Your source for the latest technology information of interest to credit unions across America.

Subscribe to our weekly e-mail newsletter and/or our monthly newsletter and stay on top of the latest technology trends in Hardware, Software, ATMs, Biometrics, Wireless, Online Banking, Marketing, Security, Internet Access and Call Centers.

Credit Union Technology Talk Logo

February 27, 2017

~ This Week's News is Sponsored by Better Branches ~



General News  

* PSCU Renews Agreements with 8 Owners
* Payscape and Arsenal CU Team Up
* Affinity CU Chooses SecureKey
* SecurTrust FCU Partners with Cummins Allison

PSCU announced processing renewal agreements with eight of its Owner credit unions. The renewing credit unions include Dominion Credit Union (credit, debit and bill pay); Keesler Federal Credit Union (credit and bill pay); Ohio University Credit Union (credit and debit); Pathways Financial Credit Union (credit); Quorum Federal Credit Union (credit and debit); State Department Federal Credit Union (credit and debit); Tucson Federal Credit Union (call center); and USF Federal Credit Union (credit).

Payscape announced that it has partnered with Arsenal Credit Union in a move to offer fintech services to Eastern Missouri and Southwestern Illinois businesses. The partners say that the move will allow Arsenal's small business members to process payments, streamline their business operations and increase cash flow.

SecureKey Technologies, a leading provider of federated identity and authentication solutions, announced that Affinity Credit Union, one of Canada's leading credit unions, has reached an agreement with SecureKey to become a Trusted Sign-In Partner in the SecureKey Concierge service. SecureKey Concierge is delivered through a secure cloud service granting users access to critical online services via their familiar online banking sign-in process.

Cummins Allison, a provider of ATMs as well as coin, currency and check processing technology, announced a new partnership with SecurTrust Federal Credit Union. The agreement includes an upgrade of the Mississippi-based credit union's ATM network with a drive-up and two off-site ATMs.



Credit Union InfoSecurity Conference Sponsored by
imsmartin consulting


15th annual CU InfoSecurity Conference will be held June 14 - 16 in San Diego.

This Conference provides an excellent, cost effective way to show Regulators that your CU is serious about Information Security and that your staff is getting training on how it can protect itself against constantly changing techniques and threats.

This is a one-of-a-kind conference - a security conference dedicated solely to credit unions. Highly experienced, expert speakers discuss the latest security trends as they specifically apply to credit unions. Also included are three CU speakers from Logix FCU, Golden 1 CU, and San Diego County CU. The CU InfoSecurity Conference is the best conference value in the credit union movement: just $495 per attendee and $395 for returning attendees. Topics include:

* HoneyNets
* Ransomware
* USB Security
* Secure Workflows
* CyberCrime Trends
* Why You Need a WAF
* Data Leak Prevention
* Cybersecurity Assessments
* Working with Law Enforcement
* Blockchain Security Explained
* Next-Gen IT Security Risk Assessments
* Fear Your On Premise Security, Not the Cloud
* Is Your Credit Union’s IT Insecure by Design
* Multiple Biometric Authentication Technologies
* How to Build a Real-Time Insider Threat Program
* Fine Tuning: Six things you can do right now to improve your information security

Click Here for information, agenda, reservations & more.




Hardware News

Cisco is coming out with four next-generation firewall appliances aimed at smaller organizations that compete against midrange devices made by Check Point, Fortinet and Palo Alto Networks. The appliances can automate security tasks including assessment, tuning and remediation. Management for the new devices can be handled by the onboard Cisco Device Manager, Management Center appliances for managing multiple devices, and Cisco Defense Orchestrator, its cloud-based policy management tool.

In a related story, Palo Alto Networks unveiled a new purpose-built hardware and virtual next-generation firewall appliances that enable applications and redefine security performance for both threat prevention and SSL decryption. The company says that their boxes will enable customers to safely embrace the cloud and prevent successful cyberattacks across network, endpoint and cloud environments. The new models complement enhancements to the Palo Alto Networks Next-Generation Security Platform PAN-OS operating system 8.0, which includes more than 70 new features that help deliver threat and credential theft prevention, secure cloud enablement, and more. 


