Credit Union Geek

This is the (CU) Way.

Tag: fintech

Cameras on Building Facing Two People

Privacy: A Guide for People (Part 2 – Things You Can Do)

April 13, 2021 / / 0 Comments

Originally published on CUInsight.com

The previous part of our Privacy discussion covered your devices and regular activities on them. Cookies, ads, and what’s changing in this realm. Plus, we looked at how norms are shifting to more data sharing.

With the overnight explosion in work-from-home, many of those practices became commonplace. Services like Zoom got themselves caught on the wrong side of the privacy conversation. And then made the right efforts to get better.

Some of the places your data goes have your best interests in mind. Others…less so. This post will cover some of those technologies for credit unions, while also exposing some risks you may not know about.

Of course, we’ll discuss options to protect your data and self (sadly, some of this is used to control and instill fear in others).

Let’s start with the network you’re using.

Wifi Networks

Wifi Icon

When on public wifi networks, consider everything visible. Your banking connection might be encrypted, but some data can still be seen if someone is “watching” network activity.

Surprise, there’s a solution for it! A technology called VPN (Virtual Private Network) encrypts your traffic and “tunnels” it through trusted servers. Now no one can see anything you do online.

Since all your traffic goes through their systems, it’s good to trust the provider. I use Windscribe, a company out of Canada that is well-reviewed by those in the know. Plus, their marketing is stellar.

You can use a VPN on any connected device, so desktop or mobile activities can be private.

Ironically, LTE (and 5G for some) traffic is among the most secure in our country. If you don’t trust the wifi (Name: “FreeWifiConnectNow”), don’t have a VPN, and need to do some banking, just use LTE.

Other Privacy Challenges

The original draft of this post then went into depth on a really scary kind of location tracker: the license plate scanner. It’s really a discussion upon itself. When I have time, I’ll give it the treatment it deserves.

The rest of this post shares challenges as well as opportunities for your credit union, then further expose privacy risks we can mitigate.

Data Sharing

Between Open Banking and the general expectation of users, you’re under higher obligation to share data than ever before. And that doesn’t include what your members share on their own!

Red and White Puzzle Pieces Fit Together
How does this data and your privacy fit together?

How are we ever going to keep this stuff locked-down?

If you’ve been an honorary geek for any length of time (ie. one of my dedicated readers!), you’ll recall our conversations on data breaches and security. Many, many tweets about it, too.

To answer the question: Most of the time, you guys do a great job with security! It’s everyone else causing issues. Can I get an, “I know, right?”

So there’s a few forms of data sharing. The first is really blatant. It’s when you provide your card number to a merchant to buy something. If it’s in person, I hope you’re using the chip (EMV) or contactless (NFC, like Apple Pay or the card itself). Why? Go here. Read it.

Security in that form is tough, because you’re depending on the merchant. And that’s where most “breaches” occur, costing your institution time and money (though consumers seem to consider it normal now).

It’s not normal. It doesn’t have to be a regular occurrence. Now that the tech is available, the challenge is in member education.

API Access

Shaking Hands in Front of Globe

Chances are, you have at least one connection to some financial service using an API (Application Programming Interface). These are secured links between systems that don’t require sharing passwords.

The handshakes that happen are in the background. It’s like “Log in to this site with Facebook”. You don’t give them your Facebook credentials; you just say “sure, share my data.” (Those have their own privacy implications…)

Your members are used to this type of system. If you present your own solution, they’ll use it (assuming it promises and delivers on a value proposition).

Trusted partners will have strict controls on what they can do with the data you send to them. I’m sure that was decided during the agreement stage.

Having a standardized process for this is at the core of Open Banking. Yes, it will let members connect banking data to other, perhaps cooler, platforms. Yet they’re still with you. And your institution can market this easy integration.

Privacy & Functionality

Data is the new currency. Companies want it. And with the technologies of today (and tomorrow), they can gather more of it than ever before.

Your goal is to help maintain your members’ privacy and security, while also engaging them through interesting personalized experiences.

Risks From Outside

Sometimes, ok, most of the time, the privacy risks to your credit union and members come from outside. There’s not much you can do about them besides being aware, having good security policies, and educating members.

But there is one thing every hacker wants…access to your device. What are the two best tools to prevent this?

  1. Biometric authentication (TouchID or FaceID)
  2. Long passcode only you know

Yeah, that means not sharing access. It also means never sharing passwords (I’m referring to those streaming services logins you absolutely never give to family and friends).

Whether directly or remotely, hackers long to access your information (be it financial, personal, or business). Locking down your phone and computer is your best first line of defense.

Sometimes the “hacker” isn’t a hacker, but someone close to a member. They may install software called “stalkerware” that tracks usage and activities, just as much as any other hack. Go here to get tips for detecting and removing these programs.

