McGarvey's Words: Journalist…Podcaster..Speaker

By Robert McGarvey

Call it deja vu all over again: A March 2, 2020 Travel Weekly headline screams: “Latest targets of fraudsters are hotel and airline loyalty points.”

I first recall writing about this in 2014: The Hilton HHonors Hack: Loyalty Programs Under Siege and How to Protect Yourself.   

Again in 2015: United’s MileagePlus, American’s AAdvantage Loyalty Programs Have Been Hacked.

I wrote about it most recently a year and a half ago in this space: Do You Know Who’s Stealing Your Airline Miles?

You might think the bad news is that nothing has changed. You’d be wrong.  The worse news is that, yes, nothing has changed and cyber thieves – knowing we now have so many ways to accumulate miles and points – are more energetically emptying out our accounts because, apparently, neither hotels nor airlines have done much to batten those hatches and secure their loyalty program against pickpockets.

What’s the allure for crooks? As I wrote in the Hilton story six and one-half years ago: “Huge buckets of Hilton points – sometimes in the hundreds of thousands – have shown up in hacker bazaars, where one vendor, for instance, offered 250,000 points for $3.50. At the Hilton shopping mall, an Apple iPad Air 64G is yours for 489,000 points – so at that criminal exchange rate, maybe $7 (payable in Bitcoin) will grab it. There are other, reported cases where around $10 in Bitcoin bought enough points to claim over $1,000 in hotel room nights.”

What a deal.

The Loyalty Security Association meanwhile estimates that 1% of airline mile redemptions are fraudulent.

But that number may be growing, oddly in part because of a consumer friendly gesture on the part of carriers. Reported Travel Weekly, “Jeff Wixted, vice president of product management and operations for Accertify, an American Express subsidiary that provides fraud-prevention services, said loyalty fraud has especially accelerated in the past 15 to 18 months, with fraudsters buoyed recently by the growing trend among airlines to do away with point expirations.”

That of course meant there are more miles to steal from more inattentive consumers.

Wixted added that the value of US loyalty accounts is around $100 billion.

US consumers belong to some 3.8 billion loyalty programs, according to Clarus.  54% are inactive and those dormant accounts of course are prime for thievery.  If you haven’t checked your Delta account in years, would you even notice if miles had been pilfered?  Of course not.

I know I wouldn’t and, yes, over the years I’ve left multiple airline and hotel loyalty accounts go fallow and I have no idea if the zero balances I see are because the vendor wiped the account after X months of inactivity or if an enterprising thief hoovered them out.

Amex’s Wixted, by the way, predicted to Travel Weekly that the value of loyalty fraud will eventually eclipse the value of credit card fraud.

As for how criminals get our loyalty program details, the surest answer is the many breaches suffered by travel companies.  From Starwood to BA, there have been massive breaches involving hundreds of millions of us, probably billions of us all accounted.  

Experts warn that many of us also fall victim to phishing schemes – where we get a tasty offer from what appears to be a known travel provider, we respond with our program details and they are off to the races, while not only don’t we get the proferred deal, our loyalty balances are emptied out.

Criminals also are known to erect sham great deal pages where they harvest credit card and loyalty program info from bargain hunters who stumble in and can’t resist a prime New York hotel room at $49, for instance.

Know this: smart crooks increasingly are determined to rob our loyalty points and miles and they are succeeding at this larceny.

That does not mean the situation is hopeless.

Here’s our best defense: check loyalty programs regularly. My habitual practice was to review an account only when I wanted to cash in miles or points.

No more. Now I check the few accounts I  have decided to maintain – three airline programs, two hotels, one credit card – monthly. I do not rely on the hotels and airlines; their track records don’t breed confidence. So I provide my own vigilance.

Nope, I have detected no fraud.  

You might want to check more often, or maybe quarterly.  A right answer varies with how many miles and points are at stake.  And what those balances mean to you.

But accept this: in 2020, protection of our loyalty balances is on us.  

by Robert McGarvey

When a credit union buys a community bank is that dancing with the devil?

Welcome to the CU2.0 podcast with your host Robert McGarvey. Today’s guest Keith Leggett, now retired Chief Economist with the American Bankers Association who still actively writes his blog, Credit Union Watch.

