Skip to content
BOL Conferences
Thread Options
#657586 - 12/27/06 02:57 PM Need advice on multi factor tokens.
joeschmoe Offline
Member
Joined: Dec 2005
Posts: 70
I don't work at a bank so I need a little help understanding this. If a bank decides to use the tokens as a form of MFA, can the bank force all customers to purchase them or does the bank have to give the customer a second option with no fees such as Passmark?

What if a biz account owner purchases a token but allows employees to access the account as well. Do they have to purchase a token for each employee?

Return to Top
eBanking / Technology
#658254 - 12/28/06 02:35 PM Re: Need advice on multi factor tokens. joeschmoe
FraudHorn Offline
Member
FraudHorn
Joined: Dec 2005
Posts: 60
Maine
A bank can't force a customer to do anything. If the bank chooses tokens as its only form of MFA for its retail banking customers, the customer will have the choice of buying the tokens, discontinue using online banking, or take their business to another bank which has a more firendly MFA solution.

Is your bank choosing tokens and has asked that you purchase them. Although all banks are required to risk assess the online banking environment and MFA is the most popular solution, I would consider this to be a questionable business decision.
_________________________
The cannons don't thunder there's nothin' to plunder.

Return to Top
#658666 - 12/28/06 08:51 PM Re: Need advice on multi factor tokens. FraudHorn
joeschmoe Offline
Member
Joined: Dec 2005
Posts: 70
So if someone refuses to purchase the token from a Bank will the Bank just take away their IB access?

Return to Top
#658844 - 12/29/06 01:13 PM Re: Need advice on multi factor tokens. joeschmoe
FraudHorn Offline
Member
FraudHorn
Joined: Dec 2005
Posts: 60
Maine
According to the guidelines the FI cannot give a customer the option to opt-out. If tokens is the only form of MFA the FI will offer for IB access, then yes, the customer will not be able to access without a token. The key here is that single-factor authentication is no longer sufficient for online banking (unless your online banking product is so basic it does not allow any risky transactions like bill pay, ACH, wires, etc. and does not reveal any non-public personal information). Maybe your MFA solution will allow customers to logon with single factor, assuming account numbers and other non-public infor is masked. Then only customers that use bill pay need a token to get into that area. Again, I would really question the business decision to use tokens for your retail customers. Business customers, sure, but a Passmark solution for retail made much more sense for us, from a cost perspective and a user friendly envoronment perspective.
_________________________
The cannons don't thunder there's nothin' to plunder.

Return to Top

Moderator:  Andy_Z