Overview of Advanced Login Authentication (ALA)

Similar documents
Our FAQ s will help you find answers to many basic Online Banking questions. Choose a category below:

Business Banking Customer Login Experience for Enhanced Login Security

Security Upgrade FAQs

Enhanced Login Security Frequently Asked Questions

Knowledge based authentication (KBA)

Multi-Factor Authentication Reference Guide

Premium Digital Voice Solution. User Guide

Business ebanking - User Sign On & Set Up

SINGLE NUMBER SERVICE - MY SERVICES MANAGEMENT

AT&T Voice DNA User Guide

Enhanced Security for Online Banking

Personalizing Your Individual Phone Line Setup For assistance, please call ext. 102.

Step 1. Step 2. Open your browser and go to and you will be presented a logon screen show below.

Frequently Asked Questions

XO Hosted PBX. XO Hosted PBX. MyPhone Portal User Guide. Document version: Issue date: 17 May 2013

Two Factor Authentication - USER GUIDE

How Do I Log Into Mobile Banking?

Registering at the Secur site

Find Me Call Forwarding

Digital Voice Services User Guide

Using your Encrypted BlackBerry

MealTime Online Frequently Asked Questions

ACCESSING SINGLE NUMBER SERVICE FROM THE WEB PORTAL (FOR PHONE ADMINISTRATION SEE PAGE 6)

Cisco WebEx Web Conferencing, provided by InterCall Audio Controls User Guide

Clear Choice Communications. Digital Voice Services User Guide

MCU Online and MFA (Multi Factor Authentication)

Digital Voice Services Residential User Guide

Two Factor Authentication. Software Version (SV) 1.0

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

Two Factor Authentication (TFA; 2FA) is a security process in which two methods of authentication are used to verify who you are.

SchoolMessenger for iphone

A. I do not have my own personal certificate I am a new client or want to download a new certificate

Text (SMS) Banking. Access your accounts from any text-enabled mobile phone to view balances and transaction history.

Enswitch Administrator Guide

CenturyLink Smart IP Hosted Voice and Data Administrator Guide Document ID VPM October 1, 2009

Security Upgrade FAQs

Frequently Asked Questions Ag Banking Online

Cash Management 5.0 User Guide

Digital Telephone User Guide

Instructions For Opening UHA Encrypted

Shaw Business. Auto-Attendant User Guide

Virtual Code Authentication User s Guide. June 25, 2015

Provider OnLine. Log-In Guide

Feature Reference. Features: Call Forwarding Call Waiting Conference Calling Outbound Caller ID Block Last Call Return Voic

Redstone Federal Credit Union Answers to Frequently Asked Questions Online Banking

Online Tools. CommPortal. Go to User Name: Your 10-digit telephone number (no dashes) Password: Your voice mail password

M&T Web InfoPLU$ GETTING STARTED GUIDE

Online Tools. CommPortal. Go to User Name: Your 10-digit telephone number (no dashes) Password: Your voice mail password

Secure File Transfer Help Guide

Hands-on MESH Network Exercise Workbook

Managing policies. Chapter 7

U.S. Bank Secure Mail

Password: Your voice mail password

Multi-Factor Authentication FAQs

3CX PBX v12.5. SIP Trunking using the Optimum Business Sip Trunk Adaptor and the 3CX PBX v12.5

RSA SecurID TOKEN User Guide for Initial Setup and Use Secure Access to Andes Petroleum from Internet

Getting Started. Getting Started with Time Warner Cable Business Class. Voice Manager. A Guide for Administrators and Users

Multi-factor Authentication Security Enhancement

Setting up your 32GB District ipad

How to pull content from the PMP into Core Publisher

ODOT Surveyor s Conference

ADMINISTRATOR GUIDE Call Queuing Administrator Guide V x8 Call Queuing. Administrator Guide. Version 2.0 February 2011

Mobile Banking Questions and Answers

Login. 1. Enter your User ID into the User ID text box using the keyboard. 2. Use the Tab or Enter key to move to the PIN text box.

Contents. Note: Feature commands and/or functionality may vary dependent on the telephone equipment you choose to use with this product.

Avaya IP Office Platform Web Self Administration

VoIP Ceiling Speaker with Allworx 6x Server Setup Guide

Adding Signer Authentication to an Envelope

IP PBX. SD Card Slot. FXO Ports. PBX WAN port. FXO Ports LED, RED means online

Creating a Google Voice Account:

A Guide to using egas Lead Applicant

WTC Communications Hosted PBX User Guide

MCBDirect Corporate Logging on using a Soft Token

The Customer Portal will allow you to administrate your Arch system via the Internet. From the portal you can:

New Online Banking Guide for FIRST time Login

Please let us know if you need anything. Our customer service number is We re always happy to help.

