What Does it Do?
Safe2Login prevents identity theft that can result from phishing and pharming attacks by verifying the identity of the online banking server, as well as the identity of the online banking user's computer.
It also helps Financial Institutions to comply with Federal Financial Institutions Examination Council's (FFIEC) guidance by employing mutual authentication methods.
About Phishing and Pharming
“Phishing” is when a fraudulent email is sent to an individual that prompts them to log into a malicious website and provide personal information ranging from online banking usernames and passwords, to account numbers, to social security numbers. The “phisher” creates an email that looks like it is coming from a legitimate source, often a credit union or bank. The malicious sites often look very legitimate and can fool even seasoned internet users.
“Pharming” is when the fraudulent individual replicates the website of a financial institution or other organization in an attempt to collect personal information from users.
Used in conjunction with each other, phishing and pharming can be detrimental to online banking customers and to a financial institution's reputation. This is where Safe2Login can help.
What Safe2Login Does
Safe2Login prevents identity theft that can result from phishing and pharming attacks by verifying the identity of the online banking server, as well as the identity of the online banking user's computer. This verification process, called “mutual authentication” assures the online banking user that they are, in fact, logging into the correct web server and therefore will not be putting any of their personal information at risk.
About Multi-Factor Authentication
Because of phishing and other types of online trickery, single-factor authentication (such as simple username and password) is no longer adequate to secure online information. Multi-factor authentication should be used to increase the level of security. Safe2Login employs mutual authentication and several layers of user authentication to prevent phishing sites from easily fooling internet users, as well as to prevent unauthorized account use.
The Safe2Log in "Safety Stamp"
| When a Southland eBranch user visits
a Safe2Login protected home banking logon page, they
are presented with the Safe2Login "Safety Stamp." The
Safety Stamp is the face of the Safe2Login product
and presents a sequence of individual security checks,
all of which must succeed before our Member’s personal
security code, or "safecode" is displayed. Members
are challenged to select the correct safecode from
a list of safecodes, before access to the banking
login fields is granted. The Safety Stamp lets you
know when it is safe to login. |
 |
How Safe2Login defends against Phishing and Pharming Attacks
Safe2Login acts as a third-party trust authority, verifying
the user and the banking server through the use of a mutual authentication
protocol. It does this by creating secure communication channels between
the Credit Union, the Members computer, and the Safe2Login.com server and
by providing a dynamically generated graphical image containing the special
word or phrase chosen by the Member during Safe2Login registration. This "safecode" is
stored securely at Safe2Login.
Safe2Login does not alter the website's existing login
process. It serves as a first line of defense for the
login page itself and simply notifies the user if the "coast is clear" to
enter a username and password.
Online Banking User Registration
On a first visit to a Safe2Login protected eBranch login,
Members will go through a quick registration process. Part of the registration
process is to identify the Member’s computer with a short name like "My Laptop" or "My PC at Work." Once
a user is registered, Safe2Login does its job with no further interaction
from the user unless the user clears their browser's cookies or uses a
new or different computer.
Click here for frequently asked questions. |
