The financial services industry, particularly lending, thrives on trust and the secure handling of sensitive data. From borrower details and financial records to loan agreements and transaction histories, safeguarding this information is paramount for lenders. A single security breach can have devastating consequences, leading to financial losses, reputational damage, and even regulatory sanctions.

This is where the seemingly simple “Active Session Timeout” feature emerges as a critical security measure. It automatically logs out inactive users after a predetermined period, mitigating the risk of unauthorized access to sensitive information left exposed on unattended devices.

Data-Driven Reasons Why Active Session Timeout Matters:

1. Increased Security Incidents: Studies by Verizon’s 2022 Data Breach Investigations Report reveal that compromised credentials are a leading cause of data breaches, accounting for 80% of incidents. Leaving lending platform sessions open creates a prime target for attackers exploiting stolen credentials. Active Session Timeout significantly reduces this vulnerability window. Malicious actors could gain unauthorized access, potentially leading to:
   • Data Breaches: Sensitive borrower information and financial details could be compromised, leading to financial losses and reputational damage for both lenders and borrowers.
   • Fraudulent Transactions: Unauthorized users could manipulate loan applications, leading to fraudulent loan approvals and financial losses for lenders.
   • Reputational Damage: A data breach or security incident can severely damage a lender’s reputation, impacting customer trust and future business prospects. Active Session Timeout tackles this issue head-on by automatically logging out inactive users, minimizing the window of opportunity for unauthorized access.
2. Regulatory Compliance: Financial regulations worldwide, such as the General Data Protection Regulation (GDPR) in the European Union (EU) and the Gramm-Leach-Bliley Act (GLBA) in the United States, mandate robust security protocols to protect customer data. Active Session Timeout demonstrates a proactive approach to data security, aiding compliance efforts.
3. Reduced IT Burden: Manually monitoring and terminating inactive sessions can be time-consuming for IT teams. Active Session Timeout automates this process, freeing up IT resources for other important tasks.

The Benefits of Active Session Timeout for Lenders:

• Promoting Responsible Platform Usage: Accidental session abandonment happens. Users might get interrupted, forget to log out, or leave their devices unattended. Active Session Timeout encourages users to log out when finished, preventing their accounts from being left open and vulnerable.
• Reduced Security Incidents: A 2021 Ponemon Institute and IBM report found that organizations implementing session timeouts experienced a 23% reduction in the cost of data breaches.
• Enhanced Regulatory Compliance: Financial institutions are subject to a growing number of regulations that mandate robust security protocols. For example, the Federal Financial Institutions Examination Council (FFIEC) guidelines emphasize the importance of access controls and user authentication, with session timeouts as a vital security measure.
• Streamlined Security Management: Active Session Timeout automates the process of terminating inactive sessions, freeing up IT teams from manual monitoring and reducing the overall workload.
• Improved User Experience: Clear session timeout notifications keep users informed and prevent unexpected logouts while actively working on the platform.

Benefits Realized by Businesses:

Beyond the security advantages, businesses have witnessed tangible benefits from implementing Active Session Timeout:

• Reduced IT Costs: Automated session management reduces IT overhead associated with manual monitoring and intervention.
• Increased User Accountability: The feature encourages users to adopt responsible platform usage habits, fostering a culture of security awareness.
• Enhanced Brand Reputation: A proactive approach to data security fosters trust with borrowers and partners, potentially attracting new business opportunities.

Introducing Active Session Timeout on Configure

Building on our commitment to providing a secure and reliable platform, Active Session Timeout has now been integrated into Configure. This feature automatically logs out inactive users, significantly bolstering your lending platform’s security.

How It Works

1. Configurable Duration: Super Admins and Admins can set the duration of inactivity, after which sessions will be timed out. This duration can be configured in minutes, with a maximum limit of 10 minutes.
2. Default Timer: The system’s default timeout period is 10 minutes, which the Admin can adjust as needed.
3. Activity Monitoring: The system continuously monitors user activity during a session. Inactivity is the absence of user interactions within the specified timeframe the Admin sets.
4. Automatic Logout: If the configured period of inactivity is reached without user interaction, the system automatically logs the user out of their active session.
5. Reauthentication: Upon timeout, the system redirects the user to the login page, requiring re-authentication to regain access to the platform.
6. Location on Configure: To locate and activate the Active Session Timed Out feature, navigate to Setting > My Company > Other Setting tab > Session Time-out and set the desired timeout duration.

Limitation

Please note that once there is no interaction on Configure for 10 minutes (or the set duration), the user will be automatically logged out and required to log in again to continue their session.

Stay tuned for more exciting updates from the Evolve Credit team.