StrategicallySpeakingBanner

Biometric Technology on the Rise for Authentication and Payments

Posted on Wed, Jul 29, 2015 @ 08:00 AM

Penny_Webb_Headshot_50x50 Author: Penny WebbPWebb@profitstars.com

There has been a lot of talk (and some actual movement) in the financial service industry around the increased use of biometrics. The use of biometrics as a layer of security has long been an option for authentication efforts initiated from a personal computer, but there was lackluster acceptance in most segments of the payments industry. Thanks to rapid expansion in the mobile space, however, expanded use of biometric security is now one of the fastest growing means of authentication, while reliance on traditional passwords as a primary source of identification is becoming obsolete.

Apple’s incorporation of a fingerprint scanner in its latest smartphone models is one primary factor in bringing biometrics to the forefront for mobile and alternative payment security. The iPhone fingerprint sensor is clearly a front runner and the most widely recognized biometric security feature in use today. Many companies have jumped on Apple’s Touch ID bandwagon as a means of handling payment authentication. Biometric_Technology_fingerprint_authentication

Not all smartphones have a fingerprint scanning device, but they all have a camera and voice recorder. Enter the selfie as a biometric screening option. While talk of facial pattern recognition as a means of authentication started in earnest in 2013, institutions such as USAA, MasterCard and Barclays are a few of the companies leading the charge by including it in product releases in 2015. This year, USAA will offer its customers face recognition and voice recognition as authentication options. MasterCard and Barclays have face recognition pilot programs underway with the expectation of deployment later in the year.

How face recognition and voice recognition work

The facial recognition feature uses the smartphone or PC’s camera to view the customer’s face. It also requires the user to blink on demand in order to verify that what it’s seeing is an actual person rather than a photo. The phone or PC captures a photo to complete the payment authentication.Biometric_Technology_facial_authentication

In the case of voice recognition, the institution securely stores a recording of a customer’s voiceprint. When initiating a payment, the user is required to read a randomly generated phrase on queue in order to verify their speech patterns by comparing it against stored patterns.

Although some institutions’ solutions store an actual photo, fingerprint or voice recording, in most cases the solution stores a unique code generated by an algorithm based on data derived from those original sources. For each new authentication attempt, the device uses the same algorithm to extract a new code from the fresh fingerprint, picture or voice recording, then compares the new code against the stored one to determine if they are similar enough to warrant authentication. This method restricts the user’s (or the financial institution’s) ability to recreate the original source data and reuse it to thwart the authentication system.

Other emerging biometric security methods

A few other biometric options that are in their infancy are Vein Pattern Scanning and the Digital Tattoo. In Vein Pattern Scanning, the palm of the hand is scanned in a manner similar to the techniques used in a fingerprint scan. The individual patterns are used as payment confirmation. Google’s Advanced Technology and Products group in partnership with VivaLnk developed the Digital Tattoo. It consists of a nickel sized, paper thin adhesive which is worn on the skin. This product’s initial application provides electronic authentication to unlock the user’s smartphone. It remains to be seen whether this technology can transition to the payment space.

Microsoft is also jumping in the mix with a new product called Hello, which is designed for use with the Windows 10 operating system. MS Hello uses face recognition for its layered authentication approach. The Microsoft solution will not use the PC standard camera, but will require an infrared camera, reporting that they didn’t feel the standard camera approach was secure enough. In a statement from Microsoft, “Windows Hello has a 1 in 100,000 false accept rate, which is very high. It’s a lot safer than a password, which we know, can easily be forgotten, lost, stolen or hacked.”

Conclusion

A true multifactor approach to authentication has long been a requirement for financial institutions. Relying on passwords or other currently available sources for authentication will no longer be enough to authenticate customers and make payments secure. As they mature, the expanded use of biometric options as part of the payment and authentication process may substantially strengthen authentication efforts in the future, potentially making the online environment much safer for us all.

 

 

Tags: payments

A Step by Step Guide to Business Continuity Planning

Posted on Wed, Jul 22, 2015 @ 08:00 AM

EricFlick Author: Eric Flick, EFlick@jackhenry.com

According to the FFIEC, “It is the responsibility of an institution's board and senior management to ensure that the institution identifies, assesses, prioritizes, manages, and controls risks as part of the business continuity planning process.”

