Your source for the latest technology information of interest to credit unions across America.
Subscribe to our weekly e-mail newsletter and/or our monthly newsletter and stay on top of the latest technology trends in Hardware, Software, ATMs, Biometrics, Wireless, Online Banking, Marketing, Security, Internet Access and Call Centers.
~ This Week's News is Sponsored by Better Branches ~
* Austin FCU Renews with ESP
* University of Toledo FCU Converts to CU*BASE
* Two CUs Select United Solutions
* Linqto Partners with LEVERAGE
Austin Federal Credit Union has renewed as an in-house client with Enhanced Software Products, Inc. (ESP). Austin FCU, which has 3,200 members and over $31M in assets, was organized in 1967 to meet the financial needs of the employees of the Veterans Administration Data Processing Center in Austin, TX.
West Michigan-based core data processor CU*Answers announced that University of Toledo Federal Credit Union successfully converted to the CU*BASE data processing system in April. The credit union represents 6,500 members and $68.3M in assets.
United Solutions Company, a technology CUSO that hosts core processing and other tech services for credit unions, said two credit unions signed contracts to convert to the OnCore XP2 core processing system. The firm said $456 million Envision Credit Union (Tallahassee, FL) and $27 million Brightview CU (Ridgeland, MS) chose to keep the CUSO as their technology partner.
Linqto, a Silicon Valley technology company that specializes in apps for the financial services industry, is partnering with LEVERAGE, an affiliate of the League of Southeastern Credit Unions & Affiliates (LSCU), to pilot the LEVERAGE App Store with nine credit unions. LEVERAGE brings the mobile financial technology apps to 643 credit unions that boast 12.3 million members and $143 billion in assets.
The APV1600 is the fifth-generation application delivery controller (ADC) appliance from Array Networks. Integrated local and global server load balancing in the appliance, as well as link load balancing, help ensure the resiliency of applications. Plus by terminating connections on APV Series ADCs, applications are protected behind Array`s WebWall application security suite. The APV1600 achieves Layer-4 (3.7Gbps), Layer-7 (3Gbps) and SSL (2100TPS) benchmarks for throughput and connection speed.
Hewlett-Packard has revealed a new all-in-one (AIO) workstation called the Z1 G3 which is 47% smaller, 51% lighter, and 21% less expensive than its predecessor. It comes with the latest 6th generation Intel Core and Xeon desktop processors, offering three options of each CPU type. The Z1 G3 can sport up to 64 GB of SO-DIMM DDR4-2133, with support for ECC memory with Xeon-powered configurations. Storage options include two 2.5-inch drive bays, which can be equipped with up to a 1 TB HDD or SSD in each slot, and with support for RAID 0 and 1. Finally, the 23" 4K LED-backlit LCD display (3840x2160 resolution) can optionally feature a touchscreen.
There are approximately 70 families of ransomware, with some variants inconsistent with earlier versions. Of course, prevention is the best option, but victims can try a handful of public tools to try and unlock their files. Here are some examples:
- BitDefender offers a Crypto-Ransomware Vaccine to clean up CTB-Locker, Locky, TeslaCrypt Petya ransomware infections
- Kaspersky Lab offers a tool to unlock files encrypted by CryptXXX
- the RakhniDecryptor utility can be used to restore files infected by Rakhni
PowerShell is a command shell and scripting language that Microsoft has included with its Windows operating system since 2009. While it has many legitimate uses, PowerShell is increasing being exploited in cyber attacks. Some research has shown that the most common malicious activity carried out via PowerShell was command and control communications. Security experts recommend that you capture and monitor PowerShell executions and store the log data centrally so an attacker cannot tamper with it.
Many people believe that scammers need physical access to the ATM's USB drives to successfully load malware. Yet Krypto ATM Systems claims to be able to load malware on ATMs via the front panel audio jacks designed to help blind and visually impaired users. The Panama-based security firm even says that they have managed to get malware onto an ATM by putting it on an EMV chip card.
According to Verizon‘s new Data Breach Investigations Report, over 90 percent of the ATM card breaches in the report last year involving skimmers used a tiny hidden camera to steal the PIN. Because most skimmers rely on hidden cameras to capture PINs, the simplest way to protect yourself from ATM skimming is to cover your hand when entering your PIN. Meanwhile, the ATMIA announced the publication of a new best practice manual for preventing skimming and card data compromises at ATMs in the wake of the recent FICO card alert reporting a 546% increase in ATM skimming between 2014 and 2015 in the USA.
