Cannabis banking. Data breaches. Taxation of credit unions. The disappearance of small credit unions. The rise of $10 billion+ credit union behemoths. Welcome to the world of Caroline Willard, CEO of the Cornerstone League and, before that, she spent a decade at Co-Op in senior marketing slots.
What do credit unions need to do to survive? What do leagues need to do? Willard offers candid and also optimistic thoughts about these life and death questions.
She also offers insights into what leagues can do to help small credit unions survive in an age of ever more complex and expensive compliance requirements.
And she challenges credit unions to be a bit more like Rocket Mortgage – and if you want to continue to write home loans you will pay heed.
Pay heed too to her thoughts on how taxation of credit unions just might be an existential threat to the industry.
Washington, D.C. district attorney Karl A. Racine just dropped a bomb on Marriott International – and we all should applaud him.
The target of Racine’s ire: resort fees, charged by increasing numbers of hotels who have decided it is so easy to pick our pockets, they would be fools if they didn’t. So $20, maybe as much as $50 is slapped on our hotel room rates but those numbers don’t show up when we search in Expedia, Trivago, etc.
Resort fees can make a huge difference. Just this a.m. I looked at an Arizona hotel that had a summer special for Arizona residents only. The nightly rate: $224. In the fine print however I’m told there’s a $41 resort fee. That’s a nearly 20% bump.
A guess is that industrywide resort fees now put $2.7 billion, or more, in hoteliers’ pockets yearly.
Enter AG Racine. “Marriott reaped hundreds of millions of dollars in profit by deceiving consumers about the true price of its hotel rooms. Bait-and-switch advertising and deceptive pricing practices are illegal. With this lawsuit, we are seeking monetary relief for tens of thousands of District consumers who paid hidden resort fees and to force Marriott to be fully transparent about their prices so consumers can make informed decisions when booking hotel rooms.”
The lawsuit elaborated: “One key effect of this price deception is that consumers shopping for a hotel room on either Marriott’s website, or an online travel agency site (OTA) like Priceline or Expedia, are misled into believing a Marriott hotel room is cheaper than it actually is.”
Marriott of course has a different take. In an interview on LinkedIn, CEO Arne Sorenson vigorously defended the fees. He said: “You’ve got resort fees in hotels, baggage fees in airlines. None of us as consumers necessarily love it. What we’ve tried to do is be very transparent with disclosure.”
What absolute nonsense.
Everytime we fly we have a choice – do we pay to check a bag or don’t we? Personally I have never paid to check a bag. As in not once.
At many resorts the resort fee is inescapable. Go ahead, try. Say: I don’t plan to swim in the pool, use your idiot gym, don’t want the junk newspaper, and am perfectly happy to be denied all that you bundle in it.
And I definitely don’t want the hotel WiFi which is dangerous to use.
Used to be a loud consumer could talk his/her way out of a resort fee at the check in desk. It has gotten much, much harder. Hotels are digging in their heels.
The greed multiplies. Now more hotels in urban areas are imposing “urban fees.” According to the New York Times the Sofitel in Washington DC slaps guests with a $25 daily fee to cover “premium” Internet access, bottled water, yoga classes, and access to a bike share program. Many, many others are doing likewise.
Is there anything on that list you actually want? Or would use? Maybe the bottled water.
Some 55 hotels in San Francisco are reported to charge a resort or urban fee, for instance.
Back up a step. Is there real reason to believe now is a moment when resort and urban fees may in fact vanish?
I have written about resort fees for some years. Nothing changed except the fees got bigger and more resorts and hotels charged them.
Now things look different however.
According to Skift, “’The real takeaway from this lawsuit is to have an important jurisdiction file against a big company,’ said [NYU’s Bjorn] Hanson. ‘Other hotels will have to wait and see what happens, but other states and jurisdictions will feel that now is the time to go after them.’”
Hospitality lawyer Jim Butler notes this: “We have cautioned that consumer frustration over this issue is very high, and government agencies have periodically shown significant interest in jumping on a populist bandwagon. But today, it looks like the situation may have finally reached a turning point.”
What’s an individual hotel guest to do? Act on what Hanson said. Write your state attorney general and urge him/her to follow in Washington, D.C.’s lead. Handy list here. Another list here.
For an ambitious AG in a Democratic state, it’s an easy and sure way to grab headlines, win better name recognition, and get known as a consumer advocate. Goodby AG, hello governor.