Business_Continuity_Planning

Here are the steps to a successful Business Continuity Planning process:

  1. Business Impact Analysis (BIA). When you conduct the Business Impact Analysis, look at all of the business functions and processes at the department level. Then identify interdependencies between functions and departments. And, finally pinpoint the risks to the institution as the result of unplanned or uncontrolled events that impact the ability to do business at the department level. 
  2. Recovery Time Objective (RTO) and Recovery Point Objective (RPO). The RTO is the maximum amount of time that the institution can be without the function. The RPO is the maximum amount of data loss.  As an example, if you say you need your core software running again within four hours of the incident and that you can’t lose any data, your RTO is “within four hours” and your RPO is “all data” up to the time the incident occurred.  For the next step in your Business Continuity planning, you must determine all RTO and RPOs for those business functions determined in the Business Impact Analysis. Recovery_Time_Objective
  3. Risk Assessment. The Risk Assessment looks at the Business Impact Analysis assumptions and applies various threats to those assumptions and measures the potential impacts to the business.  Base the threats on the most likely risks to the business.  Institutions closer to the Gulf of Mexico or the Atlantic coast should give high risk to hurricanes, where institutions located in Tornado Alley should place a high potential on that risk.  During this time, the RTO’s and RPO’s should be reviewed for gaps – the difference between senior management expectations and the IT department’s actual abilities to deliver on those expectations.  Citing the previous example, where senior management is expecting the core system back within four hours and zero data loss, does IT actually have those capabilities in place today?
  4. Risk Management. Once documented, you’ve laid the foundation for all of the details that will comprise the Business Continuity Process.  Now define steps as to how your people, processes, and places will resume business following the unplanned interruption.
  5. Risk Monitoring and Testing. This is a cyclical process. Just as you wouldn’t make a loan without reviewing credit history, and you wouldn’t make another loan to the same person a year from now without reviewing their credit history again, the institution needs to regularly monitor the risks and conduct an exercise at least once each year to see how the employees and management team perform in responding to the various business impacts.

Business Continuity Planning is manageable if you follow the elements and processes as defined by the FFIEC.  It is also an important component of your institution’s overall enterprise risk management program.  Regular review of the plan, along with annual exercises and results reported to the board and senior management are critical to the overall risk position of the institution.

Do you have a question about the Business Continuity Planning process?  Send us your questions in the comments section and we’ll be in touch!

Learn More About Business Continuity Planning

Tags: business continuity plan, business continuity guidelines

The Endless Cybersecurity Summer

Posted on Wed, Jul 15, 2015 @ 08:00 AM

kcrumbley_50x50 Author: Karen Crumbley, karenc@gladtech.net

The 1966 surf movie The Endless Summer is a documentary where filmmaker Bruce Brown follows two surfers on a surfing trip around the globe. “Its title comes from the idea, expressed at both the beginning and end of the film, that if one had enough time and money it would be possible to follow the summer around the world, making it endless.” The concept of endless activities is a familiar one for financial institution (FI) employees. A great example of one of these continuous activities for FIs is information security awareness and education. New threats are constantly emerging and FIs are tasked with staying up-to-date on the best ways to educate stakeholders on how to recognize the signs of fraud. Presently, the IT Regulatory Compliance topic on everyone’s radar is “cybersecurity” since the FFIEC piloted a cybersecurity assessment for 500 community FIs in 2014. Cyber risks compel the FI to look outside of their physical network. Additionally, the online community continues to be active outside of work hours and therefore so does cybercrime.Cybersecurity

The summer of 2015 is an important benchmark for cybersecurity. First, the much-anticipated Cybersecurity Assessment Tool from the FFIEC was released, which provides insight on assessing cyber risks and managing cybersecurity initiatives. Equally important to note is summertime lends itself to vacation travel and outdoor activities, and as a result, mobile devices and social media are more widely used. Understanding cyber criminals use these channels for malicious activity is significant.

The National Cyber Security Alliance (NCSA) and ConnectSafely organizations kicked off the summer with Internet Safety Month.  The campaign creates cybersecurity awareness by including tips on how to safely use social media and mobile devices. The information is particularly important for FI stakeholders to recognize because they are targets for cybercrime due to their access to systems that allow them to initiate wires and transfer funds. Cybercriminals look for clues about FI employees through social media in order to create social engineering opportunities and compelling spear phishing emails. Check out our recent post on social engineering, phishing, and vishing. 

The following are recommendations to make your summertime a safer online experience and protect non-public information:

  • Be skeptical and do not believe everything published online. Communicate wisely and authenticate contacts.
  • Ensure that all of your mobile devices are password protected or have a security feature in case they are lost or stolen.
  • Delete apps on your phone that you are no longer using. Unnecessary apps increase opportunities for cybercrime.
  • Limit the amount of information you post about travel plans through social media such as location and schedule. Criminals look for people who are out of town to target for cybercrime.
  • Turn off mobile device location services such as GPS maps and cameras when they are not in use. They provide your whereabouts to cybercriminals.
  • Turn off Bluetooth and Wi-Fi when not in use. They can also reveal your location and allow cybercriminals to hack your devices.
  • Be cautious when accessing Wi-Fi hot spots at airports. Thieves “sniff” these spots to see if they can obtain information to further their schemes. Always use a VPN when transmitting private or non-public information.

