PDF download

View full screen

View transcript

Online security for better business banking

And at this time, I'd like to formally welcome everyone to our October webinar, focusing on the topic of online security for better business banking, hosted by your U.S. Bank Global Treasury Management partners. My name is Brianna Dunn, and I'm from U.S. Bank's Global Treasury Management Learning and Development team, and I'll be moderating today's webinar.

Leading today's conversation, I'd like to welcome Working Capital Consultant, Nina Hanselmann, Digital Channels Product Manager, Nidhi Gupta, and SinglePoint Training Content Developer, Chris Halloran. These three individuals bring a wealth of knowledge, experience, and client advocacy into today's discussion. And we're extremely excited to have them here all together. So welcome, and thank you for joining. And with that, I will hand it over to you, Nina.

Great. So let's just get started. Let's get a little perspective around risk, fraud, and security. I think I've probably done seven or eight of these broad sessions with you on different topics. Let's start off with a simple polling question, just to get a feel for why each of you may have dialed in today.

So you can see by the polling question-- I think it's up. Yes, OK. So the question is, have you or your company experienced attempted or actual fraud in the past year? So that's a yes or no. Actually, a prime target for fraudsters right now is around the security for online banking. And I wouldn't say that right now. I'd say that's been like that for about the past 10 or 15 years, if you all can remember back to topics like key logging.

So today, what we really want to talk specifically about are the things that we are doing on U.S Bank's online business banking portal, SinglePoint to help you reduce the opportunities for fraud through your online banking activities with us. So we are progressing through our modernization of SinglePoint, some of you may know, and the platform is primarily using input from our clients, so some of whom are piloting the new platform right now.

So the key objective of this modernization really is to make it easier for you to use and for you to customize your view based upon your needs. And we also want to provide you with tools to proactively manage your security settings. So that's what we're going to focus in on today

OK, so I can see from your responses that some of you have had attempted or experienced fraud. So obviously, you're not alone. Let's take a look at this surveys.

You know every year at the National AFP Conference, they actually do a poll. And what they're looking for is practitioners, such as you, your feedback on different topics within fraud. So in the bigger picture, 88%-- see that number over there on the right-- of other practitioners like you reported that their organization had been a victim of or actual or attempted cyber attacks in the prior 18 months. 88%, that's huge, 8 out of 10.

OK, so the vast majority, though, 82%, at last year's World Economic Forum said that they expected cyber attacks involving trying to get your financial and your data theft to increase. And 80% predict disruption, big disruption, to their business operations if that happens. So when you think about it, we also pay attention on a regular basis to the Verizon data breach report, which usually comes out in late spring. But they did a supplement for COVID-19, and it tells us that the fraudsters' methods that we're familiar with are remaining the same.

But now, the playing field is much larger. So why is that? It's because of the pandemic and related remote workforce. So it is top of mind. See on the left hand side here. It is top of mind. Look at that. 38%, it's the highest priority for them to be looking and to mitigate fraud in their online banking. So, gosh, when you think about that, how great it would be if we had something like the weather app on your phone, right?

That weather app is very helpful. It helps us to see, like on the radar, what's coming and the temperatures and what best practices we can employ. So think about that. When you see the tornadoes are coming, you know to batten down the hatches and get down to the basement. Heavy snow, you better make sure you get shovels and your salt and your snow tires are on. So if you think that 2020 has had more than its share of disruptive happenings, like hurricanes, wildfires, but the biggest disruptor, of course, has been the pandemic.

So Chris is a trainer in our online banking. So many of you may have even spoken with him or met him. And Chris when you look at the impacts of the pandemic, what do you see as the forecast for fraud when it comes to online banking?

Yeah, absolutely. Thanks, Nina. And I don't think it comes as a surprise to anyone that absolutely fraudsters are capitalizing on all of this turbulence from the pandemic, right? I'm going to use the terms disruption and distraction a lot here, because those are the widespread elements that are really fueling this perfect storm for fraudsters to be operating in.

Magic tricks, right, magic tricks depend on sleight of hand for success. And in a similar manner-- whether it's pandemic times or otherwise, in a similar manner, fraudsters leverage these elements of disruption and distraction as kind of sleight of mind in order to cheat you from your money. And to say the least, the pandemic has brought these elements of disruption and distraction in abundance, right?

So as we navigate our way through these stormy times, strong online banking, security's gotta remain a top priority for us, right? And these days, that's admittedly a challenge, because all of our priorities and our attention are getting pulled in a million different directions, right? So it's understandably easy to lapse into a false sense of security about our security when, perhaps, just because, well, nothing really bad has happened so far.

But if your security settings and your procedures aren't also being reviewed and evolved as necessary as we go through this, then we're putting our assets at risk, right? And I promise you fraudsters are paying attention. You and your team has been disrupted in all of this, right? And it's going to continue to be. For many of us, our usual office centric patterns of how we collaborate together, those are not very easily translated over into a primarily remote work environment.

