MemberPass is a digital ID held by credit union members that protects credit unions and their members from identity theft and fraud in all banking interactions, from call center authentication to lending to new account opening. MemberPass is a simple, secure replacement for traditional knowledge-based interrogation contact centers employ today to authenticate members calling for call center services. MemberPass seamlessly authenticates both, the member and the credit union to each other, in any call-in, drive-up or walk-in exchange, providing a consistent, frictionless experience across all channels.
What were the objectives for the pilot program?Grant Allen2020-09-28T12:53:22-06:00
Our Fall 2019 pilot projects were intended to provide early proof points of use cases, member experience, and technology readiness. We received positive credit union and member feedback in all three areas, which is why MemberPass is now commercially available to any credit union wanting to create a safer member experience.
Where is the member’s personal information stored?Grant Allen2020-10-06T14:02:50-06:00
The member’s MemberPass personal information is encrypted and stored in a secure location on their mobile device. It is not stored in a central database that could be hacked or otherwise accessed by others – it is always with the member, on their device. And because their biometrics or 6-digit PIN are used to unlock their MemberPassTM on their device, only the member can access and use their data.
How long does it take to implement MemberPass?Grant Allen2020-09-28T12:53:26-06:00
Only the member has access to their MemberPass personal information. MemberPass allows the member to manage who they share their identity with; ensure the member is sharing their identity with the intended recipient (i.e., they are sharing with your credit union versus a bad actor imitating your credit union); and store their digital credential on their secure device and never in a central database subject to compromise.
MemberPassTM puts the member in control. The member is the only one in control of their identity information and share it only when giving their permission. And only the intended recipient can access information from the member’s MemberPass.
Who can own a MemberPass?Julie Esser2020-10-06T14:16:10-06:00
Yes, the MemberPass digital identity wallet app is available and supported in both the three most recent versions of iOS and Android and will work on the following devices:
• Apple iOS 10.3 and above
• Android 6.0 and above
What is the adoption or sign-up rate for the CU’s currently using the MemberPass service?Grant Allen2020-09-28T12:55:19-06:00
As of right now, we have a number of credit unions that are coming out of their pilot programs, which were focused on a specific use case, and now expanding into other areas within their organization and to their membership. As of September 2020, we have more than 8,000 MemberPass digital IDs in live production.
How does MemberPass handle multiple owners related to an account?Grant Allen2020-10-06T14:02:33-06:00
The way multiple owners are set up with an account depends on your credit union’s core processing system. MemberPass supports this in several different ways but the integration is on the core side. For Symitar as an example, the credit union can treat each phone number and the relationship with the member, be it a primary or joint, as their own entity. If a joint member calls or comes in requesting information about their account, the credit union can ask for the account number and then the teller is able to select who is being authenticated (primary number or joint number) via MemberPass. That lets the credit union know who they are supposed to be speaking with and then tailor what information that member is are allowed to access.
Where can I use my MemberPass?Julie Esser2020-10-06T14:09:43-06:00
Currently you can use MemberPassTM at any participating credit union any time you interact with your credit union whether you log in online to access your accounts, visit a branch or call into the call center.
In the future, you will be able to use your MemberPassTM for things outside of the credit union, like an employer or government.
Where is my MemberPass stored?Julie Esser2020-10-06T14:09:33-06:00
The MemberPass digital ID is securely stored in a separate digital credential wallet/app on the member’s smart device. Some credit unions, however, may integrate this digital credential wallet function into their own mobile banking app.
Is there a charge to download the app?Grant Allen2020-10-07T09:35:39-06:00
The enrollment process for the member is quick and easy. Most credit unions are choosing to educate the member in the call center or branch and asking them to download the app at that time. They walk them through the download, connection, and authentication process so the member feels comfortable with what to expect the next time they interact with the credit union. Early credit union adopters of MemberPass are surveying their members about the experience and receiving feedback, such as 87% of members reported the process is “very easy” and the members plan to use the credential in the future.
What happens if the member loses their phone?Grant Allen2020-10-07T09:01:10-06:00
If the member loses their phone, their personal information in MemberPass remains encrypted and protected. Many phone handsets come with a remote erase function. We recommend that the member follows your device manufacturer’s instructions to do this. Search for “Remote erase [handset] lost phone”. The member should also report their phone lost to their carrier/mobile network provider and your credit union.
