Keeping Customer Communications Secure: Best Practices for 2025

When it comes to communicating with customers, speed and convenience often take centre stage. But there is another factor that matters just as much: trust.

Fraudsters are becoming increasingly sophisticated in the ways they mimic organisations and exploit common communication practices. If customers lose confidence in the security of your messages, they are far less likely to engage, and that undermines both the customer relationship and your brand.

The good news is that organisations can reduce the risk by adopting simple but effective best practices in the way they design and deliver communications.

Don't attach sensitive documents

Email remains one of the most common ways businesses communicate with customers, but it is also one of the most vulnerable. Attaching confidential documents such as statements, contracts, or medical records introduces risk if the recipient's account is ever compromised.

A more secure alternative is to host documents within a customer portal or app. Instead of sending the document itself, notify the customer that it is available and ask them to log in to access it. This reduces exposure while reinforcing safe digital habits.

Avoid links in SMS

SMS has become a popular channel for timely updates, but it is also a prime target for fraudsters. Messages containing links can easily be spoofed, tricking customers into clicking through to fake websites.

That is why many banks and large organisations now avoid including links in SMS altogether. Instead, they use SMS only to prompt customers to log into their official app or website directly. This removes ambiguity and helps customers understand that any link they receive via text should be treated with caution.

Move beyond SMS for one-time passwords

One-time passwords (OTPs) are now mainstream security measures, often delivered via SMS, email, or app notifications. They provide an extra layer of protection that makes it harder for unauthorised users to gain access.

But SMS-based OTPs have their weaknesses. They can be intercepted through SIM-swap fraud or spoofed messages. Because of this, many organisations are moving towards more secure methods such as:

• Push notifications within a mobile app
• Authenticator apps that generate codes offline
• Biometrics like fingerprint or facial recognition

For most customers, SMS OTPs will remain familiar and convenient, but the shift has started. SMS is becoming more of a backup option rather than the default.

Prioritise clear and consistent branding

Fraudsters thrive on confusion. If your communications vary in tone, design, or sender details, customers may struggle to tell the difference between a genuine message and a fake.

Consistency across channels is critical. Emails, SMS alerts, letters, and app notifications should all look and sound like they are coming from the same trusted source. This strengthens recognition and helps customers feel confident they are engaging with the real thing.

Educate customers on what to expect

One of the most powerful steps an organisation can take is to actively educate customers about what you will and will not do. For example:

• "We will never send you a link in SMS."
• "We will only ask you to log in via our official app or website."
• "We will never request your password or PIN."

By setting clear boundaries, you reduce the likelihood that customers will be caught off guard by a fraudulent message. Transparency not only builds trust but also strengthens your customers' ability to protect themselves.

Security as part of the customer experience

Security in communications is not just an IT issue. It is a fundamental part of customer experience. Customers want to feel confident that the information you send is safe, authentic, and designed with their protection in mind.

By embedding best practice into your communication strategy, you can reduce risk, increase trust, and strengthen your customer relationships. In an environment where fraud is only getting smarter, security is more than a safeguard. It is a differentiator.

How Cadence can help

At Cadence, we help organisations assess the quality and effectiveness of their communications through our Communications Health Check. Security is an important part of this review. We look at whether your practices align with industry best practice, identify risks that could expose customers to fraud, and recommend practical improvements that build trust and confidence.

Security is not just about protecting information. It is about protecting the relationship between you and your customers.