Gimme a “D”! A Deep Defense is the Strongest Defense against Identity Fraud

Security is a multi-layered, ongoing process, not a product. Read more to learn the four key elements of a long term security strategy.




Every day, there seems to be at least one media story related to identity fraud.

Undoubtedly, fraud losses are significant: in 2005, more than 9.3 million, or 4.25% of the U.S. population, were victims of some form of identity theft or fraud, with a total cost to the U.S. economy at nearly $55 billion per year, 10% of which fell on the shoulders of the consumer 1.

And much of the blame is indirectly placed on online banking despite the facts: More than 90% of identity fraud is generated from means other than online transactions, including lost or stolen wallets, checkbooks, credit cards and confidential information 2. Only 3% of identity theft is achieved through emails sent by criminals posing as legitimate businesses 3.

Furthermore, recent studies have shown that the toll of identity fraud is generally an emotional one: consumers fear the loss of time and peace of mind. On average, it takes an average of 40-80 hours to clear one’s name. There is a perceived lack of guidance and support on the issue of identity fraud as a whole. And on top of it all, the risk of repeat theft leads consumers down a bumpy road of thinking that “it’s never over.”

Walk the Walk, Talk the Talk

With security and privacy as the highest barrier to online banking, over-simplified marketing messages don’t match real world concern. Now more than ever, credit unions and their service partners must communicate more effectively and be able to separate myth from reality and craft a holistic, systematic approach to security, one that we call Deep Defense.

With complexity at the core of online banking, numerous partners and service providers interface to bring a seamless, user-friendly experience to your members. Because of the intricacy of these interfaces, there is no single security “solution.” Worse, over-hyped security solutions address only a small part of bigger security needs, and over-promoted professional services can be shortsighted and misleading. Everyone’s trying to make a buck by preying on the fear factor. It’s a buyer beware atmosphere – be careful. Security is a multi-layered, ongoing process, not a product.

There are four elements to security: systems, partnerships, operations and architecture, each of which contains multiple layers. A “Deep Defense” environment prevents, detects, corrects and reports both potential and actual fraud within each of these elements, strengthening infrastructure and forming a foundation for a long term security strategy. Behind each of the Deep Defense elements, federal regulatory compliant technology should operate at maximum force. And with each of the multi-layered technology levels comes a host of consumer benefits, forming a collective security solution.

Security for Dummies: PREVENT

You don’t need to report on the fraud du jour to your customers: you need to educate them on not giving away personal information and other universal best practices that will help prevent phishing, losses from false emails to help Katrina victims and other crafty cyber tricks.

Member Education

Encryption. Secure sockets layers. Pharming. The foreign language of the security world can be intimidating. Somewhere on your Web site you need to address security in clear, plain English. Bulleted “how to” articles like “How to practice safe computing” are vital. Also include profiles and updates about existing features that safeguard your members. Sure these products and their benefits may already be splashed across your home page, in your e-newsletters and the subject of myriad pamphlets available in your branch, but remember the old slogan: “tell ‘em, tell ‘em again, and tell ‘em what you’ve told ‘em.” Many internet banking services companies like Digital Insight make extensive, clear, web-based educational materials with a focus on security available to clients. Take advantage of them!

Provide Email Balance Alerts

“Let me know when my checking account is greater than $250.” Members can control account activity by setting up alerts like this to flag them if accounts go above or beyond specific dollar amounts.

Enable Check Clear Alerts

Members can sign up to get email messages when a specified check number clears the account against which it is written. They can even include check numbers that have not been written to guard against future fraudulent activities.

Other online banking features that foster best practice security include secure online banking chat, online statements, check imaging and many more. Make sure your members know these fraud prevention tools are available to them.

Coming Soon: Multi-Factor Authentication…

We’ll continue our review of the four tiers of Deep Defense – prevention, detection, correction and reporting—by discussing multi-factor authentication, a term that gained recognition due to the October 12, 2005 FFIEC Guidance on Authentication in Internet Banking Environment. In it, the FFIEC strongly recommended a “layered” approach to online security, citing that passwords alone would no longer be acceptable as the sole means of achieving online security. Compliance with the FFIEC Guidance is mandated by the end of 2006, so stay tuned for more on how the Deep Defense approach can help your credit union -- and the members you’ve promised to protect.

About Scott Mackelprang

Scott Mackelprang, vice president of security and compliance, has overseen Digital Insight’s security and compliance efforts since joining the company in May of 1999. He oversees Digital Insight’s physical security, computer security and security compliance. Prior to joining Digital Insight, he was Rockwell International’s chief information security officer, where he oversaw their global information security efforts. During his career, Mackelprang has managed enterprise software architecture, software development, network operations and data center operations. Mackelprang graduated summa cum laude with B.S. and M.S. degrees in computer-aided design and computer-aided manufacturing from Brigham Young University’s College of Engineering.

About Digital Insight

Digital Insight ® Corporation is the leading online banking provider for financial institutions. Through its comprehensive portfolio of Internet-based financial products and services built upon the company’s unique architecture, Digital Insight enables banks and credit unions to become the trusted transaction hub for their retail and commercial customers. Digital Insight offers consumer and business Internet banking, online lending, electronic bill payment and presentment, check imaging, account-to-account transfers, Web site development and hosting and marketing programs designed to help increase online banking end user growth and more. Each Digital Insight product and service reinforces the strength of its financial institution clients.

1 2006 Identity Fraud Survey Report, Javelin Strategy & Research, January, 2006, p. 1.

2 2006 Identity Fraud Survey Report, Javelin Strategy & Research, January, 2006, p. 27.

3 2006 Identity Fraud Survey Report, Javelin Strategy & Research, January, 2006, p. 27.




March 20, 2006


  • Most helpful and useful.
  • I'm not getting clear answers about when strong authentication will be available and impelemented for my credit union. It seems like it's being hyped but that there isn't a feasible solution for getting it implemented by year end. When are we going to understand when the solution can be implemented for us? What is it going to cost? What kind of impact is it going to have to our call centers?