However, since MemberPass is stored securely on your phone and requires your biometrics to access and share their credential, anyone else who intercepts your phone will not be able to steal their MemberPass digital ID. If the member didn’t back up their MemberPass, they can notify your credit union to unenroll their original MemberPass and issue a new one.
Does a member need a smart phone to use MemberPass?Julie Esser2020-10-06T14:09:26-06:00
Yes. MemberPass leverages the security features of the smart phone to protect the member’s digital identity within the digital identity wallet that resides on their phone. Since the wallet is also secured with biometric and/or 6-digit PIN access, their MemberPass digital ID remains secure should their phone ever be lost or stolen.
Where can a member use MemberPass?Grant Allen2020-10-07T09:03:37-06:00
Currently, your members can use their MemberPass at any participating credit union any time they interact with your credit union whether they visit or drive up at a branch or call into the call center.
Who is involved on a project team?Grant Allen2020-09-28T12:55:25-06:00
The project team should consist of a mix of cross-functional team members to ensure the success of your MemberPass deployment, such as project management, technical support, quality assurance, info security team, risk management, training, and marketing, to name a few.
What happens if the member gets a new phone?Grant Allen2020-09-28T13:03:54-06:00
If a member informs you they have a new phone, you just need to unenroll their MemberPass and enroll them again with their new phone. In the future, the member will be able to transfer their MemberPass to a new phone by using the backup and restore process.
Can I backup my MemberPass?Julie Esser2020-10-06T14:09:20-06:00
You can back up your MemberPassTM from the settings menu of the Connect.Me application. We recommend that you do this whenever you update your information. MemberPassTM creates a securely encrypted file of your information and your activity. You can choose to save this in your favorite location such as:
You should keep this file safe in case you need to restore your MemberPassTM in the future. Remember to take regular backups.
Can members use their MemberPass in other places outside of the credit union?Grant Allen2020-10-06T14:07:22-06:00
Portability and interoperability are two important features that make MemberPass unique and gives your members freedom to use their digital identities anywhere and not just your credit union and regardless if your credit union participates in a shared branching network. In the future, your member will be able to use their MemberPass for things outside of the credit union, like an employer or government.
Will I have a project manager from CULedger?Grant Allen2020-09-28T12:55:30-06:00
Your MemberPassTM data is encrypted and stored in a secure location on your mobile device. It is not stored in a central database that could be hacked or otherwise accessed by others – it is always with you, on your device. And because your biometrics are used to unlock your MemberPassTM on your device, only you can access and use your data.
Can a member utilize MemberPass on an iPad?Grant Allen2020-10-06T14:07:29-06:00
The member can delete their MemberPass by contacting your credit union or by deleting the MemberPass app from their device. When the member deletes their MemberPass app, all of their personal information will be permanently removed from their device and they will no longer be able to use their MemberPass. If the member wants to move their MemberPass to another phone, they should follow the instructions in “What happens if the member gets a new phone?”.
Who has access to my personal data?Julie Esser2020-10-07T09:22:22-06:00
Only you have access to your MemberPassTM data. MemberPassTM allows you to:
Manage who you share your identity with
Ensure you are sharing your identity with the intended recipient (i.e., you are sharing with your credit union versus a bad actor imitating your credit union)
Store your digital credential on your secure device and never in a central database subject to compromise
MemberPassTM puts you in control. You are the only one in control of your identity information and share it only when giving your permission. And only the intended recipient can access information from your MemberPassTM.
Are any credit unions using MemberPass in their digital channels?Grant Allen2020-09-28T12:28:54-06:00
While we don’t have any credit unions currently deploying MemberPass inside of their own mobile banking application, we have received interest from credit unions to pursue this capability. We are working with multiple mobile banking providers to develop standard integrations of MemberPass.
What type of marketing assistance do you provide for credit unions?Grant Allen2020-09-28T12:55:39-06:00
We have a marketing deployment toolkit to assist the credit unions with promoting MemberPass to your members. This marketing deployment tool kit includes templates for items like statement inserts, table tents, brochures, buck slips, banner, and more.
