Your source for the latest technology information of interest to credit unions across America.

Subscribe to our weekly e-mail newsletter and/or our monthly newsletter and stay on top of the latest technology trends in Hardware, Software, ATMs, Biometrics, Wireless, Online Banking, Marketing, Security, Internet Access and Call Centers.

Credit Union Technology Talk Logo

May 2, 2016

~ This Week's News is Sponsored by Better Branches ~



General News  

* Austin FCU Renews with ESP
* University of Toledo FCU Converts to CU*BASE
* Two CUs Select United Solutions
* Linqto Partners with LEVERAGE

Austin Federal Credit Union has renewed as an in-house client with Enhanced Software Products, Inc. (ESP). Austin FCU, which has 3,200 members and over $31M in assets, was organized in 1967 to meet the financial needs of the employees of the Veterans Administration Data Processing Center in Austin, TX.

West Michigan-based core data processor CU*Answers announced that University of Toledo Federal Credit Union successfully converted to the CU*BASE data processing system in April. The credit union represents 6,500 members and $68.3M in assets.

United Solutions Company, a technology CUSO that hosts core processing and other tech services for credit unions, said two credit unions signed contracts to convert to the OnCore XP2 core processing system. The firm said $456 million Envision Credit Union (Tallahassee, FL) and $27 million Brightview CU (Ridgeland, MS) chose to keep the CUSO as their technology partner.

Linqto, a Silicon Valley technology company that specializes in apps for the financial services industry, is partnering with LEVERAGE, an affiliate of the League of Southeastern Credit Unions & Affiliates (LSCU), to pilot the LEVERAGE App Store with nine credit unions. LEVERAGE brings the mobile financial technology apps to 643 credit unions that boast 12.3 million members and $143 billion in assets.




Hardware News

The APV1600 is the fifth-generation application delivery controller (ADC) appliance from Array Networks. Integrated local and global server load balancing in the appliance, as well as link load balancing, help ensure the resiliency of applications. Plus by terminating connections on APV Series ADCs, applications are protected behind Array`s WebWall application security suite. The APV1600 achieves Layer-4 (3.7Gbps), Layer-7 (3Gbps) and SSL (2100TPS) benchmarks for throughput and connection speed.

Hewlett-Packard has revealed a new all-in-one (AIO) workstation called the Z1 G3 which is 47% smaller, 51% lighter, and 21% less expensive than its predecessor. It comes with the latest 6th generation Intel Core and Xeon desktop processors, offering three options of each CPU type. The Z1 G3 can sport up to 64 GB of SO-DIMM DDR4-2133, with support for ECC memory with Xeon-powered configurations. Storage options include two 2.5-inch drive bays, which can be equipped with up to a 1 TB HDD or SSD in each slot, and with support for RAID 0 and 1. Finally, the 23" 4K LED-backlit LCD display (3840x2160 resolution) can optionally feature a touchscreen. 


Hardware Section Sponsored by
Millennial Vision, Inc. (MVi)


Back to Top

Software Updates

There are approximately 70 families of ransomware, with some variants inconsistent with earlier versions. Of course, prevention is the best option, but victims can try a handful of public tools to try and unlock their files. Here are some examples:

- BitDefender offers a Crypto-Ransomware Vaccine to clean up CTB-Locker, Locky, TeslaCrypt Petya ransomware infections

- Kaspersky Lab offers a tool to unlock files encrypted by CryptXXX

- the RakhniDecryptor utility can be used to restore files infected by Rakhni

PowerShell is a command shell and scripting language that Microsoft has included with its Windows operating system since 2009. While it has many legitimate uses, PowerShell is increasing being exploited in cyber attacks. Some research has shown that the most common malicious activity carried out via PowerShell was command and control communications. Security experts recommend that you capture and monitor PowerShell executions and store the log data centrally so an attacker cannot tamper with it.


