Due diligence and disclosure are the keys to mitigating weblinking risk on credit union websites, according to John Worthington, senior vice president of corporate communications at Security Service FCU.
Most credit unions link from their websites to third-party websites in order to provide additional financial resources for their members.
According to "Weblinking: Identifying Risks and Risk Management," released in April as Letter No. 03-CU-08 by the NCUA and as an FDIC press release, weblinking increases the degree of compliance and reputation risk in association with the linked third party's practices.
"We do our due diligence on any third party before we link to them," said Worthington. Third parties linked to SSFCU's site include sites critical to member service, such as bill pay, to sites designed to foster member loyalty, such as Lego.com from the CU's Kids Zone.
"Our risk management people work very closely with our IT folks before we set up any link," he added.
Third party links under the SSFCU logo are maintained by contract, whereas links directing users outside of the SSFCU site are covered by the CU's Terms and Conditions of Use disclosure link at the bottom of its home page. "We have to leave it up to the member to be reasonable and access the Terms and Conditions of Use statement," said Worthington.
In addition, outside links are coupled with disclaimers such as "Not affiliated with SSFCU," and, "As you go out into the untamed cyber-jungle of the World Wide Web, please remember that we are not responsible for the content of other websites you may visit."
At $1.2-billion Community CU in Dallas, clicking out takes a little more clicking ach time a member follows a link outside the Community CU site, he must first click OK to a pop-up box that reads, "You are leaving CCU's website. CCU is not responsible for the content of the new site. Privacy and security of the site you are moving to might differ from those practiced by the credit union."
Other Steps Taken
Community CU guards links to critical services contractually, and also keeps copies of the service providers' compliance and security documents, said John Bock, CIO.
The 210,000-member CU has a plan for responding to member complaints related to third party practices, Bock said.
Complaints are addressed by the CU's internal call center, and help is also available at the website from an online chat representative. In particular, "our e-services group is the interface to our electronic member."
The e-services group is "a team of people prepared to handle web-related complaints," explained Wendi Costlow, vice president of marketing at Community CU.
At 485,000-member SSFCU, Worth doesn't expect that weblinking risk will ever produce serious incidents, but "if there were indications that there were a problem, we would be all over it," he said.
Every year, CCU reviews third party profiles, looking at factors such as financial performance and security infrastructure.
"We've created a methodology that prioritizes our relationships with any contractual relationships," said Bock.