3 Steps to Prepare Your Culture for AI Posted by AVCU on 3:04 PM

 According to Jared  Spataro from Microsoft, As business leaders, today we find ourselves in a place that’s all too familiar: the unfamiliar. Just as we steered our teams through the shift to remote and flexible work, we’re now on the verge of another seismic shift: AI. And like the shift to flexible work, priming an organization to embrace AI will hinge first and foremost on culture.

The pace and volume of work has increased exponentially, and we’re all struggling under the weight of it. Leaders and employees are eager for AI to lift the burden. That’s the key takeaway from our 2023 Work Trend Index, which surveyed 31,000 people across 31 countries and analyzed trillions of aggregated productivity signals in Microsoft 365, along with labor market trends on LinkedIn.

Nearly two-thirds of employees surveyed told us they don’t have enough time or energy to do their job. The cause of this drain is something we identified in the report as digital debt: the influx of data, emails, and chats has outpaced our ability to keep up. Employees today spend nearly 60% of their time communicating, leaving only 40% of their time for creating and innovating. In a world where creativity is the new productivity, digital debt isn’t just an inconvenience — it’s a liability.

AI promises to address that liability by allowing employees to focus on the most meaningful work. Increasing productivity, streamlining repetitive tasks, and increasing employee well-being are the top three things leaders want from AI, according to our research. Notably, amid fears that AI will replace jobs, reducing headcount was last on the list.

Becoming an AI-powered organization will require us to work in entirely new ways. As leaders, there are three steps we can take today to get our cultures ready for an AI-powered future:

Choose curiosity over fear

AI marks a new interaction model between humans and computers. Until now, the way we’ve interacted with computers has been similar to how we interact with a calculator: We ask a question or give directions, and the computer provides an answer. But with AI, the computer will be more like a copilot. We’ll need to develop a new kind of chemistry together, learning when and how to ask questions and about the importance of fact-checking responses.

Fear is a natural reaction to change, so it’s understandable for employees to feel some uncertainty about what AI will mean for their work. Our research found that while 49% of employees are concerned AI will replace their jobs, the promise of AI outweighs the threat: 70% of employees are more than willing to delegate to AI to lighten their workloads.

We’re rarely served by operating from a place of fear. By fostering a culture of curiosity, we can empower our people to understand how AI works, including its capabilities and its shortcomings. This understanding starts with firsthand experience. Encourage employees to put curiosity into action by experimenting (safely and securely) with new AI tools, such as AI-powered search, intelligent writing assistance, or smart calendaring, to name just a few. Since every role and function will have different ways to use and benefit from AI, challenge them to rethink how AI could improve or transform processes as they get familiar with the tools. From there, employees can begin to unlock new ways of working.

Embrace failure

AI will change nearly every job, and nearly every work pattern can benefit from some degree of AI augmentation or automation. As leaders, now is the time to encourage our teams to bring creativity to reimagining work, adopting a test-and-learn strategy to find ways AI can best help meet the needs of the business.

AI won’t get it right every time, but even when it’s wrong, it’s usefully wrong. It moves you at least one step forward from a blank slate, so you can jump right into the critical thinking work of reviewing, editing, or augmenting. It will take time to learn these new patterns of work and identify which processes need to change and how. But if we create a culture where experimentation and learning are viewed as a prerequisite to progress, we’ll get there much faster.

As leaders, we have a responsibility to create the right environment for failure so that our people are empowered to experiment to uncover how AI can fit into their workflows. In my experience, that includes celebrating wins as well as sharing lessons learned in order to help keep each other from wasting time learning the same lesson twice. Both formally and informally, carve out space for people to share knowledge — for example, by crowdsourcing a prompt guidebook within your department or making AI tips a standing agenda item in your monthly all-staff meetings. Operating with agility will be a foundational tenet of AI-powered organizations.

Become a learn-it-all

I often hear concerns that AI will be a crutch, offering shortcuts and workarounds that ultimately diminish innovation and engagement. In my mind, the potential for AI is so much bigger than that, and it will become a competitive advantage for those who use it thoughtfully. Those will become your most engaged and innovative employees.

The value you get from AI is only as good as what you put in. Simple questions will result in simple answers. But sophisticated, thought-provoking questions will result in more complex analysis and bigger ideas. The value will shift from employees who have all the right answers to employees who know how to ask the right questions. Organizations of the future will place a premium on analytical thinkers and problem-solvers who can effectively reason over AI-generated content.

At Microsoft, we believe a learn-it-all mentality will get us much farther than a know-it-all one. And while the learning curve of using AI can be daunting, it’s a muscle that has to be built over time — and that we should start strengthening today. When I talk to leaders about how to achieve this across their companies and teams, I tell them three things:

• Establish guardrails to help people experiment safely and responsibly. Which tools do you encourage employees to use, and what data is — and isn’t — appropriate to input. What guidelines do they need to follow around fact-checking, reviewing, and editing?
• Learning to work with AI will need to be a continuous process, not a one-time training. Infuse learning opportunities into your rhythm of business and keep employees up to date with the latest resources. For example, one team might block off Friday afternoons for learning, while another has monthly “office hours” for AI Q&A and troubleshooting. And think beyond traditional courses or resources. How can peer-to-peer knowledge sharing, such as lunch and learns or a digital hotline, play a role so people can learn from each other?
• Embrace the need for change management. Being intentional and programmatic will be crucial for successfully adopting AI. Identify goals and metrics for success, and select AI champions or pilot program leads to help bring the vision to life. Different functions and disciplines will have different needs and challenges when it comes to AI, but one shared need will be for structure and support as we all transition to a new way of working.

