What Biometrics Can Do for Your Credit Union’s Security Strategy

Woman with fingerprint scanningIf you feel like there is always another security measure you need to consider, you’re right and this reality is actually a very good thing. The security landscape is indeed continuously changing and evolving.

You must constantly evaluate and revaluate your security processes because one single solution to satisfy all of your security concerns and needs does not exist.  Consequently, it’s wise to employ a multi-factor security (MFA) strategy.

Chris Amador, Product Owner with Q2, talked about the balancing act that your credit union faces when implementing biometrics solutions, in our recent webinar, “Biometrics: Enhancing Member Experience & Security.” He spoke about the challenges your credit union faces with providing secured online and mobile channels that guarantee compliance with regulations and deliver a satisfying experience for your members.

Watch Biometrics: Enhancing Member Experience & Security


We’re sharing some key highlights from the webinar and encourage you to watch the complete presentation where Chris shares timely insights on:

  • The different types of biometric solutions currently used within the financial services industry
  • What true multi-factor authentication (MFA) means and why the “third factor” is difficult to solve
  • The preferred biometric solution for online use among consumers
  • Barriers you need to consider when implementing biometrics features
  • How to evaluate whether or not your membership is ready to accept this technology

What is a True Multi-Factor Security Strategy?

A true multi-factor authentication (MFA) security strategy should include three key factors:

  • Something I “have” (e.g., your member’s laptop or mobile device like a tablet or a smartphone)
  • Something I “know” (e.g., your member’s user ID and password, pin, account number, or knowledge based questions)
  • Something I “am” (e.g., your member’s biometric data, a physical or behavioral attribute unique to your individual member)

You and your members are familiar with the “something I have” and “something I know” categories,  but those two factors alone have limitations in today’s complex security environment.

The physical devices your members use, whether it’s a laptop, a tablet, or a smartphone were considered as an integral layer of security, but this is no longer thought to be true because these devices can be stolen. And, due to the rise of social media, your members may post all sorts of information that can be used by fraudsters to determine the correct answers to security questions. As an example, online quizzes on social media (e.g., Buzz Feed) can be used as tools for fraudsters to phish for information.

The “something I have” category is only available through the implementation of biometrics. Biometrics are an effective third-factor in a MFA security offering for your members because they utilize something fraudsters can’t duplicate, the unique personal and physical identifiers of your members.

It’s important to consider and assess to what degree your members will be comfortable and willing to adopt biometric security measures. Continue advancing your knowledge about these options and the biometrics landscape, by watching “Biometrics: Enhancing Member Experience & Security.

Q2 Online and Mobile Banking

Q2 is the NAFCU Services Preferred Partner for a single platform virtual banking solution, including online and mobile. Learn more about Q2 by visiting www.nafcu.org/Q2.

Protect Your Corporate Customers from Account Takeovers

Produced by Ann Davidson, VP of Risk Consulting at Allied Solutions

Manage Your RiskWere you aware that your corporate account holders are at an increasing risk of being targeted by cybercriminals?

Corporate accounts are especially vulnerable to account takeover attacks due to the fact that large wire and automated clearing house (ACH) transfers are frequently performed through these accounts, making fraudulent outgoing wire transfers or ACH credit requests harder to detect.

Additionally, these corporate accounts do not always have the most up-to-date or robust authentication layers in place on transactional activities, which makes it that much easier for criminals to obtain private credentials and take over these accounts.

To help combat these attacks, your credit union should have dynamic authentication methods in place for all consumer and business accounts, and should implement the following loss prevention recommendations:

  • Validate all account holder information when a wire transfer or ACH credit is requested
  • Pay special attention to new accounts performing large outgoing wire transfer or ACH credit requests, as these might be “money mule” accounts
  • Limit the dollar amount on outgoing wire transfers and ACH credit requests
  • Only offer in-person outgoing wire transfers and ACH credit requests
  • Have account holders sign an agreement that specifies that they will be assigned a confidential individual PIN and requires that they answer a security question prior to submitting an outgoing wire transfer or ACH credit request
  • Call back account holders’ listed phone number(s) to confirm their identities prior to performing requested outgoing wire transfer or ACH credit
  • Inform your corporate account holders that they have to do their part to stay protected from these attacks, such as:
    • Implementing anti-virus software on all company owned computers
    • Requiring password protection on all of their employees’ computers, cell phones, landlines, business accounts, and software applications
  • Continue to monitor reliable sources for updated information on risk exposures

To find out more about recommended authentication measures that can help your credit union and account holders remain more protected from this and other types of cyber crime, register for Allied Solutions webinar, Top Authentication and Identification Methods to Protect Your Credit Union.

 

Allied Solutions LogoAllied Solutions is the NAFCU Services Preferred Partner for Insurance – Bond, Creditor Placed (CPI), Guaranteed Asset Protection (GAP), and Mechanical Breakdown (MBP); and rateGenius. More educational resources and contact information are available at www.nafcu.org/allied.