
DOWNLOAD
|
|
|
|
|
|
 |
POLL
|
|
| » |
How would you most prefer to electronically receive your household bills & bank statements?
|
|
Vote here
|
|
|
|
|
 |
RECENT BLOG POSTS
|
|
|
|
|
 |
PREVIOUS INSIGHTS
|
|
|
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
|
About Striata
|
|
Striata revolutionises the way bills, statements, policies, collection notices, letters, payslips and other high volume system-generated documents are delivered and paid. »
Learn more
|
|
|
|
|
|
|
|
|
|
|
|
| NEW YORK |
48 Wall Street
Suite 1100
NY, 10005
USA |
| T: +1 88 88 USAPAY |
|
| LONDON |
88 Kingsway
London
WC2B 6AA
United Kingdom |
| T: +44 207 268 3941 |
|
| SYDNEY |
5/9-11 Knox St
Double Bay, Sydney
NSW 2028
Australia |
| T: +61 (2) 9363 9655 |
|
| JOHANNESBURG |
158 Jan Smuts Ave
Rosebank
JHB, 2198
South Africa |
| T: +27 11 530 9600 |
|
| HONG KONG |
20th fl, Central Tower
28 Queen's Road
Central
Hong Kong |
| T: +852 9132 0200 |
|
|
|
|
|
|
|
|
|
