According to the CUSO, two major changes will be put in place to add an additional layer of security for member access to It’s Me 247.  These updates are in response to the recent audit CU*Answers underwent by the State of Michigan, which included a review of online banking access risk.  During this examination, it was clear that auditors are going to get stringent with online banking access security.

For credit unions that were not requiring that security questions be asked at login, It’s Me 247 will automatically require them with the 9.6 release.  The option to ask them has been removed from PIB (Personal Internet Branch) layered security and now is a standard automatic part of It’s Me 247 online banking.

Additionally, the minimum online banking password length has been expanded to six characters.  A new “Password Strength Meter” tool has been added to assist members when changing passwords to educate them as to the security level associated with the password they have entered.  Color coding and messaging help the member determine if the password is “too short” or “weak” (red), “good” (yellow), or “strong” (green).

This release also includes changes to protect sensitive member data on e-Notices, providing additional security for these electronic communications.  Members will see the message “Your Personal information is not displayed for enhanced privacy and security” where they would usually see their name and address, and X’s will mask the member’s account base but not the account suffix.

For more information on the upcoming software enhancement, or to view Release Summaries for all upgrades since 1998, go to http://www.cuanswers.com/client_release_summaries.php.

Download Press Release

CU*Answers has partnered with Linoma Software to offer their Crypto CompleteTM application suite to its Self-Processing community. According to CU*Answers, they selected Crypto Complete because it had already met the existing PCI DSS requirements for encryption and key management and deploys on an IBM System i. Defense DB is the solution to safely and securely protect valuable member data and to satisfy the scrutinizing eye of auditors and examiners.

CU*Answers says Defense DB is a must-have, so that credit union teams can remain above reproach when questioned by outsiders as to how they manage their data and staff. Secondly, so that programs can be more flexible and readily available to share with outsiders, such as third-party call centers. Finally, so that when team members are completing data queries and analyzing member opportunities, you don’t have to worry about giving too much information to too many people.

Download Press Release

CU*NextNET is a national, secure, IP-based network constructed with Qwest for credit unions on the CU*Answers CU*BASE platform. First deployed in 2007, WESCO Net is again undertaking significant end-to-end investment upgrades of the network including real-time encryption of all sensitive member data traversing the network. Data will be protected using AES-256 encryption technology; the strongest currently available FIPS-approved algorithm.

According to Fred Damstra, CCNP and Senior Network Engineer at WESCO Net, “It’s no surprise that auditors are looking with increasing scrutiny at how member data is protected. CU*NextNET is already extremely secure, but layering encryption technology on top of the other controls already in place ensure the privacy and integrity of member data.” Damstra continues “Auditors are going to love this.”

WESCO Net is also deploying a secure and fully-automatic Internet-based VPN backup solution for users of the CU*NextNET network. Previously, automated backup solutions had been limited to ISDN or other CU*NextNET MPLS circuits. The VPN solution will allow credit unions to reduce costs by leveraging existing Internet connections to backup their main circuit. Dynamic routing protocols will automatically detect failures of the main circuit and reroute traffic over the VPN within about fifteen seconds.

“This project is representative of the power of the CU*Answers CUSO,” says Dave Wordhouse, VP of Network Technology at WESCO Net. “By leveraging the scale of the CUSO, we are able to deploy a new state-of-the-art data security solution and a new automated business continuity solution across the network with no additional cost to our clients. In fact, many may be able to reduce costs with the new backup solution. We are really excited to deliver this value, especially in the current economic climate.”

Download Press Release

eDOC developed and released the Security Audit Report Generator to assist administrators in performing audits of all user administration data. This report delineates Available Privileges, Effective Privileges assigned to groups, and an Individual Privilege profile for each system user.

The Security Audit Report application has been released to enhance the success of Clients’ current and future edocument strategies. While it is currently released as a stand alone module to make it retroactively compatible with EDI products version 5.1 or later, in the future it will be built into the base applications 2020DOC and 2020COLD and accessible simply through a “button” located in the administrator screen. It is designed to audit both file based security systems (through the Control Folder) and SQL based security systems (via access to the SQL database). While it is currently for in-house product users only, the Security Audit Report will be accessible through the ASP eReports product for ASP clients in the near future.

“Security and convenience are two of the foundational mainstays for a meaningful electronic document strategy”, explains Bret Weekes, President and CEO of eDOC Innovations. “The Security Audit Report addresses these extremely important principles directly. Now, eDOC clients can easily view, research and manage privileges for staff members and oversee internal access to sensitive data and information that they have already taken great steps to secure.”

Download Press Release

According to WESCO Net, because of an environment of increasing regulatory scrutiny and NCUAmandated third party oversight requirements, it’s important for credit unions to be able to prove to auditors that their third party technology provider is fulfilling their contractual obligations in a secure, consistent, and effective manner. Matt Sawtell, CISSP and Manager of Managed Services for WESCO Net says “The NCUA is putting the oversight burden on the credit union, but they may not have the expertise to effectively manage how the partner delivers their services. We believe it is our responsibility to assist our clients and assume a portion of that oversight burden. The SAS 70 allows us to do just that.”

WESCO Net says they are preparing for a follow-on Type II examination with even more strict requirements to be completed within the next 18 months. The SAS 70 examination is one of four rolling independent examinations of WESCO Net including Network Security Assessment, External Penetration Assessment, and Internal Penetration Assessment. Copies of the SAS 70 examination are available upon request.

Download Press Release