WECU recently rolled out its new online banking system, but small business owners are now less safe and less secure unless they take action. Single-Sign-On, also known as SSO, is the culprit, here’s why.
I own a small software company, it’s an LLC, and I used to feel comfortable giving the person responsible for finances at my business access to my WECU business account, knowing that when they logged-in they would only see my WECU business account, nothing more.
But with WECU’s new SSO system, out-of-the-box, there’s only one username and password for all of my accounts. if I provide an employee with these credentials, they automatically see my business and my personal accounts, and any other accounts I’m a signatory to. That’s a real problem. The separation between business and personal accounts no longer exists unless you take action.
Without a firewall between your business and personal financial information, you’re exposed to greater risk. A disgruntled employee can now monkey around not only with your business account but also your personal account, your spouse’s account and your children’s accounts, if they’re linked through WECU’s new SSO.
While it offers convenience, SSO also poses greater security concerns. In the past, if your business account’s credentials were maliciously obtained, all that was at risk was your business account. Now, with SSO, what’s at risk is any account you have, or are linked to. One sign-on accesses many accounts—in cybersecurity that’s called exposing a greater “surface area” to attack. More complex passwords, temporary authorization codes via cellphones, and more security questions aren’t the solution. Modern-day cyber attacks easily bypass these measures.
When I asked for a solution from WECU, I first heard that I could turn off what other accounts a given account shows. But if you keep SSO in-place you cannot turn off showing your personal account, when you log-in to your business account and vice versa because you’ll have no way of accessing one account or the other. What you want are separate usernames and passwords for your business and personal accounts. I was told on several occasions it couldn’t be done under WECU’s new system.
After several angry emails, someone finally provided a solution. I met a fellow at the Holly Street branch who had a laptop with access to FiServ, the backend financial software that WECU uses. Although not easy, nor straightforward, this fellow finally determined a way to give me a separate username and password for my business account. Now, when I log in to my business account I do not see my personal account, and when I log-in to my personal account I do not see my business account. That’s the way it should be, there’s less exposure and less risk.
With WECU’s new system, SSO is the default, when it should be an option. You have to opt out of SSO, rather than opting in. Then you have to specifically demand a separate username and password for your business account. Do not let anyone at WECU tell you it cannot be done. I had WECU do it for my business account, and so can you. It takes some effort but you can reestablish the separation between business and personal finances that you need.
—Clyde W. Ford, CEO, Entegra Analytics, Inc., Bellingham
The BBJ reached out to Keith Mader, WECU PR program manager, for a comment on this letter. Mader passed along the following response from the company:
WECU’s updated online banking platform does not use a Single Sign On (SSO) to access multiple accounts as implied.
As part of WECU’s core banking platform upgrade, we moved from an account-oriented platform to a more standardized relationship-oriented platform that is person centric. This allows for greater security, flexibility, and scalability for our membership. Each person has an individual secure login that can be customized based on their desires and account ownership.
One of the primary benefits of WECU’s updated online banking platform is the flexibility it now provides business owners. Before the system upgrade, we received feedback from business owners expressing a desire to see both their business and personal accounts under one login. Our system upgrade accommodates that request but also allows the flexibility to view personal and business accounts separately, if that is a preference. Additionally, our new system places a premium on security by allowing business owners to create unique user ID’s for employee access. Our business members now can assign appropriate levels of account access as they see fit.
WECU is committed to providing the products and services our local business members desire. This includes new products and services that provide solutions for more complex business needs, and which allow business members to manage their business more efficiently, safely and securely. This enhancement is a primary reason we selected this new banking platform.
If any WECU business member needs assistance customizing their account structure or has any questions regarding our updated online banking platform, please contact us at firstname.lastname@example.org.
To all WECU members, whether business or individual, thank you for your continued support. It’s our honor to serve you.
Letters to the editor can be sent to email@example.com. For letter guidelines, visit http://bbjtoday.com/contact/.