“Today’s members want the convenience of banking online, but they’re concerned about the safety of conducting transactions online.”
These sentiments of Michelle Forster, E-Commerce Manager at Educational Employees Credit Union ($1.3 billion in Fresno, CA), explain why many financial institutions are turning to Multi-Factor Authentication (MFA) to deliver what members expect: online banking that’s convenient and secure.
Educational Employees has seen great adoption of Internet services. More than 49,000 members use its PCU Internet Banking, provided by core processor USERS. The credit union averages 1.5 million inquiries and 46,000 transactions online each month. To ensure the greatest degree of security for members who rely on this channel, Educational Employees determined that stronger member authentication was needed.
“With fraud perpetrators using increasingly sophisticated techniques, we had to go beyond IDs and passwords,” Forster said.
In October, Educational Employees rolled out the MFA solution embedded in USERS’ Internet banking product. Developed collaboratively by the core processors of the Fiserv Credit Union Group, the MFA solution employs risk-based authentication technology from RSA, the Security Division of EMC (formerly PassMark).
“This solution was appealing because it has minimal impact on our members,” Forster said. “They will not have to load special software or carry a device to access their accounts. It’s simple but effective.” The credit union evaluated other approaches, such as tokens and password cards, but believed they might deter home banking use. “It was a balancing act between increasing security and preserving convenience,” Forster said. “This approach won because it doesn’t require much change to our members’ online habits.”
Educational Employees recognized that the keys to a successful implementation were two-fold: provide extensive staff training and prepare members well in advance.
In-house trainers led sessions that got staff comfortable with the new log-in process and well-equipped to answer questions. Member communications began in August and included messages across many channels, including the home banking log-in screen, newsletters, e-mails, and in-branch TV monitors. A week before the launch, members enrolled in home banking received a reminder letter with FAQs.
All home banking users must now enroll in the MFA service by first entering their ID and password. On the next screen, they choose an image (a PassMark) from a library and enter a phrase (a PassPhrase) of their choice. Last, they choose three challenge questions from a list of options provided (e.g. “your maternal grandmother’s name”) and enter the correct answer.
Once enrolled, members still log in using their ID and password. What’s different is that the MFA solution authenticates the member’s identity by verifying that the ID matches the computer used at enrollment. Members who attempt to log in using a different device (such as a home PC vs. work PC) must first answer the challenge questions correctly.
MFA also provides assurance for Educational Employees’ members. “When they log in and see their PassMark and PassPhrase, members know they’re on our legitimate home banking site,” Forster said.
Within the first week more than 65% of their home banking users had already enrolled. Only a small percentage had questions, which the credit union attributes to its intensive member communication.
“It was very important that USERS offered this service in time for us to go live before the FFIEC December 31, 2006 deadline,” said Mark Perez, Senior VP, Lending and Marketing. “Although the FFIEC guidance didn’t offer much lead time, USERS put its resources on the task and responded quickly.” Forster said the MFA feature may fuel greater adoption of an already-successful service: “For members who were hesitant before, we can market the enhanced security of our home banking.”
Multi-Factor Authentication is the newest feature of USERS’ Internet Suite, which delivers self-service home banking functionality to over 1.5 million credit union members. For more information, visit www.users.com or call 1-800-523-7282.