Posts Tagged ‘site-key’

Multi-Factor Authentication Foils Cyber-thugs

We sometimes get complaints from members who are frustrated with the set-up and maintenance of security for their online account access.  Here are some reasons not to loathe the security questions, site keys and other safety measures in place online:

Six federal regulators governing the financial sector have combined forces to strengthen the online security of your accounts.  Together, they make up the Federal Financial Institutions Examination Council (FFIEC).  The guidelines they set forth are designed to help financial institutions like PFCU make sure the individual attempting to access your accounts electronically is actually you. 

The First Line of Defense

If you aren’t used to strong online security, it can feel a bit like jumping through a series of virtual hoops.  Keep in mind, the “hoops” are meant to be easy for you to navigate, but difficult, if not impossible, for anyone who may have tried to steal your identity to breach.  

First, there is the authentication process.  One or more of the following are used to authenticate you:

            -Something you have (ATM/Debit Card)

            -Something you know (Password, PIN, or Personal Identification Number, site key)

            -Something you are (biometric device, etc.)

The more factors are included, the stronger the defense of your accounts.  That is why PFCU combines several factors to protect you.  We include a site key, for example, which is an image specific to you accompanied by a phrase you create, which let’s you know you are at our site.  If you log in and don’t see your site key, escape right away, try to enter through our website and, if you still don’t see it, contact us promptly. 

Layers

To maximize security, the “hoops” are utilized at different points in the transaction process so that someone who may be able to overcome one obstacle may be tripped up by another.  For example, after completing one transaction, it may be necessary to re-enter a PIN or answer a security question before the next transaction.  The layers of security can help us identify suspicious activity.  They can also limit exposure to losses should someone gain unauthorized access to one transaction.  Setting up the answers to security questions and selecting a site key might seem cumbersome, but the process is much easier than filing police reports and dispute forms. 

  Read the rest of this entry »

Ramnit: A Cyber Worm that Can Really Ruin Your Day

Staying ahead of malicious computer programmers is a challenge and requires an ever more complicated combination of precautions to ensure that your financial data is not getting into the wrong hands.

In a recent article, we warned you about “spiders” on the worldwide web.  Another particularly dangerous threat is known as a “worm”.  A worm is able to spread to other computers without being transmitted through e-mails or malicious websites.  One such worm is the “Ramnit” which has surfaced in Europe but is quickly spreading throughout the world.  The Ramnit takes advantage of the viral aspect of sites like Facebook.  Programmers realize that many people use the same password for social networking sites that they use for their bank accounts.  This makes it very easy for a worm to capture data and provide access to the funds of unsuspecting victims.  In addition, it sends messages to a user’s friends disguised as an article or other link and then prompts them to click.  As many as a million people a day click on erroneous links that then infect their computers, and the results can be a real headache.  If it seems unlikely that a friend would send you particular message, they probably didn’t.  Beware. 

Pasadena Federal Credit Union constantly monitors fraud alerts and works with online services that invest millions of dollars annually in security.  Our web hosting company has received numerous awards for their attention to security and we regularly review their efforts. 

Unfortunately, even a well-constructed password by itself is not very effective these days in protecting accounts.  Our new Online Banking and Bill Pay upgrade includes some new multi-factor authentication steps.

            -A site phrase selected by the user

            -A site key, which is a picture unique to each individual that helps verify they are on the actual site they intend to log into and not an imposter site

            -Security Questions

Never use the same password for multiple accounts and do not use a password a stranger could guess, such as your birthdate, social security number, address, nickname or other information.   These can open the door to identity theft.  Keep a log of hints that would help you recall a password but which would be meaningless to anyone else.   

When answering security questions that are things others might easily discover about you, such as names of relatives, your favorite color, etc. consider purposefully choosing an alternative answer (one that you will remember).  For example, if your niece is named Susie but she has blond hair, you might consider saying her name is “Blondie”.  Remember that someone who gains access to your social network also gains access to a potentially rich mine of information about you.  They can often determine things such as the names of family members, so those answers may not be the best ones to protect you. 

We have a very helpful demo on our website that walks members through some the exciting and helpful changes effective on our Per$onal Branch Online Banking and Bill Pay beginning February 9, 2012.  Watch it to familiarize yourself with these changes.