Credit Union Geek

Marketing, Strategy, and The Force by Joe Winn

ID Theft Protection. Credit Union Members. Your Responsibility.

This article is adapted from my company’s Learning Library, a source of honest insights on a range of industry challenges, products, and opportunities. It’s an estimated 13 minute read. There are two reasons why I’m cool with sharing this article here:

  1. I wrote the original.
  2. The Learning Library isn’t about selling, rather informing, just like here!

Members’ Expectations

Your members have certain expectations of their credit union. A robust checking account. An easy place to accumulate savings. A destination for needed loans. And that’s just the big picture. Even more basic assumptions include:

  • Money I deposit will be safe
  • The amount I see is the amount I have
  • If someone steals from my account through ID Theft or fraud, the institution will make me whole

Are any of these going “too far”? I think we can agree they are universally held expectations. Yet you know financial theft is on the rise, and now may be wondering: “If we make them whole, who makes us whole?”

Great question. And it goes in line with what brought you here: Should our credit union provide ID Theft/Recovery Solutions to account holders?

Since it’s happened to my family (and millions of others), and it sucked, I’m on the side of, “Yes!”. My company offers this as a service through Value-Added Checking (that link goes to a description of the concept, not a product page). It’s something my company cares about deeply, so I feel obligated to share the details with you. Then, after reading, you can determine if some sort of protection makes sense at your credit union. Below, I’ll illuminate some surprising findings about digital theft and what it means for your credit union.

First, let’s look at the realities of financial theft.

Hacks Happen. A Lot.

With more of our lives saved “in the cloud”, the amount of personally-identifiable data on any of us increases daily. Each new service (supposedly) makes our lives easier and more connected. Unfortunately, that also means those who would do us harm have a lot more information to use.  It’s not like I’ve ever written about the dangers of bad passwords or anything…

In the Identity Theft Resource Center’s (ITRC) 2017 Data Breach report, they found what you would expect. Breaches are up. A lot. In 2017, 1,579 data breaches exposed nearly 179 million records. If that sounds like a huge number, you’re not wrong. 

That’s a 44% increase in number of breaches and a mind-boggling 389% increase in records exposed!

2017 was a big year for data breaches. Yet it pales in comparison to 2018. In just the 10 major corporate hacks, almost 2 billion (non-unique) records were exposed.

And Then There Was Equifax

Who can forget the infamous Equifax hack of 2017? In one of the most darkly ironic hacks ever publicized, one of the top credit bureaus lost control of their information. The very company whose business model it is to protect people’s most sensitive personal information. And then, Equifax handled it with the grace of a puppy tumbling down a pile of freshly washed laundry, without all the cuteness.

In a scene reminiscent of an old Seinfeld episode, Equifax took their time even admitting to the hack (and changing the story of its extent numerous times). Then, they set up a special customer assistance web page. Except, they didn’t use their own trusted domain. Nor was it signed with their normal security certificate. And it asked for your social security number, in a mind-boggling faux-pax of internet security practices. 

In fact, it looked suspiciously like a phishing site. 

So, predictably, within hours, hackers had cloned the support page, and did so well even Equifax staff were forwarding affected customers to the fake site! (Where new groups were able to steal more customer information, thus making the hack even worse)

Things didn’t go well for the vast majority of us whose personal information was now…somewhere.

Is Getting Hacked Inevitable?

Hacker Inside
Does this come with a memorable jingle, also?

Are you connected to the internet in some way? Then, unfortunately, yes. Experts agree it’s not a matter of if, it’s a matter of when. In fact, I was at a credit union industry conference where security had a top focus. Every security expert present offered the following advice: “Have a security breach plan. It’s going to happen. It’s going to stink. But when you have a plan in place, at least you can mitigate the damage faster.” Needless to say, upon hearing these speakers, the room filled with clackering teeth and nervous tics.

As a financial institution, you possess two things which thieves love:

  1. Money
  2. Personal information of people who may also have money elsewhere

So they’re going to try and get in. How does that affect your account holders and institution? And what can you realistically do?

