June 25, 2016
It seems like every week we hear about another data breach. The industry is buzzing about EMV chip cards and tokenization to protect from fraud. But what are we doing to protect our bank accounts? I read an article recently about a FinTech security journalist and how her bank account got completely wiped out overnight. This is an industry expert who knows a lot about cybercrime and how to protect her information. Even armed with all this knowledge, she still became the victim of a hacker. Most people do not realize that their bank account has been hacked until it becomes overdrawn. Unless you login and check your accounts daily you may be completely unaware that funds are being withdrawn without your consent. For the average person, the problem is really complacency. We have simply become too comfortable with the idea that credit card companies or banks will protect or reimburse us if anything happens. We set up online accounts and generously provide our personal and financial information. What we seem to disregard is that there are serious side effects to these breaches – even more so with bank accounts.
For bank accounts, the serious problems start when your account and routing numbers are stolen. Think about the amount of funds that get automatically deducted out of your bank account each month. For each one of these deductions, there is likely an account in the cloud or on a server somewhere that contains your financial information. Sometimes, the fraud can occur slowly over many months deducting small amounts of money. Unless you are watching your accounts closely, you may never notice this happening. In other cases, theft can occur in large chunks and so quickly that you can’t catch it until you notice your account is empty.
You call your bank and report the fraud. This can take hours of verifying transactions. In the meantime, checks or other deductions continue to come in, causing your account to be overdrawn and the fees start to pile up. This can mean fees on the bank side and on the vendor side. The customer service representative recommends you close your account to protect yourself so you can start over fresh. Now, the race is on to update all your banking information with the companies that you pay each month before any of them try to use your closed banking information. For some deductions, like insurance and financial institutions, this may actually require a signed physical form before the change can be made. It can take days, or even weeks, to get everything cleaned up and it is very likely you will never recoup all of the fees or losses.
So how can we protect our bank accounts? Why not use authorized recurring billing? This could be a feature that is offered or provided by the bank. Before any deduction can be made from your bank account, you receive a notification on your phone asking to confirm or deny the transaction. There might even be an option that says ‘delay one day’ or ‘one week.’ The confirmation could be biometric, PIN-based or any other unique identifier. With authorized recurring billing, both the individual and the bank are protected with multifactor authentication.
For authorized recurring billing to work it would have to be practical. An individual would not want to approve every transaction since certain charges would always be approved. For example, a mortgage or loan payment could be set up to be paid without approval. This could be done with a toggle on the control device (your phone). The first time the charge comes through the user could select No Approval Necessary and future charges would be completed without authorization. This may seem like a hassle in the beginning, but once it is setup, you will be in complete control of the funds in your account. This same application could also be used to prevent debit card fraud. If a transaction occurs that is considered a card not present charge, then the user could have the option to approve these charges before they are completed. This would significantly reduce the possibility of online fraud from occurring with your debit card.
The ability to authorize a transaction may seem like a hassle today. However, with the increase in cybercrime these days, we can’t always rely on someone else to protect our accounts. The future of digital payments will rely on our ability to make them securely. With approved transactions using multifactor authentication, the control of financial information will finally be returned to the user. And that’s the way it should be.