Our Days Of Password Purgatory Are Coming to an End

This blog is for those of you who have struggled to remember the number you put after your middle child’s middle name or who still don’t know what your mother’s maiden name is. This blog is for those of you who get to work early only to be locked out of your computer because you forgot to capitalize the third letter of your password. Finally, it is for those of you who wait too long to change your password and find out that a week’s worth of email haven’t come through.

According to the Wall Street Journal, the government bureaucrat responsible for implementing these protocols now admits he has done more harm than good. In fact, all those time-wasting, frustrating, counterproductive office hours didn’t even improve your cybersecurity.

In 2003, Bill Burr was a manager at the National Institute of Standards and Technology. Unless you’re related to Mr. Burr, you don’t know him, but I would suggest that no government bureaucrat has ever done more to ruin your good mood. As a manager for the National Institute of Standards and Technology, he created an eight page primer advising government workers how to guard their computer accounts. His advice spread far and wide as companies and universities scrambled to guard against the emerging cybersecurity threats. For example, he suggested changing your password every 90 days and requiring it to include numbers, upper case letters and special characters in order to be valid.

Does any of this really help? Probably not. Hackers are pretty smart people and it didn’t take them long to figure out that most people update their passwords by simply adding a number every 90 days. In fact, Mr. Burr now says that he regrets much of what he did. Incidentally, the government is in the process of updating Special Publication 800-63, which is the document all these useless requirements came from. 


Those of you who provide mortgage loans or have branches in New Jersey should take a look at Senate Bill 726, which extends protections against discrimination to persons serving in the armed forces. For example, the bill makes it illegal to deny someone a mortgage loan because of “liability for service in the armed forces.”


Wells Fargo is in the news again for the all the wrong reasons. A little more than a week after disclosing that it improperly billed thousands of customers for collateral protection insurance. The bank is under investigation by Federal regulators for failing to refund members who overpaid their  Gap Insurance.

On that note, enjoy your day.

August 9, 2017 at 8:47 am Leave a comment

Overdraft Overkill: The CFPB Gets Ready To Strike Again

Those tricky little devils at the CFPB are at it again. Last week they unveiled prototypes for updated disclosures informing consumers of the right to opt out of overdraft protections for ATM and debit transactions. These aren’t binding but proposed regulations probably aren’t far away.

This is a perfect example of a remedy in search of an illness. The only institution of which I am aware that really thinks the existing opt-out notices need to be updated is the CFPB which has been charged by Congress with investigating overdraft practices.

I’ve always been paranoid when it comes to the CFPB’s overdraft analysis. We have to allow for the possibility that the ultimate goal of the Bureau is to require the affirmative consent of consumers before extending any overdraft protections to them at all.

Call me paranoid but I don’t think these prototypes are much of an improvement over the existing forms in the appendix to Regulation E, unless your goal is to conflate ATM overdraft protection with more general overdraft protections.

The prototypes were released in conjunction with the Bureau’s annual analysis of overdraft activity. The report reveals what it always does, which is that a relatively small group of users disproportionately use overdraft services.

If you have faith in the aggregate commonsense of the American public, this demonstrates that some people choose to use overdrafts because they like to know that their mortgage is going to be paid or that they won’t be embarrassed when they go to pay at Starbucks. To others, this is another example of a predatory financial system taking advantage of a vulnerable population.  After all, if the average financial consumer was as smart as the people running the CFPB, they would never avail themselves of overdraft protections.




August 8, 2017 at 9:53 am Leave a comment

Is The Fed Playing Where’s Waldo With The Economy?

That is the question I pondered on Friday as I settled in for a long weekend at a lake house outside of Cooperstown, New York. As the Fed nudges the Fed Rate higher at what point will consumers expect a greater return for placing their deposits with you? Or as the WSJ put it in this great article ” For now, most bankers are happy to keep deposit yields low, standing pat even as the Federal Reserve hikes short-term rates. No one is sure, though, how long customers will tolerate that.”

The chart accompanying this  blog (which I created using the FRED website) demonstrates that something really strange is going on here: on the one hand employment is that a 16 year low;  on the other hand inflation has Hardly nudged and wage growth has been anemic. Not surprisingly interest rates on  12 month certificates of deposit  are flat.

History says it’s not supposed to be this way. After all, the Fed has gradually been raising rates and has signaled that it intends to start selling  all those mortgage back securities back into the economy, but despite impressive  job gains we haven’t seen the type of upward pressure on wages that would make raising rates the logical thing  for your credit union and the Fed to do  The WSJ reported that from a year earlier, average hourly earnings increased 2.5%, in July  thanks to a 9 cents-an-hour increase from the prior month. That is slower than normal in the past  quarter. In fact,  one of the reasons the market is booming is because it’s the only place persons planning for retirement can make any money off their money.

