Financial Calculators Can Multiply Your Credit Union’s Reach

CULookup Financial Calculator via SmartphoneAlthough Financial Literacy Month officially occurs in April, your members are looking for ways to manage their financial futures throughout the year. Obvious statement? Perhaps, but it’s important to note that regardless of the day or month, your members are continuously looking for practical tools and resources to help plan and set goals to maximize their financial well-being.

Offering financial calculators on your credit union’s website is a huge added value for members and is an easy and quick way to extend your credit union’s reach and create a channel to attract new members.

Deliver Personalized Financial Guidance 24/7

Many people use online financial calculators to estimate mortgage amounts they can obtain, evaluate how long their retirement savings will last, or determine the amount of time it will take to pay off their credit card balance. And, the great news is that your members can access this valuable set of tools any time of day and on any device. Members should think of your credit union as a resource for financial guidance. Offering financial calculators on your website is a great step to take in order to enhance your reputation for helping individuals manage their financial health.

Offer Member and Mobile-Friendly Online Resources

Be sure that your credit union website offers financial calculators that are member-friendly, and more importantly, mobile-friendly.

On April 21st, Google re-programmed their search algorithm to reward websites that are fully optimized for mobile platforms with higher rankings. This change will undoubtedly have a profound effect on search listings, thus confirming that responsive web design is now a best practice for websites.

Give Your Website a Valuable Boost in Visitors

By offering mobile-friendly online financial calculators to your members, your credit union will inevitably see an increase in website traffic.  Don’t forget to track these visitors!  You’ll want to answer questions such as, “What is my most popular calculator?”, “How many unique visitors are my calculators attracting?”, and “What is the total number of calculations occurring?”  Tracking this type of visitor data will lead to greater insights and better reporting.

Ultimately, driving more visitor traffic depends on the call to action issued on your website. The call to action is the component of your marketing message that directs your audience toward the obvious next step you would like them to take.  You may direct your audience through a banner or button click or a request to complete an online form.  A call to action could be the differentiating factor between a website visitor and a converted new member.

CULookup Call-to-Action Home LoanIf you overlook the importance of a strong call to action, you will miss an opportunity to showcase the value of your credit union’s products and services. And, a missed opportunity could be a lost opportunity.

View Financial Calculators as Strategic Tools

By viewing your online financial calculators as strategic tools rather than just a standard element that resides on your website, you can enhance the value that these resources generate for both your members and your credit union.

Take advantage of the financial calculators that were developed specifically for credit unions and their members, by visiting Financial CalCUlators powered by CULookup.com  or contact info@culookup.com for more information.

CULookup.comFinancial CalCUlators powered by CULookup.com offers 30 financial calculators developed specifically for credit unions and their members.  Calculators are mobile-friendly and support custom call-to-action banners to direct users toward a next step after any calculation. Financial CalCUlators are free to NAFCU members and offered to non-NAFCU member credit unions for a nominal fee.

The latest release of Financial CalCUlators powered by CULookup.com will be unveiled on June 23rd at the NAFCU 48th Annual Conference and Solutions Expo in Montréal.  New features of the release include a responsive design to ensure that all calculators are mobile-friendly and custom call-to-action banners that direct calculator users toward the obvious next step after any given calculation.   Financial CalCUlators offer 30 embeddable financial calculators specifically developed for credit unions and their members. For more information on the new release, visit CULookup’s exhibitor booth in the Preferred Partner Pavilion during the conference.

Become a Vendor Assessment Jedi Using the NIST Cybersecurity Framework

Written by Randy Lindberg, Founder and Managing Partner with Rivial Security (A Quantivate Partner)

Computer bound with chain and padlockThere are some ordinary steps that you can take to assess vendor due diligence. But, you don’t want to be ordinary…

To be a Vendor Assessment Jedi, use the NIST Cybersecurity Framework, you must!

Vendor due diligence is the process of ensuring that the use of external IT service providers and other vendors does not create unacceptable potential for business disruption or negative impact on business performance.

To accomplish the objective of vendor due diligence, your credit union needs to:

  • Gather company details such as ownership specifics, company size, products offered, and location
  • Understand the company’s financial position, or rather, is this vendor financially stable enough to service your needs for at least 1 to 2 years
  • Know if the vendor will live up to their promises in terms of reputation via BBB ratings, CFPB complaints, and reference checks
  • Know how well the vendor is going to protect your data

Vendors that provide IT Services have additional due diligence requirements, your credit union needs to:

  • Make sure that contract language includes information on the right to audit, data security measures, and data ownership
  • Define specific security considerations and incident response procedures. Additionally, for cloud-based IT service there are additional data security questions that need answers (cloud-based IT service that the NIST 800-145 definition is referred to in FFIEC guidance1)

Ultimately, your credit union, as the entity responsible for assessing vendor due diligence, must understand the vendor’s cybersecurity stance. How do you determine a vendor’s cybersecurity position? You can request an audit of their security controls, which typically comes back in the form of an SSAE 16 report.

