Are Your Online Systems and Applications Cyber Smart?

on "September 03, 2020 11:20 am"

Online and mobile banking tools have given your members the ability to access and manage their accounts, deposit checks, transfer money through bill pay or person-to-person, and apply for loans and credit cards.

2014 BTG logoYou may provide online security best practices and tips to your members within newsletters, on your website or social media pages, or at the time of online banking enrollment.  However, the only way to control member security is to make sure that your credit union’s online banking systems and applications are cyber smart.

Studies suggest that more than half of consumers use the same username and password for all online accounts including email, social media pages, and online banking which allows hackers an easy way to breach online systems with just one password.  There is one thing that credit unions can do to help prevent this risk and ensure its online and mobile banking tools are cyber smart – implement multifactor authentication (MFA) controls. Multifactor authentication is a security enhancement to login credentials ensuring that there are at least two pieces of information to verify before access is granted to a system. 

This can be a combination of the following types:

(1) Something You Know like a password or PIN, (2) Something You Have like an authorized device or digital certificate, or (3) Something You Are including biometrics like your fingerprint.  Enabling and requiring multifactor authentication for all critical online and mobile banking applications is your best way to verify that the person accessing the account is actually your member. 

Released in 2005, the NCUA’s “Guidance on Authentication in Internet Banking Environment” not only requires the implementation of multifactor authentication controls but also requires that credit unions perform a risk assessment to ensure that member-facing online systems and applications meet best practices to identify and control the risks.  As technology and associated risks are continuously evolving, we recommend credit unions perform Multifactor Authentication (MFA) Risk Assessments at least annually. 

For over fifteen years, credit unions have engaged BTG to perform MFA Risk Assessments to ensure online banking systems and ultimately, its members are protected.  Our scope includes a review of the member-facing online systems to identify the controls in place protecting high-risk activity and transactions, to identify credit union processes for monitoring systems, and to assess the sufficiency of multifactor authentication controls implemented. To ensure your online systems and applications are cyber smart and for more information on our MFA Risk Assessment service, please contact Elisabeth Esposito, Consulting Engagement Manager, at This email address is being protected from spambots. You need JavaScript enabled to view it. or 203.745.3176.