What is two-factor authentication (sometimes referred to as 2FA)?
Banks require two-factor authentication at login for all types of internet banking systems. This means you have to identify yourself to a system or service by providing:
- Something you know e.g. PINs or password; and
- Something you have e.g. a two-factor authentication token.
Each time you log into a bank’s website to perform online transactions, you will be required to identify yourself by providing a PIN and a One-Time Password (OTP) generated from a two-factor authentication token. The OTP is usually a string of numbers (numeric) or combination of alphabets and numbers (alphanumeric) characters which you have to key in before you can perform your transactions. For security reasons, the password is usually valid only for a short period of time, after which you will have to obtain a new one.
Why is two-factor authentication (2FA) important?
Attacks on banking systems and customer PCs have become increasingly widespread. Phishing, vishing, fake websites, spamming, viruses, worms, trojans, keystroke loggers and spyware are some of the threats that customers may face. Two-factor authentication helps to counter hacking attacks and identity theft.
Can you change your two-factor authentication (2FA) token type after you have made a selection?
Banks which offer more than one type of two-factor authentication solutions may allow customers to switch from one solution to another. But some banks only offer one solution to their customers and switching is not possible.
Can you have more than one two-factor authentication (2FA) token for each internet banking account?
As each two factor authentication token is uniquely assigned to your internet banking account, you cannot have more than one of the same type of token for each account.
What if your two-factor authentication (2FA) token is stolen, misplaced or damaged?
Notify your bank immediately if you lose your token. Note that the bank may impose charges for token replacement.
What is transaction signing?
Transaction signing requires customers to digitally “sign” transactions that are deemed high risk. It is used to verify the authenticity and integrity of an online transaction. Examples of online transactions that may be deemed high risk include making high value fund transfers or changing customer’s details online.
You will be requested to confirm the online transaction you are about to perform by entering a dynamic PIN. This dynamic PIN is generated when a customer inputs information specific to a transaction, such as an account number or a transaction amount, into a device.
Why is it necessary to perform transaction signing?
Transaction signing is an effective method used to detect interception and modification of your online transaction from malware or, viruses employing “man-in-the-middle” types of attack.
Tips on safeguarding your two-factor authentication (2FA) token:
- Keep your token in a safe place.
- Do not allow anyone to use or keep your token.
- Do not disclose the one time passwords displayed by your token.
- Do not reveal the serial number of your token.
- Do not allow anyone to access or tamper with your 2FA token.
- Do not write down your user ID and PIN on the token.