SSAE  stands for “Statement on Standards for Attestation Engagements.” The SSAE 16 is delivered in the form of Service Organization Controls (SOC) reports. There are several report types, but the two most common and important are:

  • SOC 1 Type 2, which reports on the design and effectiveness of internal controls over financial reporting; and
  • SOC 2 Type 2, which reports on the design and effectiveness of “trust service principles” such as security, confidentiality, and availability.

In most cases, the SOC 2 Type 2 is the best report for assessing cybersecurity. The SOC 1 report, however, is the most commonly used report. Not all SSAE 16 reports are the same because there is discretion as to which and how many of the five (5) trust services principles are actually examined and reported on during a SOC 2 engagement. You have to dig into some details to understand what is being reported.

For example, if an IT Service Provider has a SOC audit performed on their corporate network, but outsources application development and data center hosting, you’ll essentially be left with a meaningless document.

The ordinary steps used to perform a SSAE 16 review are:

  • Pinpoint findings without adequate management responses
  • Provide complementary user entity controls to system owner and/or IT

But, you want to be extraordinary. By using the NIST Cybersecurity Framework in the following way, you can become a Vendor Assessment Jedi:

  • Review the description of the vendor’s system addressed in the SSAE 16 report
  • Search for “subservice” to find the section where subservice organizations (i.e., any businesses that your vendor contracts with/outsources) are described
  • Use function, category, or subcategory (depending on your technical expertise and comfort level) to ensure control objectives are covered

NIST Cybersecurity Framework Core Example

NIST Cybersecurity Framework Core Example

Using the partial image above, you could search through the SSAE 16 report in a structured manner using the Framework as a guide.

If you use the “subcategory” component of the Framework, you would check the vendor’s report for a control objective that outlines “Response plans incorporate lessons learned” (as highlighted in the example above) or something very similar. If there is sufficient content in the report, you can mark that subcategory is ‘in place’ in your vendor cybersecurity assessment tracking documentation.

Using the NIST Cybersecurity Framework, in this way, to walk through vendor security audit reports provides a useful and efficient method to review vendor security controls.

To learn more about using the NIST Cybersecurity Framework to ensure proper vendor due diligence, register for the upcoming webinar, “Assessing Vendors Using the NIST Cybersecurity Framework,” presented by Randy Lindberg and Dan Banning, Director of Marketing at Quantivate.

Here are some additional resources for you to reference in the process of becoming a Vendor Assessment Jedi at your credit union:

Quantivate Logo
Quantivate is the NAFCU Services Preferred Partner for Vendor and Contract Management. Quantivate partners with Rivial Security to deliver cost-effective data security solutions that enable organizations to protect sensitive data, comply with industry standards, and gain a competitive advantage. Additional educational resources and contact information can be found at www.nafcu.org/quantivate.

Protect Your Corporate Customers from Account Takeovers

Produced by Ann Davidson, VP of Risk Consulting at Allied Solutions

Manage Your RiskWere you aware that your corporate account holders are at an increasing risk of being targeted by cybercriminals?

Corporate accounts are especially vulnerable to account takeover attacks due to the fact that large wire and automated clearing house (ACH) transfers are frequently performed through these accounts, making fraudulent outgoing wire transfers or ACH credit requests harder to detect.

Additionally, these corporate accounts do not always have the most up-to-date or robust authentication layers in place on transactional activities, which makes it that much easier for criminals to obtain private credentials and take over these accounts.

To help combat these attacks, your credit union should have dynamic authentication methods in place for all consumer and business accounts, and should implement the following loss prevention recommendations:

  • Validate all account holder information when a wire transfer or ACH credit is requested
  • Pay special attention to new accounts performing large outgoing wire transfer or ACH credit requests, as these might be “money mule” accounts
  • Limit the dollar amount on outgoing wire transfers and ACH credit requests
  • Only offer in-person outgoing wire transfers and ACH credit requests
  • Have account holders sign an agreement that specifies that they will be assigned a confidential individual PIN and requires that they answer a security question prior to submitting an outgoing wire transfer or ACH credit request
  • Call back account holders’ listed phone number(s) to confirm their identities prior to performing requested outgoing wire transfer or ACH credit
  • Inform your corporate account holders that they have to do their part to stay protected from these attacks, such as:
    • Implementing anti-virus software on all company owned computers
    • Requiring password protection on all of their employees’ computers, cell phones, landlines, business accounts, and software applications
  • Continue to monitor reliable sources for updated information on risk exposures

To find out more about recommended authentication measures that can help your credit union and account holders remain more protected from this and other types of cyber crime, register for Allied Solutions webinar, Top Authentication and Identification Methods to Protect Your Credit Union.

 

Allied Solutions LogoAllied Solutions is the NAFCU Services Preferred Partner for Insurance – Bond, Creditor Placed (CPI), Guaranteed Asset Protection (GAP), and Mechanical Breakdown (MBP); and rateGenius. More educational resources and contact information are available at www.nafcu.org/allied.