The platform shift to AI is well underway. And while it holds the promise of transforming work and giving organizations a competitive advantage, realizing those benefits isn’t possible without a culture that embraces curiosity, failure, and learning. As leaders, we’re uniquely positioned to foster this culture within our organizations today in order to set our teams up for success in the future. When paired with the capabilities of AI, this kind of culture will unlock a better future of work for everyone.

Credit unions need younger members. Can TikTok help? Posted by AVCU on 10:58 AM

 The need to reach younger consumers is pushing credit unions to dip a toe into new social media platforms.

While legacy services such as Facebook, Twitter and Instagram continue to dominate the social media landscape, new players are emerging all the time. And some credit unions believe the that video-sharing platform TikTok may be the most likely to help them reach a younger audience.

 “From an organic standpoint, it’s what Instagram was four or five years ago, where you could get on there and reach hundreds of thousands of people without having to pay for that space,” said Meredith Olmstead, founder and CEO of FI Grow Solutions.

Those traditional platforms like Facebook and Twitter are bigger — Facebook has 2.7 billion users worldwide and Twitter has 300 million monthly active users, compared to roughly 689 million TikTok users, about 100 million of whom are in the United States.

But the more established platforms tend to skew older. More than half of all Facebook users are over age 35, according to NapoleonCat, a site specializing in social media statistics, and nearly 40% are 45 or older. Twitter's largest user demographic is between 30 to 49 years old. By comparison, TikTok's audience is engaged — the average user spends 45 minutes a day on the app, according to social media firm Social Sprout. And, more importantly, TikTok's users are overwhelmingly young, with the biggest chunk of users between the ages of 18 and 24, and more than half are under 35. That's the audience credit untions are most eager to reach.

Reaching younger potential members is important because the age of the average credit union member has been stuck at about 47 for decades. And as those consumers age out of their prime borrowing years, the industry will need to bring in younger members to keep business flowing. Worse, there are indications that membership isn’t being passed down from generation to generation, and even in instances when adult children do join their parents’ credit union, they may be quick to jump ship if the right digital solutions aren’t in place.

Carolina Trust Federal Credit Union in Myrtle Beach, S.C., has begun experimenting with TikTok in conjunction with its use of a Gen Z brand ambassador. The credit union’s average member age is between 50 and 55, said Jessica Wilson, chief development officer at the $305 million-asset credit union, and that age range “hasn’t moved in years.”

The brand ambassador “does videos similar to any other influencer, really — little fun videos of cooking or even the transition videos you see people on TikTok doing,” said Wilson. “We’ve created almost a subbrand with her because she’s young and relatable.”

In general, the credit union is targeting consumers ranging from their late teens to early 40s, with a focus on the student population at Coastal Carolina University. The turn to TikTok is part of a broader social media outreach effort that also includes Instagram and Facebook.

“TikTok was just something that, because of the age our brand ambassador is in, she’s familiar with it, so we started to go down that path,” said Wilson.

As with other platforms, credit unions have to tailor their approach to TikTok, said Lauren Robirds, digital marketing strategist at Your Marketing Co., a South Carolina-based firm that works with credit unions across the country.

“Not a lot of people want to follow their credit union on TikTok if it’s just basic information about an auto loan,” she said. “It has to be engaging and catch that younger crowd — you have to do something crazy and unique.”

One strategy some institutions have used, she said, is to focus on financial education, including the basics of credit scores and money-management. “Definitely things that people in the younger generation don’t have a solid education on,” she said.

Excel Federal Credit Union near Atlanta began building TikTok into its social media strategy for 2021 and has been “testing what resonates with a small group of people so we can invest dollars behind what’s most successful,” explained Britney Bailey, marketing director at the $140 million-asset credit union.

So far its content has primarily been 60-second clips about subjects such as home improvement projects, credit cards, the fundamentals of credit and more.

“It’s intended to be easy to consume and based around financial literacy,” she said. “Nothing is strictly driving a product. Obviously we’re timing our content to go along with our promotions for the quarter so that holistically our advertising is spreading the same message, but none of it is a direct ‘click her to apply now’ type of ad.”

As the credit union has branched out into TikTok, however, it has also scaled back a bit from some other platforms, including Instagram, which was often used for showcasing content “behind the scenes” at Excel that members might not ordinarily see.

“Because of COVID and being offsite, I haven’t been there with the phone to snap pictures of the big moments,” said Bailey.

Security hasn’t been a major concern with social media platforms up to this point, but that’s not the case with TikTok. The app, which originated in China, came under scrutiny last summer over concerns that it posed a national security threat or could, at the minimum, be an espionage tool. While the Trump administration floated the idea of banning domestic usage of the app entirely, the ban never materialized. But credit unions using the app are still taking precautions.