Hardware Section Sponsored by
Millennial Vision, Inc. (MVi)


Back to Top

Software Updates

Building on the work of the Cloud Signature Consortium, Adobe unveiled the first cloud-based digital signature built on an open standard. The company claims that Adobe Document Cloud and Adobe Sign will enable digital signatures in any browser or on any mobile device. It also includes business workflows that can route documents for collaboration or certified electronic delivery, and connect into systems like Microsoft SharePoint. Plus you can send for ‘certified delivery` when you need clear proof that your recipient both viewed and acknowledged a document. Finally, using the Adobe Sign mobile app, you scan printed pages and send for signature or sign from your smartphone or tablet.

The SOCVue Patch Management service automatically scans Windows and Linux endpoints for missing patches for the OS, browser and 3rd-party applications like Java and Adobe. Through EiQ`s SOCVue Portal, you can review, approve and remediate patches with the proper change control processes and reporting. EiQ Networks claims that their SOCVue Patch Management service provides patch scanning, analysis, reporting, and remediation at a fraction of the cost of alternative on-premises solutions that require in-house management, process, and expertise to be effective.


Back to Top


ATM management solution provider ESQ has launched a new app for smartphones and tablets that gives users up-to-date and actionable information about their ATMs. The company claims that their OperationsBridge platform is the only enterprise-grade solution that is multivendor, multitenant, and deployable on any ATM fleet. OperationsBridge Mobile includes an ATM network view that shows:

  • the status of active and inactive ATMs
  • critical failures based on pre-specified thresholds
  • granular transaction volume views
  • average ATM response times
  • cash withdrawal per current account

Even though physical attacks on ATMs have been increasing, there is no central repository for incident reports for attacks on ATMs. ATM deployers have to rely on information coming from the U.S. Secret Service, ATM manufacturers, FIs and vendors. The ABA has collected statistics on ATM attacks for a few years with about 60% of 91,000 bank branches in the U.S. voluntarily contributing data. To help track patterns of criminal activity and effect preventative measures, the ABA has added a new feature to its nationwide bank robbery database that allows subscribers to key in ATM crime data, including skimming attacks.


ATMs/Kiosks Sponsored by
Heritage Industries

Back to Top

CU Success Stories  


Here is a chance to learn about real life credit union success stories from various technology vendors through the words of their clients. This week's vendor is:  


FI Mobile

and their client is:

TopLine Federal Credit Union

Credit Unions - if you have a vendor that you are happy with then please This email address is being protected from spambots. You need JavaScript enabled to view it.!

Vendors - if you have a credit union that is happy with your solutions then please This email address is being protected from spambots. You need JavaScript enabled to view it. and we will give you a $100 discount on your Case Study!


Back to Top

Wireless World

According to a MEF Mobile Money Report, more than three fourths (78%) of people made a purchase by mobile—which includes digital wallets—in the previous six months, but more than half (58%) abandoned a transaction before checkout. Here are the main reasons from the study that consumers say they abandon a mobile purchase once started:

31% - asked for too much sensitive information

22% - due to connectivity or other technical issues

21% - took too long to complete

Many security experts recommend that you never open a mobile banking app after you have joined a public Wi-Fi network, Plus they point out that while fairly rare, a determined scammer can force-join your mobile device onto a rogue network without your knowledge. You can work around this potential issue by opening “Settings” and turning the “Wi-Fi” switch off prior to launching your mobile banking app in public. While on a cellular connection vulnerabilities still exist, cellular interception is more difficult, requires expensive hardware, and is more noticeable, so it is much less plausible for a scammer to risk attempting to intercept your mobile banking activities during a cellular data connection.


Wireless World Sponsored by
Member Access Pacific (MAP)



The MAP App™ is the first network-branded prepaid card exclusively serving credit unions to offer mobile banking -
contact us now to learn more about this market-leading innovation for credit unions:

(866) 598 - 0698

Back to Top

Security Section

During Black Hat USA and DEF CON 24 in 2016, three-quarters if queried penetration testers claimed they could compromise a target in under 12 hours; 28% took between six and 12 hours and 43% found a way in within six hours. They also revealed that:

  • a direct server attack is the most popular method for breaking into systems (43%), followed by phishing (40%). Drive-by and watering hole attacks are both preferred by 9% of the hackers.
  • 60% use open source tools, 21% their own custom tools, just 10% use commercial tools. 5% opt for private exploits, and 3% for exploit packs.
  • 84% of them use social engineering to obtain information about a target, and 86% use vulnerability scanning to identify potential vulnerabilities.
  • 33% of the respondents say that their target`s security team never spots their presence in their systems.

