My Bank Called. I Thought It Was A Scammer

The Trust Problem in B2C Communications

Phone call from a scammer
Image Licensed from BigStock

I walked into my bank last month, unsure of what to expect. I’d gotten a communication from them about one of my accounts. I assumed it was a phishing scam, but maybe it wasn’t. It’s not safe to call back the number in a phishing voicemail — it might go back to the scammer. It’s not safe to click a link in a potential phishing email — it goes to a site that looks like (but isn’t) your bank.

My bank had my phone number and my email address. But it didn’t matter. There was no trusted path for them to get in touch with me. For every real communication I get from them, I get 10+ phishing or scam communications. I can’t trust any of it. So I walked into the bank, in person, to straighten it out. Just like they did 145 years ago, before Bell invented the telephone.

Phone, Text & Email Have an Architecture Problem

Phone, text and email all work the same way. Everyone who contacts me, uses the same address. The email address I give my bank, my fitness center, and my best friend are all the same. The phone number that my mother uses to call me, also gets 1000+ robocalls per year.

In normal conversations, we have a workaround. We look at the CallerID or return email address before deciding to take a call or trust a message. It works, because I know what phone number my friend Shane is going to call from. I also know enough about my friends & family, that in just a few seconds I’d be able to pick up on someone pretending to be any of them.

trust spelled out in scrabble tiles
Image licensed from BigStock

There’s No Trusted Address for Corporations

But corporations have embraced the exact opposite approach. I have no idea what email address my bank will use to contact me, or what phone number they would call from. It might be different each time.

And you get a different person every time you call, text or email. Even when it would seem easier to build a relationship, corporations are running the opposite way.

Look up the phone number for my bank branch in Tennessee and call the local number. Guess what? The call gets routed to a big call center in Alabama, and you’ll never get your local banker on the phone — even if you’re on a first name and face basis at the branch.

Corporate Tripwires

Corporations have also created tripwires — communications they send, where there’s a penalty for not responding. Did you make an appointment with a doctor or an HVAC company, and take a personal day at work to be there?

Hope you responded to the appointment confirmation text — if not they might give away your appointment slot.

Suspicious transactions on your credit or debit card? Better be quick to respond to your bank’s communications, or you can get stuck paying the bill.

Corporations have set the expectation that communications from an unknown address and unknown employee are binding on the consumer, and penalties will be harsh for ignoring them. After all, the consumer gave out their email address and phone, right?

Image Licensed from BigStock

A Fertile Field for Scammers

All of these corporate policies, put together, have created the fertile field for scammers that we see today. Consumers feel they have to respond to communications from an unknown address, and unknown employee, or they will face harsh consequences.

63% of Americans are living paycheck to paycheck, and they can’t absorb that unauthorized $975 iPhone purchase. They can’t take an extra day off work, when their original appointment with the doctor or the plumber gets cancelled. They’re living right on the edge.

And we all know what happens — so many scammers appear, that you can’t tell the real communications from the fake ones. Now everyone’s living in constant, low-level anxiety that they missed the one call or message that was real. Or gave your info out to a scammer.

What Can Companies Do Now?

Companies that solve these trust problems will generate customer loyalty and avoid being commoditized. Let’s look at a few strategies that can work.

Image Licensed from BigStock

Use Tech to Build Relationships, Not Destroy them

For the last 30 years, B2C communications have been designed to get rid of the relationship between the customer and any particular employee of the business. Every call or support ticket is routed to the next available agent. A customer never talks to the same employee twice.

Modern contact center technology could easily be changed to assign a customer to an agent on Day 1, perhaps even based on factors like location and demographics. That’s your contact as a customer, and whenever possible that’s who you will deal with. Over time, the customer develops a relationship and some context with the employee. You spend less time authenticating each other, and more time solving problems.

“But we have too much turnover in our call centers!!” say the employers. Maybe the turnover is caused by arranging your technology to destroy all the interpersonal relationships?

verified spelled out in scrabble tiles
Image Licensed from BigStock

Have a Trusted App For Critical Messages

A few banks and brokerages have a well-designed App for consumers to install and authenticate with. Messages that arrive in the App are real. Anything else (phone, text, email) the consumer can safely disregard — those are all scammers.

The App provides a trusted source for communications to customers. It also provides the consumer with a trusted place to send replies and even place voice and video calls.

The main issue with this approach, is that consumers deal with 150+ vendors in their daily lives. There’s a limit on how many different Apps they will want to install.

Have a Trusted URL For Critical Messages

The simplest and most robust approach is for banks and other vendors to give consumers a unique, encoded URL on Day 1 where that user’s critical messages will arrive. If the message arrives there, it’s real. Otherwise, it’s fake.

Because of the way DNS works, it’s pretty hard for the scammers to pretend to be

If you bookmark that link, store it in your Contacts, or even write it down on a Post-In Note, it’s hard to spoof. The key is — you’re not clicking a link that comes later in an email or text. You’re getting the link on Day 1, and it stays the same over the life of the customer relationship.

Mixing Apps and URL’s

My prediction is that you’ll start to see general purpose Apps where you subscribe to communications from the vendors you deal with.

Inside one communication App, you might subscribe to your URL’s from Bank of America, Pacific Gas & Electric, and a few dozen more. One app, trusted connections to many companies.

Jesse Hercules Headshot

Written by Jesse Hercules

Published May 3, 2021