Is it time to ditch SMS for critical customer messages?
Like most internet users, you have probably received phishing emails and smishing SMS messages from malicious actors pretending to be your financial institution and trying to trick you into sharing your sensitive information.
Bad actors are devising increasingly sophisticated scams. Nobody with a superhero cape will show up and save your customers from becoming victims of these phishing and smishing schemes. It’s up to businesses to protect themselves and their clients.
Let’s look at why sending critical messages (e.g., alerts, statements) via emails and SMS is fraught with security risks. Then we’ll share how businesses can communicate with their clients securely to eliminate fraud and crime while delivering a seamless and engaging customer experience.
It’s time to reconsider the use of email and SMS for critical messages
Email and SMS have become the mainstays of how businesses, including those in highly-regulated sectors like banks and financial institutions, communicate with customers.
These channels are used to onboard customers, provide support, alert users to policy changes, deliver transaction confirmations, send payment reminders, promote new products, invite clients to events, etc.
By automating personalized communications, companies can improve the customer experience, nurture relationships, and improve loyalty by sending the right messages in the right place and at the right time.
Meanwhile, the asynchronous nature of email and SMS allows customers to respond when it’s most convenient for them. The messages are saved so you can pick up where the conversations left off without missing a beat.
Email and SMS were good solutions for banks and other businesses to send important messages such as account alerts, application status updates, bounced check notices, fraud alerts, etc., to their customers. Until threat actors discovered that these channels are also good for scamming unsuspecting consumers.
Email and SMS have become security risks
Bad actors use phishing emails and texts to carry out social engineering scams, which manipulate victims into sharing their personal data, such as social security numbers and credit card information.
Since it’s easy to come by anyone’s phone number or email address and send a fraudulent message, more hackers are taking this route to hunt for victims. Meanwhile, more financial institutions use SMS messages to verify users’ accounts or send alerts, creating the perfect opportunities for fraudsters to exploit bank customers.
These social engineering schemes can come in many shapes and forms:
- Scammers pretend to be a bank and ask unsuspecting customers to call a number to “verify their identity” and disclose their information.
- Hackers send an alert to tell victims that their accounts got locked down and ask them to click on a link to a spoof website.
- Bad actors say that a fraudulent transaction went through, and the victim has to transfer money back to themselves via a money transfer app.
These examples are just the tip of the iceberg.
The Federal Trade Commission received 334,833 smishing complaints in 2020, more than double those in 2019. Globally, people are exposed to 125% more smishing attempts every three months.
The situation has gotten so alarming that authorities in Singapore require banks to remove clickable links in emails or SMS messages sent to retail customers.
These phishing and smishing scams aren’t just the problem for consumers. Sure, they’re the ones to suffer from the consequences of identity theft or monetary losses. But businesses are also paying the price.
Companies are concerned about the safety of their customers, the liability of fraud, and their reputation. Also, consumers may develop a negative impression of your brand if it’s associated with a smishing scheme.
Meanwhile, as consumers become more suspicious of SMS and email messages from businesses, they’re less likely to respond. You may no longer achieve the same level of engagement.
Businesses must find a secure way to communicate with customers while retaining the benefits of email and SMS messages.
How does your mobile engagement score stack up?
Email and SMS are out. What’s in?
Some governments are stepping in to combat phishing and smishing. For example, Singapore’s Info-communications Media Development Authority (IMDA) plans to require telecommunication companies, banks, and SMS aggregators to register with the SMS SenderID protection registry. But legislatures aren’t likely to move fast enough to solve immediate challenges.
Businesses must take steps right now to protect their users by stopping using those communication channels for critical messages. But what’s a better way to reach your customers?
You can deliver secure customer communications via a mobile app. Instead of sending SMS or email messages, you’d send push notifications to get users to read an alert in the app.
Now you may wonder, is that too much of a leap and will the user experience deter customers from engaging with your business?
More people are aware of the devastating consequences of identity theft. If you educate your customers about email and SMS fraud, they’d be willing to adopt a different communication method to stay safe.
Meanwhile, consider the current SMSes you send—any meaningful messages will require customers to log into your bank’s online portal or mobile app to take action. You’re just putting the message in the app to start, which means you’re eliminating one step and streamlining the user experience!
Why your mobile app should be at the center of your critical customer communications
When customers log onto a mobile app, the encrypted and authenticated channel gives them the peace of mind that they’re indeed sharing information with your business.
The streamlined user experience makes it more likely that they’d engage with your messages promptly. They get a ping that an alert is waiting for them. A fingerprint scan later, they’re in the app and ready to take the required actions, such as approving a transfer, resolving a dispute, responding to a request, etc.
Delivering these operational messages in-app is the best way to stay secure and compliant with privacy regulations. It also gives users the context to understand what they need to do and makes it easy for them to take action immediately.
Mobile apps and push notifications aren’t limited to operational messages. You can also send marketing messages and engage with users when they’re more likely to be receptive to your content.
Most people consider push notifications less intrusive than SMS messaging. You don’t need an opt-in consent to send these messages, and there are fewer limitations to the content (e.g., there’s no restriction to character length or formatting.)
Additionally, these messages are persistent—they’re in the app’s inbox, so users can go back and find the alert or offer anytime they’re ready to take action, increasing their chances of engaging with the message.
Here’s how to take advantage of in-app communications and push notifications to enhance your customer experience:
Create an interactive onboarding flow to help users customize their app experience and drive adoption. Besides walking them through key features, you can prompt them to complete their profiles to get personalized content and offers.
- Deliver value with contextual messaging. For example, if a user receives a fraud alert, you can tell them about the account monitoring service; if they get a low-balance message, you can share information about overdraft protection.
- Send promotions and coupons about your products and make it easy for users to complete the transaction in-app.
Augment the power of push notifications with in-app messaging
Engagement is the name of the game to keep customers using your mobile app. Push notifications are great for getting users to open the app and check their alerts. (If you want to learn more, our guide to mobile push notifications has everything you need to know about push notifications, their benefits, and how they can be used.) But what’s next?
In-app messaging can help you keep the conversation going by following up on the notifications, providing additional information, supporting user onboarding, answering questions, sending personalized offers, or prompting customers to take the next steps.
Pairing push notifications with in-app messaging helps you foster ongoing conversations informed by context.
You can improve the in-app experience, gather user feedback, and act on the input in real-time. In-app messaging allows you to deliver relevant information to drive engagement, nurture relationships, and build loyalty.
Incorporating in-app messaging into your mobile app is easier now than ever, thanks to Sendbird’s easy-to-use chat API. The software supports text, voice, and video communication and is compliant with HIPAA, HITECH, ISO27001, and GDPR—making it ideal for operational and marketing messages for financial institutions.
You can enhance customer engagement in your banking app easily and securely without reinventing the wheel. Get in touch with our team to discuss how you can make in-app communication safe and effective.