The topic of the talk: bank – credit union mergers.

Some banking experts are up in arms about these mergers.  Not Leggett.  He says community banks that are up for sale generally are looking for the best valuation and credit unions, in some cases, are exactly that as they seek to add new business capabilities – especially in business lending – and a fast route to that capability is buying the right community bank and retaining key staff.

On that note. listen to the CU 2.0 podcast with retired SECU CEO Jim Blaine, whose ideas are referenced by Leggett. We also discuss Maine Harvest, a new charter, and Leggett points to research on credit union bank mergers via Filene, also the St. Louis Fed.

Numbers to remember. In the past two years there have been around 400 bank – bank mergers. There have been around 20 bank – credit union deals.

Meantime, Leggett tempers his positive perspective on bank – credit union deals by saying there needs to be a two way street, that is, the regulator needs to lighten up about credit unions selling out to banks.

Why do bankers so often loudly scream about bank mergers with credit unions? A lot has to do with association politics, says Leggett, who adds that there’s always a stronger response when a wolf is said to be at the door.

Listen here

Like what you are hearing? Find out how you can help sponsor this podcast here. Very affordable sponsorship packages are available. Email rjmcgarvey@gmail.com

Find out more about CU2.0 and the digital transformation of credit unions here. It’s a journey every credit union needs to take. Pronto

by Robert McGarvey

Here’s what the US government is telling foreign travelers to the US, business travelers very much included: Just stay home.

The numbers of foreign arrivals are plummeting, a reality that long predates the coronavirus scare. Here’s a Washington Post story from July: More people are traveling the world than ever. But the number coming to America is dropping.

Of course coronavirus is making matters worse but know this: even when the virus is tamed, foreign travelers will stay clear of the US. And this means business travelers – maybe business travelers in particular – who will stay away from trade shows, expos, conferences, even in person sales calls.

Why? “Crossing U.S. borders has never been easy, but today’s business travelers face an unprecedented range of issues amidst a constantly-shifting legal and regulatory landscape. Within the past month alone, the U.S. government has rolled out three new sets of travel restrictions: an expansion of the ‘Trump Travel Ban,’ a so-called ‘birth tourism’ ban, and a travel ban designed to contain the spread of the COVID-19 coronavirus from China,” said Rebecca Bernhard, a partner at the international law firm Dorsey & Whitney specializing in U.S. immigration and labor and employment law.

Bernhard continued: “Travelers must be ready for increasingly-hostile questioning from U.S. Customs and Border Protection (CBP) agents about the nature of their travel, itinerary while in the U.S., and whether their planned activities violate U.S. work authorization laws. Without fluency in facts, travelers can be refused entry and even permanently banned from the United States.”

You read right: she said hostile questioning. And if a traveler fails the quiz, or worse still, gets annoyed by the questioning, expect border delays to extend. That traveler may even be turned away.

Welcome to the US, baby.

How did we get this hostile? Here’s the big change, per Bernhard: “Travelers should be prepared to face ‘law enforcement’ culture at the border.” She added that we all need to expect this “enforcement-oriented environment due to President Trump’s administrative priorities.”

International travelers need to know you may be quizzed about your travels – and you need to know the details, warned Bernhard. I will confess that I have often traveled and not known where I was going to be the next day until I checked my itinerary. What did it matter? I was trying to be “Be Here Now” and in many cases, a “handler” simply told me where to go and so I went. But apparently it may no longer be good enough for foreign travelers at the border. Know your travel details.

Also know that your electronics are fair game, said Bernhard. The CBP personnel may want to search your devices – that means your phone and laptop – and your best bet is to carry little or no data cross border. Leave it in the cloud. Bring a burner phone.

This is sounding like a lot of hassle? You bet. And where there’s hassle we often just don’t go and that’s what smart foreign executives are deciding when a possible US trip looms on their schedule: “Send the junior person, boss. I’m too busy to go.”

How did we get to be a place to be avoided?

What’s this to you, you’re a US citizen? Listen up. First off, Bernhard warned that “4th amendment evaporates at the border – most normal rights are suspended, even for U.S. citizens.”

