IMPOSSIBLE TO KNOW WHO TO TRUST
In this scam-rife environment, it is impossible to know who we can trust. Those we trust might not even be who they are, amid rising deepfake scams. An employee in Hong Kong was recently swindled US$25 million by scammers impersonating their CEO on a video call.
And it feels like banks are doing little to dispel doubt, if their cold calls and dubious text messages are any indication.
Banks have taken pains to verify user identity in online transactions, to prevent criminals from siphoning their customers’ hard-earned savings. From two-factor authentication to physical tokens, banks have ensured users are who they say they are.
But these verification methods are one-way when users don’t have the means to verify bank officials. What would help a user know for sure that the Unknown Number calling them is a legitimate bank employee?
The prevailing guidance for customers is to not click on links sent by text or email, and to verify with the bank if the employee really exists. But hanging up on a bank official to check if they’re bona fide, then having no way to call them back, seems like a clunky workaround.
Cybersecurity expert Steve Kerrison wrote in a CNA commentary that businesses need to embrace new technology to give customers peace of mind. Apps like Singpass, for instance, establish trust between customer and vendor by guaranteeing that any information exchanged goes directly into a secure system.
From my limited consumer perspective, it doesn’t seem like a stretch for banks to do something similar. Users already have mobile authentication, where they click on a notification issued from the banking app to confirm their identity. Couldn’t users also request bank officers to verify themselves via the app?
My only hope is that whatever solution banks come up with is simple and intuitive. In the meantime, I’m hanging up on all these so-called bank officers and leaving them on read.
Erin Low is Deputy Editor, Commentary at CNA Digital.