Top data security measures credit unions have used in the past two years include external penetration tests— the most common activity (conducted by 70% of respondents)— followed by vulnerability assessments (64%), internal network security assessments (62%), IT audits (52%), and website security assessments (47%). The use of external penetration tests and vulnerability assessments tends to rise as asset size increases.
Overall, nearly 85% of credit unions already use member verification techniques—the most common authentication technology in place—followed by member single signon (55%), mutual authentication (47%), and Internet Protocol (IP) address location/geolocation (41%). The presence of these technologies typically increases as asset size increases.
One-quarter of credit unions allow members to access credit union sites using their Facebook, Twitter, or other social media logins, and another 12% plan to add that option in one to three years. Only 4% of credit unions employ biometrics, and 87% say they have no plans to offer it. Larger credit unions typically have more of these authentication technologies in place.
For each of the 10 authentication strategies addressed in the survey, no more than 17%—and as few as 3%—of credit unions that have yet to implement a given technology plan to do so in the next three years.
About 35% of credit unions with assets of $500 million or more, however, aim to add mutual authentication (dual control) and out-of-band authentication technology during that time frame.
NEXT Addressing potential threats