“Everything TikTok-related is on outside devices, so nothing is behind the firewall or on the VPN,” explained Excel’s Bailey. “We also aren’t necessarily encouraging our members and consumers in our market to adopt the app. We’re letting them know, 'We’re here if you are," but we’re not pushing them to download it.”

Similarly, Wilson said all of Carolina Trust’s activity with the service stays off of the credit union’s infrastructure, and none of it is conducted on credit union-owned devices, at the direction of the credit union’s senior vice president of IT.

Olmstead, however, suggested some security concerns for credit unions may be overblown.

“I’m not convinced the security concerns with TikTok are any more substantial than any other social platform,” she said. “You simply have to create a posting policy and strategy for monitoring the platform and a plan for dealing with any violations or problems that could arise. These aren’t platforms where you’ll be discussing account information so the risk is fairly minimal. And specific account-related questions would need to be taken offline no matter what platform you’re using, unless it’s a secure chat specifically designed for financial institutions to use.”

Security concerns aside, one of the biggest questions for the industry is simply whether the app has any staying power. After all, Snapchat seemed like a major player a few years ago, but it never widely caught on with the industry. But Olmstead said that's part of the strategy — seeing what works and what doesn't, and adapting.

“Gone are the days where we all do the same things for 30 years,” said Olmstead. “Understanding and normalizing the idea that things will change and there’s constant evolution, particularly in the digital space, will help people feel more comfortable with the idea of trying new things. It’s not the end of the world to pull down your page if you decide it wasn’t worth your time.”

PSCU Card Data Suggests Consumers' Stockpiling Frenzy May Be Waning Posted by AVCU on 12:40 PM

New data from PSCU suggested that the urge to stock up on groceries and other supplies is beginning to wane.

In new research, the St. Petersburg, Fla.-based CUSO said that among its owner credit union members, credit card spending at grocery stores and supermarkets grew 24.9% year-over-year for the week of March 23, 2020, compared to the week of March 25, 2019, and debit card spending grew 10%. However, those growth rates were much lower than what PSCU saw in the preceding two weeks of March, “indicating that consumers were easing back from their ‘stock-up’ purchases conducted during the early weeks of the COVID-19 pandemic,” it noted.

PSCU also said growth rates in credit and debit card spending at drug stores and pharmacies were flattening. During the week of March 23, 2020, credit card spending in the sector grew by just 0.7%, and debit card spending actually fell 7.5%. In contrast, just a week before that, year-over-year spending at drug stores and pharmacies was up 33% for credit cards and 27.4% for debit cards.

Overall credit card spending was down 29.9% for the week of March 23, 2020, compared to the week of March 25, 2019. Debit card spending was down 18.1%, PSCU found.

“As anticipated, we began to more clearly see the negative impacts of the COVID-19 pandemic on consumer spending this week,” PSCU Advisors Plus SVP Glynn Frechette said. “As the situation evolves and more nonessential retail stores are closed, along with stay-at-home orders being put in place throughout the country, we expect continued downward pressure on consumer spend. We will continue to keep our credit unions apprised of these trends to help guide their decision-making and best serve their members in these challenging times.”

An even stronger trend has played out for gas stations, according to the data. Credit card spending was down 52.2% and debit card spending dropped 40.1% for the week of March 23, 2020, compared to the week of March 25, 2019. Lower gas prices and the giant increase in working from home likely drove the declines, PSCU noted.

Purchases of consumer goods also slumped during the week of March 23 compared to the same week of 2019, falling 18.6% for credit cards and 17.7% for debit cards.

Consumers Do An About-Face on Chip Cards Posted by AVCU on 7:03 AM

It wasn’t that long ago as issuers moved to chip cards from mag stripes that consumers were complaining about the change. But now More than half (54%) of U.S. consumers say inserting a chip card is their preferred payment method, according to a report from Ingenico Group and FreedomPay.

This is significantly more than the 11% who prefer swiping a magnetic strip card, noted LowCards.com in its analysis.

Contactless payments are increasing in popularity, though they have not taken off just yet. Only 7% of respondents said they preferred to tap their contactless cards, and 4% chose digital wallets for their payment of choice.

The research found that 84% of businesses currently accept contactless payments, but 63% of consumers do not know they can tap-to-pay, LowCards.com said.

Credit Unions Should 'Increase Phishing Identification' in 2020 Posted by AVCU on 6:51 PM

With the cyberthreats of Iranian operatives still hanging over organizations, a number of incidents affecting financial service companies, some predating the latest Iran-U.S. crisis, but all raising eyebrows, made news recently.

ZDNet reported a security researcher with the Twitter handle @vrNicknack alerted Troy Hunt, the Have I Been Pwned? search engine operator with a notice received from P&N Bank, a division of Police & Nurses Limited and operating in Western Australia. The notice warned of an information breach “of certain personal information” occurring through its customer relationship management platform as a result of online criminal activity. The cyberattack occurred on or around December 12 when the bank performed a server upgrade. Speculation is a company P&N Bank hired to provide hosting provided the entry point.

