Security, branch evolution, consumerization, and big data will drive CU technology decisions throughout 2014 and beyond.
Last year’s data security breach at Target, which compromised 40 million credit and debit cards during the 2013 holiday season, reminds Robert Reh of an important truth: Fraudsters never take a vacation.
“It’s a never-ending battle with evildoers,” says Reh, chief information officer for $401 million asset Nassau Financial Federal Credit Union, Westbury, N.Y., and a member of the CUNA Technology Council Executive Committee. “For every sophisticated tool we come up with to protect credit unions and our members, it’s just a matter of time before criminals find a way around it.”
Security is one of the trends that will most affect credit union technology in the months to come, according to Reh and a group of his fellow CUNA Technology Council members. Others include the transformation of branches, the consumerization of information technology (IT), competition, and big data.
Technology innovation will continue at a brisk pace, Reh says, particularly in these five areas.
Despite the high-profile Target breach and growing risk of cyberattacks, many financial institutions remain unconcerned about exposure to such risks.
About half (48%) of community financial institutions say they’re only moderately concerned about their vulnerability to cyberattack, according to KPMG’s 2013 Community Banking Industry Outlook Survey, while 29% are only slightly concerned. Plus, more than one-third of survey respondents are unsure about the frequency of cyberattacks against their institutions.
But security breaches can have consequences even when credit unions aren’t directly involved. With the Target debacle, many credit unions had to weigh their options when helping affected members.
Some credit unions blocked all of their card accounts and reissued the cards to reassure skittish accountholders and minimize the risk of fraud. Others took a more nuanced approach.
“We offered the option to order replacement cards, but we made members aware they could wait until their holiday shopping was finished,” Reh says. “It’s hard to get cards into members’ hands quickly at that time of year, even if you do an instant issue.”
Another concern, especially with the proliferation of online services, is distributed denial of service (DDoS) attacks. That’s when a hacker, remotely controlling virus-infected computers, called zombies or bots (a group of which makes up a botnet), causes them to send a flood of data to a website, application, email system, server, or other online tool.
The targeted system ties up its resources responding to the deluge and often becomes unavailable to legitimate users. Such attacks often aim to cover attempts to steal account information or commit other crimes.
Because the main goal of DDoS attacks is causing service outages rather than stealing funds or data, typical network security controls—firewalls and intrusion detection/prevention systems—might offer inadequate protection.
Key strategies for mitigating DDoS risk include:
NEXT: Branch transformation