Credit Union tech-talk News

April 2 - April 6, 2007

• General News
• Hardware News
• Software Updates
• ATMs/Kiosks
• Biometric Digest Highlights
• Wireless World
• Security Section
• Leaders Roundtable
• Technology and Marketing
• Online Banking/E-Commerce/
  Website Design
• Internet Access
• Call Centers
• Conferences

* Summit Signs Canada's Prime Financial to iSpectrum
* Bethpage FCU Contracts with Gila Group
* USERS Introduces Real-Time Vaulting Service 
* Comodo Announces Unified Communications Certificates
* Redspin Introduces Firewall Configuration Analysis Tool 

Summit Information Systems, a business unit of Fiserv and provider of advanced technology solutions to Canadian and U.S. credit unions, announced that Prime Financial Savings and Credit Union, based in Hamilton, Ontario, has signed a five-year service bureau agreement for the iSpectrum banking system. The credit union will also implement the Fiserv Wisdom Accounting Suite, a financial reporting solution designed for credit unions supporting general ledger, fixed assets, accounts payable and prepaid expenses reporting requirements. 

Austin-based Gila Group announced that Bethpage Federal Credit Union will handle all auto repossessions for the $2.4 billion New York-based credit union. Gila Group's collections agents will also act as de facto employees of Bethpage on delinquent auto loans. 

USERS Incorporated, a business unit of Fiserv, has introduced a Real-Time Vaulting service that enables credit unions to restore their core system and services faster in the event of a disaster. The vaulting service is the newest addition to USERS’ full line of Business Recovery Services, which includes hot site services provided through three data centers nationally. 

Comodo, a global Certification Authority and leading provider of Internet and trust assurance management solutions, announced the availability of Unified Communications certificates for Microsoft Exchange Server 2007. These new certificates enable enterprises using Exchange Server 2007 for their messaging infrastructure to use a single SSL certificate to secure multiple fully qualified domain names on a single host/IP address.

Redspin, a leading independent audit firm specializing in network security and compliance, has introduced a new software tool, the Redspin Firewall Configuration Analysis Tool (CAT), which simplifies and automates the complex problem of auditing firewalls and identifying configuration problems. An online version of the Redspin Firewall CAT is available at http://www.redspin.com/tools.

Hardware News

The HP Officejet Pro L7500/L7600/L7700 is a new office-oriented inkjet series of all-in-one printers that boasts fast print speeds, high-quality prints, and lots of features. Geared towards small to medium businesses or work groups, the series have built-in networking, scan-to-network functionality, and monthly recommended volumes of 7,500 pages. On the $400 Officejet Pro L7680, there is a top-mounted, 50-page automatic document feeder that lets you copy, scan, or fax multipage documents. HP backs the Officejet Pro L7680 All-in-One with a standard one-year warranty, though you can also pay to extend the warranty. 

Micronet announced a new network-attached storage platform for small and midsized businesses that includes 4TB of storage capacity. The Platinum NAS 4.0 uses 1T-byte Serial ATA disk drivers. It features hot-swappable disk drives and supports RAID 0, 1 and 5, as well as RAID 1 mirroring. The Platinum NAS 4.0 starts at $879.

In the past, only the largest data centers could afford sophisticated monitoring systems. But now environmental monitoring for server rooms, wiring closets, and datacenters has come down in price so much that even smaller credit unions can afford it. We will cover one system in the May issue of Credit Union tech-talk - subscribe today.

MagTek®’s ExpressCard 1000 is the industry’s first “ALL-IN-ONE” instant issuance and complete card personalization platform forCredit, Debit, ATM, and Financial Gift Cards designed to fit securely and comfortably within a branch location.

For the first time, card personalization features such as color card-printing, magstripe encoding, smartcard encoding, card embossing, indent printing, and foil tipping have been combined into a single device which provides both the physical and logical security features required to meet the demands of a branch or retailer’s card issuing environment.

Equipped with MagnePrint® card authentication technology (www.magneprint.com), the ExpressCard 1000 offers the capability to capture the card's reference MagnePrint at the time of card issuance so that reference value may be used in conjunction with complementary risk management analytics with card present transactions. The ExpressCard 1000 can be connected as a peripheral to MagTek’s IntelliCAT and MCAPS 3000 PIN selection and instant issuance software suites creating a complete and secure card issuing platform.

