Technology and Security Conference, Las Vegas, NV Feb 11-13, 2014

We’re back from this year’s NAFCU Technology and Security Conference in Las Vegas, where the sessions were informative and the conversations lively.

Presentations at this conference focused on a few key themes, which we came to imagine as layers making up a credit union’s IT environment, starting with a core system at the center, moving out to integrations with various other systems such as identity verification and account-screening services, and eventually reaching that all-important community, customers.

Not All Cores Are Created Equal

The conference featured many discussions about core systems. That was hardly surprising since this was a technology conference, and at any credit union the IT team is likely to be closely involved in the selection and deployment of a core system.

One lesson that came through loud and clear:  credit unions should avoid signing long (e.g., 7-year) contracts with core vendors. Technology is changing quickly. New features and capabilities are being introduced all the time. Customer expectations and market trends are changing quickly, as well. Sign a 7-year contract, and you’re guaranteed to have old technology for at least half the length of your purchase.

Among the various core systems on the market today, credit unions clearly have their favorites. Several credit unions said they were evaluating new cores, which leads us to . . .

Integrations Are Critical to Improving Services and Customer Experience

As important as core systems are, they don’t perform all the essential IT functions in credit unions. Cores need to be integrated with other solutions, such as front-end systems, onboarding systems, and other specialized services that support branch or back-office operations.

Because technology is changing so quickly, credit unions would do well to select cores, front-end services, and other solutions with open APIs (application programming interfaces). Open interfaces give credit unions the freedom to pick and choose various specialized solutions and combine them at will to create a best-of-breed IT infrastructure.

At the conference, several credit union managers expressed frustration at vendor lock-ins. Choosing solutions with open APIs, rather than monolithic architectures, is an important step for avoiding lock-in.

Many institutions recognize that, in order to provide the best possible customer service and to make operations as efficient and accurate as possible, it’s time to move beyond manual paperwork and Excel spreadsheets. Institutions should take advantage of the new in-branch and back-office solutions now on the market.

Institutions and Customers Need to Focus on Security

As the conference’s title suggests, security was another major theme of presentations and discussions.

IT security involves not only internal systems such as cores, but also the computing habits of credit union customers. Keynote speaker John Sileo gave a thorough talk about best practices for security in all aspects of computing: from designing networks to conducting ecommerce.

Here’s our own list of four security suggestions for credit union employees and customers:

  • Use passwords. Hard ones.
    Surveys still turn up large numbers of consumers using obvious passwords like ’12345′ or ‘password’. Passwords this simple can be cracked in a split second by hackers. Employees and customers should choose passwords that are not familiar words or other obvious sequences of letters or numbers. Instead, include a mix of upper case and lower case letters, numbers, and punctuation, if the application in question allows it.
  • Don’t use the same password for all your services.
    You don’t want a hacker discovering a single key that opens all the doors in your kingdom.
  • Apply a passcode to your mobile phone.
    A 2011 survey by security firm Sophos found 70% of consumers fail to apply passcodes on their phones. That’s troubling for the 22% of consumers who have already lost their phones. An unprotected phone gives hackers access to all kinds of personal and business data, potentially including contact lists, family photos, and logins to social media networks. The result could be mildly annoying mischief or more prolonged and agonizing identity theft.
  • Install malware-detection software on mobile devices.
    From 2011 to 2012, forms of mobile malware grew 4600%, according to McAfee. Why? Hackers know that smartphones and tablets now store a wealth of valuable information. They know that mobile operating systems are still relatively young and untested, and that consumers who might use passwords and AV scanning software on their desktop systems are usually much more lax about security on smartphones and tablets. In a nutshell:  rich targets, little security. No wonder hackers are cranking out new attacks every day. Fortunately, free AV scanning software for mobile devices is readily available. Try Lookout, which offers malware detection and back-up services for iOS and Android devices.

Thanks, NAFCU, for putting on an engaging and informative conference.