CU news Logo

 Your source for the latest technology information of interest to credit unions across America.

Subscribe to our weekly e-mail newsletter and/or our monthly newsletter and stay on top of the latest technology trends in Hardware, Software, ATMs, Biometrics, Wireless, Online Banking, Marketing, Security, Internet Access and Call Centers.

February 13, 2017

~ This Week's News is Sponsored by Better Branches ~

BB

 

General News  

* Share One Launches Fully Integrated NSMobile
* PSCU Unveils New Member Experience Center
* SailPoint Updates SecurityIQ
* PSECU Partners with FICO

Share One, a leading developer of credit union core processing software, announced the launch of NSMobile, the latest installment in the CUSO`s NS3 digital product suite. The customizable mobile banking application highlights a full mobile experience and provides a close integration with Share One`s core, NewSolutions, as well as the full NS3 product suite.

PSCU, the nation's leading CUSO, is unveiling a new Member Experience Center, purposefully designed for cross-disciplinary collaboration and innovation. All PSCU Owner credit unions are invited to attend a formal ribbon-cutting ceremony on Monday, March 6 at the CUSO`s St. Petersburg, FL headquarters.

SailPoint, a leading provider of identity and access management (IAM) software, unveiled the latest version of SecurityIQ, SailPoint`s solution that provides a comprehensive approach to governing data in the enterprise. The company`s product portfolio includes identity governance, provisioning, and access management delivered on-premises or from the cloud (IAM-as-a-service).

Analytic software firm FICO announced that PSECU (Pennsylvania State Employees Credit Union) will use its FICO Customer Communications Services to help make joining and borrowing easier. When a prospect applies to be a member, or a member applies for a loan, FICO's automated communications will help keep them informed at every stage of the process, instantly, via SMS or email.

~~~

 

Credit Union InfoSecurity Conference Sponsored by
imsmartin consulting

 

15th annual CU InfoSecurity Conference will be held June 14 - 16 in San Diego.

This Conference provides an excellent, cost effective way to show Regulators that your CU is serious about Information Security and that your staff is getting training on how it can protect itself against constantly changing techniques and threats.

This is a one-of-a-kind conference - a security conference dedicated solely to credit unions. Highly experienced, expert speakers discuss the latest security trends as they specifically apply to credit unions. Also included are three CU speakers from Logix FCU, Golden 1 CU, and San Diego County CU. The CU InfoSecurity Conference is the best conference value in the credit union movement: just $495 per attendee and $395 for returning attendees. Topics include:


* HoneyNets
* Ransomware
* USB Security
* Secure Workflows
* CyberCrime Trends
* Why You Need a WAF
* Data Leak Prevention
* Cybersecurity Assessments
* Working with Law Enforcement
* Blockchain Security Explained
* Next-Gen IT Security Risk Assessments
* Fear Your On Premise Security, Not the Cloud
* Is Your Credit Union’s IT Insecure by Design
* Multiple Biometric Authentication Technologies
* Fine Tuning: Six things you can do right now to improve your information security


Click Here for information, agenda, reservations & more.

 

 

 


Hardware News

Business News Daily recently tested and reviewed a wide range of tablets geared towards business users. Here are their results:

- Best Overall Business Tablet Microsoft Surface Pro 4

- Best iPad for Business Apple iPad Pro 12.9-inch

- Best Android Tablet for Business Samsung Galaxy Tab S2

- Best Budget Tablet for Business Lenovo Tab 2 A10

- Best Battery Life Tablet for Business Lenovo Yoga Tab 3

F5's Herculon SSL Orchestrator is a high-performance appliance that enables the decryption and encryption of outbound SSL/TLS traffic and supports dynamic, policy-based management and direction of traffic to the appropriate security devices for inspection. The company notes that currently the percentage of SSL traffic exceeds 70 percent, and that percentage is increasing, and that between one-half and three quarters of attacks cloak their communications in that encrypted traffic. In action, the SSL Orchestrator gives you visibility into SSL traffic with centralized decryption across multiple security tools - web application firewalls (WAFs), data loss prevention (DLP) tools, intrusion detection systems (IDS), intrusion prevention systems (IPS), malware analysis tools, and more. 

~~~

Hardware Section Sponsored by
Millennial Vision, Inc. (MVi)

 

Back to Top


Software Updates

Microsoft Nano Server offers a super slim deployment option of Windows Server 2016. It has numerous advantages in that it reduces storage costs; presents a very small attack surface; offers faster backups, live migrations, and reboots; and requires less frequent patching. However, Nano Servers are limited in that they can only perform the following roles:

  • Hyper-V host
  • failover cluster node
  • file server
  • DNS server
  • Web server running IIS

CrowdProcess is the scientific computing company behind James which is an Artificial Intelligence platform for credit risk. The company has developed an online credit risk management tool that helps credit unions create, validate, deploy, and monitor regulation-ready predictive models. The startup utilizes machine learning algorithms for its models and scorecards. They claim that they can boost your portfolio performance with a 10% increase in acceptance rate, while offering a 30% decrease in default rates.

