It is on you – credit union executives – to beat the digital banking bogeyman into submission.
It most definitely is not on members – even though, too often, credit union executives act as though it in fact is primarily the job of the member to protect him/herself. Off the record they will complain about member gaffes and there are a lot (tell me about writing passwords on Post It notes!).
But that’s reality. Members are human and that means they will make mistakes.
And that also means protection in the digital sphere isn’t their job. Anymore than it is the member’s job to protect him/herself against armed robbers in the credit union.
The first – sharpest – lines of digital defense need to be drawn by the credit unions themselves.
And yet every day I see credit unions trying to push responsibility back on the members. For instance, many in financial services pat themselves on the back that millions of us have signed up for mobile transaction alerts that, they say, serve as a kind of first line of defense against fraud. I agree such alerts are great and, personally, they saved me a lot of grief when I noticed a charge come in to an American Express card for lunch at a restaurant I had not eaten at in 20 years. I called Amex, they cancelled the card, and other than a $25 fast food lunch tab nobody was harmed. If I hadn’t seen the alert – and acted on it – the damages would have been bigger.
Nonetheless, I say again: the bulk of this load needs to be carried by the financial institutions. Getting me to look at alerts isn’t the end of the job here.
The future of digital banking – both online and mobile – hangs in the balance. Maybe half of all consumers continue to hang back from plunging into the digital pool because of expressed fears about online and mobile fraud. And they are not crazy to have those fears.
Those justified fears would be relieved by more proactive financial institutions That means you.
Here are five easy steps to shrink the volume of digital fraud:
Offer multi-factor authentication, said Matt Hillary, director of information security at MX. That’s spot on. Amazon prompts me via multiple channels to validate purchases. GMail does similar. So even does Yahoo Mail. And yet I have no credit union or banking account that involves multi-factor. Not a one.
More steps to take include:
Block access from public WiFi networks. Yes, some members will howl but – really – it just is unsafe to conduct financial activities from a coffee shop, hotel, or airline WiFi network. Not everybody knows that. So help them out by blocking it. Put up a helpful note encouraging access via a cellular network and an app – vastly more secure than public WiFi. That’s good for the credit union, good for the member.
Reject too simple passwords. Some – not a lot – of institutions are cracking down on this. All should. Passwords like “password” and “123456” just can’t be permitted. Ray McKenzie at Red Beach Advisors added: “User account passwords should be complex. This reduces the risk of a breach or hack that occurs. Passwords should have one uppercase letter, one lowercase letter, one number, and one special character, and require a minimum of eight characters.”
Embrace biometrics. From fingerprints to retinal scans, many biometrics are in trials at financial institutions – but few credit unions are aggressively trumpeting the benefits of biometrics to their members. That’s a mistake. Passwords are broken – even complex ones have issues (mainly that we forget the things). You don’t forget your fingerprint. Really, really encourage members to always use a biometric to log in.
Train your staff to be your members’ first line of defense, advised Caity Hinton, manager of strategic security services at Q2 Holdings. She elaborated: “your back office staff that works with members can’t be fully prepared to discuss the online threat landscape if they aren’t aware of it. Incorporate information on the threats targeting your members into your internal training, allowing your back office staff to be an effective line of defense and an abundant resource of security information for your member base.”
How hard is any of this? Not very. How expensive? Not much.
But the payoffs – in member confidence and improved security – will be enormous. Just do it.