This is a concern for people escaping abusive relationships. It also can be a disgruntled (possibly) former employee attacking your computers.

Do they have deep access to your systems? Can they plug devices into your computers and add/remove data? Think of every spy movie character plugging the thing into the network to download all those blinking folders.

You don’t want that. Lock down your systems so this kind of data extrication cannot occur. (but don’t get too aggressive, or employees will resort to less secure means of moving files).

Here’s a company which might make you a bit more eager to lock down your social media accounts. Surprise, surprise, they got hacked.

Clearview AI Facial Image Hack

Face Detection Digital

Here’s a scary and timely hack (based on when I wrote this piece) I hope never happens again. Though, given the information is already out, does it even matter? Yes, yes it does.

A company called Clearview AI was just minding their own business, providing quality services to other companies…sorry, none of that is true. Here’s what they were doing:

Stealing all photos of your face visible online. Then keeping them in their own systems permanently. Even when you deleted your copies on Facebook, Twitter, LinkedIn, or elsewhere, they had you saved.

Already, that’s…not great. It gets worse. They sell this image data (with associated AI recognition capabilities) to law enforcement, governments, and, oh, yeah, banks.

Presumably, it’s used to match your identity to photos of unknown people. For what reasons? To find wanted people, sure. To discover those who aren’t paying the loans? Your guess is as good as mine.

The hack? Their entire client list was stolen. So while there’s no way to remove your photos from their system, someone else has access to who they’ve sold them to.

What You Can Do

In this case, your strategy is just empowering members with clear and concise information. Then share pieces of a regularly-updated guide on maximizing safety and security online and in the real world.

Include mention of privacy settings on social media, the potential risks of friending people you don’t know, and the typical “your credit union will never ask for any personal information”.

Keep Dark Web In Mind

For your own institution’s protection, realize some of your member data might be on the Dark Web. Brainstorm the most effective and unobtrusive ways to verify member activity and identity.

PS – Make sure security questions never include maiden names, pets, street/city where you were born, or first car. Embrace 2FA and answers to questions that are less likely to be found in public record searches. Say, favorite movie or breakfast. Again, be creative! (Yes, these are vulnerable to social engineering, but it’s a start.)

Privacy Talks Continue

These two posts may have felt like a lot. And you’d be right. But it’s still just the beginning. I could talk about nothing else on here and stay busy. I won’t, because there’s more to cover.

Just keep these ideas in mind and ensure they are built into your mission, so it’s always considered.

You have your member’s trust. Use it wisely and share your own wisdom to help them live safer, more productively, and happier.

Be sure to Subscribe to the Credit Union Geek to get more posts like this delivered straight to your inbox.

Image credit: Photo by Matthew Henry on Unsplash

Coins in a Glass Jar --- Image by © Royalty-Free/Corbis

Big Tech Firms Have A Plan…Do You?

June 19, 2018 / / 1 Comment

Originally published on CUInsight.com

This post exceeds normal length expectations.  Estimated reading time is 5-7 minutes.  It’s worth it.

The future of banking looks bright!  New possibilities, new technologies, all while serving an ever-expanding portion of the population!

Oh, you’re from a credit union.  That introduction wasn’t meant for you.  I was talking to the big tech firms, the front-runners in creating banking solutions of tomorrow.  What?  Are you saying Jeff Bezos isn’t one of my readers?  Psh, you don’t know that.

Credit unions aren’t paving the way.  Nor are they pioneering the ability to serve the underbanked.  Seriously.  Many are doing great things, that’s for sure, yet the fundamental change is originating from tech firms.  And they’re not doing it alone (more on that later).

Let’s take a look at a super-simplified cross-section of society, with a focus on traditional banking options.  Where does the credit union industry fit?

  • For the lowest-income and credit challenged (or no credit), they have few choices.  A lack of financial knowledge and access to banking resources leads them predominantly to payday lenders or check-cashing stores.  This situation, frankly, sucks.  People are paying hundreds of percent (or more) in interest (or substantial fees) for access to their money.  It’s really expensive to be poor.  When I deposit a check, I get every penny.  Is that really fair?
  • Individuals with sufficient credit to open an account can (and do) go to banks, but many choose a credit union, due to their lower fee structure.  Those who choose a credit union tend to carry a higher credit card balance, with more cards and higher total debt. However, and this may be due to lower interest rates, more individualized (and thus forgiving) relationships, or some other factor, they are less likely to become delinquent in their debts.
  • Higher-income individuals and businesses are more likely to be with the large banks.

So big tech firms are looking for the path of least resistance into the banking world.  It starts at the economic bottom, by offering necessities at far lower rates than the existing solutions.  Then, they offer better programs than those that people have today, focusing on convenience.  Finally, the companies want to become the lenders of choice for a wide range of needs.  By already having successful business strategies, all this can be done at much lower margins than a dedicated banking institution could possibly reach.  For example, Amazon barely makes any money on their Kindle or Echo devices (they might even sell at a loss), because they know users will purchase far more once they have them.

