Proposal Template w instructions - Standard Chartered · Straight2Bank Web into the Token shown in...
17
Strictly Private and Confidential Straight2Bank Web VASCO Token Guide - Unified November 2017
Transcript of Proposal Template w instructions - Standard Chartered · Straight2Bank Web into the Token shown in...
Strictly Private and Confidential
Straight2Bank Web VASCO Token Guide - Unified
November 2017
Strictly Private and Confidential
Table of Contents
1. Vasco security token introduction ................................................................... 2
1.1 Functions of the Token ................................................................................................................2 1.2 Security features of the Tokens...................................................................................................2 1.3 Token interface ............................................................................................................................2 1.4 Vasco token replacement ............................................................................................................3 1.5 Definitions and Acronyms ...........................................................................................................3
2. Login to Straight2Bank Web ............................................................................ 4
2.1 Activate Token .............................................................................................................................4 2.2 Login to Straight2Bank Web ........................................................................................................5 2.3 Unlock Token ..............................................................................................................................7
3. Authorise a transaction, payee / beneficiary in Straight2Bank Web .......... 10
3.1 Authorise a Transaction or Payee / Beneficiary ..................................................................... 10
4. Customer Administrator Functions ............................................................... 12
4.1 Edit and Authorise User Profile ................................................................................................ 12 4.2 Reset User with Password Locked Status .............................................................................. 13
5. Change Token Access Pin ............................................................................. 15
2
1. Vasco security token introduction
The Vasco Security Token (hereafter referred to as the Token) is a portable physical security device which will enable
you to login to Straight2Bank Web and authorise your transactions with an added layer of security without compromising
on your convenience. Note: This guide does not cover the functions of a soft token
1.1 Functions of the Token
1. To login to Straight2Bank Web (section 2)
2. To authorise transactions in Straight2Bank Web (section 3)
3. To perform customer administrator functions (section 4)
1.2 Security features of the Tokens
The Token provides multi-factor authentication based on:
Something you have (the token itself), and
Something you know (the PIN code to access the token)
Both factors help to ensure that you are authenticating or signing onto Straight2Bank Web and not an unauthorised
party. The token is also extremely portable, allowing for security anytime and anywhere.
1.3 Token interface
Description of token interface buttons
1. Token Screen: Displays messages and token responses.
2. DP 260: On / Off / Enter / Clear button: to switch on or off the token and enter PIN and security codes to
generate token response and also to clear the last entered digit.
3. DP 275: Press and hold green button for two seconds to switch on device. The backspace button in red is used to
clear the last entered digit.
Note: The token switches off automatically after 1 minute of inactivity.
3
1.4 Vasco token replacement
Each token has a battery life span of 3 to 5 years from the time of initialisation, depending on usage. When the battery is
running low, the following warning messages will be displayed on the LCD for about 2 seconds every time the user turns
on the token.
Warning Message on LCD Meaning
BATT5 4 weeks estimated battery life remaining
BATT4 3 weeks estimated battery life remaining
BATT3 2 weeks estimated battery life remaining
BATT2 1 week estimated battery life remaining
BATT1 Battery life is exhausted
When the ‘BATT2’ warning starts to flash, please fill in the Personal Identification Phrase (PIP) form (available for
download from Straight2Bank Help) and send it to your local solution delivery representative to request for a new token.
1.5 Definitions and Acronyms
No. Item Description
1. Encrypted String A secured string of characters (alphabets and letters) that is required
to activate the token for the first time.
2. One Time Password (OTP) Numeric response generated by the token and required to login into
Straight2Bank Web.
3. Personal Identification Number (PIN) Numeric personal code (set by the user) required to access the token
each time.
4. Personal Identification Phrase (PIP)
or Shared Secret
A secret phrase generated by system and sent to user which is
needed to map and activate a token. This phrase is also used to
unlock a token.
5. Token Response Numeric code generated by the token and required to authorise a
transaction in Straight2Bank Web.
6. Unlock Code A numeric code displayed on the token screen after five consecutive
wrong entries of the token PIN.
4
2. Login to Straight2Bank Web
If you have been set up to login to Straight2Bank Web using a security token, you will need to use it every time you login.
2.1 Activate Token
Step 1: You should have received your User ID and Group ID from the bank. We would have also sent the Vasco
Token security device to you.
Step 2: Go to Straight2Bank Web - https://s2b.standardchartered.com. Click on “Activate your device now’ link
Step 3: Input your User ID, Group ID and provide the serial number found on the back of your Vasco Token. Omit the
dashes and input only the numbers. Click on the Next to continue
Note: An encrypted string will be sent to the user’s registered email. This string is valid for 30 minutes
5
Step 4: An encrypted string has been sent to the email address registered with this User ID. Open your email, copy
and paste the string into the screen and click Next
.
The system will generate a ‘Vasco Response’ pin which will be displayed as shown below.
