Credit union cybersecurity: What you need to know about TLS changes

Cybersecurity is in the forefront of all business owners’ minds. As we become more interconnected, we open ourselves to more potential breaches. This concern is especially prominent in the financial sector. When you’re talking about member’s hard earned dollars, there’s no room for error. There is an imminent deadline approaching that credit unions need to be aware of as it relates to credit union cybersecurity: An authentication protocol called TLS.

TLS 1.0 was established in 1990, as a way to secure communications between machines, such as communication and transactions between a member’s browser and their credit union desktop and mobile banking, as well as between credit union servers and their credit union technology vendors. The protocol has been increasingly vulnerable to hackers and cyber-attacks and is particularly a threat to mobile and internet banking breaches, as well as file transfers between credit union machines and their core vendor. Due to its age, there are no fixes or patches that are able to repair TLS 1.0, leading the PCI Security Council to withdraw support of the archaic protocol effective June 30, 2018, opting instead for merchants and banks to upgrade to the more current versions TLS 1.1 and 1.2.

This TLS mandate is impacting credit unions directly. The credit bureaus, and other major players, are requiring updated TLS security, and many small to mid-size credit unions use servers that don’t support TLS. Upgrading a server is expensive, but the risks associated with being out of scope on security can be detrimental. Now more than ever it is imperative to ensure your core and technology vendors stay ahead of the curve and are supplying you with the information you need to plan and budget for necessary changes.

continue reading »

More News