Hosted Voice Product Training Automatic Call Distributor (ACD)

Installation Guide. Before We Begin: Please verify your practice management system is compatible with Dental Collect Enterprise.

iii. You will not be able to access their iocbc account without a valid OTP token from 1 Nov 2012 onward.

SYSTEM LOGIN/PASSWORD SUPPORT

Voice Portal and Auto Attendant ADMIN GUIDE

Can I transfer money to accounts I have at other Financial Institutions through Mobile Banking? No, we don t currently offer this service.

Frequently Asked Questions (FAQ)

SJC Password Self-Service System FAQ 2012

Big Sandy Res Premium Hosted VoIP Solution. Product Feature Guide

WTC Online VoIP Phone Settings (WEB)

These Frequently Asked Questions include information about both the Remote Identity Proofing (RIDP) and

Quick Start Guide v1.0

USER-FAQ (2FA) Q. What are the key features of Fraud Management Solution (Baroda isecure)?

Electronic Fraud Awareness Advisory

1. Go to Click on Returning Users Sign in Here. 2. Click on forgot id. IowaGrants How to Register

vsuite Home Phone Feature Reference

Hosted VoIP Phone System. Admin Portal User Guide for. Call Center Administration

One-Time Password Contingency Access Process

Transcription:

Overview of Advanced Login Authentication (ALA) In the previous login procedure, authentication requires a valid user ID plus two additional components (your password and the security question). Advanced Login Authentication provides additional layer of security. Advanced Login Authentication uses the phone channel to obtain a one-time passcode to confirm authentication. The solution offers both SMS Text and Voice Interaction. In our experience the majority of the customers choose Voice Interaction. To start the process, the user is presented with a list of the phone numbers on record in MyOnlineBanking. Up to six telephone numbers are supported and can include domestic, international and extensions. Note: The phone number field in OLB is required for all new users. Current MyOnlineBanking customer s users can be prompted to update their phone numbers or contact our CPC department to update the phone number(s) on your behalf. The One-Time Security Code screens appear as a model dialogue over the Login Screens. The first box looks like this: You can choose any number listed to receive the voice interaction. Voice interaction works well on Mobile Devices as well as Land Lines. There are no restrictions in the Voice Phone network that would prevent a call from going to any device. If you decide to select to get an SMS Text, enter in the phone number where they want the SMS message to go to send the SMS Text (Mobile Carrier Requirement). MyOnlineBanking will verify the number matches one of the numbers already listed for the customer. If it does OLB will send the SMS Text to the number the customer entered. Note: Currently SMS text authentication method is currently not available, please continue to use the Voice authentication method until we have resolved the issue. Page 1 of 10

Advanced Login Authentication workflow screens AUTHENTICATION WORKFLOW If you select the Voice Interaction, the workflow goes like this: Select a phone number for the list of number and clicks continue. The phone rings and the automated voice identify the call as coming from your bank and ask them to key or speak the number on the screen into the phone. The screen looks like this: After the number is entered or spoken correctly, they click phone call completed and are put back on the password page. (Or alternatively the token passcode page if using Advanced Login Authentication with Tokens at login). Page 2 of 10

The SMS Text Message Interaction looks like this: Note: Currently SMS text authentication method is currently not available, please continue to use the Voice authentication method until we have resolved the issue. Select send a text message and clicks continue. Key in your Mobile Phone Number on this screen. You have to key in the number to opt-in to receive the text message. We check the number against the numbers on file. If the number entered does NOT match a number on file, we will not send the message. Page 3 of 10

When you click send text message AND the numbers match, we send the message with the code. This screen appears for the code entry: Once the code is entered, submitted and checked against the code sent, the customer will proceed to the password page. (Or alternatively the token passcode page if using Advanced Login Authentication with Tokens at login) Page 4 of 10