Step 5: Activate Token
1. Press the ‘ON’ button
2. Input the initial PIN (generated in Step 4) and press “Enter”. Token will prompt you to change the Pin and display
‘Change Pin’
3. Enter your new numeric security PIN and press “Enter”.. Token will display message ‘PIN CONF’
Now, please enter the ‘New Pin’ again to confirm the change.
Click ‘Proceed’ on the web screen. Your Vasco Token is now activated. You can proceed to login to Straight2Bank Web
by using One-Time Password (OTP) (see section 2.3 on how to use the token to Login to Straight2Bank Web).
2.2 Login to Straight2Bank Web
Step 1: After activating your Token (section 2.1), you can now login Straight2Bank Web.
Go to Straight2Bank Web - https://s2b.standardchartered.com
Enter your
6
User ID or Email (depends on what was used during registration)
Group ID
Click on Continue
Default Login is Password/Token OTP
Step 2: Generate the One-Time Password (OTP) using the Token:
1. Press on the ‘ON’ button
2. Token screen will display message ‘_ _ _ _ _ _ _ _’. Input your numeric personal security PIN and press “Enter”.
3. Token will display ‘APPLI _’. Press key ‘1’ (which is meant for OTP) and press “Enter”.
Token will generate the password (OTP) and display it on the token screen.
Step 3: Enter the ‘OTP’ generated by the Token onto the Straight2Bank Web screen. Click “Login” to Straight2Bank
Web Home Page.
7
2.3 Unlock Token
As an additional security feature of the token in case it got into the hands of an unauthorised person, there is a “lock
token” feature. The token will get locked upon five wrong personal Pin entries.
A locked token will constantly display ‘Unlock code’ on its screen. You can initiate this unlock token function through
Straight2Bank login page.
Step 1: Go to Straight2Bank Web - https://s2b.standardchartered.com. Click on “Need Help?” link
Step 2: Click on the Unlock Token link on Left menu.
Enter your
User ID or Email (depends on what was used during registration)
Group ID
The 2FA Serial number found on the back of the Locked Token
Click on the Next to continue
8
Note: An encrypted string will be sent to the user’s registered email. This string is valid for 30 minutes
Step 3:
Copy and paste the encrypted string from email
Provide the Lock Code that is displayed on your Token
Click Next
.
Step 4: The system will generate an Initial PIN. Take note of this number
Step 5: Use the PIN to re-activate your token as follows:
On the token (token screen will display “Unlock resp”, followed by the numeric ‘unlock code’)
9
Press the ‘ON’ button
Token display “Unlock resp”
Enter PIN as displayed on Straight2Bank Web screen
Token is unlocked
Token will prompt you to change the PIN and display “NEW PIN”
Enter your new personal numeric PIN
Token will display message “PIN CONF”
Enter the new Pin again to confirm the change of PIN
10
3. Authorise a transaction, payee / beneficiary in Straight2Bank Web
3.1 Authorise a Transaction or Payee / Beneficiary
For authorisation your operator(s) will inform you of the batch number (or payee details) that requires authorisation with
supporting documents. Alternatively you will receive an e-mail alert to log into Straight2Bank Web for authorisation if you
have subscribed to it. (Refer to the “Straight2Bank Web Approver User Guide” for more details on the authorisation
process).
Once you have clicked the “Save” button after authorising a batch or a single payment, the ‘Challenge And Response’
screen will be shown. Authorisers are able to authorise a transaction by performing the steps below:
1. Turn on the Vasco token by pressing the button shown in Figure 3.2a. Proceed to enter your personalised PIN
(setup during Token activation) and press “Enter” to activate the Token.
2. The screen will display “APPLI _” upon successful login.
3. Enter the number “2” on the token keypad for Transaction Authorisation - “APPLI 2” and press “Enter”.
4. You will be prompted to key in a set of numbers on the Token. Input the “Challenge” response from the
Straight2Bank Web into the Token shown in Figure 3.2b.
5. The Token will generate and display a new set of numbers as the “Response”. Enter this set of numbers in the
“Response” field on Straight2Bank screen and click Submit.
11
Upon successful verification, the payments batch status will be updated to either ‘Partially Signed’ status or ‘Fully
Signed’ according to your signing arrangement.
12
4. Customer Administrator Functions
If you are a customer administrator, you would need your Vasco token to create and edit user profiles as well as to reset
users with ‘locked password’ status on Straight2Bank Web.
4.1 Edit and Authorise User Profile
Step 1: After editing a user profile, click ‘Save User’ and a pop up box titled ‘User Authentication’ will appear
requesting for your Vasco OTP.
Step 2: Generate the Vasco OTP using the following steps (same process as login):
Press on the ‘ON’ button
Token screen will display message ‘_ _ _ _ _ _ _ _’
Enter your personal security PIN
Token screen will display ‘APPLI _’
Enter Button ‘1’ to select OTP generation
Token will generate the password (OTP) and display it on the token screen
Step 3: Enter the OTP in the ‘Vasco OTP’ box and click Submit
The user record will be authorised and saved.