I, myself, I'm very fortunate to have been able to create a nice little dedicated work-from-home setup here down in my basement. I realize it's not a luxury all of us have been able to do. But I confess, after 7 plus months of spending eight hours a day down here, I'm starting to climb the walls a little bit. And I doubt that I'm the only one. So that's an example of one of these unforeseen distractions, right?

Some of our peers have left the workforce or had to change jobs in order to accommodate family needs related to the pandemic. And those-- that kind of turmoil, that's ongoing. The start of the school season was a great example of that. And ahead, we've got the holidays, potential travel, the start of the second semester of school, if you will. All of those things are looming unknowns out there still. And for those of us that remain, who are still here, right, we're dealing with many, if not all of those same competing priorities in both our personal and professional lives.

Those two worlds, our professional life and our personal life, those have collided in a way during this pandemic that none of us could have ever expected, and it's tough. So it's not just that one big COVID storm that hit earlier this year, right, in the spring, just like the arc of the hurricane season that we see here, we're not out of the woods yet, with respect to these pandemic impacts. And the one thing I do know for certain that lays ahead for all of us is more disruption.

So to foot stomp it once again, our online banking securities got to remain an ongoing priority for us, in order to protect our company assets through it all.

Well, you know I'm having a lot of conversations with all of you out in the field. I know that you do not have a false sense of security. And I know that you are very aware. And we know that we need that it's a challenge and that we need the help. So it's really become a priority for us on Nidhi's team, where they're trying to do this modernization. And they're using an agile development approach. And why that's so important is at each step, it integrates client collaboration throughout the process. So this why we don't create something that you look at later and go what were you thinking.

So the team has really focused on some digital tools for our clients to simplify and really to secure your daily interactions with us via online banking. So before we show you what it really looks like, Nidhi, since you're heading up the team, could you just share a couple of things about what clients are telling us and about the online security within the SinglePoint platform?

Absolutely, Nina. One of things that we hear repeatedly from our clients is around that tenet of simplicity, as you just mentioned. You know, just making it easy for me to get to what I need to do to get through my day, especially now, as everybody has competing priorities, multiple things going on at the same time, as Chris just mentioned. And I'll give you a perfect example in which we've tried to stick to that tenet of simplicity and provide you all with the best in class client experience possible.

Now, there's a report currently that our relationship managers surface and share with you all on a periodic basis to audit your user settings. But what we hear time and time again from our clients is that it's not easy to manage our user settings. We know this. And there's multiple steps and challenges involved in the process of making any kind of change, especially right now, again, with all the employee turnover with the competing priorities that Chris mentioned.

A few challenges specifically around user settings that I can highlight here, first of all, it's very difficult for our users to even access their users settings. They're not always available readily online. And when they are provided, it's really hard to interpret all the details that go into that report.

Secondly, the information that's provided, it doesn't really give a holistic picture of everything that's involved within that user's particular settings. It's kind of piecemeal information. Some of it's pertinent and applicable. Some of it, not so much, depending on what their users are provisioned for.

And third, and arguably the most important, is when you finally do get this information, what do you do with it? What's the best route for this information to be actioned upon? How do you know what to do? How you know what the right settings for you are? So we took a look, really under the hood, of this report that we surface currently through our RMs, and reimagined it from the ground up from our users' perspective in a way that helps simplify their day-to-day.

So when I think about this, that's a lot of heavy lifting, and it always has been for the system administrator on online banking system. It doesn't matter what bank I've been with, it's always been a difference of very, very few things. It's just always been very hard. And so we know, and you told us, you need a better tool.

So I'm thinking about, like the way we use the weather app, remember life before the weather app? We had no idea what was going on. So we really needed to design a new tool for you. So think of the radar section of the weather app, and you can plan ahead and you know the best route. Color coding provides you the ability to understand if you're going to be at risk. And some apps will even tell you if you should take an umbrella or take shelter.

So you need the same type of visibility and assistance with SinglePoint. So you need to enhance-- we need to enhance the experience, so that you can manage and position and make intelligent payment choices. You need to simplify that administrative side of online banking and payments with tools for a remote workforce. So and that's going to allow collaboration electronically within your team. So Nidhi, would you show us the tool? We've talked about is enough. And tell us some more about how that's really going to help.

For sure. So if we take a look at this report, think of it similar to your credit score on something like Credit Karma. It's a point in time evaluation of your current security settings positioning. And we're providing you with suggestions and opportunities on how you can improve and maintain your security settings. Just a simple snapshot, kind of in one place, cuts through all that fog. [INAUDIBLE] and makes it really easy for us to locate and see the big picture of what your security settings around your users actually entails.