Meeting Customer Expectations While Protecting Your Own Interests

Identity Fraud Study 2018 Javelin Strategy and Research
Your members are part of this data.

Like it or not, when a member or customer’s account is breached, it’s going to take resources and dollars to rectify. And guess who pays? Let’s watch it play out.

Remember that plan we mentioned above? Now’s the time to put it in action. Your account holders expect you to handle it and make everything right again with their financial situation.

Of course, you know it’s not always easy, nor is it that simple.

There are two ways your customers can experience losses:

  1. Individual account is compromised. 
  2. Financial institution’s systems are compromised. 

From the perspective of your members or customers, they don’t care what happened; they just want access to their money (see Basic Assumptions from the beginning). If hackers gained access to just a single account, you can lock it down and assist the account holder in resetting passwords, replacing cards, and anything else necessary, as well as reimbursing for lost funds. Keep the idea of reimbursement on the back burner for just a moment.

If it’s not a single account, but rather, the entire financial institution system, the effort needed to get back to normal can be substantial. (Another piece of wisdom from that industry conference: Getting everything back to 100% takes longer than your IT team estimates. They’re working hard; it’s just a lot to do!) Expenses and staff time can pile up as the direct effects of a hack make themselves known. Recovering from backups or other systems adds time and money to an already stressful process for all involved. 

After a lot of hard work and cooperation, kudos to your team; the hack is behind you all. Back to business!

Ah, but what about the actual monetary losses from account holders? Whether it was one or many accounts, the expectation is that the money was safe, thus, it has to return! According to a study by Javelin Research, mean fraud amount per individual is $1,038. Yet their total out of pocket loss averaged $48.

No worries, someone else pays…right?

We’re Covered, Right?

No. The buck stops with you. Most institutions write off the dollar losses of breaches and fraudulent access as a “cost of doing business”. While Federal Regulations do protect account holders, liability shifts to the corresponding financial institution.

So how much might you need to pay? Under the Electronic Funds Transfer Act, account holders’ losses are limited based on when the error or fraud gets reported:

  • Within two business days, account holder loss is $50.
  • Within 60 days, account holder loss limit is $500.
  • Past 60 days, the account holder will probably be out the money and any overdraft fees incurred as a result.

Remember the average out of pocket loss was $48. Your financial institution makes up the difference (and often ensures the account holder suffers no losses at all).

And, of course, there’s insurance (or special bonds) to protect you as well. Except… it’s rare for it to apply. According to bank execs we spoke to during research for this article, the deductibles on this coverage are typically much higher than the average account balance.

So your institution simply absorbs these losses.

Additional Costs of ID Theft

Beyond the hard costs of restoration for your institution and/or account holders, the additional “soft costs” of time and resources add up quickly. Things including:

  • Assisting customers to restore their accounts
  • The cost of issuing new cards
  • The time your staff must take to ensure this happens smoothly

Plus, since identity theft affects a wide range of an individual’s life data, there is work involved contacting law enforcement, social security, DMV, loan-holders, and other agencies.

Becoming “Numb” To Financial Security

“Comfortably Numb” is more than a great song. It’s also how many people view protecting their personal information. With massive breaches and individual hacks now a regular occurrence, the general public is more indifferent to them than ever before. In fact, an Experian survey indicates consumers may actually be making it even easier for thieves:

While 84 percent of respondents acknowledge being concerned about the security of personal information online, nearly two-thirds (64 percent) agree it’s “too much of a hassle to constantly worry about securing personal information online.” The majority say staying on top of financial transactions is a challenge (53 percent), and nearly half (48 percent) don’t even check their credit reports regularly for errors or suspicious activity.

So if your own account holders are more vulnerable than ever to these losses, yet the money lost is overwhelmingly borne by your financial institution, what can you do?

Should financial institutions offer ID Theft insurance?

