Increasing security, reducing fraud and minimizing risk are the three main ingredients of a strong and robust security strategy for financial institutions. But how to achieve this trifecta of protection for both the credit union and its members?
The basic tools and methods of increasing security must be supported by a dedicated and committed organizational mindset to expand a credit union’s fraud-fighting capabilities beyond the basics of “just enough” security.
The constantly advancing techniques of fraudsters are the enemy of a good security strategy, and they will rarely if ever fail to exploit an opportunity to defraud an institution and its members. The only guard is constant vigilance.
Security Allies and Foes
A credit union’s security “ecosystem” has many allies but also many foes. The eco-system’s allies consist of dedicated personnel and substantive training in procedures, processes, quality assurance and testing, to name a few. The foes of that system can be roughly thought of as just the opposite – human error and negligence, weak procedures, weak processes, lack of controls and no segregation of critical duties, any one of which could harm the organization’s security posture.
Minimizing risk is an often-delicate balance. Organizations seek to increase revenue and keep up with consumer demands for the latest in emerging payment technologies. Yet, these considerations can jeopardize security if a strong business model is not in place to continue budgeting for strong security as well as member and staff education in connection with the risks that often come with the introduction of new technology.
Building a strong security strategy takes a committed mindset and investment in staff, technology and tools. Technologies such as data leak prevention, firewalls, intrusion prevention/detection systems and auditing tools are a good start, but not the end all. The entire organization must adopt a security mindset and make fraud prevention and risk mitigation a part of the enterprise’s policy vernacular and its way of doing business on a daily basis.
A Strategic Approach
A strategic approach to the 24/7 battle on behalf of increasing security, reducing fraud and minimizing risk should include at least the following eight points:
- Build a strong overall organization security system through a deep defense. It’s been said often in sports that “Good defense wins championships.” It’s perhaps the essence of security. How’s your bench strength?
- Mitigate fraud with clear processes and procedures. If security ecosystems have both allies and foes, confusion over what to do is surly a foe.
- Data classification with limits to temporary employees, vendors, partner and staff. Not everybody has a “need to know” everything. Silos often need to be broken down between co-workers, but data is eligible for silos.
- Reduce risk by clearly understanding the industry and the risk associated with products and services. Consider security when making new product introductions, and budget accordingly in terms of new internal processes and member education.
- Build a strong vendor management program through legal and industry knowhow. This is perhaps one of the most important elements for the credit union movement, which so often relies on shared and outside services to compete in the financial marketplace.
- Work closely with human resources to perform background checks and other HR functions to minimize employee turnover. There’s no doubt about it – the most complex link in the security chain is the human being.
- Invest in technology that works for your budget – don’t buy a sledge hammer when a regular hammer will do. But don’t let frugality determine decision-making – you’ll pay for it many times over in the end.
- Secure executive and board involvement upfront to ensure that budgets and expectations align. Fighting fraud touches every aspect of an organization and its personnel – it can therefore only be adequately led from the top.
Age-Old Battle Newer Than Ever
The history of payments is a story of constant change driven by the need to make it easy to pay for things (convenience), and to make that transaction free of the fear of fraud (security).
At the beginning of this century, we were still in an era born in the 1950s – one that might be called “Charge It!” – as plastic cards became the payment tool of choice, as opposed to carrying large sums of cash. But, suddenly, we have moved into an era that might be called “Click” – as retail markets have turned into virtual markets and consumers steadily embraced the incredible convenience of e-commerce.
The big picture, then, is that convenience is boldly taking a step forward. Is your institutional commitment to increasing security, reducing fraud and minimizing risk doing likewise?
About the Author
Terrence Griffin is Chief Information Officer of CO-OP Financial Services, a financial technology provider to credit unions based in Rancho Cucamonga, Calif. He can be reached at terrence.griffin@co-opfs.org or (866) 812-2872.
The original article Security, Fraud and Risk: Basics, Strategy and the Bigger Picture can be found on Insight Vault.
