The DOJ’s proposed amendments to the ADA are expected in 2018, but enforcement actions are ongoing. Title III claims, in general, are on the rise. Website compliance litigation filed by plaintiffs’ firms and advocacy groups have similarly seen a significant rise over the past year, and especially in the past several months, according to the National Law Review.
Love it or hate it, your credit union website should be compliant with ADA regulations. Below is a checklist to make compliance easy for you.
ADA Compliance Checklist
- Images have alternate text that can be read by screen reader software.
- Recorded video content includes captions.
- Video or audio-only content is accompanied by text transcript or description.
- Links are provided to media players required to view content.
- Headings are presented in logical order.
- “b” and “i” tags are replaced with “strong” and “em.”
- There are no empty links or heading tags.
- The presentation does not rely solely on color.
- Automatically-played audio does not occur or can be stopped.
- The keyboard can be used to navigate the site.
- Keyboard focus is never stuck on one particular page element.
- Time limits provide notifications to the user.
- Automatically scrolling or blinking content can be stopped.
- No strobe effects or rapidly flashing colors occur on the site.
- “Skip navigation” functionality allows keyboard users to quickly access content.
- Page titles clearly and succinctly describe page content.
- Buttons and links are clearly and logically named.
- The language of each page is identified in code.
- Elements receiving focus do not change content in a substantial way.
- Invalid form input is identified to the user.
- Forms have labels and legends that can be read by screen reader software.
- There are no major validation errors.
- Live video or audio content includes captions.
- The contrast ratio between text and page backgrounds is at least 4.5-to-1.
- Text on pages can be resized to 200% while still maintaining form.
- Images are not used where text can achieve the same purpose.
- Pages on the site can be accessed in multiple ways.
- Keyboard focus is visible and clear.
- Menus and buttons are used consistently regardless of the user’s location in the site.
- Users are given suggestions on how to solve input errors.
- An error prevention technique is used whenever the user is entering sensitive data.
- Underlined text that does not provide a link is removed.
- Redundant links on the same page are eliminated or minimized.
ADA Compliance Checklist. https://www.paperstreet.com/ADA-compliance-checklist/
Website Accessibility Under Title II of the ADA. https://www.ada.gov/pcatoolkit/chap5toolkit.htm
Title II Checklist (Website Accessibility). https://www.ada.gov/pcatoolkit/chap5chklist.htm
HTML 508 Checklist. http://www.hhs.gov/web/section-508/making-files-accessible/checklist/html/index.html
WCAG 2.0 Checklist from WebAIM. http://webaim.org/standards/wcag/WCAG2Checklist.pdf
Visa Mandates Alerts for Issuers by October
In the ongoing battle against fraud, Visa recently announced that Visa card-issuing credit unions will be required to provide member cardholders with the option of transaction alerts. The mandated deadline to be in compliance is October 14, 2016. On or before this date, credit unions must provide their Visa cardholders with the option to participate in the service.
Transaction alerts will work for transactions processed on a consumer card, excluding a non-reloadable card, and routed as follows:
● Visa Transactions routed through VisaNet
● Interlink transactions routed through the Interlink Network
● Plus transactions routed through the Plus Network
Transaction alerts have many benefits for issuers and cardholders. The overarching benefit is that the alerts help to reduce fraud. That’s good for you and your members. More specifically, transaction alerts provide peace of mind for members by putting them in control and they also help with financial management and budgeting. For credit unions, it is another fraud prevention service that you will be able to provide your members.
So what next? Issuers have some discretion in implementing the mandate. They will be required to tie in an alert service into their existing consumer credit, debit and reloadable prepaid accounts – and they can choose either to provide their own alerts service or to offer a solution from a third-party provider, like Cubus. Issuers can offer alerts via phone, SMS text or email, and they can even customize the messages.
A major consideration for issuers is the need to integrate the alerts service enrollment with their other services, which is a no-brainer if you already have Cubus products.
Branding, development and integration should be one of you concerns about which alerts offering you select. This mandate is actually an opportunity not just to engage cardholders in the fight against fraud, but also to provide a more comprehensive solution including – in addition to the alerts required by the mandate – those relating to account maintenance activity, personal information changes, suspicious transactions, payment due dates and available credit.
Empowering cardholders to play a more active role in transaction and account management is a winning move for all involved. And seizing the opportunity to provide the most comprehensive services to ensure the best member experience possible is something the entire industry can – and should – support with gusto.
If you don’t already have an alert system, call or email us today. We have a solution.
The Future of IoT for Financial Institutions
Following are some ways that the Internet of Things could work in retail banking.
Mobile check-in to branch
Mobile banking usage is on the rise globally. Using location aware technologies can allow members to automatically “check in” to the branch before they arrive. That could trigger a process to prepare the branch staff with their specific account information, history, and most likely needs that day. When they walk in the door, they are already first in line and the teller will be fully up to speed on their unique financial situation. It’s a proactive, fast, and customized process for every member.
