OOBA (Out of Band Authentication)

Out of Band Authentication refers to the utilization of a separate network or channel to verify the identity of the user. Utilizing this separate path to communicate with the user further assures the request to Digital Banking is legitimate. This feature would replace the Security Questions discussed previously with a physical verification based on an established device the user has access to. A user’s phone can be registered to more than one digital banking login. Additionally, more than one phone can be registered to a user’s digital banking login. Four methods are available to facilitate the authentication of the user. These methods are: SMS message (text message), phone call, mobile application push and one- time passcode. The OOBA system can also be used to secure specific features within the Digital Banking products.

A SMS or text message can be requested at the time of login. The OOBA system will text the user a numbered code that is to be keyed into the Digital Banking during the login process. This method requires that the phone established has access to text messaging and standard text messaging rates would apply. The financial institution can choose to send a single code per text message or up to ten codes at one time. Each code will become invalid after being used.

Expirations can also be placed on the code(s) issued after a specified number of minutes.

The user can request that the system initiate a call. Once the call is received, the user must answer and respond to the directions in order to continue with the login process. The financial institution can choose to allow any key to be pressed to authenticate the login process, or require a specified key to authenticate and another specified key to report the attempt as fraudulent.

The phone used can be a mobile phone or a land line.

The mobile app push can also be utilized for those users that possess a smart phone that have access to the iTunes app store, Google Play app store, Windows apps and games or Blackberry world. Push notifications must be enabled on the user’s smartphone to allow this feature to work properly. Once a request to log in has been initiated, the OOBA system will send a push notification to the user’s phone, which will prompt the user to approve or deny the request. If Approve is selected, the user will be allowed to continue with the login process. If Deny is selected, the user will have the opportunity to report the activity as fraudulent or a mistake.

A one-time passcode can be generated from the mobile application. This feature can be utilized even if no Wi-Fi or Phone service can be established. This feature works similar to a secure token discussed earlier in this document.

In addition to securing the login process the OOBA system can secure features that are considered more complex and thus require a higher level of security. The features that can be secured include but are not limited to ACH and Wire approvals, external transfers, and bill pay access.

70005