Sensitive Compartmented Information (and your money)

For those with military experience out there, you may be familiar with SCI. Actually, you probably can neither confirm nor deny your SCI or non-SCI status. Regardless, for those not in the know, SCI is the step above top secret. You’ve heard the old saying, “It is on a need to know basis, and you don’t need to know!” Unfortunately, most online transactions performed today do not follow rules anywhere close to that, even though they don’t really need to know.

Everyone in the industry is familiar with the Heartland breach, the TJ Maxx theft, and probably half-a-dozen others. Too bad retailers, both brick and mortar and online, don’t believe in SCI. Of all the players in the industry, Microsoft has recently stepped up with a program they’ve dubbed “U-Prove“. U-Prove works with a model similar to SCI, in that it only gives the information necessary to complete a transaction and nothing else. A recent Ars Technica article has offered some editorial insights:

On the other hand, there’s no reason why a storefront like, say, iTunes, needs to know your identity; it only needs to know that the money being handed over is yours to hand over.

To use a credit card on iTunes, I have to hand over so much information that Apple, if it was a bad actor, could masquerade as me. I can’t just give Apple some electronic money; instead, I have to give them my name, address, and credit card number. In practice, the real problem with me handing over so much info to iTunes isn’t that Apple might pretend to be me—with billions in the bank the company doesn’t really need to charge things to my credit card, after all—but that hackers (both external and internal) might take this stored data and use it for their own nefarious purposes.

U-Prove aims to stop organizations from being forced to collect excessive information from their customers when, in reality, it is not needed. To the contributor’s first quote, Apple doesn’t really need to know all of my info, just that the money I’m sending them is good. Microsoft has open-sourced the U-Prove framework, enabling other applications to use the protocols. U-Prove, using a combination of many cryptographic solutions, creates a one-time unique and secure key with the necessary information contained within it, which is then decoded and used by the organization requesting the transaction.

As is the case with any new technology, adoption is always going to be the hardest part. Some retailers, such as the Amazon example used the in Ars Technica article, will not welcome the U-Prove framework as it removes many key data mining aspects of their business. Amazon doesn’t really need to know your age, unless of course you are subscribing to Playboy or buying a CD with explicit lyrics, but they use that information extensively in their advertising. In much the same way, Apple has no need for your address when purchasing a song, but they can use that information to determine the best location to place their next store, geographic and contextual marketing, and potentially track down problems in their supply and distribution chain.

The U-Prove framework has the potential to be a game changer for the way business and individuals transfer information between one another, but the implementation and adoption hurdle will be a large hill to overcome. Microsoft has begun implementing U-Prove within some of their own products such as Active Directory and some of their web technologies. Even with this show of good faith, convincing other organizations to limit the amount of data they can collect from their customers, all in the sake of privacy and security, will be a challenge.

Is U-Prove the correct way to diminish some of the risk associated with breaches like Heartland and TJ Maxx by limiting the amount of data exposed on a need-to-know basis only or are the implementation challenges to great to overcome?

My GAC 2010 Acceptance Speech

First off, I’d like to thank God, for without Him, nothing is possible. I’d like to thank my family, my wife, and my new son Mason, for being supportive of all of the long hours I had to put in over the week. I’d like to extend a very large thank you to CUNA for putting the GAC on in the first place. It is an incredible, must attend event for all credit union professionals. Also, without CUNA, Crash the GAC would never have been able to attend the entire conference and become involved with the great sessions and events. Thanks to their generous sponsorship, the GAC was tweeted about nearly 1000 times which translates to a ton of free press for CUNA and the ability to extend their conference to people around the US and the world who were not able to attend.

I’d like to extend a huge thanks to Palmetto Cooperative Services and Mark Curran for putting up the crashers in our two star lodging for the week and picking up the tab for dinner and drinks on a few occasions. Another big thanks goes out to CU Swag (and PTP New Media) and James Robert Lay for the killer Crash the GAC t-shirts. I’d also like to thank all of the crashers and their sponsoring credit unions for come up to DC and livin’ it up at the GAC.

