LAS VEGAS — Without specifically being the conference theme, technology and the role it will play at CUs was a major component of the National Association of Federal Credit Unions recent annual convention here.

Here are takeaways for CUs from a trio of sessions at the conference.

1. Mobile and Data
One major recent change in the financial services landscape was the tipping point hit when the number of smartphone owners using their devices for mobile banking jumped to 45%, from 26%, Lee Wetherington, director of strategic insight for ProfitStars, said during the conference's opening keynote address.

"Sometime this year we'll hit the tipping point after which half of all mobile adults in the U.S. will be actively using mobile banking,' he said.

Wetherington emphasized that mobile banking is only the beginning.

That technology, he said, is essentially just the on-ramp to what he called "photo banking,' which he defined as anything that leverages the smartphone's camera, such as using mobile banking to top-up prepaid cards, taking a picture of a bill to initiate payment or even eye- and facial-recognition for authentication within the mobile banking application.

And once biometrics comes into play consumers who were skeptical about mobile banking security may be won over, Wetherington said.

"That brings in a whole new swath of customers ready to take advantage of mobile banking,' he said.

The feature that will get users to start down that path, however, is mobile remote deposit capture, Wetherington said.

He cited research from consulting firm Javelin Strategy & Research that mobile RDC will be key to CUs' migration of 55 million members who use online banking but haven't yet started using mobile.

"For people who haven't adopted mobile yet, their first toe in the water will be mobile RDC,' Wetherington said.

And there are real cost benefits to that.

Wetherington cited a cost of 12 cents per transaction for online transactions, compared with an average of 8 cents per transaction on mobile devices.

He pointed out that the term "big data' gets thrown around a lot, but what is more important to CUs is their own data.

"You are sitting on the Holy Grail of data in the era of big data,' Wetherington said, noting that financial institutions can already look at payments data to understand where members shop, what they buy and how much they spend.

Because CUs already have those data, analysis can be used to better understand and serve their members, he said.

Financial institutions can also use those data to curate relationships with merchants, which might in turn be able to be used to increase advertising revenue for the mobile-banking channel, Wetherington said.

"The big question is, who is going to control and monetize the mobile marketing of payments data that credit unions are already sitting on top of,' he said. "The future is more about data than it is about payments.'

2. Safe, Simple and Smart
John Ainsworth, group head of U.S. Markets for MasterCard of Purchase, N.Y., told conference attendees that any tech solution they roll out to members must be safe, simple and smart.

He spoke during a breakout session, "The Future of Payments,' and he reminded listeners that one of the immediate effects of Target Corp.'s data breach last year was a move back to concerns over safety.

"It was amazing to watch consumer sentiment go right back to safety,' Ainsworth said. "Rewards, loyalty, et cetera all went by the wayside once people were concerned about safety and security.'

One side effect of the recession was a shift in how consumers view rewards, Ainsworth said.

Pre-recession consumers were focused on accumulating rewards over an extended period of time and then redeeming them.

Today, "they expect the issuer to understand their behavior and reward them, with the consumer not having to do anything for it,' Ainsworth said.

Ainsworth pointed to a May 2013 statistic from Glenbrook Analysis that e-commerce volumes are projected to rise to 26% of all commercial volume by the end of 2017, adding that 20% of Starbucks Coffee Company customers use its app to pay for purchases.

But if there is a problem with the transaction, a consumer generally calls the financial institution not Starbucks, he said.

The bigger problem for CUs is that they aren't the ones developing these types of apps, Ainsworth said.

He predicted that the checking account will continue to be the center of the transaction cycle, though the way money is deducted from that account — whether via check, cash, mobile payment, plastic or some other manner — will continue to change.

"For the future of payments, your customers are going to demand that they be able to access accounts in numerous ways beyond what they have today,' Ainsworth said.

And because CUs can't do it all themselves, Ainsworth said that they need to think about who their tech provider views as the end customer: the CU or the CU member.

That will be particularly important as digital wallet tech continues to gain a foothold, as multiple companies with no stake in the CU's success will want access to a CU's members in order to reach them via a digital wallet.

Before digital wallets are widespread, however, CUs have to navigate new standards for Europay, Master Card and Visa — a field that Ainsworth said has seen far too much miseducation.

While CUs think about EMV, they must also formulate a strategy for contactless payments, he said.
In the meantime, EMV won't prevent fraud, but it will make data less attractive and less valuable to would-be data thieves, Ainsworth said.

After all, Target in Canada used chip and pin technology and didn't suffer a breach, whereas American Target stores, which use mag stripe technology for card purchases, weren't so lucky, he said.

In short, CUs are at a crossroads, and though they don't necessarily need to implement a mobile payments solution immediately, they need to be aware that their members are aware of solutions from a variety of providers and will expect the same level of quality from their CUs, Ainsworth said.

"Don't worry about the one killer solution,' he said. "Just make sure you don't invest all of your resources and time into the wrong solution.'

3. Cyber Security
Amid the National Credit Union Administration's increased focus on cyber security concerns, presenter Jake Olcott reminded attendees that cyber security isn't just an IT problem but is an enterprise-wide issue.

Executives must play a role and can't just rely on IT staff members to shoulder the burden, he said.

"Most cyber attackers — 99.99% of cyber attackers — are going after your organization for one of four reasons,' said Olcott, a principal with Good Harbor Security Risk Management LLC, who offered a breakout session on "Building a 'Cyber Secure' Organization.'

Chief among those is financial gain, but he said that cyber criminals are also often looking to make a political statement via "hacktivism,' looking for a competitive advantage (i.e. corporate espionage), or participating in all-out cyber warfare.

Olcott offered both Target and Edward Snowden as examples of huge data breaches by organizations that thought they were well protected.

In Target's case, hackers were able to breach the company's databanks and gain access to its point of sale terminals because they breached its air conditioning vendor, which had a portal with access into Target's data, Olcott said.

Using 'Super' Powers For Ill
In Snowden's case, the controversial contractor was able to employ his "super-user' access to install software allowing him to search for and download from the National Security Agency's systems.

"What didn't the NSA have? The NSA didn't have the ability to detect when somebody who had 'super-user' access was abusing their privileges,' Olcott said.

"The issue is not that we don't want some people to have 'super-user' access. Some people should have escalated levels of access to things,' Olcott said.

"That makes total sense,' he said. "What doesn't make sense is that we don't have a system that can alert us to when people are doing bad things with that.'

The lesson from both is that serious cyber threats can come from inside or outside the organization, and neither organization was prepared to deal with those breaches, Olcott said.

One big concern for CUs is CryptoLocker, a type of malware that is increasingly affecting small businesses by encrypting sensitive files and holding them hostageor preventing access until financial demands are met, he said.

"These things are really easy for the bad guys to download. You don't have to be a genius to write it,' Olcott said.

"It's basically commercially available. You can take it and start sending it out to whoever you want to target,' Olcott said.

"So I see this as presenting increasing risks to your organizations, and the consequences are really bad,' he said.

Olcott offered the example of Abilene FCU, a $21 million Abilene, Texas, CU that was the victim of hackers who were looking for its Experian credentials in order to run credit reports on members and open accounts in their names for the purpose of theft.

Although it was a very unconventional attack, "it goes to show that the purpose of the attack, the motivation for the attack, is not always obvious,' he said.

"It's not always obvious why your organization would be a victim. Sometimes they want your customer data, sometimes they want your Experian passwords, sometimes they want to mess with you just because,' Olcott said.

Subscribe Now

Authoritative analysis and perspective for every segment of the credit union industry

14-Day Free Trial

No credit card required. Complete access to articles, breaking news and industry data.