Credit cards – Target Marketing

As agencies, we often receive and have our clients’ credentials for all sorts of sites—email automation applications, FTP servers, hosting accounts, social media accounts and more—but do you provide your client with adequate protection, including how you receive it and how you share it internally? I bet not.

Agencies are rarely able to focus on the solitary task of architecting email campaigns; a good multitouch campaign will have social media, press announcements, landing pages, web pages, microsites, shopping cart pages and more. If that is a typical effort, we must gather, store, access, share, update, change and protect our client user names and passwords for:

Twitter
Facebook
LinkedIn
Email-automation application
Press-syndication application
FTP
Host provider
cPanel
WordPress administration
Plug-in administration
PayPal
Google Analytics

Some of these are extremely sensitive sites representing great financial exposure to the client. Yet, it’s common for clients to email their log in credentials with not so much as a second thought.

We need to invest in education—internally and externally.

I asked a client today for their PayPal credentials so we could configure their payment gateway and requested the user name by email and the password by text to my phone. I received both the user name and password in the same email and the password was—I kid you not—her first name. I wrote back and asked her to log in immediately, change the password to something VERY hard, and resend via TEXT. I explained the financial risk associated with emailing passwords to sites such as this, which has direct access to the company’s bank accounts.

She texted me the new password a few minutes later. Her first name followed by 1234. What’s worse, it’s the same password she was using at all of the company and her personal social media accounts, the company hosting account and the company’s main email.

I could only sigh, log in and change the password myself; which I did, and then texted it to the business owner.

In a conversation about this with my 30-year-old son (yes, a gamer/hacker), he pointed out to me this is an issue of semantics. My client’s understanding of a difficult password and my understanding differed (substantially). Thus when I requested a difficult password, she believed adding 1234 created sufficient security.

Many hackers make no attempt to guess passwords. They go the easy route of grabbing your password during a security breach. Think back to recent news when Adobe servers were hacked and millions of email addresses and matching passwords were stolen. If your client is (or you are) using that same email address and password for accessing other accounts, then the hackers who attacked Adobe may well now have access to your bank account, your credit cards, and so much more.

When we ask our clients for their credentials and do not enable them to provide this to us securely—and compound the problem by forwarding those unsecure emails to our team—we increase the risk to and potential losses of our clients.

Here are some ideas for helping your clients protect themselves:

Texting Passwords
As I pointed out earlier, sending the user name via email and the password via text is helpful. As we’ve learned from Target, Adobe, Snapchat and others, nothing is failsafe, but though you cannot prevent hacking or interception, you can certainly throw in a few roadblocks to make it more difficult. It’s akin to parking your car after dark under the street light.

Pattern and Unique-to-site Passwords
Many people use the same password simply because it’s so difficult to remember multiple logins. Several years ago, I read a great blog for creating passwords—it’s one we still use today, and one we teach our clients. It provides for a different password for every account and website, and gives an extra layer of security, even if someone does manage to hack one of your accounts or access your credentials from an unsecured server. Shared here:

Choose the number of alphanumeric digits you will use for all passwords. Many sites today have a minimum of eight characters, so let’s go a bit higher: 10.

Grab the first six letters from the account you are accessing. For this example, we’ll use SpiderTrainers.com: spidert.

Now, choose two letters you will always capitalize. I’ll go with the fourth and sixth: spidErT.

Replace one character with the numeral of your choice. Don’t be obvious such as using numeral “1” for “I”—be unique. I’ll replace the second character with the numeral 9 for every password from here forward: s9idErT.

Choose two starter characters from the shift-numerals of your keyboard, for instance, “%^”: %^s9idErT.

Close it with two more characters from the shift-numerals of your keyboard, such as “#@”: %^s9idErT#@.

So, all together we have created a difficult password because it will be different for every account we have, but one that is easy for us to remember after we’ve become accustomed to our own pattern.

In the event you run across rules within the site, such as you must start with a letter, have a plan B password and use that.

Create a Phrase
Instead of the pattern trick, use the phrase trick and choose letters from the beginning of each word. For instance: I think Amazon.com is a wonderful 1st Rate site!, results in: ItA.comiaw1strs!

Long Passwords
Most sites built today require your password to be at least eight characters, but the longer the better. If you use the pattern trick above, and you’re visiting Q.com, have a plan C. Add a word, such as engine, to any site too short to produce the base six characters.

No Names
Don’t use your name, your pet’s name, your child’s name, or your spouse’s name in your password. If you participate in social media, everyone on Facebook knows you have a boxer named Oscar.

Character
Passwords are ideal when you use at least one uppercase letter, lowercase letter, numeral and symbol, as we did in our pattern password above. Some sites or applications limit your use of special characters, but for the most part you can use: ‘ ~ ! @ # $ % ^ & * ( ) _ – + = { } [ ] | : ; ” ‘ < > , . ? /.

