I've had numerous discussions with my credit union about their inadequate response to computer security.
For instance, their customer service messaging is handled through a third party, so e-mails will reference a third party URL that seemingly has nothing to do with the credit union. I've tried to explain phishing attacks to the credit union to no avail.
At the same time, their customers are pressuring them to support transactions via the phone. What a disaster. The sad part is, as a credit union member, I suffer, because my savings interest rates will decline due the inevitable write-offs.
Already, we've seen responsible credit unions take a massive hit -- on September 24, 2010 the National Credit Union Administration (NCUA) placed 3 corporate credit unions in conservatorship. As a result, $30-35MM in bonds will be issued by NCUA to cover the bad credit unions. The member credit unions take the hit, and my credit union lost $2MM.
From an e-mail with my credit union:
NCUA also operates the federal deposit program for credit unions. This fund is called the National Credit Union Share Insurance Fund (NCUSIF). This fund is capitalized by deposits from individual credit unions and backed by the full faith and credit of the U.S. Government. Insured credit unions deposit 1% of their insured shares into the fund on an annual basis. The fund balance must operate between 1 – 1.3% of insured deposits. Anytime the fund does not stay above the target rates established by the NCUA we must make premium payments to recapitalize the fund. In 2010 our recapitalization rate was 12 basis points or $480,000. These expenses are part of the Credit Union’s operating expenses on any given year.
At the end of the day, I suspect we either need scanning on the phones, or a secure fob that produces one time passwords that get entered into a website. I think just about everything else is open to attack.
Yes, fobs are expensive. Suck it up, banks! How much more bailout money do you need?