National Credit Union Compliance Audits: What You Need to Know

As a credit union, you want to provide your members with competitive financial products and first-rate service. Today, one of the most important services you can deliver is peace of mind around data privacy and security of personal and financial information. That means your core banking systems, the lifeblood of your services, need to be protected by technology and policies that prevent sensitive data from being leaked, stolen or compromised in any way.

No credit union is too small to fall prey to criminals pursuing access to financial information. According to the 2017 Verizon Data Breach Investigations Report (DBIR), 73 percent of breaches in the last year were financially motivated crimes. The DBIR also found that 61 percent of data breach victims are businesses with fewer than 1,000 employees and 81 percent of hacking-related breaches leveraged either stolen and/or weak passwords.

Now, more than any time before, it is crucial to have systems and practices that support strong authentication measures. Implementing secure password policies is part of that. But brushing up against this is the complex, expensive and often old, banking systems used at many credit unions that are highly vulnerable to cyber risk.

Mindful of this, financial institutions are taking note. A recent Duff & Phelps survey, cited by esecurityplanet, finds 86 percent of financial services firms plan to spend more time and resources on cybersecurity in the coming year — up from less than 60 percent in 2016.

Cyber Security is a Top Priority for Regulators

This emphasis on securing information means regulators, like the National Credit Union Administration (NCUA), are also paying attention. The same Duff and Phelps survey found 31 percent of respondents expect cybersecurity to be the top priority for regulators this year, up from 19 percent the year prior.

How can your organization prepare to meet NCUA audit requirements? An authentication plan that addresses the high stakes of data privacy but also maintains a positive end-user experience is a must. A short list of NCUA audit requirements around passwords include:

  • Requiring every employee to have a unique password to access each system in use
  • Password policies governing length and type of characters, frequency of password change,  password reuse and expiration dates
  • Locking systems after a set number of failed login attempts
  • Locking terminals

Meeting these requirements is not always easy. Strict password policies put the burden on users and typically lead to bad security habits as people struggle to remember passwords and drive up support costs.

How Credit Unions Can Comply

How can credit unions comply with NCUA audit requirements and also deliver a frictionless end user experience? The answer is to human proof authentication systems with technology that can be rapidly deployed, centrally managed and adapted for a variety of internal and external use cases while supporting ALL applications including web, cloud, mobile, VDI and VPN.

In heavily regulated sectors such as financial services, authentication solutions need to quickly provide auditors with detailed histories of compliant login actions. They also need to leverage existing IT infrastructures — which includes supporting legacy applications.

Crossmatch provides solutions that are the gold standard of composite authentication. DigitalPersona leverages a range of proven authentication methods, including biometrics, to eliminate the burden on users to generate passwords; giving users methods of access and authentication that are not only more convenient but also more secure.

Contact Crossmatch to learn how DigitalPersona helps financial organizations evolve beyond static passwords, securing pathways to sensitive applications and data while providing convenient access for a diverse group of users — from customers to auditors to employees.

Jeff Carpenter is Director of Identity and Access Management solutions at Crossmatch. In this role, he is responsible for evangelizing Crossmatch’s DigitalPersona® solution. In his 10+ years in cybersecurity, Jeff has held positions with a number of top tier cybersecurity and technology companies, most recently he was with RSA, a Dell Technologies company. Jeff earned a Bachelor of Science degree in Business Administration from Creighton University in Omaha, Nebraska. He holds both a Certified Information Systems Security Professional (CISSP) and a Certified Cloud Security Professional (CCSP) designation.

Facebook is Getting Rid of Passwords, When Will You?
Going Beyond 2FA With Citrix NetScaler
Are Passwords Your Biggest Obstacle to Passing an NCUA Audit?