What Biometrics Can Do for Your Credit Union’s Security Strategy

Woman with fingerprint scanningIf you feel like there is always another security measure you need to consider, you’re right and this reality is actually a very good thing. The security landscape is indeed continuously changing and evolving.

You must constantly evaluate and revaluate your security processes because one single solution to satisfy all of your security concerns and needs does not exist.  Consequently, it’s wise to employ a multi-factor security (MFA) strategy.

Chris Amador, Product Owner with Q2, talked about the balancing act that your credit union faces when implementing biometrics solutions, in our recent webinar, “Biometrics: Enhancing Member Experience & Security.” He spoke about the challenges your credit union faces with providing secured online and mobile channels that guarantee compliance with regulations and deliver a satisfying experience for your members.

Watch Biometrics: Enhancing Member Experience & Security


We’re sharing some key highlights from the webinar and encourage you to watch the complete presentation where Chris shares timely insights on:

  • The different types of biometric solutions currently used within the financial services industry
  • What true multi-factor authentication (MFA) means and why the “third factor” is difficult to solve
  • The preferred biometric solution for online use among consumers
  • Barriers you need to consider when implementing biometrics features
  • How to evaluate whether or not your membership is ready to accept this technology

What is a True Multi-Factor Security Strategy?

A true multi-factor authentication (MFA) security strategy should include three key factors:

  • Something I “have” (e.g., your member’s laptop or mobile device like a tablet or a smartphone)
  • Something I “know” (e.g., your member’s user ID and password, pin, account number, or knowledge based questions)
  • Something I “am” (e.g., your member’s biometric data, a physical or behavioral attribute unique to your individual member)

You and your members are familiar with the “something I have” and “something I know” categories,  but those two factors alone have limitations in today’s complex security environment.

The physical devices your members use, whether it’s a laptop, a tablet, or a smartphone were considered as an integral layer of security, but this is no longer thought to be true because these devices can be stolen. And, due to the rise of social media, your members may post all sorts of information that can be used by fraudsters to determine the correct answers to security questions. As an example, online quizzes on social media (e.g., Buzz Feed) can be used as tools for fraudsters to phish for information.

The “something I have” category is only available through the implementation of biometrics. Biometrics are an effective third-factor in a MFA security offering for your members because they utilize something fraudsters can’t duplicate, the unique personal and physical identifiers of your members.

It’s important to consider and assess to what degree your members will be comfortable and willing to adopt biometric security measures. Continue advancing your knowledge about these options and the biometrics landscape, by watching “Biometrics: Enhancing Member Experience & Security.

Q2 Online and Mobile Banking

Q2 is the NAFCU Services Preferred Partner for a single platform virtual banking solution, including online and mobile. Learn more about Q2 by visiting www.nafcu.org/Q2.

Best of NAFCU’s 48th Annual Conference and Solutions Expo (Video and Educational Highlights)

Credit union leaders from around the country gathered to network and discuss the most pressing issues impacting the industry during NAFCU’s 48th Annual Conference and Solutions Expo in Montreal, Canada. The conference was NAFCU’s largest event in nearly a decade.

Here’s a quick video of some highlights from this year’s conference:


During the conference, attendees heard from NAFCU management and leading industry professionals that included keynote conference speakers such as TrendHunter.com Founder and CEO Jeremy Gutsche, and MasterCard’s General Counsel and Chief Franchise Officer Tim Murphy.

Solutions Expo at the NAFCU 48th Annual ConferenceThis year’s conference included the annual Solutions Expo, spotlighting the latest technologies, applications, and resources available to help improve credit union operations.

Our Preferred Partners exhibited during the conference and shared their thought leadership, innovations, and solutions during educational sessions throughout the conference.

