Credit Unions are at a pivotal moment, as evidenced by the recent McKinsey & Company report. McKinsey submits six imperatives that credit unions must address to secure their future. Generations are changing, and though credit unions are retaining their market share, new account opening is dwindling. Gen Z and Millennials account for less than a third of credit unions’ customer base. These financial institutions should consider moves to acquire new customers in younger generations now to prevent a market share collapse as the Baby Boomer generation recedes.
Online Brand Impersonation has a significant impact on digital service adoption and will prove to be a challenging impediment to attracting younger generations. A subset of the credit union industry relies on inefficient, manual effort to protect their brand online; and the costs of allowing brand impersonation scams to operate may be larger than leadership realizes.
Once the organization becomes a target for brand impersonation scams, the attacks will begin and persist. They may pause at times, but they are sure to return. In this article, we’ll explore why that is the case and how credit unions can use their trustworthy reputations to reduce costs and acquire more Gen Z customers.
Challenges in Online Brand Protection for Credit Unions
Every industry with an online presence is vulnerable to brand impersonation attacks, and as a greater share of commerce continues to digitize, the value of the online brand grows.
The same is true for banking activities across generations. Gen Z is expected to grow from 33.7 million mobile banking users to 47.8 million by 2026. Gen Z must trust a credit union before they decide to open an account there, and research shows that customers will blame the brand, not the fraudster, if they are targeted by a phishing or brand impersonation attack.
To attract a greater market share in Gen Z, credit unions must prevent the attacks that undermine brand trust.
There are six key challenges credit unions face in protecting their customers:
-
- Internal Manual Effort: The credit unions that invest resources in preventing brand impersonation usually do so by assigning the task to an internal team. That team is responsible for searching the internet and social media for spoofs and impending scams. In reality, “detections” will often come from customers reporting a phishing attack. The internet is a vast place, and the scale is not fully conceivable. Searching manually makes locating all spoofs impossible.
-
- Ineffective Takedowns: Once a threat is reported, an internal team must attempt a takedown by contacting registrars, web hosts, and other service providers to request the removal of spoofed content. Any of these organizations likely field hundreds if not thousands of takedown requests at any given time, so repeated follow-ups and consistent effort are required to remove the content quickly. Often, this process takes too long when fielded by internal teams that lack the necessary expertise or relationships. By the time the content is removed, the damage is already done.
-
- Scams Are Inexpensive to Launch: Brand impersonation scams targeting credit unions are often launched using prepackaged fraud campaigns called phishing kits. These kits allow fraudsters without technical skills to customize and launch brand impersonation attacks. These kits can be purchased online, for as little as $50. This gives each individual scam a disposable quality; if one phishing campaign is discovered, it is easy and inexpensive to activate the next one.
-
- Scams Have A Short Time Window: Brand impersonation scams are designed to fulfill their objective quickly and then expire. Because scams are so inexpensive to launch, there is no incentive to maintain a scam over long periods of time. This means that takedown efforts have a very short window of time to be effective. If a takedown request remains waiting in a queue, the damage to your reputation is likely already done.
Hits Where It Hurts: Costs & Customer Acquisition
The costs associated with brand impersonation attacks can be difficult to recognize. Its impact is spread across several key areas. Research shows that banks and credit unions typically spend up to 6.4% of their annual revenue on costs resulting from account takeover attacks and online brand impersonation scams. These costs come from across the enterprise and can include:
-
- Lower engagement in marketing content and a higher cost-per-lead
-
- Increased strain on customer support services due to fielding more engagements related to phishing and reassuring customers
-
- Internal security teams spend on average 9 hours per spoofed website to remove
-
- 38% of victims churn and seek a different financial institution
-
- Higher customer acquisition costs
-
- Digital adoption programs hindered by scam notices
-
- Legal costs of litigation
-
- Purchasing additional domains to prevent typosquatting
-
- Increased marketing spend to repair reputation and negative brand awareness
With such a long list, it can seem fruitless to attempt to combat online brand impersonation attacks, but it is not impossible.
How Online Brand Protection Services Offer Help
There is a critical window of time in which a takedown will be effective in pre-empting fraud. If you can identify and remove the infringing content before the first phishing email, text message, or other invite is sent, you can prevent your customers from ever falling victim.
Internal security teams struggle to complete a takedown in that window for a variety of reasons. Their time is split between multiple responsibilities. They can only find a fraction of the spoofs in operation. They cannot complete all of the diligent follow up necessary for a fast takedown. These limiting factors make it cost-prohibitive or simply ineffectual to complete internally.
Online brand protection service providers, like Allure Security, utilize sophisticated algorithms to crawl the web in search of spoofs. Our technology identifies fraudulent content using machine learning and computer vision, allowing it to evaluate online content as a human would. This allows our solution to analyze content and spot spoofs at scale, far faster than manual human review.
Moreover, our determined team of takedown specialists ensures that takedowns are executed by applying a hacker’s mindset to the takedown process. This consists of exploring every possible avenue for takedown (above and beyond the typical host, registrar, etc.) and following up frequently and diligently with service providers until the content is removed from the internet. In addition, because of the relationships and reputation for accuracy that we’ve built with numerous service providers, we see more expedited response to our requests.
WHAT SHOULD YOU SHOULD DO NEXT?
If credit unions are to bridge the generational gap and win over Gen Z, their brand reputation online cannot be an obstacle. You can find and remove brand impersonation attacks within that critical window of time to protect your brand reputation, if you have the right tools and the right team.
Read our Online Brand Protection Guide to learn KPIs related to protecting your brand and how we approach a website takedown.