Stephan Chenette, co-founder/chief technology officer at AttackIQ, said, “The financial industry is one of the largest targets for cybercriminals and unfortunately, breached data from those types of organizations can be damaging for years to come.” Chenette noted the number of accounts is unknown, P&N Bank is one of the largest banks in Western Australia. As a result, a complete set of personally identifiable information is available on the dark web, further exposing the account holders to future fraud or phishing attacks. “Organizations must take proactive approaches to protect their data. This should include mapping organizational capabilities and security controls to specific attack scenarios to measure their preparedness to detect, prevent and respond to these threats.” Additionally, organizations should do their due diligence in ensuring third-party partners are practicing adequate security measures and extend testing to partners as well.”

In another incident, Bleeping Computer reported a group tracked as Ancient Tortoise is targeting accounts receivable professionals, tricking them into sending over aging reports (collections of outstanding invoices) and consequently amassing data on customers they can scam in future attacks.

Click to continue reading this article from Credit Union Times

New Research Projects 52% of ATMs Will Offer Automated Deposits by 2024 Posted by AVCU on 6:41 PM

More than half of the world’s ATMs will offer automated deposits by 2024, according to new projections from banking research and consulting firm RBR. The London, England-based firm also predicted that the United States will see tens of thousands more automated deposit terminals (ADTs) arrive in the next five years.

“In a busy world where time is of the essence, both business and retail customers no longer expect to have to queue for the teller to make everyday deposits,” RBR said. “Banks report that deposit ATMs are an efficient tool for keeping their customers satisfied, while also enabling them to migrate transactions from the teller and achieve cost savings.”

Automated deposit transactions have risen quickly in the last few years, according to the research.
“Excluding China, where a meteoric surge in mobile payments has stifled cash usage, automated deposits grew by 10% in the other core markets covered in the report, contrasting with a fall in cash withdrawals in many of the same markets. Customers increasingly appreciate the benefits offered by automated deposit such as reduced queuing, instant account crediting and out-of-hours availability,” it noted.

RBR said it expected the number of terminals in the markets in the study to hit 1.6 million by 2024, which is a 14% increase. Much of that growth will come from deposit ATMs, which will make up 52% of the ATM population by 2024, it said. In the United States, RBR estimated that 40,000 ADTs will spring up in the next five years.

ADTs do more than just accept deposits. RBR predicted that two-thirds of them will also be able to recycle cash by 2024.

“Although the technology has been available for decades, the number of deposit ATMs installed worldwide continues to demonstrate healthy growth,” RBR researcher Sam Blackwell said. “Banks are now expected to pivot further towards recycling as the ratio of withdrawals to deposits narrows and CIT costs grow, presenting increased opportunities for cost savings.”

‘Weak Spot’ Leads to Rash of New Attacks Against Gas Stations, Pumps Posted by AVCU on 10:04 AM

VISA says North American merchants that operate gas stations and gas pumps are facing a rash of attacks from cybercrime groups wanting to deploy point-of-sale malware on their networks. In two recent security alerts, VISA said its security team investigated at least five incidents of the sort, ZD Net reported.

The payments processor said cybercrime groups carried out attacks with the main purpose of gaining access to fuel dispenser merchants' networks, where they installed POS malware.
This POS malware works by continuously scraping a computer's RAM for what looks like unencrypted payment card data, which it collects, and then uploads to a remote server.

Weak Spot Identified
The VISA Payment Fraud Disruption (PFD) team says cybercrime groups appear to have found a weak spot in how gas stations and gas pump operators work. While the in-store POS terminals of some merchants might support chip transactions, most of the card readers installed on gas pumps do not.

These gas pump card readers still operate on older technology that can only read payment data from the card's magnetic stripe.

Data from these outdated card readers is sent unencrypted to the gas station's main network, where crooks have realized they can intercept it, ZD Net explained.

The attacks on fuel dispenser merchants began over the summer, VISA said. Two of the five attacks were linked to a known cybercrime operation known as FIN8.

How to Safeguard
VISA said the easiest ways for fuel dispenser merchants to safeguard customers is to either encrypt card data while it's being transferred across a network or stored in memory or shift to a chip card acceptance policy.

"Fuel dispenser merchants should take note of this activity and deploy devices that support chip wherever possible, as this will significantly lower the likelihood of these attacks," VISA said.
Fuel dispenser merchants have until October 2020 to deploy chip compatible card readers on their gas pumps.

“Starting October 2020, VISA said liability for any card fraud would shift from card issuers to the merchants, which will likely motivate many operators to update their gas pump card readers,” ZD Net said.

Checks Continue Decline; ACH & Card Payments Surge According to Fed Data Posted by AVCU on 9:58 AM

For the first time, the number of ACH debit transfers has exceeded the number of check payments, according to a new Federal Reserve study.

Data released earlier in December showed that there were 16.6 billion ACH debit transfers in 2018 but only 14.5 billion check payments. Back in 2000, the story was much different: the year’s 2.1 billion ACH debit transfers paled in comparison to its 42.6 billion check payments.