If I have accounts at different credit unions or banks, do I need a different MemberPass for each account or will one work for all of them?Grant Allen2020-10-07T09:00:37-06:00
MemberPass is a digital identity that will be issued by credit unions only. Members may have more than one MemberPass in their digital identity wallet if they belong to more than one credit union. The MemberPass digital identity wallet will allow the member to determine the source of truth (or the issuer) to vouch for a certain identity attribute that is being requested by a verifier.
What happens if I lose my phone?Julie Esser2020-10-07T09:19:20-06:00
If you lose your phone, your personal information in MemberPassTM remains encrypted and protected. Many phone handsets come with a remote erase function. We recommend that you follow your device manufacturer’s instructions to do this. Search for “Remote erase [handset] lost phone”. You should also report it lost to your carrier / mobile network provider and your credit union.
However, since MemberPassTM is stored securely on your phone and requires your biometrics to access and share your credential, anyone else who intercepts your phone will not be able to steal your MemberPassTM credential.
If you have backed up your MemberPassTM, you will be able to restore it during the set-up of MemberPassTM from your new device. If you didn’t back up your MemberPassTM, you can notify your credit union to unenroll your MemberPassTM and issue a new one.
How would the MemberPass digital ID work in conjunction with our call center relationships such as PSCU or Coop? Are they connected into these networks directly or do they work through us?Grant Allen2020-09-28T12:29:06-06:00
PSCU is one of our investors and we have been working with them very closely on integrating MemberPass into their call center operations. There will be more details available about this integration opportunity with PSCU in the coming year ahead.
Will training be provided for my staff?Grant Allen2020-09-28T12:55:42-06:00
You can transfer your MemberPassTM to a new phone by using the backup and restore process. Before handing back your old phone, take a backup. On your new phone, follow the restore process.
Your personal information in your MemberPassTM wallet on your old phone remains encrypted and protected. Once you’ve completed the restore to your new phone, you will no longer be able to access MemberPassTM on your old device.
As a general good practice, we recommend restoring your old phone to factory settings to remove all your information, such as contacts, messages and emails.
Are any of the credit unions currently using this solution at their ATMs and can MemberPass replace PINs at ATMs?Grant Allen2020-09-28T12:29:20-06:00
Currently, there are no credit unions using MemberPass at their ATMs, but we have many who have expressed interest in that particular use case, even to the extent of going completely cardless and using MemberPass to facilitate a transaction.
If a true fraud attempt occurs in the call center, what happens?Grant Allen2020-09-28T13:07:27-06:00
If a call center fraud attempt happens, the actual member will get a message on their phone asking if they are on the phone with their credit union. If they say “no,” the MemberPass digital identity wallet will transmit a response, a big red “X” will appear on the MSR’s screen and the transaction/call will end.
What if I want to delete my MemberPass?Julie Esser2020-10-07T09:04:16-06:00
You can delete your MemberPassTM by contacting your credit union or by following these three simple steps.
Click on the Connection you want to delete in the Connect.Me app
Click on the 3 vertical dot icon in the upper right corner
Select Delete Connection
When you delete your MemberPassTM, all your personal information will be permanently removed from your device and you will no longer be able to use your MemberPassTM.
If you chose to delete your MemberPassTM, yourbackup file will no longer work in the restore process. If you want to move your MemberPassTM to another phone, follow the instructions in “What if I get a new phone?”.
Can this be used with ITM technology?Grant Allen2020-09-28T12:29:41-06:00
The MemberPass digital identity wallet is portable and they can take it with them as it will remain on the member’s smart phone until they delete it. However, the MemberPass credential issued by your credit union may not be. Your credit union is able to disable the MemberPass credential if a member leaves your credit union.
I’m interested in signing up, where can I get a MemberPass?Julie Esser2020-10-07T09:22:31-06:00
MemberPassTM has completed a number of pilots and can only be obtained a few credit unions currently. More credit unions will be offering MemberPassTM to their members soon! Please check back in the future for news about MemberPassTM launching in your area. Not a credit union member and interested in learning more about the credit union difference, visit www.asmarterchoice.org to learn more!
