P2P Payments: Simple, Secure Transactions

Interview with Howie Wu, VP Virtual Banking, Boeing Employees Credit Union
P2P Payments: Simple, Secure Transactions
Increasingly, consumers long for a simple payment solution that allows them to send money to family and friends via email or text message.

Boeing Employees Credit Union (BECU), Washington's largest credit union, is at the forefront of the person-to-person (P2P) payments revolution. And in an exclusive interview, Howie Wu, VP of Virtual Banking, at BECU, discusses:

How BECU's Popmoney initiative was deployed;
Security challenges that had to be addressed;
Tips for other institutions looking to offer P2P payments.

Wu has over 10 years experience in the financial services and information technology industries and has been with BECU since 2003. In his role as the Vice President of Virtual Banking, he is responsible for leading BECU's strategy as it relates to all remote delivery channels. He has played a major role in defining and implementing changes that impact the member experience within the ATM, online, telephone and mobile channels.

He earned a B.A. in Accounting and a MBA in Information Systems from Washington State University. His professional interests include IT, finance and business leadership. He also participates as a panelist in various industry forums and is a member of several financial technology committees.

TOM FIELD: Person-to-person payments -- what is the trend, and what are the security issues? Hi, this is Tom Field, Editorial Director with Information Security Media Group. We are talking about the P2P trend today, and we're talking with Howie Wu, Vice-President of Virtual Banking with Boeing Employees Credit Union. Howie, thanks so much for taking time to talk with me.

HOWIE WU: Absolutely my pleasure.

FIELD: Just to get us started here, why don't you tell us a little bit about yourself your institution?

WU: Yeah, definitely. So, Vice-President of Virtual Banking is a bit of a unique title. But basically to sum it up, I am the one responsible for all of the remote delivery channels within the organization. So my area oversees ATMs, online, telephone banking, you name it. So anything that our members touch that is not face-to-face or call center. Then as far as our institution goes, we've been around for almost 75 years now. We originally started as obviously part of Boeing Company and their employee's need for a credit union. At this point, really we have come to be known as more BECU rather than Boeing Employees Credit Union. We are an $8.5 billion financial institution with approximately 640,000 members.

FIELD: Very good. Now my understanding is you just launched the POP Money initiative, which just briefly allows members the ability to send money to friends and family just by sending an email or a text message. Am I right?

WU: That is correct.

FIELD: So, tell us about this initiative. What exactly is it beyond the bare bone description I have just given?

WU: Well for us, we are really in our, I guess, phase into what we call the payments evolution. You know we are an organization that has always been fairly remote from an operating model perspective. So we wanted to ensure is making our member's lives as easy as possible to conduct transactions whether it's within the organization or outside of the organization.

FIELD: Give me a sense, Howie, how this works? Say, I want to send money to a friend, a family member, or a business associate; how would POP Money work for me?

WU: If you are a BECU member, you basically log in to online banking, and there is a link for POP Money and the interface basically allows you to essentially, like you said, pay anybody from that portal either using their email address or a text message. What that will do for the receiving party, they will either get an email or a text message that basically tells them how to fulfill or obtain the funds that the person is paying them with.

FIELD: So, it would be similar to PayPal, for instance, except it is going through your institution?

WU: Yes, absolutely, and it's very easy. The transaction is fulfilled through the ACH networks, so the Automated Clearing House. The beauty of it again is the sender of the funds or the receiver; neither of them has to actually share financial credentials with each other, and so from a security perspective it makes it very easy for people to pay other people that they may not necessarily know very well or want to potentially share their financial information with.

FIELD: And presumably this is really appealing to people that are operating their lives off of their Smart Phones?

WU: Yeah, absolutely, absolutely.

FIELD: Howie, what was the business case that you used to kick off this project? And I know in tough times of business the business case is certainly very important.

WU: Well, for us again, our operating model as an organization is remote, so we want our members to use our remote channels, so that would include obviously the ATMs, online banking, and the mobile interfacing as much as possible to do business. For us, really again it came down to just ease of use and functionality, and one of the biggest things that our members like to do obviously is transact with friends, and family and it's one of those things that this product really made it easy for them to do -- without having to get into all the details of the inter-workings of financial data and getting accounts set up and the transit and routing and all that other stuff. So, it just made it much simpler for them to make those payments without having to deal with check, debit and those types of channels.

