Credit Union Geek

This is the (CU) Way.

Tag: dark web

Cameras on Building Facing Two People

Privacy: A Guide for People (Part 2 – Things You Can Do)

April 13, 2021 / / 0 Comments

Originally published on CUInsight.com

The previous part of our Privacy discussion covered your devices and regular activities on them. Cookies, ads, and what’s changing in this realm. Plus, we looked at how norms are shifting to more data sharing.

With the overnight explosion in work-from-home, many of those practices became commonplace. Services like Zoom got themselves caught on the wrong side of the privacy conversation. And then made the right efforts to get better.

Some of the places your data goes have your best interests in mind. Others…less so. This post will cover some of those technologies for credit unions, while also exposing some risks you may not know about.

Of course, we’ll discuss options to protect your data and self (sadly, some of this is used to control and instill fear in others).

Let’s start with the network you’re using.

Wifi Networks

Wifi Icon

When on public wifi networks, consider everything visible. Your banking connection might be encrypted, but some data can still be seen if someone is “watching” network activity.

Surprise, there’s a solution for it! A technology called VPN (Virtual Private Network) encrypts your traffic and “tunnels” it through trusted servers. Now no one can see anything you do online.

Since all your traffic goes through their systems, it’s good to trust the provider. I use Windscribe, a company out of Canada that is well-reviewed by those in the know. Plus, their marketing is stellar.

You can use a VPN on any connected device, so desktop or mobile activities can be private.

Ironically, LTE (and 5G for some) traffic is among the most secure in our country. If you don’t trust the wifi (Name: “FreeWifiConnectNow”), don’t have a VPN, and need to do some banking, just use LTE.

Other Privacy Challenges

The original draft of this post then went into depth on a really scary kind of location tracker: the license plate scanner. It’s really a discussion upon itself. When I have time, I’ll give it the treatment it deserves.

The rest of this post shares challenges as well as opportunities for your credit union, then further expose privacy risks we can mitigate.

Data Sharing

Between Open Banking and the general expectation of users, you’re under higher obligation to share data than ever before. And that doesn’t include what your members share on their own!

Red and White Puzzle Pieces Fit Together
How does this data and your privacy fit together?

How are we ever going to keep this stuff locked-down?

If you’ve been an honorary geek for any length of time (ie. one of my dedicated readers!), you’ll recall our conversations on data breaches and security. Many, many tweets about it, too.

To answer the question: Most of the time, you guys do a great job with security! It’s everyone else causing issues. Can I get an, “I know, right?”

So there’s a few forms of data sharing. The first is really blatant. It’s when you provide your card number to a merchant to buy something. If it’s in person, I hope you’re using the chip (EMV) or contactless (NFC, like Apple Pay or the card itself). Why? Go here. Read it.

Security in that form is tough, because you’re depending on the merchant. And that’s where most “breaches” occur, costing your institution time and money (though consumers seem to consider it normal now).

It’s not normal. It doesn’t have to be a regular occurrence. Now that the tech is available, the challenge is in member education.

API Access

Shaking Hands in Front of Globe

Chances are, you have at least one connection to some financial service using an API (Application Programming Interface). These are secured links between systems that don’t require sharing passwords.

The handshakes that happen are in the background. It’s like “Log in to this site with Facebook”. You don’t give them your Facebook credentials; you just say “sure, share my data.” (Those have their own privacy implications…)

Your members are used to this type of system. If you present your own solution, they’ll use it (assuming it promises and delivers on a value proposition).

Trusted partners will have strict controls on what they can do with the data you send to them. I’m sure that was decided during the agreement stage.

Having a standardized process for this is at the core of Open Banking. Yes, it will let members connect banking data to other, perhaps cooler, platforms. Yet they’re still with you. And your institution can market this easy integration.

Privacy & Functionality

Data is the new currency. Companies want it. And with the technologies of today (and tomorrow), they can gather more of it than ever before.

Your goal is to help maintain your members’ privacy and security, while also engaging them through interesting personalized experiences.

Risks From Outside

Sometimes, ok, most of the time, the privacy risks to your credit union and members come from outside. There’s not much you can do about them besides being aware, having good security policies, and educating members.

But there is one thing every hacker wants…access to your device. What are the two best tools to prevent this?

  1. Biometric authentication (TouchID or FaceID)
  2. Long passcode only you know

Yeah, that means not sharing access. It also means never sharing passwords (I’m referring to those streaming services logins you absolutely never give to family and friends).

Whether directly or remotely, hackers long to access your information (be it financial, personal, or business). Locking down your phone and computer is your best first line of defense.

Sometimes the “hacker” isn’t a hacker, but someone close to a member. They may install software called “stalkerware” that tracks usage and activities, just as much as any other hack. Go here to get tips for detecting and removing these programs.

This is a concern for people escaping abusive relationships. It also can be a disgruntled (possibly) former employee attacking your computers.