That also means your electronics too, which CBP may seek to search even if you are a US citizen. Yes, a judge has ruled that searches of a US citizen’s electronics without a “reasonable suspicion” are not Constitutional. But we are still discovering what amounts to a “reasonable” suspicion. Me, I am continuing to leave most data home which of course also is a good idea when traveling into most other countries (China, Israel, Russia may top the list of places to never bring data). My work is in the cloud, I travel with a cheap, old Chromebook and I now have a burner phone with little data on board.

But here’s my biggest worry about how our border policies will impact me: We are treated at the borders of other countries as we treat their citizens at our borders. Don’t be surprised when on your next trip to Singapore or Shanghai or Tokyo or Sydney you are subjected to the third degree. It’s noting personal. Just payback for how we have treated them.

This has always been true. As we treat others so shall we be treated and, right now, we are treating foreign nationals miserably at the border. It will be likewise for us. Instant karma.

by Robert McGarvey

For years I have pondered a puzzle: why do financial institutions spend so much on cybersecurity and employ wonderfully smart and talented people – but the results are not as good as one would hope.

Frequently financial institutions simply are whipped by their criminal opponents.

Just look back on how DDOS – distributed denial of service – brought innumerable institutions to their knees a few years ago.  It took months for credit unions to get it together to repel the attack.

Then look at ATM jackpotting. New account opening fraud. ATM skimming. The list could go on and on but you get the message: criminals often outwit credit unions and banks and that is despite the money spent and the talent employed.

Why don’t credit unions gain the upperhand?

Hear the related podcast with Authentic8 CEO Scott Petry here.

A new report, sponsored by cybersecurity firm Authentic8, involves a survey of 163 financial services professionals, and it tackles just that question: why do financial services firms so often fall victim to cyberattacks?

Here’s a hint at the reason: “Financial firms have some of the best-funded IT departments of any industry, that’s no secret,” said Scott Petry, CEO of Authentic8. “What’s perplexing to me, with data breaches and privacy violations at an all-time high, is how deep the divide still runs between IT, compliance and legal professionals in many firms.”

The report’s title spells out the problem: “Surprising Disconnect Over Compliance and Secure Web Use at Financial Firms.”

Keep reading at CUInsight

by Robert McGarvey

You know the hideous story of the Diamond Princess and the equally grim tale of the Westerdam, a Flying Dutchman vessel that sailed from Asian port to port trying to find a place that would let its passengers disembark. This is the worst of times for the cruise industry, with many experts saying booking are down 15% and more – and nobody is saying how many passengers have tried to cancel their reservations.

And then there is this Pollyanna moment from WHO, the World Health Organization, which wants you to know that cruising is safe. Mike Ryan, executive director of WHO’s Health Emergencies Program said in a press briefing: “People who say we should steer clear of cruise ships or steer clear of airports or steer clear of certain ethnic groups and steer clear of other things, we have to be really careful here. We need an approach to managing risk that allows us to continue to operate as a society while minimizing the risks.”

He added: “These are manageable risks and again we need to reflect on the fact that the vast majority of these cases are within China.”

I am sure the Diamond Princess passengers are relieved to hear Ryan’s assurances. Not.

Thousands of them spent two weeks in their cabins, by order of the Japanese government. The US government then flew home hundreds of them – but on arrival on US soil they are required to spend two weeks in a government mandated quarantine.

How would you like to spend a month of your life that way?

The Diamond Princess had 500+ cases of coronavirus.

I have written about cruising for maybe 20 years. I have been on many cruises. Generally I am a big fan of cruises – for some destinations a cruise is the ultimate travel modality. The Greek isles, for instance. Ditto Alaska.

Generally, too, I believe cruising on today’s modern ships is quite safe.

But I have also studied exactly how fast – and how virulently – norovirus has spread on cruise ships and this has happened often in the past 20 years. Globally, there are an estimated 685 million cases of the disease annually, with around 200,000 deaths.

Cruise ships have been particular targets. A ship is a contained environment, many thousands of people are in close quarters, and the disease spreads. As recently as this month a ship was denied docking in Gibraltar and forced to return to England where it had sailed from, after some 89 cases were diagnosed.

Here’s the deal however. Cruise ships have become adept at implementing sanitary protocols to limit the spread of norovirus. Sure, there still are epidemics on ships – but cruise lines are a lot more successful in containing the disease than they were a quarter century ago.

