Thursday, July 29, 2010

July News and Views Published Below

CU SECURITY & TECHNOLOGY News - Providing a brief summary of news and information related to security and technology issues for credit unions - Plus some interesting and fun web sites . . .

(New ATM Security)

Monday, July 26, 2010

‘Patent Troll’ Reaches Out to Credit Unions

http://cutimes.com/Exclusives/2010/7/Pages/Patent-Troll-Reaches-Out-to-Credit-Unions.aspx?utm_source=cut_blogpromo_072610&utm_medium=email&utm_campaign=cut_blogpromo_mktgemails

Credit unions have now joined the list of financial institutions being targeted by what an industry association calls a “patent troll.” And it’s apparently no phishing trip. They’re real live lawsuits and they’re reportedly being settled for real money in some cases.

The Credit Union Information Security Professionals Association (CUISPA) said a company called Wolf Run Hollow LLC is now including credit unions in the series of complaints it’s filed in several states, charging infringement on its patent for a widely used piece of modern banking technology - message alerts.

The IT security trade group put out the following alert of its own this week:

“CUISPA has reported that several credit unions have recently received notices from patent licensing group, Wolf Run Hollow, LLC, claiming to own the rights to U.S. Patent No. 6,115,817 issued Sept. 5, 2000, for Methods and Systems for Facilitating Transmission of Secure Messages Across Insecure Networks. According to the complaints, financial institutions are infringing the patent by using secure messaging systems to communicate with members and vendors, including via their web sites.

Over the past year, Wolf Run Hollow has filed approximately 40 patent infringement suits against financial institutions in Texas, Mississippi, California, and Alabama in what appears to be a typical patent troll action. While most of the financial institutions that have been sued have been banks, CUISPA is reporting that several credit unions have recently received notices as well. Wolf Run Hollow appears to be seeking compensatory damages in the form of a lump sum license fee in an attempt to settle out of court. While some institutions have settled, others are disputing the claims. The suits appear vague in their explanation of the infringement raising questions over how and if the FI is actually infringing.”

CUISPA Executive Director Kelly Dowell said the legal threats are not to be taken lightly, although he said if it was his credit union that received such a notice, the first thing he would want to do is challenge the company to show what exactly is being infringed and how.

He said that he’s talked to a couple of credit unions that agreed with Dowell that the complaints were imprecise and that they would respond by asking for specifics. But he also said the cost of having lawyers engage in a courtroom fight, or just preparing for one, could easily exceed the $20,000 to $40,000 “at most” he said he has heard has been the price of a license fee to settle the issue.

We found what appeared to be the holder of the patent through an Internet search and left voice and e-mail messages asking about the patent, its history and the specific services that use the protected technologies, but have not heard back.

Meanwhile, an East Coast lawyer told us that none of his list of credit union clients have been contacted but noted that contracts with vendors of online services–or about any other service like that–should almost certainly contain indemnity clauses intended to protect the vendors’ customers in such cases.

But that may not necessarily be enough, pointed out a veteran staffer of a consultancy that specializes in vendor selection, among other things. She noted that increasingly tough compliance rules compelling credit unions to exercise due diligence on their vendors could muddy the waters.

Dowell said he agreed with both those points–noting that an online banking company he also works with (Jwaala LLC) provides such indemnification but that Wolf Run Hollow LLC appears to be choosing states, at least his own, where the courts tend to favor patent holders.

He said the CUISPA would like to hear from credit unions that have been contacted. He said one “very large credit union” he declined to identify has received the notice and told him they would be happy to have their legal department talk to others that also have been hit with the “patent troll.”

Friday, July 23, 2010

18 Arrested in Bad-Check Scam

http://www.cuna.org/newsnow/10/system072210-3.html?ref=hed

Eighteen individuals have been arrested for involvement in a bad check scam that affected two credit unions in Iowa.

Veridian CU and Iowa Community CU, both of Waterloo, Iowa were hit with a check scam that cost the credit unions and several other financial institutions a total of $125,000, according to local media reports (Waterloo Cedar Falls Courier July 22).

Police arrested 10 individuals Monday and another group Tuesday and charged them in the scam.

According to authorities, the individuals opened accounts at several institutions to get starter checks and debit cards. Then, they swapped checks and made false deposits, inflating the value of the accounts. They also are accused of using debit cards and checks to get cash and purchase items. The money was laundered through U.S. Postal money orders.

Veridian CU has $1.6 billion in assets. Iowa Community CU has $74 million in assets.

Thursday, July 22, 2010

What Credit Unions Are Saying or Doing . . .

