Cyber Security This Cyber Monday

Posted on Wed, Nov 25, 2015 @ 09:30 AM

Author: Marissa Quebbeman,

Holiday gift wish-lists, check. List of cyber-Monday deals, check. Malware installed while surfing the web to find the best deals…huh?

The holiday shopping season usually carries elevated risk – whether shopping at a mall or online. This year, Internet users face sophisticated cyber threats that have been active and evolving for the past year. End users – both at home and on business networks – must be vigilant to protect their identities, accounts, corporate intellectual property, and pocketbooks from being attacked and/or compromised by malware. No one wants to find their identity stolen or bank accounts emptied during the holiday season.


A few current popular methods of malware delivery include malicious spam emails, phishing emails, and exploit kits. The first two methods differ only in targeting methods. Spam emails are less targeted than phishing emails, and are the type of message a user is most likely to receive in their home email account. Phishing messages generally target people within an organization or group – members of a financial services industry group or employees of a particular bank are good examples. Spear-phishing is the most targeted methodology and usually leverages information gathered about the targets to guide the message content. All three of these methods use the same basic social engineering principle: an attacker crafts an email message to entice the recipient to open it. It could be about a package delivery, an invoice for your recent order, or a resume from a potential job applicant. At this time of year any of these topics seem legitimate, however users must exercise caution and common sense.

Because the attacker uses ‘bait’ that is attractive to most people, they are relying on users clicking on links and opening attachments without critically reviewing the message for legitimacy first. Malware being delivered via these channels includes (but is not limited to): Dridex (banking Trojan that collects credentials from the compromised system); Dyre (banking Trojan that captures credentials); and CryptoWall (ransomware that encrypts all files on the infected system and any mapped shares).

As a recipient, you can help reduce the attacker’s risk of success by:

  1. Taking a moment to focus on the email instead of scanning through it. Does it look legitimate? Were you expecting an invoice, delivery notification, etc…?

  2. Check the sender email address to see if it appears bogus. (If the sender domain doesn’t match the company, it is a red flag.)

  3. Hover over links to see if the text matches the destination URL. Note: on mobile phones you can touch and hold the link to have a box pop up that will show you the link. Press the “cancel” or “back” button to avoid going to the link. If these don’t match up, you are likely in a phishy situation.

  4. Use an alternate method to validate the message, such as going directly to the company’s website.

  5. Save the attachment and scan with anti-virus software before opening.

The third method for delivery mentioned above is called an exploit kit. Its purpose in life is exactly what it sounds like: to exploit as many systems as possible for the purpose of monetary gain. Exploit kits are used by crimeware gangs (and other actors) to infect susceptible systems when users browse to an infected site. They succeed by targeting plug-in vulnerabilities that are commonly used by end-user’s web browsers, such as Adobe Flash. When a plug-in is out of date, it leaves the user susceptible for exploitation – therefore it is important to either remove plug-ins from your browser (if you do not use/maintain them), or to keep them up to date.

Users most frequently are infected by a website that was compromised or via a malicious ad pushed to an otherwise ‘safe’ website. The latter is affectionately called “malvertising” or a “drive-by-download.” Quaint, right? Probably not if you are the unfortunate victim of this attack.

Users usually are unaware that an exploit kit is firing in the background when this type of attack succeeds. Once the exploit kit successfully compromises a system, it attempts to install malware. Current malware payloads observed include CryptoWall 3.0 and 4.0 (ransomware that encrypts your files - and any files on mapped network shares - then demands payments in BitCoin to decrypt them), TeslaCrypt (more ransomware), Bedep (a click-fraud Trojan that can also redirect the system to download other malware), and Vawtrak (banking Trojan that collects credentials.)

For the tech-savvy, detailed technical examples of the different types of attacks and payloads may be found at the blog Malware Traffic Analysis and through Mr. Duncan’s ISC blog postings found here.

Now the most important part: What can you do to protect both yourself and your organization?

Often the simplest things make the biggest difference when it comes to protecting your data while surfing the Internet. Employing the following strategies will reduce your chance of infection and improve your ability to recover if your system is infected. Even seasoned cyber-security professionals have been known to click on a link from time to time by not paying attention. These strategies will help reduce the chance of infection even if you accidently open the latest phishing message.

  1. Patch your operating system. This goes for your computer, laptop, mobile phone, home router, etc…(“devices” going forward.) Make sure you are patched.  Also, for owners of newer cars, check with your automobile manufacturer to ensure there are no outstanding software updates available for your vehicle. [This author had her car stop working one night without notice. The culprit? A software update had not been applied and the old software was not communicating information correctly.]

