The current VerifyU system has been in place since December 2005 and has been helping protect members' accounts by randomly challenging on logins and for higher risk transactions. The challenge questions were put in place primarily to protect against phishing where criminals were stealing usernames and passwords and then using them to gain access to accounts. The challenge questions did protect against phishing, but online security threats have expanded well beyond phishing over the last few years. Challenge questions are no longer enough.
That's why we are very proud to introduce the new VerifyU which features true out-of-band, multi-factor authentication to protect your account.We have been working on this new system for over a year in order to make it as secure as possible while still providing convenience to manage your accounts with us online.
At this time, enrollment in the new VerifyU is completely optional. However, over time we will begin to remind members of the benefits of improving their online security and encourage enrollment with the goal of making enrollment mandatory by the end of 2013. At first, the new system may seem a bit burdensome, but you'll quickly find it works much better than the challenge questions and significantly increases the security of your Web Branch account.
|Found on the Profile & Services tab|
VerifyU works by first having you log in normally using your username and password. Then, depending on a number of factors, the system decides if you need to be challenged. However, instead of asking a challenge question, we will be delivering a one-time code to you. This one-time code is not known by anyone prior to it being needed. Because of this, it is much more secure than a challenge question. Future logins from that same computer or device should not require challenges on log in. The system will always challenge you on a "high risk" transaction due to the sensitivity of those transactions.
In order to accommodate the many different computers, tablets and smart phones members use to log into Web Branch as well as the many different places you might be when you are logging in, we offer many different ways to have the one-time code delivered to you. When a one-time code is required, you'll be able to choose from any of the options you are enrolled in to have the code delivered to you.
- Phone Call--get the one time code delivered to your home, work or mobile phone via a voice call. When you answer, an automated message will play providing you with the code. You, of course, will need to be in one of those locations or have cellular coverage to receive the code. We also recommend putting in a "backup" number like one of a trusted family member or friend who could tell you the code if other options aren't available or working for you. By involving them in the process, the backup person would not know your username, password or member number or have access to any of your information.
- Text Message--get the one time code delivered to your mobile phone via text message. You will need to have your phone and have cellular coverage to receive the code.
- Email--have the one-time code emailed to you. We are offering email as a temporary way to receive the code as members get used to the new VerifyU one-time codes. If you have a good understanding for how the new VerifyU works, we highly recommend you don't enable this as the code delivery is not out-of-band. We plan to phase out the email option once members are used to the new VerifyU.
- VerifyU Key--a printable key (or you can take a picture of it) that allows you to decode the cypher we present. Think of this as a "secret decoder ring" for Web Branch. The best part of this is it works with no cell phone coverage or when you aren't near one of your phones.
- Smart Phone App--this option delivers the one-time code to you via an installable app on your smart phone. Like the VerifyU Key, it does not require cell phone coverage, but you must, of course, have access to your phone.
|Code delivery options|
We are very excited to bring the new VerifyU to our members and feel strongly that we need to continue to look for ways to improve security to protect your accounts and sensitive information. We welcome your feedback as you begin to use the new VerifyU.