DeepLearni.ng is a Toronto-based startup that has developed an AI platform dubbed Neptune that integrates disparate data sources. They say that their solution optimizes your business processes, and allows you to deploy advanced machine learning models without the need for sophisticated data scientists or machine learning experts. With their assistance, Scotiabank developed and launched a tool that identifies potentially delinquent or high-risk customers and suggests the best way to approach them about it. They note that even a small improvement in collections can have a big impact on their bottom line.

~~~

Back to Top


ATMs/Kiosks

Morphis has launched a new cloud-based version of its ATM management system - MorphisONLINE.net SaaS. The solution is designed to allow ATM deployers to access cash orders and cash confirmations, to view transactions in near real-time, providing “instant alerts” to cash-outs, cash loads, missed loads or terminal status messages.

One of the five top ideas in its competition for the Co-op Think Prize 16 is a concept designed to make ATM access safer and easier for older users. Co-op conducted Think Prize in partnership with OpenIdeo, an online global innovation community and collaborative platform, with sponsorship by MasterCard. The idea behind the All-Generation Friendly ATM is to give credit union members more confidence when using ATMs by allowing them to take time when setting up transaction details while they are at home. Once transactions details are confirmed, the transaction will be automatically brought up the next time the user logs-in to an ATM. This will minimize the time that they spend in being vulnerable at physical ATM locations.

~~~

ATMs/Kiosks Sponsored by
Heritage Industries


Back to Top


CU Success Stories  

 

Here is a chance to learn about real life credit union success stories from various technology vendors through the words of their clients. This week's vendor is:  

Connect Financial Software Solutions

Connect

and their client is:

City & County Credit Union

Credit Unions - if you have a vendor that you are happy with then please This email address is being protected from spambots. You need JavaScript enabled to view it.!

Vendors - if you have a credit union that is happy with your solutions then please This email address is being protected from spambots. You need JavaScript enabled to view it. and we will give you a $100 discount on your Case Study!

~~~

Back to Top


Wireless World

According to a report from Forrester, mobile payments volume in the US is expected to total $112 billion in 2016 and grow at 20 percent compound annual growth rate until it reaches $282 billion by 2021. The research firm concluded that while mobile payments are certainly popular, they have not swept across the retail world the way many had hoped. Venmo is one of the most popular mobile payment solutions and makes up almost a quarter of current mobile payment transactions, while others such as Apple Pay, Google Wallet and Square are also quite popular. For retailers, Starbucks has had the most success with mobile payments: 27 percent of all of their transactions last quarter came from mobile devices.

Both iOS and Android come with numerous security features and capabilities, however both operating systems have also been found to contain very serious security vulnerabilities in the past. Many security experts point out that Apple's app vetting process is superior to Google's process for their Play Store, but they also note that Google's more rapid, open-source development lifecycle can be a better way to ensure that vulnerabilities are fixed quickly. Both operating systems support enterprise use in that they offer some way of segmenting enterprise data from user profile data, in effect, creating a secure container to install enterprise apps and store enterprise data.

~~~

Wireless World Sponsored by
Member Access Pacific (MAP)

MAP

 

The MAP App™ is the first network-branded prepaid card exclusively serving credit unions to offer mobile banking -
contact us now to learn more about this market-leading innovation for credit unions:

(866) 598 - 0698

Back to Top


Security Section

In order to avoid detection, sophisticated scammers are launching "fileless" attacks using Windows utilities and open-source tools instead of easily detectable malware programs. Windows utilities like SC, NETSH and PowerShell can be used to load programs such as Meterpreter directly into RAM, without leaving any traces on the hard disk drive. Meterpreter, which is part of the Metasploit penetration testing toolkit, is in-memory software that can inject itself into other running processes and is used to establish persistency on a compromised system.

Vera announced the launch of Vera for Mail, an enterprise-grade security solution that lets organizations secure, track, and revoke access to any email they send. The package allows IT Departments to protect confidential communications, classify messages and attachments, audit internal and external collaboration, prevent unwanted sharing, and dynamically revoke access to email communications and content. For senders and recipients, Vera Mail does not require key exchanges or proprietary plug-ins.

