What is Multi Factor Authentication?
Bank feeds (also known as extractors) are what connect banks to various accounting platforms. These data exchanges provide accountants, lenders, as well as other applications within the financial technology (Fin Tech) sector with valuable consumer information. But what protects your personal data from falling into the wrong hands? Multi Factor Authentication.
Depending on your banks security requirements, you may be required to answer additional security questions, or reply to an email, text, or phone which is commonly known as multi factor authentication (MFA).
Common Types of MFA
Currently there are three commonly used types of multi factor authentication:
- Security questions: The bank will ask you additional questions which are commonly setup when you first set up the bank account. This process varies from bank to bank between the type of questions that are asked as well as the number of questions being asked as well. Generally, we see 1-3 questions but have experienced up to 6 questions.
- Security tokens: The institution provides the account holder with a device (commonly an electronic key chain) that generates a 4-6-digit access token and must be entered in every time the account is accessed. Since each time the number is entered it is different, the user logging into the account must have the key chain with them to obtain the code.
- Security Images: Commonly known as “Captcha”, these security questions are commonly in the format of images, text and sometimes audio. Like the token, there values are randomly generated and may be required every time you log into the account.
FOR YOUR PROTECTION
Unfortunately. multi factor authentication has been designed to keep your data protected first and your convenience last. While Ledgersync does address most security questions with static answers token based requests require user interaction.
Understanding what causes a token to be requested is just as important and can help you better plan around unexpected time delays. If your account utilizes multi factor authentication, it may be triggered when you refresh your bank feed, or if you access your account from different computers.
The implementation of these new security features may have started with some of the larger financial institutions, but it is very likely that over time more banks will follow the trend.
DDA vs OFX:
Even large Accounting Platforms like Xero, & QuickBooks Online, have recently been experiencing issues with their bank feeds. Last March, Capital One boldly shut their bank feeds down to most third parties including QuickBooks Online until new contracts were negotiated.
After completely redesigning their web portal, Wells Fargo went to even more extreme lengths to disrupt data scrapers by front loading additional characters that come across as the bank memo. Recently you may have noticed Wells Fargo transactions now display “Purchase Authorized on XX/XX”, at the start of their transactions memo lines to control what useful data was accessible.
Hoping to find a common ground, Banks, fin tech companies, and The Center for Financial Services Innovation have all expressed interest in adopting a common data sharing standard. While the industry still has not made a final decision, the industry front runners appear to be the Durable Data API (DDA) or the Open Financial Exchange (OFX)
What Ledgersync Does
Accountants who have been in practice for some time will easily remember requesting a username and password for each of their client’s accounts just to download the monthly transactions and bank statements. If they were lucky, that statement included copies of the check images that had cleared that period, otherwise they had to download one image at a time so they could fill in the missing payee names in the transactions.
Ledgersync Bank Feeds (aka extractors) revolutionized this process by offering accountants a unified dashboard to access all their client accounts from one place. Offering much more than just transactions and statements, this data exchange also provides streamlined access to check and deposit images* and the ability to assign a payee name or add a special memo.
How does this affect you?
Ledgersync takes your security very seriously which is why from time to time it may become necessary to validate your identity by re-entering your security credentials and completing the MFA (multi factor authentication) process again. This is especially true if you or your client update your login information at the bank level without also updating the credentials within Ledgersync.
Every night as Ledgersync processes automatic updates for everyone’s accounts, the system must navigate the maze of user credentials, security questions and unexpected web page changes to return with the necessary financial information. When presented with a security token, that cannot be answered our system shuts down the connection and stops it from processing additional updates to avoid locking both Ledgersync and the client out of the account at the bank level. After flagging the account, Ledgersync then notifies the accountant and displays an error on the client’s dashboard.
Recently while reaching out to numerous Ledgersync users to discuss how they have been handling the MFA issues with their clients, Mike Snelson shared how they had handled the issue:
“Within our practice, we ask our clients to add a dedicated phone number or email that we have established just for these types of accounts. This allows us to send the security token directly to us instead of the client and allows them to still keep their credentials secret.”
As the financial tech sector continues to grow into a multi-billion-dollar industry, the banks will begin to feel the pressure from their consumers to provide open access to their personal data. Although inconvenient, multi-factor authentication has reduced fraud, protected online identities and most likely is here to stay.
ARTICLE PUBLISHED AT: http://ledgersync.com/multi-factor-authentication/?ct=t(Factoring_the_Bank_Feed_Challenge5_23_2017) AND EDITED BY SWIFT BUSINESS BOOKS