The complete list of sessions and available presentation slides are available on www.nafcu-annual.org. Here’s a quick listing of key topics presented during the conference to help your credit union grow, retain members, manage risks, protect members, and improve overall operations:

Topic Category Presentation Title Preferred Partner
Growth & Retention Building A Strong Payments Strategy Vantiv
Health Savings Accounts, IRAs and Millennials: A New Generation Presents New Opportunities  Ascensus
Using Credit Scores to Grow and Engage Membership VantageScore
Why Your Credit Union Should Offer Wealth Management Services to All Members Money Concepts
Risk & Security A Deep Dive Into EMV Implementation MasterCard
Cybersecurity Risk Mitigation: Protect Your Member Data Knowledge Consulting Group (KCG)
Top Ten Fraud Risks That Impact Your Financial Institution Allied Solutions
Uncovering the Faces of Fraud Q2
Using Moneyball Tactics and Risk Rating Assessment Models Wolters Kluwer Financial Services
Financial & Insurance Trends in the Retirement Plan Industry Pentegra Retirement Services

Thanks again to the 2015 Annual Conference signature sponsor MasterCard, our 5-star preferred partner sponsors Allied Solutions and Vantiv, and all of our partner sponsors, exhibitors, and speakers.

We’re looking forward to seeing you all at NAFCU’s 49th Annual Conference and Solutions Expo in Nashville (Music City) next year! Get more information, sign-up for updates on the latest conference details, and register by visiting www.nafcu-annual.org.

Top Innovative Solutions Recognized at NAFCU 48th Annual Conference and Solutions Expo

The winners of our annual Innovation Awards competition, recognizing outstanding innovations that help credit unions thrive, have been revealed! This year’s Innovation Award winners are preferred partners Insuritas, MasterCard, and Q2.

2015 Innovation Award Winners: Insuritas, MasterCard, Q2

“Our partners set a high standard for innovation geared toward driving credit union success,” said Randy Salser, president of NAFCU Services. “This year’s winners provide innovative solutions that help credit unions stay competitive, while delivering exceptional member service.”

Insuritas for EasySTREET
EasySTREET is the first technology solution of its kind. It extracts data from a credit union’s core, its loan origination system, any credit union CRM or CIF platforms, and supplemental data from TransUnion or Lexis Nexis. It compiles a master auto or home insurance policy application on behalf of the member without ever bothering the member with questions. The technology then automatically solicits bids for auto and home insurance coverages from multiple insurance carriers in under 2 minutes. These prices are then compiled in a personalized email that is sent to the member. The member sees up to four bids from A-rated carriers, ranked by cost. For the first time, the credit union can actually do the insurance shopping for the member without ever bothering the member. For more information about Insuritas’ products and services, visit www.nafcu.org/Insuritas.

MasterCard for Identify Theft Resolution
The Identity Theft Resolution Benefit solution provides credit union members with the ability to monitor the “dark web” and receive tailored alerts about their personal information. Additionally, MasterCard offers free identity remediation services to members who are victims of identity theft. This service will provide more peace of mind to members and will help credit unions reduce cardholder attrition due to security concerns. MasterCard is the only payment network that provides a service like this to all U.S. cardholders. For more information about MasterCard’s products and services, visit www.nafcu.org/MasterCard.

 Q2 Holdings for the Q2platform
The Q2platform gives credit unions the ability to serve their members’ online and mobile banking needs via a single, secure virtual banking solution. While the Q2platform in and of itself is an innovation, perhaps the single most innovative attribute of the platform is its integrated, patent pending security component, RFA (Risk Fraud Analytics). By having a holistic view of end users’ activity, the behavioral profiling algorithms that undergird Q2’s RFA solution are able to build a comprehensive picture of a member’s virtual banking habits. This vital feature makes it far easier to detect anomalous behaviors that typically precede fraud and to stop suspect transactions in real-time—before any funds have been compromised. For more information about Q2’s products and services, visit www.nafcu.org/Q2.

Representatives from Insuritas, MasterCard, and Q2 accepted their awards on Tuesday, June 23rd at a private VIP reception at the Musée Grévin in Montréal.  Join us in congratulating this year’s innovation award winners!

