What is multi-factor authentication?

Multi-factor authentication is used in the security industry to establish the identity of a user by requiring the user to present at least two of three identifying factors:

Knowledge Factor - something that the user knows, such as a username and password.

Possession Factor - something that the user has, such as a token or mobile device (e.g., mobile phone or tablet) that may be used to generate a one-time password.

Inherence Factor - something that the user is, such as a fingerprint or face scan, confirming the identity of the user.

By presenting these factors, the receiver of the information can have a high level of confidence that the user is, in fact, who they claim to be, because the probability that someone else would be able to present both factors is very small.

What is evolved authentication and push notifications?

Enhanced multi-factor authentication security technology enables you to authenticate your Internet banking transactions in real-time using your mobile device by simply accepting or rejecting an authentication request.

We recently replaced the one-time password (OTP) system. When you perform a high-risk Internet banking transaction, you will receive an interactive pop-up message on your banking application on your mobile device, providing details of the transaction and requesting that you click either Accept or Reject. This is called a Push notification request. If a transaction is not legitimate, you can simply reject it by clicking the Reject button displayed in the authentication request, and the transaction will not be processed, stopping the attempted fraud in its tracks. Please make sure your push notifications are enabled for your banking app. Push notifications are important because they provide you with a full overview and control of all transactions on your account.

What is biometric authentication?

Biometric authentication is a security process that relies on the unique biological characteristics of individuals to verify their identity. Biometric authentication systems compare physical traits to stored, confirmed authentication data. If both samples of the biometric data match, authentication is confirmed. The advantages of biometric authentication are its convenience and security. Since biometric authentication uses unique characteristics for verification, they are difficult to replicate. Traditional methods, such as usernames, passwords or ID cards, are not as secure because they can be stolen or guessed easily.

What is considered a high-risk transaction?

• Zelle
• Bill pay
• External transfers
• Large dollar amount transfers

Will this authentication work on my phone or tablet?

The app is compatible with all devices running iOS (iPhone and iPad), Android, and Windows Phone operating systems. There is also a version of the application that runs on most feature phones. If your phone has a color screen, a browser, and can run common applications (e.g., Mxit or Facebook), it should be able to support the authentication.

How long does it take for a message to appear?

Authentication request messages should appear on your mobile device within 5 to 10 seconds (on average) if the application is not open and has to be woken up. If the application is already open, the authentication request message should appear almost instantaneously. Traffic on the mobile network may affect the time it takes for the message to appear on your mobile phone. The quality of coverage that your mobile operator provides in your location may also impact delivery times.

 If messages consistently take too long to reach your mobile phone, please contact the Customer Xperience Center at 800-687-2265.

What should I do if I receive an authentication request message when I did not initiate the transaction?

If you receive an authentication request message for a high-risk transaction on your account that you did not initiate, you should click the Reject button to reject the transaction. This will prevent the transaction from being processed. It is also advisable to contact the Customer Xperience Center at 800-687-2265 to alert them of the situation and prevent fraudulent activity from taking place.

How do I manage my devices?

With this new way of authenticating, devices can be added to your account and identified as a trusted device. All authentication requests will then be routed to this trusted device for approval. This creates a trusted environment that increases safety and speeds up your authentication steps for future transactions.

To register a trusted device:

First time: Automatic registration takes place, which will also give you the option to enable your biometrics on your trusted device if the device has biometric capabilities.

Adding additional devices: Go to Settings > Device List > Add a New Device > follow the prompts to identify and register another device to be linked to your account. If the device has the capabilities, you will again be able to activate the biometrics if you wish to do so.

What should I do if I lose my device?

Please contact the Customer Xperience Center at 800-687-2265. We can manually remove the device in question from your trusted devices list to ensure no fraudulent activity can take place.