21% of all credit union respondents have either suffered a security breach during the past two years or don’t know

35% have been a victim of a phishing attack during the past year

61% do not test their Incident Response Plan annually

73% assess themselves as “average” to “failing” when it comes to security awareness efforts with customers

Monday, July 19, 2010

Fraudulent checks with CU's name circulating

http://www.cuna.org/newsnow/10/system071610-5.html?ref=hed

The Federal Deposit Insurance Corp. (FDIC) has issued an alert that counterfeit checks are circulating with a credit union's name on them.

The checks bear the name of Qualstar CU, Bellevue, Wash. The counterfeit items display routing number 325081966, which is assigned to Qualstar CU.

The items are similar to authentic official checks, but authentic checks are light brown with darkened top and bottom borders, said FDIC.

Information about counterfeit items, cyber-fraud incidents and other fraudulent activity can be reported to FDIC's Cyber-Fraud and Financial Crimes Section. They can be submitted electronically at alert@fdic.gov .

Sunday, July 18, 2010

Google Me Social Network

There has been a lot of talk about Google working on a new social network (often referred to as "Google Me"). We still don't know exactly what that's going to be all about, but when people assess the success/failure of Google's social media efforts, they often overlook that Google owns YouTube, which is essentially a giant social network (albeit one that revolves around video).

Not everyone uses YouTube as a social network, but the more people that have Google accounts, the more people Google will be able to claim as part of its broader "social network".

Thursday, July 15, 2010

Ten tips aim to make technology more efficient for CUs

http://www.cuna.org/newsnow/10/system071410-5.html?ref=hed

LAS VEGAS (7/15/10)—"Information technology is the third top expense—behind staffing and facilities—for credit unions. With nearly half of credit unions having negative earnings last year, 2010 should be a year of automating tasks and work processes to drive efficiency."

So says Rudy Pereira, senior vice president operations and technology at Alliant CU, Chicago, who addressed 10 tips for increasing technology and operational efficiency--best practices from the CUNA Technology Council--during a Wednesday morning breakout session at The 1 Credit Union Conference in Las Vegas.

The conference was presented by the Credit Union National Association and the World Council of Credit Unions Sunday through Wednesday.

The 10 tips are:

1.Automated work flow. Enterprise content management will drive making processes more efficient, Pereira said, noting that often a member's phone call request is forwarded on and not followed through with a single call;

2.Integration. Integration of platforms and information from departments "lets you go from technology victim to leader," he said. An integrated platform can handle 90% of calls from members.

3.Virtualization. By consolidating and lowering the number of servers, Pereira's credit union saved 60% in costs—and reduced energy used.

4.Cloud computing. Linking a large group of servers via high speed networks to create a massive data storage system is in the future. By 2012, nearly 80% of Fortune 1,000 companies will engage in cloud computing. It will bring these benefits, Pereira said: scalability, skilled vendors, reduced cost, flexibility, quality of service, security and privacy. Small companies and start ups are at the front of the trend because they haven't invested in legacy systems that would need replaced.

5.Task automation. This would include job scheduling, lock box, log reviews and allows the tech staff to work on meaningful projects.

6.Member self-service. Members making transactions themselves will increase. At Pereira's credit union, 32% of members were online in 2005 and 60% in 2009. Among the hot new self-service options: ATMs with check image catchers and phones that take photos of a check and can deposit its image instead of the check.

7.Continuous process improvement. By breaking through patterns of "the way it's always been done," credit unions can improve service, ensure quality and reduce expenses.

8.Fraud analysis tools for online banking ATM and self-service phones. In 2005, credit unions saw significant budget losses beyond their insurance deductibles, with Pereira's credit union losing $700,000 on its $208,000 deductible. Insurers have put more responsibility on credit unions to manage their fraud losses.

9.Single sign-ons. Having a single password to log into all the credit union's systems will reduce help desk calls, save employees time waiting to reset passwords, reduce risk of the password being written down, add layered security, and engage employees.

10.Collaboration. More credit unions are beginning to consider partnering with other credit unions to use the same core system and staff. "The key is standardization (among vendors). It can drive up efficiency," Pereira concluded.

Saturday, July 10, 2010

Time to embrace biometric ATM scans?

By Jim Kim
Pub(http://www.fiercefinanceit.com/)

People have been talking about biometrics as a financial services security tool for a while now. At least one recent report suggests [1] that the financial sector is indeed emerging as a "potential adopter" and driving force in the global biometric market, which is set to grow at a near 20 percent average annual growth rate through 2012.

More banks do seem to be pondering ways to develop an easy and more convenient authentication alternative to cards and PINs for a range of transactions. North America and Europe dominated the biometric market in 2009 and will do so through 2012. Asia-Pacific and Middle East and Africa will also emerge.

Biometrics can be used at all levels, at the employee and customer authentication levels and beyond. A glimpse of the future comes from Warsaw, where one bank says it is the first in Europe to install a biometric ATM, "allowing customers to withdraw cash simply with the touch of a fingertip." The digit-scanning ATM runs on a system developed by Hitachi. The company says that "an infrared light is passed through the finger to detect a unique pattern of micro-veins beneath the surface, which is then matched with a pre-registered profile." Tests have indicated a one in a million false acceptance rate.