Which brings us back to Where’s Waldo? If you read their analysis  or listen to their interviews economists  are convinced that inflation is hiding  out there somewhere, they just haven’t looked in the right place  yet.  Conventional wisdom says they are right but if they are wrong than we aren’t anywhere near  the point  yet where the Fed should raise rates again or  your  members will demand a higher return on their deposits

August 7, 2017 at 9:27 am Leave a comment

When it Comes to Merchant Liability, Bogart Is Spot On

Don’t let a string of high-profile settlements fool you: Like Rick in Casablanca,  your credit union is contractually bound with all the gin joints in all the towns in all the world that your member comes into this Summer; at least if she uses  a credit card  you issued her.

This means that your credit union’s ability to recover for losses suffered as  a result of a data breach caused by merchant malfeasance remains fundamentally limited:  It is  dependent on a patchwork of state laws and legal nuances. This is not a new development. But every so often a case pops up that demonstrates yet again why Congress needs to impose national data protection standards on merchants.

The latest example is SELCO COMMUNITY CREDIT UNION, v. NOODLES & COMPANY, Defendant., No. 16-CV-02247-RBJ, 2017 WL 3116335, (D. Colo. July 21, 2017).   The case involves  a group of credit unions that sued Noodles & Company for negligence after  members were allegedly  victimized by a data breach. The credit unions contended that the restaurant failed to upgrade so that it could accept chip card technology and failed to comply with standard industry data protection baselines such as the PCI Standards.

Nevertheless their lawsuit was dismissed last week. By accepting and issuing Visa and MasterCard the  restaurant chain and credit unions agreed to  abide by Visa and MasterCard  network rules, including those spelling out the  remedies available  to card issuers when a merchant is accused of negligence.  No lawsuit for negligence allowed.

There are exceptions to this rule.  For example, Minnesota has a law giving banks and credit unions the right to sue merchants for their negligent card practices and some states give businesses greater flexibility than others to sue each other for negligence resulting in economic harm.  But that still leaves issuers with too much uncertainty when it comes to figuring out  their plastic costs and provides too few incentives for merchants to adequately protect debit and credit cards from cyber criminals.

August 1, 2017 at 9:36 am Leave a comment

Is Wells Fargo The Citizen Kane of Banking ?

Wells Fargo is in the news again. For those of us who would like to see the CFPB’s powers scaled back that is not a good thing.

The NY Times is reportingg this morning that more than 800,000 people who took out car loans from the banking behemoth were charged for auto insurance they  did not need, and some of them are still paying for it.  These  payments resulted in 274,000 delinquencies and 25,000 repossessions.

When wells’ Account opening shenanigans were uncovered regulators responded with guidance on properly incentivizing front line staff.  My guess is you will soon be seeing guidance on properly notifying members about collateral protection insurance.  It’s a quiet Summer Friday so use some of it to review your auto loan insurance requirements with an eye towards ensuring that members are receive proper notification.  Here is an opinion letter from NCUA authorizing credit unions to use such insurance .

One of my favorite scenes  in the movie Citizen Kane is when one of the reclusive mogul’s former advisers  explains that  it’s easy to make a lot of money if all you want to do is make a lot of money. Everyday all lending institutions,  irrespective of their size, have  to balance the cost of compliance against  the need to generate income.  Wells is an example of what happens when executive’s decide that it’s a lot easier to make money when you don’t follow the rules.

July 28, 2017 at 8:59 am Leave a comment

What The “Summer From Hell” Says About Our Payments System

Down- Staters are experiencing what Governor Cuomo has dubbed “The Summer from Hell” as long overdue repairs are made to a dilapidated overpriced and overused transit system built for the world that existed a century ago.

I wonder if we are headed for the same type of crisis in our payments system. Its rules and regulations were written. and its infrastructure was built, to cater to an internet-free world in which all phones were dumb. In my worst case scenario we end up with a two tier system in which the “Haves” bank at the institutions that can afford to invest in a  real-time payment network (think NACHA on steroids) and the “Have-Nots” are stuck waiting for the late train.

The 300 member Faster Payments Task Force, which was established by the Federal Reserve in 2015 to grapple with these issues, released its recommendations last Friday.  It envisions a world in which banks, credit unions and other financial institutions are voluntarily interwoven into a twenty-first century  payments system that can accommodate  multitudinous  payment platforms, products and consumers,  ranging from the “unbanked” college freshman with her reloadable prepaid card, to the “One percenter” who expects  to shift money in an out of several accounts with the touch of his smart phone.  Settlement would take place around the clock.

In my experience there are two reasons governments convene task forces: (1)so they can say they are  dealing with a really serious problem which they  have no idea how to solve or (2) They know exactly what they want to do but  want someone else to take the blame. My guess is that  a lot of the latter  is taking place here.  I expect the Fed to push many of these recommendations.

But there is a fly in the ointment. As the report notes, a number of countries have addressed these challenges through mandates or the development of a national faster payments system with a single operator. In contrast, the United States is taking a market-driven approach to payment system innovation that avoids government mandates.

I’m not sure the country can get the system it needs without mandates to protect the little guys but we will have to wait and see.

July 27, 2017 at 9:39 am Leave a comment

Older Posts Newer Posts

Authored By:

Henry Meier, Esq., General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 446 other followers