Yes, hoteliers don’t like what they see coming. But it’s hard to have sympathy for folks who have been picking our pockets since perhaps 1997.
If you are reading this on hotel WiFi, sign off now. A new Bloomberg report underlines how porous hotel WiFi networks are. This is a long look at the problem and that’s good because it is a grim reality that savvy travelers need to know about.
Do you care if hackers have your credit card numbers, maybe passport info, possibly driver’s license details, hotel loyalty program log in and password, and probably more? Because they do. Because hotels do not care about your privacy. They just don’t.
Of course this week’s news is about airlines and breaches – specifically BA – and they have a sorry history of poor defense against hackers. Don’t get distracted however. Airlines are bad at this. But hotels are simply the worst.
Forgive me a Cassandra moment. I have been writing about how much hotel WiFi sucks for at least a decade. The stories are manifold and they always say the same: hackers long ago figured out that hotels have essentially no protections on their wifi networks so it is very much a wild west where an Internet caveat emptor prevails.
Except the odds are stacked against you: the hackers are very good at their work, which is stealing salable data. Hotels are very bad at protecting our data. Hotel group after hotel group has fallen victim to hackers. Trump. Hard Rock. Hilton. Marriott.
Information security blogger Brian Krebs has reported that the Marriott (Starwood) breach involved 500 million of us.
In a mea culpa, Marriott said: “The company has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property. For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128). There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken. For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address, or other information.”
As for who hacked these hotels, nobody knows. In many cases it doubtless is ordinary, common criminals. In other cases, something else may be afoot. Noted Bloomberg: “Marriott hasn’t found any evidence of customer data showing up on dark-web marketplaces, CEO Arne Sorenson told a Senate committee hearing in March. That sounds like good news but may actually be bad. The lack of commercial intent indicated to security experts that the hack was carried out by a government, which might use the data to extrapolate information about politicians, intelligence assets, and business leaders.”
Yep. The Chinese are believed to be voluminous acquirers of data. But the Russian aren’t slouches. Several European governments are in the game too. And the US government increasingly is active. In that last case it is difficult to see a hack on a domestic company. But impossible? Not really.
Understand this: hotels are truly bad at protecting data. It’s an industrywide malady. And hotels are lots worse than most other industries. Bloomberg posits a theory: “Hospitality companies long saw technology as antithetical to the human touch that represented good service. The industry’s admirable habit of promoting from the bottom up means it’s not uncommon to find IT executives who started their careers toting luggage. Former bellboys might understand how a hotel works better than a software engineer, but that doesn’t mean they understand network architecture.”
That rings true to me.
Bloomberg went on: “There’s also a structural issue. Companies such as Marriott and Hilton are responsible for securing brand-wide databases that store reservations and loyalty program information. But the task of protecting the electronic locks or guest Wi-Fi at an individual property falls on the investors who own the hotels. Many of them operate on thin margins and would rather spend money on things their customers actually see, such as new carpeting or state-of-the-art televisions.”
In the big chains the vast majority of hotels are owned by “asset holders” – everything from pension funds and big insurance companies to wealthy individuals. They have to be persuaded to fund big ticket campaigns. And often they haven’t been.
The result in the hotel business is a patchwork of old, cruddy, unreliable technology.
But you do not have to be a victim. There is nothing we can do to strengthen the defenses around a hotel’s property management system, etc. But we can take steps to protect ourselves when it involves WiFi.
You have three options. Definitely use them in hotels, but also in airports, coffee shops, and airport lounges. I don’t guarantee your safety but I promise you will be much, much safer than if you don’t take such steps.
O Create a personal hotspot with your cellphone and log in via it. Cellular data is much, much more secure than is hotel network data. Not perfect. But good enough for most of us. This has been my go to for some years.
O Use VPN, a virtual private network. There are known limitations to the security delivered by VPNs. I personally no longer use one. But I know many companies require their traveling execs use a vpn and if that’s policy, it is much, much better than logging on naked to a hotel network.
O Use Silo or a similar secure browser. The secure browser processes all web data inside a secure container so even if a user accesses malware it’s no harm, because the data won’t reach the user’s computer. Silo also encrypts traffic to shield it from prying eyes. A tool such as Silo offers more robust protection than do VPNs. (Note: I have been paid by Silo’s developer for past work. That company had no involvement in this column and did not pay me for this.)
That’s three choices. On your next hotel stay when you log into the Internet use one of the three and know that you will be a lot safer than the guests who log into the hotel’s computer. There is no excuse for not protecting yourself. Not when you know just how perilous hotel networks are and will almost certainly remain.