However, the number of check payments has declined rapidly, falling 7.2% per year from 2015 to 2018. That rate was in line with drops between 2003 and 2012, but it was more than twice the 2.8% annual drop recorded over the prior three years.

"The growth of payments using debit and credit cards and the automated clearinghouse (ACH) system continued to accelerate from 2015 to 2018, while check payments continued their long-run decline,” the Federal Reserve noted in a press release.

The 2019 study included consumer, business, nonprofit and government payments in 2018 from U.S. domestic deposit accounts, prepaid debit cards, and credit cards, as well as cash withdrawals and deposits at depository institutions. 

Noncash growth rate accelerating
The study also found that noncash payments including debit card, credit card, ACH and check payments rose 6.7% per year between 2015 and 2018. The growth in debit and credit card payments accelerated too, rising 8.9% per year between 2015 and 2018, compared to a 6.8% annual growth rate between 2012 and 2015. Debit cards were used almost twice as much as credit cards in 2018, according to the data. ACH credit and debit transfers also grew faster, rising by 6% a year between 2015 and 2018, compared to 4.9% per year between 2012 and 2015.

“These core noncash payment types have retained their ability to be used in traditional ways even while they increasingly function as the means of settlement for innovative types of alternative payment methods and services, such as smartphone and internet-based services,” the Federal Reserve noted. 

Remote payments rivaling in-person
The Federal Reserve’s data also chronicled the rise of remote payments, which likely reflected continued changes in consumer shopping and financial management habits.

“For general-purpose (network-branded) cards overall, the value of remote payments in 2018 nearly equaled in-person payments, driven in part by growing e-commerce card payments and the use of cards for recurring bill payments. More than half of in-person general-purpose card payments were chip authenticated in 2018, compared to 2.0% in 2015,” the Federal Reserve noted. 

Fewer ATM withdrawals but more cash coming out
ATM visits continued to decrease, according to the data. The Federal Reserve reported 5.1 billion withdrawals in 2018, which was a 0.1 billion decrease from 2015. 

“The rate of decline for ATM cash withdrawals slowed compared with the previous three years, falling 0.9% per year from 2015 to 2018. The decline in the number, combined with an increase in value, resulted in average ATM cash withdrawals of $156 in 2018, compared to $146 in 2015,” it said.

Holiday Anti-Fraud Tips for Credit Unions Posted by AVCU on 10:41 AM

As reported recently by Credit Union Times, Chicago-based OneSpan, provider of anti-fraud and digital identity solutions to financial institutions, offered some holiday protection tips and six predictions they suggest will shape the 2020 financial services industry.

“Fraudsters don’t take time off for the holidays and in fact, may capitalize on seasonal spikes in transaction volume to more easily evade detection. As consumers increasingly use their mobile phones as their primary device for holiday shopping, banking and other transactions, cybercriminals are also turning their attention to the mobile channel,” Will LaSala, director of security solutions at OneSpan, said.

LaSala pointed out, “Mobile malware nearly doubled in 2018 and mobile account takeovers increased 79%. It’s estimated fraud losses to banks and credit unions have topped $31 billion due to customer account takeover, new account application fraud and other types of fraud occurring in digital channels.” He recommended employing mobile app security as the key to fighting fraud not only this holiday season, but all year long.

The cybersecurity director provided some measures credit unions can implement immediately to safeguard member data, meet compliance with industry regulations and avoid becoming another data breach headline:

• As transaction volumes increase fraudsters will use this spike to try and scam transactions and call centers. Let members know your brand will never ask them for their credentials via email, text or chat.
• Remind staff that security standards do not need to slip. Even though transaction volumes will be higher, pay attention to those out of the ordinary requests and do not cut any corners. Stick to the processes and procedures defined throughout the entire year.
• Mobile banking apps should protect themselves in untrusted device environments. defend any type of mobile app against sophisticated malware, they should use application shielding technology as protection.

Click here to read the full article.

Free Dec. 17 webinar examines Business Email Compromise scam Posted by AVCU on 10:19 AM

CUNA and the Financial Services Information Sharing and Analysis Center (FS-ISAC) will conduct a free webinar for CUNA members Dec. 17 designed to provide information on how credit unions can protect themselves from Business Email Compromise (BEC) scams. The webinar is scheduled for 3 to 4 p.m. (ET).

BEC scams target both individuals and businesses that perform wire transfers or other types of electronic fund transfers. Scammers use information available electronically to develop a profile on a company and staff, and eventually target specific individuals with what appears to be a legitimate business transaction.

However, the wire transfer is sent to an account controlled by the scammers, who then take the funds and disappear.

The FBI has been tracking these scams since they emerged in 2001, and have found organizations targeted in every U.S. state and more than 100 countries. Since January 2015, there has been a 1,300 percent increase in identified exposed losses, now totaling over $3 billion.”

Registration is currently open for the live version of the webinar. Those who register to watch live automatically receive access to the recorded version, others can register separately for just the recorded version, which will be available after the conclusion of the live event.

