PORTLAND, Ore. – Today's hackers are targeting organizations' processes and people – not just their technology – meaning effective data breach prevention must start with changes to employee behavior.
That was the key argument presented by Giles Witherspoon-Boyd, president/CEO of the Orem, Utah-based consulting firm Kaizen Data Security Group, at NWCUA's Amplify Thursday.
During his breakout session, "The Changing Payments Landscape: What Your Credit Union Needs to Know," Witherspoon-Boyd presented some alarming statistics on the vulnerabilities associated with payments technology and advised credit unions on how to approach security as payments technology continues to evolve.
While it costs less than $100 for a cybercriminal to carry out an attack, the damages to the victimized institutions are in the millions of dollars, he said. In addition, the number of data breaches per year has increased from 471 to 783 from 2012 to 2014, and today, there are 4.9 billion Internet-connected devices in use, creating continued risk.
He said the best way for organizations such as credit unions to mitigate cyber risks is to train their employees on what to look for.
"The reality is, you need to put good policies and procedures in place," he said. "If someone gets an email that's internal and it's supposed to have a watermark on it, and it's not there, then that attack won't work. This can prevent the largest majority of data breaches."
Witherspoon-Boyd discussed the many changes that have taken place around payments technology since 2013, citing Google Glass and PayPal Beacon as examples of how risky it can be. With PayPal Beacon, consumers who have a PayPal account receive an alert on their smartphones when they enter a store that accepts PayPal payments, scan items they wish to purchase using the PayPal app and leave. Despite the convenience these types of services provide, he said they point to the fact that today's consumers are freely giving data away.
"The world you knew about in 2013 is long gone, and what we're looking at is how to defend in the future," he said. "It's about coming up with a real, sustainable, business-as-usual set of policies and procedures."
Today, wearable devices that make payments and utilize biometrics are all the rage, and in the future, consumers may begin to see things such as vein scanners, "touch to pay" technology in stores, combination phone/credit card devices that slide out from wearable devices and even credit card skin implants, he said. In the next few years, he added, consumers will be spending $189 billion annually in in-store mobile payments.
How will these developments affect credit unions? Witherspoon-Boyd emphasized that the influx in mobile payments is leading to exponential checking account growth, and in turn more chances for information to be stolen.
"When security is just part of your culture, that's the best place for you to be," he said. "You need to have a top-down approach to making it part of your business every day. There's no silver bullet to preventing a data breach, but what you do need is visibility, accountability and to work together."
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Natasha Chilingerian
Natasha Chilingerian has been immersed in the credit union industry for over a decade. She first joined CU Times in 2011 as a freelance writer, and following a two-year hiatus from 2013-2015, during which time she served as a communications specialist for Xceed Financial Credit Union (now Kinecta Federal Credit Union), she re-joined the CU Times team full-time as managing editor. She was promoted to executive editor in 2019. In the earlier days of her career, Chilingerian focused on news and lifestyle journalism, serving as a writer and editor for numerous regional publications in Oregon, Louisiana, South Carolina and the San Francisco Bay Area. In addition, she holds experience in marketing copywriting for companies in the finance and technology space. At CU Times, she covers People and Community news, cybersecurity, fintech partnerships, marketing, workplace culture, leadership, DEI, branch strategies, digital banking and more. She currently works remotely and splits her time between Southern California and Portland, Ore.