For a complete schedule of conference events, visit www.nafcu-annual.org. For up-to-the-minute information on the conference, follow the #NAFCUAnnual hashtag on Twitter.

Prepare Your Credit Union for Changes in HMDA Data Collection Rules (Part 2)

Prepare Your Credit Union for HMDA ChangesBy Edward Kramer, Executive Vice President of Regulatory Affairs, Wolters Kluwer Financial Services

In part I of this series, the new data fields that the Consumer Financial Protection Bureau (CFBP) seeks to collect for more HMDA reporting transparency and timeliness and concerns about potential misinterpretation of newly collected data was addressed.

To wrap-up, we will consider the known and unknown factors related to this regulatory change and conclude with a list of key tips you can use to prepare your credit union for these pending changes.

Imminent Compliance and Technology Challenges Are Clear

Although most industry observers expect issuance of the final regulation sometime in 2015, we don’t yet know which specific data fields will be included, nor the amount of time institutions will have to prepare before the requirements go into effect. We also do not know if or how much of any additional data collected will be made public by the regulators.

Protecting the privacy of personally identifiable financial information should be a priority. The inclusion of items such as credit scores, borrower age, and other personal data may raise legitimate privacy concerns, particularly if it becomes possible to identify a specific consumer by combining the new data with other publicly available data.

Despite the unknowns, one thing is certain:  the extent and breadth of the proposed new data collection fields will be considerable.  They will impose significant regulatory compliance and information technology challenges on mortgage lenders.

How Your Credit Union Can Prepare

Whatever requirements are ultimately adopted, lenders will need to evaluate their current data collection capabilities, identify gaps, and make needed investments to be compliant.  What impact will this have for your credit union’s staffing decisions, training, vendor support, and technology infrastructure—and how can you begin to prepare for these changes?

While the specifics have not yet been announced, you needn’t wait before initiating some preparatory action: 

  • Plan now for the increased data capture requirements and remember that data integrity is essential
    The changes coming will be sweeping and broad, impacting your organization in many ways. Minimally, these changes will include all new data fields outlined in the Dodd-Frank legislation—and likely, many if not all of the CFPB’s additional proposed data fields—so make sure your preparation is underway.
  • Identify all lines of business impacted by the HMDA changes
    Determine how you will organize these lines of business so that your efforts are coordinated. Ensure that all individuals responsible for implementation are connected and developing a plan of action so your organization is as ready as it can be once the final rules are announced.
  • Identify and prepare for any needed staff training
    Determine what your enterprise methodology and approach will be to manage the implementation. It’s never too early to start planning when it comes to staff training.
  • Strengthen and bolster your analytics capabilities
    The last thing you want is to submit data to the government that you haven’t already fully analyzed.  Given resource constraints, lenders might be best served in outsourcing their data analytics needs to a capable vendor.  But, whether you manage this function internally or through a third party, know the implications of that data for your organization—and how you plan to go about addressing any problems found in the analysis.  You don’t want others analyzing and interpreting your findings in advance of conducting your own comprehensive review.
  • Conduct a root cause analysis on questionable cases
    If your analyses uncover indicators of potential disparate treatment or impact of protected classes, conduct a root cause analysis to determine the extent of the problem and what is causing it. Then fix it.

Accept the fact that whatever implementation timeline is ultimately defined, the transition time for Tim Burniston EVP Wolters Kluwer Talks HMDAmanaging a regulatory change of this magnitude can never really be sufficient. But with some thoughtful and concerted advance preparation, you will be best positioned to ease some of the challenges in transitioning effectively to the new requirements.

Watch and share this short video of Tim Burniston, Executive VP at Wolters Kluwer, speaking about 4 key ideas to prepare for HMDA changes: New HMDA Fields Coming – Are You Ready?