In terms of preventing attacks, intrusion prevention systems and endpoint security solutions presented the greatest challenge for the respondents (29% and 23%, respectively), while firewalls came in third, and antivirus a distant fourth at 2%.

The overwhelming majority of all critical Microsoft vulnerabilities discovered and fixed in 2016 can be mitigated by simply removing admin rights across an organization, according to Avecto's analysis Microsoft security bulletins. A Microsoft MVP noted that “implementing a proactive defense strategy, starting at the endpoint and building out with least privilege, simple application whitelisting and content isolation will put you in a much stronger position by reducing the attack surface and building secure defensible endpoints.”


Back to Top

Leaders Roundtable


Battling Security Fatigue – Working Towards Usable Security




Onbase by Hyland Software - https://www.onbase.com
Read Steve Comer's comments:


Millennial Vision - http://www.mviusa.com
Read Scott Cowan's comments:


NetWatcher - http://www.netwatcher.com
Read Scott B. Suhy's comments:


Nintex - https://www.nintex.com
Read Mike Fitzmaurice's comments:


Network Bix USA
Network Box - https://www.networkboxusa.com  
Read Pierluigi Stella's comments:


Pure IT Credit Union Services - http://pureitcuso.com
Read Kyle Stutzman's comments:


Security Compliance Associates - http://www.scasecurity.com
Read Jim Brahm's comments:


SentinelOne - https://www.sentinelone.com
Read Jeremiah Grossman's comments:


Back to Top

Technology and Marketing

Many people agree that data visualization is a key part of business and marketing decision-making. Some factors to consider when choosing a data visualization product include price, dashboard customization, data analysis capabilities, and ease of use. Here are five top data visualization solutions:

- Tableau

- Sisense

- Dundas BI

- Qlik Sense

- SAP Lumira


Back to Top

Online Banking/E-Commerce/Website Design

Javelin Strategy & Research released “Digital Account Opening Fails to Deliver a Single-Channel Experience,” which found that over 2 out of 3 successful applicants used online and mobile channels for some stage of the application process to open a credit card application and 60% used these channels to open checking accounts. But digital applications are currently failing to deliver a single-channel experience, especially mobile account opening. About 34% of successful applicants opened and completed the application process online, while the other 66% turned to another channel at some point. Mobile netted only 8% of successful applications with a start-to-finish process. The research firm concludes that with the heightened risk of abandonment every time an applicant switches channels, credit unions need to work towards an integrated, satisfying, multichannel experience.

Some observers contend that biometrics and behavioral analytics will soon be taking over online and mobile banking logins forever. Case in point: U.S. Bank has set a target of removing passwords “altogether” from the login process, and are currently in the process of laying the groundwork for that implementation in 2017. They currently offer fingerprint authentication and voice verification, and will be looking at facial recognition and pattern matching this year.


Back to Top

Internet Access

Level 3 Communications, a major Internet backbone provider, is constantly on the lookout for cyberattacks on the network level; in fact, they have linked more than 150 million IP addresses to malicious activity worldwide. Bad behavior patterns have helped Level 3 build algorithms to identity suspicious traffic, but blocking those machines can be problematic. Notifying businesses is often pretty straightforward, but Level 3 has to work with hosting providers in order to reach consumer PCs that have been compromised. Some ISPs will make the effort to contact their subscribers, while others will not. Just about everyone agrees that it will take a collective effort - of ISPs, governments, businesses and consumers - to clean up the Internet and secure today's devices.

Unified Communication (UC) vendors such as Cisco, Microsoft, Unify, RingCentral and many others are rapidly creating, building or acquiring workstream messaging applications. These workstream messaging applications effectively capture (and preserve) conversations across multiple modalities, including voice. Here are some examples:

- Microsoft has developed Teams as a Slack-like workstream messaging application

- Cisco developed Spark for messaging and has already integrated it with Cisco UC solutions

- RingCentral bundles its Office service with its workstream messaging app called Glip

All of these applications share common elements, such as persistent messaging, robust APIs, shared content, and search and discovery.


Back to Top

Call Centers

GamEffective is a leading workforce performance gamification company that helps organizations engage employees to improve motivation and learning. They claim that their GamEffective platform can drive contact center performance and learning success. The software helps engage and motivate employees by setting goals and tracking their performance in real time. GamEffective provides real-time feedback as well as dynamic goal setting for employees and managers.