CUSTOMER SUCCESS
First Tech Federal Credit Union
Protecting System for Streamlining Property Title Transfers Using
Symantec Digital Certificates
First Tech Federal Credit Union (formerly Addison Avenue Federal Credit Union)
has made a name for itself by offering highly secure options for online banking.
It was using a Symantec™ (formerly VeriSign®) fraud detection solution to
identify members whose activities put them at higher risk, and for these users
it implemented a two-factor authentication solution from another vendor.
However, the higher-risk members frequently had difficulty connecting when
they were away from home. The credit union deployed a Symantec two-factor
user authentication solution that better supports mobile users, further tightening
security of its online portal—and strengthening its competitive advantage.
ORGANIZATION PROFILE
Website: firsttechfed.com
Industry: Financial Services
Palo Alto: California
Headquarters: Palo Alto, California
SYMANTEC SOLUTION
User Authentication
Using security as a competitive differentiator
Palo Alto, California-based First Tech Federal Credit Union (formerly Addison Avenue Federal Credit
Union) is a nationwide, full-service financial institution serving more than 150,000 members. It
offers members a broad range of services, including checking and savings accounts, electronic bill
payments, investment services, and credit cards—all accessible through a secure online banking
portal, a 24×7 call center, and 23 branch locations. As First Tech members have become increasingly
dependent on online tools, the credit union has attained competitive differentiation by deploying
services with high levels of security and integrity.
In 2006, the credit union implemented VeriSign® Identity Protection Fraud Detection Service. This
solution encompasses a sophisticated engine that offers layered, risk-based authentication and
fraud prevention capabilities, in addition to leveraging normal user ID and passwords. It runs in
the background, utilizing advanced anomaly detection technologies to track patterns by which
members access their online accounts. It automatically flags or locks out potentially fraudulent
activities, while continuing to ensure a favorable user experience and timely delivery of services
for legitimate users.
Searching for global authentication
“Via VeriSign Identity Protection Fraud Detection Service, we have easily identified certain member
behaviors and specific online transactions that have a higher risk potential, and for these we
wanted to provide the most secure environment possible,” explains Blanca Guerrero, First Tech’s
Why Symantec?
· Robust, universally
trusted brand
· VIP Network
simplifies two-factor
authentication for
users traveling
internationally
· Smart phone
software streamlines
one-time password
(OTP) authentication
· Cloud-based solution
CUSTOMER SUCCESS
FIRST TECH FEDERAL CREDIT UNION
chief information officer. “Consequently, a
flexible, easy-to-use-from-anywhere, multifactor authentication security solution was
very desirable. We previously tried a solution
that e-mailed a one-time password (OTP) to
a member or sent a text message to their cell
phone. However, we have a very high
proportion of members that travel, and some
of them experienced account access issues
when connections were unavailable and they
did not receive the requested OTP.”
Stu Fisher, senior vice president of
eCommerce for First Tech, concurs: “We want
to remain positioned with security as a
tangible differentiator in our marketplace.
We enjoy being on the leading edge of
security innovation, and it helps allay any
concerns of fraud our members may have—
giving them full confidence in the integrity
and confidentiality of all of their online
transactions with us.”
SOLUTIONS AT A GLANCE
Key Challenges
• Keep member information secure as Internet-based account management expands
• Provide secure, reliable authentication for
mobile users
• Enhance security without adding
IT overhead
BUSINESS RESULTS AND
TECHNICAL BENEFITS
Secure Member Authentication
• 100% reliability of delivery of one-time
passwords (OTPs) for mobile members
• VIP Network expands options for OTP access to Addison Avenue accounts
• Smart phone software further enhances
convenience
Symantec Products
• Symantec™ Validation and ID Protection
Service with
Behind-the-Scenes Fraud Detection
– VIP Access for Mobile
• No loss of funds since deployment of fraud
detection solution
• VeriSign® Identity Protection Fraud
Detection Service
• Tangible reduction in inappropriate
activities
• Higher-risk members identified, given more
stringent security procedures
• Automatic flagging or lockout of potentially
fraudulent activities
• No disruption to online banking for
legitimate users
Critical success factors
First Tech does not mandate that all members
use multi-factor authentication, but instead
is focusing on those who are most likely to
engage in higher-risk transactions, as
identified by VeriSign Identity Protection
Fraud Detection Service.
For the credit union, critical success factors
for any authentication implementation are
ease of use and members’ rate of adoption of
the solution. “We’re measuring these by
monitoring the proportion of fallout that
occurs,” Fisher says. “Just like going through
an airport security check, where you know
that the scanning and checks are there to
protect you, we believe that members
perceive multi-factor authentication in the
same way.”
Another key measure of success for the credit
union is a reduction in fraud. “Since having
VeriSign Identity Protection Fraud Detection
Service in place, together with a more manual
layer of security on the back end, we’re
already seeing a tangible drop in
inappropriate activities,” Guerrero reports.
“To date, we have not had any loss of funds.”
Two options for secure account
access on the road
Nonetheless, the credit union wanted to
implement a new solution for two-factor
authentication that would better support
members who are traveling. “We never want
to become complacent and are constantly
r e s e a r c h i n g w ay s fo r a d d i t i o n a l
improvements,” Guerrero says. “We’re
looking to multi-factor authentication to
reduce the attempts at fraud even further.
