Authentication Enhancements for Online/Mobile Banking

Expanded Options for Password Resets

The new first-time user activation scheme that was introduced in the 19.10 release, which uses a one-time activation code sent via text to a phone number or to the email address already on file, is currently being used only for activating first-time users.  However, we already have on our radar the idea for eventually incorporating this method into password resets, as well as other functions in the future.

Status as of October 2021: Prototype project will be adding this functionality to email/personal info changes, described below.  Project #53119 is in development.  

Multi-factor Authentication for Email/Personal Info Changes

Also expanding on the first-time activation feature, this project would add similar capabilities for when members update personal information in It’s Me 247, including email address.  This is in response to numerous requests from CUs specifically related to P2P fraud.  The idea is to help reduce the chances of an unauthorized person changing a member’s email address and then immediately enrolling into P2P to transfer funds.

Since email addresses can be changed in many places within It’s Me 247, beyond the Personal Info Update feature, the first phase of the project is to alter how enrollments work not only bill pay and P2P enrollments, but also for eStatements, eAlerts, eNotices, and the like.  In short, members who do not have an email address, or whose email address is wrong, will NOT be able to enroll without first changing their email address.  For CUs who use the “reviewed” option to review incoming personal info change requests, this will now include email addresses as well.

Status as of October 2021: Project #52500 is awaiting availability of programming resources. 

After this project is completed, we will start a separate project to incorporate the multi-factor authentication (text/email) functionality into the personal info update process.  Again, members who don’t have an email address or text-capable phone number already on file must first contact the CU to update their email address or text-capable phone number.  This will be an optional feature credit unions can activate or not, as they wish.

Status as of October 2021: Project #53119 is in development.

Give us your feedback!

We’d love to hear from you on these projects. Use the form below to leave your comments.

Updated
October 20, 2021

2 Responses to “Authentication Enhancements for Online/Mobile Banking”

  1. Brandynn Adams

    Has CU Answers considered multi-factor authentication for transactions that are initiated through the mobile application or online banking, or even certain transaction types not initiated in person. For example a home equity loan advance over a certain dollar amount would trigger multi-factor authentication, or a wire transfer request regardless of dollar amount. This technology is becoming more common in FI’s and in various financial services and we believe that it would be a value add to CU Answers and the credit union industry as a whole.

    Reply
    • Dawn Moore

      We have been talking about it lately, yes. Auditors may be pushing for it, and the market may buzz about it, but we still know of no requirement to have multi-factor beyond what we already offer via security questions and PIB multi-layer security controls. (PIB does, for example, already allow a member to set up an additional confirmation code they must enter in order to perform certain transaction types they deem higher risk.)

      However, we do want to work on presenting a more modern sign-on experience to desktop users, and continue to talk with Daon about expanded uses for their toolset. As just one example, if someone logs in on their laptop, they could use the MACO face- or thumbprint-authentication on their phone in order for the desktop program to let them in. The technical teams have been tasked with coming up with prototypes of what they envision, and we plan to talk about the topic in this year’s Leadership Conference.

      Thanks for the feedback!

      Reply

Leave a Comment

* denotes required fields
  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Check Out the New Recipes We’re Cooking in the Kitchen!

Check Out the New Recipes We’re Cooking in the Kitchen!

Have you visited the Kitchen lately?  If not, take a look at our newest projects: Card Activity Optics Credit Card Statement Enhancements Introducing Biz Watch for ACH: ACH Controls for Business Memberships Max Earnings Sweeps for Business Members Positive Pay Cashier Services (for Inhouse Checks) RDC Enrollment via CU*BASE Summary Statements for Business Credit Cards… Read more »

Sep 29, 2020

Check Out the New Recipes We’re Cooking in the Kitchen!

Check Out the New Recipes We’re Cooking in the Kitchen!

Have you visited the Kitchen lately?  If not, take a look at our newest projects: Accounts Payable Enhancements Creating an Engine for Predictive Retailing (aka “Nostradamus”) Deposit Hold Enhancements Escrow Analysis Enhancements Expanding Screen Sizes for CU*BASE GOLD Mobile First Transaction Limits for Express Tellers Each of these recipes includes a place to provide comments,… Read more »

Jul 14, 2020

Check Out the New Recipes We’re Cooking in the Kitchen!

Check Out the New Recipes We’re Cooking in the Kitchen!

Have you visited the Kitchen lately? If not, take a look at our newest projects: Authentication Enhancements for Online/Mobile Banking Enhancements to the Credit Card Cash Back (CCCB) Feature Tracking Recoveries on Written-off Loans Each of these recipes includes a place to provide comments, suggestions, and additional feedback. Visit the Kitchen today – we’d love… Read more »

Aug 16, 2019

Visit the Kitchen Today for New Information on ACH Exception Processing Enhancements

Visit the Kitchen Today for New Information on ACH Exception Processing Enhancements

On May 9, 2019, a CU*Answers design team met to brainstorm ideas for changes to CU*BASE tools and processing routines.  Our main goal is to make it clearer to end-users how the tools work, including warnings about what to watch out for and tips for avoiding potential pitfalls. As a result of these preliminary conversations,… Read more »

May 14, 2019