Our credit union is using an e-notary and e-closing capability for our mortgage loans more than ever. Do you envision this replacing traditional notary services in the future?Grant Allen2020-09-28T12:29:57-06:00
It is possible MemberPass could replace e-notary services in the future. We are working with those providers to explore integration opportunities. The MemberPass digital identity comes with an audit trail feature automatically and all transactions are date/time stamped.
My credit union wants to implement MemberPass, but we have other projects that need to occur before we can begin the MemberPass project. Are there any steps we can take now to get started that may shorten the implementation time once we are ready to begin?Grant Allen2020-09-28T12:56:02-06:00
Yes! The first step is getting your credit union registered in the MemberPass Trust Registry, which establishes your credit union’s unique public identifier on the Sovrin Global Identity Network. This public identifier, or decentralized ID, is like the credit union’s public domain and will be how a credit union is recognized in the decentralized identity ecosystem. Visit www.memberpasstrustregistry.com to get started.
We understand that the portability of the credential is an important differentiator of MemberPass; however, we do not participate in shared branching, so why would portability be important to our credit union?Grant Allen2020-09-28T13:45:22-06:00
The member’s personal information is encrypted and stored in a secure location on their mobile device. It is not stored in a central database that could be hacked or otherwise accessed by others. And because the member’s biometrics is used to unlock their MemberPass digital identity wallet app, only the member can access and use the MemberPass digital identity. A permissioned-based distributed ledger is a central part of a self-sovereign identity network. There is no personal identifiable information that is ever stored on the distributed ledger. The information that is stored are about the issuing credit union: the public decentralized identifiers or DIDs, schema/credential definitions and revocation information.
Is MemberPass a new company?Julie Esser2020-09-28T14:05:13-06:00
MemberPassTM is a digital credential solution developed and owned by credit unions; specifically, MemberPassTM is offered from a Credit Union Service Organization (CUSO) called CULedger, on behalf of your credit union. The solution is built upon globally accepted standards designed to protect consumer privacy in all electronic exchanges.
Do you have a vendor integration roadmap?Grant Allen2020-09-28T12:30:32-06:00
Traditional SMS text identity verification has been proven to be insecure (and not recommended by US NIST) as it can be intercepted by fraudsters. The MemberPass digital identity is a highly secure, cryptographically signed credential that is issued to each member by a credit union. The process of issuing this digital identity uses SMS/text or QR codes to initially invite the member to download the MemberPass digital wallet app onto their smartphone.
During the enrollment process which is initiated by the credit union, the member will accept the MemberPass credential over a highly secured and encrypted connection between the credit union and each member and use it to validate the member’s MemberPass digital identity. In the future, this secure, encrypted connection feature will allow secure messaging between the credit union and the member.
Do you have a list of references of existing customers?Grant Allen2020-09-28T12:33:00-06:00
The core processor houses the record that indicates if a member has been enrolled with MemberPass and has a digital ID credential. If the member is not enrolled, the enrollment function would not appear on the teller screen. We are not dependent on the core so long as there is a place that determines whether or not a member has been enrolled with MemberPass.
Are there any plans to integrate into core platforms?Grant Allen2020-09-28T13:15:55-06:00
Yes, we currently have integrations with Symitar’s Episys, Corelation/Keystone, FIS Miser, and Fiserv DNA and have plans to expand into other core platforms. TruWest Credit Union deployed MemberPass into its call center without a core integration. To learn more about TruWest Credit Union’s unique implementation, please contact us.
How much does MemberPass cost?Grant Allen2020-09-28T12:33:17-06:00
Yes, the new MemberPass-branded app features an embedded wallet SDK (software development kit), which will allow your proprietary mobile app to become a digital identity wallet. This means your credit union can authenticate and securely message your members directly from your mobile app. Our API, which can be found here by requesting our developer kit, and a software development kit (SDK) that are useful for a custom online banking integration. We can send you the developer kit directly as well.
Can you speak to the problem of “the weakest link” in the authentication process? For example, what if a credit union issues a bad actor a MemberPass?Grant Allen2020-09-28T12:33:32-06:00
The issuance of MemberPass relies on the credit union’s KYC, customer identification processes to determine whether or not a member should have a MemberPass digital identity. The weakest link will always be a human mistake in the process.