For more information on ExpressCard 1000, go to www.magtek.com or call your MagTek sales representative at 800-788-6835.

Back to Top

Back to Top

ATMs/Kiosks

Cisco and Wincor Nixdorf have partnered to increase ATM security. The companies say that Wincor’s Platform Security Agent — developed using Cisco Security Agent — helps protect self-service system platforms against network and local attacks. Wincor says that the agent helps lock down configurations and prevent unauthorized software downloads.

Level Four Software has come out with the BRIDGE family of software products that consist of five interoperable product components, which can be used individually or together. The components are: 

• BRIDGE:test - Used for testing of ATM software applications 
• BRIDGE:author - For the design and creation of ATM applications 
• BRIDGE:install - ATM application configuration builder and repository 
• BRIDGE:deploy - The run-time execution environment for distributed ATM applications 
• BRIDGE:control - For independent monitoring and control of Windows-based ATM networks

Back to Top

BioPassword has released BioPassword Enterprise Edition 3.0. Through added technical partnerships and integration, Enterprise Edition 3.0 extends support for remote access, and now delivers an added layer of security for server-based computing environments. The new version adds an additional knowledge-based authentication (KBA) factor which allows organizations to increase security without the worry of denying access to legitimate users. Credentials will be evaluated based on keystroke biometrics first and if there is doubt about the legitimacy of the user, a KBA challenge question can be dynamically issued.

A British company called VoicePay claims that they have developed the world’s first payment system interlinked to advanced voice biometric technology. They say that their solution securely allows your financial transactions to be signed and guaranteed, and that they deliver a complete range of payment solutions allowing any size of payment to be processed, from one cent upwards, anywhere. 

Back to Top

Atlanta-based Firethorn announced that Verizon Wireless is working with them to introduce its mobile banking and payments solution. The Firethorn solution is a single, secure application, authorized by the wireless carrier and controlled by the consumer. The application, which is designed to work for any credit union on virtually any mobile device, enables comprehensive banking and payments capabilities. 

Metavante has partnered with Monitise to launch and operate a wireless payments and banking network in the US. Monitise is a European provider of mobile banking systems. In addition to mobile payments, the Metavante/Monitise joint venture will deliver two-factor authentication services to credit unions via Monitise's Accode service, which replaces tokens and key fobs by enabling mobile phones to securely generate a one-time passcode for desktop, remote and portal access, along with point of sale and Web-based payments. Metavante says it will link the m-banking system to its NYCE electronic payments network, which connects 280,000 ATMs and 1.5 million point-of-sale terminals.

According to Visa CEO John Philip Coghlan, mobile payment is at a critical moment in its development, and realizing its full potential will require close collaboration between the wireless and payment card industries and financial institutions. Speaking at the CTIA WIRELESS 2007 conference, Coghlan stressed Visa's commitment to partner with wireless and financial industry leaders enabled by the Visa mobile platform. We will cover more of his interesting comments and the results of a Visa survey that looked at consumer attitudes toward mobile payments in the May issue of Credit Union tech-talk - subscribe now.

Back to Top

According to a survey by Webroot Software, malware is disrupting nearly half of worldwide businesses. 26% of enterprises reported that confidential information had been compromised as a result of spyware. 39% reported Trojan attacks, 24% reported system monitor attacks, and 20% reported pharming and keylogger attacks. The company noted that malware attacks are become more frequent and successful because the attacks are more sophisticated. 

Some security experts insist that every organization classify their data. One scheme uses 4 classifications: 1) Public; 2) Internal use; 3) Confidential; and 4) Privacy-restricted. This is tied into retention periods which can run from 7 years for financial records to 3 years for historical business records to a year or less for temporary data. They also point out that this information is in turn also related to business continuity plans. For example, mission critical data must be restored virtually immediately, while urgent data could be 48 - 72 hours and non-urgent data could be up to 30 days.

Many security analysts believe that personal firewalls aren't a luxury anymore. There have been two basic approaches by security vendors when it comes to personal firewalls. Learn more about them in the May issue of Credit Union tech-talk - subscribe today. 

