It was online banking week in Walt Mossberg's popular Wall Street Journal technology columns. Yesterday in The Mossberg Solution, authored by 20-something Katherine Boehret and edited by Mossberg, Mint's personal finance service received a half-page article so complimentary I had to look twice to make sure it wasn't an advertisement. Boehret couldn't find a single thing wrong with the service, although she did wish for bill payment capability so she could do all her banking within Mint. I'm sure she'll have her wish granted relatively soon.

In today's Personal Technology column entitled, How to Avoid Cons that Can Lead to Identify Theft, Mossberg himself dropped a bomb which will impact bank-marketing efforts for years to come. His first of seven tips for safe computing:

Never, ever click on a link embedded in an email (from your) financial institution....

That's harsh, but it's also understandable why he'd take that stand. Mossberg strives to make technology issues understandable to non-techie readers. However, it would have been better to add, "unless your bank adds account-specific personalization to the messages so you know for sure where they originated." 

Action Items
Many financial institutions, including Citibank and Bank of America, have long used personalization to distinguish legitimate messages from phishing attempts. Financial institutions with good personalized messaging should consider a public outreach program to counter the negative perception from the Mossberg column. It also might be a good time to remind front-line employees how to respond to customer concerns about phishing emails.

For more information, see our Online Banking Report on Marketing Security. 

Last week, I may have jumped the gun when I thought I'd found a bank using Twitter (post here). It's pretty apparent that E*Trade is not officially involved with that Twitter account.

But the ever diligent Ann-Marie Murphy was quick to add to the comments that her company, Quicken Loans, is *really* using Twitter to support its Quizzle personal finance site (see Quizzle coverage here). Beginning Feb. 22, the mortgage lender has posted 52 updates through last week (those would be called "tweets" if you are a real geek). That's about one per day, a good steady flow, without inundating the follower. 

Here's Murphy's rationale for using Twitter:

We've found it to be a great way to chat with our site visitors, get honest and helpful feedback to make the site better and give interesting home-related tips to followers. I especially like the instantaneous feedback. Ask a question, get a bunch of answers from folks who enjoy helping others.

Now this is what a real Twitter update stream looks like, complete with custom design. Nice.

I was searching Twitter today to see if any major brokerages were using it to reach out to customers. The only hit was E*Trade which is using Twitter to update its Complete Savings Account rates. It seems to be coming from the bank, but it's possible someone else, perhaps an employee or fan, is responsible for the two entries: the first on March 12 announcing a 3.45% yield and then on April 1 when the rate dropped to 3.01% (note 1).

Regardless of who's responsible, it makes sense to use the new channel for outbound communications. If nothing else, the 90 seconds spent creating those two entries have already generated a favorable mention in this blog. 

For those of you not familiar with Twitter, it's a communications tool that allows users to post short (140 characters max) updates about what they are doing, what they are thinking, or anything else. Unless the user chooses to make their updates private, anyone can read them, just like a blog post. That's why Twittering is sometimes called micro-blogging. But it's more like "broadcast instant messaging" for most people who's musing will be seen by just a handful of friends, family and/or colleagues.

For more info from an actual Twitter user, read Ron Shevlin's recent post.

Note:

1. I suspect it's an "unofficial" Twitter page because they didn't put APY behind the percentage, although that is spelled out in the short bio section in the upper right, and they are not using the company logo.

Today I received my first alert (see screenshot below) since subscribing to Experian's credit-monitoring service about 4 weeks ago. While I appreciate the heads up, the user experience is not at all what I want.

Here are the problems: 

1. Cries wolf. All the alert tells me is that there was a "key change" posted to my file. Is it a routine credit inquiry (which I was expecting) or did someone just open an account at Best Buy in my name? The only way to find out is to log in to my FreeCreditReport account, which took three minutes since I couldn't remember the username/password. Please provide more info in the alert so I can better gauge the severity of the situation.

2. Not phish proof: While Experian does use my first and last name in the salutation, thereby improving believability, additional personalization is needed to help users know it's genuine, especially when the company's log-in process requires input of a social security number confirmation after login. 

3. Not enough trust: I've worked with Experian for more than a decade so I know and trust them. However, the average Joe/Jo doesn't really know whether FreeCreditReport is a trustworthy company or not. Credit monitoring alerts are too easy to miss if they don't come from a recognizable and trusted name. It would be much better if they came from the user's financial institution or card issuer, someone with whom they do business on a monthly basis, so the emails don't end up in some spam filter.