For more on the biometric ATM in Warsaw,

http://www.fiercefinanceit.com/story/time-embrace-biometric-atm-scans/2010-07-09

Links:

[1] http://www.emailwire.com/release/42102-Demand-from-Financial-Sector-to-Drive-Global-Biometrics-Market.html

[2] http://www.cnn.com/2010/WORLD/europe/07/05/first.biometric.atm.europe/?hpt=C2

[3] http://www.fiercefinanceit.com/story/can-len-technology-thwart-atm-skimmers/2010-06-30

[4] http://www.fiercefinanceit.com/story/phone-fraud-biometrics-tool-makes-gains/2009-06-10

[5] http://www.fiercefinance.com/story/atm-dispense-gold/2010-05-13

[6] http://www.fiercefinanceit.com/story/can-jitter-prevent-atm-abuse/2010-06-27

Friday, July 9, 2010

New E-Mail Security Service Offered

By Marc Rapport
http://www.cutimes.com/news/2010/7/Pages/New-EMail-Security-Service-Offered.aspx?utm_source=cutimes&utm_medium=email&utm_campaign=traffic&cmpid=cutimes

Credit unions belonging to the Financial Services Roundtable or its affiliates or the FS-ISAC (Financial Services-Information Sharing and Analysis Center) can take advantage of a new service designed to help financial institutions protect against e-mail fraud.

The Trusted Email Registry is a partnership of BITS, the Roundtable’s technology policy division, and FS-ISAC, with security tools provided by eCert Inc. of San Francisco.

Under the basic version, financial institutions can monitor a limited number of their domains’ e-mail traffic and receive reports about phishing attacks. An enhanced service covers more domains, advanced deployment services, policy enforcement, anti-spoofing tools and other remediation and support.

Credit unions belonging to the Financial Services Roundtable or its affiliates or the FS-ISAC (Financial Services-Information Sharing and Analysis Center) can take advantage of a new service designed to help financial institutions protect against e-mail fraud.

The Trusted Email Registry is a partnership of BITS, the Roundtable’s technology policy division, and FS-ISAC, with security tools provided by eCert Inc. of San Francisco.

Under the basic version, financial institutions can monitor a limited number of their domains’ e-mail traffic and receive reports about phishing attacks. An enhanced service covers more domains, advanced deployment services, policy enforcement, anti-spoofing tools and other remediation and support.

Wednesday, July 7, 2010

Business Mobile Banking, Fraud Top of Mind in Bankers Survey

Providing businesses with mobile banking and preventing fraud were top of mind for a group of banking brass gathered for a confab in California earlier this year. Social networking, maybe not so much.

Fundtech Ltd., a provider of global payment processing and ACH solutions, said more than 100 transaction banking executives from 53 American financial institutions participated in the polling in May at its Insights Conference in Santa Monica.

Fundtech, based in Jersey City, N.J., and London, said 39% of the respondents planned to deploy mobile business banking services within the next 12 months, 53% said payments fraud monitoring is their biggest challenge and 23% “think adding social networking to business banking is a ‘ridiculous idea,’” although 36% thought there was some potential to it.

Friday, July 2, 2010

What Do You Think?

Reaching Your Members in the 21st Century

Believe me. What you did yesterday to reach your members will not work today.  That's the basis of this critical conference set for November 4-7, 2010 in Phoenix. AZ.

This year we are introducing our annual Reaching Your Member In The 21st Century conference. This event is an innovative, comprehensive conference on Reaching Credit Union Members in today's ever-changing world. The conference is designed for credit union directors, CEOs, supervisory committee members, business development and marketing managers, IT managers, senior management and committee members.

Key topics for this year's program . . .

Strategic Planning...It's A Whole New Ballgame

Revitalizing Your Branch: Delivery Network Growth For The 21st Century
Reaching Your Members Through Social Media
Kick Consultative Selling Up A Notch: Tailor your sales conversations to the life stage needs of your members
Future Technology And Your Credit Union
The Millennial Are Here! Is Your Credit Union Prepared!
Take Back Your Website
Multi Channel Marketing In The New Financial World
The Millennial Are Here...Right Before Your Eyes

Hear from a 21 year old advertising and marketing student on what his generation is expecting from your credit union. You might be surprised.

Full details, resort info, cost, agenda, and more is available at:
http://cuconferences.com/10Reach/Reach10_Agenda.htm

Thursday, July 1, 2010

June News and Views Published Below


CU SECURITY & TECHNOLOGY News - Providing a brief summary of news and information related to security and technology issues for credit unions - Plus some interesting and fun web sites . . .