Skip to Main Content
PCBB Banc Investment Daily March 27, 2014
Banc Investment Daily
March 27, 2014

Inconsistent Security

After being out of town for a few days and upon our return, there was some mail to go through. The good news is that since most of our normal bills come electronically it's not a big deal. The mailbox on the street is not very secure and we'd rather keep financial information away from the eyes of the curious or evil intentioned, so neighborhood kids pick up the mail on a semi regular cycle. Since we travel around for work quite a bit, mail can sit in the box for several days sometimes. After a recent trip, we were surprised to find a brand new debit card in the mailbox, sitting there for several days.
We realize the street address is necessary for a number of levels of security requirements, but this debit thing was strange indeed. Bank statements are received electronically, so they in theory are probably safe. We wondered why a debit card, the most enticing object of theft, would be delivered into a mailbox on a street. We've asked this question of all levels of management at the bank that sent it who says this has been a consistent practice over the years. We have even been told that the bank's service provider cannot mail a debit card to any address other than a physical address, regardless of customer preference or security concerns (or even the existence of a second address like a PO Box). This certainly defies logic as there is really little reason to have a PO Box other than to keep financial information more secure than a box on the street. The question is whether this is a big enough issue to change the banking relationship.
Even more humorous perhaps, is that a new advertising campaign by the bank shows a striking inconsistency. Going to this bank's web site before logging in to online banking, one finds a very witty and well-done sales message. It even has family pictures altered to show a superimposed face of a fraudster. The product being sold is an identity theft program that offers fraud alerts, lost document assistance, credit reports and legal fee reimbursement in the case of identity theft. This is a great product to offer to customers because after the Target situation, people are looking for solutions to protect themselves. It should also reduce liability in the bank if customers experience a theft, plus it no doubt generates some fee income. This is a timely offering given all of this heightened awareness and customer concern over security.
It is pretty ironic however when a bank sends a debit card to a non-secure address. It is even funnier that the bank then follows with an ad for an identity theft protection and card security package that comes with a monthly fee. Given our banking backgrounds, we understand that this inconsistency stems from the service providers that the bank uses for various customer products and services and not the bank itself. We wonder though how others may feel and act, however.
It is probably not fair to armchair quarterback what we'd do with the debit card mailing address issue. After all, we would opine that any bank service provider could probably offer more flexibility than this example exhibits. We would however expect someone in the bank to monitor for consistency between the levels of security of products delivered compared to the bank's sales messages.
The good news is that there is always room to improve, so perhaps it is time to take a close look at the messages you are sending to your customers online and offline to be sure they are not inconsistent with one another. Otherwise your team may be working too hard trying to put a round peg into a square hole.