Secure Access Code Help
FFIEC guidelines require multiple levels of authentication for consumers using electronic banking. Our Online Banking solution is referred to as "Multifactor". This process employs the use of e-mail and/or voice delivery of a temporary access code to satisfy the requirements of a user both "knowing" and "having" the data elements necessary for authorized access to Online Banking.
Secure Access Code Delivery via Telephone:
• Secure Access Codes are never left on voice mail.
• Secure Access Codes are only used in combination with the requesting customer's user ID and Password.
• Unused Secure Access Codes expire after a designated number of minutes (default is 20 minutes).
• Used Secure Access Codes immediately expire and cannot be reused.
• If the user believes the Secure Access Code request is fraudulent, they are presented with the option to
immediately disable their online and/or voice account access.
Secure Access Code Delivery via E-mail:
• Secure Access Codes are only used in combination with the requesting customer's User ID and Password.
• Unused Secure Access Codes expire after a designated number of minutes (default is 20 minutes).
• Used Secure Access Codes immediately expire and cannot be reused.
Login Steps Utilizing Multifactor Authentication (for users that have previously logged in)
| Step | Action |
|---|---|
| 1 | Key in Login ID and Password (1st factor- something you know) and click Login
|
| 2 | Select Secure Access Code Delivery Preference |
A listing appears with the user's partial or masked contact information- the user chooses the delivery method for their secure access code (phone or e-mail)
|
|
| 3 | The voice server initiates the outbound call to the user's phone or an outbound e-mail to the user's e-mail address (the phone number or e-mail address must reside in the Bank's system as the user's Secure Access Delivery method) |
| Upon answering the phone or viewing the e-mail, the user hears/sees a generic message from the Bank indicating they have requested a temporary access code (the message does not indicate that the call/e-mail is for Online Banking, Telephone Banking, ATM, etc.- the user should be expecting the call/e-mail). | |
| 4 | Key in the Secure Access Code received by phone/e-mail (2nd factor- something you have)
|
| The Secure Access Code is valid for 20 minutes | |
| 5 | Click Continue |
Select your Browser Activation Settings: Activate this computer for later use- a logical option for a home or work computer Give me one-time access only (do not activate this computer)- a logical option when using a public PC (at a hotel, in a library, etc.)
|
|
| A secure access token is placed on the computer in the form of a "cookie"- if the cookie is deleted, this registration process must be repeated (see the "Cookie Management" tab for information on how not to delete your Online Banking cookie during your PC maintenance) |