Trend Micro announced that they have infused machine learning capabilities into their next-generation intrusion prevention system (NGIPS) solutions. Trend Micro TippingPoint NGIPS applies machine learning statistical models to feature vectors extracted from network data on the wire to make a real-time decision on whether network traffic is malicious or benign. They say that this evolution helps to better detect advanced malware behavior and communications invisible to standard defenses.

~~~

Back to Top


Leaders Roundtable

Security:

Battling Security Fatigue – Working Towards Usable Security

 

 

 

Onbase by Hyland Software - https://www.onbase.com
Read Steve Comer's comments:
https://www.cunews.com/OnBase.pdf

 

Millennial Vision - http://www.mviusa.com
Read Scott Cowan's comments:
https://www.cunews.com/MVi.pdf

 

NetWatcher - http://www.netwatcher.com
Read Scott B. Suhy's comments:
https://www.cunews.com/NetWatcher.pdf

 

MVi
Nintex - https://www.nintex.com
Read Mike Fitzmaurice's comments:
https://www.cunews.com/Nintex.pdf

 

Network Bix USA
 
Network Box - https://www.networkboxusa.com  
Read Pierluigi Stella's comments:

 

Pure IT Credit Union Services - http://pureitcuso.com
Read Kyle Stutzman's comments:
https://www.cunews.com/PureITCUSO.pdf

 

Security Compliance Associates - http://www.scasecurity.com
Read Jim Brahm's comments:
https://www.cunews.com/SCA.pdf

 

SentinelOne - https://www.sentinelone.com
Read Jeremiah Grossman's comments:
https://www.cunews.com/Sentinelone.pdf

~~~

Back to Top


Technology and Marketing

Instant issuance in the branch allows credit unions to personalize payments cards for members through custom card printing capabilities, e.g., family and pet photos, logos of local sporting teams, schools, organizations or community landmarks. Plus according to research from the CPI Card Group, millennials are nine times more likely to open an account if they are shown how quickly they will be able to use their debit or credit card at the very beginning of the account opening process. Finally, with the traditional, central issuance model, up to 10% of cards are never activated after they are mailed out by some estimates.

~~~

Back to Top


Online Banking/E-Commerce/Website Design

Mercator Advisory Group's latest report, “Business Banking Services: Expanding Online and Mobile,” finds that 84% of small businesses most commonly visit branches to make teller deposits and 47% make deposits at ATMs. Nearly all small businesses surveyed regularly visit the branch of their FI, but far fewer, 1 in 5, go to the branch to meet with a relationship manager. "While small businesses visit the branches primarily for quick and simple transactions, they would like to see improvements in online and mobile banking geared to help their businesses transact more easily and provide more services they need to manage and grow their business," notes Karen Augustine, Mercator Advisory Group's Senior Manager of Primary Data Services, the author of this report.

While NACHA rules dictate that the FI originating a payment assign a unique 15-digit trace number, uniqueness is not mandated across payments in other batches in the same payments file. Steven Cordray, payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed, suggests that a possible solution that could overcome this current limitation of the trace number would be a one-time-use, ACH-operator-assigned, 15-character alphanumeric trace number. He suggests that operators could guarantee uniqueness by allowing an operator trace number to contain digits and upper and lowercase letters, and expanding to a 62-character set would result in over 3.5 trillion distinct values which would be more than enough to cover the 6 year record retention requirement.

Accenture wants to help FIs secure their blockchains by storing the encryption keys they use to sign transactions in hardware security modules (HSMs). Their goal is to help make it easy for blockchain developers to incorporate HSMs in their platforms. Their solution is currently designed to work with Thales e-Security's nShield HSM and the Hyperledger Fabric blockchain software, but they plan to extend the project to other commonly used HSMs and they point out that it can be adapted to other blockchains.

~~

Back to Top


Internet Access

SD-WAN (software-defined wide area networks) proponents contend that they provide a more cost-effective and simpler way to operate secure, virtualized WAN connections between branches, data centers and the Internet. That is because they deliver an easily programmable environment that permits you to augment or replace your existing WAN, lower costs by deploying less expensive broadband links and dynamically scale bandwidth capacity. However, SD-WANs are not often complete WAN solutions in that you may need to add other software orchestration components to the mix, particularly if you want to connect from remote sites to cloud services. Orchestration allows you to coordinate and automate across different pieces of the network thereby integrating the entire distributed organization to the WAN and into the cloud.

Webroot SecureAnywhere DNS Protection controls Web access at the domain layer for any on-network device, user or guest. The Web-based SecureAnywhere DNS Protection console enables admins to finely tune Web access policies by IP address or IP range, and limit access to any other websites that they may consider a risk to their network. Webroot offers over 82 URL categories, and claims that the solution sets up in minutes and doesn`t add latency.

~~~

Back to Top


Call Centers

Anyone who has ever worked in a contact center knows just how stressful it can be on agents and managers. In response, some progressive centers address these high stress levels with rewards and perks designed to keep employees happy and somewhat more relaxed. Some perks that have been offered at various contact centers include:

- complimentary snacks and drinks

- small gifts on a continuous basis

- gamerooms with video games and tables for ping pong, billiards, foosball, etc.

- yoga and deep breathing classes and massages

- mobile car washes

- quiet rooms and nap pods

- indoor and outdoor exercise areas

- “Bring Your Dog to Work” days

- no dress code

- holiday parties, picnics, and team building retreats

~~~