This recipe outlines our high-level goals and priorities for new authentication and validation strategies for our online/mobile banking tools.

See the separate recipe about account aggregation features for online banking!

Ready Now

• MFA for making changes to email addresses and personal information – activate this now via Tool #569!
• MFA for using P2P (enrollment and transfers) – activate this now via Tool #569!
• MFA for logging in to desktop/mobile banking – activate this now via Tool #569!
• MFA for self-service password resets – activate this now via Tool #569!

Projects In the Works

MFA via Phone Call

We are working with the vendor that handles text-based communications for our text banking and MFA features, to add the ability for members to elect to receive the one-time passcode via a phone call to one of their phone numbers, as an alternative to a text message. This will work well for members who use company phone numbers (extensions are supported) as well as members who still have a landline phone or who do not prefer to receive texts.

Status: Project is in design research. 

MFA via Text/Phone for “BizLink 247”

One of the differences for our MFA feature for login is that with BizLink 247 business online banking, business employees can currently only receive their one-time passcode via an email message.  We are working on a project to expand the database so that company administrators can specify up to 2 phone numbers for each business employee, so they can opt to receive the OTP via a text message or phone call.

Status: Project is in design research. 

Device-based Technique for Online Authentication

We are in the research stages to find a way to allow CUs to offer a device-based method for authentication when members log into online banking. We have had some discussions about extending the new MemberPass^® feature for that purpose but are also looking into other avenues as well.

Status: Project is in design research. 

Updates to Online Banking Password Settings

This project updates the password settings for online banking to increase the minimum password length from 6 to 8 and to no longer allow social security number to be included in the formula for temporary passwords used for password resets/new member passwords.

Status: Development and testing are complete for project#65939 is complete.  Implementation requires coordination with other project, so a date is still TBD.

Multiple Logins for Standard Online Banking

While our BizLink 247 business online banking product already supports multiple logins per membership, for employees of business memberships, the It’s Me 247 standard online banking does not have the ability to support multiple sets of login credentials. Credit unions have long asked for ways that joint owners could also be allowed a way to login, without the primary member having to share login credentials. Over the past year the teams have been brainstorming ways to address this need, and we’re getting closer and closer to a design.

Because of the different ways that CUs use secondary names, and the general state of the secondary names databases across the network, we have already made the decision that the logins will not be based on joint owner relationships. Instead, we would allow a member to set up additional sets of credentials (username & password combinations) they could give to joint owners as they wish. We’d create a new module so the primary member can activate/deactivate these credential sets as needed. When any of these credentials are used to log in, the user will see the exact same functionality as the primary member, other than the ability to add/delete other credential sets.

Status: We continue to make progress on a technical proof-of-concept for the file and authentication changes that would be needed for the technique we’ve chosen, but do not have any ETA for a final design or development target.  Also see the Account Aggregation Features for Online Banking recipe.

Your chefs for this recipe: Dawn Moore and Brian Maurer