Your source for the latest technology information of interest to credit unions across America.

Subscribe to our weekly e-mail newsletter and/or our monthly newsletter and stay on top of the latest technology trends in Hardware, Software, ATMs, Biometrics, Wireless, Online Banking, Marketing, Security, Internet Access and Call Centers.

Credit Union Technology Talk Logo

August 8, 2016

~ This Week's News is Sponsored by Better Branches ~



General News  

* American Lake Credit Union Chooses ESP
* Sharetec Signs CU in Trinidad
* Meridian Trust FCU Outsources Core System with Symitar EASE
* Bay FCU Selects EiQ Networks

American Lake Credit Union based in Tacoma, WA has selected FORZA from Enhanced Software Products, Inc. (ESP) as their new core processing solution. The credit union stated that they chose FORZA for its ease of use, the tight integration with third parties and automation capabilities.

Sharetec System, one of the fastest growing core systems, announced that CLICO Credit Union Co-operative Society Limited (CLICO) of Port-of-Spain, has made the decision to implement the Sharetec core processing solution. CLICO employs 32 people and has assets in excess of $50 million USD.

Jack Henry & Associates' Symitar division announced that Meridian Trust Federal Credit Union has selected EASE, the outsourced delivery model of the Episys core platform. The credit union also expedited its implementation of Advanced Reporting for Credit Unions and added Refi Analyzer.

The $788 million Capitola, CA-based Bay Federal Credit Union has selected EiQ Network`s SOCVue hybrid SaaS security service. The solution includes a co-managed security information and event management and log management, continuous vulnerability management, and 24x7x365 security monitoring by the Boston-based company.




Hardware News

While white box switches have been around for years, the rise of software-defined networking (SDN) is now helping to make them more popular. Because they use essentially the same hardware, some observers contend that white boxes are on par with brand-name systems such as Cisco in terms of reliability. White boxes come with a lower price point and can now be purchased from mainstream networks vendors such as Dell and HP.

A laptop has more storage, more connection options, and more legacy apps than any smartphone, therefore it is important to secure laptops. Purism is an open source laptop maker that takes security and privacy seriously. For example, their Purism Librem 13 has a kill switch that disables all wireless connections, the webcam, and the built-in microphone in a reliable way with one click. It comes preinstalled with popular Mac and Windows-compatible software, including web browser, email, graphics, drawing, word processing, presentation, spreadsheet and media player. 


Hardware Section Sponsored by
Millennial Vision, Inc. (MVi)


Back to Top

Software Updates

Accellion, a provider of private cloud solutions for secure file sharing and collaboration, announced several new security features in their kiteworks content platform. These new features provide added protection to an organization`s various content management systems by scanning all sent and received files to help identify any malware that could lead to a data breach. Whether the files reside in on-premises or cloud-based enterprise content systems, the data within the files can now be scanned with data loss prevention and antivirus capabilities to further help safeguard content.

SureView Insider Threat (SVIT) is a user behavior monitoring tool that has been around for 15 years. Forcepoint says that their SVIT solution detects suspicious activity, whether it is a hijacked system, rogue insider or simply a user making a mistake and helps ensure that data is not compromised. They state that it identifies and prioritizes the riskiest users, detects and provides attribution of threats from within and simplifies investigations and compliance with context and forensic evidence.


Back to Top


The ATM Security Association has released a new white paper on the topic of ATM cash cassette security. The document outlines the multifaceted environment of cash cassette security and lists key considerations for a viable risk assessment. The objective is to analyze the various forms of unauthorized cash access ranging from accidental exposures to criminal attacks. Furthermore, the purpose is to review security-related aspects surrounding the cash holdings in ATMs — including the physical construct of the cassette, processes of cash replenishment and transport as well as tracking and neutralization of cash.

At the recent Black Hat conference, security researchers at Rapid7 were able to use a compromised EMV card to withdraw money from an ATM in under 15 minutes. The hack involved the use of a ‘shimmer,` a skimming device that intercepts the signal between the ATM (it also could work on point of sale machines) that facilitates a MiTM (man-in-the-middle) attack once the card is inserted. The team was able to retrieve data from the card and replicate both the chip and the magnetic stripe, as well as the PIN. They could then retrieve this data to clone the victim`s card and use it in the same ATM.


ATMs/Kiosks Sponsored by
Heritage Industries

Back to Top

CU Success Stories  


Here is a chance to learn about real life credit union success stories from various technology vendors through the words of their clients. This week's vendor is:  

Horsetail Technologies


and their client is:

EP Federal Credit Union

Credit Unions - if you have a vendor that you are happy with then please This email address is being protected from spambots. You need JavaScript enabled to view it.!

Vendors - if you have a credit union that is happy with your solutions then please This email address is being protected from spambots. You need JavaScript enabled to view it. and we will give you a $100 discount on your Case Study!


Back to Top

Wireless World

Urban FT claims that their Service Integration Director (SID) solution is the first real-time, multi-tier, mobile app management platform for the financial services industry. They say that users can deploy and manage unlimited apps within the SID – without coding. They can also reconfigure apps and change features on the fly. The platform supports these features: Program Card, Account Aggregation, Mobile Check Deposit, Account Transfers, Direct Deposit, Bill Pay, and more.

VMware released AirWatch Express, a cloud-based mobile device management (MDM) solution that aims to simplify device management. According to VMware, AirWatch Express helps configure Wi-Fi connectivity, applications, and email, as well as encryption and device security. They say that AirWatch Express, which is geared towards smaller firms, integrates with an organization's existing email system and directory services to more quickly get new users up and running. In terms of security, it offers device encryption, password setup, and the ability to block certain apps or settings for specific users. If a device is lost or stolen, it can be remotely locked or wiped from AirWatch Express.