The internet is an invaluable tool for summer travel and event planning. Unfortunately, cybercriminals do not take a vacation from stealing information. Cybersecurity awareness is an endless process, so stay guarded and have a fantastic summer.

  Learn More About ProfitStars Information Security & Risk  Mgmt Solutions

 Do you have any travel tips to share for protecting NPI and your online presence?

Tags: cybersecurity, cybersecurity awareness

How to Educate, Engage and Retain Your Customers

Posted on Thu, Jul 09, 2015 @ 09:00 AM

Lauren_Gleim_Headshot_50x50 Author: Lauren Gleim, Lgleim@jackhenry.com

None of us want to lose customers or money.  It seems obvious doesn’t it?  Regardless of the business, we all want to drive traffic and increase our customer base. To successfully execute effective online marketing initiatives, a plan in place will help, and you don’t have to start from scratch. Here are some suggestions from our best practices pocket guide to gain and retain your audience.

Mobile banking

Let’s begin with mobile banking. Your customers’ misperceptions of mobile banking can be your biggest barriers to their adoption and usage of that service. Whether they fear it lacks security or that it is too complicated, you can ease their apprehension with educational marketing that counters those misperceptions.  Highlight why your mobile app is the smart, secure banking option. FAQ’s and demos are a great way to show your app in action. 

Bill Pay

Have you ever tried breaking an old habit? Maybe you made a New Year’s resolution. It’s now July. Have you kept it up? You can relate this to your customers. Steering them away from old habits like paying bills through mail and starting new habits like adopting online bill pay can be life changing. Go beyond a single communication about your services to multichannel campaigns. Execute campaigns that build awareness about bill pay, educate consumers on how to use the service, and ultimately drive them to enroll and start making payments.

 RDC

Email

Email is a huge asset for your digital marketing communications efforts. Get the basics of email marketing right. For starters, you can base your messages on customer behavior throughout the product stages. If you need more advice, access my previous post on email marketing where I detail ways to connect with your customers through email by customer behavior, personalization, education and social media. 

Responsive Design

While working through your marketing plan, consider your customers’ viewing experience. Whether on a mobile device, tablet or desktop, your customers’ desire to easily navigate and view your website or marketing materials.  Websites, emails, and landing pages can all be responsively designed and the success of your marketing initiatives will depend on your customers’ experience. 

Video

One of my favorite mobile apps is Bodeefit, which is fitness app that provides a daily workout. The best part is that if I don’t know how to do a plank split, for instance, they provide a short video of how to do it. Genius! For your customers, videos can guide them through the benefits of your product or simply how to use it. Make it easy for them and share the visual experience. 

Social Media

Join your customers on the social level. Social media provides an outlet with your customers beyond your branch location and outside of your internet banking or bill pay platform. Not only can you use social media for traditional marketing of your products and services, but you can also provide them with educational marketing such as those videos we just mentioned. Sharing content leads to engaged, happy customers.

Now that you have your handy best practices pocket guide, want to see the full guide?

 

Best Practices for  Financial Institution  Marketing

The iPay Resource Center has marketing materials to help you with your email marketing customer journey. Don’t miss out on FREE marketing!

Tags: customer retention, customer engagement, email marketing,

Social Engineering, Phishing, Vishing: 3 Common Elements & How to Combat Them

Posted on Wed, Jul 01, 2015 @ 08:00 AM

Tammy_Bangs Author: Tammy Bangs, TBangs@jackhenry.com

Social_engineering

 

Phishing and social engineering accounted for 15 percent of cyber-crime costs incurred by U.S. companies in 2014, according to Statista.comFurthermore, 44% of U.S. companies responding to a recent survey stated that they were targets of social engineering or phishing schemes (Statista).

Social engineering, phishing and vishing are everywhere you look these days.  Fake IRS telephone scammers, recent large financial institution (FI) breaches via email scams, penetration testing failures, executive level breaches, you name it – it has happened. 

Have you been lucky enough to receive a telephone call from the ‘Department of the IRS’ this year?  No?  I actually received two. Being the risk mitigation geek that I am, I couldn’t resist baiting the fraudster just a bit, asking as many questions as I could muster, keeping him on the line with me for as long as possible.  It was a fascinating glimpse into the not-so-sexy world of the vishing scheme. They were probably armed with little more than a search engine and a telephone. They didn’t even know enough about the Internal Revenue Service to use proper nomenclature. 