Back to Top


Many people believe that scammers need physical access to the ATM's USB drives to successfully load malware. Yet Krypto ATM Systems claims to be able to load malware on ATMs via the front panel audio jacks designed to help blind and visually impaired users. The Panama-based security firm even says that they have managed to get malware onto an ATM by putting it on an EMV chip card.

According to Verizon‘s new Data Breach Investigations Report, over 90 percent of the ATM card breaches in the report last year involving skimmers used a tiny hidden camera to steal the PIN. Because most skimmers rely on hidden cameras to capture PINs, the simplest way to protect yourself from ATM skimming is to cover your hand when entering your PIN. Meanwhile, the ATMIA announced the publication of a new best practice manual for preventing skimming and card data compromises at ATMs in the wake of the recent FICO card alert reporting a 546% increase in ATM skimming between 2014 and 2015 in the USA.


ATMs/Kiosks Sponsored by
Heritage Industries

Back to Top

CU Success Stories  


Here is a chance to learn about real life credit union success stories from various technology vendors through the words of their clients. This week's vendor is:  



and their client is:

Community Trust Credit Union

Credit Unions - if you have a vendor that you are happy with then please This email address is being protected from spambots. You need JavaScript enabled to view it.!

Vendors - if you have a credit union that is happy with your solutions then please This email address is being protected from spambots. You need JavaScript enabled to view it. and we will give you a $100 discount on your Case Study!


Back to Top

Wireless World

Survey data from the Federal Reserve shows that mobile banking is not necessarily dramatically diminishing the use of other banking channels. Their research shows that 83 percent of smartphone owners with FI accounts visited a branch, 82 percent used an ATM, 82 percent used online banking, 53 percent used mobile banking, and 29 percent used telephone banking. Of course Millennials were the heaviest mobile banking users at 67 percent, and those over 60 the lowest users at 18 percent. Perhaps the biggest question from the Fed's report is: do consumers genuinely desire using the other channels, or are mobile banking apps currently lacking in features and functionality to effectively replace the other channels?

Some researchers are saying that the ability to lay screens over legitimate mobile banking apps is becoming a crucial feature for the success of Android malware. Some sophisticated malware can also intercept and send text messages, make and forward calls, turn off the phone`s sound, vibration and screen, be operated via SMS and via commands sent from a C&C server, and persist on the device.


Wireless World Sponsored by
Member Access Pacific (MAP)



The MAP App™ is the first network-branded prepaid card exclusively serving credit unions to offer mobile banking -
contact us now to learn more about this market-leading innovation for credit unions:

(866) 598 - 0698

Back to Top

Security Section

While widespread abuse of legitimate user credentials is commonplace, Verizon Data Breach Investigations Report (DBIR) shows that it is more prevalent than many people imagined. Their 2016 report shows that legitimate user credentials were used in most data breaches, with some 63% of them using weak, default, or pilfered passwords. The DBIR also shows that malware, phishing, and keyloggers continue to plague organizations of all sizes.

The Payment Card Industry Security Standards Council has published the latest version of PCI DSS: version 3.2. Some of the new additions include:

- Multi-factor authentication will be required for all administrative access into the cardholder data environment

- The “Designated Entities Supplemental Validation” is now part of the standard

- Migration from SSL and TLS v1.0 to TLS v1.1 and higher must be performed by July 1, 2018


Security Section Sponsored by
StrongAuth, Inc.



Back to Top

Leaders Roundtable


Addressing Insider Threats, Cyber Attacks & Data Security


Accellion - http://www.accellion.com
Read Yorgen H. Edholm's comments:


Allied Solutions - http://www.alliedsolutions.net
Read Ann D. Davidson's comments:


Alloya Corporate FCU - http://www.alloyacorp.org
Read Teresa Brent's comments:



Cummins Allison - http://www.cumminsallison.com
Read Dean Theodore's comments:



Easy Solutions - http://www.easysol.net
Read Daniel Ingevaldson's comments:


EnableSoft - http://www.enablesoft.com
Read Richard Milam's comments:


Horsetail Technologies - http://www.horsetailtech.com
Read Mark Berman's comments:


IMM - http://www.immonline.com  
Read John A. Levy's comments:


Info@Risk - http://www.infoatrisk.com
Read David Trepp's comments:
https://www.cunews.com/This email address is being protected from spambots. You need JavaScript enabled to view it.