Location + shopping
Through the location app, you could see that a member was near a “partner” restaurant during the lunch hours. You send the member an offer to have lunch there and pay only 75% of the bill if they use your credit union’s credit card. You could also show all partner joint offers for that location.
Member buys an international air ticket using the credit union’s credit card. As soon as they swipe their credit card to purchase their ticked, you send an offer to the member’s smart phone for preferred exchange rates for the trip if they buy foreign currency within a specific period. A preferred offer for travel insurance could also be provided.
Targeted rewards program
To better understand consumer spending patterns and offer personalized reward programs, early adopter financial institutions have started and are continuing to use analytics to offer customized and targeted rather than standard programs to customers. The ability to access data captured by smart devices of all kinds is helping provide customers with an all-inclusive view of their personal finances and spending patterns in real-time. Pairing IoT with analytics can also enable you to provide location-based, real-time discounts. Using data and location driven insights, you can anticipate needs and offer advice, products and solutions to help them make smart and financially sound decisions.
With increasing pressure to deliver tailored offerings that meet customers’ needs and lifestyles, financial institutions are starting to partner with different loyalty companies to reward customers for their purchases in real-time. This kind of IoT technology uses geographical data to identify offers and deals from nearby merchants that become active as soon as the customer swipes their debit or credit card at said merchant.
The best part about the Internet of Things (IoT) is that possible applications are limitless. There can possibly be more than hundreds of other use cases that can improve the member’s experience, provide more cross-sell possibilities, reduce risk and increase operational efficiency which finally can improve your financial performance materially in the long run.
Data is already being gathered in many instances. It’s all about analyzing it in smarter ways and automatically taking proactive action at the exact right moment based on predictive analytics.
Mastering the Millennials: Five ways to get you positioned
If you’re around any Millennials (18 to 34) you probably know that they are, in general, frugal and always price shopping. Which plays into their skepticism and somewhat distrusting nature. They grew up with technology and understand how to use it to make sure they are getting the best deal and that no one is trying to sucker them. On the other hand, they want a sense of connection to community, in part, because they trust it, and they value financial security. This spells marketing opportunity for credit unions. Credit unions are the best deal. Credit unions have a connection to community, therefore trustworthy, and credit unions can provide financial security via numerous services. Here are five ways to position your credit union with the millennial market.
- Differentiated marketing
Studies show that millennials do not have a seasoned loyalty toward their financial institution. While this is bad news for the incumbent, challengers with superior creative, strategies and offers have a decent chance of wooing new customers.
- Expanded mobile banking
Millennials grew up in the digital age, and the majority prefer mobile banking for day-to-day transactions once their account has been opened at a branch. A recent survey posted on FindABetterBank.com found that over 70 percent of Millennials considered mobile banking a “nice-to-have” or “must-have.” This compared to just over 50 percent of shoppers age 30-plus.
- Low fees
Millennials are often in the midst in significant life changes that impact their financial freedom: facing student loan debts after graduating from college; looking for a new or better job; preparing to get married or buy a home. They are apt to choose a financial institution that can offer accounts with low fees.
The website has become the new front door of the credit union. Members “walk in” through a digital front door and are instantly greeted by many eye-catching displays. The great risk (or opportunity) is how easy it is for millennials to move between financial institutions. Consumers can “walk in” to many different financial institutions on their laptop, tablet, or smartphone. Each site will represent a different feel for the consumer just like branch design. Designing a website that will catch the eye, and keep the visitor engaged, can be the beginning of a lifelong relationship with a member. It also allows a credit union to tailor their marketing offers for members’ various needs. Ads that are tailored to members’ profiles (built through data analytics) will allow credit unions to improve their marketing campaigns.
Members are trying to accomplish certain tasks in their financial life and are hoping for an award upon completion. Credit unions must build gamification into their digital strategy to guide membership into accomplishing financial goals. Finance can be boring for millennials but adding a game will allow credit unions to achieve strategic goals while helping members become financially strong.
Some great examples of marketing to millennials.
Cubus Solutions – Opinion Editorial
By John-Ashley Paul, President/CEO, Cubus Solutions
Infidelity, extortion and data breaches: What we can learn.
The recent data breach and compromise of 3.5 million Ashley Madison user accounts, a website that explicitly facilitates illicit sexual liaisons, may turn out to be largest case of broad-scale extortion the world has ever seen. It’s hack 2.0 if you will.
You already know to protect personal information of members and employees, intellectual property secrets, passwords, private keys, and the like – information that a hacker seeking financial gain would covet. But an extortionist is looking for confidential information that solely has the power to embarrass your organization, regardless of any potential financial value.
