Online Security Features
Frequently Asked Questions
- What is MFA online security?
- Why do I need Multi-Factor Authorization (MFA)?
- How does it work?
- How is MFA more secure?
- What keeps somebody from stealing my picture?
- Why am I being asked a question when I try to log-in?
- Can I access my account from multiple computers?
- I am not an Internet expert. How easy is MFA to use?
- I share my computer with someone who has their own account. Can both of us still log-in from this machine?
- What happens if someone steals my password? How will MFA keep them from accessing my account from a different computer?
- Can I change my MFA picture and caption?
- How do you know I am logging in from my own computer?
- What is Phishing?
- I am trying to log-in from my own computer, but the Peninsula Credit Union web site is not showing me my MFA. Instead, it is asking me a question. What is happening?
- What is a Trojan or Key Logger?
- How does MFA protect me from a Trojan or Key Logger?
- If I don’t want to use Multi-Factor Authentication to access my accounts, can I opt out?
- If I share access to my accounts with another person can we each choose our own image and challenge questions?
- What are the required browser settings?
- My pass phrase has begun appearing below my personal image. Is this how it’s supposed to be?
All online accounts are protected with a higher level of security called "Multi Factor Authorization" or MFA for short. Simply put, MFA better protects you against online theft and fraud, provides you with more peace of mind when banking online, and will help minimize the risk of falling victim to a "spoofed" web site.
How It Works:
You will complete a simple, one-time enrollment process the first time you log into the enhanced system.
- You’ll select a picture from an online library of images; the image will be displayed to you on future Online Access logins. The image is known only to you and the credit union.
- You’ll also enter a word or phrase that will be displayed along with your image when you login. The text phrase is known only to you and the credit union.
- You’ll select three "Challenge Questions" and provide the answers to the questions.
Logging into Online Access
After enrollment, when you log into Online Access you’ll enter your User ID. Then, we’ll show you the picture and text phrase you selected. If the image and phrase shown to you are correct, you’ll continue with the login and enter your password. This is your assurance that you are logging into the legitimate PCU home banking web site, since no one else knows your image and text phrase.
Challenge questions will only be displayed if you log into Online Access from a different computer than you used when you enrolled. If we don’t recognize the computer, we will double check that it is really you. This is another layer of security designed to protect your account from unauthorized access if your account information is stolen, and help us identify you when you are logging into Online Access from an unknown computer. You’ll have the opportunity to "register" computers you regularly use to access your online account. Once you successfully answer the question, we’ll show you your picture and phrase.
1. What is MFA online security?
The MFA Solution provides you added safety by helping ensure that only you can access your account. Your MFA is a picture and caption that is a shared secret between you and the PCU web server. When you see your MFA you can be confident that you are at the legitimate PCU web site, not an imposter site.
Make sure you see your MFA before you enter your password.
In addition, the MFA Solution remembers which computer(s) you normally use, preventing potential fraudsters from logging into your account even if they somehow get hold of or guess your username and password.
2. Why do I need a MFA?
MFA is an enhanced security feature that helps protect you while you access your on-line account. On the Internet today, fraudsters attempt to steal your identity by impersonating the web sites you trust (phishing). We are committed to proactively protecting you, our member, against such attacks. MFA helps us do this.
3. How does it work?
When you visit your branch ofﬁce, you know our faces and we know yours. MFA does the same thing over the Internet. It is a new method to identify us to you and you to us. When you enroll in MFA, you will select a secret picture and caption known only to you. Whenever you log-in we will show you this picture so you can rest assured that you are accessing the real PCU site and not an impostor site.
We also check the computer(s) or device(s) that you are using to access the web site. Typically you will access the web site from one or two computers, such as your work and home machine. MFA remembers your computer. Should you need to log-in from a different computer, such as an Internet café, we will take additional steps to verify your identity, such as ask you to provide the answer to secret questions we both know the answers to.
MFA remembers your computer by assigning a unique identiﬁer to each computer you use to access our web site using standard secure cookies. The cookie is used to store the identiﬁcation information only. No personal or private data is stored in any way.
4. How is MFA more secure?
MFAs protect you from accidentally revealing your username and password to a fake site. In addition, if someone does somehow get your username and password, he will still not be able to access your account because he is not at your registered computer.
5. What keeps somebody from stealing my MFA picture?
We only show you your MFA picture and caption if you log-in from your own computer, or after you have answered a secret question. So, it is not possible for an unauthorized person to get access to your picture.