  2. Patch all software that is installed on your devices (Java, Adobe Flash, Silverlight, Office, Internet Explorer, Chrome, Firefox, etc…). Even if your operating system is patched, these other software packages may be vulnerable to exploitation.

  3. Use software that automatically checks for any outdated versions, making it easier to know when and what to patch. (Example: Secunia PSI)

  4. Use ad-blocking software to prevent websites from automatically loading advertisements.

  5. Disable auto-play in your web browser (enable Click-to-Play) so embedded content does not automatically play without your interaction.

  6. Run Anti-Virus and Anti-Malware protection on your Internet-accessible devices to identify, detect, and protect your system from known malware.

  7. Keep an off-line backup of all critical, important files. For home users this may include tax documents, photographs, emails, and other electronic communications of high importance. For businesses this includes all critical business files.

  8. Avoid clicking on links in emails, particularly if they are unsolicited or unexpected.

  9. Virus-scan attachments before opening.

We hope you have a happy, safe, and fun holiday season – both in person and on the web!

Tags: malware, cybersecurity

Interoffice Mail Lives On!

Posted on Wed, Nov 18, 2015 @ 08:00 AM

Milton King Author: Milton King,

As I prepared to write this blog, I came to the realization that many people who read this may have never utilized interoffice mail (IM).  They never had the experience of handling that fancy orange/yellow/tan envelope with the holes in it.  They missed out on the joy of figuring out if the red tie string needed to go clockwise or counter-clockwise.  Most importantly they never joined the exclusive list of people who signed the envelope.  Man!  Did they miss out!I decided to do a little research and came up with “best answer on Yahoo Answers”-

In the "olden days", before email, many documents were sent to other offices (or rooms) in a large company via a sort-of private mail system - run by the company. You would place your "letter" in a designated box (usually inside a re-usable tan envelop) near the secretary's/office manager's/clerk's desk. Then, the "letter" or package would be delivered to whomever you sent it to (or you may even have a pigeon-hole-type mail box assigned to you).Interoffice Mail

I then asked myself what happened to IM?  The answer is, we, the technology providers drove IM into obsolescence.  Here is a quick synopsis:

  • 1920s-1970s – Telex started the electronic communication. Though it was expensive and limited in availability it survived for nearly 50 years.  Companies with multiple locations would use it to communicate urgent information from one division to another.  An early alternative to interoffice mail.
  • 1970s-1980s – Email changed everything as it created an instant, inexpensive way to communicate. Particularly within a specific organization.  Email would become the standard for interoffice communications for decades to come.  The execution of legal documents and the handling of private, high security documents was and, in some cases, still is a touchy area for email.
  • 2000-present – Instant Messaging, particularly internal IM has made interoffice communications instantaneous. Though, if we are all honest, it is largely a way of complaining about things that are going on in a meeting we are participating in.

You could include texting in the list above as well.  Each of these technologies had a role in eliminating the need for interoffice mail.  A common feature of each is that they have obvious shortcomings for sensitive internal communications.

Leave it to technology companies to create solutions that merge all of the previous technologies, while at the same time addressing their weaknesses.  Today we have enterprise workflow technology (EWF).  EWF combines instant availability like instant messaging, the bandwidth and familiarity of email and the security of a private mail network.

EWF is a solution that lets a company define those in an organization that not only need to see a document but may also need to execute and/or authorize it.  It assures that the document goes through the proper channels (workflows).  It tracks and notes exceptions.  It leverages email, texting and IM technology.  It can also be behind the company’s firewalls making it a secure environment for sensitive materials.  In many ways, it is the modern day version of interoffice mail.

Interoffice mail served an important purpose in many companies.  It shared information ranging from invitations to the Christmas party to sensitive contractual information.   All of these functions are still important.

Today’s workflow solutions serve the entire document handling needs of an organization.  It utilizes familiar technologies like email.  The only downside is that you don’t get to sign the cool envelope.

Consider how your organization circulates documents.  Do you have processes that are dependent on authorizations by multiple people?  Do these processes get delayed because of availability of these individuals?  Would your organization be well served with technology that allows those individuals to view and authorize these documents electronically and from wherever they are?  If your answers to any of these questions is yes, you need a workflow solution.

