By: William Sikes, Information Systems Security Officer
Lately, it’s not uncommon to hear news stories about data breaches at big-name companies and government entities. With each breach, more private data becomes public—making it easier for criminals to gain unauthorized access to your accounts. Hackers are also using various techniques—phishing, viruses, keystroke logging—to try to steal your personal information. It’s very clear that a simple username and password combination isn’t strong enough to protect your valuable account information. In order to secure your accounts with VyStar, the new Internet & Mobile Banking applications use Intelligent Authentication™ (IA) from Fiserv to strengthen the authentication process. Here’s how IA provides you with high-tech security against today’s hackers.
Accessing your accounts with a username and password is known as single-factor authentication because it solely relies on something you know (your username and password combination). Multi-factor authentication (MFA) relies on more than one of the three basic factors used to authenticate a user, making it a more secure process. The factors used today are:
If you use an ATM or debit card, you are using MFA because you need two factors to complete the transaction: your ATM or debit card (something you have) and your PIN (something you know).
This is where IA comes in. When computers or mobile devices connect to each other over the Internet, they exchange basic information about each other, including time and date, Internet Protocol (IP) addresses, language, etc. IA uses this information to build an “access signature” that can be retained and referenced with each login attempt to determine if the user that is attempting to log in fits the historical behavioral pattern of the authorized user. If it is not a strong match, IA will invoke an MFA component (i.e., send a verification code or present a challenge question) as an additional layer of protection for the member against potential malicious activity.
IA builds the access signature over time. Just like it takes time for you to recognize another person’s face, IA also takes time to learn each user as they access their accounts on their computer. Until a reliable access signature can be built, any user will likely be challenged when they log in. Even then, a strong IA system will still occasionally challenge the user, especially if their behaviors or usage patterns change. The challenge is typically a code that’s sent via text or voice call to your mobile phone (something you have) and is the second factor in the MFA process. Other options are available, but this is the most common method.
Prior to the Internet & Mobile Banking conversion, a user could tell the system that the computer or device they were using was secure and therefore could limit the challenges they received when logging in to the system. With IA, the access signature must be compiled before challenges are limited. This means you’ll likely receive more frequent challenges—especially right after enrollment, when changing devices you use or after long periods of not using Internet & Mobile Banking. The challenges are designed to make sure you are the only one that can access your accounts. While the old system of letting the computer recognize you was a good security feature, it is becoming less desirable. Modern, more desirable systems have moved to neural security systems, like IA and the one our new Internet & Mobile Banking system uses.
It can be a crazy world out there, but your account safety is our top priority. Rest assured that VyStar protects your personal information with up-to-date technology in account security.
*The content provided in this blog consists of the opinions and ideas of the author and should be used for informational purposes only. VyStar Credit Union disclaims any liability for decisions you make based on the information provided.