WALNUT CREEK, Calif.-The greatest risk with live Web chat is not knowing who's on the other end of the conversation, said several credit unions.
"As such, we limit the information we exchange over chat to general information," said Michelle Shelor, AVP-operations at Pacific Service CU here.
Specific account information is addressed in phone calls instead, she continued. "Over the telephone, we're able to thoroughly verify our member's identity.
"Black Hills FCU in Rapid City, S.D., has a "very thorough member identification program," said John Madsen, VP-IT, adding that he is not able to provide details about the program. "Just as with phone calls, we need to positively identify every member that contacts us before discussing confidential information."
Training agents to detect social engineering must be a "high priority," said Heather Moshier, EVP-IT at San Diego County CU. To maintain security during sessions, Vantage chat is secured by Secure Sockets Layer (SSL) encryption. Chat logs are cleared after six months.
The chat vendor maintains several certifications, including SAS70 type II, SOX, GLBA, PCI-DSS and HIPAA and performs regular third-party security testing on their systems. Only Vantage can view the chats.
