Emerging technology

CUinDenver: Tokenization, authentication can help combat fraud

July 14, 2015

DENVER (7/15/15)--No credit union security system is complete without tokenization and authentication, Robert Jarosinski, CUNA Mutual Group senior risk management consultant, told attendees of a breakout session at the combined America’s Credit Union Conference and World Credit Union Conference Tuesday in Denver.

When safeguarding member data, these types of technologies are critical, he said.


CUNA Mutual Group’s Robert Jarosinski urges credit union representatives in attendance of a breakout session at the America’s Credit Union Conference and World Credit Union Conference to incorporate tokenization and authentication at their financial institutions to better protect against fraud. (CUNA Mutual Group Photo)

“Fraud can occur at multiple points within the payment ecosystem,” said Jarosinski, naming retailers, processors, card-issuing institutions, and ATMs as vulnerable areas. “As payment systems evolve, tokenization and authentication will play a lead role in making the technology safer, simpler, convenient, and more efficient.”

Tokenization works by replacing any personal data previously included in transactions with unique number sequences that are essentially useless to cyber thieves, Jarosinski explained.

But tokenization remains only step one.

The next level of security must involve improved authentication systems that ensure fraudsters can’t access accounts that aren’t their own, Jarosinski said.

As data breaches mount and personal information continues to fall into the wrong hands, it becomes easier for criminals to gain access to personal accounts.

What’s more, Jarosinski explained, authentication processes that merely ask for a date of birth or a Social Security number are antiquated.

Enter the two-step authentication process.

“For credit unions with an established remote membership, we are seeing a movement to identifying members by the one thing that has become ingrained in their daily lives and that they are rarely without … their mobile phone,” Jarosinski said.

Credit unions can take advantage of this relationship to improve their security with the two-step authentication process, which includes:

  • Requiring members to authenticate their identity on the device by entering a static or one-time PIN or through biometrics; and
  • Once the member is authenticated on the device, creating a dynamic information and device profile.

With those two elements in place, credit unions can feel more confident in each transaction they make, Jarosinski said.

Click here for more coverage of this year's conference from News Now and Credit Union Magazine.