Elder fraud is big business. The FBI calculates last year’s losses at over $700 million and involving two million seniors.
That’s a lot of pain.
The scams are predictable. “Your grandson has been arrested. He’s in jail in Memphis. You need to bail him out. It’s dangerous. Send $5000 in gift cards.”
There are variations. But the usual drill is that a relative has fallen into trouble and the senior can be the hero.
But now credit unions are entering this scene.
Here to tell us what credit unions are doing is Walt Laskos, senior vice president, strategic communications at the Cooperative Credit Union Association, a multi state league covering Massachusetts, New Hampshire, Rhode Island and Delaware.
Leagues – usually – spend the bulk of their time lobbying.
But CCUA is putting a lot of energy into fighting elder fraud and helping credit unions to do likewise.
It’s also very, very good PR for credit unions, says Laskos. That’s not why CCUA does it but the side benefit is really.
Listen up as he talks about what CCUA is doing, with whom, and what the community reaction has been.
New York City mayor Bill de Blasio has released a report that skewers the NCUA for failing to work with taxi medallion borrowers who owe much more on their medallion loan than the medallion is worth. And stressed drivers, a few at least, are committing suicide in despair.
The report did not pull its punch: “credit unions taken over by the NCUA are often the least willing to work with drivers struggling to afford their monthly loan payments.”
Read that again. New York City is saying NCUA, sitting on a huge bucket of medallion loans that are backed by an asset – the medallion – that continues to trade at a small fraction of its highest prices, which often eclipsed $1 million. Lately they have sold for $160,000 – is showing no willingness to flex in finding a resolution to these loans.
NCUA has issued a quick denial: “The NCUA, as liquidator for the failed credit unions, is working with these borrowers to modify credit union loans where possible through payment reductions, lower interest rates, or term adjustments,” said agency spokesperson John Fairbacks in a statement reported by CuTimes.
“We remain committed to balancing the needs of these borrowers with meeting the congressionally mandated requirement for the NCUA to ensure the safety and soundness of credit unions and the National Credit Union Share Insurance Fund,” Fairbanks added.
NCUA owns medallion loans from at least three credit unions: LOMTO, Bay Ridge, and Melrose. The Office of the Inspector General issued a baleful report in March. The loss to the National Credit Union Share Insurance Fund is estimated at $765.5 million.
Why has the taxi medallion lost so much value? It’s not just a New York issue, by the way. Medallions have cratered in San Francisco and Philadelphia, to name just two. The root cause: the proliferation of Uber and Lyft as more of us turn to the platform transportation companies. There also are multiple nascent worker-owned cooperatives focused on creating city specific Uber competitors. (Hear a podcast on such ventures here.)
As for why the credit unions blew up, the OIG said: “The Credit Unions maintained significant concentrations in loans collateralized by taxi medallions. Except for credit unions that qualify for an exception, the Federal Credit Union Act limits the aggregate balance of member business loan (MBL) portfolios to 175 percent of the credit union’s net worth. This statutory requirement is implemented in NCUA’s regulations. All three Credit Unions qualified for an exception from this limit based on NCUA granting their charter for the purpose of making MBLs or having a history of primarily making MBLs prior to September 30, 1998. Technological innovation, specifically mobile ridesharing (or ride-hailing) companies such as Uber and Lyft, gained market share in cities across the country and caused disruption to the taxi industry. The disruption to the industry resulted in financial difficulty for many traditional taxi drivers across the country,and impacted the Credit Unions significantly through increased delinquencies and losses on loans collateralized by taxi medallions.”
And the credit unions significantly mismanaged a collapsing marketplace, per the OIG: “The Credit Unions failed to manage their respective loan portfolios in a safe and sound manner. Examiners repeatedly noted the Credit Unions were engaged in unsafe lending practices, in particular inadequate loan underwriting and monitoring of taxi medallion loans.
Specific examples of inadequate underwriting include frequent failure of the Credit Unions tofully analyze borrower financial information, insufficient detail included in credit memoranda to make a fully informed lending decision, risky loan terms, unsupported cash out refinances, inadequate credit risk management policies, and failure to identify and account for modified loans as Troubled Debt Restructures (TDRs). Additionally, the Credit Unions frequently based lending decisions on inflated market values of taxi medallions rather than industry accepted best practices for loan underwriting such as cash flow analysis, debt service coverage, and secondary sources of repayment.”