Krebs on Security: Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains Posted by AVCU on 2:14 PM

Cybersecurity expert and journalist Brian Krebs reported last week on his blog that on November 23rd, one of the cybercrime underground’s largest bazaars for buying and selling stolen payment card data announced the immediate availability of some four million freshly-hacked debit and credit cards. Krebs said he learned that this latest batch of cards was siphoned from four different compromised restaurant chains that are most prevalent across the midwest and eastern US.

Two financial industry sources who track payment card fraud and asked to remain anonymous for this story said the four million cards were taken in breaches recently disclosed by restaurant chains Krystal (pictured orange), Moe’s (pictured gray), McAlister’s Deli (pictured green) and Schlotzsky’s (pictured blue). Krystal announced a card breach last month while the others are all part of the same Focus Brands parent company which disclosed breaches in August 2019.

KrebsOnSecurity heard the same conclusion from Gemini Advisory, a New York-based fraud intelligence company.

“Gemini found that the four breached restaurants, ranked from most to least affected, were Krystal, Moe’s, McAlister’s and Schlotzsky’s,” Gemini wrote in an analysis it shared with Krebs on Security. “Of the 1,750+ locations belonging to these restaurants, nearly 50% were breached and had customer payment card data exposed.”

Click the link to read the full article on the Krebs on Security blog.

The CUInsight Experience Podcast: George Ombado – Rising up Posted by AVCU on 9:42 AM

This new episode of the CUInsight Experience Podcast with host Randy Smith, co-founder of CUInsight.com, features George Ombado, CEO of ACCOSCA, a Pan-African confederation of national associations of savings and credit cooperatives societies. The podcast was recorded at the 20th Annual SACCA Congress in Mombasa, Kenya.

ACCOSCA has developed programs aimed at improving socio-economic needs of Africa through saving and credit unions, partnering with various government bodies, development agencies and research institutions to contribute towards mitigating challenges facing Africa in the twenty-first century.

Listen to this conversation about credit union growth in Africa, and the differences to the more mature U.S. credit union system. George talks about how he’s fashioned the Africa Development Education program after attending DE in North Carolina and shares a great story about Bill and Crissy Cheney helping him get home after his flight was canceled due to snow.

George is inspired to see that young people and women are being accepted by the leadership today because these things wouldn’t have been possible ten years ago. He is working to build the regulatory framework in Africa because it builds confidence to have it, whereas, in the U.S, we are trying to get rid of some of it.
 
George has excellent insight into today's global credit union movement.

<< CLICK HERE to listen to the podcast>>

CUNA Hosting Webinar to Discuss RDC compliance Posted by AVCU on 9:48 AM

CUNA will host a webinar on Wednesday, Nov. 20 to discuss patent enforcement of certain remote deposit capture (RDC) technology, particularly in the wake of the $200 million verdict awarded to USAA from Wells Fargo earlier this month. The webinar is free for CUNA members, and begins at 1 p.m. (ET).

CUNA Senior Director for Advocacy for Payments and Cybersecurity Lance Noggle and CUNA’s patent litigation attorneys Mike Rounds and Adam Yowell, of Brownstein Hyatt Farber Schreck will discuss the background of the issue, the court decision against Wells Fargo and what ramifications that decision could have for credit unions.

USAA filed suit in June 2018 against Wells Fargo alleging that the bank infringed on certain USAA patents for remote check capture (RDC), specifically patents related to mobile check capture.

Credit unions around the country have received letters from USAA asking them to negotiate licensing deals for using RDC technology that USAA claims it developed.

A recorded version of the event will be available the following day to those who registered, and interested parties can also register for the recorded version separately.

UK Financial Institutions are Increasing Use of Machine Learning Posted by AVCU on 9:39 AM

Machine learning (ML) is being used with increasing frequency by financial institutions in the U.K., according to a joint report from the Bank of England (BoE) and Financial Conduct Authority (FCA).

The report summarizes the results of a survey conducted by the Bank of England and Financial Conduct Authority involving 106 respondents from a group of almost 300 banks, credit brokers, e-money institutions, financial market infrastructure firms, investment managers, insurers, non-bank lenders and principal trading firms. It reflects the BoE and FCA’s intention to better understand the interaction between an increasingly data-driven economy and dramatic changes to the structure and nature of the financial system supporting it.

In particular, the report emphasizes the need to strike a balance between supporting development of innovative and transformative technology while also addressing the risks posed by such developments to consumers and the U.K. financial system as a whole, according to Ropes & Gray.

Key findings of the report include:

• Firms in the financial services sector are using machine learning (ML) with increasing frequency. Two-thirds of respondents reported using ML in some form, with most firms expecting usage to increase significantly in the coming years. 
• The insurance and banking sectors use ML most extensively. Overall, ML is deployed most often in relation to anti-money laundering and fraud detection, as well as in customer-facing applications such as customer services and marketing, according to the report. 
• Firms consider improvements in AML, fraud detection and overall efficiency as the biggest benefits of using ML. They identified risks, including a lack of explainability, inadequate controls or governance, data quality issues and poor model performance. To mitigate those risks, firms implement alert systems and so-called “human-in-the-loop” mechanisms to flag when the ML model is not working as intended. 
• The report found firms do not consider regulation to be an unjustified barrier to ML deployment, but some believe there should be additional guidance to clarify existing regulations. Respondents noted that, because ML is a relatively new technology, it may not always be obvious how the existing regulatory framework applies to it. 
• Firms do not believe that ML necessarily creates new risks, but it could amplify existing ones. Respondents recognized that governance and controls processes will need to keep pace with technological development to appropriately manage those risks, the report states. 
• Although most firms reported using their existing risk management frameworks to address risks posed by ML, they noted that these frameworks might have to evolve as ML becomes increasingly mature and sophisticated.