4. Not integrated with online banking: I really don't want to remember yet another username and password, nor do I want to spend five minutes of my day logging into another website to verify there are no criminals using my credit files. Credit monitoring and credit scores should be integrated into online banking so I can keep track while doing my normal banking.

5. Doesn't tell me what to do: In this particular case, I knew about the inquiry, but what if I didn't recognize it. The website doesn't provide any info on what to do if I did not authorize the inquiry, which could be the first sign of serious identity takeover (see screenshot below).

For more information, see our recent Online Banking Report on Credit Monitoring Services here.

Email alert from Experian's FreeCreditReport service (24 Oct. 2007)

I received an email from American Express late last night after resetting my password earlier in the day (see screenshot below). I can never remember my AmEx password, because I can't use my usual one due to the company's surprisingly short field of just 8 characters that also doesn't support special characters. I have it written down somewhere, but I can never find that either.

I went online late Friday afternoon to pay my overdue bill at AmericanExpress.com. I was pretty sure it was one of three possibilities, but after two unsuccessful attempts, and with the website warning me the third attempt would cause a lockout (note 1), I decided to go through the online reset process instead. 

That was easy. I just needed the card number, the code on the front of the card, and the answer to a security question. At that point, AmEx displayed my username and let me reset the password. It's one of the easier reset processes I've tested. That's a benefit to customers and helps cut customer service costs for AmEx. 

But the thing I liked most was the email message sent later that night informing me of the password reset (screenshot below). But I don't understand why it was sent more than six hours later. Why not send it right away? That would be way more impressive to customers, and would help reduce any potential fraud or privacy violations. Better yet, send a text message right to the customer's mobile, so they have real-time knowledge of the account changes.

Email Critique
Personalization: The company uses two pieces of personalization, cardmember name and the last five digits of the account number, to differentiate this message from the average phish. Excellent.  

Subject line: Your American Express Forgotten User ID is good and right to the point

From: "American Express" using an American Express email address. Good.  

Headline: Verify Your Account Transaction is a little confusing. All I did was reset my password. I'm not sure that average person views that as a "transaction."

Copy: The copy is short and to the point, but it could use a little editing for clarity. The third sentence, "If you did contact us...." seems unnecessary. And "If you did not complete the retrieval...." is not very user friendly language.

Design & Layout: Excellent.

Overall Grade: A- for the message, B- for timeliness

Note:

1. We recommend allowing more than three attempts before lockout. It's pretty easy to forget a digit or make a typing mistake. See our Online Banking Report on Security (#119) for more information.  

This week, I took a two-day break from writing the next issue of Online Banking Report, an update to our popular report on Credit Bureau Monitoring and Identity Fraud Protection (2002 report here), to attend the Mobile Commerce Summit. 

Much to my surprise, an email received today nicely integrates those two topics. The offer sent was sent with the subject, "Mobile Identity Theft Protection," and it came from WireFly an online wireless reseller where I'd previously purchased a Blackberry.   

Very interested to see the mobile connection, I looked at the full message (below), a well-crafted offer for Identity Guard services from Intersections. The seemingly to-good-to-be-true offer: a full year of credit monitoring, with SMS alerts, free of charge.

Apparently, Intersections, like PayPal and SunTrust, is using free credit report monitoring as an introduction to its full-service credit report and ID theft protection services. It's an aggressive move that has repercussions for the industry. We'll look at its strategy in detail in the new report to be published in July.

I've been an Expedia regular for 10 years, so I only check Orbitz on occasion. But I was there today and was impressed with what they are doing in mobile alerts. You'll have to read the next Online Banking Report for all the details (note 1), but I wanted to pass on one idea that could be used by banks and credit unions today.

I call it an alert ticker. What it does it track the number of OrbitzTLC alerts sent to customers (see it in action here). The odometer-like counter rolls over about once per second and currently reads 87,794,309 (see inset). ING Direct has done the same thing for many years with the total interest earned by its savings customers. 

Below the ticker is another feature that financial institutions supporting voice-mail alerts should consider, a quick trial entry form. Users can type in any phone number, landline or mobile, to receive a sample voice message alert (note 2). Those entering a mobile number can also receive a sample text message by checking the lower box (note 3).