Tags: document imaging

The Next Big Thing in Payments Could Be You

Posted on Tue, Nov 10, 2015 @ 09:03 AM

Kevin Moland Author: Kevin Moland,

If you think about it, payments have always been about being more mobile.

Cash, first in the form of precious metals, then as different forms of currency, allowed people to liquidate relatively immovable assets like property or livestock and “mobilize” them in a form that could be carried around and converted into other goods and services. The first printed checks likely appeared in England in the 1700’s. These nifty devices were lightweight and portable, which made it easy for payers to remit large sums of money without toting around all those bills and coins. The result was more mobility and increased safety for payers. About 200 years later, in the middle of the 20th century, Diner’s Club, American Express and others rolled out credit cards. Debit cards first appeared in the 1970’s and come to prominence as a payments vehicle in the 1990’s. Suddenly payers had choices: They could finance purchases instantly or pay for them with funds from their checking account, all by handing over a piece of plastic.With each new form of “mobilization,” payers gained convenience and security. Unfortunately, with each new channel, the payments industry gained new types of fraud. As payments moved from cash to checks and checks to cards, authentication measures became more complex, shifting from padlocks to signatures and signatures to PINs in an attempt to thwart fraudsters trying to impersonate legitimate account owners. Unfortunately, PINs and passwords have proven to be largely ineffective as a form of protection.

A little over a year ago, Apple turned the struggling digital wallet industry upside down when it rolled out Apple Pay. Suddenly, users could make payments at popular points of sale like McDonalds, Subway and Walgreens with nothing more than a wave of their mobile phone. Now Samsung Pay has been released, with a near ubiquitous reach thanks to Loop’s embedded technology that allows its phones to make payments at most standard card scanning terminals. Like its paper and plastic predecessors, mobile payments offer additional convenience and better security, leveraging card system tokenization programs that facilitate payments without ever revealing the payer’s card account information to the merchant. 

Mobile payments also introduced a new form of authentication, eschewing the traditional “something Authentication in paymentsyou know” and “something you have” elements of identification in favor of new methods based on “something you are.” Because mobile payments are driven by high tech devices like smartphones and tablets, they opened the door for biometric authentication, the science (some might say art) of validating a user’s identity by confirming some unique organic characteristic. Apple’s fingerprint scan was only the beginning for an industry that now includes identification methods based on voice patterns, facial recognition, retinal scans—even the way you smile. Some industry experts predict that the number of annual transactions secured by biometric authentication will reach five billion before 2020.

And to top it off, now there’s “bio-payments.” And I don’t just mean payments that use biometric authentication. Bio-payments are an emerging new way to pay that is initiated by you, literally, leveraging technology embedded inside your physical body. Earlier this month, Payment Week ran an article that detailed developer Patric Lanhed’s successful efforts to implant a chip containing the key to his Bitcoin wallet under the skin in his hand. Doing so allowed him to “essentially scan his hand and make purchases anywhere Bitcoin was accepted.” Admittedly, many people won’t be excited by the idea of implanting synthetic technology inside themselves, but one doesn’t have to do much more than Google organic computer chips to understand that someday soon payments could be programmed into organic material fused directly into our cells.

While bio-payments are a long way from prime time, it certainly seems like a logical step in the flow that has taken us from cash boxes to mobile wallets. Like all previous payment methods, bio-payments could provide increased convenience and improved security—maybe enough to warrant widespread use. Someday, maybe sooner than we think, we may shed our smartphones as part of our metamorphosis into “smartpeople.” In the not-too-distant future, we, the payers, may even become the ultimate mobile payment device.

Learn About  Enterprise Payment Solutions

Tags: payments

Technology is Changing Commercial Lending – What to Do for Success

Posted on Wed, Nov 04, 2015 @ 08:00 AM

Craig Laures Author: Craig Laures,

Technology is aggressively changing the Commercial & Industrial (C&I) lending environment. Online commercial loan applications, automation in the underwriting, approval, and funding process, and alternative lenders are disrupting the C&I lending landscape, which have created obstacles for traditional lenders to profitably grow their C&I portfolios.  Traditional lenders will need to leverage technology and give strong consideration to partnerships with alternative lenders in order to remain top of mind for commercial borrowers.A growing number of borrowers lean toward a simplified experience (see Exhibit 1 below) which is found 1) in the online channel and 2) from alternative lenders.  Online applications, automated prices, and efficient approvals lead to happy borrowers.  Speed and convenience will draw borrowers to you more than a ‘rate’ or ‘relationship’. This is the short term future of business lending.  As more traditional banks adapt and innovate via the online channel “rate” and “relationship” may become more important, once again. 

