Credit Union Geek

Marketing, Strategy, and The Force by Joe Winn

Tag: it

If IT’s Broke, You Can’t Release

Eagle-eyed readers will notice the “typo” in my title. Good catch! However, no mistake was made. We’re talking IT, as in “information technology”. In other words, your digital stuff.

Naturally, I’m a member of a credit union. They are a small to mid-sized institution, and I’m going to leave their name out of the discussion. If you really want to know, a quick check on my Twitter feed will give you the answer you seek. You’ll understand why in just a few sentences.

Honest disclosure: They’re no longer my primary financial institution. Let’s just say that not all credit unions are like yours.

A recent article by a fellow industry writer pointed out many great points about engaging your younger members. Yeah, a Millennials story. With truths! Rhiannon Stone (I’m sure she never gets the Fleetwood Mac reference tossed out…nope, I’m the first) explains, like me, that appealing to young people is just like connecting with anyone else. Your services need to be naturally easy to use, fast, and comprehensive. Also, they just have to work. “You are more likely to keep younger members by providing applications that are straightforward, intuitive, and free of glitches.”

Therein lies the point of this post. Their mobile app, shall we say, is old. It last received an update October 2, 2013. Did your current phone exist back then? 3 years is an eternity in mobile tech. Especially in mobile banking. But, it worked. No, it didn’t fill the screen and functionality was limited, but, the things it did support ran as expected.

On Monday, they released a new version…finally! It debuted a redesigned look and feel along with some new security features. No, the new design wasn’t better, but it was new for newness sake. Oh well. But alas, it now supports logging in with Touch ID! Welcome to 2015 and the big bank apps! I eagerly activated this feature. Then I closed the app and reopened it to test.

It didn’t work.

Ok, that’s not fair. The app opened right up with no problem. Only it never asked for my fingerprint. Or my password. It was now stuck “logged in” to my account info. Even logging out in the app was just a tease. Reopen it and there appeared my accounts again.

Being the responsible user I am, I quickly reported this issue to my credit union via Twitter. Two whole days later (they posted “Good morning” tweets in-between), they replied (ok, they “quoted” my tweet, but it’s close enough) with, “Hi Joe, thank your feedback. We’ll look into it and will try to improve this soon!” Grammatical errors are their own.

Would this inspire confidence in the security of your data? Or in their attention to detail? Let’s recall what Ms. Stone said about keeping younger members: “by providing applications…free of glitches.” This is beyond a glitch. It tells me they never bothered testing. In case you might think, “well, he’s a geek, probably running some weird operating system on an obscure phone.” I have an iPhone 7 with iOS 10.1.1, the same setup hundreds of millions of other Apple users enjoy.

I can understand if the interface on their new app had some visual artifacts or performance issues. It’s new and all software has bugs. However, the core security should be rock-solid. This part you can’t compromise or “wing it”. To me, such a critical bug should mean the app gets pulled immediately until it can be resolved. You can’t mess around with security.

My generation doesn’t tolerate security issues or companies with a lax attitude towards technical problems. Look at the uproar when Netflix was recently down for a few hours…the Internet nearly imploded. Netflix, to their credit, was incredibly responsive throughout the outage, updating as they learned more. This is how you have to be now.

Like it or not, your credit union is now a tech company, with all the privileges and responsibilities that come with the role. Those who can fulfill this position well will reap the benefits. Those who don’t grasp this concept will be in a future, “mergers of the month” article from NCUA.

Where do you see your credit union in 5 years?

Image credit: http://www.csus.edu/sacstatenews/articles/2010/12/images/instory_security.jpg

How can I tell if my car has been hacked?

  • When you drive, does your GPS talk back with more attitude than normal?
  • Do you find your car going on late-night ice cream runs?
  • Has your car strangled you or your family? More than once?
  • Will your car refuse to perform rolling stops or turn right on red?

If you can say “yes” to any of these, then your car may be hacked. But don’t panic! It’s equally likely your car has just been possessed by a hungry ghost.

We are all acclimated to the security risks on our computers and phones; you update often, avoid sketchy websites, and don’t download questionable software. However, the king of the open road has never dealt with these challenges. Our cars were a sanctuary. The only risk was of being involved in one of 10.8 million accidents per year. But hacking? Leave that to the computers!

Today, your car is a computer as well. In fact, it’s more computer than your computer. Besides the OBD2 service plug under your dashboard, it is a veritable treasure trove of calculating machines. Anti-lock brakes, stability control, airbags, roll compensation, variable headlights, lane guidance, and more all run computations hundreds of times per second. Not to mention the entertainment systems which are more tightly integrated into car operations each year.

News stories describing vehicle hacking sensationalize the event, making it difficult to know whether the problem uncovered is a true risk. Perhaps, then, we cannot blame people for being afraid of their next car being the victim of hackers. A recent survey conducted by Kelley Blue Book put numbers to the suspicions. Of note, nearly half (41%) would consider vehicle security provisions during their next purchase. Over half (58%) felt a permanent solution to the problem will never be found.