And finally, I’d like to thank the master behind the curtain, Brent Dixon and his design shop, The Haberdashery, for his amazing work at putting this together. Also, Filene, who supported Brent in his quest to bring under 30 professionals to the GAC. Without Brent, none of this would have been possible!

I’d also like to thank my personal trainer, my dog… (cue music)

Speaking on CUSO’s…

I’m getting ready to head out to sunny Orlando for the Educator’s Credit Union Council annual conference. I’m doing a session with Ray Cromer from United Solutions Company, a CUSO out of Tallahassee. Here’s sneak peak at the presentation I’m making on Tuesday during my session. Any thoughts or comments are always welcome!

UPDATE: If you’d like the entire presentation, including the notes which will fill in a few of the blanks, you can download it here.

Who’s more cooperative, credit unions or churches?

The Save to Win campaign put on in Michigan is a great example of what credit unions can accomplish together, but it is a rarity. For whatever reason, you very seldom see credit unions collaborate on a product or service offering to enrich the lives of their members.

Frequently, churches will partner to accomplish an event that neither of them would have been able to do on their own. Many are familiar with Dave Ramsey, who has a special curriculum just for churches to use. Commonly, Financial Peace University is sponsored by a number of churches and held at one location. Only the largest churches can afford the cost on their own. Sounds similar to credit unions, doesn’t it?

Peacemakers is yet another example of a “program” that churches frequently come together and offer to their congregation. Some churches offer it directly to their members as a class, some churches band together to offer it to a larger group, and some simply encourage their members to attend a national conference.

Aside from fundamentally different structures and goals, both credit unions and churches have a membership base. As much as churches don’t want to look at it this way, they are a business with building, payroll, and janitorial service expenses, albeit their “income” is generated by tithing. However, a church could lose a member to another competitor exactly like a credit union member can take their business elsewhere. Members attend their church because of the product, services, and employees of the church, exactly as members stay with, or leave, their credit unions.

Ondine Irving has had tremendous success bringing national attention to the credit union industry with the Credit Card Connection. So much so, that it has even attracted the famed personal finance guru, Suze Orman, to talk about it and credit unions on a national level. Similar to the programs I have seen local churches put on, why can’t a handful of credit unions pay Suze Orman to do a financial town hall of sorts in their town and have all of the credit unions advertise it to their members. And non-members for that matter. The participating credit unions would be enriching the lives of their members, getting exposed to members of the community that have a vested interest in the financial well being, and getting word of mouth marketing from the participants and local news outlets or papers.

It all seems so simple, but for some reason, credit unions are reluctant to do an event like this. Are credit unions really afraid of their competition that much that they don’t want to expose their members to their competitors in case they might leave? Does it not “fit their brand”, whatever they think that is? And the better question, how can the industry be encouraged to actually come together and collaborate on an event such as this?

Action Items: Free (or near free) Ideas for Credit Unions

Two weeks ago, I got on my little soapbox and wrote about how credit unions and the blogosphere are stuck on inactivity. In the spirit of helping to resolve that issue, I’ve decided to launch a new section of the site called “Action Items”.  As you may have guessed, it will include things that almost any credit union can do as most ideas will be free, or darn close to free.  If the idea is highly technical, I’ll try and include as many details and instructions as possible.  If the idea needs a CPA, then the same promise will apply. I’ll do my best to provide as many details and instructions as I can.

Most everyone as heard of SMART goals before.  In my experience, no product launch, job, home improvement project, or run will succeed with them.  So here is my SMART for Action Items:

Specific: CU Innovators will provide actionable items for credit unions of all sizes to digest and implement within their organization.

Measurable: Each idea must have metric on which to be measured against, ie reduction of budget, increased website traffic, or added efficiency.

Actionable: Credit unions of all shapes, asset sizes, and hair colors should be able to accomplish each idea.

