Coast Capital Savings has recently made some appearances on YouTube! And it begs the question, which type of marketing is more effective: a full blown TV ad campaign or "leaking" some ads that they wanted to use but got vetoed?
I need a volunteer!!
I can’t make it to NACUSO this year but I want to be kept up-to-date. Anyone making the trip that’ll be twittering and/or blogging about the event?
Seeing as today is Earth Day (really every day should be earth day) I was trying to think of a good way for CU’s to participate.
How difficult would it be for a CU to install solar panels on the roofs of their branches? If the branch had a large enough array of panels, it would be entirely possible for the branch to actually create enough solar energy to run the branch and sell energy back to the power company. There’s a new CUSO idea…
Zopa issued an update today through their mailing list detailing their new plan for national expansion, details about their new CEO, and even some job postings. They said that they’ve made some “adjustments” for their business model in the US, but provided no details about exactly how the US system will work. Until they’re ready to go, I’ll keep using Prosper!
Phishing sucks. There’s very little we can do to prevent it and once it happens it can take days before the situation can be resolved.
Everyone’s heard the phrase, “the best defense is a good offense”. So could we go on the offensive against phishers? And by offensive, I mean launch a brute force denial of service attack against the offending site.
We could write a small web-based program and give it to any participating CU to load onto one (or all) of their web servers. When a CU in the coop gets phished, they log onto a secure server and initiate a new attack. The main site/program would kick off the clients installed on the other CU’s web servers and initiate an attack against the offending server, hopefully bringing the phishing site to its knees.
Yes, there are massive security concerns with this. What if a hacker gains access to our secure server and uses all of the participating CU’s to launch an attack against a valid web site? What if a phisher hacks into a genuine business site and phishes from there? We’d bring down both the phishing site as well as the valid business site. The list goes on… On the other hand, wouldn’t it be nice for the CU industry to have a tool for immediate use to stop phishers?
Update — I must give credit where credit is due, and one of my co-workers, Alex, and I spoke about this idea months ago. Great thinking Alex!
As I’ve posted about previously, I believe that CU’s have an opportunity to use Google Groups not only for public communication with members, but also as a means of communication with each other. It’s a great way for CU’s to share info. cu2cu.com also possess the possibility of facilitating those conversations, but it appears nobody but spammers are contributing to the conversation.
In his article, A Deceit-Augmented Man In The Middle Attack Against Bank of America’s SiteKey ® Service , he demostrates how a phisher can bypass elements of image-based MFA, such as SiteKey. They even have a video!
CU’s need to carefully review their MFA policies and the software they have in place to monitor their online security.
See our own post here about BofA and SiteKey security flaws.
I’d like to welcome Piedmont CU to the blogosphere! Looks like they started back in the beginning of March. Great to see a CU blogging!
A new, non-profit group promoting member savings…