CE Federal Credit Union

MULTI-FACTOR AUTHENTICATION

In our Fall 2006 newsletter there was an article regarding Multi-Factor Authentication (MFA). This is a security process required by federal regulations to be in place no later than December 31, 2006, for such activities as on-line retail shopping or Internet banking, such as our i-branch. This process is to aid in the protection against identity theft and fraud. The concept behind MFA is to do two things. First is to assure you when you log on to our i-branch website that you are on our legitimate, secure, encrypted Internet site, not a "phished" site. Second, MFA procedures will verify to us that you are the person who should be logging on to your account. Both steps are done through simple human actions on your part, that are at the same time technically complex processes. These steps will enable multiple levels of authentication of who you are and who we are when you log on thus providing security and peace of mind to both sides of the transaction.

Beginning on December 15, 2006, when you log onto the i-branch with your account number and password, you will be presented with a screen that explains briefly that we have implemented MFA steps in compliance with regulatory requirements. You will be given the option of enrolling in the MFA process or delaying the enrollment until a later date. We hope you will proceed immediately with MFA enrollment to begin your ID theft and fraud protection as soon as possible, but you will have until February 1, 2007, to delay the enrollment process. After February 1, 2007, you will no longer be allowed to access your account data without first enrolling in our MFA security features

In our desire to protect our members and their account data with strong levels of security without making it a long, tedious process, we have created a two-step security enrollment process. First, you will be asked to provide to us a word of your own choosing. This word will be presented to you each time you log on in a graphical word image and you will asked to re-type it. You've probably seen websites that ask you to type a word that looks like it's printed on a crumpled up piece of colored paper - that's the concept of this first level of security, known as CAPTCHA*. Only instead of our showing you a random word that we selected, we're going to let you tell us what your "crumpled word" will be.

Below is asample of this option. You will type in your own personal graphical word in the box. When you finish typing your word there will be a "preview" button to allow you to see how your graphical word will appear each time you log on. By letting YOU choose your word, there's no confusion over the letter l and the number 1 or the letters S, s, Z, z .

By having to type this word when you log on, you are assured that because the word YOU chose is presented you are at our secure site ("you know us - we know you"). At the same time, we are assured it's a real person logging onto your account, not an "auto-bot" combing the web in search of non-secure private information.

The second level of security will consist of a test question to which you will provide the answer. We will offer you a variety of test questions in the enrollment process from which to choose. You will select three of them from a drop-down list. Then upon logging on to the i-branch, you will be presented with one of the questions at random. Again, because you selected the questions to be presented you will know that you are on our secure website. By answering the question correctly we will know that it is you logging in to your account. Again, it's the concept of "you know us - we know you."

In addition to these two steps, you will also have the choice of registering your pc with our secure server for a 90-day period. By clicking on the "Please register my pc" option, a secure, encrypted browser cookie will be loaded on your pc (see "Technical Alert" below). A user can register as many pcs as they wish and a single pc can be registered for as many users as desired. Each user's registration of that pc will be linked to their own unique individual secure encrypted cookie, thereby prohibiting one user's access to another user's data. By registering your computer you will bypass both the CAPTCHA word in step one and the test questions in step two. For additional security reasons each registration will expire after 90-days, at which time you will simply re-enroll and re-register the pc, if you choose.

Under these processes, once enrollment is completed you can be assured that you are operating under the highest levels of security against theft of identity and fraud. Our goal is your security and peace of mind in these days of theft and fraud.

