Rarely do updates to pure tech standards get a lot of attention by the press and media, but the financial and tech firms behind the recently announced DMARC organization and the work of the IETF make this weeks announcement a little different. Why so, you ask?
DMARC.org is a federation of email senders, receivers, mail services and technology providers working to address an issue of critical infrastructure for the financial services and other industries - the reliability and integrity of electronic communications, specifically email. Bank of America, Fidelity Investments, Google, Facebook, Paypal, and others, announced DMARC's formation and support for an enhanced Internet Engineering Task Force(IETF) standard for enforcing email policy and combating unauthenticated emails and spam.
We are all well aware that for some time now the email channel has been under attack by phishers and spammers attempting to compromise consumers and enterprise credentials and other information that can then be used for fraudulent and criminal activities, in increasingly sophisticated and complex ways. With the rise of the social internet in the age of the intelligent economy, spammers and phishers continue to have tremendous financial and intellectual property theft incentive to use the low cost, easily accessible email channel to compromise the relationship between the consumer, small business, the enterprise, and their financial institution. With the adoption of the DMARC standard, however, the cost of successfully launching these attacks is likely to go up.
The success of DMARC will be closely tied to broad industry support. The web, social, internet infrastructure community are huge email senders-growing and bidding constantly with new online services for authentic connections with customers-and they appear to be active and at the DMARC table. But banker support thus far seems lukewarm. The financial tech leaders that we normally see involved in these co-developments are there - both Fidelity Investments and Bank of America - but it's difficult to gauge the total extent financial industry support at this early stage for the DMARC standard.
This is surprising given the big shift we're seeing in consumer preferences for banking services. For decades, the mainstay channel for retail and business banking has been the branch banking. However, the perception of the value of the branch has changed and there's no going back, making it essential for the retail and other business units to understand channel utilization habits, and to align physical and infrastructure reliability investments with channel utilization - with email being one application running over the internet channel. Historically, according to our most recent consumer preference survey, the branch has been the most utilized channel, but 2011 marked the first year that e-banking and the internet surpassed the branch.
As 2012 unfolds, firms of all sizes need to seriously consider the value proposition of the email channel, the ways in which they attract and serve customers across all channels, and the operating investments that enable growth and profitability. At the end of the day, it's a basic decision for the bankers - do they want their email channel to be less authentic to end customers than what these same customers get from the huge and growing populations of Google, Paypal, Facebook, and others? We think the right answer is no.