Notes:

1. Online Banking Report #140 will be available in early April.

2. They didn't ask for mobile phone carrier, so Orbitz must send a message to all the major carriers, e.g., yourphone#@cingular.com, yourphone#@verizon.net, and so on figuring the right one will get through eventually.

3. It's been three hours and I've received neither a voice message or text message. 

4. Banks should also take a page from Southwest Airline's Ding service (see coverage here and here).

There is no doubt consumers love debit cards. Despite cloudier fraud protections, no free float, and the confusion of "signature vs. PIN," growth continues at a 20% annual clip, with total U.S. transactions surpassing credit 15 to 18 months ago (see numbers here).

But continued negative press coverage could slow the growth. For instance, today's lead article in the Wall Street Journal's Personal Journal section, How to Protect Your Plastic, focused on recent debit card skimming incidents. 

What can a financial institution do to counteract the negative press?

1. Educate customers on their limited liability

2. Provide clear and understandable zero-liability fraud protection guarantees

3. Provide tools for monitoring checking accounts, such as transaction and security alerts

But once you have those "best practices" in place, you can still boost usage, and differentiate your debit card and checking accounts by integrating actionable text-message alerts (see ClairMail example above). 

While the industry-standard email alerts are helpful, the phishing epidemic, spam filling up the in-box, and  the time lag for reading and responding to bank emails, make them less and less effective for time-sensitive communications such as fraud alerts.

Enter the mobile phone. Most banking customers now keep a mobile device with "three rings" of their person much of the day, and almost always when out of the house. Therefore, a real-time text message each and every time a debit cards is used, will go a long way towards making users comfortable that their card has not been comprised. And in the event their is a fraudulent transaction, a quick text message back to the issuer can lock the debit card down, avoiding any additional unauthorized transactions.

This is about as win-win as you can get in banking. The user is happier with his debit card leading to increased loyalty and more debit transactions, boosting both short- and long-term revenues for the bank, credit union, or card issuer.

For more information see our latest Online Banking Report, Mobile Banking & Payments 2.0 (OBR 138/139).

Once again (previous post here), Chase used a three-quarter page color ad in the front section of the New York Times (p. 17, National Edition) to showcase its alert services (see partial screenshot right). The ad shows a man relaxing in the stands at some type of sporting event, Yankee Stadium perhaps.

The camera looks over his shoulder, focusing in on the image displayed on his Treo smartphone, which says "SECURITY ALERT" in large white letters on a light-blue background.

You had to feel for this poor guy, jarred from his leisure time with an urgent missive from the bank. Within a few seconds, three things likely crossed his mind: 

1. What the (expletive deleted)? Pretty poor timing to be interrupted at a baseball game with a security alert from the bank (which, these days is 99.9% likely to be a false positive, or a phishing attempt, see number 2).

2. Is this even from Chase? How do I know it's not a new kind of mobile phishing attach (mishing?). Should I ignore it? Does my liability go up if I don't respond immediately?

3. Now what? Can I click the message and find out if this was just a notification that I'd used my debit card to buy beer at a Yankees game, something I'd never done before, or has someone just transferred my 401k to a numbered account in the Jersey Islands? Or will I have to excuse myself and make a voice call, spending the 6th and even part of the 7th inning, talking to a Chase CSR, who may not even have enough info to explain why I got the alert? 

Analysis 
The ad demonstrates the pitfalls of using a very negative attribute, security breaches, in marketing your brand. But despite the uncomfortable thoughts that come to mind, we think it's an effective ad because it grabs attention and positions Chase as caring for the financial security of its customers. However, given that Chase's actual alerts look nothing like this, it's a bit of a stretch. I suppose they're allowed a bit of creative license; it's advertising after all. 

We'll give it an A-

In an American Banker article today (here), Wachovia says it is developing security controls that will put users in charge of some of their own security settings such as the size of a funds transfer allowed. According to John Watkins, Wachovia's Director of Online Services, the new capabilities will be available "sometime this year."

This is not a new concept. The first full-service online-only bank in the world, Security First Network Bank, offered user-set bill payment limits more than ten years ago. Other international banks, such as ABSA Bank in South Africa, have long allowed users some control over security matters.

However, in the United States user-controlled security has been slow to catch on, other than via triggered email alerts, which remain the first line of defense. For several months, Bank of America has been reminding online banking users that alerts can help them prevent fraud in their accounts. 

While it's too early to speculate on what Wachovia will or won't do, the concept is a good one, and will eventually be used to some extent by all financial institutions. It's a win-win, providing users a better sense of control while reducing actual fraud losses within the bank.  