In my travels hosting risk mitigation seminars over the past 18 months, I have been grateful to hear from numerous bankers about penetration testing results they’ve experienced in their own FIs.  A common scenario is as follows: 

A third party firm is hired to see what they can obtain via external phishing testing.  An email is sent to the entire active directory in the FI.  The email appears to be from the IT officer, but is actually (upon further scrutiny) from an external source, but it looks good - quasi-legitimate.  The email states that if they don’t click the link provided, and give their network credentials and passwords, then the required system maintenance due to be performed tonight cannot be completed and their managers will be notified.  Lots of the bankers – from tellers to C-Level - click the link and provide their credentials.  

Initially the numbers I saw were astounding.  But, having spoken to bankers from coast to coast, I can confidently state that there are employees at every level inside of your FI who would click the link, TODAY. 

So I started wondering: Why?  Why would completely reasonable, intelligent, responsible people in this day and age with so much on the line willingly submit to a fraudster? It’s because most social engineering, phishing, and vishing schemes are built on three elements that suspend common sense:

  1. Legitimacy
  2. Urgency
  3. Consequence

Legitimacy
If Bob’s Accounting Firm down the street was on the phone, most people wouldn’t be very likely to cough up their SSN and DOB. But if it’s the IRS, it’s a different story. And if the email mentioned above wasn’t purportedly from the IT officer of the FI, the recipient would not have been nearly as likely to click the link and divulge their network credentials. 

A critical element in establishing the validity of the request is the pretext or backstory of the requester.  Is it a government agency?  Is this a law enforcement officer?  Is this a vendor?  Is it an employee of our FI?  One of the simplest and most effective ways to stop a social engineering attack before it’s off the ground is to simply validate the credentials of the person who made the phone call or sent the email.  How is this accomplished?  Through a separate and independent channel.  Either by calling the agency (IRS or otherwise) back and asking for the purported agent, or via a separate (non-reply) initiated email. 

Urgency
If there was no urgency in the request by the scammer, there is no reason to act now.  The fraudster wants you to act before your brain has a chance to consider what the down side of that action might be.  How many times have you spoken to an employee or customer after they’ve already opened the email and clicked the link?  “Um … I think I maybe shouldn’t have done this.”  “I may be infected with a virus.” “Something doesn’t look right!”  It’s a common theme.  If that fraudster gets your employee or customer to act prior to considering implications of that action, their rates of success go way up.  According to behavioral psychologists, urgent situations cause people to suspend deliberate thought and act quickly
(Psychology Article).

Consequence
Consequence is the final leg in our three legged social engineering stool.  If there is no implied or explicit consequence, there can be no true urgency, and therefore no reason to act.  If the IRS isn’t threatening to levy your property, place you under arrest or increase the amount you owe them, why would you agree to wire money immediately or provide information which could later be used to steal your identity?  If that IT officer wasn’t performing system maintenance tonight and your manager was not going to be notified for your non-compliance, why on earth would you agree to give your network credentials to someone – ANYONE?  The elements of consequence and urgency go hand in hand in making people who are rule-following, good-citizens easy pickings for criminals.  Unfortunately, this element is one that makes older-generations even more vulnerable to this type of attack.  Taking the person on the other end of the phone at ‘face value’, and believing them when they tell you that you are in trouble with the IRS is practically a given, unless you can warn your senior citizen’s ahead of time.  Before the wire is sent.  Before the social security number is given out. 

Identifying these three elements is just one part of the strategy.  Your FI can take it from here.  Adopt a review of these components as a part of the training you provide your employees and customers on combating social engineering threats.  Scrutiny is not rude, it’s part of doing business today.  Challenging credentials, validating requests, and critical thinking is as much a part of protecting your assets as locking the front door of the bank each evening.  It’s a necessary part of combating the tactics adopted by these fraudsters.  One additional parting thought – explicitly spell it out in your employment policy as an actionable item.  If an employee gives their network credentials to anyone, this is an offense that can result in termination.  It is a tough-love approach, but one that your security can depend upon.  Helping employees understand that there are consequences associated with actions is a critical deterrent to the click-now, think-later approach.  

Definitions:

Social Engineering:  Webopedia.com defines it as “the act of obtaining or attempting to obtain otherwise secure data by conning an individual into revealing secure information.”
Phishing: Dictionary.com defines Phishing as trying “to obtain financial or other confidential information from Internet users, typically by sending an email that looks as if it is from a legitimate organization, usually a financial institution, but contains a link to a fake website that replicates the real one.”
Vishing: About.com defines Vishing as Fraudsters who “uses social engineering and phishing techniques to steal people's identities using Voice over Internet Protocol (VoIP) phone lines”
Personally Identifiable Information: (PII) The US Department of Labor defines it as “information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.)” 

 

Tags: phishing campaigns, cybersecurity awareness, social engineering,

Consumer, do we really know you?