You can’t say similar about coronavirus. In a month, maybe, and I for one definitely hope so. But not today when our ignorance abounds.

Nobody knows how to fight coronavirus, least of all on board a cruise ship and its contained environment.

Does that mean just don’t cruise?

Here’s a more precise question: Would I do a Greek cruise today? A Pacific cruise from Singapore to Hong Kong? A Norwegian fjord cruise?

Consider that an IQ test type odd man out test question because I would in fact do two of the three, but decline the third.

Am I afraid of coronavirus? Strangely perhaps, not so much. Early indications are that this coronavirus – specifically COVID-19 – is highly infectious. But its mortality rate appears to be much smaller than, say, SARS or MERS.

What scares the heck out of me are what I do not know about the disease – and neither do the researchers. We are still hunting for best treatment modalities, cures, vaccines, and so on.

What also scares me is the Diamond Princess story. Who wants a four-week quarantine to cap off a cruise?

My advice in regard to cruising is this: avoid Asia cruises. I would not take one. Six months from now, maybe, in fact I would love to – once the coronavirus episode is resolved.

What about other destinations? It’s up to you, not me, not a WHO expert, not your travel agent. Know the risks – and thus far I know of no coronovirus cases on cruise ships in Europe, say. And make your best decision.

In times of rampant norovirus outbreaks on cruise ships I knew dozens of people who refused to cruise because of it. That was their call and they were entitled to it.

The exact same is true today. I can tell you what I will or won’t do. I will not tell you what to do.

Neither should a WHO boffin.

Welcome to Up in Smoke, Part 4 – credit unions and weed.

Buckle up. Dan Mayfield, public affairs director at LeveragePoint, a strategic communications firm in Albuquerque NM, will be our guide in this podcast to the cannabis business in New Mexico. 

Cash, public safety, and a $130 million dollar annual business take. That’s legal marijuana in New Mexico — and right now credit unions are scrambling to help serve this market.

LeveragePoint has a ringside seat and that’s because it is wholly owned by the Credit Union Association of New Mexico.

You heard that right.

That also means it’s playing a key role in setting up the CU Cannabiz show in Chicago in April and Mayfield offers more details on that in this podcast.

Up in Smoke Part 1 here, Part 2 here, Part 3 here.

Part 3 is a podcast with Paul Stull, CEO of the Credit Union Association of New Mexico.

What’s important here is that cannabis is a potentially huge market for credit unions. It has risks, sure.

But it has a grand upside.

Here all about all sides in this podcast.  It’s a fast ride.

Listen here

Like what you are hearing? Find out how you can help sponsor this podcast here. Very affordable sponsorship packages are available. Email rjmcgarvey@gmail.com

Find out more about CU2.0 and the digital transformation of credit unions here. It’s a journey every credit union needs to take. Pronto

Toke up – the CU2.0 Podcast is back with another look at cannabis and credit unions, a topic we last looked at a year ago in a two part podcast. Part 1 here, Part 2 here.

Welcome to Part 3, 2020 edition of Up in Smoke, credit union style.

Today’s guest is Paul Stull CEO of the Credit Union Association of New Mexico, which is sponsoring the Credit Union Cannabiz Conference, April 5-8 in Chicago.

What this is about is the business of banking cannabis companies, said Stull.  And he fervently believes that cannabis – so far an untouchable for the big national banks – is a prime opportunity for credit unions to build dynamic and profitable business account relationships that involve both deposits and lending.

And this is business that right now the national banks won’t take on.

About two in every three states presently has legal marijuana in some form (medical, recreational or both).

Said Stull: “Most credit unions are involved in banking marijuana money whether they know it or not.”

His argument: do this openly, consciously, charge accordingly and it’s a win win, for the credit union, also for the marijuana business.

In the podcast, Stull offers a deep dive into why cannabis banking also benefits local communities – meaning this is a solid credit union business direction.

The opportunities with cannabis for credit unions right now looks immense.

Stay tuned because in a few weeks another cannabis themed podcast will drop.