For more information:

See Online Banking Report #119, "Marketing Security" for more ideas on how to turn security concerns into a marketing advantage.

How do you convince already-registered users to sign up for your latest email newsletter? One way is to offer an incentive. Earlier this week, the Seattle Supersonics offered users the chance to win a $500 shopping spree if they logged into their account and opted-in for the latest email newsletter.

An even more effective method was demonstrated by the New York Times today in the online version of its Business Section. In the upper-right corner, the user's existing email address is shown, along with a sign-up button (see screenshot below). All it takes is a single click to begin receiving the daily DealBook email.

The newspaper also provides a link to view a sample of the newsletter, a proven strategy for increasing response, and links to its Privacy Policy and back to account preferences to change the email address.

Once users click on the sign-up button, the text is changed to a thank-you message along with a link to change email preferences (see inset above).

Startup Pinger <pinger.com> launched a service last month that makes it easy to send voice messages to mobile phones or computers along with an email or SMS alert.

It combines the immediacy of instant messaging, the functionality of email, and the more personal nature of a voice message. And it's free.

To use the service, which is currently in public beta, users upload recipient email addresses to the Pinger server where communication preferences are stored. Voice messages are created using any phone or a PC microphone.

The San Jose, CA-based firm received $3 million in funding from A-list VC Kleiner Perkins in Nov. 2005.

How it Works
To send a message from a phone, you simply call the service, say the name of the recipient, record the message, and hang up.

To send a message from a PC, you select the recipient from your address book, record the message on your PC microphone, and send. 

Either way, the recipient is notified via SMS and/or email. If on a mobile phone, they dial the number in the SMS message and listen. If at a PC, they can click on the link and listen to the message on their PC speakers.

The recipient can sort, replay, forward, store, and even reply via voice to the messages, which makes them as functional as email.

Pinger demonstrated the service last week at Demo's fall conference (see the demo here).

Financial institution opportunities
With believability of financial emails at an all-time low, short voice messages could be more effective for complex information, such as explaining options to someone late with a loan payment, or who has just been given a credit line increase.

And since many banks have stopped using links in their emails due to phishing concerns, voice messages could be used to say, "See us on the Web at www.yourbank.com/loans" or "Log in to your account and go to the Your Loans tab."

The novelty of the voice message will also provide a boost to marketing efforts, at least temporarily. The first few messages are likely to generate quite a bit of interest, until users learn to ignore them like other marketing messages.

Voice messaging isn't for everything. Routine information, such as balance alerts and deposit confirmation, should continue to be sent via text only.   

It's yet to be seen whether Pinger takes off. But it's a safe bet that something similar will soon enter the lexicon along with Googling, IMing, and texting. With dozens of voice-over-Internet-protocol (VOIP) startups challenging the bigger players, such as Vonage and eBay's Skype, we are sure to see interesting, cost-effective new ways to reach customers.

For more information:

• TechCrunch article on new VOIP providers here
• Coverage at Under the Radar blog here
• Short article in New York Times Sep. 27 here

Hoping to download a movie to watch on the long Seattle-NYC flight, I sent Amazon an email with a question about its new Unbox video service. Not only did they answer within the hour, they also included a link to indicate whether the answer solved my question or not. 

Choosing the "yes" option, I was delivered to a "Thanks for your feedback!" message, which not coincidently put me back onto the Amazon site. The thank-you also contained a link to provide additional feedback.

Following that link leads you to a page to provide detailed comments:

If you responded "no" to the original question, you are taken to a similar page to rephrase the question (see below).

Analysis
This simple feedback mechanism provides five important benefits:

1. Demonstrates you actually care whether the user's problem is resolved satisfactorily
2. Allows customer to easily submit another question if not satisfactorily resolved
3. Allows you to quantify the performance of the service department
4. Identifies areas where better answers are needed
5. Helps identify tricky problems that can be corrected

All financial institutions should consider similar techniques for improving electronic customer service.

Now, if only the Amazon video-download service were as efficient as its service reps. First, it took two tries to get the player downloaded. Then the 90-minute, 1.7 GB movie took nearly eight hours to download via my Wi-Fi connection to our Comcast cable modem, never going much faster than 80k per second. Bottom line: For $2.99, it's still worth doing, provided you plan far enough in advance.

