Multi-Factor Authentication Foils Cyber-thugs

We sometimes get complaints from members who are frustrated with the set-up and maintenance of security for their online account access.  Here are some reasons not to loathe the security questions, site keys and other safety measures in place online:

Six federal regulators governing the financial sector have combined forces to strengthen the online security of your accounts.  Together, they make up the Federal Financial Institutions Examination Council (FFIEC).  The guidelines they set forth are designed to help financial institutions like PFCU make sure the individual attempting to access your accounts electronically is actually you. 

The First Line of Defense

If you aren’t used to strong online security, it can feel a bit like jumping through a series of virtual hoops.  Keep in mind, the “hoops” are meant to be easy for you to navigate, but difficult, if not impossible, for anyone who may have tried to steal your identity to breach.  

First, there is the authentication process.  One or more of the following are used to authenticate you:

            -Something you have (ATM/Debit Card)

            -Something you know (Password, PIN, or Personal Identification Number, site key)

            -Something you are (biometric device, etc.)

The more factors are included, the stronger the defense of your accounts.  That is why PFCU combines several factors to protect you.  We include a site key, for example, which is an image specific to you accompanied by a phrase you create, which let’s you know you are at our site.  If you log in and don’t see your site key, escape right away, try to enter through our website and, if you still don’t see it, contact us promptly. 


To maximize security, the “hoops” are utilized at different points in the transaction process so that someone who may be able to overcome one obstacle may be tripped up by another.  For example, after completing one transaction, it may be necessary to re-enter a PIN or answer a security question before the next transaction.  The layers of security can help us identify suspicious activity.  They can also limit exposure to losses should someone gain unauthorized access to one transaction.  Setting up the answers to security questions and selecting a site key might seem cumbersome, but the process is much easier than filing police reports and dispute forms. 


Behind-the-Scenes Protection

The committee also required all financial institutions to conduct a strict risk assessment in which all the transactions conducted are evaluated for potential risk and safeguards are then established to mitigate that risk.  When new functionality is added to online offerings or new services are provided that allow for access to accounts or loans, authentications procedures are included and updated to ensure security.  We also learn from breaches and fraud attempts throughout the industry.  When a new threat surfaces, safeguards are immediately implemented. 

Here are some actions we might take to protect you:

            -Call-back (voice) Verification: after receiving a request for access to your account electronically or in writing, we may call you at the number(s) you supplied to us and ask some security questions before confirming the transaction.  If we do so, feel free to call us back at the number YOU have on file for us (see below) to ensure that we are the ones calling you. 

            -E-mail verification: We may send an e-mail to the address you gave us to confirm a particular transaction.  Keep in mind, though, we will not send you an e-mail asking you to enter account numbers, or other personal information.

            -We may verify possession of IDs used to open your account

            -Analysis of transactions for unusual activity that falls outside of normal patterns.  For example, if you usually send a certain amount of money to a vendor and suddenly increase the amount substantially, we may contact you to make sure you are the one who initiated the transaction.  You may have received such a call when traveling, for example.  To prevent delays or any unintended inconvenience, you may want to notify us if you will be leaving the area so that we can flag your account. 

            -Creating dollar amount thresholds which require manual intervention based on pre-determined limits. 


Doing Your Part

Our Free Online Banking service also offers some great tools for you to keep watch.  Working together, we stand a much better chance of successfully guarding against fraud.  You can set up notifications to receive e-mails or texts when certain thresholds on withdrawals or balances are reached.  That way you can quickly shut down fraudulent activity. 

You may also consider beefing up security on your computer, laptop, mobile phone or other device used to access your accounts.  This might include:

            -Firewalls on your operating system

            -Anti-malware programs

            -Anti-virus software

            -Patches and updates provided by the manufacturer of your operating system


Your Protections and Obligations under “Reg E” 

The Federal Reserve Board has established rules for credit unions known as Regulation E.  This regulation allows you to recover internet transaction losses based on how quickly you detect and report them to us.

Here are the Reg E rules:

            -You may be liable for the first $50 if you report a loss within the first two days of receiving your statement. 

            -You may be liable for the first $500 if you report a loss after the first two days of receiving your statement up to 60 days.

            -After 60 days you may be legally liable for the entire amount of the transaction, so don’t ignore your statements.  They are a necessary tool for ensuring that fraud is shut down promptly.  E-Statements, signing up for online banking and mobile banking can help you keep a vigilant watch on your accounts.  Hopefully, account security will become second nature. 

Report Anything Suspicious as Soon as Possible


We’re easy to reach:

By Phone at (626) 799-0882

Toll-Free at (800) 445-PFCU (7328)

By e-mail at

By fax at 626-799-2677

Lost/Stolen ATM/Debit Card After Hours 800.445.7328

Lost/Stolen VISA Credit Card After Hours 800.325.3678

“Like” us on Facebook and Follow us on Twitter @Pasadenafcu to get fraud updates as they occur.  Our blog also has great articles on fraud prevention.

Together, we can ensure safe, convenient and productive management of your accounts and loans at PFCU.

Leave a Reply

You must be logged in to post a comment.