Credit Union Geek

Marketing, Strategy, and The Force by Joe Winn

Tag: credit cards (page 1 of 2)

Give Your Card A Security Update

Originally published on CUInsight.com

Update 7/12/16: An earlier version of this article claimed Samsung Pay did not use tokenization. They do, my mistake! Corrected. (CUInsight version not updated)

A family friend was in town this past week. She is part of the Boomer generation, so, a user of new tech, but semi-begrudgingly. At one point, we discussed how her Android phone supported mobile payment. “It’s easier and more secure for you!” I explained to her. “You’ll never need to go through the hassle of getting a new card number again!” Her response? “Yeah, still wouldn’t bother. I’d prefer to just swipe.”
This is the type of apathy you’re facing. She didn’t grow up in a world of data security breaches, and considers a reissued credit card “par for the course”. It’s not that she doesn’t believe me when I tell her that mobile payment is vastly better. She just doesn’t care.

Maybe I framed it wrong. As we all have, using terms like tokenization instead of just calling it what it is: A security update for your credit card. So what is tokenization (To-Ken-I-Zeh-Shun)? Besides a big, scary word, of course. It’s always thrown around when mobile payments are discussed, but a recent survey shows understanding is lacking. Nearly a third of people admit to not knowing what it means and almost half say that it wouldn’t encourage them to use mobile payments. My interpretation: That latter group doesn’t grasp what it is either, but are afraid to admit it. So, what is it and why should you care? Tokenization represents how your card number is handled during the transaction. Still fuzzy? That’s ok.

Here’s how a normal purchase works (greatly simplified and leaving out payment processor):

1. Swipe at terminal (or type number on computer).
2. The number on the front of your card goes to the merchant.
3. Merchant asks credit card issuer (your credit union or bank) if the number is good.
4. Bank or credit union looks at number and gives a “yay or nay”.
5. Merchant keeps your name and card number so they know who you are when you buy again.

As you can see, the number on your card passes through multiple hands, and even stays with some. While your financial institution guards the number, others along the line may not. This is how major breaches occur. Bad actors break into these non-bank systems and steal the list of names and numbers, then sell them on the black market. Sometimes they lie in wait, gathering new numbers for months before anyone even notices. Then, the numbers are sold or posted online, and that’s when your frustrations begin.

Here’s how a tokenized mobile payment works:

1. When you add a card to your phone’s “wallet”, it asks your bank or credit union to verify your identity.
2. Your issuer then creates a new number just for mobile payments (which you never see).
3. Upon paying with your phone, a fingerprint is required to show it’s really you.
4. The phone then uses your “mobile payment” number to make another one-time-use number and sends that to the merchant.
5. The merchant asks your bank or credit union if this number is good, but learns nothing from it, since it will never be used again.

The number on your card never leaves your possession. Best part of this? If every one of those systems was hacked, your card number would still be safe. The issuer just makes a new “mobile payment” number for you, and that’s it. No canceling accounts, changing numbers, or mailing cards. In fact, it might happen without you ever knowing. Think of it like a security update for your credit card.

Tokenization isn’t scary. Swiping your card the old way is. Your credit union put a lot of work into supporting the mobile payment systems…growth will remain stagnant if only 1/4 see the value. Help your members live a safer financial life and spread the knowledge!

To Make A Difference, Be Different

Originally published on CUInsight.com

What appeals to you more?

Get a lower interest rate! How much lower? Nearly 3%!
Or
Remember the milk, we’ll remember your rewards.
Or even
Buy what you need. Support the causes you love most.

Let’s face it. People aren’t good at math. It’s an important challenge the credit union industry is tackling with financial literacy programs. Commendable. However, I would bet most people will still sign up for a credit card with a few percent higher interest rate if it means they can get back a few percent in rewards. “They’ll even out in the end, at worst,” may be a common thought.

And rewards are just the beginning.

You’re a credit union. Community engagement is part of your DNA. Show it!

Just take a look at our friends up north. I spoke with a representative from Vancity Credit Union in Vancouver about their credit card program. Why? Because it is different by a long shot.

