Credit unions pride themselves on treating their members like respected friends, not like customers. Because of this, members put their trust in their credit union. If that trust was broken by a breach in security, a credit union's reputation and business could be at risk. It's important for credit unions to keep members' information protected as best they can, for the sake of their members and for the organizations' business model.
A recent study shows that many people aren't doing much to protect their information, though. Kaspersky Labs found that over three-quarters of people use multiple devices and the majority of those people store sensitive information on their devices. However, the study also found that over half of device users worry about the security of their devices and fear being spied on. Over a third of device users worry that other people will find or see the personal information they store on their device.
When it comes to keeping information safe, not many people said they should be held responsible for their own protection. Most people said they shared the responsibility with their banks while 20 percent said the responsibility was entirely on their bank.
"Many people aren't doing much to protect their information."
This is a message credit unions will want to take seriously. Because many people believe the security of their information is the responsibility of their bank or credit union, people are likely to lose faith in their financial institution should an information leak happen. For credit unions, this could be extremely damaging.
What is required
The federal government regulates five different pieces of information it considers to be personally identifiable information: birth date, social security and driver's license numbers, credit or debit card numbers and checking routing and account numbers. However, states have the authority to add more pieces of information, such as mother's maiden name, to the list. Other countries typically have even more expansive lists. To keep in line with regulations, credit unions should be protecting as much information as possible.
The Gramm-Leach-Bliley Act requires all U.S. financial institutions to let their customers or members know how they share information and keep sensitive information secure. Plus, most states have laws that require credit unions, banks and other businesses to notify members and consumers when a data breach happens and their information is at risk.
What is recommended
Most banks and credit unions use security measures like firewalls and data encryption to protect member data. Firewalls only allow authorized people to look at sensitive information. Data encryption turns sensitive information into code that is difficult to break. Other ways some credit unions and other financial institutions protect user data online is through multiple-step verification processes.
How to take it a step further
New technologies allow data to be kept secure at all times. Virtual StrongBox is one company that has created new software called encryption-at-rest, which will store data securely and encrypt it, even when it isn't being used.
"Encryption at rest makes a huge difference in security, and should be the industry standard," explained CEO of Virtual StrongBox Ron Daly. "Cybercrimes result in high recovery costs from lost business, reputation damage, regulatory beardown and customer claims – plus the toll on victims. The right security protocol may have prevented or mitigated the damage."
Some credit unions have developed other technologies that could help to reduce fraud. First Tech Federal Credit Union is working with MasterCard to develop Selfie Pay, in which facial and fingerprint recognition will allow a payment to go through. The pilot program will be carried out by First Tech's employees this fall.
According to a study by Kaspersky Labs, 92 percent of people store sensitive information on their devices, including their smartphones.
"At First Tech, we're establishing a strong track record for bringing the most secure and forward-looking payments security to our members, first with our introduction this year of chip-and-PIN debit and credit cards," First Tech's CEO, Greg Mitchell, said. "In that spirit, this biometrics pilot program represents an exciting next step in payment convenience and security."
Beyond credit unions' internal technological capabilities, they can help keep their members' information safe with personal security education. According to Kaspersky Lab's research, even though many people worry about the security of their information, few are doing anything to protect it further. Teaching members how they can help keep their information secure will lower their risk of fraud or identity theft. For instance, using a password to secure all devices will decrease risk. When buying anything online, only use trusted websites and only enter sensitive information into websites that begin with "https://" rather than "http://". The "S" stands for secure. Forbes suggests only using credit cards for online shopping because credit cards have stronger fraud protection than debit cards.
It's clear that in the changing world of technology, people will continue to store sensitive data on their mobile devices. Credit unions should be stepping up to ensure that their members' information is as protected as possible. Advances in technology will certainly help with this in the upcoming years, but educating members about online security will greatly benefit both credit unions and their members.