Electronic Banking Authentication


Your community bank, along with the banking industry, recognizes that as the electronic financial world gets more complex, online fraudsters become more sophisticated as well. In response, the banking industry has taken a comprehensive approach to meeting this growing threat.

The first step involved a complete "risk assessment" of current electronic security measures. From this assessment came two objectives:


Most electronic fraud falls into one of three categories:

  1. Phishing - Fraudulent e-mails, appearing to be from a trusted source such as your bank, direct you to websites. Once there, you are asked to verify personal information such as name, account and credit card numbers, passwords and the like. These sites are often designed to look exactly like the site they are imitating. The information you provide is used to hijack your accounts and your identity. E-mails that warn you, with little or no notice, that your account will be shut down unless you reconfirm certain information, are very likely to be phishing. Delete the message and use a phone number or website address you know to be legitimate to check the source.

  2. Pharming - or "domain spoofing.' is an attack in which a user can be redirected from a legitimate site to a fraudulent site and then fooled into entering sensitive data such as a password or credit card number. The fraudulent site often looks like the legitimate site (e.g.. your bank). It is different from phishing in that the attacker does not have to rely on having the user click a link in an email to deceive the user---even if the user correctly enters a web address into a browser's address bar, the attacker can still redirect the user to a malicious web site.

  3. Malware - is software designed to infiltrate or damage a computer system without the owner's knowledge or consent. It is a blend of the words "malicious" and "software." It includes computer viruses, worms, trojan horses, spyware, adware, and other malicious and unwanted software.


New ways to verify identities should make web banking safer than ever:

Your bank wants to be sure that the level of authentication (i.e., the way you identify yourself and the security measures you employ) in a particular transaction is appropriate to the level of risk in that application. As a result, you might begin to experience some changes in how you identify yourself and gain access to your accounts over the internet. These authentication changes will help make you safer than ever before from account hijacking and identity theft.

Today's authentication methods involve one or more basic "factors":

Single-factor authentication uses one of these methods; multi-factor authentication uses more than one:

When you log on with a password, you are using single-factor authentication; when you use your ATM, you are using multi-factor authentication: Factor number one is something you have, your ATM card; factor number two is something you know, your PIN.

In addition to single and multi-factor authentication, your bank may also rely on several layers of control to assure your Internet safety. These layers might include

Regardless of the types of authentication employed, you can be assured that your bank is working to make your online transactions safer and more convenient than ever before.


While no defense can protect against every threat, you can enhance your security online with some healthy skepticism:


The following links can help you find useful information and guidance: