Technology: Two-Factor Authentication, Security Issues Are Pressing
There's no question what credit union IT departments will be doing this year.
A ruling handed down by the Federal Financial Institutions Examination Council (FFIEC) in October gives credit unions until the end of 2006 to implement a two-factor authentication system for members who access electronic banking services. This means members will need more than a user name and password to access personal data. The ruling doesn't mandate how the changes should be made. It just mandates that changes get made.
"There are pros and cons to that. The problem is that one solution may not be the best fit for each credit union. The FFIEC actually did us a favor by giving us the flexibility to develop our own cost-effective solutions," said Tom Kroen, CUNA Technology Council chairman.
Two-factor authentication is one of Technology Council's top priority issues this year, one that goes hand-in-hand with security. The council's annual conference will be heavily weighted with security issues, and two of the council's four commissioned white papers will relate to security. One of the biggest components of security is member education, he said.
"There's a big education portion of the ruling from the FFIEC," said Kroen, who is VP of Information Systems with First Tech Credit Union in Beaverton Ore. "Part of the process of moving toward this new authentication model is helping members understand what's at risk when there's a breach in security. We have to educate our members."
The education process doesn't fall on the shoulders of the IT department, but it will require IT to work closely with other business units within their credit unions. While not uncommon, the Technology Council is encouraging its members to forge new partnerships with those people. This will be new territory for many in the IT world.
"Historically, IT has stood on its own. We have found that by aligning ourselves with advocates from other business units, they will do our selling for us when it comes to convincing the board of directors and senior management that money needs to be spent. In other words, it's much more convincing when your lending vice president says he needs this new technology because it will accomplish a specific goal," Kroen said.
The Technology Council feels so strongly about the importance of these strategic partnerships that the concept actually made the council's top-seven list of technologies for 2006. Others on the list included: blogs for members, a form of instant messaging between staff and the human resources department, and Podcasting, which made the list for the first time this year.
"Podcasting (the distribution of audio or video files that are accessed by personal mobile devices) popped up as something credit unions should be looking into for the future. I expect some credit unions to have dabbled in it by the time our annual conference starts in August," said Kroen.
The council comes up with its list through a combination of efforts including its involvement with BITS (a former acronym for Banking Industry Technology Secretariat). BITS members come from 100 of the largest credit unions in the U.S. and conduct extensive research on technology.