One of the more common questions we get from our credit union website clients is “how can we put secure forms on our website?”
Credit unions can be far more efficient if they replace paper forms and processes with online forms. And of course, no-contact member service is a lot safer all around if you don’t have to pass around slices of dead trees.
Forms are also a great way to make your website more interactive by enabling easier two-way communication from your members.
Some ways credit unions use secure forms
- “Quick” loan apps – asking just a few questions to get the ball rolling is a great way to generate hot leads for followup without forcing the member to fill out a long loan app.
- Member contact or question form. These need to be secure, because no matter how much you warn people, they often include things like account numbers in online contact forms.
- Overdraft protection opt-in/opt-out
- Polls and surveys
- Collect member feedback
- Collect testimonials and member stories
- Sign up for Skip Pay
- Scholarship application
- Seminar or Annual Meeting sign-up
- Account “switch kit”
- Any process or form that’s normally on a piece of paper
Separate for the best security
Of course, there are lots of great form plugins for the platform we use to build credit union websites, WordPress. Plugins are convenient, but they store the data within your website. The problem with this is that forms often need to collect sensitive personal data like account number or SSN.
The credit union websites we build are extremely secure, but it’s always better as a policy to keep member data entirely separate from your website. This helps make your website less of a target and it helps ensure that the data is only available to the appropriate people and always handled via the appropriate systems.
How do you choose a secure forms provider?
Most of the major providers have fantastic tools and interfaces, and make it very easy to build forms and manage the data. There are three main differences we focus on:
1) Available HIPAA and/or PCI compliance
Of course, you’re not collecting health data on a CU website that would require HIPAA compliance, and it’s unlikely you’d need to collect credit card data that calls for PCI. But compliance with these rigorous standards indicates that they operate with an appropriate level of security for sensitive personal data.
2) Based in the United States
There are some excellent secure online forms providers based in other countries, but if you’re in the US, overall it’s best to stick to a provider following the same regulations and that can offer support in English and near your time zone.
3) Available encryption and access control
Your data should only be stored in an encrypted format and there should be user controls to ensure that only people who need access can see the data.
Access control also allows you to collaborate more easily with web developers like iDiz Inc. We often build forms for our clients, then have the client restrict access to the form data so there’s never any question of who has access.
Recommendations for secure form providers
Of course, there are other online forms providers that meet these criteria. There are even a few firms that offer similar services specifically for credit unions, as part of a larger suite of services, or even integrated into your transaction systems.
Feature-for-feature, they’re pretty equivalent, but there are a few differences. If there’s some specific feature or integration that might be important to you, make sure you check their support pages for details.
Both Cognito and Formstack give you a wide array of tools for easily creating forms and collecting and managing data. They offer excellent bot protection and data encryption and you can control access to form data to make collaboration easier. With both, it’s easy to embed forms onto your website by simply pasting in a piece of HTML code, and you can style your forms to blend in seamlessly with your website.
Both also offer a wide array of available integrations with other services, such as email providers, CRMs, marketing automation, document management, and so forth.
And of course, both offer HIPAA/PCI compliance, and are US-based. Cognito is based in Columbia, South Carolina, and Formstack is in Indianapolis. Neither offers telephone support, but the help files and online support are excellent.
At the minimum levels a credit union website would require, both are reasonably priced and offer discounts for paying annually – however, Cognito at $24/month for “Team” level is significantly cheaper than Formstack‘s $99/month for “Gold”.
We usually recommend that the credit union signs up for the form account as the account owners. That way, ownership and access to the data is never in question, and they can always add outside resources like iDiz as users to help build and embed the forms.
Once you get a little practice with creating secure forms, you’ll think of lots of different ways to use them on your credit union website!
- GoodiDiz Podcast: Financial inclusion and de novo credit unions with Denise Wymore - September 14, 2021
- Learn to love your haters - September 14, 2021
- The best websites are never done - August 27, 2021