'Bank Transfer': What About Security?

Risk Is Top Concern as Accounts Move to Community Institutions
'Bank Transfer': What About Security?
Between Occupy Wall Street and the so-called Bank Transfer movement, consumer outrage with big banks is fueling new account growth at community banks and credit unions.

But how well prepared are the smaller institutions to handle increased security risks and fraud-prevention demands that come with such quick growth?

Cary Whaley of the Independent Community Bankers Association says regular face-to-face interaction with customers and members often makes security at smaller institutions something of a given. But institutions should not underestimate the vulnerabilities these new account openings can expose.

"If you don't have thorough procedures, there is a greater chance you are going to get a riskier customer," Whaley says. "You've got to be sure you're covering all the bases."

He also suggests institutions review the policies and options they have in place for new-customer account monitoring. "What transactional limits do you set per customer, and what happens when those limits are breached? With more accounts, these are things to consider," Whaley says.

Impact of Bank Transfer

How effective is the Bank Transfer movement? Some news reports suggest at least 650,000 Americans have switched to credit unions since Sept. 29. According to the National Association of Federal Credit Unions, 54 percent of credit unions have reported increases in share growth.

See Also: Secure Access in a Hybrid IT World

San Francisco-based Patelco Credit Union, a larger institution with approximately $3.75 billion in assets, says its new members and checking-account openings are up 70 percent for the months of September and October. Ryan Misasi, vice president of sales for Patelco, says daily averages more than doubled during the first five business days of November.

Bank Transfer Day called for consumers to move their money by Nov. 5. But Fred Becker, president of the NAFCU, says he expects account migration to continue through the end of the year.

"You hit a peak or crescendo with anything, but I think you will continue to see movement," he says. "We're not done yet with the big banks and what they may do next. They still have to make that money up, and how they will do that remains to be seen."

A poll of ICBA members conducted the week of Oct. 17 found that 60 percent of those community banks surveyed had picked up new customers as a result of frustrations associated with larger banks.

Money transfers to credit unions were the catalyst for Bank Transfer Day, a movement spearheaded by 27-year-old Los Angeles gallery owner Kristen Christian, who posted a seemingly innocuous note on her personal Facebook page about opposition to Bank of America's $5 debit fee. Christian quickly attracted national attention [See Will BofA Debit Fee Help Fight Fraud?].

By October, a separate Facebook page had been dedicated to Bank Transfer Day. Though Bank Transfer supporters and Occupy Wall Street protestors say they are separate, they share common themes and support one another's efforts.

That united support now has banks' attention. Last week, BofA said it had changed plans and would not implement the $5 debit fee it announced in early fall. Other large financial institutions have made similar announcements [See No Debit Fees; What Next?].

The Security Question

From a security perspective, the same consumer protections provided by larger institutions must also be provided by smaller institutions. "The same security protocols would apply regardless," says Fred Becker, president of the NAFCU. "And we've heard nothing about difficulties on the parts of our credit unions being able to handle the growth."

In fact, one of the tenets of the Bank Transfer movement is the security advantages credit unions offer. "CUs have experienced far less issues than, say, Citibank, which had 360,000 accountholders' information hacked from their website earlier this year," says Bank Transfer founder Christian [See Citi Breach: 360K Card Accounts Affected].

Smaller geographical footprints, shared by community banks and credit unions, give smaller institutions security advantages, in some cases. "If the bank is small enough to where it has face-to-face contact with customers and employees are seeing the transactions and know you as a customer and know your behavior, that's a plus for security," ICBA's Whaley says. "One of the best cross-channel security sets out there is having the same set of eyes looking at transactions across numerous channels. So smaller banking institutions can bring some things to the table that larger institutions can't."

From a technology and security perspective, Becker says consumers will experience no changes. He also says credit unions are prepared to meet their growing member bases' technology and security demands.

"I don't think many institutions are going to be caught off-guard by the growth," he says. "They've been seeing this trend for a while. It was mostly a matter of making sure they had enough staffing; everything else, from online banking to services and other technology, they could handle."

Like Becker, Whaley says the same consumer security protections mandated for larger institutions are mandated for smaller institutions as well.

"There are built in consumer protections, like Reg E," he says. "And the FFIEC guidance ups the ante and pushes banks even more to consider more protections."

But Neal O'Farrell, founder of the Identity Theft Council, says consumers are worried about security, and they should be.

"Can a credit union really protect me?" O'Farrell asks. "Not just my money, but all my personal information, too? How good and quick are they at detecting a security breach and notifying me? How quickly can they resolve a security issue or fraud? And will my money be any safer there than at a large bank?"

O'Farrell acknowledges that credit unions and community banks often suffer from fewer cyberhacks and breaches. But as their transaction volume increases, so, too, will their vulnerabilities and security gaps, he surmises.

"Credit unions have long argued that history shows they suffer from fewer attacks than larger banks. Experts have argued that's only because of their small size," he says. "The hackers will follow the crowds, and I'm just not sure that smaller financial institutions are prepared for the risk exposure. Many are still struggling financially and have not been able to make the enormous and endless security investments the bigger banks have been making."


About the Author

Tracy Kitten

Tracy Kitten

Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 18 years' experience, Kitten has covered the financial sector for the last 11 years. Before joining Information Security Media Group in 2010, where she now serves as the Executive Editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network