Credit Union Experts Provide 2019 Cybersecurity Outlook

Because of an overwhelming response to the CU Times inquiry of what cybersecurity developments will affect credit unions the most in 2019, we decided to feature some more of the feedback we received.

In this first of a two-part article we hear from some credit union industry professionals who helped draw a picture of forthcoming security expectations.

Mark Anderson, CEO, Banc Intranets, indicated cybersecurity will continue as a critical aspect of all credit union operations throughout 2019. “In particular though, credit unions will likely place more focus on data loss prevention as data liquidity between institutions and their fintech vendors continues to grow.”

Anderson added this not only relates to protecting member information, but processes, policies and even information intended for boards of directors. “Fintechs will need to come to the table prepared when looking to work with any credit union and ensure they are not only meeting government regulations, but acting as partners for the credit union to prevent data loss and limit external, or even internal, cybersecurity threats.”

Security will remain a payments industry critical issue, according to Steve Gilde, director of global product marketing, Paragon Application Systems. “As more devices, endpoints and alternative payment methods are introduced, the payments landscape becomes increasingly complex. This means ever more opportunities for payments fraud and opens more windows to compromise members’ sensitive information.”

To better prevent these risks from occurring and causing significant damage, Gilde recommended deploying appropriate anti-fraud protections, staying current with software releases and patch levels, as well as making sure that everything is tested properly.”

Mike Horrocks, vice president of product development, Baker Hill, believes, “We will begin to see the oversight of cybersecurity moving out of the IT department and into more of the traditional risk management side of credit unions.”

Horrocks listed the main drivers:

• Having so much member data at their disposal, which is a treasure trove for hackers.
• Lacking a security awareness. Most financial institutions believe they are secure from hackers. However, the truth is not a question of if or when, but a matter of how a credit union will respond once an intrusion is identified.
• Risk managers uniquely skilled to not only see the risks that may happen, but also having the ability to respond and mitigate risks once they have occurred.
• Because of the acceleration in the number of cyberattacks, credit unions having the ability to respond to cyberattacks in a feasible manner. This is why cybersecurity will move over to the risk management team.

Mike Triggiano, EVP of product management and corporate development, Velocity Solutions, proposed, with buzzwords such as artificial intelligence (AI), machine learning and big data dominating the headlines, the data technology space will continue to have a major influence on credit unions and their ability to meet the evolving needs of their members.

“However, these opportunities will also deliver a challenging set of security concerns. Credit unions will need to be extra vigilant as to how their data is stored and accessed as they expand their use of data analytics,” Triggiano said. Often, this requires credit unions to connect previously siloed internal systems and ensure the tools and platforms leverage data without sacrificing security.

Mickey Goldwasser, vice president of Payrailz, maintained, the good news about 2019 is the promise that credit unions will have more access to data with the ability to more easily share it between various technologies.

Goldwasser pointed out this data is priceless to credit unions when it comes to knowing members and personalizing their experiences. “However, the need for security in 2019 will be unprecedented. How credit unions share data is crucial and they must ensure they are securing data at every touch-point.” Credit unions must not only ensure members are protected but the organization is aware of current cybersecurity issues and how they can protect themselves.

David Eads, CEO, Gro Solutions, noted as credit unions continue to embrace the digital channel, identity verification for accountholders will be a key issue. “Exploring and implementing processes for effective validation will be critical for not only protecting their members and maintaining the integrity of their systems and data, but safeguarding their growth potential, as well.”

Eads warned with the rise of phishing and synthetic fraud such as fake IDs, credit unions must rethink some of the previous member verification methods used. “We could see a rise in credit unions leveraging tools and solutions that help lessen the chances of fraud and ‘false positives’ when it comes to digital identity using such utilizing alternative data or even blockchain technology.”

Third-party technology vendor oversight will become front and center in the coming year Pradeep Ittycheria, chief technology officer, Kasasa, predicts. “With credit unions working more closely with other industry participants such as fintech companies, larger, traditional banking vendors such as core banking systems, and credit union service organizations, a lot of new third-party technology will be used as well.”

Ittycheria added the NCUA has been pushing for greater oversight over fintechs and other firms, including CUSOs. “I believe that, rather than trying to regulate fintechs and CUSOs, the better approach would be to review existing cybersecurity standards, such as the NIST cybersecurity, to ensure that they capture and address current risks, enforce strong vendor management practices, and drive vendor certification programs from which all members of the NCUA can benefit.”

Next week: Credit union industry experts continue their outlook of potential 2019 issues and solutions.