FREQUENTLY ASKED QUESTIONS Q: I will be traveling for an extended period outside Guam. For example, I will be in parts of Asia and I will be bringing my laptop with me. If I log in from my laptop in while being in the Asian region, will the step-up be needed? A: Step-up is triggered based on Device profiling which doesn t trigger differently if user is log in from outside of the US. The device ID is analyzed the same way within the US or outside of the US. Also, there are no restrictions in making Advanced Login Authentication calls internationally. If the user has already defined their cell phone in MyOnlineBanking and it is enabled for international service, it will work fine. Q. If I do not pass the Advanced Login Authentication, or the second authentication step, what happens? Is the account locked/frozen? A: The User ID is not locked or frozen if the customer does not pass Advanced Login Authentication. The customer is open to try again. The Advanced Login Authentication events and results are reported to you in Web Admin for your review. Q. How much time do I have to complete the step-up process? A: Once Device ID indicates that the user needs to be stepped-up and user is redirected to the Advanced Login Authentication page, the user has 5 min to complete. If user doesn t validate the one-time passcode within the 5 min and is still logged in OLB, the system will redirect user automatically to login page. The 5 min countdown starts after user enters their user ID and OLB validates it. Q: If I have a foreign phone number, how does Advanced Login Authentication handle the foreign phone numbers? A: In MyOnlineBanking, contact the CPC center to have your foreign number entered into your account settings. Q: If I am required to use Advanced Login Authentication for sign in and required to use during forgot password process, will I be presented with Advanced Login Authentication in both instances if they login and forgot their password? A: Yes - they could be prompted for Advanced Login Authentication in both instances in what looks like a single session. This protects from Man-in-the-Browser. Q: Why did I have to go through the additional authentication process? A: Because the Device Profiling looks at many factors together, as well as a system cookie and a Flash Object from a prior session, there are some instances where changes to a combination of factors would trigger a risk score that requires additional authentication. Examples Include: Page 5 of 10

Clearing Cookies + a Browser Setting Change Many devices used by a single user in a short period of time Multiple people using the same device can trigger a risk profile A Browser Update, Cleared Flash Object, Dates Out-of-Synch These situations are difficult to pinpoint and difficult to explain but essential to appropriate assessment of risk. Q: If I login from a Public PC and the Device fingerprint is recorded or registered doesn t this put me at risk? A: Yes, we suggested that you should enable your PC firewalls and keep your virus detection definitions up to date. Try to avoid logging on from a PC if you are unsure if the virus protection and firewalls are in place. The FFIEC has publically recommended: Consumers should not log in to Online Banking from Public Computers or using Public Wi-Fi access. Do not log onto any PC where you do not have control over the Security Controls, such as firewalls and virus protection, they are at risk. Public PCs can have malware that records any information you enter. For this reason we strongly recommend they do not use Public PCs for online banking. Q: Why am I not asked to register my Device? Or why are Devices Profiles always recorded? A: The new system keeps constant surveillance on the Device IDs entering into MyOnlineBanking for Login. The Device ID extends beyond a simple registered or marked device to include a review of the origin of the login and the network path. We look for anomalies in behavior or risk patterns to indicate when further authentication is needed to allow login. The correlation between the User ID and the Device ID is only one component of the review. Since we are not tracking devices so much as reviewing the device configuration of each login event that is presented, the security is significantly improved. Rather than registering their PC, the system is reviewing each unique login for any security risk. This approach works behind the scenes to protect each online banking session. This provides increased security for every login. Q: If I enter an SMS number that is not listed, what message or screen will I see telling me the mobile phone not valid or to contact CPC? A: The screen and the message look like this: Page 6 of 10

Q: If none of the phone number listed is current, and I try to send a text message, what kind of response will I get? A: The screen looks like this: Q: If there is no phone number listed in MyOnlineBanking, what kind of message will I see? Is it just blank with the radio buttons or will any message be presented? A: The screen looks like this: Page 7 of 10

