MFA or Multi-Factor Authentication is a new layer of security being added to online banking by financial institutions. The federal government has determined that simple user id and password verification is too easily spoofed by a cyber-critter and has there fore required F.I. to add another layer.
There is a pretty good article on Wikipedia on this topic that you can read here.
As I type this I can hear protests about how inconvenient it will be to have to go through another step to get to your information. My feeling is this, it’s a lot more inconvenient to have to go through a fraud and lose all my money to some cyber-critter with too much time on his hands and who, in all likelihood, will never get caught. It is the same approach I have about the increased airport security. If my being troubled just a bit keeps my plane from being the one they talk about on the news, more power to ‘em.
MFA relies on a few things and the levels that your own FI will go to is largely up to them. Our credit union chose to go with a two-factor verification, and it goes a little something like this. You log into your account as usual. But one time and one time only, you have to choose a picture from a group of pictures that the FI has provided. Second you have to set up one or several (again, wholly up to your FI) challenge questions to which only you know the answer.
The idea behind this procedure is that when you log in using your id and password, it gives you access to the next layer of security. Then you will see the picture that you have chosen. Since only 2 people in the world know what you have chosen, you can be reasonably sure that you are on your FI’s servers. You must also answer your challenge questions. This lets the FI know that you are you; because, you are, theoretically the only one who knows those answers.
That’s it. You’re in and everything should act as normal from there.
Like I said earlier, this is how my credit union has chosen to do this. There are a lot of other possibilities out there. Some FI will allow you to download a certificate to your pc that will let you into your account taking the place of the challenge questions. This is great, as long as the certificate doesn’t get compromised, and it makes your pc the ONLY one you can do online banking from.
With the advent of the biometrics for pcs, like using your fingerprint to log into Windows or to unlock the pc from screensaver, you may one day see the ability to scan your fingerprint from your pc to access your account.
Ok, that’s two pretty dry write-ups in a row. Story from growing up with LD next time, I promise.