Google May be Getting Into Banking Next Year by Offering Checking Accounts Posted by AVCU on 9:59 AM

Google will offer checking accounts next year, according to a source familiar with the company’s plans, representing Big Tech’s boldest move yet into the consumer banking business. (CNBC.com, 11/13/19)

Most previous efforts have focused on credit cards and payment platforms.

The accounts for the project will be run by Citigroup and the Stanford Federal Credit Union, the source said, confirming a report in The Wall Street Journal.

As part of a project code-named Cache, the company will become the latest Silicon Valley leader to try its hand at the banking space. Previous attempts by Apple and Facebook faced obstacles, with consumers growing increasingly skeptical over providing large technology companies with their personal information.

Google does not intend to sell customers’ data, Caesar Sengupta, an executive at the firm, told the Journal.

“If we can help more people do more stuff in a digital way online, it’s good for the internet and good for us,” Sengupta said.

For years, banks had been concerned about competition from small, nimble fintech upstarts. But it turns out that Big Tech companies like Google and Amazon, already armed with relationships with hundreds of millions of consumers, may prove to be the larger threat.

Last year, Amazon had reportedly been in talks with J.P. Morgan over a checking account. Apple launched a credit card for iPhone users earlier this year with Goldman Sachs. Uber announced its push into financial services last month, and just Tuesday Facebook announced a new system to facilitate payments across its social media and messaging systems.

Apple’s offering has run into multiple issues. Its partnership with Goldman has been tense after Apple said it created the card without help from a bank. Also, complaints have arisen recently that the algorithm used to determine customers’ credit limits is biased toward men.

Google’s plans are to brand the checking accounts with the financial institutions’ names, not its own.

NCUA Plans Major Cybersecurity Effort Posted by Association of Vermont Credit Unions on 3:24 PM

The financial services industry, including credit unions, is a major target for hackers, thieves, and other threats, and the NCUA is developing a long-term plan to provide training and information to better prepare the agency and credit unions to meet those threats.

NCUA’s Office of Examination and Insurance and Chairman Rodney E. Hood’s special advisor on cybersecurity presented the Board with a briefing on cybersecurity issues.

“Nearly every day, we see the growing sophistication of hackers, thieves, and terrorists,” Chairman Hood said. “We need to bring fresh thinking to our regulatory approach; it is essential we strike a balance between innovation and security. We at the NCUA are determined to be a leader in identifying and responding to cyberthreats. Credit unions are on the front line against any cybersecurity incident. Protecting the credit union system’s IT infrastructure requires a public-private partnership, and we want to work together with you to make sure that your credit unions and your members are protected.”

The NCUA has initiated a new examination program for cybersecurity, which is being continually enhanced. In developing their own cybersecurity plans, credit unions should pay particular attention to maintaining strong security controls and be prepared to respond to cyberattacks.

The NCUA maintains a cybersecurity resources webpage to provide credit unions with important information, including regulations and guidance, about protecting themselves and their members from cyberthreats.

Read NCUA's bulletin on the effort

Fintech’s Fast Pass to Traditional Banking is Now Cut Off Posted by AVCU on 9:30 AM

Tech start-ups trying to become banks will now have to take a slower, more traditional route. (CNBC.com, 10/24/19)

Fintech companies had welcomed a special bank charter that cleared a quicker path for them to become a bank. But that was dealt a blow this week as a federal district court in New York decided that the Office of the Comptroller of the Currency, the regulator issuing the charters, didn’t have the authority to do so.

The ruling highlights the sometimes murky nature of tech companies getting into banking. It also means that finance start-ups will have to go through the same drawn out process as everyone else.

“It’s a step back for fintechs that are looking long term to become banks,” said Lindsay Davis, fintech analyst at CB Insights. “A fintech charter helped streamline that regulatory process for a company getting into the market.”

The “fintech charter” looked to expedite the process by allowing a start-up to offer lending or payments products without having to accept FDIC insurance, or comply with banking regulations state-by-state. A spokesman for the agency said it “disagrees with the decision and the court’s interpretation of the authority the National Bank Act grants the OCC”  and plans to appeal the ruling.

Without the special exception, getting a national bank charter tends to take around 18-24 months, according to Deloitte.

“This might be a longer process than fintechs would have anticipated — the other options are lengthy and cumbersome,” said Alaina Sparks, head of Deloitte’s fintech team. “The OCC charter sparked tremendous interest and got people thinking about new options.”

