For business accounts, we have established the following standard Mobile Banking security controls:
CLIENT VALIDATION, VERIFICATION AND LOGIN
Before clients can use Mobile Banking, they must have an active Online Banking enrollment. If you are a client who has access to cash management functions (Approve ACH/Wire transactions), you will be required to use a hardware token.
The hardware token is a small device that fits on a key ring and generates a random security code by pressing the button on the face of the token (35 seconds display time). Security token code will be required to access the “My ACH/Wires” tab to approve pending transactions.
DUAL-FACTOR AUTHENTICATION AT LOGIN
The Online Banking environment stores login and session statistics for all Online Banking clients. This information allows us to build a pre-login and post-login profile for each client, which can then identify unusual transactions or behavior based on the client’s profile. Any activity that deviates from the client’s historical profile is scored from based on the differences in behavior, with a high score at login indicating the highest difference in behavior. Having a high score can trigger the dual-factor authentica¬tion at login as described below.
Dual factor authentication adds an extra layer of security by taking something the user knows (Access ID and passcode) and combining it with an additional form of authentication such as IP address or security challenge questions. If your score at login is high as noted above, in addition to Access ID and passcode, Clients without access to cash management functions (ACH/Wire) have the option of correctly answering two of the three security challenge questions originally selected at enrollment, or requesting a one-time use PIN to be sent to your e-mail address on file.
Clients with cash management functions that have a high score at login will be required to enter a random security code generated from the token in addition to the Access ID and passcode.
DUAL-FACTOR AUTHENTICATION FOR CLIENTS WITH CASH MANAGEMENT FUNCTIONS (APPROVE ACH/WIRE PAYMENTS)
Authorized Clients will be required to enter a random number generated from the token in the My ACH/Wires tab to access the ACH/Wire payment Approval tabs (screens).