Customer Portal Send Feedback Print

Previous Topic

Next Topic

Book Contents

Access Controls

Cookies are small text files placed on the user’s computer by a web site. CSI Digital Banking, like many other commercial web sites, uses a technology called "cookies" to provide tailored information from the web site. There are two types of cookies: persistent cookies and temporary or session cookies.

CSI Digital Banking sites use session cookies to assist in securing activities and to enhance the performance of our web sites. Session cookies are used for authentication purposes. Once a user logs in to a web site, the browser receives a session cookie that has a time stamp on it. As the end user moves around a web site, the browser submits the session cookie whenever the browser requires a private web page. This is how the site knows that the person who logged in is the same person requesting the private pages.

CSI Digital Banking persistent cookies contain an encryption key in the cookie that must match the encryption key on the database at the web host location in order to skip the security questions previously entered when creating the password.

Bank Administrators can choose from four options that will control how the "Remember this device" feature functions. These options are Disabled, Cookie, IP-Based Cookie, and Device Fingerprint.

  • "Disabled" will simply remove the ability for any user to use the "Remember this device" feature. This will require the user to input a security question or OOBA each time they log into the internet banking system.
  • "Cookie" will store a cookie on the user’s computer but will not tie this cookie to an IP address on the internet. This method is not recommended due to the ability to copy this cookie from one computer to another
  • "IP-Based Cookie" is a far better approach than the standard "Cookie" option because the internet banking server keeps a record of what IP address is associated with that cookie and will not allow it to be passed to another computer.
  • "Device Fingerprint" is the most advanced method available because it does not require the use of a persistent cookie. The fingerprint is a proprietary hash created from various hardware and software components that can uniquely identify that device for digital banking services creating a known device. This allows the device move from one IP to another and still function properly. This option allows for the highest level of security and usability.

Regardless of which method is used, the end user’s computer expires based on the setting within the Admin console. The financial institution can set the Days Until Security Cookie Expiration (1- 365). The numeric value is the number of days the security cookie is valid. After that time, the computer is required to be registered again. Valid entries are 1-365 (the number of days). The default value is 30.

In addition to the authentication in place for Digital Banking, the Digital Banking app offers specific validation options.

  • "PIN" allows a user to create a 4-digit code for login on a known app device.
  • "Auto Login" allows a user to access a subset of features in a read only mode on a known device.
  • "Biometrics" permits fingerprint access in place of credentials on a known device.

SMS/text banking is also available for client access. This service authenticates based on phone number and returns select information upon request.

69997

In This Section

Enrollment

Multi-Factor Authentication

IP Tracking (GeoLocation) and Access

Physical and Environmental Controls

See Also

Network Controls

Processing Controls

Digital Banking Safeguards to Mitigate Risk (OWASP Top 10)

Top of Page Customer Portal Send Feedback Print