13
4.2 Reset User with Password Locked Status
If a user enters five invalid OTP entries at login stage, its status will change from ‘Active’ to ‘Password Locked’. In order
to reset the profile for a ‘locked’ user, you as a Customer Administrator(s) need to perform the following steps:
Step 1: Login to Straight2Bank Web using your Customer Admin User ID and Vasco token OTP.
Step 2: Go to Administration > Manage Users and select the user that needs to be reset and click on the ‘Reset
User’ button.
You will be taken to the ‘Reset User Record’ screen with a pop up window requesting for the OTP (as shown below).
Step 3: Use your Vasco token to generate the OTP
Press on the ‘ON’ button
Token screen will display message ‘_ _ _ _ _ _ _ _’
Enter your numeric personal security PIN
14
Token screen will display ‘APPLI _’
Enter Button ‘1’ to select OTP generation
Token will generate the password (OTP) and display it on the token screen
Step 4: Enter the OTP in the “Vasco OTP” field in the pop-up window and click ‘Submit’ button.
The transaction will be authorised and the system will display “Reset password is successful“.
15
5. Change Token Access Pin
To change your token access PIN, perform the following steps:
Press on the ON button.
Token screen will display message ‘_ _ _ _ _ _ _ _ ‘.
Input your numeric personal security PIN.
Token screen will display ‘APPLI _’.
Now press on the “ON” button continuously for 5 seconds. Token will prompt for a ‘NEW PIN’.
Enter your new numeric PIN.
Token will display ‘PIN CONF’ now.
Repeat your new PIN again to confirm the PIN change.
Continue to access and use the token using the new PIN in order to login to Straight2Bank Web or authorise
transactions in Straight2Bank Web.
Disclaimer
This material has been prepared by Standard Chartered Bank (SCB), a firm authorised by the United Kingdom’s Prudential
Regulation Authority and regulated by the United Kingdom’s Financial Conduct Authority and Prudential Regulation Authority.
This material is not research material and does not represent the views of the SCB research department. This material has been
produced for reference and is not independent research or a research recommendation and should therefore not be relied upon
as such. It is not directed at Retail Clients in the European Economic Area as defined by Directive 2004/39/EC neither has it
been prepared in accordance with legal requirements designed to promote the independence of investment research and is not
subject to any prohibition on dealing ahead of the dissemination of investment research.
It is for information and discussion purposes only and does not constitute an invitation, recommendation or offer to subscribe for
or purchase any of the products or services mentioned or to enter into any transaction. The information herein is not intended to
be used as a general guide to investing and does not constitute investment advice or as a source of any specific investment
recommendations as it has not been prepared with regard to the specific investment objectives, financial situation or particular
needs of any particular person.
Information contained herein, which is subject to change at any time without notice, has been obtained from sources believed to
be reliable. Some of the information appearing herein may have been obtained from public sources and while SCB believes
such information to be reliable, it has not been independently verified by SCB. Any opinions or views of third parties expressed
in this material are those of the third parties identified, and not of SCB or its affiliates. While all reasonable care has been taken
in preparing this material, SCB and its affiliates make no representation or warranty as to its accuracy or completeness, and no
responsibility or liability is accepted for any errors of fact, omission or for any opinion expressed herein. SCB or its affiliates may
not have the necessary licenses to provide services or offer products in all countries or such provision of services or offering of
products may be subject to the regulatory requirements of each jurisdiction and you should check with your relationship
manager or usual contact. You are advised to exercise your own independent judgment (with the advice of your professional
advisers as necessary) with respect to the risks and consequences of any matter contained herein. SCB and its affiliates
expressly disclaim any liability and responsibility for any damage or losses you may suffer from your use of or reliance of the
information contained herein.
This material is not independent of SCB’s or its affiliates’ own trading strategies or positions. Therefore, it is possible, and you
should assume, that SCB and/or its affiliates has a material interest in one or more of the financial instruments mentioned
herein. If specific companies are mentioned in this communication, please note that SCB and/or its affiliates may at times seek
to do business with the companies covered in this material; hold a position in, or have economic exposure to, such companies;
and/or invest in the financial products issued by these companies. Further, SCB and/or its affiliates may be involved in activities
such as dealing in, holding, acting as market makers or performing financial or advisory services in relation to any of the
products referred to in this communication. Accordingly, SCB and/or its affiliates may have a conflict of interest that could affect
the objectivity of this communication.
You may wish to refer to the incorporation details of Standard Chartered PLC, Standard Chartered Bank and their subsidiaries
at http://www.standardchartered.com/en/incorporation-details.html.
This material is not for distribution to any person to which, or any jurisdiction in which, its distribution would be prohibited.
© Copyright 2016 Standard Chartered Bank. All rights reserved. All copyrights subsisting and arising out of these materials
belong to Standard Chartered Bank and may not be reproduced, distributed, amended, modified, adapted, transmitted in any
form, or translated in any way without the prior written consent of Standard Chartered Bank.