Samsung has added an iris scanner to its latest flagship handset, the Galaxy Note 7, which will be used to access mobile banking apps as well as to authenticate Samsung Pay transactions. In action, the screen will display a viewfinder for the front camera and users will be asked to position their eyes into the two circles, from a distance of about a foot away. The Note 7 still has a fingerprint reader, with Samsung saying that by offering more authentication options that can be used interchangeably it is catering to how people use their phones differently.


Wireless World Sponsored by
Member Access Pacific (MAP)



The MAP App™ is the first network-branded prepaid card exclusively serving credit unions to offer mobile banking -
contact us now to learn more about this market-leading innovation for credit unions:

(866) 598 - 0698

Back to Top

Security Section

The advent of GPU computing over the past decade has contributed to huge boosts in offline password cracking. Scammers now have access to low cost hardware that can crack any Windows 8-character password in 6 hours. Stricture Consulting Group reports that their computer cluster can cycle through as many as 350 billion guesses per second, enough to brute force every possible eight-character password containing upper- and lower-case letters, digits, and symbols in under 6 hours. Therefore passwords should never be less than nine characters, and of course using 13 or even 20 characters offers even better security.

At the recent Black Hat Conference in Las Vegas, Dark Reading handed out some awards for Most Innovative Startup and the Most Innovative Emerging Company. Finalists for the Most Innovative Startup Award were Deep Instinct, Phantom, and SafeBreach, with Deep Instinct winning. Finalists for the Most Innovative Startup were SentinelOne, Vectra and ZeroFOX, with Vectra winning. Deep Instinct goes beyond machine learning with an artificial intelligence concept called deep learning, while Vectra offers real-time detection of in-progress cyberattacks and helps prioritize the attacks based on business priority.


Security Section Sponsored by
StrongAuth, Inc.



Back to Top

Leaders Roundtable

Online and Mobile Banking:

Digital Differentiation Strategies


Arizona Federal Credit Union - https://www.arizonafederal.org
Read Eric Givens' comments:



IMM - http://www.immonline.com  
Read John A. Levy's comments:


Javelin Strategy & Research - http://www.javelinstrategy.com
Read Mark Schwanhausser's comments:


PSCU - http://www.pscu.com
Read Jeremiah Lotz's comments:


RLR Management Consulting - https://rlrmgmt.com
Read Mitch Razook's comments:


Back to Top

Technology and Marketing

Many analysts believe that small business banking remains a relationship-based business, as opposed to consumer banking which is more transaction oriented. According to Javelin Strategy and Research's new Small Business Bank Switching: Optimizing Digital Banking to Counter Commoditization report, 5% of small business owners and decision makers indicate “extreme” likelihood of switching to a new financial institution outright in the next 12 months. But 8% say they are likely to maintain their primary relationship but “shift” products or accounts to a secondary FI or third party non-financial services firm — a phenomenon JAVELIN has dubbed "silent churn." Small business decision makers considering switching FIs cite fees, easier access to branches, and lower rates on credit cards as factors that could push them away, while online and mobile banking features rank highly as reasons business owners remain at their primary FI.


Back to Top

Online Banking/E-Commerce/Website Design

Since August 2003, the Wells Fargo/Gallup Small Business Index has surveyed small business owners. In their latest survey they found that when small business owners were asked about the types of payments their businesses accept, check and cash were the top methods (90 and 72 percent, respectively.) Other top payment methods accepted include:

- Mailed payment via printed check from a bill-pay service (53 percent)

- Credit or debit card at point of sale terminal (42 percent)

- Digitally, via Electronic Funds Transfer (42 percent)

- Credit or debit card via a mobile point-of-sale terminal, such as Square Reader or PayPal Here (30 percent)

Early Warning, the operator of the clearXchange person to person (P2P) payments network, is working with both Visa and MasterCard to offer their debit card-based transactions on the platform. Now Early Warning has agreed to tap into the Visa Direct and MasterCard Send platforms to let American debit card holders send money to each other, significantly expanding clearXchange's reach.


Back to Top

Internet Access

Nexmo is one of a handful of Communications Platform as a Service (CPaaS) cloud providers, along with Twilio, Tropo (acquired by Cisco), and Zang.IO by Avaya. A CPaaS is a cloud-based platform that enables developers to add real-time communications features (voice, video, and messaging) in their own applications without needing to build backend infrastructure and interfaces. This typically includes software tools, standards-based application programming interfaces (APIs), sample code, and pre-built applications. For example, it makes building an application with “click to call” or “click to SMS” capabilities much easier. The theory behind CPaaS is that end users would prefer to communicate with organizations without having to leave the application they are in, while organizations only have to pay for CPaaS services on a usage-based pricing scheme.

Poorly configured UC (Unified Communications) systems can give bad actors access to client systems or communication services such as conference and collaboration, voicemail, SIP trunks and IM. Plus vulnerabilities in UC product suites can lead to injecting malicious content to messaging, caller identity spoofing and billing bypass scams. In response, IT Departments using UC systems may want to consider open source tools like Viproxy and Viproy that can be used for VoIP penetration testing in order to be proactive in protecting their platforms.


Back to Top

Call Centers

Many call centers ask for PINs, passwords, mother's maiden name or account numbers to "verify" a caller's identity. Voice biometrics proponents contend that the technology is not only quicker and more convenient than passwords but a more secure barrier against fraud since each person`s voice is as unique as a fingerprint. For example, with Barclay's new system, customers will have their voice recorded and held on file by the bank, and when they call to access their account, as they engage in normal conversation with an agent their voice is verified by Nuance FreeSpeech voice biometrics technology.