Wolters Kluwer Financial ServicesWolters Kluwer Financial Services is NAFCU Services Preferred Partner for consumer and member business lending and deposit services. For more information on Wolters Kluwer’s products and services, visit http://www.nafcu.org/wolterskluwer/

Prepare Your Credit Union for Changes in HMDA Data Collection Rules (Part 1)

Mortgage-App-Approval-HMDA-Wolters-KluwerBy Edward Kramer, Executive Vice President of Regulatory Affairs, Wolters Kluwer Financial Services

In 2015, expectations loom large for lenders around finalization of rules for the new Home Mortgage Disclosure Act (HMDA) data collection requirements.

Created as part of the Dodd Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank), the regulation authorizes the Consumer Financial Protection Bureau (CFPB) to expand the current HMDA dataset in order to help “financial regulators and public officials keep a watchful eye on emerging trends and problem areas in the mortgage market.”

CFPB Seeks More Data Transparency and Timeliness

The proposed changes include required reporting of 37 new data fields, including 20 not currently required under Dodd-Frank. Those 20 fields represent additional information that the CFPB proposes to collect for analytical purposes, including:

  • Detailed property location information
  • Total points and fees
  • Rate spread for all loans
  • Information on loan features such as teasers and introductory rates, and
  • Applicant’s age and credit score

In addition, the CFPB proposes to collect data such as:

  • Borrower’s debt-to-income ratio
  • Combined loan-to-value ratio
  • Loan’s qualified mortgage status, and
  • Inclusion of manufactured housing in collateral

When the CFPB proposed the expanded HMDA data collection specifications in the summer of 2014, it argued for the need for greater transparency and timely access to regulate lending activity, citing concerns that “under the current regime, HMDA data may be reported as many as 14 months after final action is taken on an application or loan.”

Consequently, for financial institutions reporting at least 75,000 covered loans per year, which accounts for the vast majority of loan application registrations in the annual HMDA files, the new rules would require submission of HMDA data on a quarterly rather than annual basis. The CFPB estimates that this specific reporting provision would impact about 28 financial institutions that combined would report about 50% of all HMDA-reported transactions.

Potential for Data Misinterpretation Causes Concern for Many

The regulatory landscape changed dramatically with the 1975 enactment of HMDA and then again with the passage of the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (“FIRREA”). The latest proposed regulatory changes may have an equal or greater impact on institutions affected by the proposal. This observation is borne out in the anxiety over the new data reporting requirements evident in the October 2014 Regulatory & Risk Management Indicator report, conducted by Wolters Kluwer Financial Services.

According to the report, U.S. credit unions and banks specifically point to the Dodd-Frank Act and the associated HMDA data collection requirements as among their chief concerns. The new data collected will unleash a flood of additional public scrutiny of mortgage lending. And that development, by extension, will likely generate a new level of criticism of the mortgage industry, including credit unions, from those interpreting the newly available data.

It is clear from its recent enforcement actions and guidance that the CFPB holds accurate HMDA data as central to fair lending compliance and its ability to enforce fair lending laws. Inaccurate HMDA data will only serve to mislead the public and will not be tolerated. That said, the additional data, however accurately reported, will be an insufficient basis on which to ground definitive conclusions about discrimination on a prohibited basis. But, the data will generate more room for error as it gets interpreted – or misinterpreted – by regulators, analysts, and the public.

Tim Burniston EVP Wolters Kluwer Talks HMDAStay tuned for part 2 of this series to get additional insights about HMDA compliance and technology challenges and a list of key tips you can use to help prepare your credit union for these changes. Get a sneak peak of the tips by watching Tim Burniston, Executive VP at Wolters Kluwer highlight the HMDA changes in the short video, New HMDA Fields Coming – Are You Ready?

Wolters Kluwer Financial ServicesWolters Kluwer Financial Services is NAFCU Services Preferred Partner for consumer and member business lending and deposit services. For more information on Wolters Kluwer’s products and services, visit http://www.nafcu.org/wolterskluwer/