Customers logging into the Citizens Bank site had a problem last week. The online services “were not available at this time,” they were told, and while no reason was given for the outage, it seemed apparent that foul play was involved, specifically a DDoS (Distributed Denial of Service) attack.
This is by no means the only bank to be on the receiving end of such assaults, and Citizens even had more traditional criminal issues to deal with—two of its branches in Philadelphia suffered old-fashioned bank robberies. True to pulp fiction form, one was from a perpetrator wearing a surgical mask, while in the other case the suspect handed a note to the teller demanding money, got away with an unspecified haul and, yes, is “considered armed and dangerous.”) Still, the outage is newsworthy specifically because it captures so many trends of the moment.
First, a spokesperson for the bank politely urged customers to find their way to a local branch—advice that will seem increasingly irrelevant. This has nothing to do with the incidence of bank holdups; it’s simply because the number of branches is dwindling. According to a report from research firm SNL Financial, banks closed 2,267 branches last year while opening only 1,149. That’s the biggest net loss since the firm began tracking closures in 2005.
There’s no single reason for this, of course. The economy at large, competitive factors, government regulation, shifting interest rates, internal priorities—they are all factors in any given trend. However, as even the new report makes clear, many financial institutions are encouraging their customers to move to online and mobile banking.
Which brings us back full circle to the issue of online outages, and the most recent problems in that area.
Any news search at any given time yields a plethora of stories about banks launching new initiatives in the online/mobile space. There are always deals being offered to draw new business, mobile apps developed and released to the market (both consumer and business) and significant investments being made. For everything from infrastructure to customer convenience, this is where the action is right now.
In this context, even a minor outage can be devastating. Customer loyalty can be extremely fickle: Just as retailers have found that the unavailability of a single item can mean the loss of a customer forever (since there are so many alternatives available at the click of a button), banks may find that patrons will go elsewhere because it’s easy to do.
Even the best security measures cannot guarantee that there will never be a data breach. DDoS attacks of the kind apparently experienced by Citizens Bank—which create enormous amounts of fake traffic to a targeted site, temporarily crashing servers and weakening defense—will likely gain in popularity. Customers don’t know or care what the problem is; they’ll know there is one and take their business elsewhere, and tell their friends to do the same (not just through word of mouth but also widely disseminated social media).
In essence, the ROI of any investment in online and mobile banking must involve more than the sum of its parts. There will always be online attacks and outages. The differentiator might be in how the affected financial institution deals with it.