Exhibit 1

Technology is changing the lending game


FI executives often share with me that achieving their strategic growth objectives are largely dependent on proper execution of tactics that will support growth in their C&I lending portfolio.  Progressive and disruptive business lenders are succeeding in reaching those growth objectives using non-traditional methods.  They are leveraging the internet to quickly and easily get loan applications in the hands of potential borrowers. Borrowers that may have never been reachable in the past.  Then accepting completed business loan applications through the FI’s website.  Also, several of the same traditional lenders are recognizing the mutual benefit of partnering with alternative lenders through participating in “networks.”  The alternative lenders in these networks have the opportunity to approve and fund loans that do not fit a traditional bank’s credit requirements or compatibility.

Community FI’s should take steps now to foster partnerships with alternative lenders. It can take several months or more to vet and implement plans to partner with them.  Alternative lenders are here to stay.  While they are getting much attention for their focus on business lending, these lenders have been a significant player in the consumer financing picture for years.  It’s natural they have evolved into and are now recognized and trusted sources of funds for business borrowers.  The number of alternative lenders will fluctuate and those with the staying power (market share and capital) will be another formidable challenge bankers must face, in addition to ongoing net interest margin compression and periods of slack loan demand. 

So here is the take away for community FI’s to give strong consideration.  By using Search Engine Optimization (SEO) and online commercial loan applications your FI’s website (aka online branch) will be an easy to find and efficient source of leads for commercial lending opportunities.  The leads you choose not to convert into new lending relationships can be farmed out to alternative lenders.  Those same leads can then be converted into opportunities to ask for deposits and sell other products or services.  The future is bright for commercial lenders that understand the role of technology and partnerships with alternative lenders. 

The online platform will be a catalyst for growth and the role of alternative lenders will gain relevance.  The question remains, where does your FI fit into the equation?

Learn More  at the Lending Resource Center

Exhibit 2

Online lending platforms


Tags: commercial lending, alternative lending

Trading Places Just Might Transform Your Business

Posted on Wed, Oct 28, 2015 @ 08:00 AM

Travis Smith Author: Travis Smith,

If you’re like me, for the last few weeks you’ve been trying to come up with the perfect costume for the annual neighborhood Halloween Party.  Being a proud Star Wars nerd and in anticipation of Episode VII: The Force Awakens, I thought it was the perfect year to dust off the Han Solo gun and holster.   Knowing that a well-orchestrated partner or duo theme increases our prize-winning chances, I’m still pleading with my wife to gear up as Han’s soul mate, Leia. 

Does your business take a partnership approach with its customers?  If your success hinges on business-to-business (B2B) sales and marketing, then chances are high you embrace an alliance methodology. 

This Halloween season, I want to share an idea and two unique techniques that might be a bit spooky to some.  But if you can brave it, I promise a fresh perspective on your business and maybe one or two game-changing ideas.   Ready?  Here it goes:  

Technique #1:  If the key to being a good partner is understanding their business and challenges, then try “dressing up” or trading places with your partner/customer.  As B2B professionals, it’s important that we are always trying to put ourselves in our customer’s shoes.  This helps us get out of our own company’s limited perspective and design partner solutions that help our partners be more successful.

Techniques #2:  Now, let’s take that concept and flip it on its head for a moment: Why not have your partner stand in your shoes?   Go ahead … role play over lunch.  Too often we ask, “What else can we be doing to help you grow your business?” Don’t get me wrong, we should be asking this question–and often, but we might be amazed if we also asked:

 “If you were me …

  • Which opportunities in the market would you attack?
  • How would you use your sales team and products to be a differentiator? 
  • What shortcoming would you make your highest priority? 

They will be honored you asked, and have a better understanding of your market perspective. But more importantly, you will also learn unexpected valuable lessons and ideas from respected outsiders who are looking in. 

Business partners

But, “An idea can only become a reality once it is broken down into organized, actionable elements.” ― Scott Belsky, Making Ideas Happen: Overcoming the Obstacles Between Vision and Reality

Yes the “trading places” practice will leave your partner/customer flattered and you enlightened, but that’s just the start.  Immediately following the practice, brainstorm with a colleague of what you’ve learned and identify the single best idea that has the biggest potential to transform your business. 

Next, author an action plan that helps you further explore, qualify, and move this newly identified opportunity toward an executable business plan.   And when I say “author” I mean write it! 

