With over 40 years of customer services, the CORE Credit Union has served thestate of Georgia. Its main offices are in Statesboro,and their primary customers have to be educators likeschool teachers and university faculty and staff, the local hospitalstaff and several manufacturers in the area. The Credit Union competes withseveral banks in the area like BB&t and Wells Fargo, but their ability to provide lower interest being anon-profit organization allows them to provide better prices and products totheir customers. With the change its charter to become a community credit unionthe number of customers increases exponentially with a total today of10,000 members 1. This forced the credit union to create awebsite to allow a customer that hadmoved from the area to have access to their bank’saccount and funds from anywhere allowingthe customers to reach their account from the comfort of their home as longthey had a computer. The expansion of the IT infrastructure allows the CreditUnion customers to conduct transactions such as telephone banking, Internetbanking, online bill paying services, and mobile banking. Some of the serviceswere contracted out to third parties companies that offer their neededcommodities.
One of these companies was Share One (https://www.shareone.com)2 This deliverytechnology offers a resolution to the continual costs associated with hardware maintenance, upgrading andreplacing equipment, and licensing.
It will save time and reduce costsassociated with disaster recovery/business continuity processes by providingadvanced technology connections. The hosted system provides improved redundancy,eliminates unreliable backup tapes andother replication challenges associated with establishing the core and allancillary systems after a disaster has beendeclared. The hosted technology is aimedat credit unions that would traditionally consider an in-house method of implementing their coresystem, allowing the credit union to manage their processing while removingcostly hardware expenses. By contracting Share One Inc. as their datamanagement servers, they save money onhaving to create a second backup network. Thecost of maintenance and equipment would be staggering. By using a third partycompany that already has the equipment the saving is passed to the stockholders and the data will be safe in an off site location, in this case in two differentlocations, the data replication services offered by Share One ensures thatcopies of all transactions are stored in both locations.
TheNetwork for this credit union transfers not only all the data to the Share Oneservers via a VPN connection but uses the same 100 Mbps Ethernet LAN butconnects all the voice network of the offices via a PBX on the premises of themain office. Also, the facsimiles and thephone lines are supported by the sameconvergence network. Other opportunities that the credit union can take fromhaving a convergence network it the Video conference application, the customercan not only apply for a loan only it could havea video call with the loan officer in near real time via this convergencenetwork. Also, they have a texting feature that allowsthe customers to receive their balance over SMS on their mobile phones. Havinga convergence network is very convenient but at the same with it have its challenges. The amount of bandwidthrequired to send over video files and pictures is significant.
Also having all these services over the same network makes iteasier for hackers to access all the different aspects of the network, voice,data, telecommunication, PC, close circuit cameras by defeating only onesecurity measure. Where is the network was compartmentalized the hacker willonly get one part of the data, whatever is that he broke into and not the wholenetwork3. TheCore Credit Union offers numerous services to their customers. Everything fromopening an account online, apply for a loan, remote deposit capture, check ordering, to their mobilebanking (https://www.
With this mobile application, thecustomer can view account balance, make transfers, locate branches and ATMs,view transactions details, scheduled loanpayment and more. The mobile device has created a tremendous opportunity forthe bank and credit union industry, delivering the information in real timewithout having to walk to your PC or the bank. The need to be able to make paymentsto your creditors via the phone is a must in any banking institution.
At thistime the Core Credit Union allows makingpayments to your creditors and bills via ACH while using a computer but themobile application is not able to do this according to their website. The only payments you can do with the mobileapplication at this time are with in the same institutions like a car loan orpersonal loans. The need to add the capability to the application is imminentbut to do this, the credit union will need to do some changes to their network,changes that are provided by third party companies and systems like the SecureElements from Thales. 4 The Secure Element (SE) approach tocontactless mobile payments is essentially putting a payment chip card inside amobile phone. The SE typically can take one of three form factors – embedded(owned by the handset manufacturer), UICC (owned by the MNO) or MicroSD (ownedby the bank). Although the MicroSD option lookslike the best one from a bank’s point of view (due to ownership and control),this option has gained very little market adoption due to a much higher cost.
Theoption with most industry collaborative activity currently is the UICC modelwhich has comprehensive Global Platform specification support and an associatedformal testing and certification infrastructure. The mobile device operatingsystem itself is not a trusted entity, but the way that SEs are implemented, any operating systemapplication running on the phone cannot access the SE and its contents; the SE is connected to the NFC controller by a specialsecure channel called the single wire protocol (SWP). Providing the phone isnot rooted or jailbroken, there is no way for any application legitimately tointercept the data to or from the SE. Thismakes the SE behave just like a contactless chip card. The following figureshows the infrastructure required for a bank to support SEs involves HSMs tosecurely manage keys and payment credentials together with the interface to theTSM. Secure Element InfrastructureCOREcredit union relies on multiple third-parties to deliver its products, one ofthis third party company is Kerio (Kerio.
com). Specifically Kerio Connect. 5The Administration API for Kerio Connect allows administrators to facilitatetheir daily work and automate many procedures. With the API, you can createpowerful scripts to assist with routine daily tasks. The credit union uses thissystem to integrate and synchronize calendars, contacts,and email between Kerio Connect and Microsoft Outlook and mobile devices.
Another third party company used by this institution is Share One which we spoke of earlier in this case study. Having third party companies managing your data andsecurity is convenient. Using these companies saves time and money to theinstitution since it does not have to have a dedicated personnel for maintainsand management, in the other hand if the third party company is hacked yourinformation will be out in the open for all to see and you the credit unionmight now even know it. A survey of 40banks by the New York Department of Financial Services found that nearly one inthree don’t require third-party vendors to alert them about informationsecurity breaches or other cyber security intrusions (USA Today).
A bank’s cyber security is often only asgood as the cyber security of its vendors 6. Having all this automation at our fingertips, it makes it easier to conduct all the transactions paperless and viathe internet. This saves money to thebank in postage stamps and paper, not counting the time that it takes to sendthe documents via US Mail. Some bank offersa reduced interest rate if you opt to autopay your load with an automatic transaction from your checking account. This saves money because again the bill doesnot need to be produced and mail to the customer. Also, Paperless bankingallows your customers to track finances and manage accounts online at any time.
Online banking customers usually have agood firewall and software to combat pop-ups, spy ware, and viruses. Customers understand that to manage theirfinancial life on the computer; they needto be diligent about making sure protections are in place and updatedregularly. Because of this as the bank manager,I would offer free antivirus protection to customers that opt to do theirbanking online, allowing them to secure theirinformation and addition the credit union will benefit from it because it willprevent any fraud attacks protecting our assets. Security is something that can always beimproved. Different third party companies offer great products to financialinstitutions allowing them to secure their information and assets. References1 CORE CU – Home. Retrieved August29, 2017, from http://www.
corecu.org/2 Share One, Inc. (n.d.
). RetrievedAugust 29, 2017, from http://www.shareone.com/3 What is network convergence? -Definition from WhatIs.com. (n.
d.). Retrieved August 29, 2017, from http://searchconvergedinfrastructure.
techtarget.com/definition/network-convergence4https://www.thalesesecurity.com/resources/research-reports-and-white-papers/creating-trust-infrastructure-support-mobile-payments5 Kerio Technologies. (2017, July12). Retrieved August 29, 2017, fromhttp://www.kerio.
com/support/kerio-connect#thirdparty6 McCoy, K. (2015, April 09). Banksface new cyber security rules for vendors. Retrieved August 29, 2017, fromhttps://www.usatoday.com/story/money/2015/04/09/bank-cybersecurity-threats/25517905/