MFA for Business Banking – Security Questions with Reset Multifactor Authentication: Quick Tip...
7
MFA for Business Banking – Security Questions with Reset Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets to you in PowerPoint format – please feel free to change to your FI’s template, add scenarios, etc. – anything you need to do to customize then for your FI.
-
Upload
hunter-powers -
Category
Documents
-
view
217 -
download
4
Transcript of MFA for Business Banking – Security Questions with Reset Multifactor Authentication: Quick Tip...
MFA for Business Banking – Security Questions with Reset
Multifactor Authentication:Quick Tip Sheets
Note to Financial Institutions:
We are providing these QT sheets to you in PowerPoint format – please feel free to change to your FI’s template, add scenarios, etc. – anything you need to do to customize then for your FI.
MFA for Business Banking – Security Questions with Reset
Maintenance Policies Multifactor Authentication (affects entire commercial client base)
Enable or disable MFA
Once enabled, select the Effective Date
Maintenance Policies Additional Options (affects entire commercial client base)
Select if users will be able to change their own email addresses
Maintenance Customer Maintenance (affects individual commercial client – these settings override the Policies settings)
Enable or disabled MFA
Once enabled, select the Effective Date
Managing MFA on the Admin Platform
Tips If an Effective Date was previously defined on the Customer
Maintenance screen, then changing or adding the Effective Date on the Policies page will only override it if the date has not passed.
The MFA Effective Date must be the current day’s date or future dated. We highly recommend that you set it 1-2 weeks out to allow all users to confirm/update their email address.
Definitions “Temporary Access” = when a user logs into Business Banking from an
unenrolled computer, after the MFA Effective Date. “Security Questions with Reset” = the user is challenged for temporary
access with the Security Questions screen, displaying two of their five security questions. Users have the ability to reset their security questions if they feel they cannot answer them. If the user chooses to reset, the Business Banking system sends a security code via email to the user and the Security Code Challenge screen is displayed. Once a valid security code has been entered, the user will be prompted to enter new questions and answers.
MFA for Business Banking – Security Questions with Reset
… But Before the Effective Date is Reached
Step 1: User logs into the Customer Platform.
Step 2: Next screen displays the user’s email address. User must either confirm that the address is correct, or if it’s not:
change it here (if your FI allows users to change their own email address) OR
contact their Company Admin and have them change it
Step 3: User must set up security questions and answers.
Step 4: User is taken to Business Banking.
… After the Effective Date is Reached
Step 1: User logs into the Customer Platform.
Step 2: Next screen is the Enhanced Login Security Screen (See Quick Tip sheet for Enrolling a Computer)
User Experience After MFA Enablement
MFA for Business Banking – Security Questions with Reset
Enroll a Computer/Browser
Step 1: After logging in, user is presented with the Enhanced Login Security screen displaying two of their security questions.
Step 2: The user enters their answers, then checks the box to add extra security protection to this computer.
Step 3: A success screen displays.
Unenroll a Computer/Browser
Step 1: Once logged in, user goes to Administration Login Credentials Unenroll Computers
Step 2: On the Unenroll Computers screen, user selects either the first option (to unenroll this computer) or the second option (to unenroll all computers).
Step 3: MFA removes the cookie from the user’s browser.
Enroll or Unenroll a Computer
Tips – Enroll a Computer Users can enroll as many computers and browsers as they wish. Once a user enrolls one computer, the user is now enrolled in MFA. Once a computer/browser is enrolled, the user will see nothing different
at future logins to Business Banking from that computer using that browser.
A user should only enroll a computer that is non-public and that they will use regularly to access Business Banking.
Tips – Unenroll a Computer The user is still enrolled in MFA! So if they log in again from this or any
unenrolled computer, they will not be allowed into their Business Banking session until they provide the challenge data (see Temporary Access tip sheet).
User should only select this option if they are not going to be using this computer for Business Banking again.
This ‘Unenroll Computers’ feature will only display if the financial institution has enabled MFA for the company and the ‘MFA Effective Date’ defined has been reached.
MFA for Business Banking – Security Questions with Reset
Step 1: Enrolled user logs into Business Banking from an unenrolled computer or browser.
Step 2: System displays 2 of the 5 security questions.Step 3: User answers questions (they can also enroll this
computer now) and is taken to Business Banking.ORStep 3: User feels they cannot answers questions, so clicks on
“Reset Questions”.Step 4: System sends user a security code via email.Step 5: System displays a screen telling user to retrieve their
code.Step 6: User enters their code on the screen and clicks
continue.Step 7: User has the option to enroll this computer in MFA.Step 8: User must set up security questions and answers again.Step 9: User is taken to Business Banking.
Temporary Access
MFA for Business Banking – Security Questions with Reset
Temporary Access
Tips A user will only be challenged if they are an enrolled user, but are
using an unenrolled computer (at the library, at a friend’s house, etc.) If a user wants to enroll the computer they are currently using, they
can check the box to add enhanced security to this computer before continuing.
Security codes expire after 30 minutes. If the MFA system sent the user a code less than 30 minutes ago and
the code was not used, it will not automatically send a new one when the user tries to log in this time.
If the user wasn’t able to retrieve that security code and wants a new one, there is a Request a New Security Code link.
If the user enters the wrong code, an error message displays. The user can try again. This counts as a bad login attempt.
Once a user successfully enters a security code and is able to login, that code becomes invalid.
If the user cannot retrieve their code, they should contact their company administrator. The administrator can change the user’s email address to one where the user can retrieve the code.
There is the possibility of the security code email being routed to a user’s junk mail folder. Users who do not get the security code should check that folder.
The answers to the security questions are not retained by the system, so a user can set up the same questions with the same answers again, if they desire.
MFA for Business Banking – Security Questions with Reset
Reporting on MFA is accomplished using the following Transaction Types:
Existing Transaction Types with MFA information:1. Bad login2. Usermaint modified
MFA-Specific Transaction Types:1. Unenroll computer2. All computers unenrolled3. New security code sent4. One time security code entered5. Computer enrolled6. Login authenticated7. User challenged8. User computers unenrolled9. Login credentials reset10. Email address confirmed11. Changed email address12. Questions created13. Questions requested14. Questions changed15. Questions answered
MFA Reporting
Tips Customer Platform = Administration Activity Reporting, FI Admin Platform = Billing & Reporting Customer Activity Reporting See transaction type details in the user’s guide.