That’s a question only you can answer. Before you do, let’s first look at:

  • What ID Theft Insurance Covers
  • What ID Theft Insurance Does Not Cover
  • ID Theft Insurance vs. Restoration
  • Proactive vs. Reactive Coverage
  • Costs of coverage

ID Theft Insurance

Thanks to Federal protections, average out of pocket cash loss is $48 to consumers. That’s why some organizations advise against the purchase of Identity Theft insurance. These services (such as LifeLock) offer coverages from $10,000 all the way to $1,000,000, yet, as research shows, these amounts of liability and losses are extremely unlikely. The real impacts for most are felt in the Restoration process.

ID Theft Restoration

2 billion accounts had personal information stolen. Much of that data was sold to criminal enterprises around the planet, where it is held for varying lengths of time (often to let the monitoring expire) before acting upon it. Depending on how much information is available, fraudsters may accomplish a full takeover or cloning of a consumer’s identity. That opens up a world of criminal opportunities, from new credit cards to pension and social security payment kidnapping!

The first step upon discovering ID Theft is a freezing of all applicable accounts. Recent transactions get reviewed, illuminating suspect transactions. Then, new account numbers (and cards) must be issued. And that’s just for one financial institution.

How many places do you have money saved or borrowed in some form? Each needs to be contacted, along with at least one credit bureau (to put a freeze on any credit inquiries or approvals). Take a breath, because we’re just getting started.

Now that immediate monetary accounts are secure, you need to reach out to law enforcement. Then the Federal Trade Commission, and even mortgage, rental, and utility companies. We’re talking any entity where a consumer has a business relationship.

I wish I were exaggerating. When my family member’s social security number was somehow exposed, not only did they find dozens of fraudulent charges on their credit card, they also saw unpaid bills from their power company for a residence that was not theirs. Yes, a criminal was using the stolen identity to (not) pay for electricity at another home! And this doesn’t include the dozens of new in-store credit cards and accounts at financial institutions unfamiliar to the family member.

Up to 1,200 Hours

Clear your schedule, because this could take a while. According to LifeLock, the average time spent fixing an identity theft issue is seven hours, usually over the course of a day, but up to a month. In extreme cases, people may spend up to 1,200 hours over the course of a year or more resolving identity theft problems. As a popular meme says, “Ain’t nobody got time for that!”

Needless to say, this can become a major source of anxiety, stress, and even time lost from work. As your account holder’s primary (or favorite) institution, they will be looking to you for help. What do you have to offer?

Much of this lost time and resources (for both the people affected and your institution) can be avoided with a proactive, resolution-based ID Theft insurance system. How?

What’s the difference between Proactive and Reactive?

I’ll answer with another question: What’s better, dealing with fraud after it happens or just stopping it at the first sign of a problem?

Proactive Coverage

Not a difficult answer. Stopping fraud before it causes problems is the objective of Proactive programs. Monitoring tools run 24/7, catching suspicious activity as it happens, then notifying the individual through text message (SMS), e-mail, and even phone alerts in the moment. This prevents most damage from taking place.

Reactive Coverage

A Reactive program simply provides tools to check credit bureau reports and other personal information, along with a variety of tips on keeping their personal data safe. With no constant monitoring, a problem gets discovered because something already went wrong, making restoration a greater challenge.

No matter which coverage an individual has, both provide assistance in the event of fraud. However, the degree to which they get you back to normal depends on the naming: “Restoration” or “Resolution”.

Which is better? Resolution or Restoration?

This is a trick question, right? Unfortunately, it’s not. While both work towards the same outcome, each have a unique approach.

Resolution

The Resolution approach is more DIY and generally includes advice and a step-by-step process for the consumer. There is no dedicated person at the company assisting, however, they may offer customer service to answer questions.

Restoration

With Restoration, the affected individual works with the ID Theft insurance company. Typically, a specialist gets assigned to their case, and that person will help them with the legwork…the calls, communications, and paperwork necessary to ensure their identity is fully restored.

No matter which approach a person chooses, costs incurred by them during the process can be reimbursed by the insurance company (up to stated limits).

