For Zip ? (Change)
Enhanced Login Security FAQ
Soon, we’ll be upgrading your internet banking experience with a new security service, known in the online security industry as Enhanced Multifactor Authentication, to further protect you from identity theft. Click here to view selected screenshots.
Q What is Multifactor Authentication?
A Authentication is the process which ensures that only the correct customer is granted access. Without effective authentication controls, it is possible for fraudulent users to access your account. We authenticate clients by issuing challenges that only the true client should be able to pass.
Multifactor Authentication (MFA) means two or more different types (or factors) of authentication must be passed. Using two different factors of authentication provides greater assurance that the client is the intended user. MFA is commonly used to protect transactions at ATMs, where your card is something you have, and your PIN code is something you know. Similarly, with Enhanced Multifactor Authentication your phone is something you have, and your password is something you know.
For convenience, after you successfully authenticate with your password and one-time access code, you may enroll your computer for use in authentication. If you choose to enroll your computer, a special browser cookie will be added to your system, which will serve to recognize the computer as your device.
Going forward, when logging in to personal internet banking you must either:
a.) Log in from a recognized/enrolled computer
b.) Authenticate the device by using a one-time access code sent to your phone or email address
A You will be prompted to enter your password. In addition, you will be required to provide information that enables us to send you a one-time access code. We recommend that you enroll your personal mobile phone. Enrolling a phone number that is shared with others is not recommended.
Q Why is this enhancement needed?
A Recently, the Federal Financial Institutions Examination Council (FFIEC) issued a supplement to the Authentication in an Internet Banking Environment to provide guidance to financial institutions on educating clients about existing security controls. It also advised layering security controls for maximum effectiveness. Due to the prevalence of Phishing, Keystroke Logging, and other attacks that can steal passwords and answers to Challenge Questions, we are replacing Challenge Questions with a phone delivered one-time access code. By requiring two different types of challenges, it is more difficult for an attacker to fraudulently authenticate as a client.
Q When will I know that Enhanced Multifactor Authentication is set for my accounts?
A Soon you will be prompted to sign up when you log in to your online banking session. You can enroll your computer by following the instructions and providing the information requested.
Q What about mobile banking?
A If you log in to Personal Internet Banking through our mobile website or mobile apps, you will be guided through an enrollment process similar to desktop users, where you can select to have the one-time access code sent to you via text message, an automated voice message or email.
Q How will it affect my online banking experience?
A Instead of answering a Challenge Question, you will receive a one-time access code at the number you enroll. You may have the option to enroll your computer, thus eliminating the need to have a one-time access code sent to your phone. Once you have been authenticated, the rest of your online banking experience will remain exactly the same.
Q Can I access my accounts from other computers at my home, my office or on the road?
A Yes, you can access your accounts from any computer. However, when you authenticate from a system that does not have the special browser cookie, you will instead need to authenticate using a one-time access code instead sent to your phone or email. You may enroll multiple computers, but be mindful not to enroll a computer that you don’t often use, or that is shared with people you do not know.
Q Why do I keep getting asked for a one-time access code when I login from a computer that I have already enrolled for authentication?
A This is probably happening because the special browser cookie that was placed within your browser is getting deleted. This can happen if you delete cookies from your machine. In order to keep your computer enrolled, without being asked for a one-time access code at each login, the special browser cookie that we use to identify your computer must not be removed from your browser.