Do they have deep access to your systems? Can they plug devices into your computers and add/remove data? Think of every spy movie character plugging the thing into the network to download all those blinking folders.

You don’t want that. Lock down your systems so this kind of data extrication cannot occur. (but don’t get too aggressive, or employees will resort to less secure means of moving files).

Here’s a company which might make you a bit more eager to lock down your social media accounts. Surprise, surprise, they got hacked.

Clearview AI Facial Image Hack

Face Detection Digital

Here’s a scary and timely hack (based on when I wrote this piece) I hope never happens again. Though, given the information is already out, does it even matter? Yes, yes it does.

A company called Clearview AI was just minding their own business, providing quality services to other companies…sorry, none of that is true. Here’s what they were doing:

Stealing all photos of your face visible online. Then keeping them in their own systems permanently. Even when you deleted your copies on Facebook, Twitter, LinkedIn, or elsewhere, they had you saved.

Already, that’s…not great. It gets worse. They sell this image data (with associated AI recognition capabilities) to law enforcement, governments, and, oh, yeah, banks.

Presumably, it’s used to match your identity to photos of unknown people. For what reasons? To find wanted people, sure. To discover those who aren’t paying the loans? Your guess is as good as mine.

The hack? Their entire client list was stolen. So while there’s no way to remove your photos from their system, someone else has access to who they’ve sold them to.

What You Can Do

In this case, your strategy is just empowering members with clear and concise information. Then share pieces of a regularly-updated guide on maximizing safety and security online and in the real world.

Include mention of privacy settings on social media, the potential risks of friending people you don’t know, and the typical “your credit union will never ask for any personal information”.

Keep Dark Web In Mind

For your own institution’s protection, realize some of your member data might be on the Dark Web. Brainstorm the most effective and unobtrusive ways to verify member activity and identity.

PS – Make sure security questions never include maiden names, pets, street/city where you were born, or first car. Embrace 2FA and answers to questions that are less likely to be found in public record searches. Say, favorite movie or breakfast. Again, be creative! (Yes, these are vulnerable to social engineering, but it’s a start.)

Privacy Talks Continue

These two posts may have felt like a lot. And you’d be right. But it’s still just the beginning. I could talk about nothing else on here and stay busy. I won’t, because there’s more to cover.

Just keep these ideas in mind and ensure they are built into your mission, so it’s always considered.

You have your member’s trust. Use it wisely and share your own wisdom to help them live safer, more productively, and happier.

Be sure to Subscribe to the Credit Union Geek to get more posts like this delivered straight to your inbox.

Image credit: Photo by Matthew Henry on Unsplash

immersion18 Award Winners

immersion18: Empowering CUs of Tomorrow, Today

May 16, 2018 / / 0 Comments

Be sure to read my on-site roundup of conference happenings as a prelude to this article. Additionally, look back to May 10 on my Twitter feed to see live contributions.

“They have hammocks on the beach?” asked one attendee, as another gleefully nodded. They made it to future sessions, worry not.

With the blue-green Atlantic waters as backdrop, the Trellance Immersion18 conference enjoyed a productive debut. Despite the team having hosted an annual event for nearly 30 years, this one was different. It was the first following a name, mission, and organizational change. Remember CSCU? They’re no more. In their place, Trellance, a not-for-profit credit union service organization, or CUSO. As credit unions’ unbiased advocate, their new focus was a perfect fit for the event.

Trellance CEO Tom Davis opened the first morning session surrounded by a technologically-infused dance number, complete with spinning displays and more. Despite being before many attendees’ coffee addictions were satiated, the audience sounded their approval. Then it got exciting. Davis introduced Trellance, lauding its unbiased advocate role as well as its not-for-profit status, and passed the baton to Bill Lehman.  Lehman reviewed how Trellance evolved from CSCU, helping set credit union staff expectations for the days ahead. And if you thought it was thrilling already, the next speaker was downright explosive. David Lott, Federal Reserve Bank of Atlanta, spoke of the newest “trend” to enter this country: Exploding ATMs.

After discussing strategies to diffuse the threat (there’s no one solution, which really should be the theme of the conference), Mollie Bell, CUNA’s Chief Engagement Officer, took the stage with fierce focus. On strategy, that is. CUNA did a great write-up on her talk, which essentially challenged attendees to define who they were and what that meant about their target audience. Then make a plan that rocks your socks off. Ok, she didn’t say that, but she did include a “Big Hairy Audacious Goal” for aspiration.

You won’t need a bigger boat when this shark enters the room. Daymond John, founder of FUBU clothing, Shark Tank star, and more, joined us to share his 5 SHARK points (see picture). More in my other roundup.

A common theme in the conference was fraud and security, both for your institution and members. The latter has become a daunting challenge. Why? In the past, you secured a single path for financial data. Then, members could access it on their computer from home. Now, all financial information is expected to be available from any device (including voice assistants), any where (including that FreeWiFiConnectNowIWontStealYourStuffnetwork down the street), at any time. Many more places for information to be compromised.