Here’s the present reality: it is highly improbable that more than a fraction of the medallion holders will be able to repay those inflated loans. Their incomes have collapsed as more riders shifted to Uber, et. al. It also is increasingly difficult to keep a medallion on the streets and working 24/7, the old fashioned model. Drivers are scarcer as more have shifted to driving for Uber and Lyft.
According to the NY Daily News, the average indebtedness of a medallion loan holder is upwards of $340,000 apiece. According to the Daily News, “Their loan payments ranged from $2,500 to $4,000 per month — in 2018 an average yellow cab medallion brought in $10,200 per month, data shows. The additional costs of buying cars, maintenance, insurance and other expenses leaves many medallion owners scraping by.
Half of the medallion owners surveyed said they struggle to pay bills on time, and one in four said they are considering bankruptcy.”
Some agitate for New York City to bail out the drivers and assume some of the cost of the medallions but de Blasio says that is not happening. “The honest truth is, it’s something we can’t reach,” said de Blasio. “We do not have the capacity as a city to provide that. I wish we did, but we don’t.”
De Blasio – obviously – wants NCUA to eat more of the medallion debt.
NCUA wants de Blasio to eat the debt.
Right now both are choking.
Does anyone know how to perform the Hemlich before more taxi drivers die?
Robert McGarvey drove a medallioned cab many years ago in Boston and Cambridge, Mass. It was hard work then, it’s hard work now.
Talk to Cathie Mahon, CEO of Inclusiv, and it’s a fast ride into what mission makes a credit union special, distinctive and in her mind the answer is clear: serving the underserved and usually that means economically disadvantaged.
She has tantalizing insights too. For instance: she tells why the business model of community development credit unions may in fact be primed for greater success than the model followed by most credit unions.
This is all about making credit unions work for their communities. That’s cooperative principles in action.
There are about 1000 so-called community development financial institutions (CDFIs). They do good work. Tune in to find out more.
Put phishing emails in front of credit union employees and how many will fall for them and cough up sensitive info? 20 to 60% will get conned.
And that can be costly to a credit union, both in terms of money and reputation.
Enter BrightWise, a Des Moines Iowa cyber training company created by Sherri Davidoff, CEO of LMG Security, and the Iowa Credit Union League’s holding company Affiliates Management Company (AMC).
After training, said Davidoff, the number of employees who fall for the phishing con tumbles below 10%.
What BrightWise will focus on, said Davidoff, are fun, short videos – think maybe five minutes – than an employee can absorb at his/her leisure.
Smarter employees are critical because how hackers work has changed, said Davidoff. “It’s no longer 13-year-olds in their moms’ basements that are hacking us; it’s organized crime groups all over the world,” Davidoff shared with NBC’s Today Show.
“People tend to think cybersecurity happens in the IT department,” added Davidoff. “Front-line staff are under constant assault from crooks and their automated robots, look-alike communications and other crafty tricks. We have to arm employees with knowledge, but also give them the tactics they need to sidestep cyber sneak attacks.”
Want more details on the Paul Allen scam? Read this.
Listen up to this podcast for a fast overview of the cyber threats credit unions face – and what they can, indeed must, do to protect themselves and their members.
A nasty secret about hotels is that a lot have bedbugs. I am talking five star hotels and hostels, dives and ultra luxury digs. Guests bring them. And they often leave them behind. To bite the next guest, suck some blood, and very probably crawl into a suitcase and come home with you. That last is a real threat. Most of us don’t notice a bedbug bite or two, or we think we nicked ourselves with something in the hotel bathroom.
Wrong. Sleep with bedbugs in a hotel and they are coming home with you.
If you like scary reading, click here for a roundup of TripAdvisor user complaints about bedbugs in hotels. You’ll get a sense of how global the issue is, both geographically but also economically. Staying only in luxe properties is no protection.
I have lived through a bedbug infestation in my home. It sucks. It cost $600 in exterminator fees to clear up. Plus a lot of sheets and blanket cleaning and washing. Along the way, there were many bites, some of which leave horrendous marks. The bites also are itchy and you just feel disgusting knowing you are an edible blood bank for who knows how many insects.
The cause of that infestation probably was a neighbor, not a hotel, but as our knowledge of bedbugs grew in that incident so did the realization that we had in fact been bitten by bedbugs in hotels in the past.
No surprise there. Hotels are fighting against what amount to a bedbug epidemic. It is not clear who is winning.