Are there any plans to integrate with mobile banking providers?Grant Allen2020-09-28T13:27:59-06:00
We are working with some of the key mobile application providers like NCR/Digital Insight, Alkami, Q2, and others to allow credit unions to use the MemberPass digital identity wallet inside their applications.
How does MemberPass protect against SIM swapping?Grant Allen2020-09-28T12:33:55-06:00
Because MemberPass uses an out-of-band data channel that is tied to the device with a secured, encrypted connection, if your phone’s SIM is ported or swapped, the thief will not have the secure encrypted connection. The only time SIM porting is a risk is during onboarding—when the member receives the text message to download the MemberPass app. However, there is a very short time window (seconds) where we are dependent on the SIM/phone number.
I am not a developer and the documentation appear to be geared toward developers. While I am sure they will be helpful to aid in an implementation, what technical documentation can you provide that gives details on the platforms design and operations?Grant Allen2020-09-28T13:29:45-06:00
Evernym is CULedger’s technology partner that created the user/member interface for MemberPass and integration with the Sovrin Network, which is a global distributed ledger (or blockchain) designed exclusively to support digital trust networks and verifiable digital credentials. Evernym provides both the credit union’s and member’s agent software stack.
Our credit union is considering implementing voice biometrics into our call center. How does voice biometrics compare with MemberPass?Grant Allen2020-09-28T12:34:37-06:00
There are four differentiating factors that makeds MemberPass different from voice biometric solutions used in the call center.
1. MemberPass provides two-way, bi-directional communication assurances. Not only is MemberPass effective for the credit union to identify their members’ identity, but your members can trust they are speaking with your credit union when you call without the fear of being spoofed.
2. Voice biometrics is only effective in one channel—the call center. MemberPass works across all of your channels.
3. The member does not control or decides when or how to share their digital ID.
4. Voice biometrics only works for the credit union that uses it or contracts for the service. Other credit unions can have the opportunity to utilize a MemberPass credential issued by another credit union in the case of shared branching, making it interoperable.
We understand that MemberPass is more secure as a result of the use of distributed ledger technology; however, how will it protect against the compromise of personally identifiable information (PII); isn’t PII involved when a member is enrolled in MemberPass?Grant Allen2020-09-28T13:31:08-06:00
It is not stored in a central database that could be hacked or otherwise accessed by others. And because the member’s biometrics is used to unlock their MemberPass digital identity wallet app, only the member can access and use the MemberPass digital identity. A permissioned-based distributed ledger is a central part of a self-sovereign identity network. There is no personal identifiable information that is ever stored on the distributed ledger. The information that is stored is about the issuing credit union: the public decentralized identifiers or DIDs, schema/credential definitions, and revocation information.
How long does it take to implement MemberPass?Grant Allen2020-09-28T12:34:51-06:00
Yes, 32-bit Android and Apple devices and 32-bit operating systems are not supported by the MemberPass app. When end users attempt to download the MemberPass app, they will see an error that reads “Your device isn’t compatible with this version.” There are a variety of 32-bit devices and operating systems in the market, but overall, the number is very low.
Is there anything else like MemberPass in the market today?Grant Allen2020-09-28T12:35:02-06:00
There truly isn’t anything like MemberPass in the market today. Other identity-related products have a central authority between the credit union and the member, can contain outdated security features, like SMS text messaging, are geared toward a channel-specific use case and not across all channels (current and future), and don’t allow the consumer to own and control their personal information. Barclays predicts that by 2022, 40% of all customer interactions will be based on self-sovereign identity. MemberPass was developed by credit unions for credit unions and their members, keeping their privacy and safety interests in mind.
Are there any issues with the cell phone carriers accepting short codes from text messages, like the one that is sent to the member during enrollment?Grant Allen2020-10-07T08:09:22-06:00
We have become aware of this issue with the carrier, T-Mobile. During enrollment, the member will need to call T-Mobile to unblock the shortcode to they can install the MemberPass app on their phone. This applies to cell phone uses who may be on corporate plans or who have explicitly turned on a blocking feature to prevent the delivery of SMS text messages from shortcodes.
Does my credit union need to set up and maintain a node on the distributed ledger network?Grant Allen2020-09-28T13:33:11-06:00