According to a Gallup poll in 2020, 72 percent of Americans feared computer hackers accessing their personal, credit card, or financial information, and 66 percent worried about identity theft. Therefore, financial institutions must do everything in their power to keep their digital banking services safe and educate their account holders about cybersecurity. Let’s explore some common attack vectors and how you can keep your account holders’ data safe.

What are common digital vulnerabilities to credit union members?

Any customer of a bank or member of a credit union faces many cybersecurity issues that they may not even be aware of, let alone know how to cope with. Here are a few examples:

• Identity theft: Many credit union members experience identity theft through the sharing or loss of personal data. Phishing emails or SMS texts may cause people to provide their Social Security number or other sensitive data in response to an online question that should have been ignored. Credit card and bank account numbers can be shared or lost in the same manner. Education about these kinds of attacks can help your account holders understand what a legitimate request is and what is fraudulent. Remember, it only takes a few minutes for a cybercriminal to ransack a financial account once that information is in their hands.

• Downloading malicious files: In line with phishing attacks that require the recipient to submit personal information, there are also attacks that download malicious software onto the user’s computer or mobile device when they click a link. This software could scan the device for unsecured sensitive information (eg keeping your passwords in a Word document) or worse, lock up the device entirely in the case of ransomware.

• Weak password and unsecured browsing: Sad to say, there are still people who use "password" as a password. Perhaps equally as frightening is the fact that more than half of people use the same password for their work and personal accounts. A cybercriminal who breaks only one of those passwords now has access to that person’s entire financial world.

• Data mining on social media: Most of us have responded to one or more of those fun-sounding question lists on Facebook or other social media asking about events in your life like your first date, favorite car, or favorite movie you’ve seen. What we often do not realize, however, is that these innocent-looking data sets are actually examples of sophisticated data mining. Many forms of identity verification depend upon accurate answers to questions like childhood phone numbers and addresses. By participating in these questionnaires, you’re giving cybercrooks the information they need to make that ID confirmation.

How you can help your account holders stay safe

While you might not be able to control everything related to your account holders’ security vulnerabilities, you can start by giving them the kind of technological shields that they need but may not be familiar with. Among them are:

• Secure banking apps - Make sure any apps you offer have high levels of security built in, and make it clear that what account holders are accessing is secure to give them peace of mind.

• Address vendor issues: Third-party vendors can create a chink in your security armor if you aren’t careful. Make sure your vendors understand that cybersecurity is a high priority for you. Consider requiring a contractual commitment to cybersecurity in your third-party vendor agreements.

• Internal protocols - Ensure that your clients understand that pages with the letters SSL or HTTPS in the search line are good - these protocols make it harder for anyone to access their online presence and information.

• Compliance software- Invest in AI and digital banking services software that will monitor client activity and alert you when something goes wrong.

Additionally, education and resources about safe online banking practices are key. Offer guides and short examples of cybersafety issues on your website and social media pages so you can increase member knowledge. Be sure to outline the kinds of requests you would and would not make to members to help them spot the difference between a legitimate communication and a fake.

You can also encourage and incentivize the use of two-factor authentication for account sign-in. Phone apps make this process practically painless now.

Don't forget to tailor your messaging also. Use AI and account transaction analysis to help identify and protect your more vulnerable account holders. According to the Center for Victim Research, 7-10% of the U.S. population are victims of identity fraud each year, and 21% of those experience multiple incidents of identity fraud. Determine those whose behavior puts them most at risk and devote time and effort to make changes in behavior to make your most vulnerable accounts safer.

Send notifications with nudge®

People count on their financial institutions to protect their sensitive data from malicious actors. The Larky nudge® engagement platform helps financial institutions communicate securely with account holders by using a trusted source for communication – their mobile banking app. nudge® sends personalized messages to your members via lock screen push notifications that come directly from your mobile banking app instead of email or SMS text messages, which are prime mediums for spam or phishing. Contact us today to learn more about how we can help you offer better digital banking services.

‍