MAGENSA™ is a trusted verification authority (TVA) that provides real-time remote-hosted credential authentication services. These services enable credit unions, financial institutions, businesses, and government agencies to integrate PCI DSS and FFIEC multi-factor authentication and end-to-end data encryption capabilities into their existing processing environments without the need for substantial financial investments or massive changes to the existing infrastructure.

Specifically tailored to enhance the security of internet banking and ATM applications, MAGENSA delivers unprecedented security and authentication using the familiar magstripe card credentials (secure tokens) that a credit union has already issued to its members. MAGENSA is powered by the trusted and proven card authentication technology known as MagnePrint® (www.magneprint.com). MagnePrint differentiates a members’ authentic magstripe card from an altered or counterfeit version, transforming the traditional magstripe card into a powerful security token.

MAGENSA’s Secure Data Center (SDC), a reliable 24x7 operations center that is maintained 365 days a year, simplifies the integration of data decryption and MagnePrint scoring into existing websites, and allows for data federation across institutional domains.

For more information on MAGENSA, please visit www.magensa.net or call 877.MAGENSA.

Back to Top

SECURITY: 

Finding a Balance between Security and Convenience

Arcot - http://www.arcot.com   Read R. 'Doc' Vaidhyanathan's comments: http://www.cunews.com/roundtable/Arcot.pdf

Code Green Networks - http://www.codegreennetworks.com   Read Chip Hay's comments:   http://www.cunews.com/roundtable/CGN.pdf

Comodo - http://www.comodogroup.com   Read Andrew J. Pynes' comments:     http://www.cunews.com/roundtable/Comodo.pdf

Corillian - http://www.corillian.com   Read Greg Hughes' comments:    http://www.cunews.com/roundtable/Corillian.pdf

Digital Resolve - http://www.digital-resolve.net Read Dennis Maicon's comments: http://www.cunews.com/roundtable/DigitalResolve.pdf

e-DMZ Security - http://www.e-dmzsecurity.com   Read Kris Zupan's comments:   http://www.cunews.com/roundtable/e-DMZ.pdf

GalaxyPlus - http://www.galaxyplus.com   Read Vince Francone's comments:     http://www.cunews.com/roundtable/GalaxyPlus.pdf

Harland Financial Solutions - http://www.harlandfinancialsolutions.com   Read Niles Bay's comments:   http://www.cunews.com/roundtable/HFS.pdf

Intrusion - http://www.intrusion.com   Read Jay Barbour's comments:   http://www.cunews.com/roundtable/Intrusion.pdf

MagTek - http://www.magtek.com   Read Kiran Gandhi's comments:   http://www.cunews.com/roundtable/MagTek.pdf

Network Armor - http://www.networkarmor.com   Read Stephen Goldsby's comments:   http://www.cunews.com/roundtable/NetworkArmor.pdf

Perimeter Internetworking - http://www.perimeterusa.com   Read Kevin Prince's comments:   http://www.cunews.com/roundtable/Perimeter.pdf

RSA Security - http://www.rsasecurity.com   Read Marc Gaffan's comments:     http://www.cunews.com/roundtable/RSA.pdf

SecureWorks - http://www.secureworks.com   Read Jon Ramsey's comments:   http://www.cunews.com/roundtable/SecureWorks.pdf

Symitar - http://www.symitar.com   Read Larry Widel's comments:   http://www.cunews.com/roundtable/Symitar.pdf

TriGeo Network Security - http://www.trigeo.com   Read Michelle Dickman's comments:   http://www.cunews.com/roundtable/TriGeo.pdf

WhiteHat Security - http://www.whitehatsec.com   Read Jeremiah Grossman's comments:   http://www.cunews.com/roundtable/WhiteHat.pdf

WinMagic - http://www.winmagic.com   Read Joseph Belsanti's comments:   http://www.cunews.com/roundtable/WinMagic.pdf

Back to Top

For small credit unions, email can be a crucial marketing tool. Without a big marketing budget, small credit unions can use email to reach lots of members quickly and inexpensively, and easily customize their sales pitches to fit different members' needs. A host of companies are offering software applications designed to help small organizations with email marketing and website monitoring. Some packages that may help include: SalesGenius from Genius.com, Market2Lead Bronze Edition from Market2Lead, iMarketing Automation from Vtrenz, Eloqua Express from Eloqua, and iCentera Enterprise Edition from iCentera. 

