Re-designing Your Website? Ways to Address Member Security Concerns

Concerns about credit union website security could impact usage of the online channel and decrease future adoption levels. Member feedback provides insight into their concerns.


Credit unions are faced with the dual challenges of informing their current online banking users of the security of online account transactions and convincing prospective online banking users that the online channel is safe. But there is a fine line between informing members and scaring them.

Members are constantly exposed to media reports of online identity theft and attacks, and many are modifying their online activities as a result. While there is no data to suggest that current online banking users have reduced their usage of the credit union website, there is clearly room for improvement in terms of reassuring members that their data and accounts are safe.

A recent survey conducted by Callahan’s Survey Consortium revealed that online members are not fully satisfied with their credit union’s explanation of website security. In fact, many members (ranging from 21 percent to 39 percent per credit union in the Consortium Group) reported that they are not aware of their credit union’s security measures. The online survey of more than 7,600 online credit union members also showed that, while 95 percent had taken some action to prevent online identity theft, confusion over appropriate precautions exists.

Is your Home Banking Log-in Secure?
Many credit unions moved their home banking log-in to the front of their website in an effort to reduce clicks for member access and ensure that online banking members could easily view specials and updates. Even though the log-in fields are secure when the member submits the data, member comments show that this is not understood (even when an explanation is linked.):

“The new layout allows for a quicker account logon; however it is disconcerting that the home page (with embedded account login page) address is simply http instead of https. Options that would ease my qualms include making the home page secure or changing the layout (perhaps an opening cover page that diverts traffic to secure and public areas).”

“The new sign-in page does not seem to be secure when entering account # and password, i.e. there is no "s" following http:. I am very uncomfortable with the new sign-in.”

In response to this member feedback, some credit unions are now making either their home page or their entire website secure. Tonya Sacrison, AVP, Internet and service selivery at Deere Employees Credit Union, explains, “We decided to take this additional step to reassure our members and reduce confusion. Members have long been told to look for HTTPS, so this is an extension of our commitment to serving our members. They feel more comfortable using online account access because they can tell it’s secure.”

Updated Phishing Information and Link to Report Attacks
Credit unions should have an area of their homepage (frequently updated) that is devoted to security issues such as reminders of virus outbreaks or phishing attempts. Phishing attacks are becoming more sophisticated and creative as criminals widen their activity to include credit unions and smaller financial institutions. Recent attacks are less obvious (better grammar and fewer misspellings) and use tactics such as requesting that members update their online banking access or renew their bill pay access or other online services.

Members should be given a link to use to forward any suspicious e-mails or potential attacks to the credit union. Not only does this capability enhance perceptions that the credit union is prepared for attacks, but it could also prove to be a valuable tool in shutting down phishing sites faster.

What additional steps could your credit union take?



Dec. 19, 2005


  • This article was unobjectively written. While it's important to alleviate members' security concerns -- rather than revising your whole web system so every page is secure (which increases load time and inevitably causes warning messages on many pages), why not educate your members instead? Your article sounds like it was intentionally biased with the goal of getting people to sign up for your worthless webinars. What a bunch of bullshit!