READER QUESTION #1
Wachovia has developed a system that resembles e-mail applications but is said to be more secure than traditional e-mail yet still cost effective. Can we do something like this in a secure, cost-effective way?
Sue Pogatschnik, CU Market Manager, Wolters Kluwer Financial Services, St. Cloud, Minn.
Several secure Internet document delivery platforms have become available to credit unions. The selection of such a system should be based on the system's ability deliver the absolute maximum in security measures, as well as time and cost saving benefits to your credit union.
There are several key factors your credit union should consider when choosing an Internet document delivery system to meet data security needs. These include two-way delivery capability; the ability to lock down, limit access to, and track message status at all points of its lifecycle; usability; and a noticeable return on investment.
The ROI your credit union can realize by using a secure Internet document delivery service can be priceless. Not only could your credit union save $3 to $5 per closed loan package in the cost of shipping hard copies of documents, but even more valuable is preserving the good relationship developed with your members and mitigating your reputational risk.
Chris Barber, Wescorp, San Dimas, Calif.
Unfortunately, cost effective is in the 'eye of the beholder'. $100,000 may be very reasonable to Wachovia or some credit unions but cost prohibitive for others. Two solutions we looked at were TumbleWeed and PostX secure messaging products. They can be leveraged quite nicely to provide a secure email messaging back bone however they do come at a cost.
You may want to look to a technology CUSO or your corporate credit union and see if they could offer a hosted secure email product that the credit unions could leverage when needing to send secure emails. This way you don't need to invest in the infrastructure but have access to a very cost effective solution when you need one. A kind of a pay as you go model.
Greg Crandell, EVP-business development, DigitalMailer, Herndon, Va.
Many credit unions may already be able to emulate the key features of the solution at Wachovia, and do so for little additional cost. At DigitalMailer, we work with credit unions that send email to members via the traditional open channel alerting them that important information is waiting in the secure messaging center within online banking. Using our eLERT service, in combination with its online banking secure messaging feature, credit unions inexpensively emulate the functionality of Wachovia's stated solution.
By providing members an email service that marries account numbers to email addresses, and secures access to both via member-selected passwords, these credit unions are taking advantage of both the preference-based email service we provide, and the secure messaging feature provided by their online banking vendor. The two, together, let their employees communicate securely, and directly, with individual members who have enrolled with the credit union to receive account-related messages.
David McConney, EVP/General Manager, Credit Union Core Systems, Harland Financial Solutions, Pleasanton, Calif.
It really does not matter how secure the email channel is. What matters is building communication systems that are resistant to social engineering attacks, whether phishing, pharming or other attack vectors.
Secure web-based messaging inside Internet banking is a good alternative if sensitive information needs to be communicated.
There are three ways in which you can achieve secure web-based messaging; develop a homegrown solution, use a managed third party solution, or integration with a third party solution into the core system and Internet banking for a seamless experience. Cost will vary depending on which option you select and complexity of the solution deployed.
Dan Chaney, Teres Solutions, Austin, Texas
Yes, there are several ways to establish secure messaging with your customers. Doing so has become even more important in the last year in regulated industries such as ours and numerous product offerings have emerged to address the demand.
A great example is "forums" or online bulletin boards. They use Secure Socket Layer (SSL) encryption and allow your members to communicate securely in a controlled manner.
Another example is to offer members an SSL enabled web-based e-mail solution, similar to what Yahoo mail offers. Because the e-mail solution is SSL encrypted and hosted and managed by you, you have greater control over the security. In addition to being very secure, most of these offerings are cost effective.
Theresa Benavidez, Chief Technology Officer, USERS, Valley Forge, Penn.
There are various ways to provide a secure alternative to e-mail for members. One of the most effective is Secure Messaging.
A Secure Messaging application enables encrypted online communication to occur between members and the credit union, with members submitting questions through a secure form on the credit union's home banking site.
This technology addresses security in two ways: it requires the member to log into the credit union's home banking service (which authenticates the member's identity) and it ensures that the communication occurs within the secure environment of the home banking application.
Some Secure Messaging solutions will enable you to create canned responses to the most common questions and automatically route non-routine questions to the right employee - allowing a faster response and greater efficiency.
Secure Messaging is emerging as a more viable alternative to applications that bill themselves as "secure e-mail," which tend to require special software on the member's side, making them less practical.