Your website can look amazing, but members won’t go near it if they’re afraid their personal financial information could be compromised. And the credit union could suffer significant losses to hackers, phishers, and other scammers if security is weak.
A website without airtight security is like a plane without wings. It just won’t fly, says Cook. “Security is what matters; it governs everything we do,” she says. Mountain America maintains its own information technology (IT) functions, but partners with vendors for some aspects of security.
“There are many layers to our approach to security,” says Cook. “We partner with best-of-breed security firms and vendors to strengthen what we’re doing in-house, and we invest in continued security training of our staff.”
Freedom Credit Union also handles much of its own security, says McGeever. The credit union uses a variety of tools for online banking, including encryption and multifactor authentication. And secure certificates and security patches protect the entire website.
Security, McGeever says, is an ongoing process that requires constant education and vigilance. New threats emerge constantly, so the credit union incorporates security checks into routine maintenance. It monitors threat alerts and its own operations so the credit union is prepared to react to anything that might compromise members’ resources and personal information.
It can be overwhelming, but website security concerns or IT limitations shouldn’t overwhelm credit unions or prevent them from adding functionality or services, cautions Sloane.
While some credit unions have the staff and resources to build all their own online products, tools, and security features, he adds, many others rely on vendors to provide functionality to members. In those instances, the website is a portal to separate sites for individual services, such as online banking, bill-pay, or loan applications.
While the sites are connected, the actual credit union website isn’t employed in the login process. In other words, the credit union isn’t collecting username and password data from members to provide access to accounts; the vendor is. In these situations, while the credit union website ostensibly could be hacked, member information generally couldn’t be accessed via the website itself.
Darden Employees Federal is a good example of this model. The credit union uses a tethered login from its home page to online banking, but member information is accessed through the online banking application, where the bulk of the security lies. This doesn’t eliminate security concerns, but it shifts much of the risk to the vendor.
Credit unions don’t have to rely on hunches, anecdotes, or surveys to determine whether they’re communicating effectively. Web analytics—data drawn from website usage—allow them to answer all kinds of questions about Web use patterns. In addition to testing small language changes, Darden Employees Federal tracks visits, unique visits, click-throughs to pages, and amount of time spent on each page.
Analytics also support adding video and other rich media. “If you take a static site that doesn’t have any movement, and then post things with animation and track user behavior, it’s easy to tell,” says Cook. “The proof is there in the Web analytics.”
And search engine optimization—an algorithmic process that uses code, search engine operation patterns, social media penetration, and user data—can help improve a credit union’s online visibility. Ultimately, the goal is to make sure your credit union turns up near the top of the list when someone types “credit union” into a search engine.
“It used to be if you had a domain name and a website, people could find you,” Sloane says. “Now it’s not that easy.” Fortunately, credit unions don’t have to do it alone, says Rodriguez. They can reach out to her and other professionals at Diamond Award-winning credit unions.
And vendors, including Intuit and Newtek, can help credit unions make decisions, narrow options, optimize website investments, plan for the future, and avoid costly mistakes—such as building a beautiful new website and then learning that members can’t access it on their iPads.
Websites are tools to help you meet members’ needs, adds Cook. “It’s not about being edgy. It’s about being pro-gressive and relevant. It means you can offer technologies that are engaging and make offers to members that they’re interested in.”