A small text file that a website stores on your hard drive; allows a website to store information on your machine and later retrieve it (the information is stored as name-value pairs, with a unique ID number for each visitor – no personal information is kept as part of the text file)
Example: Web servers need to know who you are if you want to do things that require logging in or putting items in a ‘shopping cart’; this is possible by allowing or setting cookies on your browser / computer.
Cookies are NOT:
Enhanced Multi-Factor Authentication (EMFA):
Requires a one-time passcode be sent to your preferred contact method; does not allow challenge questions to be counted as one of the factors of authentication, due to advanced hacker technology
Once you have entered the one-time passcode, you have the option to “register” the computer as private and will no longer receive the one-time passcode for future logins. If you choose to register the computer as private, a browser cookie will be present on your computer so the system will recognize it as a registered device. However, if you delete your browser cookies, you have to authenticate with a one-time passcode again.
Example: EMFA is commonly used to protect transactions at ATMs, where your debit card is something you have (factor one) and your PIN is something you know (factor two).
Find out how EMFA and the one-time passcode process will work after the upgrade.
Federal Financial Institutions Examination Council (FFIEC):
A body of the US government made up of the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation (FDIC) and the National Credit Union Administration (NCUA), among others; the purpose of the FFIEC is to promote consistent and uniform standards for all financial institutions
Example: The FFIEC sets standards for online banking security, which include EMFA, online encryption standards, etc.
The action of recording, or logging, the keys a user types on the keyboard, typically in a covert manner so that the user of the keyboard is unaware that their actions are being monitored; this is often used to steal personal information about the user, including usernames, passwords, email addresses and answers to challenge questions
A computer can be infected by a keylogger by downloading unfamiliar or untrusted software. In some cases, the keylogger is part of an intended download and in other cases, it is part of a malware infection on the computer.
Multi-Factor Authentication (MFA):
Two or more different types, or factors, of authentication that must be passed in order for you to access your account (ie: username and password + challenge questions); using two different factors of authentication provides greater assurance that you are the correct intended user
A short numeric code that is sent to your phone (via text message or automated voice call) or email address; considered one of the factors of authentication in EMFA; active for only 10 minutes
Example: Typically, you have to enter the received passcode upon the first login from an unregistered computer or device.
The act of attempting to obtain personal information from someone by sending a fraudulent email, text message or other form of communication, claiming to be a trusted organization with which that person has a relationship (ie: credit union or bank, retailer, etc.)
Example: The email, text message or other communication normally provides a link or phone number, along with a message urging you to update your personal information or asking in some other way for your information. This information can include a username, password, credit or debit card number, account number, etc. The link may even take you to a site that looks similar to the legitimate site the phisher is imitating.