Did you know if credit unions employed this amazing, super-fantastic, whiz-bang tool it could prevent online banking fraud guaranteed 100%! OK, you caught me. Nothing in life is guaranteed right? Nothing except death, taxes, and root canals.
But what if I said a tool could—with a little effort and education—drastically reduce fraud chances to near zero? “Pfft! Near zero,” I hear you say in disbelief dripping with suspicion. “Indeed!” comes my hearty and confident response.
Giving members the power of control
Mind you, this is not a push-the-button-and-all-your-problems-are-solved type of tool. Rather, it is a tool that allows each individual to adjust one’s own security according to one’s own convenience and risk tolerance. One person’s garbage is another’s treasure, so to speak. For one person, the idea of knowing any kind of transaction that moves money requires a secondary code is comforting and reassuring. But for another, that idea may spark frustration and irritation at “one more step” to complete the task, hackers or not.
It is precisely this level of customization and individualization that lead the tool my team developed: Personal Internet Branch or PIB for short. When a credit union enables PIB and allows members to control and update their own PIB profile, then their online banking experience becomes more comfortable as a whole because they are in control. They determine when and where logins happen, they control which features are available, and they control whether or not a transaction requires a secondary “authorization” step. By adjusting these controls, members are crafting their own security model to match their actual behavior within online banking.
For those who don’t want to have to make those kinds of decisions for themselves though, credit unions can themselves dictate what the default profile requires, taking the burden of choice out of the member’s hands should they desire.
Types of controls
A member that has no interest in aggregator sites or any other integrations may want to take advantage of time controls. These time controls restrict use of online banking to certain days and/or time periods of the day. Never log in on the weekends? Turn off access. Morning person? Turn off access during the evenings. This type of setting may not be for the member that logs in twenty times a day to keep an eye on balances, but may be the perfect little additional security for that member that only logs in once a day, or perhaps even less.
Similarly, geographic controls restrict login access based on location. The location is derived from the IP address sent by the member’s browser. These “geolocations” are not always precise, so it can take some trial and error by the member. However, most members are going to be within the United States, so restricting by country would be an easy win. If a member is a world traveler, though, then this would not be a good choice. But again, the member is in control and can set settings that work for him or her.
There are also controls to allow the member to turn off features used infrequently or not at all. But the pièce-de-résistance, in my opinion, is the confirmation code. PIB allows member to require this code for a variety of features that can really tighten down and give a second layer of security for those more sensitive transactions, like moving money or changing personal information. Thus, if a hacker manages to stumble into a member’s online banking account, the odds of them also stumbling upon either the confirmation code or the credentials into the PIB application are extremely low, given good security hygiene (i.e. do not use the same password for multiple sites, make them complex, etc.).
Give members a choice
In the case of our features, we give credit unions the power to say whether they want their members to use it. And some have opted to disable the features for the most part, seeing it as a complication that might only frustrate their members. The way I see it, you might be depriving members the ability to control their own destiny and set their own comfort level.
True, the features aren’t state of the art or recently released, but they’re still around for a reason: they work. It might be time to re-examine your available tools and give members the power to choose.