Posted on Wed, Jun 24, 2015 @ 07:30 AM

miltonking_50x50 Author: Milton King, MKing@profitstars.com

I was having breakfast with some friends recently, when I noticed something odd about the conversation.  None of them were talking about their banking institution.  Nor did someone breakout their new banking app and share it with everyone else at the table.  Clearly these people were not “in the business”.

Because I have been around the banking industry for so long, I decided to test the market.  I smoothly inserted the question, “who do you bank with?”  Once I got their answers, I asked “why ____?”  To a guy who is in the business, their answers were very low-tech.  The top three answers were as follows:

  1. Convenient
  2. I have been with them for years
  3. Low cost

Notably absent was a list of new technology their bank or credit union offers.  This was a group with several generations represented and the answers didn’t fall along age lines.

This got me thinking, are we totally misreading the consumer?  Let’s look at their responses individually:

Convenient
We keep saying “who goes to a branch anymore?”  Apparently, someone does according to the Wall Street Journal, as they estimate the current U.S. branch count at 93,000 (see relative comparison list below).  Is that lower than the historical high, yes.  Is that because the consumer turned his/her back on the branch, not so clear.  Much of that branch reduction was due to consolidation and downsizing by the largest FIs, not consumer preference.  In fact, per the WSJ, branch count had been growing until 2011/2012. Branch_Structure_profitability

For comparison:

  • 121,000 gas stations in the U.S.  (U.S. Census 2012)
  • 93,000 Bank branches in the U.S. (WSJ Online 3/2013)
  • 4,540 Wal-Mart stores (Wal-Mart 2015)

Bank tellers were thought to be going the way of elevator operator.  By simply averaging five tellers per branch, you realize there are a half million tellers and their support infrastructure going strong today.  Elevator operators are not fairing as well.

I have been with them for years
“Electronic banking will make it easier for consumers to switch financial institutions, so they will”.  Per Market Watch, in 2010 between 1 and 2 million people switched banks with the trend slowing.  That’s not much when you consider most adults in the U.S. have at least one bank account.  For the sake of this discussion, the 1 – 2 million is overstated, as it doesn’t consider those who changed because they relocated or their bank closed or merged.  The numbers seem to support what my breakfast companions stated.  Most people stay with their FI and will only leave under duress. 

Low Cost
Cost, probably the greatest of all consumer drivers!  My uncle/cousin Pete comes to mind (those of you who know me personally I will explain the mixed title to you later), he is known for his frugality.  I can just hear an earnest young teller showing my uncle the cool iPhone app, internet banking site and high tech kiosk; not knowing that he is probably getting closer to losing my uncles’ business than he is winning it.  All uncle Pete is thinking of is “Who is paying for all of this stuff? It better not be me!”

What is my message to you?  While technology has a role to play in banking, what stood out for me was how fundamental their responses were.  Simplify my life (convenient), keep my cost down and not only will you win my business, but you will likely keep it for a long time.

Those of us in the financial industry or servicing it can get caught up in the weeds, bubble, or echo chamber, and get away from the fundamentals my breakfast mates identified.  I am always amazed at the lengths we will go through to get consumer feedback, “Mrs. Jones if you fill out this survey you can win a trip to Maui.”  We literally have to bribe people to tell us how to serve them.  I would bet that a similar breakfast conversation back in 1995, 1975 or 1955 would have yielded similar responses.  The consumer hasn’t changed much; our challenge is to stay focused on those fundamentals even when the technology is changing daily. 

What are your thoughts?  Do you think the consumer has changed?  Please share your feedback in the comments. 

 

Tags: branch banking, customer relationship

Banking Better Than Before

Posted on Wed, Jun 17, 2015 @ 07:30 AM

Craig_Laures Author: Craig Laures, CLaures@profitstars.com

Banking professionals are always looking for a way to “do better.”  Doing better comes in many shapes and sizes.  To some, banking better might mean improved earnings, innovation, enhanced risk mitigation, growth or expansion, and new lines of business.  To others it could mean the opportunity to further serve a greater good or additional giving to charitable programs.  When your bank does better shareholders, employees, customers, and communities win.

Banking statistics for Q1 2015 were just released by the FDIC. The results reflect that banking is indeed getting better, much better than recent years.  More institutions are now profitable and more are reporting better earnings than last year.  ROA and ROE continue to trend up.  Efficiency Ratio, Allowance for Loan Loss, and Cost of Funds continue to trend down.  None of these performance metrics improved on accident, so what will sustain these trends?  It has to be better banking or at least banking that is better than before.

