Presentation on theme: "MFA for Business Banking – Security Questions with Reset Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing."— Presentation transcript:
MFA for Business Banking – Security Questions with Reset Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets to you in PowerPoint format – please feel free to change to your FIs template, add scenarios, etc. – anything you need to do to customize then for your FI.
MFA for Business Banking – Security Questions with Reset Maintenance Policies Multifactor Authentication (affects entire commercial client base) Enable or disable MFA Once enabled, select the Effective Date Maintenance Policies Additional Options (affects entire commercial client base) Select if users will be able to change their own email addresses Maintenance Customer Maintenance (affects individual commercial client – these settings override the Policies settings) Enable or disabled MFA Once enabled, select the Effective Date Managing MFA on the Admin Platform Tips If an Effective Date was previously defined on the Customer Maintenance screen, then changing or adding the Effective Date on the Policies page will only override it if the date has not passed. The MFA Effective Date must be the current days date or future dated. We highly recommend that you set it 1-2 weeks out to allow all users to confirm/update their email address. Definitions Temporary Access = when a user logs into Business Banking from an unenrolled computer, after the MFA Effective Date. Security Questions with Reset = the user is challenged for temporary access with the Security Questions screen, displaying two of their five security questions. Users have the ability to reset their security questions if they feel they cannot answer them. If the user chooses to reset, the Business Banking system sends a security code via email to the user and the Security Code Challenge screen is displayed. Once a valid security code has been entered, the user will be prompted to enter new questions and answers.
MFA for Business Banking – Security Questions with Reset … But Before the Effective Date is Reached Step 1: User logs into the Customer Platform. Step 2: Next screen displays the users email address. User must either confirm that the address is correct, or if its not: change it here (if your FI allows users to change their own email address) OR contact their Company Admin and have them change it Step 3: User must set up security questions and answers. Step 4: User is taken to Business Banking. … After the Effective Date is Reached Step 1: User logs into the Customer Platform. Step 2: Next screen is the Enhanced Login Security Screen (See Quick Tip sheet for Enrolling a Computer) User Experience After MFA Enablement
MFA for Business Banking – Security Questions with Reset Enroll a Computer/Browser Step 1: After logging in, user is presented with the Enhanced Login Security screen displaying two of their security questions. Step 2: The user enters their answers, then checks the box to add extra security protection to this computer. Step 3: A success screen displays. Unenroll a Computer/Browser Step 1: Once logged in, user goes to Administration Login Credentials Unenroll Computers Step 2: On the Unenroll Computers screen, user selects either the first option (to unenroll this computer) or the second option (to unenroll all computers). Step 3: MFA removes the cookie from the users browser. Enroll or Unenroll a Computer Tips – Enroll a Computer Users can enroll as many computers and browsers as they wish. Once a user enrolls one computer, the user is now enrolled in MFA. Once a computer/browser is enrolled, the user will see nothing different at future logins to Business Banking from that computer using that browser. A user should only enroll a computer that is non-public and that they will use regularly to access Business Banking. Tips – Unenroll a Computer The user is still enrolled in MFA! So if they log in again from this or any unenrolled computer, they will not be allowed into their Business Banking session until they provide the challenge data (see Temporary Access tip sheet). User should only select this option if they are not going to be using this computer for Business Banking again. This Unenroll Computers feature will only display if the financial institution has enabled MFA for the company and the MFA Effective Date defined has been reached.
MFA for Business Banking – Security Questions with Reset Step 1: Enrolled user logs into Business Banking from an unenrolled computer or browser. Step 2: System displays 2 of the 5 security questions. Step 3: User answers questions (they can also enroll this computer now) and is taken to Business Banking. OR Step 3: User feels they cannot answers questions, so clicks on Reset Questions. Step 4: System sends user a security code via email. Step 5: System displays a screen telling user to retrieve their code. Step 6: User enters their code on the screen and clicks continue. Step 7: User has the option to enroll this computer in MFA. Step 8: User must set up security questions and answers again. Step 9: User is taken to Business Banking. Temporary Access
MFA for Business Banking – Security Questions with Reset Temporary Access Tips A user will only be challenged if they are an enrolled user, but are using an unenrolled computer (at the library, at a friends house, etc.) If a user wants to enroll the computer they are currently using, they can check the box to add enhanced security to this computer before continuing. Security codes expire after 30 minutes. If the MFA system sent the user a code less than 30 minutes ago and the code was not used, it will not automatically send a new one when the user tries to log in this time. If the user wasnt able to retrieve that security code and wants a new one, there is a Request a New Security Code link. If the user enters the wrong code, an error message displays. The user can try again. This counts as a bad login attempt. Once a user successfully enters a security code and is able to login, that code becomes invalid. If the user cannot retrieve their code, they should contact their company administrator. The administrator can change the users email address to one where the user can retrieve the code. There is the possibility of the security code email being routed to a users junk mail folder. Users who do not get the security code should check that folder. The answers to the security questions are not retained by the system, so a user can set up the same questions with the same answers again, if they desire.
MFA for Business Banking – Security Questions with Reset Reporting on MFA is accomplished using the following Transaction Types: Existing Transaction Types with MFA information: 1.Bad login 2.Usermaint modified MFA-Specific Transaction Types: 1.Unenroll computer 2.All computers unenrolled 3.New security code sent 4.One time security code entered 5.Computer enrolled 6.Login authenticated 7.User challenged 8.User computers unenrolled 9.Login credentials reset 10.Email address confirmed 11.Changed email address 12.Questions created 13.Questions requested 14.Questions changed 15.Questions answered MFA Reporting Tips Customer Platform = Administration Activity Reporting, FI Admin Platform = Billing & Reporting Customer Activity Reporting See transaction type details in the users guide.