Advocates of the fintech charter said it would have increased competition by allowing new entrants to the financial system. But the ruling was a win for state regulators, many of whom wanted to block the pathway for fintech. They pushed back on non-banks’ potential to operate across the U.S. without needing to comply with state-by-state laws, which included caps on loan interest rates.

″The decision stops OCC’s attempt to usurp state authority by establishing a federal fintech regulatory framework at the expense of consumers,” New York’s superintendent of financial services, Linda A. Lacewell, said about the court ruling. “This decision makes the financial well-being of consumers from New York and around the country a priority."

Out of Network ATM Costs Reach Record High Posted by AVCU on 4:48 PM

As reported this week in CU Times, the average out-of-network ATM withdrawal cost has reached a new record high of $4.72, according to the latest Bankrate.com Checking Account and ATM Fee Study, which surveyed non-interest and interest accounts.

This all-in fee, which includes the ATM surcharge (what ATM owners charge non-customers) as well as the penalty financial institutions charge their own customers to make out-of-network withdrawals is up 33% over the last decade.

Financial institutions are charging non-customers more than ever to use their ATMs. The average ATM surcharge increased 2% to a new record of $3.09, the 15th consecutive year establishing a new record. The average surcharge has increased in 20 of the past 21 years.

The good news, the fee charged by the accountholder’s own financial institution for using another institution’s ATM decreased 2% from $1.66 to $1.63, moving lower for the second year in a row. In fact, the number of financial institution and accounts allowing free out-of-network withdrawals is at a record high, although this still represents less than one-third of accounts (32%).

“While large banks have extensive ATM networks, many smaller banks and credit unions belong to nationwide fee-free alliances that may have significantly more ATMs available than even the ATM networks of big banks,” Greg McBride, CFA, Bankrate.com chief financial analyst said. “One other option to withdraw money for free is to get cash-back at the point of sale when using a debit card. Banks don’t charge for that and very few merchants do either.”

Among the findings:

• Houston has the highest average out-of-network ATM fee of the 25 major metro areas examined ($5.58), while Los Angeles has the lowest ($4.15). Philadelphia has the highest average overdraft fee ($35.50) and Cincinnati has the lowest ($30.95).
  
• Ninety-nine percent of non-interest checking accounts are either free by default or can become free, however less than half (42%) are free without stipulation. Forty-three percent will waive the monthly fee ($5.61, on average) based solely on direct deposit.

Push for Increased Data Security Continues Posted by AVCU on 2:04 PM

With several high-profile data breaches hitting just in the month of August while Congress was in recess, CUNA and the state leagues are continuing their push for Capitol Hill lawmakers to enact meaningful data security legislation.

Stopping the data breaches is the subject of CUNA’s latest Member Activation Program (MAP) campaign launched in August to activate credit union members to call on their members of Congress to Act.

Specifically, CUNA and the state leagues are calling for Congress to:

• Treat data privacy as a national security issue, as there have been more than 10,000 data breached in the U.S. since 2005, compromising nearly 12 billion consumer records. Many of these breaches are being perpetrated by foreign governments, domestic organized crime syndicates and rogue international actors using the data to fund illicit activities;
  
• Fix the weak links in the system, meaning requiring all entities that hold and use consumer data be subject to strong federal data security requirements; and
  
• Set a strong federal standard that preempts state laws,removing the current patchwork of various state laws, regulations and requirements that provide uneven protection and require numerous compliance resources.

CUNA has written to leadership of multiple House and Senate Committees, outlining the above principles. CUNA Chief Advocacy Officer Ryan Donovan also contacted all 535 Congressional offices in April emphasizing the economic and national security implications.

Lance Noggle, CUNA senior director of advocacy outlined why credit unions are leading the call for data security in a Credit Union Times op-ed, and has also brought the issue up with other agencies, including NCUA and the Federal Trade Commission.

The topic will be a featured discussion point with the Vermont Congressional delegation during AVCU's DC Hike-the-Hill on October 22nd. 

100 Million Capital One Credit Card Applications & Accounts Exposed Posted by AVCU on 10:57 AM

Yesterday Capital One announced a data breach from March where a 33-year old software engineer gained access to more than 100 million customer accounts and credit card applications, with intent to sell the information online.

Various news outlets report that Paige Thompson is accused of breaking into a Capital One server and gaining access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, in addition to an undisclosed number of people's names, addresses, credit scores, credit limits, balances, and other information.

Thompson tried sharing the information with others online by posting the information on GitHub, using her full first, middle and last name and boasting on social media that she had Capital One information. She even In a channel explained how she accessed Capital One on Slack, a chat service used by businesses as well as other groups, using a special command to extract files in a Capital One directory stored on Amazon's servers.

Thompson made little effort to disguise her identity, using the screen name "erratic" on Slack, which was the same handle she used on a Twitter account and a Meetup chatroom page. Thompson also reportedly tweeted that she wanted to distribute Social Security numbers along with full names and dates of birth.

Thompson previously worked as a tech company software engineer for Amazon Web Services, the cloud hosting company that Capital One was using.  Thompson was arrested on Monday of this week.  Capital One indicated it fixed the vulnerability and that it is "unlikely that the information was used for fraud or disseminated by this individual."

Watch the CBS News video below for the full story.