What Does ID Theft Insurance Cost?

As we covered above, premiums can vary greatly depending upon the coverage chosen: whether it is Proactive or Reactive, if it is for Restoration or Resolution, and what the limits are.

LifeLock, the largest of the retail ID Theft Insurance providers, prices their plans between $9.95 and $29.95 per month (increasing after the first year).

Due to the importance of having as many account holders covered as possible, over 600 financial institutions currently integrate ID Protect (Full disclosure: My company offers this product.) into their Value-Added Checking. This is blanket coverage, available at a fraction of the cost of any retail plan, and is generally part of a revenue-generating benefit bundle tied to your account holder’s checking account.

What ID Theft Insurance Does For Your Institution

  • Relieves hard and soft costs to your institution 
  • Helps prevent instances of fraud
  • May shift restoration responsibilities to insurance company

To me, ensuring your account holders have peace of mind is well worth the effort. Plus, your own institution saves staff time and money. Also, if you offer it as part of a Value-Added Checking program (whether it’s provided by my company or someone else), it helps differentiate your credit union.

Learn Even More

My company has a Learning Library where we discuss this and other topics. Think of it like this blog, except with more detail on your products, better answers, and fewer (blatant) geek references. I’m here to help illuminate challenges to credit unions. The Learning Library dives deep into everything so you get honest insights without jumping site to site.

Unseen Credit Union Competition: “Respond Immediately!”

Credit unions aren’t just “cheaper banks”, nor are they “banks owned by the people”.  They’re unique community institutions.  At least, I still believe this.  Do you?

This article dives into what happens after a member closes a loan (auto or mortgage) with you. Specifically, we look at the solicitations they receive. And what your role is in helping your member understand it all.

Who’s Your Competition?

It’s tempting to think that your primary competition and challenge comes from the big banks. Sure, they offer similar products and target the same groups of people (ie. your potential membership). Their marketing efforts present them as a community-focused option.  They make it about their customers, not about the money.  I’m no expert, but it definitely sounds like they’re competitors.

It’s true.  They are.  And for many people, you can offer a better option which will save them money.  Yet, besides the exceptional record of Wells Fargo, the national banks don’t engage in “slimy tactics” or attempt to steal customers by just-nearly-but-not-quite misrepresentation.  On the whole, banks (both community and national) want their customer’s business and aim to gain and keep it through honest means.

However, there’s others with a slightly different agenda. This article looks at competition to credit unions besides banks, and how you can use your existing products, member relationships, and educational mission to beat them at their own game.

Loan Closing & What Comes After

Last year, I bought a new car.  Yes, I have a lot of fun when driving.

Shortly after, I began to receive letters in the mail much like this:

Real…ish

Packed in official-appearing envelopes (many had that, “fold each side and tear in order” government style design), with names such as, “Automotive Services Department” or some other bogus, yet “maybe they’re real?” title, they appeared in masse.  They encouraged, no, insisted I follow up immediately regarding my vehicle’s impending warranty expiration.  Never mind it’s a new car, with a 3 year factory warranty included.  I COULD BE AT RISK FINANCIALLY IF I DON’T ACT NOW! Of course, the action to take is to get in touch with whomever runs these shady enterprises (they’re not affiliated with any of your VSC providers, trust me) and make sure my car is protected.  Much protection, indeed.  “Do you cover diagnostic time and taxes?” is a question I would feel obligated to ask if I ever were forced to reach out.

Why mention these letters?  Because every time your member finances with you and every time they don’t, they’re getting dozens of mail pieces like this.  And this is what they ask themselves: Do I know for certain it has nothing to do with my credit union?  Is it a scam?  Can I get a better deal from here or my dealer?  Is it even something I need?  What’s the harm in a call?

It’s unlikely your members will ever ask you any of these questions.  But you can bet they’re asking someone, whether it be Google, that helpful voice in their head, or a spouse or friend.  You can be there for your members in more ways than you think.  And this is what sets you apart.

