|
New
Online Banking Security Updates
| New online banking security
features utilizing Multi-Factor Authentication (MFA) required
by the Federal Financial Institutions Examination Council
(FFIEC) will be implemented the week of June 23, 2008. |
 |
Setting Up Your MFA Preferences
- You will be required to select a new image and
phrase. The image and phrase that you may have previously selected will go
away and will be replaced by new ones. They will only display once during
the log in process on the password screen (not on each screen as the image
did previously).
- You will be asked whether or not you want the
system to remember the computer you are currently using as the computer you
will normally use to log on to Sharefax-Online, or in other words, create a cookie.
(If you do not wish to do so, you will need to answer a security question
each time you log on.)
- You will be prompted to set up security
questions and answers. The security questions will replace the
online keyboard security feature. These questions will be asked
only if the system doesn’t recognize your computer.
Signing On After MFA Preferences are Set
Up
Step 1: Enter account number & PIN
Step 2: Verify security image and phrase, then enter password
Step 3: If the system doesn’t recognize your computer, you will be required to
answer a challenge question. If it does, you will move on
These new security features are being put in
place to make your online banking experience as secure as possible. If you have
any questions, please call us at (513) 753-2440 or email us at info@sharefax.org.
Sharefax-Online Security FAQ
Sharefax Credit Union uses the latest technology
to protect your account information from exposure to unauthorized persons. Below
are some of the components of this security system:
- An account number, PIN and password are
required to access the system
- Multi-factor authentication to further verify
your identity
- Virtual keyboard for password input to prevent
keystroke logging
- 128-bit encryption encodes your transmissions
when crossing the Internet
- After entering a PIN/Password incorrectly six
times, access to an account is blocked
- SSL certificate issued by industry standard
authority, Verisign
You are responsible for protecting the secrecy of
your PIN/Password in accordance with the terms contained in your Membership
Account Agreement. We recommend you not store secured pages in your computers
cache memory or leave your computer unattended while you are logged into
Sharefax-Online.
What is multi-factor
authentication?
What is encryption?
What is SSL certificate?
What is a firewall?
Why does Sharefax-Online set
cookies?
| What
is multi-factor authentication? |
 |
Attacks against consumers’
personal financial data and accounts when conducting business online
continue to rise. The Federal Financial Institutions Examination Council (FFIEC)
has stated credit unions must implement “effective methods of
authentication” stronger than single-factor authentication methods, such
as passwords. |
Our permanent multi factor authentication (MFA)
solution provides the assignment of a unique Device ID to your computer or other
device that will access our Sharefax-Online banking site, in addition to
choosing a unique image and a phrase. If you log on from an unknown device, you
will be asked to validate your identity by answering a challenge question, which
you selected upon your initial log on to Sharefax-Online with MFA.
Our solution provides you with two-way
authentication, assuring you that you have reached our Sharefax-Online authentic
site as opposed to a “phished” or “spoof” site.
Click here to log into Sharefax-Online
Banking and enroll for MFA now.
What is
encryption?
| Encryption takes
meaningful text and numbers and scrambles them into numerical nonsense
before transmitting them across the Internet. Your account information
becomes "all mixed up and nonsense" when encryption is in place.
For example, "transfer $40 from checking to savings" could
become something like
"75f21d4!s4a8e3g562hjt*b81t7d4s31e7tr3g&12". |
|
|
| The encryption process occurs
for information going in both directions - from your computer to the
credit union and vice versa. Encryption uses complex algorithmic formulas
to create a key that is used to translate the nonsense back to
"transfer $40 from checking to savings". There are billions of
potential keys, and a different key is used for each Sharefax-Online
session. Your computer and Sharefax Credit Union's computer establish this
key when they make your Sharefax-Online connection. |
|
Because there are billions of potential keys, it
would take a hacker several lifetimes to come up with the exact key a specific
transmission uses. Netscape estimates that the 40-bit level of encryption would
take over 64-MIPS computer a year of dedicated processor time to break. Sharefax-Online
128-bit encryption would be exponentially more difficult to break.
Secure Sockets Layer (SSL) technology are
cryptographic protocols that provide secure communication on the Internet for
such things as web-browsing, e-mail, and other data transfer.
Every SSL Certificate is created for a particular
server in a specific domain for a verified business entity. Like a passport or a
driver’s license, an SSL Certificate is issued by a trusted authority, the
Certificate Authority (CA). When the SSL handshake occurs, the browser requires
authentication from the server. A customer sees the organization name when they
click certain SSL trust marks (such as the VeriSign Secured™ Seal on Sharefax-Online).
VeriSign is the SSL Certificate provider of
choice for over 93% of the Fortune 500 and the world’s 40 largest banks,
businesses that know the most about Internet security.
A firewall is a hardware and/or software solution
that restricts access from your internal network to the Internet and vice versa.
You can think of it as a security gate; all traffic incoming and outgoing is
stopped at this gate. Because it is "stopped" the firewall can make
sure that the information is acceptable; in other words that it conforms to the
security of the site. Sharefax Credit Union uses the latest firewall technology
available.
| Why
does Sharefax-Online set cookies? |
| In order to better serve you
and protect your account information, we use "cookies",
nuggets of data that are stored on your hard drive as a file. We use
cookies to verify that your computer is the computer that originally
logged onto Sharefax-Online and that some other computer isn’t trying
to impersonate your computer. Cookies are also necessary since they are
used in the encryption algorithm. None of your personal or account
information is stored in the cookies we use, only information necessary
to maintain a secure connection. |
 |
Cookies do not compromise privacy. Their data is
usually stored on your computer's hard drive as a very small file or folder
called "cookies", and you can delete this file anytime if you choose.
The cookies in Sharefax-Online are only valid for the current session and
shortly become invalid. Finally, cookies created by one site will only work with
that specific site. Site A, for example, cannot read cookies generated by Site B
and then use that information for purposes for which it was not intended.
Still have questions?
If you should have additional questions or
concerns please contact us at info@sharefax.org.
| 