A conference-favorite was the Dark Web session. The team from Q6 Cyber hooked up their secured connection, loaded up their Tor browser, and went shopping. For your members’ financial data. Or a hit man. Or an ATM skimmer. All available with Prime shipping! (I kid, but only slightly). Please do not try this at home.

Other criminals use far lower-tech solutions, including one called “friendly fraud”. CUBroadcast spoke with Trellance’s Lou Grilli about this technique, amongst other topics. TL;DR: Fraud comes in a lot of forms. Keeping current on how to detect and minimize them is essential. And you need a WISP (Written Information Security Policy). Embrace your WISP. Update your WISP. When, not if, (according to Michele Cohen) your system is compromised in some way, you’ll be happy there’s a plan. Because restoration will take 4-6x longer than your IT team expects. It’s not a diss, it’s just the reality. The more prepared you are, the sooner you can serve your members at 100%.

My personal favorite session of the conference was hosted by John Best of Best Innovation Group. It discussed that buzzword you keep hearing but just don’t quite understand: Blockchain. Attendees get it. You can, too. Just ask me, or go straight to the source. Everything you think it might be? It’s more. And less. Here’s an overly simplified explanation:

  • Have someone hand another person $1.
  • Observe them doing it.
  • You are the distributed ledger verifying that it happened.
  • Now, put that dollar in an envelope. Boom, it’s encrypted.

Combine this with a decentralized system (meaning, one source broadcasts the same data to many trusted destinations, which all save it independently) and you have the trappings of a revolution! There’s so much more to it, but let me leave you with a mind-blowing possibility blockchain could eventually offer: NO MORE PASSWORDS!

Unfortunately, I can only report on sessions I attended. With more than 20 breakouts, everyone had an opportunity to gain enormous insights. No doubt, there are great ideas being shared by attendees at their credit unions around the country.

You want more? How about the sweet rock music anthems for every speaker and gathering (thanks to Lou Grilli for the playlists)? Or that time when Davis became the pistil of a dance troupe’s flower? Perhaps the living statue who could make the fountain come out her fingers? Or the walking tree? Oh, I see, you want to know about the extra-tall LED-lighted robot dancers at the final party. Sorry, what happens at the after-party stays at the after-party.

I’d like to thank the entire team at Trellance as well as all speakers for producing a memorable event stuffed to the gills with useful take-home info.

About Trellance:
Born out of nearly 30 years of payments experience and a passion for the credit union movement, Trellance is committed to providing innovative yet simple solutions to help credit unions adapt and thrive in a complex and competitive landscape. Together we can build and implement strategies to seize the exciting future of our industry.

Learn more about us at Trellance.com, visit us at thepaymentsreview.com for industry insights and our perspective on the future, or follow us on LinkedIn, Facebook, and Twitter @Trellance.

Image description: Attendees receiving their Exceptional Member Initiative Awards. Credit: Me.

immersion18 Entrance Trellance

Immersed in immersion18

May 10, 2018 / / 1 Comment

What’s better than blue-green waves lapping on a sandy beach? Experiencing it all with a dedicated group of credit union professionals!

I’m here on Ft. Lauderdale beach (the Marriott Harbor Beach, to be precise) with the Trellance team as hosts to immersion18, their newly (re)launched conference. Is their new name resonating with credit union attendees? Well, they’re absolutely immersed and excitedly sharing their experiences, challenges, and solutions. So, yeah, it’s going just fine.

And it’s not just CU people who shared their wisdom. Ever watch that little show called “Shark Tank”? The People’s Shark, Daymond John himself told an audio/video story of his life, from the lowest lows to where he is today. It wasn’t all “destiny”, “right place at the right time”, or any of that. He put in the work. He put in the time. And he learned about his target audience before offering anything to them. I’m sure credit unions have nothing to learn from that experience.

Attendees locked down their devices as Theresa Payton, former White House CIO and current star of CBS show “Hunted”, explained the challenges of cyber security. I’m sure she used our friend’s friend to figure out our security questions, anyway. Bottom line: Security is hard. And there’s a lot of ways to improve it for your own organization as well as for your users (read: members).

Other topics discussed? Blockchain (no, it’s not Bitcoin). Digital media marketing. Dark web (let’s say they “shined the light” into that part of the internet…I crack myself up). Much more.

I’ll provide a complete roundup after the conference completes. Now, I’ve got to get back for the big celebration! Last year, they had a mind reader. What’s going to be the surprise tonight?

Brief Bio

Geek. Environmentalist. CU Marketer.
Learn More.

Powered by

Sci-fi & Disney references

You thought I was going to say WordPress or something? Sure, it is, but that’s what really keeps this site going.

© 2025 Credit Union Geek

Theme by Anders NorenUp ↑