Additionally, we particularly wanted 100
percent delivery reliability of the OTPs, no
matter where our members are located when
accessing their account.”
First Tech considered a variety of solutions
from different vendors. The credit union’s
success with VeriSign Identity Protection
Fraud Detection Service made Symantec™
Validation and ID Protection Service (formerly
VeriSign® Identity Protection (VIP)
Authentication Service) an obvious choice for
inclusion in the evaluation process.
“We wanted to move to an in-the-cloud
solution because we didn’t want any
additional IT overhead,” Guerrero says. “And
while Symantec Validation and ID Protection
“The Symantec brand is very robust
and universally trusted, and having
convenient access to security
experts within Symantec helps
us stay ahead in our delivery of
industry-leading security services.
It’s a strong partnership for the
”
benefit of all of our members.
Blanca Guerrero
Chief Information Officer
First Tech Federal Credit Union
CUSTOMER SUCCESS
FIRST TECH FEDERAL CREDIT UNION
Service met this requirement, what made it
even more attractive was access to the VIP
Network, allowing members that already
have PayPal OTP-generating tokens to use
them to access their First Tech accounts. The
VIP Network is a strong differentiator for
Symantec and one that we can leverage for
the benefit of our members.”
“We also were particularly attracted by the
mobile smart phone version of the OTP
generation that Symantec offers,” Fisher
adds. “It’s so easy to download application
versions of the OTP-generating software; it’s
the ultimate in convenience because most
people keep their cell phones close by.”
Guerrero agrees: “Members really love the
VIP Access for Mobile OTP generator.”
The credit union began implementing
Symantec Validation and ID Protection
Service and worked with Symantec to develop
a pay-as-you-go financial model. “This
approach means that members pay a small
fee to gain the additional level of security for
all accounts,” Guerrero explains. “Even for
single-user accounts, it enables a member
that might have both a PayPal token and the
smart phone option to pay only once and use
whichever is most convenient at the time.”
Fisher adds: “The pay-as-you-go financial
model behind Symantec Validation and ID
Protection Service can be used to help drive
adoption—somewhat like the purchase of a
discounted cell phone and then payment for
the minutes you actually use. We will charge
a nominal fee for the issuance of a token and
then a low annual fee for the service. We feel
that if a member is willing to pay for this
increased security, then they will be
motivated to use the service. It creates a
partnership; we’re both in it together.”
Security that stays ahead of the
competition
First Tech recently introduced its security key
to members, powered by Symantec Validation
and ID Protection Service. The security key
came as part of the credit union’s launch of
its next-generation electronic banking
solution, called e2, which includes token
signups, electronic check depositing, and its
first generation of mobile banking. The First
Tech security key will allow members to log
into online banking with more confidence
than ever before. “We’re the first federal
credit union in the U.S. to offer Symantec
Validation and ID Protection Service,” Fisher
says, “and we’re delighted to remain ahead
of the competition in our security offerings.”
Although the credit union is still within the
first 90 days of the e2 launch and hard
metrics are not yet available, it has already
seen its most security-conscious members
sign up. “Being based in Silicon Valley, we
have a high proportion of technically
proficient members, and they tend to be
more aware of online fraud issues, so we’re
already seeing a strong ramp-up,” Fisher
states. “We’ll continue to build awareness for
the First Tech security key through our main
website and expect to experience a very
enthusiastic uptake across all of our
membership.”
First Tech’s use of VeriSign Identity Protection
Fraud Detection Service continues to be a
critical component of its fraud prevention
strategy. “We are now testing the VeriSign
Identity Protection Fraud Detection Service
Stock Trading and Transaction modules—
and the latter is already proving to be highly
effective in gaining an even better
understanding of a member’s behavior,”
notes Guerrero. “Today, almost every
transaction that involves moving money out
of the credit union is verified by a staff
member; the Transaction module will make
these manual processes much more
efficient.”
Reflecting on the decision to deploy
Symantec Validation and ID Protection
Service, Fisher says: “Becoming a member of
the VIP Network is huge; it’s one of the
solution’s most powerful aspects, making
multi-factor authentication easy to use for all
of our members’ credit union transactions,
as well as their dealings with many other
online accounts. Plus, the simplicity of the
mobile phone OTP-generating software will
benefit our mobile members, removing all of
the frustrations they may have experienced
with the prior solution.”
“The Symantec brand is very robust and
universally trusted,” Guerrero concludes,
“and having convenient access to security
experts within Symantec helps us stay ahead
in our delivery of industry-leading security
services. It’s a strong partnership that allows
us to deliver a highly innovative and
compelling suite of services for the benefit of
all of our members.”
“Since having VeriSign Identity
Protection Fraud Detection Service
in place, we’re already seeing a
tangible drop in inappropriate
activities. To date, we have
”
not had any loss of funds.
Blanca Guerrero
Chief Information Officer
First Tech Federal Credit Union
“We were particularly attracted by the
mobile smart phone version of the
OTP generation that Symantec offers.
”
It’s the ultimate in convenience.
Stu Fisher
Senior Vice President of eCommerce
First Tech Federal Credit Union
Copyright © 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other
countries. VeriSign, VeriSign Trust, and other related marks are the trademarks or registered trademarks of VeriSign, Inc. or its affiliates or subsidiaries in the U.S. and other countries and licensed to Symantec
Corporation. Other names may be trademarks of their respective owners.