Friday, US Bank <usbank.com> began using a new design for its email alerts. It has a softer, more modern look to it (see before and after screenshots below). The layout and copy are identical to the previous version.

The new look arrived about the time we intended to post a rant about the lack of creativity in bank messaging. One of our examples was US Bank, which had sent us the same basic confirmation message more than 1,000 times over the past three years.

While it's good to see an improved design, it's still pertinent to note that there is more to the lack-of-creativity argument than just the font and background colors. The problem with email alerts is that after receiving them two or three times per week for several years, many users may ignore them. To keep that from happening, financial institutions need to upgrade their messaging system; let's call it Alerts 2.0.

Here are some important features of Alerts 2.0 (for a detailed look at bank messaging, see Online Banking Report #91/92) :

• Educate about preference changes: Once or twice per year, perhaps more frequently for those receiving a large number of alerts, remind customers about the types of alerts available and how to change them.
• Provide periodic summaries: Someone getting six alerts each week would likely appreciate a weekly summary of all changes.
• Change the "look & feel" periodically: Don't wait three years to change the design. Create a template so that the alert design can easily be changed to fit the season or holiday.
• Gently cross-sell: Alerts should be kept primarily factual. But every once in a while, most of your customers would appreciate a low-key "reminder" of relevant services, such as overdraft protection, credit report monitoring, and so on.
• Give thanks: As trite as it sounds, don't forget to thank the customer, at least every once in a while. For example, you might add a thank-you when receiving a large deposit (or ANY deposit for that matter). Also, a periodic "thanks for participating in online banking" and/or email alerts would be appropriate. This would also be a good time to ask for feedback on the service.

US Bank email alerts redesign (click on images to enlarge):
New  Old

--JB

While most banks in the world charge fees for at least some aspect of online banking, the service has been almost entirely fee free in the United States, at least ever since Bank of America rolled out free bill payment in 2002.

At first glance, it seems like a great deal for consumers; however, the lack of direct revenue has hampered investment in the channel and deprived U.S. customers from the more sophisticated services common throughout the world, such as SMS alerts, multi-factor log-in controls, and so on.

We're always on the lookout for fee-based opportunities (see Online Banking Report 122/123 for a laundry list of online fee opportunities), and we are encouraged by eBay's latest innovation, SMS auction alerts with a fee of $0.25 per auction. This is the first time eBay has attempted to charge fees to bidders. The site has offered free email alerts since the beginning.   

Here's how SMS alerts work (see screenshot below):

1. Select "Get SMS alert" (see red circle in screenshot at above, click to enlarge).
2. Select mobile phone provider from drop-down list and enter mobile phone number; currently Cingular, Verizon, Nextel, Alltel, Sprint, and TCRcom participate
3. Check "Watched item ending alert" or "Outbid alert"
4. Click "Continue" which initiates a confirmation message to the user's mobile phone
5. Send a text-message reply from the mobile back to eBay to agree to the charges

SMS-alert users pay $0.25 for each auction entitling them to up to 10 alerts. Each 10 thereafter cost another $0.25. It would be unusual for the number of alerts to exceed 10. After receiving an alert, users can submit a new bid via text message by responding to the text message with their new bid amount. Bidding can be protected with an optional PIN.

Instant messaging alerts work in a similar manner (click on screenshot for closeup):

1. Select "Get IM alert" 
2. Select IM provider; eBay supports the big three: Yahoo, AOL, MSN
3. Check "Watched item-ending alert" or "Outbid alert"

There are no fees for IM alerts. After receiving an IM alert, users can submit a new bid via the provided link.

In addition to SMS-alert links in the main auction listings, successful bidders are also prompted to set up an alert on the bidder's confirmation screen (see below).

What it means for financial institutions
There is no reason why banks cannot charge for triggered alerts. Unlike account access, alerts are a value-added service with no similar "free counterpart" in the offline world. You don't see telecom giants giving away any of their specialized services such as caller-id, custom ringing, call forwarding and so on. Banks should work on developing premium service bundles. For inspiration, take a look at your local phone provider's website (see Qwest screenshot right).

Resources:

• Online Banking Report #109, "Pricing Online Banking Services"
• Online Banking Report #122/123, "2006/2007 Planning Guide"

ING Direct <ingdirect.com> is the latest bank to move to greater personalization in order to distinguish its messages from phony phishing attempts. The bank has added the customer's first name and masked all but the last three digits of the customer's number (click on inset for a closer look).