Then ask yourself; who’s going to advise you?  Who’s going to hold you accountable?  

The answer is, your business partner of course, after all it was their idea!   In your follow up and thank you email share your action plan and set calendar meetings three months, nine months, and twelve months from your initial “trading places” discussion.  They will be pleased to provide guidance and excited to be a part of such a thrilling initiative! 

This Halloween, for each “Batman and Robin” and “C3PO and R2D2” think about your partnership connections and reversing roles with your customers over lunch.  OR even better yet, let them temporarily try on your laser blaster and holster for size.   

Comment with your thoughts, ideas, and personal experiences.


Reducing Compliance Risk through Website Compliance Reviews

Posted on Wed, Oct 21, 2015 @ 08:00 AM

Jenny Roland-Vlach Author: Jenny Roland-Vlach,

The FFIEC’s Cybersecurity Assessment Tool has cybersecuritybeen available for a few months now and your financial institution (FI) has undoubtedly realized the critical role it will play in your strategic plans. The tool touches on a wide array of factors for FIs and will require the attention and involvement of all your stakeholders to properly complete it. However, for today’s purposes, I want to focus on one particular aspect of the Cybersecurity Assessment Tool, and that is your online presence including websites, social media and metadata.

Why focus on the online presence component? In the grand scheme of the Cybsersecurity Assessment Tool, your online presence may seem like a small piece in comparison to all the other factors you must evaluate. It is important to point out that while online presence may only be one component, it is actually an increasingly significant part of banking. It is one of just three factors that determines your inherent risk level for delivery channels offered by your FI. Case in point, consider how many eBanking services that you now offer, most of which are accessible through your website. Quite a few, right? And I would be willing to bet that for many FIs, that number will continue to rise. Your customers are increasingly tech savvy and are looking to conduct more transactions online than ever before. So what can your FI do to help ensure that your online presence risk level is properly mitigated? I have an easy suggestion that any community FI can incorporate into their compliance efforts that will serve to decrease the amount of inherent risk associated with their online presence in the following three areas.


If your FI’s website is one of the many community sites that are shifting from an information to transaction website, the inherent risk profile for your online presence is on the rise. While online banking capabilities are standard features on websites, eStatements, e-Sign tools, and online deposit and loan applications are becoming more common. These eBanking services are convenient for your customers, but will attribute to that increase in inherent risk. A simple way to mitigate this risk is through a Website Compliance Review. An objective and comprehensive Website Compliance Review will review the eBanking offerings on your website and will determine if you have included the proper language and disclosures in order to be compliant with regulations.

Social Media

My next suggestion deals with social media, which still has somewhat of an ambiguous role in banking. There are FIs that have completely hopped on the bandwagon, those who have committed, but are sporadically active, and those institutions who avoid it like the plague. For those of you who are in the first two categories, you will find that being active in social media is going to increase your inherent risk level. Your level of activity will ultimately determine how much the needle moves on the risk level. If you are very active on social media and include product advertisements, remember that you need to include applicable disclosures-Truth in Lending, Truth in Savings, etc.-the same as you would for your website. You also need to include FDIC/NCUA member information and the Equal Housing Lender logo. An easy way to ensure that your social media pages have the proper information included is through the Website Compliance Review. A comprehensive Website Compliance Review evaluates your social media pages in addition to the information and offerings on your website. Remember, this is your online presence you are evaluating, not just your website.


My final suggestion focuses on metadata and detailed biographical data. I have discussed both of these items and how they can be used in cyber attacks against FIs in my previous blog, The Financial Institution Website: Where Community Meets Cyber Crime? As a refresher, whenever you post Word and PDF documents to your website that have not been scrubbed of metadata, your inherent risk level will escalate. Why? Because metadata provides would be criminals with information such as the name of the person who created the document and what version of the program it was created in. This minute bit of information is all that is needed for a criminal to begin crafting a social engineering attack against your institution. Detailed biographical information about your C-Suite personnel and Board of Directors that is included on your site can also be used in social engineering attacks. Spear phishing attacks can be easily crafted to appear to be from alumni associations, charities or other organizations your staff have included in their biography. Luckily, these are both threats that are easily mitigated. By taking the simple steps of scrubbing any Word or PDF documents that are posted to your FI’s website and limiting personal biographical data to high level details, you have further mitigated inherent risk associated with your online presence. A comprehensive Website Compliance Review will evaluate the documents on your website for any present metadata, as well as the amount and type of biographical detail.

