Introduction to Multifactor Authentication -

What is Multifactor Authentication?

Multifactor Authentication (MFA) is a form of security structured by;

What you know?

What you have?

Who you are?

What you do?

Where you are?

You are using multifactor authentication in your daily life when you use an ATM and access your Internet Banking account.

ATM: What you have? - ATM Card and What you know? - PIN number

Internet Banking: What you know? - Access ID and What you know? - Password.

We are adding a step to the Internet Banking identification process; What you have? - Your Computer. We now have a security application we have chosen to provide MFA for all of our personal and business Internet Banking accounts. With this security application there will be a 'cookie' and small Flash object installed on all of your Registered computers. These objects will be used to identify your computer as being a known valid computer used to log into your Internet Banking account. When you log into Internet Banking you will also be able to verify that the site you are on is legitimate and is not a Phishing or illegally owned website.

Why are we now using Multifactor Authentication?

The FDIC is requiring every bank by the End of Year 2006 to implement a risk managed system to further protect customer information. With the growing online, telephone and email security issues including Identity Theft and Phishing, incorporating multifactor authentication is imperative!!

What will I have to do?

- You will first enter your Access ID... then Password

- You will then Enroll into Multifactor Authentication to establish an MFA record on our server.

***If you are a new Internet Banking user, you will Enroll into Multifactor Authentication on your second login attempt. This is done so you can initially build a valid Caller Record for Internet Banking.

1. You must enter a valid email address; if not already established.
2. Next an Image is assigned to you; which you can change later.
3. You will need to enter a PassPhrase relative to the Image.
4. There will then be three Challenge Questions. You must choose and enter an answer for each.
5. Lastly you will be asked to choose if the computer is Personal or Public.

- From this point on, depending on which computer you use, you will have to verify an Image and PassPhrase to verify the site is legitimate and enter your Password to verify yourself. If you have chosen that the computer you are attempting to login on is a public computer, or you haven't used the current computer before to login to Internet Banking, you will be prompted to choose either; Email One Time Passcode or Answer a Challenge Question.

NOTE: It is important to only register computers that are Personal; i.e. a home computer or a computer that you exclusively use at work. If you or another user on any computer you choose as Personal deletes the 'cookies' from your Internet Properties, you will have to correctly answer a Challenge question and re-Register that computer. You may Register more than one computer as a Personal computer.

Are you a New Internet Banking Customer?

***If you are a new Internet Banking user, you will Enroll into Multifactor Authentication on your second login attempt. This is done so you can initially build a valid Caller Record for Internet Banking.

1. Choose the First Time Users button.
2. Enter Access ID (Your Account Number)
3. Password (Last four digits of SSN)
4. Change Access ID & Password (6-10 characters)

When will I have to Enroll?

We plan on testing until November 19th 2006. This means on the tentative date of November 20th all Internet Banking users will have to Enroll into Multifactor Authentication. Please contact us if you have any questions; 920-563-2478.

Enrollment Instructions -

You will First Enter your Access ID:

***If you are a new Internet Banking user, you will Enroll into Multifactor Authentication on your second login attempt. This is done so you can initially build a valid Caller Record for Internet Banking.

Next Enter Your Password:

You will then be asked to Enroll into Multifactor Authentication to establish an MFA record on our server:

1. You must enter a valid email address; if not already established. The email address is used when Email One Time Passcode is chosen if you are at a computer which is not registered.
2. Next an Image is assigned to you; which you can change later.



3. You will need a enter PassPhrase for the Image. You may not use any punctuation!
4. There will then be three Challenge Questions. You must choose and enter an answer for each. Choose a question you would like to have using the drop-down arrow.
5. Lastly you will be asked to choose if the computer is Personal or Public. If you choose Personal a cookie and Flash object will be installed on the computer.

NOTE: It is important to only register computers that are Personal; i.e. a home computer or a computer that you exclusively use at work. If you or another user on any computer you choose as Personal deletes the 'cookies' from your Internet Properties, you will have to correctly answer a Challenge question and re-Register that computer. You may Register more than one computer as a Personal computer.

Logging In -

Logging in after Multifactor Authentication enrollment:

1. Enter Access ID



2. Verify the Image and PassPhrase & Enter your Password



3. Enter Password



4. Choose to have a One Time Passcode emailed to you or Answer a Challenge Question

***If the computer is not Registered



5. Enter the One Time Passcode



OR


6. Answer the Challenge Question



7. Verify the Image and PassPhrase & Enter your Password

While you are logged in, you may change any of your MFA enrollment information Password or Email Address:

Hover your mouse pointer over Options and Choose any of the four options;
1. Change Password
2. Change Nicknames (Account Nicknames)
3. Change Email Address
4. Change Security Data, MFA information (shown below)

Within Change Security Data you may;



1. Change Image - Click on the Image you want.



2. Change PassPhrase
3. Change Challenge Questions