So I'll even go a little bit further. And if we take a look at the next slide, an example here that we've identified with some payment related functionality is how we're meeting kind of the best practices around each of these particular settings. It's an awareness tool. So, you know, setting the muscle memory towards those best practices and what our users-- what you all should be doing with your particular settings.

There's some settings that are very specific to particular users, and we want to make sure to highlight, kind of make it very tailored and specific in terms of those particular settings. Also want to show them where you can make some changes to your security risks, sort of empowering you to make those changes on your own based off of the recommendations that we're providing you on how to mitigate your risks through your settings.

This is a report that you all will be able to pull in the modernized SinglePoint platform, if you're a system administrator. And you no longer have to wait now for someone else to provide this information to you around your settings. This is information that you can surface yourself. And you have the convenience announcer, self-service, and DIY in the environment that we're all living in.

We really want to make it easier for folks to interpret and understand what these settings are. But also then what the recommendations and best practices around these settings are, what next steps do they need to take to adjust those settings? And you know that Chris will talk in a minute about how we can quickly make those changes to help you adapt to those particular user settings.

And don't forget about that bank lingo that we love to use in our system. So Chris, how can we overcome that one is my favorite question.

Yeah. Yeah, that's a good question. And before we flip slides, real quick, Nidhi, it's not all bad news in this report too, right? You're going to get some affirmations that things are going well when you're doing things right too as well.


Correct? OK.

Absolutely, yeah.

Cool, all right.

We want to help set that muscle memory again, you know? It gives a visual kudos or virtual kudos that you actually have kind of met the requirements or the recommendations that we're providing you as well.

Perfect, all right. Yeah, so the lingo, right, every-- our industries that we're a part of, the company or organization we're a part of, every community, we're a part of professionally and personally, right? Sports teams, hobbies, et cetera, all of it has its own unique lingo and language. U.S. Bank and the SinglePoint platform, it's no different. And like any language, if we don't routinely speak it, we're going to lose the fluency.

When we're talking about online security and payment security, details matter. So we want to be precise, right, in our understanding of those corresponding terms. So at the end of this report, every time you access it, it's going to be kind of the last section here. Have it all the time. We have this Glossary and Best Practices section. And this section provides definitions of the terms that are used throughout the report, right? Most importantly, these are the very terms that are used in SinglePoint, itself.

So when you're in SinglePoint checking out your settings, poking around, this section could be a helpful resource for you to have in order to regain your fluency, if you will. And for each term in here, you'll notice on the right, a course bounding best practice. It's provided again here as consideration for how to maximize your security as it relates to that particular functionality.

So while we're pleased to be able to soon begin making this report available to you as a resource, we know it's just a start, right? And in a moment here, I'll pass it back to Nina and Nidhi to discuss our intent to continue evolving this report. So as a segue to that, we're curious to get your thoughts on a possible option to help you use a resource like this down the road.

Savannah, could we queue up the next poll, please? So to tee it up a little bit here, if some form of an automatic reminder feature to review this report could be made available as a future enhancement, then how frequently would you like to be reminded to review and maintain your security? Only one answer here. It can be select or remember. So make your selections and click Submit. But you'll notice the two are-- all of the options here, they're not all completely similar, per se.

The first two are in a timer, cycle-oriented. And the last two are more action-based. So we're curious to know what kills more to you, terms of the trigger to review these things.

OK, so while we're waiting for that to come--


Oh, go ahead.

I think we're going to use this for collaboration, right? Nidhi, you're going to take this back to team?

Absolutely. Absolutely.


This is going to be information that we're going to take back to his team. And there is no right or wrong answer here. This is great information that we can pass along. I think what you mentioned just now, Chris, is really important. You know, it's not schedulized for everybody in the same manner whether they follow certain time frames or not. Sometimes folks have certain services that come on different cascading schedules, especially now. But we're seeing the poll results come in. And so we'll definitely pass this along to the team.

Sorry, Nina, I think I cut you off.

No, that's perfect. No, you didn't. I'm glad you shared that. And look at the 72 [INAUDIBLE] quarterly, good idea. There's a lot of things we do on a monthly basis and quarterly. So happy to have you share with us.

Yes, thank you.

What you should know, those of you who dialed in, is that this security tool is available right now in our pilot. And it's going to be-- and we will continue development, but we're going to roll it out to users starting in the first quarter of 2021 and the tool, obviously, be free. So when I look at these responses from all of you, I think it's going to be really helpful. And we probably should figure out a way to do this more often.

Well, Nidhi, what's next in development?

Absolutely. You know, from just the initial exposure of this report, we've already touched on multiple pillars of the client journey. We've connected with our clients. We've implemented and brought things faster speed-to-market transacted with them in different ways. So we'll continue to use our Agile model to advance the capabilities of this security report.

