Online Security Projects in the Pipeline

Miscellaneous Password Projects

Although the changes below aren’t specifically related to P2P, they were prompted based on what we have been learning from P2P.  Enhancements are being planned that will further intensify security on passwords and security answers:

  • Allowing members to create passwords up to 256 characters long.
    NOTE: The minimum required length won’t change, although your CU could elect to adjust that if you like.  For example, if you currently use a minimum requirement of 8 characters, you could choose to set it to 10 or 12 characters. 
  • Moving passwords to a new file, separate from files used for other non-encrypted data.
  • Adjusting encryption strength and other details to obscure the password even further.
  • Adding similar encryption to the answers for security questions.

Status:  Implemented in the 18.03 release.  

P2P and Cybersecurity

Seems like at least once a week you read in the news about cybersecurity attacks.  If a bad actor somehow gets hold of a member’s online banking credentials, any feature that can remove money from the member’s account is a particularly tasty target.

Of all of the new mobile features our credit unions are rolling out these days, none has quite so high a security profile as the P2P feature available via the It’s Me 247 online bill pay (Payveris) platform.  Some of our CUs recently learned first-hand about this reality when member credentials were used to log in and initiate some fraudulent P2P transactions.

CU*BASE Alert dated 9/1/2016: Hacker Using Member Credentials to Send P2P Payments
CU*BASE Alert dated 2/2/2017: Member Credentials Used to Send Fraudulent P2P Payments
NOTE: You must be on our network to view these alerts.

In all of these situations the forensics showed that these members were victims of identity theft, as logs confirmed that proper credentials had been used to log in to the accounts in online banking.  As we did then, we encourage CU to remind members to keep their hardware and software up to date and use tools to protect themselves against viruses and malware.  Credit unions should also have security protocols and other routines in place to monitor for suspicious activity.

While security breaches like this seem to have become a way of life in today’s online world, we are always looking for new ways to stay one step ahead of the bad guys.  To that end, CU*Answers is working on a number of projects with the specific goal of making it as difficult as possible for your members to become another statistic.

The Future:  Stopping Fraud Before It Happens

The projects outlined above are just the beginning.  Throughout 2018 and 2019 we’ll be launching other projects that will incorporate automated service denial mechanisms into our online tools.

What does that mean?  We’ll be able to evaluate a suspicious person or situation right at the point of the interaction and stop a potentially fraudulent transaction from ever being initiated in the first place.  Instead of waiting until after the transfer hits someone’s watch list, we’ll be able to keep it from being posted at all.  Watch for more news on these projects throughout the year.

 

Chefs for this recipe: The SettleMINT Team and Online Banking Team.

Updated
July 2, 2018

Check Out the New Recipes We’re Cooking in the Kitchen!

Check Out the New Recipes We’re Cooking in the Kitchen!

Have you visited the Kitchen lately? If not, take a look at our newest projects: Authentication Enhancements for Online/Mobile Banking Enhancements to the Credit Card Cash Back (CCCB) Feature Tracking Recoveries on Written-off Loans Each of these recipes includes a place to provide comments, suggestions, and additional feedback. Visit the Kitchen today – we’d love… Read more »

Aug 16, 2019

Visit the Kitchen Today for New Information on ACH Exception Processing Enhancements

Visit the Kitchen Today for New Information on ACH Exception Processing Enhancements

On May 9, 2019, a CU*Answers design team met to brainstorm ideas for changes to CU*BASE tools and processing routines.  Our main goal is to make it clearer to end-users how the tools work, including warnings about what to watch out for and tips for avoiding potential pitfalls. As a result of these preliminary conversations,… Read more »

May 14, 2019

Have you checked out the NCUA’s proposed 5300 Call Report changes?

Have you checked out the NCUA’s proposed 5300 Call Report changes?

Have you checked out the NCUA’s proposed 5300 Call Report changes yet?  The changes are targeted for March 2019, and the NCUA wants your feedback! The overall theme is modernization and simplification in order to reduce the reporting burden for credit unions.  Check out the 5300 Call Report Tools kitchen page for a highlight of… Read more »

Feb 15, 2018