Enhancements to Online Banking Security Coming Tuesday, April 11th
As part of CU*Answers’ ongoing commitment to strong security for online banking, CU*Answers will be making changes to the encryption used to protect member sessions.
On 4/11 we will be disabling weaker forms of SSL encryption, including “3DES.” This will prevent member web browsers from using these weaker forms of encryption when connecting to online banking, thereby ensuring that only very strong encryption can be used.
CU*Answers has tested these configurations and monitored current usage and we do not believe this change will prevent anyone from accessing online banking. However, if a member does encounter issues accessing online banking after this update, they should update their browsers to the latest available version and apply any outstanding vendor operating system patches.
Do I need to do anything to get this update?
No. The changes are made on our servers and everyone will get the new configuration the next time they connect to online banking. We will post an OBC Alert leading up to the maintenance to alert members of the change.
How does this improve the security of It’s Me 247?
Security is improved because only very strong forms of encryption will be allowed. While connections to It’s Me 247 have always used encryption, times change and encryption that was considered strong only a few years ago may now be more vulnerable to attack. Keep in mind, attempting to compromise even weaker forms of SSL encryption is very difficult, and we are not aware of any breaches or attempted breaches of this security for ItsMe247.com. We do expect that in the future we will need to continue to adjust these settings to respond to technical advances of bad actors.
How should my credit union respond?
We do recommend reviewing your own web sites; if they use SSL encryption, you should also consider disabling weaker ciphers. CU*Answers Web Services will also be making these changes to affected hosted websites during this maintenance. Those who don’t host with Web Services should contact their web hosting company for more information.