While BPI has recently released an email notice to all their online banking clients about the recent phishing activities targetting their BPIExpessOnline system (via Ka Edong), yet another one has just surfaced for Equitable PCI Fastnet users.
Consumer education is the key but I believe there could be some minors changes local banks can do to prevent it.
- Do regular weekly/monthly newsletters. These familiarizes online banking users to the email notices and would help them expect (or not to expect) such notices in the future.
- Create a dedicated section in the official bank website enumerating all important email notices sent out to customers. This will allow users to compare what they got from the mail with the one posted on the official website.
- Make a better-looking newsletter layout or alert email format. Aside from branding, it helps the users to be familiar with the look of the authentic notices.
- SMS notices. If an email alert is important, SMS alerts may also be used to verify that an email has been dispatched for full details of the urgent notice.
These are minor changes that can be done easily but will greatly help in the effort to fight phishing scams. Care to share some of your thoughts how phishing scams can be avoided or spotted easily?
local banks are on the planning stage of strong two factor authentication to address this issue aside from customer education which is really hard to do
In the states many of the banks are now issuing “tokens” that generate a unique PIN that is required to complete online transfers. SMS may be a cost effective and efficient way to implement a similar system however if an hacker gets into an account and has the ability to modify the mobile number of record that would defeat the purpose. Tokens may be the best option for now.
A little bit off subject.
To access my account online with my computer I got here a PIN code which is always the same (which is dangerous) in case someone is spying on me.
Most Belgian banks give you a little calculator were you put your PIN number. That calculator generates a new code each time you want to log in your account.
Much safer.
I liked the last one, SMS notice of the email. At least it’s not another spam text.