Academic journal article ABA Banking Journal

Growing Use of Twitter Raises Customer Security Concerns: A "Friendly Neighborhood Bank in the Twitterverse" Could Be Anybody ... and Anything but Friendly

Academic journal article ABA Banking Journal

Growing Use of Twitter Raises Customer Security Concerns: A "Friendly Neighborhood Bank in the Twitterverse" Could Be Anybody ... and Anything but Friendly

Article excerpt


The increasing number of banks exploring Twitter as a communications channel has sparked concerns over what security issues the online service might pose. Phishing attacks, identity theft, and the potential for privacy to be compromised are among the risks troubling experts in the financial industry.

Twitter, a free social networking and micro-blogging platform that enables users to send and read messages (known as "tweets"), has seen U.S. growth explode past 25 million users.

Banks are finding it difficult to resist Twitter's power and popularity. Hundreds are forging ahead despite security questions.

Keeping account information secure

Banks, including Bank of America and Wells Fargo, are using Twitter to help customers resolve service issues. At least one financial institution, Vantage Credit Union, St. Louis, Mo., provides basic information such as balances and transaction history.

"A number of financial institutions are using Twitter to widen and deepen their engagement with customers," acknowledges Anamitra Banerji, a spokesperson with Twitter. "Many of them began by setting up their accounts and reaching out to users."

Luke Owen with Truebridge, a financial marketing firm, says banks that use Twitter to engage with their customers must be careful.

"If you're going to promote this channel as a customer service tool, you have to understand the risks," he says.

Twitter exchanges between banks and customers about their accounts concern J.J. Hornblass, founder of Hornblass is wary that sensitive information might be compromised, especially if someone publishes their banking details over an unregulated, third-party system like Twitter.

"There are risks for everyone," Hornblass says, "including Twitter."

Owen, on the other hand, hopes that bank customers share the responsibility to protect themselves. "Banks are taking the position that if a consumer is using Twitter, they should know better than to send a message out to the world that includes their bank account or other personal information," he says.

Many banks tell customers to never divulge personal information on Twitter. Some post warnings on their Twitter profile pages, while others constantly publicly tweet reminders, such as Wells Fargo: "When u tweet, make sure u don't share bank account info."

Ed Terpening, vice-president for Social Network Marketing at Wells Fargo, testifies that he's never seen customers share account information in the year or so that his bank has been experimenting with Twitter. "At most, we may see a phone number," Terpening says. "And even then, we advise the customer to delete the tweet."

Fighting fraud and identity theft

One of the biggest Twitter security issues for banks hinges on the authenticity and legitimacy of accounts. How can someone determine if a Twitter account that claims to represent Bank X is truly something Bank X has sanctioned ? For instance, how can Twitter users discern the difference between "Bank of America" and "BofA_Help," both of which are active accounts on Twitter? Which is the bank's official account? BofA_Help may be the one approved by corporate, but how can people be sure?

One way BofA establishes the authenticity of its Twitter account is by cross-referencing their BofA_Help account on the corporate website. Clicking on the link displayed in BofA's Twitter profile takes visitors directly to a special page on its main website that clearly identifies BofA Help as one of the bank's official communications channels.

The concern is that phishing attackers might make a lookalike account with only the slightest change: BofA Helps or BofAHelp instead of the official BofA_ Help. Impostors might try to pry sensitive personal information such as social security numbers--or worse, online banking passwords--from customers. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.