Not only do their members receive rewards, depending on the level of card chosen, but the entire program is a staple of the community. But don’t take my word for it! Here’s how the spokesperson for the program described it to me (emphasis mine):

“What we do is take 5% of our profits on Visa card products and put it into the enviroFund Grant Program. Being a credit union, we donate all our profits back to our local communities through our grant programs and member rebates. This 5% is just part of what we do and is another way members can choose to support environmental issues through the credit card they use.

We use the funds to address local environmental issues in our communities. Right now we are in the middle of a 5 year campaign focusing on building a sustainable local food system. In the past (as the enviroFund has been going since 1991) we have addressed other issues such as air quality and transportation, toxics in our environment, water issues, green buildings, wildlife preservation and ecosystem restoration to name a few.”

It’s ok if you feel a bit overwhelmed. “But they’re a really big institution, Joe!” That’s fair, and I raised that point to them. They explained how it is related to a percentage of profits, not the total funds. Therefore, a small institution could run a program with smaller investments, but no less impressive impact.

Take, for example, Christian Community Credit Union.  Their “Gives to Missions” cards support a variety of community efforts using a portion of profits from interchange fees.  From disaster relief to college scholarships, their members have supported a to-date donation total of over $4 million! Oh, and cardholders receive rewards for every purchase, as well.

A recent blog on A Smarter Choice discussed the perks of using a credit union credit card. All of them revolved around the boring rates. It’s true, they are lower, yet wouldn’t it attract more attention if you spoke of building playgrounds in your city and returning rewards to your members?

If we talk about being a smarter choice, shouldn’t we be smarter about how we promote our own programs and services?

Is Your Computer Reminiscing You Into Insecurity?

The Internet is a unique place. Where else can you come in with antiques that are only a few years old? And even more, those “antiques” can put you in danger! Imagine if your car, at the end of the lease, was considered “obsolete”. So much for that ’65 muscle car! May as well get rid of it now before it explodes at a stoplight. Really, it’s only a matter of time!

Yes, the pace of digital improvement is staggering. As is the pace of obsolescence. Part of it is “planned”, where a manufacturer or developer wants you to buy their latest version, so they stop supporting the previous. Another aspect is opportunity cost. Keeping security and compatibility updates flowing for an older product requires staff time and resources. At what point does that investment become a losing proposition?

The core of our network-connected society has become the web browser. What used to be “just another program” on your computer has evolved into an operating system of its own. Suffice it to say, your trusty IE, Firefox, Safari, or Chrome (or Opera, if you’re one of the brave outliers) does an incredible amount of work behind the scenes. They are what allows us to receive notifications from websites, load full 3D games in a webpage, play back videos without additional software, and display engaging websites powered directly by the computer’s video card. If you want to see how far we’ve come, simply install an old version of Mozilla Firefox, say, 1.5 (from 2005), into your computer. Watch how slow browsing becomes, how many sites refuse to load, or do, but with horrid interfaces.

Unfortunately, with the good comes the bad. There are individuals and groups out there which want to do harm to your computer. Some for “fun”, others for profit, and still more for political motivations. As a result, your lock is always being picked. Good thing there are security teams devoted to closing these holes at every company! Security updates are the main reason why you receive regular updates on your computer…do them! Patch Tuesday, the monthly Windows Update, may include dozens of security fixes for the operating system and Internet Explorer. Each time you skip one of these, you are leaving your door unlocked for the person who knows where to look.

Which brings us to the point. I had a peek at my logs for credituniongeek.com. Between the period of November 17, 2014 and December 17th, 2014, my site was visited by potentially unsupported web browsers. 10.28% were using Internet Explorer 8, which, if you’re on XP, is no longer receiving security updates. An additional 4.67% were browsing on IE 7, an incarnation of the program which struggles to load much of the modern internet, and, as well, has unpatched security vulnerabilities. Read Microsoft’s official support policy.

I understand if your credit union has custom software running on old platforms. It’s expensive to change, and if it still serves your staff and members, why upgrade? That’s fine. But these systems cannot be connected to the public internet. Especially at a financial institution, this is asking for security breaches. Even with good procedures, it happens, all, the, time.

For the safety of your credit union, members, and staff, please update your public-facing systems.

Older posts

© 2017 Credit Union Geek

Theme by Anders NorenUp ↑