Digital Banking Security

pete Sedgwick

Pete Sedgwick is the Chief Information Officer at DECU and a Certified Information Systems Security Professional. With more than two decades of experience implementing strategies, teams and solutions for large and complex information technology systems across the industry, the Iowa State graduate sits in for us here at the DECU Daily with a guest blog.


At Deere Employees Credit Union we recently upgraded our Digital Banking to improve customer service and offer members the most advanced technological solutions for  digital banking access. A prime concern during implementation and testing was safety for users from hacking and stolen passwords. 

Two-Factor Authentication

To help prevent the threat of stolen or guessed credentials, DECU Digital Banking requires two-factor authentication (2FA) in two scenarios:

  • Your first time using the digital app
  • When a new device is being used to access your accounts online

In both cases, 2FA confirms the end-user’s identity requiring two of three pieces of evidence:

  • Something you know (password, birthday, temporary code, etc.)
  • Something you have (phone, computer, device, key fob, SIM card, employee ID, etc.)
  • Something you are (facial recognition, fingerprint, etc.)

Every time you sign in to DECU Digital Banking, information about the device being used is collected and registered for your inspection. You can see all computers, phones, and other devices currently or recently in use with your login data, and you can select and remove access at your discretion.

User Tip: Update and manage your passwords regularly, using  upper and lower case letters, number, and symbol combinations. Do not reuse the same password for different websites. Do not share your passwords.

Browser Session Timeout

For security reasons, users are automatically logged out from their accounts after a set amount of time. Users will need to re-enter their credentials to keep using their app after these timeout periods.

Online users are automatically logged out of DECU Digital Banking after 10 minutes of inactivity. Active users are booted after 24 hours and required to log back in for verification.

Authentication Token Security

Our DECU Digital Banking team employs up-to-date security standards, including secure authentication and end-to-end encryption. We constantly test and undergo rigorous security reviews to make sure hacking and stolen passwords remain extremely unlikely events.

We engage the industry’s best third-party consulting firms to perform penetration testing  replicating the most malicious modern hacking attacks and strategies. Every byte of code is scanned multiple times before production, and we conduct regular static and dynamic application scans, internal and external network scans, and system vulnerability scans using  several commercial and professional penetration testing tools to root out the latest in web, application and system vulnerabilities.

Nevertheless, in the very rare case where your browser has an attacker secretly listening to and even altering your communications, their ability to access your account is thwarted and stopped by our Authentication Token Security.

These tokens work like a stamped ticket and are only valid for users who successfully validate their identity. The token expires when the user logs out, and, most importantly, the token can not be recycled.

This same protection makes it much more difficult for malware and browser add-ons, also known as browser extensions, to extract information from your web browser via screen scraping.

User Tip: Sign up for email and text alerts to receive updates whenever your account is accessed. Stay informed with credit card activity and fraud alerts as well. 

Content Security Policy

DECU’s Digital Banking content security policy provides additional limits on what the application is permitted to do. In the unlikely event that a malicious script was injected into the page, this policy prevents the script from sending your data to a third-party. This ensures that your data stays where it belongs, in our secure and predetermined safelist environments.

User Tip: Microsoft Edge, Chrome  and all of our other supported browsers already support this specification.

Google Analytics

A brick-and-mortar financial institution has an entrance, a lobby, and a line to wait in. When you enter, you are recognized, greeted and the next available teller deals with your issue.

DECU Digital Banking uses Google Analytics to see someone came through the online door, how long they stay, and how they move from task to task. 

In a real commercial building, business traffic flow can be measured and used to accommodate customers better. Doors can be widened, and corridor carpets with socially distant intervals and directional arrows can be marked off. 

More importantly, management can see if staff numbers are appropriate and adequate to meet commercial demand. Specialists with skills determined by the evolution of customer expectations can be hired, trained, and employed. Quick service lanes can be created for specific unique actions. The permutations allowed are as endless as the creativity used in interpreting their necessity.

Google Analytics collects the number of online visitors, device and operating system type, the size of their screens, and how they logged in to the site. In digital banking, as in all websites across the global internet, Google Analytics tells structural data analysts which content choices work well on a website and which of them fail to earn their keep.

Our implementation of Google Analytics does not collect nor have the ability to track information that personally identifies an individual nor does it have access to transaction data.

Account Protection and Messaging

To  further protect your DECU Digital banking accounts, we have a secure communications platform embedded within the application and online platform that allows direct and immediate interaction with a live DECU customer service agent.

With secure messaging, you can ask our member  services questions about your account in an encrypted system that protects your personal information. 

If you lose your credit or debit card, you can let us know and order your replacement card within our digital app with just a few taps.

And for maximum protection, we update our application frequently to ensure the most up-to-date security protocols are in place. 

DECU Digital Banking Security

We take our devices everywhere. Whether at home, work, or on the go, we expect access to everything we need at all times—and our finances are no exception. But having everything at your fingertips means it’s that much closer to potential cybercriminals. That’s why our developers work tirelessly to enforce the strictest security standards for DECU Digital Banking. Whether it’s secure authentication or end-to-end encryption, we ensure our members are always protected, no matter where they go.