*CAPTCHA - Completely Automated Public Turing test to tell Computer and Humans Apart

Technical Alert: You should know that if you have set your browser security settings to automatically delete all cookies when you close your browser, the encrypted, secure browser cookie we'll put on your pc will be deleted also. Thus registering your pc will be futile. You will either need to reset your security settings NOT to delete your cookies when closing your browser or you will need to consign yourself to going through the the manual MFA steps outlined above each time you log on to the i-branch.

| Review our Privacy Policy |

Page updated on Monday, 04-Dec-2006



	MULTI-FACTOR AUTHENTICATION In our Fall 2006 newsletter there was an article regarding Multi-Factor Authentication (MFA). This is a security process required by federal regulations to be in place no later than December 31, 2006, for such activities as on-line retail shopping or Internet banking, such as our i-branch. This process is to aid in the protection against identity theft and fraud. The concept behind MFA is to do two things. First is to assure you when you log on to our i-branch website that you are on our legitimate, secure, encrypted Internet site, not a "phished" site. Second, MFA procedures will verify to us that you are the person who should be logging on to your account. Both steps are done through simple human actions on your part, that are at the same time technically complex processes. These steps will enable multiple levels of authentication of who you are and who we are when you log on thus providing security and peace of mind to both sides of the transaction. Beginning on December 15, 2006, when you log onto the i-branch with your account number and password, you will be presented with a screen that explains briefly that we have implemented MFA steps in compliance with regulatory requirements. You will be given the option of enrolling in the MFA process or delaying the enrollment until a later date. We hope you will proceed immediately with MFA enrollment to begin your ID theft and fraud protection as soon as possible, but you will have until February 1, 2007, to delay the enrollment process. After February 1, 2007, you will no longer be allowed to access your account data without first enrolling in our MFA security features In our desire to protect our members and their account data with strong levels of security without making it a long, tedious process, we have created a two-step security enrollment process. First, you will be asked to provide to us a word of your own choosing. This word will be presented to you each time you log on in a graphical word image and you will asked to re-type it. You've probably seen websites that ask you to type a word that looks like it's printed on a crumpled up piece of colored paper - that's the concept of this first level of security, known as CAPTCHA. Only instead of our showing you a random word that we selected, we're going to let you tell us what your "crumpled word" will be. Below is asample of this option. You will type in your own personal graphical word in the box. When you finish typing your word there will be a "preview" button to allow you to see how your graphical word will appear each time you log on. By letting YOU choose your word, there's no confusion over the letter l and the number 1 or the letters S, s, Z, z . By having to type this word when you log on, you are assured that because the word YOU chose is presented you are at our secure site ("you know us - we know you"). At the same time, we are assured it's a real person logging onto your account, not an "auto-bot" combing the web in search of non-secure private information. The second level of security will consist of a test question to which you will provide the answer. We will offer you a variety of test questions in the enrollment process from which to choose. You will select three of them from a drop-down list. Then upon logging on to the i-branch, you will be presented with one of the questions at random. Again, because you selected the questions to be presented you will know that you are on our secure website. By answering the question correctly we will know that it is you logging in to your account. Again, it's the concept of "you know us - we know you." In addition to these two steps, you will also have the choice of registering your pc with our secure server for a 90-day period. By clicking on the "Please register my pc" option, a secure, encrypted browser cookie will be loaded on your pc (see "Technical Alert" below). A user can register as many pcs as they wish and a single pc can be registered for as many users as desired. Each user's registration of that pc will be linked to their own unique individual secure encrypted cookie, thereby prohibiting one user's access to another user's data. By registering your computer you will bypass both the CAPTCHA word in step one and the test questions in step two. For additional security reasons each registration will expire after 90-days, at which time you will simply re-enroll and re-register the pc, if you choose. Under these processes, once enrollment is completed you can be assured that you are operating under the highest levels of security against theft of identity and fraud. Our goal is your security and peace of mind in these days of theft and fraud. CAPTCHA - Completely Automated Public Turing test to tell Computer and Humans Apart Technical Alert: You should know that if you have set your browser security settings to automatically delete all cookies when you close your browser, the encrypted, secure browser cookie we'll put on your pc will be deleted also. Thus registering your pc will be futile. You will either need to reset your security settings NOT to delete your cookies when closing your browser or you will need to consign yourself to going through the the manual MFA steps outlined above each time you log on to the i-branch.
	Products \| Rates \| What's New \| Links \| Contact Us \| ART Codes \| Site Map \| Review our Privacy Policy \| Copyright © 2006 C-E Federal Credit Union. All rights reserved. Page updated on Monday, 04-Dec-2006