Important Facts about Account Authentication & Online Banking
Multi-factor authentication and layered security are helping assure safe Internet transactions for banks and their customers.
Online Security is Our Top Priority
If you use online or mobile banking, you will be interested to learn that six federal financial industry regulators teamed up recently to rev up security. New supervisory guidance from the Federal Financial Institutions Examination Council (FFIEC) will help banks strengthen their vigilance and make sure that the person signing into your account is actually you. The supervisory guidance is designed to make online transactions of virtually all types safer and more secure.
Understanding the Factors
Online security begins with the authentication process, used to confirm that it is you, and not someone who has stolen your identity. Authentication generally involves one or more basic factors:
- Something the user knows (e.g. password or PIN)
- Something the user has (e.g. debit card)
- Something the user is (e.g. biometric characteristic, such as a fingerprint)
Single factor authentication uses one of these methods… multi-factor authentication uses more than one, and thus is considered a stronger fraud deterrent. When you use your ATM, for example, you are utilizing multi-factor authentication: Factor number one is something you have (your debit card), factor number two is something you know (your PIN).
To assure your continued security online, RMB&T uses both single and multi-factor authentication, as well as additional “layered security” measures when appropriate.
Layered Security for Increased Safety
Layered security is characterized by the use of different controls, at different points in a transaction process, so that a weakness in one control is generally compensated for by the strength of a different control. An example of layered security might be that you follow one process to log in (user/password), and then give additional information to authorize funds transfer.
Layered security can substantially strengthen the overall security of online transactions: protecting sensitive customer information, preventing identity theft, and reducing account takeovers and the resulting financial losses.
The purpose of these layers is to allow your bank to authenticate customers and detect and respond to suspicious activity related to initial login; then to reconfirm this authentication when further transactions involve the transfer of funds to other parties.
Internal Assessments at RMB&T
In the back office, the new supervisory guidance offers ways that banks can look for anomalies that could indicate fraud. The goal is to ensure that the level of authentication called for in a particular transaction is appropriate to the transaction’s level of risk. Accordingly, we have concluded a comprehensive risk-assessment of our current methods as recommended in the supervisory guidance.
These risk assessments consider, for example:
- Changes in the internal and external threat environment
- Changes in the customer base adopting electronic banking
- Changes in the customer functionality offered through electronic banking
- Actual incidents of security breaches, identity theft, or fraud experienced by the institution or industry
Whenever increased risk to your transaction security might warrant it, we will conduct additional verification procedures, or layers of control such as:
- Utilizing call-back (voice) verification, e-mail approval, or cell phone based identification
- Employing customer verification procedures
- Analyzing bank transactions to identity suspicious patterns
- For example, that could mean flagging a transaction in which a customer who normally pays $10,000 a month to five different vendors suddenly pays $100,000 to a completely new vendor
- Establishing dollar limits that require manual intervention to exceed a present limit
Your Protections Under Regulation E
Banks follow specific rules for electronic transactions issued by the Federal Reserve Board known as Regulation E. Under the protections provided under Regulation E, consumers can recover Internet banking losses according to how soon they are detected and are reported.
Customer Vigilance: The First Line of Defense
Of course, understanding the risks and knowing how fraudsters might trick you is a critical step in protecting yourself online. You can make your computer safer by regularly installing and updating your:
- Anti-virus software
- Anti-malware programs
- Firewalls on your computer
- Operating system patches and updates
If You Have Suspicions
If you notice suspicious activity within your account or experience suspicious events (such as a Phishing email), you can contact anyone at RMB&T and you will be quickly and courteously guided to the person responsible for handling such issues.
Phone (719) 784-6316 | Fax (719) 784-4805
Phone (719) 579-7628 | Fax (719) 579-0780