Competition Opens for Top Solutions Designed for Credit Union Success

Our annual competition, the Preferred Partner InnovaNAFCU Services Innovation Awards Sealtion Awards, recognizing outstanding innovations that help credit unions thrive in an increasingly saturated financial services market has opened for entries. Entries must be submitted by Tuesday, April 14, 2015.

This year’s solutions will be judged by a committee of industry trade journalists, credit union executives, and marketing professionals. Randy Smith of CUInsights.com, a leading source for connecting the credit union community to vital news and information, will be one of this year’s distinguished judges.

“Recognizing solutions that strengthen credit unions and satisfaction among their members provides incentive for others to innovate within the credit union space,” said Randy Smith, Co-founder and Publisher of CUInsight.com. “I’m excited about helping select this year’s winners to spotlight products and services that ensure the continued success of credit unions.”

Solutions will be evaluated using four major criteria: degree of innovation, impact on credit union (e.g., revenue enhancement, cost reduction), overall contribution to credit union success, and the competitive advantage provided for credit unions. This competition evaluates entries from NAFCU Services Preferred Partners. To earn the distinction of Preferred Partner, providers undergo an extensive qualification process. Last year’s innovation award winners were Allied Solutions; Burns-Fazzi, Brock; DDJ Myers; and Insuritas.

Since their inception, the Preferred Partner Innovation Awards have honored many partners who have leveraged the power of their resources to solve challenges in the credit union industry. Join us at NAFCU’s Annual Conference and Solutions Expo held in Montreal, Canada from June 23 – June 26, 2015 for the announcement of the 2015 award winners.

What Credit Unions Need to Know About the Rise of Chip and PIN and Risk

According to the Federal Reserve, Chip and PIN technology involving a secure microchip used with a numeric code makes transactions about 700 times more secure than older payment methods.

Is Chip and PIN technology a priority at your credit union in 2015?

Join Ann Davidson, VP of Risk Consulting, Allied Solutions and Joe Majka, Vice President & Chief Security OffEmerging Payment Technologies & Impact on Data Breachesicer, Verifone Inc. on March 4th to learn about Chip and PIN technology and other emerging payment solutions (e.g., Apple Pay, tokenization, etc.) that can help your credit union reduce the risk of data breaches.

Ann advocates that credit unions seize the golden opportunity to reduce risk through the adoption of Chip and PIN technology and shares 5 things you need to know about the impact of the rise of Chip and PIN:

CHIP and PIN’s Golden Opportunity

Chip-and-PIN cards, also called EMV (Europay, Mastercard, Visa), or smart cards, utilize a computer chip embedded in the card to authenticate transactions. When this card is inserted into a chip-enabled reader to make a purchase, the chip on the card communicates with the reader by sending a one-time, dynamic code unique to that transaction.

Implementing Chip and PIN card technology prior to October 1st, when new fraud liability rules take effect will help your credit union:

  • Stop counterfeiting: Makes it impossible for criminals to create counterfeit cards with stolen data because Chip and PIN cards generate a one-time dynamic code that changes with each transaction.
  • Reduce data breach and fraud exposure: Decreases your credit union’s breach and fraud exposure when the physical card is used since Chip and PIN technology security far exceeds magnetic stripe technology.
  • Save time and resources: Cuts the time and resources used by your credit union to process fraud claimsChip and PIN Technology and card reissues associated with card data compromises.
  • Get a reputation boost: Builds your credit union’s reputation for member satisfaction, given that consumers are becoming more aware of available payment security options.
  • Facilitate easier international travel payments for members: Makes international travel payments easier in some cases. Much of the world, including Europe, Asia, and Canada, has already converted to chip technology and some international merchants and ATMs no longer accept magnetic stripe cards.

5 Things You Need to Know About Chip and PIN:

  1. If your credit union has not issued your members a Chip and PIN card, but a merchant has the new Chip and PIN technology, your credit union is held liable when fraud occurs.
  2. If you do not have chip-enabled cards by October 1st, you may be targeted by criminals and may have increased risk exposure to magnetic stripe fraud.
  3. Consider upgrading or replacing your ATM terminals to accept Chip and PIN technology before the card associations’ fraud liability shifts occur in 2016 and 2017.
  4. Credit unions should continue to deploy multiple layers of protection and enhance existing fraud detection systems to combat payment fraud in both the “card-present” and “card-not-present” environments.
  5. Chip-and-PIN does not address card-not-present fraud (i.e., online, mail, telephone, or lost/stolen card fraud).*

Increase your credit unions financial stability, reputation, and member/customer base by seizing the golden opportunity to get rid of risk through Chip and PIN technology Chip in 2015.

Get the knowledge your credit union needs by registering today for Allied Solutions’ Emerging Payment Technologies & Impact on Data Breaches webinar on Wednesday, March 4, 2015.

Presented by Allied Solutions, LLC and NAFCU Services, this webinar is offered at no cost to the credit union community. *Working with Allied Solutions to establish risk management procedures and get cyber liability protection can help mitigate this risk.