Banks: Don't Use Twitter For Fraud Notifications

From a Bank Technology News article titled Westpac, Other Banks Use Twitter to Warn of Fraud:

“When Westpac was recently targeted by web crooks, the Australian bank used another online venue to warn consumers, sending a Tweet warning consumers of the crime. The alert was part of a new trend—using social media to publicly expose online fraud attacks in real time—that Anti-Phishing Workgroup Chairman Dave Jevans says can be an effective way to spread security warnings, if it’s done right. Jevans says that if phishing and other attacks are corrupting trust in the email channel, it makes sense that banks would look to Twitter and other social media to alert their customers. By using Twitter, he says banks can warn customers instantaneously, without sending emails that could be construed as a malicious phishing attempt.”

Interestingly, Mr. Jevans is quoted later on in the article as saying that using Twitter “requires banks to be aware of how the Twitter, Facebook and other sites can be used by crooks themselves. Tweets could be used to spread false security alerts, similar to how email is used by fraudsters.” (I love that: “the” Twitter). 

My take: It makes little sense to use Twitter for fraud notifications.

It’s not so much a security issue as it is a numbers game. 

Pew Research Center reported in December 2010 that 8% of Americans use Twitter, and — more importantly — that just 2% of online adults used Twitter on an average day. 

I haven’t seen any studies on this, but I would bet that the average Twitter user sees less than 10% of the messages that come through their Twitter stream. 

More numbers: As reported on

“Less than one quarter-percent (0.021%) of all big bank customers follow their bank on Twitter. That translates to an average of 208 followers for every one million customers. BofA, the largest bank in the study, had 12,315 followers out of its 55 million customers. Wells Fargo averaged one follower for every 8,635 customers.”

For credit unions, “0.65% of members are connected to their credit union on Twitter. That’s one follower for every 155 members.”

Bottom line: Your response rate on direct mail credit card offers is probably higher than the hit rate of reaching customers on Twitter with important messages.

One potential solution to this could be a centralized Twitter account (maybe the CFPB could do something useful, here) that would be verified by Twitter. Banks could notify the CFPB who would then tweet the fraud notification. In this scenario, consumers would only have to follow one account, and would be assured of the legitimacy of the message.


9 thoughts on “Banks: Don't Use Twitter For Fraud Notifications

  1. I agree–this is a numbers game. It doesn’t matter what channel you use-phishers and crooks are everywhere. Using Twitter (or Facebook) doesn’t keep you ahead of the game.

  2. Pingback: Alerts via Twitter? Think Twice on That… « The DigitalMailer Blog

  3. “Marty, you’re not thinking fourth dimensionally!”
    I appreciate the numbers game – where such a small amount of members actually follow on twitter. BUT there are deeper things happening here.
    1. A quick post/alert to Twitter doesn’t just post there – with a widget they can easily hit the front page of a CU’s website – giving visibility to the alert within seconds
    2. Who says a CU would only post to twitter – thus only reaching .65% of membership. It’s just one of a host of communication tools they could use. I have yet to see a CU start tweeting and abandon blog, email, print, lobby postings, one calls, etc.

  4. Bobbie: (I assume you were commenting to me) I wouldn’t expect any FI (bank or CU) to respond just by Twitter. But what I’m really reacting to is the fact that a whole BTN article was focused on messaging through social media. While I think there’s more value (possibly) with Facebook, the hype about Twitter is what I’m trying to address.

  5. Using Twitter widget: Sounds good in theory, but not in practice. Let’s say you send a fraud alert through Twitter and it shows up on the home page. Then your VP of Marketing asks you to send 10 more tweets about different events/news within the following hour. If your customers/members didn’t see it in their tweet stream, and don’t happen to login to online banking (which is usually when people see the home page), the alert gets “lost”. I’m with Ron, much better to use direct mail, email, or a fixed link on the home page. Out of all the choices mentioned, Twitter would be last for something so important.

  6. I would think the overlap of people who follow their SMS texts and those using Twitter is near 100%. SMS is not only just as timely for fraud notifications, but you reach a much larger population in a much less public manner.

  7. An app/widget that posts to the bank’s homepage? Umm, why not just post a notice on the homepage directly?

    As someone who views 30-50 bank/CU websites every day — it looks bad to prospective customers if your bank’s website constantly has some sort of phishing warning on it. It may be a helpful notification for existing customers, but to prospective customers you look like a security risk.

  8. I get it. Getting the message to your members directly is the best way no matter what tool you use. I simply responded to this article that was pleading for cu’s not to use twitter to broadcast messages. My point: why not? Doesn’t hurt anything and it certainly is not the only tool one would use. (Saw your response Ron – I get your point about the hype in the original article sourced).

    I know this is a whole other topic but as for not posting security risks for fear of looking bad: I disagree. Post is as financial education, post it as what to look for to protect yourself. Be transparent that every consumer and every FI has the potential for risk. Speaking as a consumer and not as a marketer – I like knowing my cu is willing to speak openly about serious things and not only trying to push loans.

Comments are closed.