Realistic: All ideas, concepts, or products must be grounded in reality.  For example, not all credit unions could send someone to a BarCampBank, mainly from a budget standpoint and depending on the location of the BarCampBank.

Time-bound: We’ll strive to produce an idea every two weeks, or roughly 25 ideas for 2010.  Credit unions must also be able implement said idea with less than one day of actual work. Committees, debating, and political maneuvering don’t count.

I know every so often I get hit by a blinding flash of the obvious and say something along the lines of, “I wish every credit union was doing this” or “Wow, it can’t be that simple, can it?” If that ever happens to you and you see an idea in action that you think ever credit should do, let us know.  Email us at freeideas@cuinnovators.com, we’ll do some due diligence, and then see how we can get more credit unions to do it!

You can find the new section of action items for credit unions under the Blog link on our main navigation.

FHRNQMBY5VS5

Beer Summit Part 3

Back in December, Keith Leggett posted an article on his blog, Credit Union Watch, about non-member business lending. To summarize the post:

The reporter was shocked that credit unions were funding business loans to nonmembers, as this seems to contradict the raison d’etre for credit unions as membership organizations.

He then stated a few statistics from the call report picking the top 10 CU’s with non-member business loans, otherwise known as participations. In my response, I stated:

By selecting large CU’s, their participation numbers will obviously be large, but it effectively gets your alarmist point across. I’d bet you a beer that their %’s are inline with the industry.

Keith then did some more follow up work about my comment, posted at Beer Summit Part 2. As is common with statistics, they can be sliced and diced so many ways that nearly every point can be made with the same data, as Mark Twain also believes. That being said, Keith is correct. The top ten credit unions in terms of total business participations do have a higher concentration of participations against assets. However, the numbers simply come down to how you want to look at them.

Simplistically, this is simply a sign of a more advanced business lending credit union. These top ten credit unions use participation loans differently then the rest of the industry according to their investment needs. In an effort to compare credit unions based on the similarity of their philosophy on business lending and investments, I took the list of 700 or so credit unions with business participations and further split it out based on those credit unions who have the majority of the business lending in participations. This cut the list in half, to 366 CU’s, and I believe this is a more accurate representation of credit unions using advanced business lending techniques. Advanced, however, does not necessarily mean that the credit union is taking undue risk. On the contrary, CU’s who participate more than they actually lend to their own membership recognize that they don’t have the internal expertise and controls in place to appropriately lend funds to their own members, even when lending internally may give them a higher rate of return.

These are the top ten credit unions of those who do more participations than their own business lending. Of the 366 credit unions I mentioned earlier, 84% of their business lending portfolio comes from participations. Of these top ten below, only four (Patelco, Western, Langley, and Keypoint) are higher than the industry average.

PATELCO
PREMIER AMERICA
WESTERN
SCHOOLSFIRST
LANGLEY
KEYPOINT
TRAVIS
SAFE
BETHPAGE
CITIZENSFIRST

By simply looking at two factors, one can never come to an appropriate assertation on a given situation. Just because a credit union has a lower average age than the rests of the industry doesn’t mean that they are the best at social media or have the coolest technology.  Nor does having more CUSO’s than the average credit union make you riskier just like having few branches doesn’t make you less popular in your market.

Getting back to the point at hand, I believe credit unions should be able to utilize business lending participations with other credit unions as an alternative form of investment.  The creditor is still a credit union member thus overcoming any objections in my book. Additionally, these participations are included in all Risk Based Net Worth calculations so these activities are not putting an undue or hidden stress on the financial strength of the credit union. I would agree with you however, that lending to a real non-member would be beyond the scope of of the Federal Credit Union Act and ancillary regulatory measures and guidance. I understand the stance the ABA and the banks they represent take on this situation as it is coming straight at a major portion of their income. I’m not sure if you lean towards Keynsism or Marxian economics, but I believe the more competition in a given industry, the better the options for the consumers.