Most industry pundits remain upbeat regarding the outlook for banking in 2015. Many are citing business growth as one of the lead drivers for bank tech spending in 2015.  Does bank tech spending lead to better banking?  It certainly plays a significant role.  Better banking can be fully realized when paired to sensible, strategic IT spending.  For example, recent statements by research firm Ovum found mobile and online banking investments should grow 7.5% and 7%, respectively.  Let’s look at areas which deserve extra attention when we focus on better banking.

Online Experience
Since banks began launching websites in the 1990’s customers and prospects browsed your site looking for products, rates, promotions, applications, and online banking logins.  The result was financial institutions (FIs) being placed in reactionary positions if the customer decided to call or email you about their interests. Today, the opportunity be proactive is here.  Is a proactive approach to marketing supportive of better banking practices? Certainly. By consistently engaging website visitors with ads for products that are actually appealing and important to their individual interests is now a reality.

1284074small

Branch Experience
The branch shows no signs of slowing in its evolution.  For example, we’ve seen FIs move customer/member interactions to a kiosk or even a tablet environment.  FIs in a tablet environment are mobilizing their representatives with touch screens.  This allows business to be transacted from anywhere in the branch or at a local business. Read our recent post on branch banking anywhere for more information.   

Commercial Lending
In recent meetings with retail focused FIs they have shared a commitment to adopting a Commercial & Industrial (C&I) lending competency as part of their strategic direction. But how are they going to succeed?  It’s nothing like you might imagine. Artistic creativity and transparency in the pricing and structuring of C&I loans will be key ingredients to achieving sustainable growth in this area.  Borrowers love choices and appreciate insight into how their loans are priced.  Also, the ability for community FIs to partner with alternative lenders (dare I say it?!) will bring you and your clients unique funding strategies. Finding a properly vetted alternative lending partner is the variable to success.  You’ll be better off partnering with an alternative lender instead of treating them as a competitor. 

Many borrowers lean toward the online experience.  Online applications, automated prices, and efficient approvals result in quick-turn decisions leading to happy borrowers.  Speed and convenience, without sacrificing good underwriting practices, will have a stronger influence on a borrower’s decision than “rate” or “relationship”.

Risk Management
Fraudsters find new ways to keep us on point and vigilant.  According to the 2015 Association for Financial Professionals Payments Fraud and Control survey, incidence of payments fraud in 2014 was unchanged at most companies when compared to 2013.  With that said, 25% of organizations experienced an increase in payment fraud attacks. For 39% of the more than 2,000 surveyed organizations, the potential loss from fraud in 2014 estimated to be less than $25,000; for 31% the potential loss is between $25,000 and $249,999. The potential loss is $250,000 or more at 19% of organizations. Your customer is the weakest link and the biggest threat to fraud.  Let’s bring better banking to your clients.  Let’s teach your clients to be better at preventing financial fraud.  Utilize fraud experts that have documented proven practices to minimize the risk and payments fraud exposure your clients face daily.

Many FIs are moving their IT environments to a secure cloud environment. These FIs are committed to getting back to banking.  They made strategic choices to place the management and support of their IT infrastructure on those who are experts. How would such a move contribute to better banking? 

At ProfitStars we‘ve documented best practices and catalogued successful outcomes leading to you, our clients, and ultimately your clients winning.  Now that is better banking.

Tags: online banking, commercial lending, branch experience

Online Lending: Time to Get in the Game

Posted on Wed, Jun 10, 2015 @ 07:30 AM

Mark_Messick Author: Mark Messick, MMessick@profitstars.com

Do you remember the days when financial institutions (FI) didn’t have websites?  For those millennials out there who just fell out of their chair, yes, there was a time when banks and credit unions didn’t have websites.  What we heard in those days was that community-based banking was a relationship business and that FI’s knew their client base so well they didn’t “need” a website.  It certainly was, and still is, a relationship business.  But, can you imagine an FI operating without a website today?  I didn’t think so.  What about the days before cell phones?  If I had a dollar for all of the people I heard say, “I’ll never get one of those”, who now own, not only a cell phone but a tablet as well, I’d be writing this blog post from a beach somewhere instead of my office.  The point is, time and technology continue to march on.  FI’s are finding new and unique ways to connect with their customers and members, and as innovation increases, product offerings increase as well.  Unfortunately, since the recession, non-FI competitors have emerged within the lending marketplace and have moved ahead of FIs in a number of ways.