6. Why am I being asked a question when I try to log-in?
We ask you a secret question when we detect that you are trying to log-in from a new computer. This is to prevent someone with stolen passwords from logging into your account. Since only you know the answer to the questions, our server will know it’s really you. Generally you will be asked to answer a secret question only when you log-in for the ﬁrst time from a new computer.
After you answer the question, you will be asked whether we should remember this computer for future log-ins. If you are using a personal computer, you should answer yes. If you are using a public terminal, you will want to answer no.
7. Can I access my account from multiple computers?
Yes, you can still access your account from any number of computers. If you log-in from a new computer or a public terminal, you will just need to go through one extra step of answering a secret question. This helps protect you by keeping unauthorized people from accessing your valuable information. There is no limit on how many different computers you can use to log-in to your account.
9. I share my computer with someone who has their own account. Can both of us still log-in from this machine?
Yes, you can both use the same computer to log-in to your individual accounts. There is no limit on how many people can log-in into the Peninsula Credit Union web site from the same computer.
10. What happens if someone steals my password? How will MFA keep them from accessing my account from a different computer?
If someone tries to log-in using your stolen user name and password, we will recognize that they are logging in from a different computer and ask them a secret question. Since only you know the answers to your secret questions, they will not be able to give a correct answer. They will not be able to log-in.
12. How do you know I am logging in from my own computer?
When you log-in for the ﬁrst time from a new computer, we put a secure (encrypted) cookie on your computer.This cookie contains a randomly generated unique number that identiﬁes your computer. The cookie is visible only to the credit union web site and does not contain any of your personal information. When you log-in after that, your web browser sends us this cookie. This lets us know that this is your computer.
13. What is Phishing?
Recently there have been attempts by fraudsters to trick people into revealing their personal information, such as passwords, by creating fake web sites that look very much like the sites of legitimate ﬁnancial institutions. They send out emails randomly with links to these fake web sites. This phenomenon has been called Phishing, (pronounced “ﬁshing”).
14. I am trying to log-in from my own computer, but the Peninsula Credit Union web site is not showing me my MFA. Instead, it is asking me a question. What is happening?
This might happen in rare cases if you have deleted all cookies on your computer. Before answering a secret question or entering your password, make sure that you are going to the legitimate web site. The easiest way to ensure this is by typing the Peninsula Credit Union URL: (www.pcfcu.org) directly into your web browser. Then, after you answer the security question, you should see your secret MFA next to the password ﬁeld. If your MFA is there, you can be conﬁdent that you are at the legitimate web site and can enter your password.
15. What is a Trojan or Key Logger?
Some fraudsters have been putting programs on random computers in order to harvest your user id and password information used to log-in to web sites. They collect this information and secretly transmit it to their own computers and attempt to log-in to your site. These are called Trojans (short for Trojan Horse) or Key Loggers (for logging your keystrokes).
16. How does MFA protect me from a Trojan or Key Logger?
Once you have a MFA and have registered your computer, even if a fraudster steals your login ID and Password, his computer will not be registered and he will not be able to log-in as you; thus, MFAs protect your identity and your account.
17. If I don’t want to use Multi-Factor Authentication to access my accounts, can I opt out?
The use of MFA technology to secure your accounts has been mandated by the federal government. All financial institutions are required to implement these extra layers of protection. Current regulations do not allow institutions to permit individuals to opt out.
18. If I share access to my accounts with another person can we each choose our own image and challenge questions?
Not at this time. If you share access to your accounts with another person you will both have to share the same image and challenge questions. The current technology allows only one set of MFA information to be utilized with a particular account.
19. What are the required browser settings?
Within your web browser you will be required to enable "Java", enable "cookies," and enable SSL 2.0 and/or 3.0 encryption. If you would rather not enable cookies our MFA software will still work, but you will not be able to register your computer. This would require you to answer one of your challenge questions every time you log into your account.
For added security, set your browser to "not save encrypted pages to disk" if this option is available.
Important: You must also have the 128bit encryption pack installed for your particular browser. For further help with browser settings you will need to consult your browser's online help files or the resources listed on your particular browser's web site.
20. My pass phrase has begun appearing below my personal image. Is this how it’s supposed to be?
Yes, all is well. This change was necessary to allow persons who are legally blind to use a scanner to validate their pass phrase. Whether or not you use this feature you may continue to access your account as usual.