CUNA
  • Advocacy
    • Priorities we’re fighting for
    • Actions you can take
  • News
  • Learn
  • Compliance
  • Shop
  • Topics
    • Compliance
    • Credit Union Hero
    • Credit Union Rock Star
    • Credit Union System
    • Directors
    • Human Resources
    • Leadership
    • Lending
    • Marketing
    • Operations
    • Policy & Issues
    • Sales & Service
    • Technology
  • Credit Union Magazine
    • Buyers' Guide
    • Digital Edition
    • Credit Union Hero
    • Credit Union Rock Star
    • Subscribe
    • Advertise
    • Contact
  • Advertise
  • Awards
    • Nominate Credit Union Hero
    • Nominate Credit Union Rock Star
  • Podcasts
  • Videos
  • Contact
Learn More about Member Value

News

Member Benefits
Learn more
Learn more about the benefits of membership.
Home » Compliance: CUs need plan for mobile payment security
Policy & Issues

Compliance: CUs need plan for mobile payment security

June 20, 2016
Alex McVeigh

Examiner guidance issued in May from the Federal Financial Institutions Examination Council (FFIEC) essentially tasks credit unions with having a documented plan for mobile payments security and business risk. The guidance could potentially play a key role in upcoming credit union examination, according to CUNA’s CompBlog.

An 18-page appendix to the FFIEC’s information technology handbook offers significant detail without being too prescriptive.

The appendix does not specify the required methods of assessment, nor does it weigh in on the acceptable level of risk for an individual financial institution.

John Best of CUNA partner Best Innovation Group recommends credit unions ensure they are taking the following steps:

  • Prepare a mobile risk assessment specifically addressing payments-related software;
     
  • Implement biometric security routines. Text messages and similar types of mobile authentication are likely to receive added scrutiny since an unauthorized party can see the codes and sent emails if they gain possession of the phone;
     
  • Make sure their mobile software provider is not storing unencrypted data on the phone;
     
  • Make sure their mobile software provider is obfuscating the code to the mobile application so that it cannot be reverse engineered; and
     
  • Review their enrollment procedures for mobile; the FFIEC guidance appears to recommend extra controls for mobile enrollment for mobile payments applications.

In addition to CompBlog, CUNA’s Compliance Community contains discussion boards and a number of other resources for credit union compliance professionals around the country.


KEYWORDS compliance
Credit Union Magazine - Winter 2019

Winter 2019

Alternative lending, compliance management systems, and ideas for boosting credit card portfolios are among the topics of Credit Union Magazine’s Winter 2019 edition.
App •  Digital Edition •  Subscribe

Trending

  • Compliance: Using alternative data in underwriting

  • Turn mistakes into success

  • Concerns over credit union-bank mergers, CRA ‘inaccurate, misinformed’

Tweets by CUNA_News

Polls

What's the pace of staff turnover at your CU?

View Results
More

Champion of America’s Credit Unions

Credit Union National Association is the only national association that advocates on behalf of all of America’s credit unions. We work tirelessly to protect your best interests in Washington and all 50 states. We fuel your professional growth at every level and champion the credit union story at every turn.

More CUNA

  • About
  • Careers
  • Contact Us
  • Recommended Websites

Resources for

  • CUNA Board Members
  • Credit Union Advocates
  • Leagues
  • Press
  • Vendors