You can pay bills or open a checking account, but can you request financing directly from your FIs website?  Probably not.  What if you’re a small business owner and need financing related to your company?  Even more unlikely.  In fact, we surveyed a number of FI’s last year and less than 8% had any kind of mechanism for a business to request financing online.  Yet, we know that people are increasingly using technology to do most everything in life; including finding sources of financing and credit.  The explosion of online alternative lenders over the last several years is proof enough of that fact. Read more in this blog post on small business lending trends to watch that we posted in 2013. Consequently, the number of loans done online with these types of lenders has an exponential growth curve attached to it.   Still, FI’s have been slow to react and even slower to compete, even though every institution is crying out for loan demand.  Maybe you’ve seen these headlines from recent periodicals:

“Why Your FI Needs a Digital Lending Platform—Now”
 
“Community FI’s Need Sleeker Approach to Small-Business Lending”
 
“FI’s Conspicuously Scarce in Supercharged Online Loan Field”
Online_Lending

This bold but necessary leap forward doesn’t require an FI to change its credit culture or lending standards, it simply begs for the institution to meet the borrower’s needs in a new and unique way.  It asks you to leverage the technology channels that you’ve already invested in, but in ways that are meaningful to those who wish to access your services.  Online banking, for example, wouldn’t be a very powerful tool if when you logged in, you had to call to get more info, or click on the “Contact Us for More Info” button.  Why should your loan products be any different?  Think about it this way, the top three responses from borrowers when asked what they are looking for in a lender are usually:

  • Make it easy for me to apply
  • Give me a quick initial response
  • Help me get the capital I need, even if you can’t do it yourself

Ask yourself if your FI’s loan methodology meets those responses.  If not, it’s time for you to get in the game and stop sitting on the sidelines.  Someday we’ll all look back and remember the days when nobody offered loans online and wonder what took so long.

Learn More at Our Commercial Lending Center

Tags: lending opportunities, small business lending, commercial lending

Growth in Asset Based Lending Calls for a Return to Fundamentals

Posted on Wed, Jun 03, 2015 @ 08:00 AM

pattrue_50x50 Author: Pat True, RTrue@profitstars.com

According to the Commercial Finance Association’s annual survey, asset based lending (excluding factoring) commitments rose to $216 billion by the end of 2014, with funded balances reaching $90 billion.  This represents a 12.3% increase in funded balances from 2013.  Overall credit line utilization rose 41% for the year.  During a year that saw a return to commercial real estate lending for many, working capital lines were also clearly a factor.  This trend was recognized by regulators as the OCC distributed new guidance for management of asset based lines, recognizing that banks are doing more in this arena.  Times like these call for a return to the fundamentals of working capital finance.  Among these are the five keys to depending on accounts receivable as a repayment source:

  1. Strong initial credit decision
  2. Accurate and timely information
  3. Control of the cash (payments from account debtors)
  4. Sound monitoring practices
  5. Protection against changing circumstances

Improvements in technology have enhanced every one of the five keys.  Account management systems today provide fresh daily information to lenders rather than a dependence on borrowing base certificates or other monthly data.  What’s more, this information is designed to match the accounting system of the borrower, and new verification techniques can help to assure validity.  Systems also reveal trend data regarding the performance of key debtors as well as individual invoices.  As you evaluate your financial institution’s strategy for working capital financing, consider whether you would attempt to develop this capability internally or work in partnership with a third party vendor.  Consider these questions:

  1. Does your organization have a formal credit policy addressing the unique characteristics of working capital lines?
  2. Do you have systems in place that will provide accurate and detailed information regarding your borrower and their account debtors?
  3. How fresh is the information you are using to make decisions on advances under each line?  Is it refreshed daily or is it based on a once-a-month process?
  4. Are you requiring account debtors to remit payments to an ACH account or lockbox that you control – thus reducing the likelihood of evergreen lines and assuring the line becomes a self-liquidating facility?
  5. Does your current system notify your lending staff when circumstances change within the relationship?  Does it incorporate risk triggers and automated alerts thus allowing for an exception management process?
  6. Have you considered the use of credit insurance for larger account debtor exposures?
  7. Have you identified the industry sectors that would be the most likely targets in your market area, as well as those that involve higher risk due to the nature of the sales transaction?
  8. Does your system foster consistency among lenders and lending units in regards to monitoring of your revolving lines?
  9. Last but certainly not least, is your approach to working capital financing profitable?  Does it reward your bank for the service or has it simply become a loss leader for other products and services?

One last factor to consider is the size of your targeted asset based lines.  While many lines in the industry exceed one million dollars, consider a strategy that allows you to attract the younger emerging businesses,Shaking_hands typically two to five years old.  Line sizes for this group will most likely be in the $250 - $750k range.  In order to effectively manage this business, you need a system which offers efficiency.  By developing these relationships earlier, though, you diversify risk across the portfolio and you win them earlier in the business life cycle.  These businesses are likely to be longer lasting clients of your institution and enjoy at least six or seven other products, representing a full range of financial services.  As they grow, they become less dependent on working capital financing and more on cash management services.

If working capital financing is not part of your overall market strategy, consider why?  Evaluate its place in your organization as well as the inside or outsourced expertise needed to make it happen.