And a couple of enhancements that I want to highlight and just kind of bring the mind ante up for the audience here, today, are as follows, one, we want to build a report history so that you guys can monitor and improve the maintenance of your security settings over a period of time. Hey--

An apologies.

--we were kind of in the yellow.

Apologies here, folks on the line, we're having some technical difficulties here. Apologize for the interruption. OK, it seems--

that's resolved. Apologies, we are good to go. Continue, Nidhi, thank you.

Sorry. All right, all good. As I mentioned, we want to build a report history for you guys, so that you can monitor and maintain those security settings over a period of time. It might have been in the yellow back in June, but hey, look we've made x, y, and z changes to our settings and now can visually see that progression of your security settings towards those best practices and recommendations that we're providing you.

And then also integrating the report's ability to take actions within the system administration module of new SinglePoint. And we're rolling out the new SinglePoint platform. One of the most cumbersome and just most cumbersome modules has always been the system administration module as you eluded to earlier. It's just a pain. We've always heard that, you know, again, time and time again from our clients as well.

And so our journey team, again, you know, we took up the redesigns of this module earlier this year, which are now going into development. As we roll out that you module, hey, wouldn't it be great if you could take those actions, those best practices, and recommendations that we're providing you in this report and actually action out of them in this system administration module directly. So we're looking towards just really making this holistically simplified experience for our clients across the board.

OK, so that means then for the 14 people that answered, when adding new or when making user changes, it would be great if the system said, would you like to make that change now, and it would take you directly to the place in single point module to make the change. All right, got that?

Yep. That's a great point. That's a great [INAUDIBLE]. Not everything is scheduled on a quote/unquote quarterly for everyone. But, you know, if there's changes on the fly that they make to adding new security things, that those changes would be integrated in real time. And actually, that's actually available right now. I should have mentioned that earlier.

In the report, itself, if there are changes that you make to this particular user settings, you've made some changes, those will be reflected in real time. So the next time you pull the report, you should be able to see those numbers and those settings changed, incorporated, into that particular version of the report.

Great. OK, so let me flip over to Chris because you get to talk to clients all the time, especially in the training setting. So in your conversations with other users, what types of best practices do you discuss around SinglePoint's query? And where would you suggest the clients go for further resources on fraud related to online banking security? Because I know we've got a lot of resources.

Sure, yeah, that's a great question. I mean what can we do now, right, to help ensure? Yeah, within SinglePoint, there's tools, the concept of secondary approvals, right, involving a second person as an approval, and payments that are outgoing as perhaps the most powerful tool that we have within SinglePoint.

To protect our payments, they're making sure the folks have a appropriate limit values associated with the types of payments they can make. Those are really the elements. And you know, those are what I'd call programmatic or systematic things, features that are built into SinglePoint to help protect your payments. But there's other factors unique to your organization. How do you validate an account change request with a business partner that you make payments to, things like that.

I'll lump all of that under the kind of an umbrella term. I'll just call it due diligence. And with the help of this report or otherwise, when you get your hands on it, I just encourage everyone to always do your due diligence with your payments that are outgoing. Because the fraudsters are going to try and leverage those disruptive elements, right, of disruption, distraction to get you to take a shortcut, perhaps, with the best intentions to get a payment out the door.

So just really encourage you to take advantage of-- do all steps in your due diligence to ensure the payment is legitimate going out the door.

But back to this slide, real quick, what's on here now, if you're looking for more general information on fraud-related happenings out there, check out the minimize risks topic area that's within our financial IQ website out on usbank.com. That sounds like a lot of navigating around.


Well a direct URL to get there. [INAUDIBLE] here, and this is going to be included in a copy of today's presentation deck that you can get after the webinar here. This website provide you with timely information on fraud trends that are happening out there, prevention strategies, a few relevant articles from that website are highlighted here, but comes more out there too.

So bookmarking this as a reference can help you stay up to date within this overhaul realm, right? After all, in our collaborative ongoing effort together to keep the upper hand over these fraudsters, knowledge is power.

So Nidhi and Chris, I really want to thank you for giving us a preview of our new SinglePoint security report. It's just going to be another great tool for you to help to mitigate your fraud. We also have some of the best resources, I think, which is our treasury management consultants and your relationship managers. They are more than ready to help you with different types of solutions, things that you could think about or possibly adopt.

I'd encourage you to join us for our next webinar, which won't be until December. We'll take a break in November for Thanksgiving. The one in December, we're going to be focusing on driving innovation for impact. So as we wind up 2020, we're going to start to look at fresh and new for 2021 one, and our thoughts need to be around, obviously, risk mitigation but digitizing and what can be doing to take advantage of a lot of the innovation that's happening in our industry quickly and for the best impact.

So thank you again for joining us today. 

PDF View

September, 2020

Online security for better business banking

U.S. Bank subject matter experts discuss rising payment fraud trends and how collaborative innovations can help combat these challenges.


Learn more »

Scroll to top