Processing Content
For the past two months, I have been caught in a no-man’s-land between my bank’s fraud and customer service departments.
It started with a weird-looking fraud alert text message, allegedly from my bank, that included odd alphanumeric codes. Knowing how common text-based messaging or smishing attacks are (where fraudsters use text messages to entice individuals to reveal information), I figured it was probably fake, but called my bank’s customer service number to check. A representative assured me there was no reported fraud on my account, and she agreed it was most likely a smishing attack. (I didn’t identify myself as a journalist, so I was treated as a regular customer. American Banker journalists are not allowed to receive preferential treatment from financial institutions.)
Card declined
About a week later, the Saturday before Thanksgiving, I went to the local farmer’s market to pick up a chicken I had ordered. I’m vegan, but as I host Thanksgiving, I had chosen an organic farm that does take proper care of its animals, so that my non-vegan guests would have poultry.
But when I got to the farm’s booth and pulled out my credit card, it was declined. Then I tried my debit card, and that, too, was rejected. I had no cash on me. I felt embarrassed, of course, but more importantly I hated to not be able to pay the farmer, a person I respect who only comes to my area once a week. He let me take the chicken and pay him next time, and I slunk guiltily away.
I went straight to my bank branch. An associate told me there had been suspicious behavior on my account, so my transaction had been blocked and my credit card had been closed. My debit card had also been closed. The branch associate confiscated my credit card and told me I would get a new one in the mail shortly.
Weeks went by. I returned to the branch to ask what had happened to the card and I was told the order for the new card had not gone through, but it would be placed now. A couple of weeks later, still cardless (it’s possible this card was stolen in the mail), I called the bank’s customer service number and found out that my card had been used to make several transactions, including at a McDonald’s — an establishment I haven’t visited in decades — and a merchant that sells caps and gowns for high school graduates (I don’t have any high school seniors in my life). So while I was not able to use my physical card, fraudsters were able to use it. The customer service person guessed that the number had been pulled off a skimming device, perhaps at a gas station. She said she would close out my credit card and I would get a new one in the mail. Over the next couple of weeks I continued to see transactions on my card that weren’t mine.
Finally, about six weeks after Thanksgiving, I received a new card with a new number in the mail. I have disputed the transactions I don’t recognize and the bank has reimbursed me for them. I am keeping my fingers crossed that the fraudulent use of my accounts will stop.
Systems that don’t talk to one another
This experience shone a spotlight for me on the disconnect between branch staff, call center representatives and fraud specialists. These people work in different orbits, apparently with little access to shared data and records. The branch employees looking at my accounts on their screens often looked puzzled, and had to call Card Services to find out what was going on with my card account. A customer service rep I spoke to by phone said she couldn’t get access to my account information at all, and couldn’t see any notes from the fraud department.
Each of the people I dealt with at the bank seemed to sincerely be trying to help. But technology appeared to fail them.
“It’s a massive problem,” said Steven Ramirez, CEO of Beyond the Arc, a customer experience and marketing consultancy for banks.
Banks have been hit with a “massive deluge of attacks that just makes it really hard, really hard to manage” fraud, Ramirez said. “In the meantime, they are trying to send legitimate fraud alerts. It just makes for a really confusing environment.”
Ramirez also said many banks have underinvested in branch systems and platforms as customers turn to digital channels like mobile and online banking.
Old tech, new problems
Old and siloed technology across large banks is a big part of the problem, according to Aaron Ansari, a former risk and fraud executive at Huntington National Bank and JPMorganChase who is now a consultant, investor and fractional chief information security officer.
“As you know, many established banks still run on COBOL-based core mainframes built in the 1970s and 80s,” Ansari told American Banker. “Over decades, they have layered modern apps, fraud detection systems, and customer service portals on top of this old foundation. These layers often don’t speak to each other in real-time.”
Fraud departments often operate as a distinct fiefdom within a bank, he said. “They prioritize risk mitigation over customer experience,” Ansari said. “Branch staff are trained in sales and basic service, while call centers are often outsourced or strictly script-based. They frequently use entirely different software systems. When the branch employee looked puzzled, it was likely because his screen literally showed a generic ‘decline’ error, while the fraud analyst’s screen (which the branch staff couldn’t see) showed the specific ‘smishing’ flag. Two different systems accessing your account and profile, or, one system with basic information for the teller and more detailed information for the fraud analyst.”
The fix is implementing a unified architecture where data is decoupled from the specific departments, Ansari said. “Banks are struggling to manage a chaotic web of third-party software that often prioritizes speed over stability or security,” he said.
In the meantime, customers are also struggling to navigate their finances when banks give conflicting information. In my case, I was able to bring this episode to a close. Many other customers are still out there dealing with similar problems, while bank staffers face tech barriers to helping them.