In 2007, Grossmont Schools Federal Credit Union implemented the use of "multi-factor authentication" for our Internet Branch, CU@U. The federal government had mandated that all financial institutions in the United States must have this process of improved authentication in place for their customers and members who access their accounts via the Internet.
What is multi-factor authentication? Let's start by first explaining single-factor authentication which is very common to all of us. It associates a Personal Identification Number (PIN) with a username. The username identifies a user while the PIN confirms or authenticates the user is actually who they claim to be. GSFCU has always maintained an additional layer of security on our Internet Branch, CU@U, as a member must authenticate the user name with a PIN AND a password.
Any system that requires more than just a username and PIN has typically been referred to as multi-factor authentication. Authentication methods that depend on more than one factor are more difficult to compromise than single-factor methods.
CU@U Internet Branch users will see the impact of multi-factor authentication in the coming months. There will be an enrollment period during which members will be asked to supply additional authentication information, known as "challenge questions." This will be information that non-legitimate users would not be expected to know and would find difficult to guess.
Members who log onto CU@U Internet Branch will be given three opportunities to enroll. They will be asked to provide answers to a small number of questions. The questions will be ones that only a legitimate user would be able to answer.
If members choose not to enroll at the first invitation they may proceed with home banking activities. However, if they do not enroll by the time of their third login, they will not be able to proceed until they have completed enrollment.
Once members have enrolled in the multi-factor authentication process, they will log into home banking as they always have - using a username, PIN and password. In the vast majority of cases they will never be prompted to answer the "challenge questions". Only when the system detects unexpected activity will the member be prompted.
Such unexpected activity might include accessing the Internet Branch from a non-typical location or an unusually large transaction. One of these might prompt a request for higher-level authentication. A member would then not be able to proceed with their Internet Branch activities without successfully answering these challenge questions. The system assumes that only a legitimate member will know the answers to these higher-level prompts.
As always, Grossmont Schools Federal Credit Union is committed to maintaining the security and privacy of your information. If you have any questions regarding this new Internet Branch process please contact us at firstname.lastname@example.org or call 619-588-1515.