We've got quite a change of pace in the ol' developer track conference room. Chris Murray of ExactTarget is the emcee for the Financial Services Solution Showcase.
He starts by introducing the first segment:
Beyond Deliverability: Consumer Choice & Control
Authentication, Privacy, and Policy
by Craig Spiezle
https://otalliance.org
The Online Trust Alliance is concerned with security in online activity, especially financial services. Spoofed email, phishing, and online exploits are a major challenge for financial organizations that operate online.
Craig said that government regulations are likely to come about in the next few weeks as a result of the identity theft incidents that we've heard of recently. Craig said that the United States is actually behind other parts of the world in consumer production.
Craig discussed extended validation certificates. In order to get one of these certificates, the business must prove that it's registered with a local tax authority. While this can't verify that the business has good business practices, but it does require that the business be a real business. When a business has this certificate, it turns the address bar in your browser green when you visit their site. If the address bar isn't green, you know that it's a spoofed site.
He continued to talk about the business value of authentication. Not only does this help protect your business from being spoofed, but also improves your deliverability.
Of the top 100 financial institutions in North America, only 43% have protections in place for consumers.
Craig talked about the problem with unsubscribe: an unsubscribe link in the footer of the email is required by CAN-SPAM, but consumers are warned not to click links in emails they don't want for fear that they'll alert spammers that they're a real person. An unsubscribe header allow ISPs to render an unsubscribe link in their client so that people can unsubscribe without clicking the "report as spam" link and degrading your reputation. About this time, someone from ExactTarget piped up to mention that ExactTarget email already does this automatically.
Addressing Email Security Concerns
Matt Burton - GMAC/Ally Bank
Matt talked about Ally bank and the fact that its customers were receiving more spoof emails that were pretending to be from Ally as they were receiving from the real bank.
Ally Bank, like many places, would love for there to be a "silver bullet" that would solve the problem, but in fact the best way to protect consumers is with a combination of proactive monitoring, excellent deliverability of your legit content, and customer education.
Governance, while unpopular, is critical. If your company has multiple business units, ALL of them have to have successful security.
Some financial institutions do not include links in their emails, instead telling consumers to go to the website. This is problematic because it requires more copy and results in fewer site hits. Also, this doesn't prevent phishing emails from including links in their emails.
Security tools, such as ISP Phish Blocking and Certified Mail, are available to help prevent risk and increase confidence in your message respectively.
Education of consumers can be tricky. Sending emails that tells customers how to tell whether your email is real might make it look like you're a spoofer trying to set them up to trust fraudulent email in the future. Better to just remain consistent in your sending so that consumers become accustomed to your style and learn to identify spoofs on their own.
To wrap up, Matt recommended proactive risk diminuation rather than waiting for a problem happens and only responding then.
Technology Solution
e-statements at Nationwide
Brian Jaffe - Nationwide Insurance
Nationwide was facing a "statement challenge"--sending statements to customers on email. The address this issue, they created an elegant solution.
Nationwide includes quite a bit of personal information in their emails so that subscribers know that the email must be legit, since a phishing scam wouldn't have access to so much personal information. Watch out for links to log-in pages, since phishing emails like to send very similar emails that direct to their own "login page."
Having a protocol to deal with bounces is wise. In their case, if a subscriber soft-bounces, they put the subscriber back into the paper stream for one cycle and try paperless again for the next cycle. If they run into a hard-bounce, they put the subscriber back into the paper stream indefinitely until the subscriber re-enrolls themselves in the paperless process.
Nationwide's solution is based on the ExactTarget SOAP API. Their OMS (outbound messaging service) is a middleware layer of abstraction that actually sits behind their firewall. Between the OMS and ExactTarget much communication occurs to get the statements out to subscribers.
The content of the eStatement itself uses AMPscript to build the bill by parsing concatenated attributes and dynamically displaying content in appropriate data tables.
Michael Murdza (ExactTarget) took us through the technical aspect of the eStatement data flow. A sophisticated decision tree weave through the Nationwide database and ExactTarget application, using XML, AMPscript, and API calls.
And then the presentation wrapped up, and everyone started getting ready for the evening entertainment. I've really enjoyed live blogging the technology track for everyone today, and I hope you've enjoyed reading as much as I've enjoyed writing it. See you between the lines :)
He starts by introducing the first segment:
Beyond Deliverability: Consumer Choice & ControlAuthentication, Privacy, and Policy
by Craig Spiezle
https://otalliance.org
The Online Trust Alliance is concerned with security in online activity, especially financial services. Spoofed email, phishing, and online exploits are a major challenge for financial organizations that operate online.