The following is a discussion of selected large tech firms changing the banking landscape.  Each are planting their own flag in the financial world of tomorrow.  Will all be successful?  Only time will tell.  For aesthetics and readability, each company’s actions are accessible by clicking the name.

Where are the greatest opportunities?  And how can a business decision help people the most?

PayPal

PayPal believes the answer to both those questions lies in that first economic category.  As a pseudo-banking institution already, they have held money in online accounts for use on purchases for many years.  This money could not be withdrawn at an ATM, nor used at a physical POS.  Until now.  PayPal now offers a debit card that includes many of the same features your credit union cards have.  Want to pay for dinner?  No problem.  Withdraw money at an ATM?  Sure.  Deposit physical checks?  Grab your phone and take a picture.  All with no monthly fee, no minimum balance requirement, and a ~1% fee for deposited checks.  PayPal is making it clear this account is not for everyone.  It’s mainly for those who you would call “unbanked”.  In fact, their COO even said that if you already have a banking relationship, “this isn’t an account for you.”  They believe as the digital economy continues to grow, the largest opportunity is in those who aren’t currently “banked”.

So PayPal is positioning themselves for enormous growth, while engaging an underserved portion of society, and minimizing economically stressed people’s reliance on high-fee payday lending.  Sounds like the credit union mission, doesn’t it? It should, and not in the least because their CEO keeps saying this at CU conferences.

Other tech firms are taking a different route.

Amazon

Take Amazon.  They want your checking accounts (allegedlyprobablylikely).

Why would your members want to switch to Amazon for their checking?  It’s not like it would be any different.  Except it could (according to surveys) be a fee-based account ($5-10 per month) that provided a series of perks.  Perks like ID Theft Protection.  Or Cell Phone Damage Coverage.  Perhaps it would be integrated into Prime membership.  We don’t know.  But 66% of people surveyed said they would consider paying or definitely sign up for that account, if it existed.

If only your credit union could do something like that today…But I digress.

It’s not like Amazon is inexperienced in banking concepts.  In 2011, they began small business lending to sellers on their site.  They are now lending more than $1 Billion per year.  And it’s invite only.

Recently, Amazon has also expressed interest in serving the “unbanked” of the US and abroad.  Look at them, taking on the jellies!  Ok, PayPal.  They’re taking on PayPal.

Venmo

“So you owe me $14.53 for dinner.  Cool?  Just Venmo me the money when you get a chance.”

Venmo grew so quickly that you can be forgiven if you are still recovering from the windblown hair as it blew past.  Think of it as a peer to peer payment platform.  It began as a way to send money through text messages, but quickly changed into its own cross-platform app.  Users link existing debit cards/bank accounts and send or receive money through the service.  In the time it took you to read this paragraph, you could have gotten reimbursed for gas, sent your portion for drinks last weekend, and gotten the money from another friend for the tickets to that awesome concert.  They handled nearly $7 Billion in transactions in Q1 2017 alone.  Oh, and PayPal bought them in 2013.  So giving them their own section is almost cheating.

Besides, there’s a newer service that aims to do the same thing, but with a twist…

Apple

Your credit union probably supports Apple Pay.  By that I mean your debit and credit cards can be added to Apple Pay on members’ iPhones, iPads, Watches, and Macs.  It’s a brilliant payment system that I use regularly (there’s nothing like paying for groceries with your watch…except not paying for groceries).  I love the simplicity and security of the process.  I don’t love how slowly merchants are adopting the new payment terminals (and then enabling the NFC tech in them to support it).  Ugh, different discussion.

Last year, Apple Pay got an upgrade.  With Cash.  Previously, Apple Pay only worked where a normal debit/credit card could…POS, ie. paying at a merchant.  It was useless for P2P payments like Venmo supported (and PopMoney, to speak CU service lingo).  Apple Pay Cash links a debit or credit card to a digital stash of cash (you like that?) that you use to send/receive money right through iMessage.  Yes, recipients have to be fellow Apple users, but, sheesh, it’s easy.  Heck, it works with Siri.  No data is available on usage, but given it’s built in to hundreds of millions of devices, I’d say it’s only bound to grow.

To establish these potential checking and/or savings accounts, fund these digital wallets, or receive deposited checks, none of these companies are making themselves a bank.  Instead, these companies partner with an established bank, or multiple banks.  Why?  Think of your preparations when the NCUA examiner is inbound.  Enough said.

For example, for PayPal’s new debit card, they use a bank from Delaware for debit cards, another out of Georgia for check scanning, and a few banks in Utah for lending.  Note these are all small banks…is opportunity calling for your credit union?

