The Pros and Cons of Bring-Your-Own-Device to Credit Unions

What do Target, Snapchat and Kickstarter have in common? Compromised customer data. In the case of Target, hackers obtained critical financial data like debit and credit card numbers from customers. The Snapchat case revealed a security issue with user phone numbers, and Kickstarter was hacked for user data like phone numbers, email addresses and passwords. I develop management training for many credit union call centers, and from this experience, I know call center security is a touchstone for growing loyalty among members. I’ve been thinking a lot about the issue of call center security for credit unions, and wanted to discuss one policy at that’s been growing in popularity, Bring-Your-Own-Device (BYOD), and how the risks may outweigh the conveniences.


Research finds more financial professionals using personal devices at work

In November 2013, Credit Union Times reported the results of a financial industry survey measuring the number of professionals who used personal devices for work. The survey, developed by Workshare, found that an overwhelming 89% of employees in the financial industry followed a BYOD policy at their workplace.

Another research firm Gartner Inc. predicts that in this year we will see 90% of businesses allowing corporate apps on employees’ personal computers, tablets and smartphones. Another survey by Fortinet, a network security company, found that 51% employees stated that they would circumvent policies banning personal devices at work or policies banning using personal devices for work.

Clearly the tide is moving in the direction of BYOD policies, but because of the risks involved, credit unions should know both the pros and cons before admitting personal devices in member service contact centers.

First the good news, then the bad

With virtualization, member service representatives (MSRs) often work remotely or from home. The convenience of using personal devices, not to mention the lower overhead costs to the credit union branch, is a no-brainer. It makes perfect sense to use the devices MSRs already own to access member data to resolve issues.

But consider the kind of information being stored on agents’ personal devices:

  • Members’ Social Security numbers

  • Members’ personal information like email addresses, phone numbers

  • Mortgage and loan applications

There are a number of ways this kind of sensitive information can be compromised: devices can be lost or stolen; data can be decrypted or intercepted; and mobile devices are susceptible to viruses and malware. What began as a convenience for the MSR can blow up into an identity theft nightmare for the member.

A word on mobile device management

Control is the missing element in BYOD policies: once member data is on an employee’s personal device, the credit union loses control of that information. Some credit unions have chosen to strengthen boundaries on using personal devices. The Amoco Federal Credit Union in Texas City, TX implemented a mobile device management system. MDM systems are one possible solution available to credit union call centers as a way to section a device used for both personal and work access. MDM software is a move in the right direction since credit unions can wipe any sensitive member data on MSRs’ devices, but it isn’t yet a wholesale solution for mobile security.


Rigorous training in fraud detection

The modern credit union MSR does more than field member calls. MSRs help members apply for loans, add services to their accounts, open new accounts, make loan payments, change personal information, and transfer funds, to name a few. As a service call center manager, you want to make your agents’ life as easy as possible while providing the best security for members. Since many call centers operate 24/7/365, managers need to have systems in place and rigorous training that will help MSRs intercept nefarious activity.

I know how important it is for credit unions to sustain their already high levels of member satisfaction, and one way credit unions can continue to develop member loyalty is through great strategies in fraud prevention. MSRs should go through rigorous training programs that teach agents how to have genuine conversations that improve sales as well as give them practical techniques for discovering fraudulent activity. The threat of mobile security breaches is real, and the financial services industry is an obvious target for hackers. A robust fraud prevention strategy should include some of the technologies we talked about like MDM tools, but that doesn’t mean credit unions can neglect properly training MSRs.

My company has an MSR training program specifically designed for credit unions that we customize for regional or national branches. We teach your agents how to balance excellent service with smart fraud detection techniques.

What other strategies have you seen in mobile security that credit unions should be talking about? I’d love to continue this conversation.