Learn More at Our Commercial Lending Center

Tags: small business lending, commercial lending, asset based lending

Same Day, Different Solutions?

Posted on Wed, May 27, 2015 @ 07:30 AM

moland1_50x50 Author: Kevin Moland, KMoland@profitstars.com

May 19th was a banner day for the payments industry. In case you missed it, a major payments entity announced its plan to speed up electronic transactions by allowing credits to flow through its ubiquitous network at unprecedented speeds. Over the last decade, new technologies and nimble payment startups had been driving major industry players in this direction. The announcement on May 19th could turn out to be a watershed event, one of those defining moments where an industry makes a pivotal shift and moves in a new direction that will define its relevance for years, maybe even decades.

If you think I’m talking about NACHA’s announcement that its voting membership approved the ballot initiative for Same Day ACH, don’t be so sure. That news may ultimately be overshadowed by another announcement made on, well, the “same day.”

To be fair, NACHA’s Same Day ACH announcement will likely turn out to be important. It will cut the time selected ACH payments spend in transit, making it possible to send funds (in Phase I) and debit accounts (in Phase II) with transactions that settle and, more importantly, post to the recipient’s account that same day instead of the next business day. Granted, the rule is limited to domestic U.S. transactions sent by the appropriate cut-off time, which could be as early as noon if you live in the Pacific Time zone. In addition, to help offset the receiving financial institution’s costs, the originating financial institution will have to fork over an additional nickel per transaction, which will likely be passed on (with an appropriate upcharge) to the originator. While the transactions will post the same day, the receiver may not have access to the funds until 5:00 p.m. Eastern Time. But even with those limitations, NACHA’s rule change will definitely make it possible for selected ACH transactions to move more swiftly—assuming the Federal Reserve Bank opts to implement it in its prescribed form. (The Fed has requested input from FIs and other payments entities regarding NACHA’s proposal. The comment period is open until July 2nd.) 

But NACHA’s big news may not have been the most important announcement made on May 19th. MasterCard picked that same day to roll out its new MasterCard Send program. MasterCard Send is the card processor’s new service that allows businesses or consumers to send money to anyone with a debit card in seconds instead of days. MasterCard’s new service will leverage the existing debit network to send credits, and they aren’t the first ones to do so. Square Cash began using the debit card network to send credits in 2013 by labeling their transactions as payment “reversals.” (This practice was initially controversial, since there was no original debit transaction being “reversed.”)

MasterCard’s plan to allow credit transactions to flow down the debit card rails has the potential to make that system a truly ubiquitous, real-time channel through which businesses or consumers can send money to anyone—banked or unbanked—with an appropriate receiving vehicle, including MasterCard or non-MasterCard debit cards, mobile money accounts, bank accounts, or a relationship with a cash agent outlet. MasterCard also plans to allow international payments via Send in the near future.

Did MasterCard intentionally time its announcement to upstage NACHA’s news? Consider these phrases from MasterCard’s press release:

  • “It’s fast! 24/7/365 access to funds anytime vs. several days for checks or ACH transfers to process.”
  • “MasterCard Send is the only personal payments service that can reach virtually all U.S. debit card accounts and enable funds to be sent and received typically within seconds – far superior to existing solutions that either limit transfers within a closed-loop network or involve ACH, which can take several days for funds to be received.”

In any case, MasterCard’s announcement provided an alternative focal point for bankers and payments professionals who happened to be watching the headlines last Tuesday.

The good news for financial institutions is that the majority of recent payments system innovations, including NACHA’s Same Day ACH and MasterCard’s Send, still leverage the existing transaction rails established and operated as part of the traditional banking system. Apple Pay, for instance, uses the debit and credit card networks for its new mobile payments initiative. PayPal settles its P2P transactions through the ACH network. FIS’ PayNet leverages the debit network to move payments in almost real-time. Early Warning is developing a faster payments solution compatible with the ACH and check rails. While the Fed has stated that the creation of a new payments rail is an attractive option, it doesn’t appear likely that the existing rails will be replaced by something entirely new anytime soon. 

Whether you see NACHA’s Same Day ACH initiative or the MasterCard Send announcement as the highlight of the May 19th news cycle, the one certainty you can take from these two stories is that the payments industry will continue to change rapidly. Other players, including The Clearing House, are working on their own initiatives to provide more rapid payment options. The Federal Reserve has called on financial institutions and payment service providers to move towards a faster system, and both NACHA and MasterCard referenced the Fed’s initiative as one of their motivations. As the industry looks for ways to make the payments system faster, you can bet these two announcements won’t be the last news stories about solutions that move money more quickly. 

Is your financial institution factoring faster payments into your future product plans?

Tags: ACH Network, payments

Subscribe to Email Updates