Lie
Many sites today use two-point verification: a password and a response to a question. If the site is asking you for your mother’s maiden name, lie and use JimmyChoo. Your mother’s maiden name is likely another bit of information pretty easily found on the web. If the site asks for your first pet, say giraffe. Your first car: roller skates.

Store It, If You Must
If you must store passwords, for yourself and your clients, store them in documents that are not labeled as or named “password,” and store them separately from the user names.

Change It Often
Just about the time you get comfortable with your pattern (assuming you use the tip above), change the pattern and notify the client. By text, of course.

The paper avalanche begins at my home in South Jersey. It’s January, and along with the cold, snow and wind—plus post-holiday bills—comes the inevitable volume of bank credit card offers. Hooray!

Yesterday’s mail represented the normal credit card promotional mini-avalanche: five offers—two from national banks, and three from major regionals. In reviewing the promotions, they are pretty typical, pretty similar in positioning and messaging, and all pretty much hit several of the following, non-personalized, push offer components:

Cash back on a quarterly/annual basis
Cash advances
Tie-ins with bank branches
Periodic purchase summaries
Online payment apps
Rewards and gift certificates
Free or discounted merchandise
Low introductory APR interest
Free/low cost balance transfer
No foreign transaction fees
Instant approval
Worldwide coverage/acceptance
Frequent flyer miles and travel rewards
Low annual fee/no annual fee
Associated banking, brokerage and payment services

Look familiar? Today, I received three more mail credit card offer promotions, looking much the same as yesterday’s batch.

The Hopeful Trend Toward Offer Personalization
In an effort to both differentiate their program, make better and more productive use of available customer data and bring their credit card marketing costs under control, some banks have begun to build personalization and/or customization into their promotions.

Let’s begin with credit card design itself. Instead of just illustrations with bank logos, there’s almost a do-it-yourself feel about the array of card designs. In other words, banks are offering cardholders the opportunity to create designs that match their personalities. For example, Capital One offers designs with images which range from the patriotic to the artistic, such as beach landscapes; and even cartoon characters such as Dilbert and Daffy Duck. Other Capital One design choices include insignias of various charities; and these are paired up with points which can be converted into cash donations after credit transactions.

BMW Financial Services offers Mini Cooper owners a Visa with a photo of their model and color of car through a digital imaging application. The card comes with a motoring reward program, with multiple points awarded for driving-related purchases, such as tolls and gas, and even offers cash back if a Mini is purchased.

And, although the program has been cancelled, Bank of America had a Visa for pet lovers. The “PetRewards” program offered points for pet food (in affiliation with Hills’s Pet Nutrition), discounts for visits to participating veterinarians and clinics, and also enabled cardholders to donate to animal shelters. The most appealing feature, though, was the ability for the cardholder to put his or her pet’s picture on the card via a digital uploading system.

The available digital imaging has facilitated greater personalization. Customers have a desire to individually “badge” themselves according to lifestyle choices, or personally display their interests and hobbies. Credit cards give them the opportunity to put their distinctive passions front-and-center through daily financial transactions.

Personalization, though, is more than just about images. For teens, there is the PAYjr Visa Buxx Custom Card site. It has features such as an online household chore and allowance tracking system. Digital imaging is also available for these cards; and teen cardholders are encouraged to be creative in their imaging designs through peer-judged contests, with Apple MacBooks and iPods as major prizes.

It’s not only card designs which offer personalization. More importantly, it’s special offers, customized to lifestyle and purchasing habits. In many ways, the card offers resemble deals similar to what they can get through sites like LivingSocial and Groupon. For example, there’s Truaxis, a company which provides discount gift-card purchases for cardholders, and Slickdeals.net, the Truaxis online forum where Citibank cardholders receive promotions—such as $10 Amazon gift cards for $5, or Barnes & Noble $25 gift cards for $15. Other participating retailers include Sears, Lowe’s, Home Depot and Old Navy.

The Truaxis deals platform, called StatementRewards, enables customized offers to credit card customers on their online account statements, matching the promotions and discounts where these consumers spend most frequently. And, of course, the Citi credit card must be used for these special offers—a benefit to both the cardholder and Citi.

Other major banks have also begun offering personalized deals in their promotions. Some banks, such as Bank of America, require cardholders to “load” the full value of a deal onto the card when the offer is made, and then the discount shows up in the form of a statement credit. Ally, on the other hand, creates interest through surprising cardholders with deal opportunities.

However the bank wishes to extend these personalized offers to their cardholders, the customization represents a transactional win-win-win. Consumers receive savings in areas of individual transaction activity, merchants have a managed-cost opportunity to build transactional loyalty, and banks earn more in card transaction fees.

Tag: Credit cards

It’s Bank Credit Card Junk Mail Season Again!