FIELD: Now. give us a sense of what the challenges you faced in deploring this service.

WU: You know, for us, it was very straight forward. I mean, we have generally over the years been making changes to our online channel pretty much on a regular, quarterly basis. This was a part of one our quarterly releases. Really the only challenges and deploying is obviously determining the amount of risk we are willing to take, so setting the limits in terms of transaction, volume, and them implementing multifactor and third out-of-wallet type questions to really ensure that from a security prospective we are also protecting our members as well as those that are potentially receiving the funds.

FIELD: Well, that is a huge issue of course. Now, you used the three deadly letters a few minutes ago, ACH, which has become one of the bigger stories of the year. Let me ask you, what were your biggest security considerations with this project and how have you addressed them?

WU: Biggest ones again is the amount of money we are willing to allow members to move one time, so setting up one-time limits, setting up daily limits, setting up monthly limits. Really again, it's looking at what is the potential of a fraudster let's say, setting up an account or hijacking an existing member's account and conducting those types of transactions - that was probably our biggest security concern from the get go.

FIELD: Now, do you set limits based upon on someone's profile, or do you have sort of uniform limits that you impose?

WU: It is based on somebody's profile. It is also based on their usage, so the way that the product works is if they are a new enrollee, they are set up with much lower limits to begin with. Then after essentially a 90-day kind of demo period, I guess you want to call it, then basically we open up the limits to the maximum for them assuming all activity within that 90 days is good and legit.

FIELD: And what would be examples of the type of authentication you are asking your members to go through to use this service?

WU: One of the things that we implemented within the product is a product provided by a company called Verid. It is essentially out-of wallet type questions. By out-of-wallet it basically asks questions that generally if you are a fraudulent person. you're not going to have on an individual. These are questions that are probably obtained off credit reports and credit history. Some unique questions would be -- they are all multiple choice questions -- and it basically would ask them, for example, what was the street address of the home you lived in 15 years ago? It would then give them a list of four options. So that is just an example. Again, out-of-wallet questions that are much more difficult for a fraudster to obtain out in the general public.

FIELD: Howie, give me a sense of timing. When did you deploy POP Money, and what would the results be that you have seen since then?

WU: Yeah, so we deployed it on March 20th, so approximately two and a half weeks ago, and at this point the results have been fantastic. We are actually rather a little surprised at how quickly adoption has picked up. Right now we have over 2000 members enrolled in the product and we are moving on average, about over $200,000 dollars a day.

FIELD: Now who do you expect your demographic is chiefly going to be for POP Money?

WU: I think, again, the younger generations, the much more tech savvy people. Like you said, the mobile, the people who kind of live and breathe on their mobile device, and those that really don't want to conduct transactions via the paper check channel going forward. So those are really kind of the demographic I think that we will be hitting going forward.

FIELD: You know, it occurs to me a question I need to ask: Did you do this in house, or did you do this with partners?

WU: We did this with partners. Our partner is CashEdge. It is a CashEdge product.

FIELD: Now, I know it is early. You've only been at this for a couple of weeks, but given your experience so far in development and deployment, what advice would you offer to other financial institutions going down the same path? And I can think we can expect there will be a lot of institutions going down this path.

WU: Yeah, I think again just really making sure you have a good business case. That your members or customers of your organization really want this feature and product; obviously, it's not something that is free. There is nothing really out there that is free. It is free to our members, but obviously as an organization we do pay for the service and again, really just like I said earlier, just figuring out whatever your requirements from a security prospective, and how do you control that and manage that at the same time offering something that is definitely of value and ease of use to your customer and member.

FIELD: Well, Howie, I look forward to talking with you again down the road to get a sense, maybe six months or a year from now, on how this has worked and what your next steps will be.

WU: Yeah, absolutely.

FIELD: It's been a pleasure talking with you. Thank you so much.

WU: Thank you, appreciate it.

FIELD: We've been talking about person-to-person payments. We've been talking with Howie Wu from BECU. For Information Security Media Group, I'm Tom Field. Thank you very much.


About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.