Q: The SMS Terms state that the customer can reply STOP to the message if they don t understand why they got the message. What happens when I type STOP? A: The STOP messages go to the origin of the test message. It s a complicated process, but generally the Mobile Carriers will only accept messages from a Short Code that is certified for the program and they require that the Short Code support STOP messages. So for Advanced Login Authentication SMS Text messages, we have a single Short Code from the vendor that manages this aspect of the Authentication Solution. So the response message is generic to the Short Code and the Advanced Login Authentication Vendor. Bottom line, we do not have the ability to brand the STOP response message by bank. Q: If the customer types STOP, will they be prevented from using SMS Text for Advanced Login Authentication in the future? A: The Advanced Login Authentication SMS Text message program is essentially a one-time opt-in. So when the customer enters in their phone number to send the SMS Text message they are giving us permission to send the message. This overrides any previous STOP message response. Q: Do we have the option of sending customer the One-Time-Passcode in email A: Email is not used in Advanced Login Authentication. Because email is received on the PC and accessed through the browser on the PC it is not another channel and can be compromised by malware. Q: What if I select SMS Text and I do not receive the Text Message with the One-Time- Passcode? A: Since the SMS message carrier network is not as well developed as the voice phone network, there may be gaps in service caused by smaller carriers that do not participate in the full network. There can also be delays in message delivery across any area of the network. Q: Why do we need to post the SMS Terms of Use? A: The language in the SMS Terms of Use is required by the Mobile Carriers to send the SMS message over their network to the customers. We agreed to post these Terms to get permission to send SMS message to the customer on their Mobile Network. As explained by the Mobile Carriers the issue is in the fact that they sometimes charge per message fees AND they are trying to prevent junk or spam messages from becoming an issue. Q: You mentioned that I would not be locked out if I failed authentication and would be allowed to retry. The documentation states with Advanced Login Authentication, The customer has three attempts to enter the security code correctly. What happens after the 3 rd attempt? Also, who does this align with the ability to retry? A: If the customer enters the security code wrong three times, the system will end the Advanced Login Page 8 of 10

Authentication session this prevents a fraudulent user from attempting to guess the one-time pass code. This does not have an impact on the customer s future attempts to use Advanced Login Authentication. If a customer fails to complete Advanced Login Authentication for any reason can t get the code right, didn t answer the phone etc., they can return and try again. There are no restrictions. Q: How can a BankPacific customer with incorrect information (phone numbers) on file when they fail step-up authentication? A: If the customer does not have accurate phone numbers on file and cannot login, you will need to update them. You will need to contact our CPC department to update your records. If the customer can login to MyOnlineBanking, they can also update their phone numbers there if your financial institution has enabled the display of Phone Number on the Manage Contact Information. Q: We are unclear of how SMS works in this solution. A: SMS comes into play when a user selects Text message on the screen. The next screen will provide a field for the user to input their mobile phone number. That will be validated against those on record in MyOnlineBanking. Assuming it is one on file ; a text message will be sent to that phone with a code. The user will enter the code provided in the text message into the OLB screen. Q: A customer using a dial-up connection will not be able to simultaneously take a phone call on that phone. How will they complete the Advanced Login Authentication process? A: In the rare cases where a customer is using a land line dial-up connection to access MyOnlineBanking, they would need to have a cell phone available to complete the Advanced Login Authentication process. Q: My company has a touch tone dialing system and once the main line is called the caller (or in the case of Advanced Login Authentication, the automated system) is prompted to enter the extension of the user you are trying to call. A: OLB supports automated calls to extensions that do not support direct dialing. Calls Answered by a Live Operator With Extensions To address scenarios where a live operator answers the main number, OLB begins calls to telephone numbers with extensions with the following message, which begins once a voice is detected on the line: Hello. Please transfer this call to extension <spoken extension digits>. Page 9 of 10

This message is followed by the DTMF tones for the extension the customer entered in OLB. Customers do not have to confirm the extension. The company s operator would transfer the call at this point. Once the calling system detects a voice after the DTMF tones, the Advanced Login Authentication Sign On affirmation message begins to play. Calls Answered by an Automated System When an automated system, sometimes called an auto-attendant, answer the main number, more time might be needed before the extension can be accepted by the phone system. In that instance, the Advanced Login Authentication may never reach the recipient. As a work-around, we suggest you use a mobile number or another number that supports direct dialing. Q: My Company has a receptionist and the receptionist answers. Can they transfer the call to the person or does the receptionist immediately get prompted to enter the code? A: Customers who use a live operator without extensions are not supported. In this scenario, an operator answers calls and will be prompted to enter the code. We recommend that these companies have their users enter a direct dial or cell phone number in MyOnlineBanking for use with Advanced Login Authentication. Q: What if the business with the receptionist not supporting extensions is also in a building that blocks the use of cell phones and no direct dial phones are provided? A: If a direct dial or a cell phone option is not feasible, perhaps the receptionist could help coordinate the login activity until the device profile is recognized for the User ID. Q: What is the standard SMS text message for the One-Time Code look like? A: The message is confined to 160 characters and includes text required by the carriers. The standard message says: BankPacific Message. The one-time code is [PIN]. Please enter and submit it online. Msg & Data rates may apply/stop if unexpected/help for support. Page 10 of 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information