Passwords and Security: A Boost to Member Confidence or a Barrier to Using Your Solution?
Security, security, security. Does a password constitute an e-signature? What can we do for a member just based on a password? How can we equate passwords between audio response systems and home banking systems? How can my passwords be complex enough to satisfy examiners and auditors? What is my enrollment procedure in authorizing access to our home banking site? How do we make self service secure while creating a delivery channel with as few member service barriers as possible?
All of these questions come up the day you start a home banking transaction site. The key is, did you quickly decide today on a solution, without thinking about this challenge as an ongoing one? Security issues and the general marketplace's awareness will only continue to increase. As systems are breached and fraud is committed against these sites, our intensity about securing the delivery channel will also increase. These changes are what mandates a strategy that you can commit to long term.
How does your credit union approach new members about using your home banking transaction site? Are they automatically enrolled? How do they get their password? Once they have a password, can they change it? Do they have a credit union service rep. change it?
Currently, most credit unions have an open enrollment policy for home banking. They use some form of formula password for the initial welcome to the site, then force the member to change it. Obviously, this open enrollment is the easiest way to deal with new and existing members who wish to come to the site without the hassle of having to request enrollment from the credit union. How does your credit union view pressure by current examiners and regulators to restrict open access and formula-based passwords? What will you do in the future?
Let's consider a credit union with a penetration of 10% of its membership using its home banking site. It adds a new feature that it believes will really increase penetration with its existing membership. How does it go about running a promotion to get members to try this new service? Do members have to come down to the credit union to activate their home banking password? What about members who were active but have since become dormant? Do they have to reactivate their access to the home banking site? Is it convenient? Or will the new service fall on deaf ears because getting access to the home banking site is too burdensome for the member to accept? How does your plan deal with these kinds of issues? Is future investment in home banking options doomed if you can't get more members to use the service?
Most credit unions started with Internet banking passwords that paralleled the PINs used by their audio response systems. This usually meant a numeric password with as few as four digits. In the future, four-digit numeric passwords for Internet banking will probably not pass examination. What happens when six characters will not? Or eight? Consider how your credit union staff manages all of the passwords they use in dealing with your data processing system. Now multiply that by the number of members who use your services. They have a debit card PIN, a credit card PIN, an audio response PIN, and now a home banking password that is becoming longer, more complex, and may even need to be changed periodically. Is all this too much? Will the average member ever decide that the value of your transaction banking site is worth the pain of managing it in a secure way? What do you believe is a good trade-off between security and the percentage of members using this delivery channel?
For many credit unions, their answer to these questions is that no single delivery channel is for everyone. Maybe ten percent is the target audience for your current Internet offerings. But what if it's not? Has your credit union made a long-term strategic decision and created a delivery channel that it cannot afford to ever discontinue? Will today's version be good enough? For how long? Do you have a strategy to go from ten percent to thirty or forty?
As a full service data processing and home banking solution provider, CU*Answers deals with the issues of implementing e-strategies for credit unions every day. If you would like more information about how CU*Answers answers the important questions raised in this series of articles, please contact Randy Karnes (firstname.lastname@example.org). We are also interested in your ideas and comments!
This is the third in a series of articles dealing with the challenges credit unions face in implementing and maximizing their "e" delivery channel. In Part 1 the author introduced the concept that implementing e-strategies is more than just buying a new gadget or adding a new service. Part 2 described the planning and preparation needed to implement e-statement and e-marketing techniques.