A Loan Closing Tip

Imagine if at every loan closing (that includes mortgages, because I get things like this for my house all the time), you had a short conversation about potential fraud and things to beware.

“Ok, Jenna, we’re just about done.  Are you excited?  Because I am!  Since we’re here for you across your entire financial life, we want to make sure you’re empowered to spot what’s real and what isn’t.  Here are some examples of letters you’re going to get in the mail, maybe even in your Inbox.

They’re not from us.

All of our communications will always include your member number and our logo. These make themselves look really official, and often have scary wording. Crazy, right?

Please look out for these and make sure any future interaction about your financing is with myself or someone else here at ABC CU.  I know it may seem silly, but we used to see many members fall for similar scams, and we want to help ensure you’re not one of them!

And as far as vehicle service contracts go, we’d be happy to have that discussion to see if it makes sense for you!  Does this make sense?”

Has anyone ever said that to you?  What if they did?  How would that make you feel?  A bit more trusting of your credit union, right?  That they have your back, and want to go above and beyond to keep you safe and secure?  That’s a credit union I want to do business with and share with my friends and family.

In a future post, we’re going to address GAP and warranty coverage (the legitimate ones) and how they differ (or don’t) between credit union, dealer, and insurance provider.  Later on, we’ll educate each other and members on buy-here-pay-here lenders.

It’s About Your Credit Union Mission

Remember, your mission likely includes something about ensuring your members live a financially successful life.  Here’s one easy thing you can implement which may make a big difference for your members.

Enjoyed? Subscribe for more!

Subscribe to these posts from the sidebar to ensure you stay in the loop & continue your education journey!

The 3 Challenges Any Effort Must Overcome

This post began as I considered technologies emerging within the financial space. From chatbots to mobile app improvements, I don’t have to explain all the emerging…stuff. We were going to have a nice chat about how people of different generations, careers, technological comfort, and more may react to all of it.

But that’s casting too small a net. I missed the point. The topic of this post isn’t about technology. It’s about you. Not you the humble, beautiful, and giving person reading right now. You the credit union. You the dentist. You the grocery store.

Where am I going with this? What I’m about to say is going to sound so simple that you’ll want to laugh in my face. Then you will realize it’s been in your head all along. As it has every one else.

There are three challenges you must overcome in order to get someone to change their behavior. That could mean using your mobile platform. Or flossing. Or even just grasping that you exist as an entity. Those three challenges are as follows:

  • Don’t know
  • Don’t care
  • Don’t want to

Don’t Know

If you’re trying to attract new members, you have to overcome each of these challenges, in order, before they’ll make the switch. First, it’s possible they don’t know you exist. How can you solve such a massive problem? Marketing? Word-of-mouth campaigns? That’s up to you. Then, there has to be a reason for them to pay attention. Why care about opening a relationship with your credit union? Lower fees or interest rates are fine, yet when talking credit cards, security is the first priority for switching. Help members care by understanding what they care about.

Don’t Care

After putting all this glorious energy into reaching out, informing, addressing their pains, and making it easy to get started, there’s still another obstacle. Even after acknowledging their current strategy might not be ideal, they just don’t want to make a change. I know people who refuse to use online banking (they’ll never go mobile). To them, it’s a security nightmare and just isn’t worth anything it can offer them. These people don’t care about what you are offering.

Don’t Want To

You’re not going to attract everyone, no matter what you do. That’s why my readership is only 84% of the credit union industry (I’m estimating on the fly…probably close, right?) and not all of it. And that’s ok. Though I still need to ensure more people know about my blog (and speaking), then give them a reason to care. Those who don’t want to care, well, that’s their choice. I’m still happy to extend honorary geek status to them at any time.

TL;DR (Too Long, Didn’t Read) Lesson: Everything you do has to overcome three challenges to succeed: Knowing. Caring. Wanting. If you miss one, said thing won’t be a success. How do you seek to overcome these Big 3?

« Older posts

© 2019 Credit Union Geek

Theme by Anders NorenUp ↑