A bank in Asia offers customers two primary routes for credit card activation: either via SMS or through its mobile app. While these methods work, they raise essential questions about security and privacy. In the modern era, where digital transactions are indispensable, safeguarding customer data is equally critical as the services or products offered. Therefore, financial institutions must strike a balance between user convenience and robust security, especially in key customer journeys like card activations.
The bank presents its customers with two distinctive methods for credit card activation: by sending an SMS or digitally through its mobile app.
Analysing the Risks in SMS Activation
Sending a full National Registration Identity Card (NRIC) number via SMS is the first activation method that the bank presents. Although convenient, this SMS-based approach poses significant security vulnerabilities:
Opting to utilise SMS as a conduit for activation might seem like a convenience. However, it comes with its array of vulnerabilities:
- Transmission of Sensitive Data. SMS is not a secure channel. Sending a full NRIC number via text could expose customers to data interception by malicious entities.
- Encryption Gaps. Unlike encrypted messaging services, SMS lacks end-to-end encryption. Consequently, the data is susceptible to unauthorised access.
- Industry Norms. Typically, banks require only the last four digits of the NRIC for verification. So, transmitting the full number is both unnecessary and risky.
This method of SMS activation with full NRIC number is not without security risks:
- Identity Theft. If someone malicious intercepts the SMS, they could potentially use the full NRIC number for identity theft or other fraudulent activities.
- Misuse of Information. The full NRIC number, along with other personal details, can be used to unauthorised access to various services or platforms.
Online Activation: Is It Safer?
The second method involves the bank’s mobile app or website, requiring users to enter their card’s expiry month and year. While online platforms usually offer better security features like login encryption, there are still downsides:
- Sensitive Information. Although less sensitive than a CVV or the last four digits of the card, the expiry date still merits protection.
- Fraud Vulnerability. Fraudsters may find it easier to guess or obtain the expiry date, making the card susceptible to unauthorised transactions.
These lapses could give rise to data breach and fraudulent transactions:
- Data Compromise. If a fraudster can guess or obtain the expiry date along with other card details, the risk of the card information being compromised increases.
- Unauthorised Transactions. With the expiry date and potentially other card details, a fraudster could carry out unauthorised transactions, leading to financial loss.
Enhancing Security in Customer Experiences
- Building Secure Customer Journeys. For businesses focusing on customer experience, integrating robust security measures into every interaction point has never been more critical. From account activation to transactions, customer trust hinges on strong security protocols. Therefore, creating environments where customers feel secure and confident is essential.
- Developing Secure Processes. Moreover, processes aimed at protecting customer data from emerging threats should be robust, flexible, and primarily focused on customer safety. In doing so, we contribute to building a reliable and secure customer experience, thereby securing the customer journey in card activation and beyond.
Conclusion: Building Trust Through Secure Experiences
This example underscores the need for strong security measures in key customer journeys like card activations. Businesses must take a proactive approach in developing secure platforms and practices, laying the foundation for trust and reliability in an ever-changing digital landscape. Thus, securing customer journey in card activation is not just a compliance measure, but a cornerstone in building long-term customer trust.
related articles
Navigating The Digital Tightrope: Balancing Security With Customer Experience