Confusion over bank text message alerts could lead to identity theft

Nov 28, 2011 9:00am


By AllClearId

Vanessa here from AllClear ID.  We recently featured a blog post about the importance of setting bank alerts to prevent identity theft. Often times, the most convenient option for consumers is mobile alerts, which sends a text message to the account holder when their account is charged. 

But what if that text messafe you got makes no sense or is confusing? Unfortunately, that seems to be happening too often, according to a study by Javelin Strategy & Research, which found that banks are still working out the kinks in the technologies they’re trying out on customers. That’s a  major concern because banks want text alerts to be a big part of its communication with you.

Poring over a number of text alerts from various financial entities, ranging from American Express to Wells Fargo, researchers found multiple instances where the content was incomplete, masked by digital signage, peppered with banking jargon, and in some cases, looked like SMiShing scams because the texts included short requests for automated responses from the customer.

"It almost begs the user to give up in frustration and call the call center," Mark Schwanhausser, senior research analyst for Javelin, told American Banker.

Banks are trying to convert us all into "Moneyhawks," the name for customers who use online and mobile banking. That’s because conducting business that way versus talking to a teller is way less expensive.  Mobile banking costs just 10 cents per transaction, while speaking to a teller costs $4.25.

How can you tell whether these text alerts are from the bank or an attempt at identity theft? 

The act of trying to steal your personal information by sending you a fake bank text alert is known as “smishing.” The FBI provided these real-life examples in its alert about smishing:

  • Account holders at one particular credit union, after receiving a text about an account problem, called the phone number in the text, gave out their personal information, and had money withdrawn from their bank accounts within 10 minutes of their calls.
  • Customers at a bank received a text saying they needed to reactivate their ATM card. Some called the phone number in the text and were prompted to provide their ATM card number, PIN, and expiration date. Thousands of fraudulent withdrawals followed.

Here's how to protect yourself from this type of identity theft:

  • Don't share your account information, Social Security number, user name, password or other personal information  in response to a text that looks like it’s from your bank or credit union.
  • Don't call the number listed in the text message unless you have verified that it is indeed the customer-service number of your bank or credit union.
  • Be aware that your smartphone is vulnerable to malware and viruses, just like your computer at home. Install updates as soon as you can, because these updates often contain the latest protection. Also, avoid installing apps from websites you don’t absolutely trust.