Your FI may just be wrapping up the Cybersecurity Assessment Tool process. If you have determined that your cybersecurity preparedness levels are not aligned with your inherent risk levels, you will need to consider additional controls. Utilizing an easy solution, such as a Website Compliance Review, will help to decrease higher levels of inherent risks that are introduced through your online presence. Even though your online presence is only one of many factors determining inherent risk, it is a critical one and will continue to be so as your customers increasingly rely on the eBanking services you offer.

  Learn More About ProfitStars Information Security & Risk  Mgmt Solutions

Tags: cybersecurity

The Time is Now for Redesigning a User Interface

Posted on Wed, Oct 14, 2015 @ 11:14 AM

Tammy Wilson Author: Tammy Wilson,

Redesigning a user interface (UI) is a most uncertain thing for all involved, particularly when the product has looked and felt essentially the same--comfortable, familiar--for a very long time.   When is the right time to enhance it?  What is the right approach?  Will users embrace the updates?  Regardless of the risk and additional work involved, there comes a time when a facelift is the right path forward.  There will likely be a variety of reasons behind the decision to update a user interface, but the driving force must be the best interest of the users that live with the product every day.

Customer experience

As with all things technical in nature, interfaces advance.   In 2004, Check 21 was enacted and it required platforms to support an image-enabled process.  This change was fundamental and was the impetus for substantial system development efforts in payment processing software.  User interfaces were built or redesigned to allow for image displays in the workflow.  To provide some perspective, in that same timeframe flip phones were all the rage, the iPhone was still three years from introduction, and you needed a PDA to do impressively productive things like update your digital calendar.  We’ve come a long way in some areas of technology.  In others, not so much.

You could argue that there hasn’t been another true payments revolution to justify a complete overhaul in platforms since those Check 21 days.  As demands for advanced functionality have increased, most providers have layered new technology on top of existing systems to deal with progressing needs.  At some point, though, providers have to consider if it makes sense to remodel or replace the workhorse.  That foundational system that’s been around for years, the one that all of the exciting new options are built upon, the one users rely on day-in and day-out to get the job done, the one they know like an old friend, quirks and all.  When that reliable, functional workhorse starts to show its age when set alongside new upstarts with lesser depth of functionality but eye-catchingly attractive user interfaces, it’s time to consider a change.

That kind of change is scary.  All change comes with risk, but sometimes you reach a point where the risk of maintaining the status quo exceeds the risk that will come with change.  And that is where many of us who’ve been in the financial services industry for many years find ourselves today.  Thanks to companies like Apple and Amazon, the population has evolved to expect an exceptional user experience.  Clean.  Fresh.  Intuitive.  Simple.  When a system’s first impression leaves something to be desired, it’s hard for users to look past a less-than-remarkable exterior to appreciate the fantastic functionality inside.  Particularly when a platform is exposed to a financial institution’s end user clients, it is important to deliver solutions the FI can take pride in.  Whether we like it or not, user interfaces reflect on the FI and its ability to provide clients with an experience that is enjoyable and effective. Dated UI’s don’t encourage user confidence.  Get that experience right, and you increase customer satisfaction and stickiness.  Get it wrong, and well…customers can be fickle creatures.

In order to continue to meet the expectations of users, new and old, sometimes you have to step off the ledge and plunge into something new and improved, trusting that the net of improved customer experience will be there to catch you.   As with any change, there will be bumps in the road as you implement improvements.  There are real risks involved in making things better, but they are nothing compared to the risk of sticking too long with the status quo.  When you know whole-heartedly that the time is now, and you believe in the company and/or people involved, you can be confident that the outcome will be worth the effort.  And, at some point down the road, you will look back and say “Yes, that was scary, but it was so worth it.”

Read our recent blog post about UI/UX Best Practices to learn more.


Tags: customer experience, payments

For Small Businesses, the Buck Starts Here

Posted on Fri, Oct 09, 2015 @ 09:49 AM

  Author: Pat True,

For the past twenty years, I have had the privilege of working with financial professionals in all fifty states through training events and seminars, exploring key issues associated with short term working capital financing.  During these sessions, three common questions emerge:

  1. What are the key benefits of asset based lending to the financial institution?
  2. What are the key benefits of such financing to the business clients?
  3. What can the financial institution do to encourage business retention for services such as this?

After seeing more than 35,000 businesses use accounts receivable funding, I can offer the following answers to these questions.