In the case of Ashley Madison, the hackers were agitated by a less-than-perfect promise made by Ashley Madison to erase personal data. The erase function created $1.7 million in revenue annually (according to the hackers), but as the hackers wanted to point out, the data was never fully erased. There’s some question as to whether the people at Ashley Madison knew that all the information wasn’t being erased. Either way, the hackers had the right to call out Ashley Madison in defense of its members. The irony is while they were ‘defending’ the members they were threatening to release the information – which they did on August 19 – of those same members.
They were not specifically interested in the data of any single individual in the user base, rather they wanted to expose the fraud through extortion – close down the site or we leak the personal data.
The decision to make public specific information from the breach was not about an individual or their relationship with the hackers. It was about control. When someone controls your data and does not have a direct interest or economic relationship with you, it can be very difficult to gain back control or influence what happens to it.
Any business that has a website is a potential target for shakedown artists. That’s why it is a necessity to identify all sensitive information being stored and take every possible precaution to safeguard it. The bad guys don’t have to steal financial information to make money by hacking. They just have to steal any data that has value to someone.
Data as a detriment
More and more data is being gathered about customers. That’s the value side of the coin. More data helps you make better decisions, see trends, target market and so on. But on the other, there’s risk. The ‘save everything’ strategy is one of them. The only way to determine the real value of saving all the data is to calculate the financial and strategic benefit gained from using the data, minus the cost of the infrastructure and the legal and compliance risks associated with keeping all that data.
Making matters worse for corporate security teams is that in recent years, most have invested heavily in protecting financial data, and spending money securing what they considered to be the most valuable data. In the future (which is now), this needs to change. But right now, every executive at every institution in the country should be hard at work doing an assessment about what their valuable data really is. Then, they need to invest wisely in protecting data that might seem inconsequential if stolen in one context, but a disaster of stolen in another. Because every company will have to plan for ransom and extortion requests now.
The bottom line? As individuals, there will never be a better time to educate ourselves about what tradeoffs we are making, consciously or unconsciously, with our data. As business people, we need to decide what kind of data stewards we will be, especially as data becomes more ingrained in business strategy. As an industry, we need to start putting clear and practical norms in place to clarify these issues so that we can have a fair and productive conversation about them and, frankly set a good example.
About John-Ashley Paul
John-Ashley Paul brings years of high technology and marketing experience and expertise to Cubus Solutions, including over six years with a leading credit union core data processing vendor. John-Ashley led product management & marketing at several technology companies including Siemens, EnterWorks, Asterion, and Interpro.
Dear Valued Customer,
As you are probably aware, there is a new vulnerability code named POODLE that was published last week. Since then, there has been a lot of chatter all over the place about what do to. Disabling SSL 3.0 on web sites and browsers seems to be the common and easy answer. We highly recommend this article: http://www.troyhunt.com/2014/10/everything-you-need-to-know-about.html. It was the most informative and also the easiest to read.
Cubus applications do not have any built-in dependency on the SSL protocol. The servers that host our applications use IIS for end-user and source-server (SSO) connectivity and rely on IIS to handle the encryption. Since TLS (v.2.0) has superseded SSL (v 3.0) in recent years, IIS will use TLS by default, and will switch to SSL only if TLS is unavailable. So, in the Cubus context, all you would have to do is disable SSL on every Cubus application server that uses IIS to prevent this vulnerability from being exploited when a user connects to a Cubus application.
However, before you do so, please confirm which of the following describes your situation:
- Your members connect to Cubus Online Banking via an https connection from a browser; then from Cubus Online Banking, they connect (via Cubus Single Sign On) to third party applications (e.g. alerts, statements, bill pay, credit cards, etc.)
- If you are using Cubus Online banking, you may disable SSL on all non-Cubus OLB servers (e.g.: Alerts, Deposits, Points, Loyalty, etc.) right away. However before you disable SSL on the Cubus Online Banking Web or App Server, please confirm with all third party vendors (eg: PFM, Bill Payer, Credit Card, Loan Origination, Account Opening, Check Image interface, e-statements, etc.) that they have disabled SSL on their servers and/or have removed any SSL dependency from their code. We are also contacting all vendors to whose applications we have a certified single sign on interface.
- Your members connect to Third Party Online Banking applications via an https connection from a browser; These Third Party online banking applications (e.g. Digital Insight, Q2, Alkamitech, Jwaala, PM Systems, Ultra-Access) connect (via 3rd Single Sign On) to Cubus applications.
- f you are using a Cubus app with a third party online banking vendor, please do not disable SSL on the Cubus web server till you get a confirmation from your online banking vendor that they have disabled SSL on their servers and/or have removed any SSL dependency from their code.
If you need any clarifications or additional information, please do not hesitate to contact us.
Vice President, Customer Services