According to the New York Times, “A 2016 survey of 100 hotels in the United States, conducted by Orkin, a pest control company, found that 82 percent of them had been treated for bedbugs in the previous year. “
Personally I’m not troubled that 82% had been treated for bedbugs in the past year. I’m more troubled by the 18% that hadn’t been.
Conde Nast Traveler shouts: Bed bugs in hotels are on the rise.
Travelpulse says, Hotels are spending big money on bed bugs.
Exactly three states have laws that explicitly obligate a hotel to remove a bedbug ridden room from occupancy. That’s Kansas, West Virginia, and Nevada.
That means the onus is on you to protect yourself from bedbugs.
Having been through a bedbug infestation once, I am determined not to bring back bugs from the hotels I stay in.
Consumer Reports outlines a self-defense program to take when entering a hotel room.
Step 1: Put your luggage in the bathroom or on a luggage rack. Probably they are free of bedbugs.
Step 2: Pull back the sheets and check the mattress and box spring for signs of bedbugs – they are visible to the naked eye. Keep your eyes peeled for “exoskeletons (casings that the bugs leave behind when they molt) and dark, rust-colored spots.” Those spots probably are dried blood, by the way.
Says CR: “If you see any telltale signs, tell hotel staff and ask for a new room, preferably in another part of the building.”
Personally, I would check out and decline to pay. But there’s no guarantee the hotel down the block doesn’t also have a bedbug problem so maybe I am spinning my own wheels.
You want a more meticulous inspection? Hotel Businesscontent sponsored by ActiveGuard offers a multi-step program for hotel housekeeping to implement in a hunt for bedbugs. It’s detailed. And you’ll want to have a flashlight in hand. But if you want high confidence that your room is bedbug free, go with this six step program that looks at everything from the underside of the box spring to the edges of the headboard. The steps are here.
If you check out from a hotel after just one night you might not notice bug bites until you are on your way home. Often it’s an itch that first gets your attention. Then you notice the bites and you know you’ve been dinner for a bug. All’s not lost. You still can save yourself a home infestation. Put your clothes in the dryer for at least 30 minutes. Wash them if you wish but bedbugs can usually survive water. It’s the heat that kills them.
If you are beginning to think they are everywhere, they are. And there are more infestations reported in summer, per the National Pest Management Association: “More than half of pest control professionals noted that they receive the most bed bug complaints during the summer, as increased travel during this time of the year may help spread bed bugs from vacation destinations to homes or even college lodgings to homes as students go on summer break.”
Inspect hotel rooms, always. Inspect your luggage when you get home. Ditto when cruising. Be wary of seating in airports, movie theaters, etc. Stay vigilant and bedbugs can be beaten.
Corruption. Greed. Ignorance. Racism. Sexism. Words you don’t usually hear spoken about cooperatives. But brace yourself because in the next hour you will as The Cooperators Podcast talks with Jake Schlachter, founder and executive director of We Own It, a Madison Wisconsin based organization aimed at energizing the 130 million of us who belong to cooperatives in the US to seize control, to put our cooperatives in the directions we want them to go.
We have that power.
We just have to know it. And use it.
We are member owners. We Own It wants to remind us about that. And offer us tips on how best to use our powers.
The primary focus of We Own It right now are electric cooperatives and, yes, they have a glorious history. They brought light to the darkness of rural America. It sounds like a Biblical moment.
But now, at many rural electric co-ops, it’s more akin to the expulsion from the Garden of Eden.
Board members paid six figures for what many believe are volunteers jobs.
Boards with no African Americans serving populations with many African American members.
Boards with no women.
Boards that could spell solar if you spot them the consonants. And many of those boards also just don’t get that adding broadband Internet to their services just may save them for generations to come.
Some electric co-ops are grand indeed. Some aren’t. We Own It aims to energize members to transform the latter.
We Own It also has its eyes on credit unions which talk a good game of member ownership – but many credit unions fail miserably when it comes to empowering their member owners. Have you ever voted in a credit union election? Ever?
The podcast also detours into food co-ops – and what they can teach electric co-ops and what they can learn from other co-ops.
To read my interview with scholar Robert Putnam on “Bowling Alone,” read my interview here.
This is fundamentally a very optimistic podcast. But at times it may seem we stepped into Apocalypse Now and all we can do is mumble the horror, the horror.
Like what you are hearing? The Cooperators Podcast seeks sponsors and supporters to help us spread the word about cooperatives and how they often are the better way. Contact Robert McGarvey to find out what you can do to sustain this podcast.