No weak links: Smart ways to fortify your credit union’s mobile banking security
At the turn of the century, American philosopher William James said, “A chain is no stronger than its weakest link.” James was thinking ideologically, but it reminds me of “Red Rover,” the playground game we all played as kids. Remember how teams sent out a player to try to break through the weakest part of the opposing team’s circle? That’s how hackers and cyberthieves look for vulnerabilities in your credit union’s security system.
Find the chinks in the shield
Thanks to the worsening epidemic of online fraud, ID theft and other scams, it’s getting harder to safeguard consumers’ personally identifiable information (PII). Your members don’t help: They know they should have a different password for every service and app, but most hate creating (and remembering) them, so they use the same password multiple times – especially with smartphone apps. so they use the same password multiple times – especially with smartphone apps. But for anyone using their phone to make purchases or do their banking, it puts their personal information at risk.
Smartphones are now part of the American way of life for most of us – primarily because they are convenient. To keep mobile banking safe and hassle-free, offer members the option of multifactor authentication with single sign-on capability.
For its 2016 Trends in Consumer Mobility Report, Bank of America surveyed more than a thousand U.S. adults with bank accounts and smartphones. Of those, 10% said their first thought of the day was of their significant other. But 35% said they first thought of their phones! I hope those stats don’t show up on a Valentine’s Day card, but they do point out how ingrained smartphones are in our daily lives. The same study found that 62% of Americans use digital as their primary banking channel – up from 51% and 47% in 2015 and 2014, respectively. And for millennials and Gen X, the rate is even higher at 68% and 70%, respectively.
Beef up security
Smartphones are so prevalent because they’re convenient. BofA’s survey showed that more than a third of respondents use their mobile banking app at least daily, up from 20% in 2014. And 84% use it at least once a week. But with consumers preferring ease of use over protecting their information, it’s harder to safeguard the sensitive data stored on smartphones or sent to a third party.
Given that financial institutions are among the top businesses with have high-security-risk, it’s critical to embrace enterprise-class IT security with the right digital security strategy to protect your mobile members. Here’s what you can do now:
- Adopt a holistic security program for all company data and member PII. While data systems typically operate behind firewalls and anti-virus programs, these measures are inadequate for high-risk industries, including credit unions. Analyze how your own security stacks up against others in the industry. And make sure members’ sensitive data is stored in data centers certified by third-parties and ask vendors for the auditor’s opinion about the effectiveness of specific controls over time. For example, Virtual StrongBox adheres to its own, higher stringent code, which includes meeting enterprise IT-ready qualifications, SSAE 16 Type II (highest level) accredited datacenters and data encryption.
- Provide end-to-end security. Your member needs to know he can trust your bank to protect his personal data all the time. That’s true whether information is flowing through a loan application, stored online or waiting in a buffer for a transaction to finish. In that regard, we’re pleased that Virtual StrongBox recently earned a fourth patent for protecting file transfer between different devices, as well as throughout the system. Our secure file-exchange service bridges the gap between member convenience demands and IT security requirements.
- Offer members private online secure space and secure file exchange.
Just like your bank, people need a safe place to keep important information and documents, such as wills, bank statements and tax returns. They also need an easy way to share private information when applying for a loan or other service. Commercial providers like Box and Google Drive offer online storage, but they commingle users’ data and don’t follow bank-level security rules, exposing users to great risk. Instead, offer members private security space for important papers.
At Virtual StrongBox, our patented secure data storage and file-exchange platform enables clients to provide their customers individual online safe-deposit boxes with the same high level of security they receive. When customers need to share documents, they use our secure file exchange instead of email, fax or the post office – reliable, but not safe. The service can allow your own members to grant limited access to your credit union or other service providers for specific documents.
Globally, mobile banking is reaching the saturation point, bringing added convenience and less hassle to consumers’ lives. But high-risk industries like financial institutions need to ensure their digital security has no weak links.