Protect The Online Channel: Four Top Considerations

Securing online transactions is a critical part of operating in the digital world.

April 1, 2006

By Dennis Maicon

In today's online banking landscape, securing members' online transactions isn't only a good practice for building member loyalty and trust, it's a critical part of operating in the digital world.

From fear of members abandoning the online channel to Federal Financial Institutions Examination Council (FFIEC) compliance, credit unions are anxiously searching for solutions to help them meet a diverse array of issues stemming from conducting business online. Faced with a multitude of technology and solution choices, credit union executives must arm themselves with information to be able to understand the risks associated with the online channel and to select solutions best meeting those risks.

When assessing risk, credit unions should look at a number of factors, some of which address the traditional concepts of risk (member segmentation and online activities) and some of which address different kinds of risk (those associated with new technology and its effects on online members).

Credit unions should weigh four considerations when investigating how to best provide strong member protection online, keeping in mind the balance between security and preserving the normal member experience:

►Member experience. Credit unions need to move member experience to the top of theironline fraud prevention checklist. While not a point in the FFIEC guidance, it's a point ofcommon sense: Disrupting the ease of use of the online channel with lengthy or cumbersomeprocesses isn't a good way to build loyalty with online users. Nor is it a good way for creditunions to keep costs down.By deploying a transparent authentication solution, credit unions remove the member from theauthentication process and keep security tactics off of fraudsters' radars.

►Front door protection--keeping would-be fraudsters from gaining access to memberaccounts. Credit unions need to be wary of solutions that don't authenticate users until afterlogon, and then look only for suspicious or risky transactions. While it's important to trackactivity once online, it's imperative to employ real-time risk evaluations at logon--before afraudster has the opportunity to view sensitive member data.Think of it this way: Would you rather lock your front door to keep thieves out, or would yourather let them in your house and take action only if they do something suspicious?

►Member segmentation. Not all credit union members are the same. Does the solutionyou're looking at provide options for further authentication of riskier member segments? Creditunions should look for solutions offering multiple choices for user authentication so they canselect the method best meeting the security needs of diverse member segments.

►Analysis and forensics. This is one of the most critical parts of any fraudprevention solution because it's the one thing that will continue to help credit unions define,detect, and defend against emerging fraud. Without a strong analytical component designed to makesense of the newfound information about a credit union's online channel, there's no way tounderstand how well your solution is helping to lower fraud losses from the online channel.When looking at risk for the online channel, look beyond traditional risk assessment factors.Incorporate factors into the decision process that will affect your credit union and your memberslong after risk assessments are completed.

Dennis Maicon is executive vice president, financial services solutions, for Atlanta-based Digital Resolve. Contact him at 877-201-3593.