Listen here

Like what you are hearing? Find out how you can help sponsor this podcast here. Very affordable sponsorship packages are available. Email rjmcgarvey@gmail.com

Find out more about CU2.0 and the digital transformation of credit unions here. It’s a journey every credit union needs to take. Pronto

By Robert McGarvey

I am getting a question I never thought I’d be asked: Is it safe to go to a conference- from a public health perspective? Sure, we have heard concerns about terrorism and criminality that sometimes prompt attendees to question when they want to go to another conference, trade show, or similar.

Now I am hearing: Is a public conference suddenly an unsafe place because of health concerns? Note the cancellation of Mobile World…in Barcelona!

Start here: just cross off any conferences you are slotted into in China.  Very probably the organizer will cancel anyway. Panic about Chinese meetings and shows, even ones in Beijing (around 600 miles from Wuhan, the apparent epicenter of the coronavirus) and Shanghai (maybe 450 miles distant), is feverish.  Air carriers are cancelling all flights to China and the whole country – which is about the same size as the United States – is becoming a giant no-go zone.

People are also telling me they won’t go to Bangkok or Singapore for conferences.  

Asia events are easy to figure: the answer is do not go.

It’s the rest of the world where there are questions – even events at home in the US, where there have been exactly zero deaths attributed to coronavirus as of this writing.

Yet panic is rising, at a level I do not recall ever seeing in the US or Europe.  Sure, there was anxiety around SARS in 2003, an epidemic that hopscotched globally, infected perhaps 8000 and killed maybe 800.

But coronavirus – right now, today – is terrifying a lot more people.  Surgical masks are selling out globally, even though the CDC advises not wearing them and evidence is scant that they do much to prevent spread of a disease like coronavirus.  People are stampeding to try to cancel cruise bookings, an industry that has had horrific quarantines of vessels.  Airline flight crews are threatening not to fly. And entire countries are blocking entry of people arriving from China and/or Chinese passport holders.

We haven’t seen exactly that, ever, in our lifetimes (the 1918 flu pandemic is one that rivals the current disease in terms of panic but it killed maybe 50 million in a much less populous world, compared to low five figures for coronavirus deaths – and experts say flu is presently killing more than is coronavirus).  

Right now what we have is ignorance that fuels hysteria.  We just do not know that much about coronavirus, China is typically opaque and it’s not clear what to do to avoid the disease (other than – obviously – don’t go to China).  

But CDC, WHO, and other world health organizations are on this.  I am optimistic that we will soon – probably within days – know how the disease spreads, maybe even what caused it in the first place. And then the search for cures commences.

That brings us back to our central question: events and us, what to do?

The answer depends upon your optimism regarding science and coronavirus. If, like me, you think researchers will get a tentative handle on it within weeks, go ahead and commit to conferences certainly in the spring.  You may want to hold off on attending big meetings this winter – again, we know little about the disease and that dictates caution in attending large gatherings and spending time in places with recycling air such as planes.

What if we don’t know what we need to about coronavirus within, say, a month? Then you know what hit the fan – in this case, raging fear – and it will get worse, more events will be canceled, and probably we will all sit home for many, many weeks to come.  Meaning more decisions will get made for us.

My advice: make flexible reservations with the right to cancel without penalty and, no, not many actual shows will allow that – airlines and hotels do of course, for a premium price; pay it – but my guess is that events sign ups will lag for months to come and many will be welcoming walk ins through this year. It is going to be a very slow year for meetings – use it to your advantage.

Me, I am still planning – happily – on several spring meetings. Have I booked anything yet? Nope.  No need to.

Hang loose. Now is the time to do it.

Want to grow your member base? Want to target particular kinds of members?

Content is your friend, says Shondell Varcianna, a financial services veteran who nowadays focuses on providing select financial institutions with finely targeted digital content – blog posts – for distribution via the credit union website, also social media.

Her driving point: content works when it is written to meet the specific needs of a targeted group.  It can’t be all things to all people.

She especially recommends financial education content.  Millennials, for instance, want info on home buying.  Give it to them and you just may get the mortgage.

The key: have a strategy about what groups you want and what you want to sell them. The content will follow.

This is an informative podcast about a topic that usually is treated superficially. This is a deeper dive and it’s worth it because this is how to supercharge member growth.