Amazon is in talks with JP Morgan Chase and Capital One for their checking program.  Venmo uses your existing banking relationships.  Apple Pay Cash uses a Discover debit card powered by Green Dot Bank, a fin-tech which also provides their own reloadable debit card with no minimum balance, no overdraft fees, and no credit check, while still offering things like bill pay.

I feel like I’ve talked about partnering to enhance your strengths while addressing your weaknesses.  Ah, well, no worries.  We’re all here now.

So the big tech firms all have a strategy to attract the banking customer of today and for years to come.  What’s your plan?

PS – You may notice I excluded Zelle, the P2P platform of choice for American banks.  It was developed by Early Warning Services out of Scottsdale, AZ, a company formed and owned by 7 banks, with 70 more in the process of joining.  It’s their answer to Venmo, and is built in to all their mobile apps.  It connects more than 50% of checking accounts in the country and growing.  So why didn’t I mention such a large disruptor?  Because they’re not a disruptor; they’re a service of the existing banking industry, responding to the popularity of the other platforms.  You still have to pay attention to them, though.  Competition is competition.  So I ask again…what’s your plan?

Mobile Banking and Social Media

People Will Talk…Tweet, Snap, and More – Part 2

November 15, 2016 / / 0 Comments

Originally published on CUInsight.com

Welcome to part two of the Two Peoples series. Last time, we learned about the “great divide” between individuals who are deeply connected and those who prefer to go the analog route. Now, we’re looking at those “connected folks” and trying to understand how they approach the world differently, if at all. And, if so, does it matter?

I already hear your objection: There are plenty of members who will not do these “techie” things, and your in-person service will always be essential for them. I know…my own family is part of that group. You’re right. It is an important part of your operation.

But you’re missing a whole lot of people who are connected. At this point, I can go into the talk on embracing social media, empowering your staff, and championing your most loyal members. Yet I won’t. You know these things, and there are countless articles to guide you if you don’t.

What you need to understand is that the social side of the technical evolution is not a fad. It’s become more than just staying in touch with friends and family. It is now the ability to do anything by way of a technological device. Want food in front of you right now? GrubHub or Seamless. Need to get out and exercise with a digital reward? Pokemon Go, Running With Zombies, Nike Run Club, or just the Apple Watch Workouts app. Show everyone how you look with a dog nose? Snapchat (really, I still don’t get the platform). Learn about and buy whatever you want? You know the sites.

Yes, I hear you, again. “How does a running app or food delivery system help a financial institution?” It’s about the connections the technologies enable. Even though I don’t use the social aspects, I do understand the idea of being disconnected from some people by being connected. There’s even a name for it: Digital Footprint Score. Let’s explore.

Do you remember when the World Wide Web was in its infancy? If you were one of the early adopters, you knew how separated you had become with those who were still not connected. I was ordering pizza online in the mid-90s. The precursor to my own company had a dynamic website even earlier. We had taken such a leap beyond our previous life, that you couldn’t even explain it sufficiently to those who didn’t experience the daily “brrrzz, whoosh, ba dum, ba dum” of the 14.4kbps (or 28.8 if you were way cool, and 56k if you were just royalty) modem.

We are in that position yet again. I talk with my karate students often about the games they play, apps they use, and I’m amazed at the connections they are making within these environments. The newest trend is where that virtual community extends into the real world, a la Pokemon Go and similar “augmented reality” experiences. Between gaming, interacting with friends, businesses, and associated services, their Digital Footprint Score is extremely high. It may not come as a surprise, but this score trends higher as you get younger.

(Why aren’t we calling it the Benjamin Button Score? I crack myself up.)

Your digital footprint will continue to increase, and we are still in the early days. I believe financial technologies (fintech) will enter this crossover realm in the coming years as well. The hyper-connected don’t carry money. They pass it around like you would an emoji. In fact, you can pay with emoji now, really (don’t get me started on them…it’s like we’ve come full circle from hieroglyphics). And peer-to-peer payments within your favorite messaging service is a reality.

However, we aren’t entering a post-bank world. We’re evolving into a new way of banking. One where you have a crucial role, if you take your virtual seat at the table. Looking back at these new concepts above, what do you recognize? Direct communication…you do that. Community-building…didn’t credit unions start this concept? I get that you’re not going to build the next billion-dollar platform. But why not work with the company which does? It’s as if we’ve had this talk before…

The final part in this series will look ahead to what the future may hold. Hang tight, because we’re talking artificial intelligence! And it’s not even close to what you’re thinking. Sorry, HAL.

Brief Bio

Geek. Environmentalist. CU Marketer.
Learn More.

Powered by

Sci-fi & Disney references

You thought I was going to say WordPress or something? Sure, it is, but that’s what really keeps this site going.

© 2025 Credit Union Geek

Theme by Anders NorenUp ↑