Back to Top

According to the Forrester Research "Meet Your Next Financial Consumer," more than four out of ten young consumers between the ages of 18 and 21 who surf the Web now own a credit card, and 65% of this "Gen Z" online group used the Web to apply for a credit card. 

Another survey has come up with some surprising findings: around two thirds of younger consumers aged 18-34 are shunning online banking services. The Mintel study found that only one-third of consumers aged 18-34 are using Internet banking services, with the remainder preferring the human touch. Susan Menke, senior financial services analyst for Mintel, says the result is surprising given that these generations have grown up with the Web. Their research shows that younger consumers still have major concerns about the security of online banking. Some 40% of those who do not use net banking says it is due to security concerns over financial transactions on the Web. 

The Center for Responsible Lending has examined debit card overdraft fees and they discovered that "almost half of all overdraft fees come from debit/ATM cards, which would certainly put it in excess of $4 billion a year.” A New York congresswoman has introduced legislation in Congress that would require FIs to warn cardholders whenever an ATM or debit card transaction was going to overdraw their account, provide information on the cost of the overdraft loan and give them an option on whether to proceed. Look for more in-depth coverage in the May issue of Credit Union tech-talk - subscribe now.

Revolutionary Convergence of Security Technology for Secure Internet Banking!

MAGENSA, a Trusted Verification Authority that provides real-time remote-hosted credential authentication services, allows credit unions to integrate PCI and FFIEC compliant multifactor authentication, data encryption, website authentication, and data federation capabilities into existing infrastructures.

MagneSafe P55 is a portable encrypting card reader with MagnePrint card authentication technology. In conjunction with MAGENSA, the MagneSafe P55 is designed to offer secure Internet banking, empowering consumers with the freedom and confidence of knowing that their transactions are secure and protected anytime, anywhere. Additionally, the MagneSafe P55’s LED provides a visual cue for the user to indicate when a secure connection to an authentic website has been established.

For more information about the MagneSafe P55 or MAGENSA, visit www.magensa.net, or call 877.MAGENSA.  

Back to Top

AT&T has launched its DDoS Defense Service aimed at helping small and midsize organizations mitigate malicious Internet attacks. This is a much slimmed down version of AT&T’s Internet Protect anti-distributed denial of service (DoS) offering, which AT&T first launched in 2004. DDoS Defense is a self-managed service that is available with no set-up fees and for a flat monthly fee. Customers will have to pay an additional mitigation charge when under attack, the carrier says. Clients must install their own edge device to detect an attack. When an attack is detected a customer goes to the carrier’s DDoS Defense Portal to redirect traffic to a shared “scrubbing facility.” Here bad packets are separated from good packets, which are then sent to their original destination. 

Digium has launched their new Asterisk Appliance which they say is a full-featured and cost-effective way to provide the under 50 user organization with VoIP. Some of the functions included in the $995 device include:

-- Complete Asterisk server (Asterisk is a popular and extensible open source telephone system)
-- Support for VoIP and analog phones to allow customers to use the legacy equipment they already own 
-- Full-featured PBX, interactive voice response (IVR), voicemail, conferencing and automatic call distribution (ACD) software 
-- Administrative features such as a setup wizard and autoprovisioning of Polycom IP phones 
-- Call queuing functionality 
-- Compact flash card or MMC to support voicemail and wireless applications with no major parts 
-- Five Ethernet ports (1 WAN, 4 LAN) 
-- Built-in router ideal for small offices 
-- Eight analog ports supporting a mix of foreign exchange station (FXS) and foreign exchange office (FXO) interfaces to standard telephones 

Back to Top

Many call center experts think that hiding the operator option on your IVR system is a bad idea. They believe that you should let your callers know right up front that they can reach an operator at any time by pressing "0." If you find that callers are accessing agents when they could be using an automated solution, they say that you need to train your member service representatives on ways to educate your callers after handling the inquiry.

Back to Top

Catch Tom and Bill Rogers, Associate Editor of Credit Union tech-talk at the following conferences in 2007:

June 7-8, Las Vegas - Credit Union InfoSecurity Conference

October 10-13, Albuquerque - Firefighters' National Credit Union Summit

Back to Top