Listen here

Like what you are hearing? Find out how you can help sponsor this podcast here. Very affordable sponsorship packages are available. Email rjmcgarvey@gmail.com

Find out more about CU2.0 and the digital transformation of credit unions here. It’s a journey every credit union needs to take. Pronto

by Robert McGarvey

Just one quotation in a Hotel Management “think” piece on hotels and tech (“HM roundtable takes look at transformative technology“) tells us all we need to know about why hotels so often fumble tech innovation and play catch up, perhaps for decades.

I give you in-room phones, in-room TVs with content to sell us, lame and unsafe hotel WiFi, unreliable room key cards, resistance to voice controls, and the list goes on and on.

Why is the question.

Mike Mueller, president of Wyndham’s Super 8 brand, pithily tells us exactly why: “Mike Mueller, president of franchised economy brand Super 8 by Wyndham, observed it’s often difficult to get buy-in from owners on new technology. ‘We have to prove out that the investment is going to have [a return on investment] before we ask somebody to make that investment. So, we spend a lot of time thinking about how do we introduce new opportunities at our hotels that guests are willing to pay more for? Because if they’re not willing to pay more for it than we shouldn’t really be doing it,’ said Mueller. “

That’s saying if we can’t monetize it we ain’t doing it.

I don’t mean to pick on Mueller. I’ve heard exactly the same from various senior hotel execs, generally off the record. Mueller is on the record so he gets the bullseye on his back. But know that he is just one of many singing the same sad song.

Here is how miserly hotels are regarding security: “Data from Statista presented to the Business Travel Association’s winter conference in London revealed food and hospitality companies had only invested an average £1,080 in internet security during 2019 – the least compared with 11 other sectors including construction and education.”

Dead last. How it did the industry get to this woeful state?

Because most hotel groups are “asset light” – meaning they manage but don’t own their properties – they must persuade the owners to spend on upgrades and owners, they say, don’t want to open their purses unless they are told the ROI. No ROI, no spend.

So it’s our fault hotel technology sucks because we won’t pony up for better. So they seem to say.

Let me ask you: are you willing to pay more for secure hotel computer technology so that your personal information is not feasted on by hackers – and hackers have been pillaging hotel data for years, including that of Wyndham’s guests?

Of course you aren’t willing to pay more because the safety and security of your data that is entrusted to a third party such as a hotel should be accepted as obligation on the part of that third party (a bank, a retailer, and of course a hotel).

Even giant Starwood suffered a breach of its guest reservations system that apparently began in 2014 and lasted at least into 2018.

And little operations too have been breached – the Trump hotels for instance suffered three breaches in as many years.

Let me ask you this: do you feel your data is safer today at a hotel than it was a half decade ago? I do not. Hotels simply do not have the appetite to aggressively spend on combating hackers – and we are the victims.

The hacks keep happening.

That’s not the only for instance. A few years ago I bluntly asked a very senior hotel executive – this was a personal conversation, not on the record – why his hotels’ wifi sucked. It was so bad I couldn’t imagine anyone using it. He agreed. But he added there was nothing that could be done because the owners were not willing to spend on upgrades.

I hear the same about the key cards that fail – not our fault, owners won’t pay for mobile door locks.

I have to wonder if part of the popularity of Airbnb with many consumers is that some of those owners are investing in 21st century technology.

The reality is that most of the tech investments I personally make don’t have a significant ROI. But they do make my life a bit easier. Do I need an Alexa or Google device in every room in my home? Nope. But they are there because I like the convenience of asking for a light to be turned on or for a weather report.

I’d like same in my hotel rooms but, no, I’m not willing to pay extra for it.

I invested in Google mesh to upgrade my home/office WiFi because I wanted the speed. Is there an ROI? Maybe, maybe not. But I sure do like the speed.

The bottomline for hoteliers is that technology nowadays is a necessity. In 1970 would a guest pay more for a room with AC? I doubt it. In 1950 maybe. In 1970, nope. He/she just wouldn’t book a room in a hot place that didn’t have it.

That’s the real message for hoteliers to smack owners with: spend on technology or lose guests. Deliver fast WiFi, strong cellular signals, mobile door locks, voice controlled lights and drapes, and all the rest of the cool stuff I have in my home.

Or I will go elsewhere for it.

I won’t pay more for it. I just won’t pay anything when it’s absent. I’ll stay elsewhere – and I believe so will increasing numbers of guests.

Upgrade or perish.