Banks Want Customers to Take Security Seriously. Here’s How They’re Doing it.

Most consumers overlook cybersecurity — until they are the victim of an attack themselves. That’s why it’s essential for banks to weave security measures naturally into the customer experience.

By Caroline Hroncich

Published on October 31st, 2024 in Customer Experience

Trust plays a key role in driving decision making for consumers. Just about half (49%) of consumers say that a brand’s reputation is a more important factor than price when it comes to making a decision to purchase, according to a recent survey from marketing firm Marigold.

Trust is an even more vital value proposition for banks, which must demonstrate their ability to protect customers’ most sensitive information from the growing threats of cyberattacks and fraud.

Banks, especially large banks, invest billions of dollars per year in security measures. Bank of America, for example, has invested more than $1 billion in cybersecurity alone, including building a team of more than 3,000 staff members to work on it for the bank.

But consumers are often less diligent in doing their part to protect their data. They choose weak passwords, fall victim to scams, and log into their banking app on public WiFi. For these reasons, banks must actively educate customers on fraud and security while integrating tools in digital applications to help them safeguard their information.

"We recognize that our clients are our first line of defense, which is why we have incorporated prevention tactics and education throughout the entire client life cycle," says Jennifer Ehresman, managing director, head of Consumer Client Protection at Bank of America.

-- Article continued below --

But capturing a customer’s attention for five minutes to update a weak password while they’re checking an account balance is easier said than done. Most consumers overlook cybersecurity — until they are the victim of an attack themselves. That’s why it’s essential for banks to weave security measures naturally into the customer experience, Ehresman says. This helps consumers to make smarter choices about their own data, protecting themselves and the bank on whole from vulnerabilities.

"It needs to be in the fabric of the client journey. It has to be an ongoing conversation and it has to be embedded at all interactions," she says. "Whether the client chooses to use our mobile app, or online banking, or to go to the financial center, we want to make sure that both our employees and our clients are well educated and well aware of what to be on the lookout for."

Even though large institutions can dedicate substantial resources to cybersecurity, smaller banks and credit unions can still adopt effective strategies to safeguard their customers. The Financial Brand spoke with bank leaders and cybersecurity experts to uncover practical steps bankers can take to strengthen customer security and build trust in their digital platforms.

"The bigger the bank, the more budget they have for IT management and more exposure," says Todd Doss, managing director of Guidepost Solutions, a security and technology consulting firm. "That’s not to say a smaller bank can’t be just as secure, it’s just they have to put it into the forefront of their business process. It has to be a focus for what they’re doing."

You Need to Zero In on Education

A key part of cybersecurity is customer education. As technology rapidly evolves, it’s becoming easier for customers to fall for phishing attempts or inadvertently expose sensitive information online. This is especially true for older adults, who are often the target of financial scams.

"Awareness is key, especially when we consider our most vulnerable populations, such as seniors," says Sunil Mallik, chief information security officer at Discover Financial Services. "Education can be the gamechanger when it comes to fraud prevention. There are tools like multi-factor authentication that are available to prevent fraud, and we must find ways to highlight these security features with our most vulnerable populations."

"We recognize that our clients are our first line of defense, which is why we have incorporated prevention tactics and education throughout the entire client life cycle."

— Jennifer Ehresman, Bank of America

Experts generally agree that the more you can educate customers and employees about security threats the more likely they are to think twice before clicking on a sketchy email link. The more transparent banks are about their security offerings and best practices for safeguarding information, the more trust they can build with their customers, says Scott Weinberg, CEO and founder of Neovera, an IT service provider.

"Constantly allowing your customers to see that you are being proactive, you are checking up on things, you are reminding them at every single log in, how important security is," Weinberg says. "I think that’s one very positive thing to help at least show their customers that they are being a little more proactive, and then letting them know what measures they have in place."

Bank of America, Ehresman says, also tries to educate customers on red flags that they typically see with fraud. The bank provides tips to customers like being wary of requests that pressure them to act immediately.

"A bank would never pressure a client to do anything immediately in terms of transferring funds out of the account," she says. "If someone asked you to pay in an unusual way, pause and assess the situation."

-- Article continued below --

Whenever Possible, Make it Fun

While "fun" might not be the first word you associate with cybersecurity, banks have worked to gamify security education to make it more engaging. Fifth Third Bank, for example, has gamified parts of its SmartShield product that it began offering in January. SmartShield is a complimentary service that all Fifth Third customers receive when they sign up for an account. It includes 24/7 monitoring, threat blocking, and live support, among other features.

"We show the customer their status, from beginner, to advanced, to exceptional as you enroll in all of these free services. We wanted to help customers understand there was real value for doing this," says Ben Hoffman, chief strategy officer and head of consumer product at Fifth Third Bank.

The bank also includes a monthly three-question quiz for customers that tests their cybersecurity knowledge. Completing the quiz is one way that customers can advance their security score on SmartShield, Hoffman says.

"It’s neat to see how many people do it," he said. "The question is would it be more than the committed few, and we find a pretty high usage rate for re-engagement."

Dig deeper into top technology trends:

Be Open to Collaboration, But Vet Your Vendors

If banks lack the internal resources to maintain a robust security program, it becomes crucial for them to thoroughly vet their vendors. This process should include assessing the vendor’s security protocols, track record, and compliance with industry standards. Vendors that lack tight security protocols could unintentionally expose customer information to bad actors, Weinberg says.

"Hackers are going after vendor relationships at large institutions. It’s not just enough to have a vendor fill out a vendor due diligence forms," Weinberg says.

Bankers should lean on one another to collaborate and help address security threats industry wide, says James Maxwell, chief information and security officer at Amalgamated Bank of Chicago (ABOC). Groups like the Financial Services Information Sharing Analysis Center (FS-ISAC) are a good resource, but banks should seek out further opportunities for industry collaboration,

"We compete on our products, we compete on our rates. But we don’t compete on security," Maxwell says. "When we win the security war, we all win."

The Financial Brand is your premier destination for comprehensive insights in the financial services sector. With our in-depth articles, webinars, reports and research, we keep banking executives up-to-date with the latest trends, growth strategies, and technological advancements that are transforming the industry today.

© 2025 The Financial Brand. All rights reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of The Financial Brand.