Security And Statistics Tell The Tale

Reports show feds quietly raising bar on security and noting demographic differences in mobile banking and payments.

 
 

A couple things stood out in the past few days in the steady stream of reports and news reports about those reports that keep our in-boxes full.

Both were from the people who run things in our industry. Not the big banks. In this case. I mean the federal government in the form of the FFIEC and the Fed itself.

One was the March 30 release of the “FFIEC Joint Statements on Destructive Malware and Compromised Credentials.” Simply put, they’re step-by-steps on what credit unions should be doing about cyber security, along with some alerts about why you should be doing it now.

The other is the Fed’s release of “Consumers and Mobile Financial Services 2015.” Some of the findings were predictable: Mobile banking is on the rise, for example. But the study also produced some actionable — and perhaps curious — results about demographics' use of the mobile channel.

But first, back to the FFIEC.

Ho-Hum, Yet Significant

The consortium of regulators — including the NCUA — recommended the alerts be distributed to every organization’s CEO, CIO, CISO, etc. A problem, of course, is that not every organization in credit union land has all those positions and resources.

And Todd Stringer, director of information security services at the Abound Resources bank and credit union consultancy, says it’s what wasn’t said that might be the real news here.

The FFIEC has already made it clear that credit unions need everyone involved — including volunteer boards — to know about the threats and protecting the enterprise. Stringer says he thinks regulators will now soon be adding more teeth to their advice.

“These new recommendations are nothing new. Nothing groundbreaking,” the IT security veteran says. “Protect against unauthorized access. Really?”

But, he adds, “I feel like they’re getting to the point where they are going to ask all financial institutions to undergo multiple independent assessments per year. They’re just not quite sure how to say it yet.”

Stringer adds that some of his firm’s banking clients already conduct monthly assessments and have won OCC regulator praise in the process, and that perhaps the FFIEC members are waiting for the emergence of a cost-efficient way for all financial institutions to do that before mandating it.

Now, back to the Fed mobile banking report.

Fed Sees Things In Black, White, And Both

The Fed’s annual report on consumers’ use of mobile financial services is comprehensive and authoritative, really, but the conclusions are fairly predictable: lots of people use their phones to bank and that is changing banking, especially in regards to payments.

Growth among all ages and races has been pretty uniform the past few years. One thing that seemed particularly intriguing this time, though, were findings that while black people and white people were equally likely to have smartphones — about two-thirds penetration among American adults in each of those two categories — black people and Hispanics were much more likely to use them for financial services, especially payments. (The whys behind this was not the subject of the Fed’s report.)

Check out the graphics on page 4. In 2014, 65% to 68% of white, black and “2+ races, non-Hispanic” that had mobile phones had smartphones. Meanwhile, 83% of survey respondents who self-identified as Hispanic do, continuing a trend of that group leading in digital banking services adoption since the early days of the Internet.

But then on page 12 are more tables that report the following percentages for people who have used mobile banking in the past 12 months as defined by ethnicity: white, non-Hispanic — 34%, black, non-Hispanic 43%, and Hispanic — 53%. And on page 15, we find that black and Hispanic consumers are roughly twice as likely as white respondents to use mobile for payments.

Interestingly, Page 7 has a chart that shows mobile financial service usage is pretty much the same in rural and metro areas. There are a lot more tables and the surveys were done using techniques — including follow-ups from the year before — that should satisfy the most demanding stats professor.

So what does it mean for credit unions? Opportunity, according to Pablo DeFilippi of the National Federation of Community Development Credit Unions.

“The report confirms an emerging trend we’ve long noticed: that mobile phones are prevalent among unbanked and underbanked consumers,” DeFilippi said Wednesday from Tampa, FL, where the federation had just conducted its fifth roundtable on immigrant finance this year.

“This presents a tremendous opportunity for financial institutions in general and credit unions in particular to engage a growing segment of the market that’s either outside the formal financial mainstream or that’s drifting away from it,” the federation’s membership director says.

That’s especially true in rural areas where traditional bank branches are scarce. Credit unionsdon’t require the same level of deposits and loans to make them sustainable, but also often don’t have the capacity to significantly expand a physical presence in those communities, DeFilippi says.

Thus the opportunity for credit unions to make a difference — and differentiate — through mobile in rural and urban areas alike. Like everyone has time, right?

Moving Things Around A Full Plate

Security, security compliance, serving the underbanked because it’s good business and something credit unions should be doing … all these things and more seem to be constantly on the move around a very full plate in the C-suite.

Jay Johnson sees that all the time. “Everyone’s trying to get ahead of the competition and set their own course, but there are so many issues competing for your attention,” says the executive vice president of Callahan & Associates.

“I hear that all the time,” the longtime credit union consultant says. “The people we talk to know security and security compliance are important and that they need to talk about it. The struggle is how to organize effectively in a way to devote the time to it they think they should.”

 
 

April 2, 2015


Comments

 
 
 
  • If you have been hiding under a rock this past year then I can understand not realizing that stealing online account credentials is something that the majority of Financial Institutions and Retail businesses have not done a very good job preventing such attacks. I'll make it simple, if a human enters all the credentials required to access an online account and/or the second factor of authentication is dependent on a Cookie or an IP Address, then your online accounts can and are being easily breached.
    Mike Angelinovich