Here is a chance to learn about real life credit union success stories from various technology vendors through the words of their clients. This week's vendor is:
and their client is:
Survey data from the Federal Reserve shows that mobile banking is not necessarily dramatically diminishing the use of other banking channels. Their research shows that 83 percent of smartphone owners with FI accounts visited a branch, 82 percent used an ATM, 82 percent used online banking, 53 percent used mobile banking, and 29 percent used telephone banking. Of course Millennials were the heaviest mobile banking users at 67 percent, and those over 60 the lowest users at 18 percent. Perhaps the biggest question from the Fed's report is: do consumers genuinely desire using the other channels, or are mobile banking apps currently lacking in features and functionality to effectively replace the other channels?
Some researchers are saying that the ability to lay screens over legitimate mobile banking apps is becoming a crucial feature for the success of Android malware. Some sophisticated malware can also intercept and send text messages, make and forward calls, turn off the phone`s sound, vibration and screen, be operated via SMS and via commands sent from a C&C server, and persist on the device.
The MAP App™ is the first network-branded prepaid card exclusively serving credit unions to offer mobile banking -
contact us now to learn more about this market-leading innovation for credit unions:
(866) 598 - 0698
While widespread abuse of legitimate user credentials is commonplace, Verizon Data Breach Investigations Report (DBIR) shows that it is more prevalent than many people imagined. Their 2016 report shows that legitimate user credentials were used in most data breaches, with some 63% of them using weak, default, or pilfered passwords. The DBIR also shows that malware, phishing, and keyloggers continue to plague organizations of all sizes.
The Payment Card Industry Security Standards Council has published the latest version of PCI DSS: version 3.2. Some of the new additions include:
- Multi-factor authentication will be required for all administrative access into the cardholder data environment
- The “Designated Entities Supplemental Validation” is now part of the standard
- Migration from SSL and TLS v1.0 to TLS v1.1 and higher must be performed by July 1, 2018
Addressing Insider Threats, Cyber Attacks & Data Security
IMM - http://www.immonline.com
Read John A. Levy's comments:
Info@Risk - http://www.infoatrisk.com
Read David Trepp's comments:
Many email marketing experts recommend that you always use a person's name in the From email address instead of noreply@, webmaster@, etc. They site research that shows that 64 percent of subscribers open an email based on who the email is from. Others also recommend using simple text-based email with links to your content versus image-heavy emails. They point out that most email clients like Outlook block images by default which means that most people just see broken images instead of the pretty images.
Visa Transaction Alerts (VTA) notifies enrolled cardholders of transaction activity observed by Visa`s core processing systems. Issuers of Visa-branded credit or debit cards had to tell Visa by last Friday if they have their own transaction alert service and don't want their cardholders to use VTAs. The card giant has set Oct. 14 as the deadline for issuers to provide these alerts. Alerts are critical since Visa says that when consumers monitor their account activity, Visa sees a 40% reduction in their fraud levels.
Bots can serve as intelligent personal assistants as evidenced by their use at large companies such as Facebook and Tencent. Bot proponents contend that credit unions can integrate them into their websites and mobile apps so that they can initiate events on a human's behalf. Examples include:
- transferring money
- recommending new products or services
- alerting members when a rep is available and offer to connect them either through IM, via the phone or Web conference
Visa just announced plans to speed up chip card transactions, and now MasterCard has unveiled M/Chip Fast, an application based on the company's existing technology and intended to help speed EMV transactions. The card giant says that M/Chip Fast effectively prioritizes the parts of transactions that are critical to security. In action, cardholders can expect to experience speeds closer to the familiar magnetic stripe transactions.
Riverbed has launched a solution called SteelConnect which they say unifies network connectivity and orchestration of application delivery across remote LANs, hybrid WANs and cloud networks. The tool, which features a Web-based GUI, enables administrators to design the network before deploying any hardware. SteelConnect Manager is the management portal that handles SteelConnect Gateways which are WAN gateways that can be deployed as physical or virtual appliances and SteelConnect Switches and SteelConnect Access Points which are Riverbed`s access products designed for branch offices.
Zscaler announced Zscaler Private Access (ZPA), a new tool that the company said will eliminate the need of "insecure" VPNs (virtual private networks). The company says that by separating data access from network access, ZPA gives users access to the private applications and services they need to use, but not the network as a whole. ZPA offers per-application access by user, which means they will only be able to access the apps they need. ZPA works with the ZScaler app, which collects web traffic and provides web security.
Every contact center closely monitors standard metrics like time to answer, average hold time, average talk time, and abandon rates. Some centers aim to have 80% of all calls answered within 30 seconds, an average hold time of 30 seconds or less, an average handle time of four minutes, and an abandon rate of 5% or less. Of course, every credit union center is different and the majority keep quality top of mind when they are measuring contact center performance.