Craig said that government regulations are likely to come about in the next few weeks as a result of the identity theft incidents that we've heard of recently. Craig said that the United States is actually behind other parts of the world in consumer production.
Craig discussed extended validation certificates. In order to get one of these certificates, the business must prove that it's registered with a local tax authority. While this can't verify that the business has good business practices, but it does require that the business be a real business. When a business has this certificate, it turns the address bar in your browser green when you visit their site. If the address bar isn't green, you know that it's a spoofed site.
He continued to talk about the business value of authentication. Not only does this help protect your business from being spoofed, but also improves your deliverability.
Of the top 100 financial institutions in North America, only 43% have protections in place for consumers.
Craig talked about the problem with unsubscribe: an unsubscribe link in the footer of the email is required by CAN-SPAM, but consumers are warned not to click links in emails they don't want for fear that they'll alert spammers that they're a real person. An unsubscribe header allow ISPs to render an unsubscribe link in their client so that people can unsubscribe without clicking the "report as spam" link and degrading your reputation. About this time, someone from ExactTarget piped up to mention that ExactTarget email already does this automatically.
Addressing Email Security ConcernsMatt Burton - GMAC/Ally Bank
Matt talked about Ally bank and the fact that its customers were receiving more spoof emails that were pretending to be from Ally as they were receiving from the real bank.
Ally Bank, like many places, would love for there to be a "silver bullet" that would solve the problem, but in fact the best way to protect consumers is with a combination of proactive monitoring, excellent deliverability of your legit content, and customer education.
Governance, while unpopular, is critical. If your company has multiple business units, ALL of them have to have successful security.
Some financial institutions do not include links in their emails, instead telling consumers to go to the website. This is problematic because it requires more copy and results in fewer site hits. Also, this doesn't prevent phishing emails from including links in their emails.
Security tools, such as ISP Phish Blocking and Certified Mail, are available to help prevent risk and increase confidence in your message respectively.
Education of consumers can be tricky. Sending emails that tells customers how to tell whether your email is real might make it look like you're a spoofer trying to set them up to trust fraudulent email in the future. Better to just remain consistent in your sending so that consumers become accustomed to your style and learn to identify spoofs on their own.
To wrap up, Matt recommended proactive risk diminuation rather than waiting for a problem happens and only responding then.
Technology Solutione-statements at Nationwide
Brian Jaffe - Nationwide Insurance
Nationwide was facing a "statement challenge"--sending statements to customers on email. The address this issue, they created an elegant solution.
- Governance - As part of this process, they codified their program for sending emails.
- Preference management - allow customers to specify their preferences. Brian recommends double opt in.
- Billing format - recreate view of paper statement
- Send mode - bulk or single send. You probably batch up your bills, but some might do individual sends.
- Data preparation - attributes or data extensions? what is the unique subscriber key? You need to understand your extremes (what happens if you have an extremely large amount of data?) and your data-display issues.
- Deliverability - decisions about IP and Domain. Learn from your deliverability team!
- Feedback - decisions about bounce management, reply management. If people unsubscribe and then try to sign up, you could have technical problems sending emails. Make sure you understand how your unsubscribes are managed. And be ready to monitor replies, even if you tell people not to reply to a message.
- Inserting marketing messages into transactional emails - CAN-SPAM does allow you include marketing messages into your transactional emails under certain circumstances.
Nationwide includes quite a bit of personal information in their emails so that subscribers know that the email must be legit, since a phishing scam wouldn't have access to so much personal information. Watch out for links to log-in pages, since phishing emails like to send very similar emails that direct to their own "login page."
Having a protocol to deal with bounces is wise. In their case, if a subscriber soft-bounces, they put the subscriber back into the paper stream for one cycle and try paperless again for the next cycle. If they run into a hard-bounce, they put the subscriber back into the paper stream indefinitely until the subscriber re-enrolls themselves in the paperless process.
Nationwide's solution is based on the ExactTarget SOAP API. Their OMS (outbound messaging service) is a middleware layer of abstraction that actually sits behind their firewall. Between the OMS and ExactTarget much communication occurs to get the statements out to subscribers.
The content of the eStatement itself uses AMPscript to build the bill by parsing concatenated attributes and dynamically displaying content in appropriate data tables.
Michael Murdza (ExactTarget) took us through the technical aspect of the eStatement data flow. A sophisticated decision tree weave through the Nationwide database and ExactTarget application, using XML, AMPscript, and API calls.
And then the presentation wrapped up, and everyone started getting ready for the evening entertainment. I've really enjoyed live blogging the technology track for everyone today, and I hope you've enjoyed reading as much as I've enjoyed writing it. See you between the lines :)
ExactTarget Feed
Powered by Compendium Blogware
Comments for Live Blog: Financial Services Solution Showcase