Why do financial institutions offer accounts receivable financing?

Financial institutions offer A/R programs to make money for their stockholders and to meet the needs of their surrounding business community.  It is no surprise that small business is one of the most profitable sectors for financial institutions.  After all, statistics show that the small business sector is the keystone of the U.S. economy.  Based on the latest data from the SBA, there are roughly 28 million small businesses in the U.S that account for 55% of all domestic sales.  These businesses provide 55% of all jobs and have accounted for 66% of net new jobs since the 1970’s. 

By offering an A/R financing program, a financial institution can attract new customers, retain them, and generate revenue – not to mention fostering the growth and stability of a companies they serve.  When executed properly, they can do all of these things while preserving and improving asset quality.  As each business client grows, that growth leads to a full scope financial relationship through equipment and real estate financing, cash management services and services for employees of the business.

Why do businesses use A/R financing programs?

Commercial customers start using accounts receivable financing programs for a variety of reasons. For some, it represents an opportunity to increase gross sales. For others, it allows them to significantly reduce supplier cost through negotiated discounts. For all, it delivers a peace of mind that comes from having predictable cash flowing into their business.

For most business owners, cash flow is not about how much money they will eventually receive for a sale; it’s about when they will receive the cash needed to run their business.  It’s a matter of timing.

There’s no doubt that owning a small business is stressful. One of the top reasons businesses start A/R financing programs is to decrease worry about money coming in from receivables. Just ask a business owner to quantify the amount of time they dedicate to A/R related issues.      

Several years ago, a lender and a sales representatives were positioning an A/R financing solution with a prospect in Alabama.  At one point during the conversation, the business owner was asked how he would use the money from the initial funds transferred on his receivables.  In this case, the business owner had approximately $75,000 in current eligible accounts.  After paying off his existing line, the business owner was to net about $25,000 in the initial funding of his accounts.  When asked how he would use the money, he mentioned that he intended to go out and buy at least two new pairs of shoes.  The business development manager and the accompanying lender laughed and asked – “Why new shoes?”  At that point, the business owner invited them to look out the window to the front of the building, where there was a mailbox.  The business owner said:  “I hustle out to that mailbox at least six or seven times a day – looking for my paycheck.  My paycheck is not like yours, which comes every two weeks.  Mine is from my customer, and I don’t know when it’s coming.  It may be this week; it may be three weeks from now.  I have burned out at least two pairs of shoes looking for my paychecks.  So that is the first thing I would do.”  Needless to say, that business owner did enjoy the benefits of the program – for more than four years.  This is not to say that it didn’t have to make business sense as well, but peace of mind was part of that sale.

What are the keys to business retention?

Whether the customer enters an A/R financing relationship after conducting exhaustive analytical research or simply through intuitive reasoning, they continue using this vehicle for two primary reasons:

  1. The product continues to meet a financial need.
  2. The service features of A/R financing keep their company running smoothly.

To retain clients, the financial institution must work to confirm that both elements of retention are present.  The only way to accomplish this is to stay in front of the customer, to make sure that they are using such a program to their benefit.

In the end, retention is about two things, need and service.  If both are present, your client is likely to stay.  Most small business owners will seek some method of retrieving cash from their A/R during their life cycle.  Whether they are offering discounts to their customers for prompt pay, accepting credit card or electronic payments, financing their accounts, or selling their accounts, they are trying to unlock an asset that is more or less frozen within the balance sheet.  Many have decided that, as far as A/R financing goes, the buck starts here, where receivable means next day cash.



Tags: commercial lending

Commercial Mobile RDC – The Undiscovered Country?

Posted on Thu, Sep 24, 2015 @ 09:00 AM

Author: Jason Schwabline, 

Desktop Commercial Remote Deposit Capture is mature. It’s a safe place to visit, and most financial institutions offer it and many businesses utilize it. When speaking with bankers, if you ask; “Do you have a commercial RDC solution?”, the answer is usually a resounding “yes!” What I’m focused on here though is the other half of the RDC story…the new, popular destination in the commercial space-mobile: specifically, Commercial Mobile Remote Deposit Capture (mRDC) (that’s a mouthful!).When I think of Commercial mRDC, I envision it as a great uncharted country. It’s a tantalizing, far off place that we all talk about one day visiting, but haven’t yet made our travel plans. Think about the banks that embark now on a solid strategy for Commercial mRDC as the explorers with their backpacks on, headed up the next peak to stake their claim and start reaping the results. So the question becomes, why have so many been so cautious to embark on such a journey?