The message at left was sent to customers to market ING's latest deposit promotion: 4.75 percent APR for new money.

The same technique is also used for routine account alerts (see inset right).

Note: The high-impact sales pitch for its 4.75 percent deposit promotion.

Analysis
While it doesn't prevent phishers from attempting to recreate the same look (see footnote), it's an effective first line of defense. Besides, the personalized greeting is a friendler way to communicate with customers. Citibank has been using a similar approach for more than a year (NetBanker, May 30, 2005).

Footnote: Yesterday, we received a fake email that recreated the Citibank personalized area in the upper-right corner. The crooks just left blank the Email Security Zone in the upper-right corner, figuring many users won't look that closely at the box (click on inset for a closer look).

--JB

Whenever online banking users make changes to their account preferences, you should confirm with an email. It not only shows you are paying attention, but also provides customers the peace of mind that they accomplished the intended task.

Today we changed one of our account alerts at Bank of America <bankamerica.com>. Within a few minutes, we received this attractive email (see inset). However, you can tell that this particular message was crafted in the pre-phishing days, as evidenced by the old 2004 copyright date (lower left corner), the old 2000-2004 Olympic sponsor logo in the lower right, and hyperlinks back to the log-in page.

Action Items

1. For better authenticity, include a personalized greeting, shared secret, or truncated account info in your message.
2. Do not include hyperlinks back to the bank on routine, non-personalized messages.
3. Update all messages at least annually so they don't carry outdated corporate branding and/or copyright dates.

--JB

The first widespread use of online features for overall corporate branding was the now-famous fall of 2002 Bank of America television advertising campaign touting it’s recently-set-free bill payment program. At the time the bank said that these advertisements were some of its most effective TV spots of all-time with recall percentages through the roof.

Three years later you see online features used in all sorts of media campaigns. Two print advertisements caught our eye this month.

1. Chase Bank ran a three-quarter page color ad in The New York Times on Oct. 9 focusing on its free email alerts using the following headline:
   
        The morning news.
        The morning weather.
        Maybe even your morning balance.
   
   The ad was mostly white space with a smaller picture of a 30-something guy lounging in his Adirondack chair on his deck in the woods with laptop and coffee (evidently enjoying a wireless connection).
   
   Our take: Good, but too subtle; unlikely to increase awareness of alerts to any great extent.
   -
2. Much more interesting, though unrelated to banking, was the full-pager from General Motors introducing its OnStar service running in the A-section of the Oct. 13 Wall Street Journal. The title read:
   
        Introducing
        OnStar Vehicle Diagnostics.
        A monthly email from your vehicle.
   
   The picture featured a woman peering at her laptop on the patio with her car in the background. On the laptop screen was a message, blown up in the lower part of the ad (click on inset for similar message), summarizing the mechanical condition of her 2006 Chevrolet Impala.
   
   Our take: Extremely well done, demonstrating an almost unbelievably valuable service that most wouldn't otherwise have known about; should increase awareness dramatically.

Analysis

You can only talk about great service and free checking so many times. Online features that help improve perceived security and/or financial control are becoming interesting to a wider cross-section of customers.

For example, Wells Fargo took an essentially plain feature, a combined online statement, and turned it into My Spending Report (see previous NetBanker article, Feb. 17, 2005), a point of differentiation for its online services, and by extension, the bank as a whole.

-

We don’t work at an ad agency, so we won’t begin to try to tell you how to cost justify large print ad in the local paper. But most financial institutions devote at least some of their advertising budget to so-called “image” spots and if you serve a tech-savvy market such as NYC, 2006 would be a good time to test online-oriented spots to see if they bump up your brand and ad recall numbers.

--JB

Now that consumers are beginning to receive multiple alerts and other email messages from their financial providers, you risk the problem of "alert fatigue." It happens with any warning system. If you get too many warnings or status messages, you start to ignore them, rendering the system ineffective.

One way to make your message standout is to add a "high importance" flag to your outgoing message. In Outlook and Outlook Express, a small red exclamation point will show on the subject line in the message list (click on the inset for a larger image). In this example, the Washington State Department of Revenue added the flag when it sent password-changed alert. But it didn't add the flag when sending a routine payment confirmation.

The key to making the flag effective is to not overuse it. Don't ever put it on an advertising or marketing message. And use great restraint when attaching it to balance or confirmation messages. It's best use, might be for security-related notices such as password resets and other sporadic and relatively unusual activity.

--JB