So Keith, I owe you a beer. I’ll be in DC for CUNA’s GAC conference the week of February 21st.  If you’re in DC, I’d love to meet you for dinner or drinks one night that week and I’m sure some other folks would love a lively debate.

Who knew monkeys could be cool

As I mentioned in my last post, all of my email subscribers (thanks Mom) will be treated to a new, and way better, email version of this site.  Previously, we were using Feedburner to deliver email, but we moved to MailChimp last week for this blog as well as any jobs we do for our clients.  I’ve used ConstantContact and PoliteMail in the past, but I love everything that MailChimp can do.

I’ve moved the list from Feedburner over to MailChimp and also added the option to get emails as we post them or to get a weekly digest edition.  If you’d like to get an special edition of this blog emailed to you as it is updated, please subscribe here. And if you’d like to update your preferences on receiving email from us, simply click the link of the bottom of the email. And if you have any problems pop up or any questions, don’t hesitate to let me know!

I also have an extra copy of The 10 Faces of Innovation from Ideo laying around my office and at the end of the week, I’ll pick a random email subscriber to mail it to. So make sure you sign up!

Change of venue

Back in September, Nexcentri, the CUSO I worked for out of Tampa, and I parted ways. Over the last few months, I’ve had the opportunity to take some time off with our new baby, Mason, as well as experiment a bit with the direction that I wanted to take my career. I’m torn between the camaraderie and sense of family when working at a credit union or CUSO and the flexibility and opportunity for success, or failure, that working for yourself can bring. Ultimately, I’ve satisfied the entrepreneurial cravings within and decided to give the credit union industry something it really needs: another consultant.

I know, I know, we need another consultant telling credit unions what they need to do like credit unions need another impairment.  However, I’m focused on two very specific niches that are often overlooked.

The first niche is centered around idea development within credit unions and CUSO’s. I’ve spoken with many credit unions over the years and they basically fall into two categories, one that needs some help with generating innovative ideas and another that has many innovative ideas, but can’t give them the attention they deserve.  Basically, I’m helping grow (or plant) ideas from their infancy and assisting them into adulthood. Currently, I’m helping a CUSO on the east coast take an idea they’ve been brewing up for the better part of a year and develop it into a full fledged product that they will offer their customers. Everything from financial analysis and models to market research to delivery to the customer.

The second overlooked niche is in regards to conferences. We all love BarCampBank’s and believe that they would be greatly beneficial for the credit union industry to experience, but there has been no solid effort put forth to introduce the broad industry to them. I aim to fix that problem with The CUIR. The Credit Union Innovators Roundtable, The CUIR, will bring BarCampBank/unconferences to the credit union industry and introduce it on a larger scale. Directed towards leagues, associations, boards, and trade groups, The CUIR is a conference service that meeting organizers can use to bring a new flavor to their event. Imagine if your the annual meeting of your credit union was actually a BarCamp! Hopefully, by introducing the unconference to the credit union industry, we’ll be able encourage more innovation and collaboration, as well as the real key to success, execution.

One of the things that I’ve been harping on lately is the lack of executable concepts that float around the credit union industry. If we truly want credit unions to be successful, we have to give them actionable items that can impact their membership. Those may be ideas for new checking accounts, some new NSF thing, or a new technology product. Whatever the case may be, CU Innovators is here to help credit unions execute.

CU Innovators is currently looking for two more clients, credit unions or CUSO’s, to assist in making their ideas come to fruition.  If you’ve got a nagging idea or project on your plate, get in touch with us on our contact page, hit me up on Twitter,  or you can always try telepathy, but no promises.

United Van Lines wouldn’t move my website cross-country for me, so we’re in the process of moving everything from the Life and Times of a Credit Union Employee over to CU Innovators.  The RSS feed will automatically update, so don’t worry about having to re-subscribe. However, if you are a little anal like me, the new feed is here.  Also, if you are an email subscriber, you’ll be seeing a few changes as well (for the better), so if anything funky happens, let me know!