The thoughts are many, but something I routinely hear about is trust. Trust not related to the bank and its relationship with a business, but the trust that exists between a business and the staff they would arm with a mobile device to take pictures of checks. Businesses have been cautious thus far in offering mRDC, wondering, “Is it safe? Is it secure?” The answers are a resounding “Yes!”, based on previously implemented and successful Retail or Consumer Remote Deposit Capture solutions. Today’s Commercial mRDC offerings are built upon the solid foundation of already proven consumer offerings, with solid Know Your Client (KYC) practices and business rules that can be deployed across channels. It’s a paradigm shift from how traditional solutions arose in the financial space, where banks historically offered strong commercial services that then trickled down into consumer offerings. Mobile has been different, and it’s benefited us all. What better testing ground for the solution than millions of handsets completing millions of transactions daily with unremarkable fraud losses? It’s a focus group most product organizations could only dream of and we as solution providers and FIs have it.

Knowing that the foundations are solid, I propose focusing on the use cases that drive the solution.  Mobile handsets in the hands of employees are at an all-time high. No longer are they a “cool thing to have” but instead are a necessary business tool. Employees untethered in the commercial enterprise help drive improved satisfaction and efficiencies for customers and for the business. With most consumers already familiar with mobile phones, staff training time and the “new process fear factor” should be at a minimum. Fewer lost or damaged checks mean less risk. Monies paid and captured by check in the field can be introduced to the financial system for processing and settlement much earlier than ever before, benefitting both the business as well as the financial institution. Think of the delivery drivers in the field going from customer to customer. Property managers handling a multitude of locations. Service reps on their routes. The list goes on and on. If there are checks in the field, there is opportunity for Commercial mRDC.

So I say to you…is it time? Time to join me on a trip to a place that’s still undiscovered? I guarantee once you get there you will see it’s more familiar than you think.

Cue the chorus from “Low Rider”. (You’re welcome in advance for having that song in your head for the rest of the day.)

Tags: remote deposit capture, Mobile Banking, Mobile Remote Deposit

5 Clear Signs You’ve Outgrown Your Factoring Software

Posted on Wed, Sep 16, 2015 @ 08:00 AM

Author: Marvin McConaghy,

Factoring Software_Five Reasons

Over the years, I’ve sat through more than my fair share of factoring software demos where I’ve heard first-hand the war stories of factors. Some of the best were from those who started small, built their portfolios to an impressive size, and then hit a wall. They found out hard and fast that the old way of doing things would no longer cut it.

In those tales of growing pains, I have detected several recurring themes that are clear signs you’ve outgrown your factoring software:

  1. Volume
    Volume is the number one problem reported by growing factors--their systems simply can’t handle their increased volume. Whether caused by their software, their manual processes, or a combination thereof, once their business reached a certain size and complexity, their system began to falter. Something always needed to be done outside the software and brought in manually — taking up valuable time that could be better spent elsewhere.

  2. Limited Fee Structures
    Next on the list of factor frustrations is the inability to keep up with competitors that are offering more complicated fee structures. They needed to expand their product offering, but given the limited choices built into their portfolio management system, they had to either invent creative workarounds or watch their business go elsewhere.

  3. Support
    Technical support is critical for any software system, but even more so with financial products. Many lenders looking for a better solution were motivated by a need for more timely response to their questions. Others were tired of being charged extra for “asking for too much help.” Great support should be an integral part of your software solution.

  4. Paper
    Many factors feel trapped by a system that forces them to print anytime they want to review an aging, reserves, or client summary. It’s slow, wastes resources, and makes it difficult to share vital data with co-workers, clients, and partners. Paper-based processes simply don’t make sense in this day and age.

  5. Lack of Automation
    Lack of automation typically manifests as ballooning man hours. As your business grows under the current system, you are forced to add more employees to keep up. The only alternative to this increased overhead is to find a system that will automate processes at every turn—that will work smarter rather than harder.

If your factoring operation is experiencing any (or all) of these issues, first let me congratulate you on successfully growing your business. Hard work got you to this state (painful though may have been), and that’s always worth celebrating.

Celebrate growing business

Then know this—relief is out there! Start by examining your software options and be open to automating your processes. Increased efficiency will enable you to lower your overhead while you continue your growth streak—a true win-win.

Learn More About   CADENCE for Factoring

Read Next: Maintaining NIM in a Rising Rate Environment


Subscribe to Email Updates