InfoSight - http://www.infosightinc.com
Read Brian Smith's comments:


KnowBe4 - http://www.knowbe4.com
Read Stu Sjouwerman's comments:


Millennial Vision - http://www.mviusa.com
Read Scott Cowan's comments:


Nintex - http://www.nintex.com
Read Mike Fitzmaurice's comments:


Onbase by Hyland Software - http://www.onbase.com
Read Steve Comer's comments:


Pwnie Express - http://www.pwnieexpress.com
Read Paul Paget's comments:


Securonix - http://www.securonix.com
Read Chris Inglis' comments:


SentinelOne - http://www.sentinelone.com
Read Scott Gainey's comments:


StrongAuth, Inc. - http://www.strongauth.com
Read Arshad Noor's comments:


TruShield - http://www.trushieldinc.com
Read Paul Caiazzo's comments:


Venminder - http://www.venminder.com
Read Aaron Kirkpatrick's comments:


Back to Top

Technology and Marketing

Many email marketing experts recommend that you always use a person's name in the From email address instead of noreply@, webmaster@, etc. They site research that shows that 64 percent of subscribers open an email based on who the email is from. Others also recommend using simple text-based email with links to your content versus image-heavy emails. They point out that most email clients like Outlook block images by default which means that most people just see broken images instead of the pretty images.


Back to Top

Online Banking/E-Commerce/Website Design

Visa Transaction Alerts (VTA) notifies enrolled cardholders of transaction activity observed by Visa`s core processing systems. Issuers of Visa-branded credit or debit cards had to tell Visa by last Friday if they have their own transaction alert service and don't want their cardholders to use VTAs. The card giant has set Oct. 14 as the deadline for issuers to provide these alerts. Alerts are critical since Visa says that when consumers monitor their account activity, Visa sees a 40% reduction in their fraud levels.

Bots can serve as intelligent personal assistants as evidenced by their use at large companies such as Facebook and Tencent. Bot proponents contend that credit unions can integrate them into their websites and mobile apps so that they can initiate events on a human's behalf. Examples include:

- transferring money

- recommending new products or services

- alerting members when a rep is available and offer to connect them either through IM, via the phone or Web conference

Visa just announced plans to speed up chip card transactions, and now MasterCard has unveiled M/Chip Fast, an application based on the company's existing technology and intended to help speed EMV transactions. The card giant says that M/Chip Fast effectively prioritizes the parts of transactions that are critical to security. In action, cardholders can expect to experience speeds closer to the familiar magnetic stripe transactions.


Back to Top

Internet Access

Riverbed has launched a solution called SteelConnect which they say unifies network connectivity and orchestration of application delivery across remote LANs, hybrid WANs and cloud networks. The tool, which features a Web-based GUI, enables administrators to design the network before deploying any hardware. SteelConnect Manager is the management portal that handles SteelConnect Gateways which are WAN gateways that can be deployed as physical or virtual appliances and SteelConnect Switches and SteelConnect Access Points which are Riverbed`s access products designed for branch offices.

Zscaler announced Zscaler Private Access (ZPA), a new tool that the company said will eliminate the need of "insecure" VPNs (virtual private networks). The company says that by separating data access from network access, ZPA gives users access to the private applications and services they need to use, but not the network as a whole. ZPA offers per-application access by user, which means they will only be able to access the apps they need. ZPA works with the ZScaler app, which collects web traffic and provides web security.


Back to Top

Call Centers

Every contact center closely monitors standard metrics like time to answer, average hold time, average talk time, and abandon rates. Some centers aim to have 80% of all calls answered within 30 seconds, an average hold time of 30 seconds or less, an average handle time of four minutes, and an abandon rate of 5% or less. Of course, every credit union center is different and the majority keep quality top of mind when they are measuring contact center performance.