That group is correct. If computer code is more complex than “Hello, world!”, it has bugs. Just as your body has a variety of protections against sickness, from skin to an immune system, sometimes both our bodies’ and our computers’ code gets “colds”. The concern is in severity. A small rash might be an inconvenience, but the flu can put you out of commission for days. Same too with the computer. If the bug is serious enough, and a hacker (like a virus) can infect deeply into the system, then the system can be taken over.

The key to ensuring car hacking does not become a safety issue is in the ability to get fixes to the vehicles. Tesla designed their Model S (and all future vehicles) with a wireless update capability, much like your phone. When it’s plugged in and charging, it checks for updates, which can fix security and stability bugs, as well as add new features. Your next drive is then more secure. The Jeep Cherokee you heard was hacked (luckily by good guys) has no such feature, and must either be driven to a dealership or manually updated with a USB drive.

Luckily for Chrysler, people don’t yet see their cars as they do their phones. From a technical standpoint, they’re the same; Internet-connected devices that you depend upon to just work. In the aforementioned survey, 64% would elect to drive to a dealership for a security update to be installed. Would you drive to the Apple Store, wait in line, then wander around the mall for an hour while the latest update is set up on your phone? Of course not. You’d demand better. It’s only a matter of time until this migrates to cars.

Your credit union (you didn’t think I’d get to you, but I did!) has strong security features in place. Your members’ personal and financial information must never fall into the wrong hands, or any other hands, for that matter. But vulnerabilities exist and there are always those looking to exploit for their own ends. Does your IT team ensure both technical problems and human error cannot compromise your core LOS? What about your members? If your last security notice to them was a red bar on your website, they didn’t understand. In the same way you provide financial literacy education, help your members keep a safer digital life. Share the procedures in place at your own branches…does anyone use “password” as their password?

In today’s always-connected society, you are likely the most security-conscious entity your members directly encounter in their daily life. Help them be as great as you at conducting safe online practices. Consider yourself the wireless updates for your members’ security features.

But watch out for that moody GPS. Your delightful British accent isn’t fooling anyone!

Update: Another report has surfaced that the OBD2 port mentioned above connects to an inherently insecure platform, the CAN bus. It’s ok, it’s only on every car made in the last 20 years. However, devices that give the port wireless capabilities, like OnStar or insurance monitoring attachments, put your vehicle more at risk. Me? I’m keeping that port empty, especially given all the self-driving systems on my car. 

Image credit: http://blogthinkbig.com/wp-content/uploads/2014/01/hackers-new-cars1-620×413.jpg

Is Your Computer Reminiscing You Into Insecurity?

The Internet is a unique place. Where else can you come in with antiques that are only a few years old? And even more, those “antiques” can put you in danger! Imagine if your car, at the end of the lease, was considered “obsolete”. So much for that ’65 muscle car! May as well get rid of it now before it explodes at a stoplight. Really, it’s only a matter of time!

Yes, the pace of digital improvement is staggering. As is the pace of obsolescence. Part of it is “planned”, where a manufacturer or developer wants you to buy their latest version, so they stop supporting the previous. Another aspect is opportunity cost. Keeping security and compatibility updates flowing for an older product requires staff time and resources. At what point does that investment become a losing proposition?

The core of our network-connected society has become the web browser. What used to be “just another program” on your computer has evolved into an operating system of its own. Suffice it to say, your trusty IE, Firefox, Safari, or Chrome (or Opera, if you’re one of the brave outliers) does an incredible amount of work behind the scenes. They are what allows us to receive notifications from websites, load full 3D games in a webpage, play back videos without additional software, and display engaging websites powered directly by the computer’s video card. If you want to see how far we’ve come, simply install an old version of Mozilla Firefox, say, 1.5 (from 2005), into your computer. Watch how slow browsing becomes, how many sites refuse to load, or do, but with horrid interfaces.

Unfortunately, with the good comes the bad. There are individuals and groups out there which want to do harm to your computer. Some for “fun”, others for profit, and still more for political motivations. As a result, your lock is always being picked. Good thing there are security teams devoted to closing these holes at every company! Security updates are the main reason why you receive regular updates on your computer…do them! Patch Tuesday, the monthly Windows Update, may include dozens of security fixes for the operating system and Internet Explorer. Each time you skip one of these, you are leaving your door unlocked for the person who knows where to look.

Which brings us to the point. I had a peek at my logs for credituniongeek.com. Between the period of November 17, 2014 and December 17th, 2014, my site was visited by potentially unsupported web browsers. 10.28% were using Internet Explorer 8, which, if you’re on XP, is no longer receiving security updates. An additional 4.67% were browsing on IE 7, an incarnation of the program which struggles to load much of the modern internet, and, as well, has unpatched security vulnerabilities. Read Microsoft’s official support policy.

I understand if your credit union has custom software running on old platforms. It’s expensive to change, and if it still serves your staff and members, why upgrade? That’s fine. But these systems cannot be connected to the public internet. Especially at a financial institution, this is asking for security breaches. Even with good procedures, it happens, all, the, time.

For the safety of your credit union, members, and staff, please update your public-facing systems.

© 2017 Credit Union Geek

Theme by Anders NorenUp ↑